Friday, 24 May 2019

Facebook issues

Information supplied by Kaspersky Total Security (22 May 2019)


 In this post we have compiled Facebook’s 10 most prominent fails involving data misuse.
1. Cambridge Analytica: How it all began
It all started with the Cambridge Analytica scandal. Back in early 2018 we all learned for the first time with 100% certainty that the data and opinions we share across Facebook can be used by a third party without our consent. Cambridge Analytica’s harvesting of the data of 50 million Facebook users and its use of that data for political advertising shook the world, but it was only the beginning. To review those events, you can read this post.
2. Facebook tokens stolen
Half a year later, another scandal caught up with Facebook: Hijackers were able to exploit several vulnerabilities in Facebook and steal the access tokens (which are basically an equivalent of digital keys that keep people logged in) of millions of Facebook users.
In total, 30 million users had their tokens stolen. For 15 million, malefactors accessed their names and contact details. In 14 million cases, the attackers were able to see more detailed info and the users’ Facebook activities. For the remaining 1 million, the hijackers did not access any information. That was when Facebook users learned that Facebook is not impregnable and that their accounts could be stolen en masse without them doing anything wrong.
https://media.kasperskydaily.com/wp-content/uploads/sites/92/2017/11/23042953/kis-privacy-try-desktop.jpg
3. Facebook and Instagram passwords exposed
If 30 million wasn’t enough, another incident came along involving hundreds of millions of Facebook and Instagram users. In early 2019, Facebook made us aware that its internal processes related to user data security are far from perfect. The company admitted it was storing part of the passwords for Facebook and Instagram accounts in plain text. They insisted these passwords were visible to employees only and that no one abused their access permissions.
At this point, the exact number of affected users has not been disclosed. First, the company commented that the problem involved hundreds of millions of Facebook Lite users, tens of millions of regular Facebook users, and tens of thousands of Instagram users. One month later, it amended its comment to say the issue (now patched) affected not tens of thousands, but millions of Instagram users.
4. Instagram passwords exposed again
Actually, that was not the first time Instagram users learned they could’ve had their passwords leaked. Several months earlier, Instagram’s “Download Your Data” feature was discovered to contain a security flaw (now patched) that could have inadvertently exposed some Instagram passwords. If someone submitted their login information to use the feature, their password was included in a URL in their Web browsers and — again — stored on Facebook’s servers in plain text.
5. Facebook requested e-mail passwords and scraped contacts
Facebook scraped the e-mail contacts of 1.5 million users without their consent. Wait, it’s actually a bit more complicated than that. Here’s the story: Facebook was asking a subset of newcomers to verify their identities by providing passwords to their e-mail accounts. When the news broke, many thought it was an April Fool’s joke; no savvy Internet surfer could even imagine granting a third party access to their e-mail communications. Unfortunately, it was not a joke. And many fell for it.
Facebook insisted it didn’t access the contents of the users’ e-mails, just — unintentionally — scooped up their e-mai contacts. In total, the address books of 1.5 million users have been harvested. But given that people’s contact lists may have hundreds of contacts, the final number of those whose contact details were obtained this way may well be in the tens of millions. The company says it used the data to improve ad targeting, build Facebook’s web of social connections, and recommend new friends to users.
6. 2FA with Facebook, a tool for advertisers
Of course, we all want to keep our accounts safe, and two-factor authentication seems like an ideal way to do that. But even here, potential issues arise. For example, the phone number you provide when enabling two-factor authentication for your Facebook account will be automatically associated with your profile — without an opt-out option. As a result, anyone, regardless of whether they even have an account, can look up your user profile based on this phone number. Bonus: Facebook might also target the number with ads.
7. Your contacts are never safe from advertisers
As we mentioned tangentially above, Facebook and Instagram were giving advertisers access to contact information that users hadn’t even stored on Facebook! In other words, advertisers were (and, probably, still are) targeting us relying not only on the e-mail addresses and phone numbers we indicate on our “contact and basic info” page, but also on other data.
This data can include the phone number (if any) you put in for 2FA purposes and the junk e-mail addresses you hand over for discounts or for furtive online shopping. Also, if any of your contacts chooses to share (“synchronize”) their contacts with Facebook or uploads their address book to Facebook — to “find friends” — and their contact list includes a phone number of yours, even if you never entered that information anywhere on Facebook, advertisers will be able to target you with an ad using that phone number.
8. More Facebook data shared with advertisers
Facebook was tapping users’ data as leverage over companies it partnered with, leaked internal documents showed. For example, Amazon.com, which was spending significant sums on Facebook advertising, could obtain users’ names and e-mail addresses through their friends (as could Sony, Microsoft and many others).
Microsoft’s Bing search engine was allowed to see the names of virtually all of our Facebook friends without our (or their) consent. Netflix, Spotify, and the Royal Bank of Canada were given privileges to read, write, and delete our private messages, and to see all of the participants on a thread. Apple devices had access to the contact numbers and calendar entries even of people who had changed their account settings to disable all sharing.
The companies involved stated they never misused the data they accessed, and some said they didn’t even know they had such “extended” rights.
9. Facebook Marketplace leaked sellers’ exact locations
A flaw (now patched) in Facebook’s digital marketplace was exposing sellers’ exact locations (precise latitude and longitude coordinates), and by extension, their goods. To see the location, it wasn’t even necessary to log in to Facebook, leading some researchers to call the service “a shopping list for thieves.” That was especially worrying for those who were selling expensive bicycles, because those are a tasty morsel for criminals, and Marketplace was basically giving those bikes away to them by exposing the sellers’ location.
10. Facebook data exposed — by a third party
Two databases containing Facebook users’ information were found on the open Web, storing the data in plain text, allowing absolutely anyone to access and download it. One set of data came from a Facebook game application called “At the Pool,” which fell into disuse a long time ago. The second one, containing more than 540 million records, belonged to Cultura Colectiva, a Mexican media company operating throughout Latin America. Both exposed databases included the names and e-mail addresses of users, their friends’ lists, likes, comments, and all kinds of details that serve as means to analyze preferences and interests.
Although the information was not particularly sensitive, and Facebook’s own staff had nothing to do with the exposure, it still raised (again) questions of how Facebook is sharing users’ data with third parties, and echoed the Cambridge Analytica scandal that kicked off this post.

