COVID-19, Cybersecurity, and Remote Learning

With the COVID-19 Outbreak, every K-12, university, and schools and general have moved to online/remote learning. The online learning is great for the whole flattening the curve and social distance aspect of the outbreak, but horrible for the cybersecurity aspect. There are several risks remote learning brings in the cybersecurity world, and opens a major door for hackers. For example, my brother who is in third grade has online learning and access to his school’s database. My brother also has more viruses than you can count on the laptop he also does his online learning for. Furthermore, he is a threat in a way to his school as through these viruses on his computer, he could have his school suffer a data breach.

This is just one of the several problems remote learning can bring. Having several people from several different parts of the worlds and networks able to access a school system allows multiple hackers from different parts of the world and networks able to hack into the school system and perform malicious actions. Small universities, large universities, middle schools, elementary schools – no school is safe. It only takes one person, one hacker to compromise a whole system and multiple people. One link you think is safe from your teacher, might really be a hacker.

With a major pandemic as this, people need to not only be aware of the disease spreading virus, but also the viruses that can infect your computer. Several malicious cyberattacks are going on the internet right now, and viruses from remote learning is just one of the many. The only way to say safe is to make sure your security on your computer is extremely secure, only open links that you know are credible, and generally speaking, just check the credibility of everything before you open it. When IT support is low and we are only able to stay inside our houses, the last thing you want to do is compromise your internet and your computer.

https://www.edweek.org/ew/articles/2020/03/18/coronavirus-compounds-k-12-cybersecurity-problems-5-areas.html

COVID-19 and Online Gaming

Bored at home? Me too. Isn’t everybody bored at home due to being quarantined for protection of COVID-19. I guarantee most people are at home playing online games, whether it is computer games, XBOX, Nintendo Switch, PS4, etc – and gaming companies are highly aware of this. They have capitalized on this quarantine as a way to make money. I have seen several posts when scrolling through social media about different sales for different gaming platforms, gaming consoles, and online memberships. For example, XBOX is offering live and game pass for only a $1, Sims 4 is only $5, and Wizard101 is offering several different membership sales. Personally, I find this to be a very smart move on behalf of the gaming industries. When people are home doing nothing, most likely they’re going to be playing online video games. Although they are lowering their prices, they are also going to be making a longterm profit by increasing their player database and advertising by word of mouth spread. Also with increased online activity, more people will be playing. This is a great time for online gaming systems to capitalize on.

 

https://www.cnet.com/news/coronavirus-lockdowns-have-lots-of-people-playing-video-games/

Social Media Protecting Against Misinformation

During the COVID-19 Pandemic, there is an extreme amount of panic amongst people of the States, especially social media users. The media is a prime source of news right now. Although people can abuse social media and put out misinformation to create havoc. This is not okay obviously, especially when the states are in a major crisis. Although companies such as Twitter and Instagram have updated their user guidelines to now require that users remove any post that do not align with statements of officials. It also requires the removal of false and misleading information. Personally, I think this is a good thing when regarding misinformation. As you cannot go into a movie theater and scream fire when there is no fire, you should not be able to post on social media with potential havoc information. I also understand there is the concern of freedom of speech, and yes, you should be able to post an opinion without having to remove it. But due to the circumstances right now, opinions and theories should be stated they are those just for the purpose of other people – you need to be selfless. Also with the topic of freedom of speech, theoretically, the company has the right to choose what can be advertised and not advertised on their platform. They own the right to their company, and if you are causing chaos and disturbance through a post, they have the right to remove it.

 

https://thehill.com/policy/technology/488442-twitter-expands-coronavirus-misinformation-policy

FBI Password Recommendations

When you are creating a password for a website, how many times did you have to keep erasing and make a new one because it did not fit the website criteria? Most websites generally require to you to have at least eight characters, a capital letter, and a number. Even now, I more commonly see websites require you to have not only a capital letter, eight characters and a number, but also a special character as well. Websites always indicate that a combination of lowercase, uppercase, numbers and special characters are the most secure passwords, but the FBI has recently proposed a different statement. The FBI recommends pass phrases over password complexity. When your passphrase is a combination of random words that are longer than fifteen characters in length, it will take a computer significantly longer to crack it than a complex password  because the computer will not have the dictionary to attack with. An example of a passphrase would be footballtoothbrushtstreet , stableremoteplace, etc. For the passwords that require capitals and special letters, I tend to forget them and find myself constantly resetting them, which is a problem because my accounts are more at risk that way. Mathematically the easier to remember password but longer is more secure than a shorter complex one. Although these passwords are rather silly, they are random and easy to remember, but they are long and secure. It is a lot harder though to follow the FBI recommendations though, because most websites, including major things such as banks and credit card companies, require the several password requirements. With those restrictions, you cannot follow what the FBI recommends. What do you think about the FBI’s recommendations? Do you think length is more secure, or complexity?

