Are device cams a security concern?

Fact or not, but web security and privacy experts are advising you to cover your device camera (laptops, mobile phones, tablets). Notable people do, like Mark Zuckerberg (yes, the Facebook guy), as reported in this article.

Perhaps the best way to convince you is to seek an answer to the following question: Can some people really spy on you through your laptop or smartphone camera?

The answer is a creepy YES! Tech experts like the guys at DigitalSpy.com believe its not only hackers who are interested in viewing your most private moments, but also some schools checking their students, and companies tracking its employees to see what they’re doing at any given time.

Scary right? With ransomware (a malware or malicious software) and voyeur sites getting more popular these days, you don’t want someone asking you money or else you’ll gonna see your naked butt posted on the web do you?

It is believed someone can take control of your laptop or smartphone camera through an injection of trojan virus or malware from bad websites and spam emails (phishing) that you may have clicked or opened. It is also widely known that several android devices, electronic chips, including internet routers manufactured in China have “backdoor” capabilities to remotely access and control these gadgets.

So if you’re not doing it yet, better start now! Go grab some tape and cover your device’s camera ASAP. Its better to be “overly” safe than sorry.

If you want to cover your laptop’s webcam or smartphone camera in style, you can browse some inexpensive webcam cover online, like this one from Amazon.com.

~

How to check if your email account is compromised, and fix it

With the shocking news in September 22, 2016 that Yahoo finally admitted to a widespread data breach involving some 500 million user accounts, and the recent massive emails and data breach at Verifications.io it is time that everyone should take data and account security very seriously.

Most of our online accounts are registered using an email, and chances are, if you happen to use Yahoo email, that your account is one of those accounts breached.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in an statement.

Yahoo have joined LinkedIn as well as Dropbox as of late in the list of popular websites which were compromised – probably with the biggest number of accounts stolen (estimated at 500 million). LinkedIn breach involved some 117 million accounts, while Dropbox had 68 million accounts and passwords leaked.

Just before the May 2016 Philippines Presidential elections, the COMELEC voters information website was also hacked with data on 55 million Filipino voters leaked publicly which included personal sensitive information such as biometric data and fingerprints, dates of birth, email addresses, family members’ names, genders, job titles, marital statuses, names, passport numbers, phone numbers, physical addresses and physical attributes. The breach however, only included 228,000 email addresses.

How can you check if your email account is breached, worse, is posted somewhere? Troy Hunt (@troyhunt), Microsoft Regional Director and MVP for Developer Security have developed a website which checks various online databases of leaked accounts.

HAVEIBEENPWNED.COM allows you to check your email account if it has been compromised in a data breach. It gives information the source of the data breach if your account happens to be part of a leak.

What to do if your email account is compromised? 

Securing your account should be a top priority. The below steps can help you start securing your accounts to prevent unscrupulous individuals to take advantage of your sensitive personal information and avoid credit card fraud, identity theft and other malicious and illegal activities.

  1. Change your password ASAP.
  2. Create a strong password, and should be unique for each account. It should be a mix of letters, numbers and symbols. Check here for a guideline in creating strong passwords.
  3. Never share your password to anyone.
  4. Change your passwords regularly.
  5. Setup 2-step verification of your email accounts. Popular email providers like Gmail and Yahoo have 2-step verification features to act as extra security protection. Every time you sign in from an unrecognized device or computer, you’ll be asked to enter the verification code that is sent to your mobile number.
  6. Maintain at least 2 emails. One email to be used for online accounts for social media, gaming, subscriptions and other public websites, while another email to be used only for private or personal purposes like online banking, credit card statements and other sites which require you to maintain sensitive personal information.
  7. Minimize if not avoid using public wifi to access your accounts associated with sensitive information.
  8. Be mindful of fake sites and other unsecured sites that may inject your computer or mobile devices with viruses and malware and can compromise not just your email account but your entire data.
  9. Do not open emails and attachments from unknown people or sources. Be mindful of social engineering tactics which are aimed to harvest sensitive personal information.
  10. If you are engaged in a business, or employed, never use your business or company email to create social media accounts and to subscribe to online newsletters and publications.

Data security should be everyone’s concern. Awareness is key to ensuring your accounts and sensitive personal information are safe. When you suspect that your account is compromised – follow the above steps.

~

‘Massive’ 808 million emails and data breach at Verifications .io

A massive number of emails of about 808 million with personal information were leaked online when a public MongoDB was kept without a password by an “enterprise email validation service provider” Verifications.io.

Compromised data were Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses of individuals.

The discovery was made by Bob Diachenko of SecurityDiscovery.com on February 25, 2019.

According to HaveIBeenPwned – an online service which detects and reports if your email has been part of a data breach –

In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

— HaveIbeenPwned

How does an Enterprise email validation service like that of Verifications.io works?

  • Someone uploads a list of email addresses that they want to validate.
  • Verifications.io has a list of mail servers and internal email accounts that they use to “validate” an email address.
  • They do this by literally sending the people an email. If it does not bounce, the email is validated.
  • If it bounces, they put it in a bounce list so they can easily validate later on.

For more information about this data breach, click here for Bob’s blog post.

To check if your email is part of a data breach, go to HaveIBeenPwned website.

Image courtesy of www.securitydiscovery.com

Creating a Good Brand Online through Social Media Engagement

As mentioned in the previous two articles, one of the most effective virtual branding tools is the social media. Obviously, it’s a great avenue for promoting blog posts, increasing readership, gaining followers, and improving blog stats.

Unfortunately, not too many bloggers understand how to utilize it to their advantage. To enhance blog branding using social media, keep your content similar to what you have on your blog.

People already familiar with your blog can easily identify your brand when they see it in social media. If you don’t remain consistent with your brand image, this may cause confusion and result to unimaginable drawback to your blog.

The importance of being selective with what you post in social media cannot be undermined. If you post only about specifications, people may think you’re only after the stats. Let your voice be heard in your posting by providing a personal touch to your content.

Follow and connect with potential readers who may be interested with your two cents to find out how you can build a relationship with them. In doing so, you have to be cautious in avoiding these common mistakes on social media:

  • lack of specific targeting
  • not acknowledging people for sharing content
  • poor timing
  • wrong choice of hash tag to use

Taking the route of blog branding using social media is not difficult if you know how to take advantage of it. Start small by posting quality content which people will patronize for the information, and will recall for the personality and values you’ve injected.