Sunday, 19 May 2019

POTJIE COMPETITION 9th June 2019


INVITATION    
Annual Potjie Competition 2019
(This event has been extremely popular for more than 20 consecutive years)
2019 Potjie competition
DATE:            9th June 2019
TIME:             9h00 at latest for competing teams and any time after 12h00 for visitors.
Judging should be completed about 13h00 or soon after. Many teams and visitors do a breakfast such as bacon and egg rolls whilst socialising during the early part of the day.
VENUE:         Beachwood Mangrove Swamps.
DETAILS:      This has been a very popular, well attended event for many years. The Potjie teams are seriously competitive and determined to win one of the prizes, the first prize being the floating trophy engraved with the name of the winning team. This event will hopefully be the 26th consecutive year without bad weather
COST:            Two different cost structures apply.
Team Members: R30-00 per team member with max team size of 6 and
Visitors:              R60-00 per person with the opportunity to taste all the teams products after the judging has been completed.
RAFFLE     Yes, of course!  Always worth winning.    Contents  significantly worth more.than ever before!
TOURS:         Why not go on a Ezemvelo KZN Wildlife tour, managed by Lynne Johnson’s voluntary tour guide team. 
RULES:         Preferably a No. 3 or No. 4 Pot and all cooking must be done on site.. Food prepping may be done at home. Gas or charcoal/briquettes may be used for cooking.

Bring your own picnic tables and chairs, crockery, cutlery and umbrellas and of course beverages. Believe it or not, water is also a beverage.

Teams must register providing a team name and names of team members. Teams and all visitors must book with Dave or Eleanor Brosnihan or other committee members listed below by 7th June 2019.




To avoid delays in the judging process the number of teams has been  limited. Book early!
Tasting of specific team’s pots will be announced in batches rather than having to wait until all judging is complete.  - SEE NOTICE BELOW
Committee
David / Eleanor Brosnihan   031 314 4630  083 309 6597
Robyn Geisler                    031 765 7212  082 925 5690
Glenda Dee                       031 765 2090  078 174 2529
Geoff / Gina Marder            031 764 5949   083 269 1691
   Jane Murray          031 209 6408   082 454 6888
  
Lynne Johnson      031 572 2874   082 921 3006
  
Andy Tribe            031 262 6819   073 808 9986
  
Bert Tuhi                                     082 491 5651


This is a low cost event and any excess income becomes available for
administrative costs and more importantly towards funding our annual charity.

PLEASE NOTE!
In recent years there has been some confusion as to when those wishing to taste the various competing teams can allow their potjies to be sampled.

The adopted policy for this year is that when a potjie has been judged and that team has put aside their individual portions it will be ready for sampling.

However to preselect a sequence of readiness is not possible due to variances is the estimated cooking and judging times.
A scramble to taste the 1st potjie can negatively affect all tasters to sample that delicacy.

This year we will hold back until at least 3 or 4 potjies are ready and there after a steady flow should become available.

As and when each additional potjie becomes available an announcement will be made giving the location and team name