 

https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/

Copying and Pasting with Apple

Someone texts you an address you need, you copy and paste that address into Waze. Then you go play Angry Birds. You have a second factor log in authentication that texts a code to your phone and you copy and paste that into the application. People copy things all the time on their Apple products, but have you ever wondered who could actually see what you have stored in your pasteboard? Apple tends to have a pretty secure data system between different apps on an iPhone – but the security flaw is that everything you copy to your pasteboard becomes accessible to the application developers of the applications you open on the phone. As harmless as this sounds, a major concern of this privacy breach is that a lot of info copy and pasted into a phone is personal information such birthdays, addresses, phone numbers, etc. As well, credit card numbers could be copied and pasted, social security number etc. The information that goes into the clipboard a lot of times contains personally identifiable information and the applications you use can pull data from the clipboard. Furthermore, they have anything you have in your clipboard saved in their system now. Have you ever copied a picture to send that to your friends? Well, photographs can also be pulled, so the photo’s metadata is accessible to the developers. They now have access to information such as your real location, location the photo was taken and the GPS coordinations. This was identified at the beginning of January but Apple responded that they don’t see this as an issue. Although I see this as a major privacy flaw; if this information gets into the wrong hands, we could face serious consequences. Knowing that everything you copy and paste is accessible by applications, are you going to be more cautious of what you copy? Do you see this as a privacy breach?

 

zdnet.com/article/iphone-and-ipad-apps-can-snoop-on-everything-you-copy-to-the-clipoard/

Google Removes Several Malicious Chrome Extensions

Google Chrome extensions. They’re a cool feature chrome provides, where you can add almost anything to enhance your experience while browsing the internet. For example, one of the most common extensions people use is AdBlocker. Although, if you thought these extensions were harmless, you were wrong. For the past two years, hundreds of Chrome extensions were participating in extension fraud. After months of research, Google pulled over 500 extensions that utilized such malicious behavior. The developers had designed their extensions in a way that when the user opened up the internet/opened a new page after successfully installing the extension, the user would be waiting for the page to load, the unknowingly would be routed through thirty other websites. These websites would be advertisements, where each time someone clicked on the website, the developer of the extension would receive a profit. All of this occurred within the few seconds you were waiting for a website to open – and you had no idea. Thousands clicks would go to ad marketing just by you opening up a new page after downloading an extension. On the other hand, the companies who were getting views were also unaware that a huge percentage of views on their websites weren’t actually people viewing it – companies could only see their view count. By downloading these extensions, you allowed information about your device to be accessed. The websites a user unknowingly was sent to could infect your computer, as it could check if different security aspects of your device were patched and up-to-date and furthermore could install malware. Despite all the legal factors with fraud and theft, one of the most alarming components of this cyber security scandal is that the user had no idea this was occurring and was hidden within in extra two minutes of loading time.

sources:

Google pulls 500 malicious Chrome extensions after researcher tip-off

Google Removes Hundreds Of Malicious Chrome Extensions

https://www.wired.com/story/over-500-chrome-extensions-secretly-uploaded-private-data/

500 Malicious Chrome Extensions Impact Millions of Users

Ring Doorbells: Invasion of Privacy or Worthwhile?

If you do not know, the Amazon Ring Doorbell is one of the new, popular ways that people are expanding security measures on their household. According to the Ring Doorbell official website, they state in their product description that “All Ring Video Doorbells send notifications to your phone, tablet and PC when anyone presses your doorbell or triggers the built-in motion sensors. When you answer the notification, you can see, hear and speak to visitors from anywhere”. As well, the Ring Doorbell has a security camera installed that incorporates a live stream that is recorded and saved to one’s phone and/or tablet. Max Read on the Intelligencer describes the doorbell as so, “as a camera, the Peephole Cam, like other Rings, is boringly straightforward. There’s a doorbell button on it that, when pressed, sends an alert to your phone, and it has a small speaker which can function as an intercom. You’ll also get an alert whenever the camera senses activity, allowing you to see what’s moving outside the door; by default, the camera records 30 seconds of video whenever its motion sensors are tripped. It’s also very easy to install. You unscrew your apartment-door peephole, screw in the Ring hardware, snap in the rechargeable batteries, and download the app.” The purpose of this device is ultimately to reduce petty crime, especially in neighborhood areas. The doorbell would capture any being that was at your door step, and there would be physical, visual evidence to provide to authorities. Although, isn’t there a point where this crosses the line between security to invasion of privacy? There have been several instances where the owner of the doorbell does not set it up so only their property can be seen, but rather, the street and their neighbors houses can be seen too. Lets say you live on a particularly narrow street where the houses are close together and your neighbor has placed their doorbell in the position I stated before and you keep your blinds open on your windows, the ring doorbell will have recorded everything you are doing in that area of your house. And furthermore, your neighbor now has the recorded files and can do whatever they want with them, and so do the manufacturers of the ring doorbell. Although there is more to this. These recordings then can be translated to another application called Neighbors where everyone in the neighborhood who has the app can share something they saw in their video for everyone else to see. You do NOT need a ring doorbell to see your neighborhood’s feed – or even better yet, what ever address’ feed you want to look at. Now lets go back to the scenario I presented earlier – your neighbor posted a video on the neighborhood feed where you can clearly see yourself in your own residence in the background. Someone who lives hours away decided to look into your neighborhoods feeds, and now that person know where you live. In conclusion, is the ring door bell truly a good way to reduce crimes in residential areas, or does it is violate privacy more than serve the intended purpose?