Pete Recommends – Weekly highlights on cyber security issues, October 10, 2021

Subject: FCC Renews Effort to Block Robocalls to 911 Call Centers
Source: Route Fifty
https://www.route-fifty.com/public-safety/2021/10/fcc-renews-effort-block-robocalls-911-call-centers/185809/

Under a proposed rule, voice service providers would cross reference autodialed calls with numbers on the do not call list to block any robocalls to emergency lines.

The FCC previously sought to establish a do not call list for government emergency numbers in 2012. But because of concern over the security of do not call lists, the FCC did not fully implement the program.

To find out how emergency services have been impacted, the FCC is seeking public comment to address outstanding questions such as whether technological changes have resulted in more unwanted robocalls or if blocking technologies have better shielded 911 call centers.

[up to very recently, I’ve received MORE unsolicited calls /pmw1]

Topics:


Subject: Firefox 93 for Android becomes system-wide password manager
Source: gHacks Tech News
https://www.ghacks.net/2021/10/02/firefox-93-for-android-becomes-system-wide-password-manager/

The upcoming Firefox 93 web browser for Android may be used as a system-wide password manager by its users. Up until now, passwords saved in the browser were restricted for use in the browser. If you saved a Reddit or Amazon password in Firefox, you could open Reddit’s or Amazon’s website to sign-in automatically using the saved data.What you could not do until now was launch the Reddit or Amazon application on the Android device and expect to be signed-in automatically. A password manager was required for that functionality.

Starting in Firefox 93 for Android, out on October 5, 2021, Firefox users may use the browser’s password manager to sign-in to any application on the device.

[As many know, there is more to password management than sharing passwords between browsers and apps /pmw1]

Check out the full blog post on Mozilla’s website.

Closing Words – Firefox is not the only Android browser that can act as a system-wide password manager. Chrome and Edge, among others, may also be set up to fill out passwords automatically on Android.


Subject: From Ring to Alexa, which Amazon security plan is right for you?
Source: Android Central
https://www.androidcentral.com/which-ring-alarm-amazon-security-plan

Amazon makes an incredible range of smart home devices, from the best smart security systems to the best smart speakers, but did you know that many of these can better help protect your home? Amazon security plans include Alexa Guard Plus, Ring Protect Pro, and Virtual Security Guard, but which one is the right plan for you? We break them all down and help you pick the right one for your home.

Filed: https://www.androidcentral.com/category/connected-home


Subject: There’s a Multibillion-Dollar Market for Your Phone’s Location Data
Source: The MarkUp via beSpacific
https://www.bespacific.com/theres-a-multibillion-dollar-market-for-your-phones-location-data/

The MarkUp – A huge but little-known industry has cropped up around monetizing people’s movements – “Companies that you likely have never heard of are hawking access to the location history on your mobile phone. An estimated $12 billion market, the location data industry has many players: collectors, aggregators, marketplaces, and location intelligence firms, all of which boast about the scale and precision of the data that they’ve amassed. Location firm Near describes itself as “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Mobilewalla boasts “40+ Countries, 1.9B+ Devices, 50B Mobile Signals Daily, 5+ Years of Data.” X-Mode’s website claims its data covers “25%+ of the Adult U.S. population monthly.”…

Filed: https://themarkup.org/series/privacy


Subject: DHS Releases Guidance to Mitigate Security Risks with the Advancement of Quantum Computing
Source: Homeland Security
https://www.dhs.gov/news/2021/10/04/dhs-releases-guidance-mitigate-security-risks-advancement-quantum-computing

WASHINGTON - Today, the Department of Homeland Security (DHS), in partnership with the Department of Commerce’s National Institute of Standards and Technology (NIST), released a roadmap to help organizations protect their data and systems and to reduce risks  related to the advancement of quantum computing technology. While quantum computing promises unprecedented speed and power in computing, it also poses new risks.  As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications.  DHS’s new guidance will help organizations prepare for the transition to post-quantum cryptography by identifying, prioritizing, and protecting potentially vulnerable data, algorithms, protocols, and systems.

For more information and resources, visit DHS.gov/quantum.

Keywords:
Quantum,
Secretary Alejandro Mayorkas


Subject: It’s time to start taking digital identity seriously
Source: GCN
https://gcn.com/articles/2021/10/04/digital-identity.aspx

Digital fraud has never been more prevalent, potentially costing the world $10.5 trillion USD annually by 2025, a truly staggering sum. In the U.S. alone, $382 million was stolen in COVID-19 related scams, often by fraudsters registering for stimulus checks and unemployment benefits with stolen identities.This theft illustrates the fundamental problem at the heart of online fraud: how can organizations tell that a person is who they say they are? In real life, there are clearly identifiable identity markers — from faces to fingerprints and DNA are supplemented by certified documents like passports and driver’s licenses – that limit a person’s ability to pass themselves off as somebody else. Online, a bad actor (or increasingly an automated bot) who enters the correct username and password on a website has access to everything the person who set up the account does. Digital identities clearly must be as strong as offline identities.

Congress has already identified this problem and introduced a bill aimed at providing a solution. The Improving Digital Identity Act aims to develop standards to guide government agencies when providing digital identity services, upgrading existing systems and creating interoperable tools for verification. It’s a promising start, but it may be hampered by the lack of clarity around digital identity itself.


