I am BACK for 2017 and during my break we had a few things happen.
A nasty Gmail phishing exploit, Computer geeks recruited by FBI to dig around customer computers and the madness that is CES2017.
Thanks to the people at Wordfence.com we are aware of a sophisticated and targeted attack against users of Google’s GMail service.
A Gmail account is a powerful thing. It is the keys to your Google kingdom that through a range of other services like Maps, Search, Calendar, Drive and of course GMail collects a large amount of data about you and your online habits. So the only surprise in regards to this phishing scam is that it has taken this long.
Here’s how it works. You get an email from someone that you may know with an attachment or image that you may recognise (very sneaky) and when you click on the attachment or image you are redirected to a Google sign in page that looks a lot like the real thing. The catch is that it is not at all real and when you sign in, the bad guys are on hand to capture your data and almost instantly take over your account. Once in, they assume control of all your Google services, change passwords and try to spread to your contacts using the same method that you just fell for.
How to stop it:
- Look closely at the address bar. Google runs its systems over HTTPS which is a secure version of HTTP the method computers use to serve web pages to you. When you are using HTTPS you should see a green lock symbol in the address bar. If you don’t you should not go any further and close your web browser.
- Use 2 Factor Authentication.
I am a big fan of 2 factor authentication because it is widely accepted that usernames and passwords are simply not enough. 2 factor authentication puts an additional roadblock in the path of the hacker by requiring you to enter a constantly changing code that you can have on an authentication app on your phone. If you do not already use 2FA (2 Factor Authentication) I encourage you to do so right away. To find out more about Google 2FA, take a look here.
This story and images from wordfence.com.
Geek Squad technicians allegedly on FBI informant payroll.
Technicians reporting highly illegal content to the authorities is nothing new. In fact is actually a requirement in the USA to report material such as child pornography to the police. However a recent case mentioned in this TechDirt article states that Geek Squad technician John “Trey” Westphal is a paid FBI informant expected to dig around customer computers for evidence. This is where things get murky as Westphal needs to look for files that do not directly relate to his work as a technician violating the trust between the customer and the service supplier while chasing a $500 “bounty” from the FBI.
In my mind a highly unethical practice and potentially flawed as the evidence cold have been gathered without due process. This also opens the door to the planting of evidence by technicians that are looking to make a quick buck.
This story in full from TechDirt here.
CES 2017 – the biggest tech show on earth.
The Consumer Electronics Show is actually a trade show but it’s sheer size and popularity it has become the world’s tech “show and tell” with thousands of booths and exhibitors, keynotes and product announcements.
Just some of the announcements include:
- LG’s new Signature OLED W7 tv measuring just 2.57mm thick.
- HTC’s Vive VR headset goes wireless.
- HEAPS of new smartphones including Huawei new Honor6X a mid range phone taking aim at the high end of the market.
- The usual slew of Notebooks and laptop with the amazing concept from Razor, Project Valerie with 3 fold-out 4K screens.
- Robots and autonomous tech including Buddy.
- Gadgets galore to keep the 175000 visitors transfixed on the awesomeness.
There is so much coverage it is hard to point to just one source but these links should get you started.