Subject: It’s Time to Stop Paying for a VPN
Source: The New York Times
https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html

Many of the most popular VPN services are now also less trustworthy than in the past because they have been bought by larger companies with shady track records. That’s a deal-breaker when it comes to using a VPN service, which intercepts our internet traffic. If you can’t trust a product that claims to protect your privacy, what good is it?

A caveat: VPNs are still great for some applications, such as in authoritarian countries where citizens use the technology to make it look as if they are using the internet in other locations. That helps them access web content they cannot normally see. But as a mainstream privacy tool, it’s no longer an ideal solution.

You’ve probably noticed the padlock symbol on your web browser. A locked padlock indicates a site is using HTTPS; an unlocked one means it’s not and is therefore more susceptible to attack. These days, it’s rare to stumble upon a site with an unlocked padlock — 95 percent of the top 1,000 websites are now encrypted with HTTPS, according to W3Techs, a site that compiles data on web technologies.

This means that VPNs are no longer an essential tool when most people browse the web on a public Wi-Fi network, said Dan Guido, the chief executive of Trail of Bits, a cybersecurity firm.

“It’s very difficult to find cases where people were harmed by signing on to the airport, coffee shop or hotel Wi-Fi,” he said. These days, he added, the people who benefit from a VPN are those working in high-risk fields and who might be targets, like journalists who correspond with sensitive sources and business executives carrying trade secrets while traveling abroad.

Filed: https://www.nytimes.com/section/technology/personaltech

RSS: https://www.nytimes.com/svc/collections/v1/publish/https://www.nytimes.com/section/technology/personaltech/rss.xml


Subject: 2021 Guide to Internet Privacy Resources and Tools
Source: LLRX
https://www.llrx.com/2021/09/2021-guide-to-internet-privacy-resources-and-tools/

Technology has significantly changed our concept of privacy as well as our ability to maintain it. The are a wide spectrum of tools, services and strategies available to assist you in the effort to maintain a sliding scale of privacy in an increasingly porous, insecure online environment. Whether you are browsing the internet, using email or SMS, encrypting data on PCs or mobile phones, looking for the best VPN, or working to secure your online services from cybercrime, hacking or surveillance, this guide by Marcus Zillman identifies a wide range of sources for you to consider. The foundational issue regarding privacy is that you must be proactive, diligent and persistent in evaluating and using multiple applications for email, search, file transfer, and social media. There is no “one size fits all” solution, and your vigilance and willingness to implement solutions are part of an ongoing process.

Posted inBig DataCybercrimeCybersecurityEmail SecurityEncryptionInternet TrendsSearch EnginesSearch StrategiesSocial MediaTechnology Trends


Subject: TSA to impose cybersecurity mandates on railroad and aviation industries
Source: CNNPolitics
https://www.cnn.com/2021/10/06/politics/tsa-cybersecurity-mandates-railroad-aviation/index.html
(CNN) The Transportation Security Administration will impose new cybersecurity mandates on the railroad and airline industries, including reporting requirements as part of a department effort to force compliance in the wake of high-profile cyberattacks on critical industries, Homeland Security Secretary Alejandro Mayorkas announced Wednesday. DHS is moving to require more companies in critical transportation industries to meet a cybersecurity baseline, chipping away at voluntary cybersecurity incident reporting.

As part of a forthcoming “security directive,” TSA will require higher-risk railroad and rail transit entities to report cyber incidents to the federal government, identify cybersecurity point persons and put together contingency and recovery plan in case they become victims of cyberattacks.

Members of the railroad industry immediately pushed back on the announcement, arguing that the security directive would require railroads to undertake actions that have long been in place.

For the airline industry, TSA will require critical US airport operators, passenger aircraft operators and all-cargo aircraft operators to designate cybersecurity coordinators and report cyber incidents to the Cybersecurity and Infrastructure Security Agency by the end of the month.


Subject: Pinterest whistleblower launches resources to help tech employees speak out
Source: Fast Company via beSpacific
https://www.bespacific.com/pinterest-whistleblower-launches-resources-to-help-tech-employees-speak-out/

The Tech Worker Handbook is a collection of resources for tech workers who are looking to make more informed decisions about whether to speak out on issues that are in the public interest. Aiming to improve working conditions, direct attention to consumer harms, or otherwise address wrongdoing and abuse should not be a solo or poorly resourced endeavor…The site contains legal, security, and media guides supplied by Ifeoma Ozoma and a group of whistleblower support organizations…

TWH RSS feed: https://techworkerhandbook.org/feed/


Subject: Face Recognition Technology: Commonly Used Terms
Source: EFF via beSpacific
https://www.bespacific.com/face-recognition-technology-commonly-used-terms/

EFF: “As face recognition technology evolves at a dizzying speed, new uses and terminologies seem to develop daily. On this page, we attempt to define and disambiguate some of the most commonly used terms.  For more information on government use of face recognition and how to end it in your community, visit EFF’s About Face resource page.

See also EFF’s Street Level Surveillance resource site.


Posted in: Big Data, Cybercrime, Cyberlaw, Cybersecurity, E-Commerce, Economy, Financial System, Privacy, Social Media