Tag Archives: Identity management

A Complete Guide to Not Getting Hacked

August 21, 2021 Admin Leave a comment

Photo: Shutterstock (Shutterstock)

Go Off the Paranoia-Soaked Deep End and Lose Your Mind

Look, the truth is this—you can do all this stuff and still have your privacy and data completely wrecked. Hackers can still get in. Whatever Western government you’re living under can probably still target you with eye-of-Sauron-level surveillance. The social media company holding your data can misconfigure its databases and leave your email address and phone number exposed. In reality, it’s a wash.

However, if you really want to be totally safe and make sure your personal information is protected, I’ve thought about it and there are a couple of additional steps you can take. Here they are:

— Drink heavily and ruminate on the madness of the modern world.

— After a nightcap or three, go to the nearest window and throw your stupid computer out of it while screaming “I’M MAD AS HELL” like Peter Finch in Network.

— Escalate things and murder your phone. Desolder the fucker, smash it to pieces with a ball-peen hammer—then burn the parts in a ritualistic conflagration in the backyard. Later, siphon the phone’s ashes into a little glass vial and hang it around your neck to remind you of your triumph over evil.

— Cancel your lease, sell your earthly possessions and just drive. Where? It doesn’t matter. You just have to get out of there.

— Live in a tent in an unincorporated territory and read books and river bathe. Learn to enjoy the simple things—like the sound of crickets at night, the majestic sight of a buck as it traipses across the prairie, and your own body odor.

— Pray that someday, in some as yet unseen American future, your congressional leaders will grow real, actual testicles and introduce laws to regulate the dystopian corporate monsters that have swallowed the world and eradicated human privacy.

— Weep for humanity.

Read original article here

Technology

Twitter Has Stopped Rolling Out Verification Applications Again

August 14, 2021 Admin Leave a comment

The Twitter logo is seen on a sign at the company’s headquarters in San Francisco, California.

Photo: Josh Edelson / AFP (Getty Images)

This year, many of those longing for a blue checkmark on Twitter were filled with hope when the company reopened its public verification process for the first time in almost four years. That hope was short-lived, though, as Twitter proceeded to pause the process, only to reopen it again in June. Well, shockingly, Twitter has paused access to verification again.

The company’s official Twitter Verified account tweeted on Friday that it was temporarily stopping its verification access rollout once more in order to make improvements to the application and review process. Considering the recent incident in July when Twitter verified six fake accounts—including one of an adorable cat in a bucket—that reportedly started sending out Korean-language spam, its decision to pause the process again makes sense.

“We’ve temporarily hit pause on rolling out access to apply for Verification so we can make improvements to the application and review process,” the Twitter Verified account said. “For those who have been waiting, we know this may be disappointing. We want to get things right, and appreciate your patience.”

As reported by the Verge, this doesn’t mean that Twitter won’t verify your account if you’ve already submitted an application. Twitter Verified said on Friday that it was working on reviewing all of the applications it had received as fast as it could. In fact, not everyone on Twitter is able to request for verification yet because the company has slowly been rolling out access to the application.

G/O Media may get a commission

A Twitter spokesperson told the outlet that it would “resume rolling out applications in the next few weeks.” Hey, at least that’s a sort-of timeline.

The news is no doubt frustrating and annoying to those who want a blue checkmark. I realize that I’m speaking from a place of “privilege” (I guess) since I have a blue checkmark, but you gotta wonder if people who qualify for a blue checkmark will ever get one. It seems like there’s always something going on with verification, from not taking applications for years to pausing because there are too many applications.

At this point, you probably have to be extremely lucky to put in an application at a time when things aren’t going haywire in the verification department, which is not exactly an easy task. If you’re not very lucky, don’t fret. Blue checkmarks may be coveted now, but who knows what will be hip in the future. Maybe we won’t even be on Twitter.

Read original article here

Technology

Twitter to Add More Context to Rejected Verification Requests

July 10, 2021 Admin Leave a comment

Photo: Alastair Pike (Getty Images)

Now when Twitter rejects your request for that coveted blue checkmark, it’ll be personal. The social media platform announced on Friday plans to provide users with a more thorough explanation of why they failed to meet its verification requirements, as opposed to just firing off generic rejection emails.

“We’ve heard your feedback that we can be more clear on why an application didn’t get approved. Decision emails will now give more context on why requests don’t meet our criteria,” Twitter wrote.

This announcement comes after Twitter relaunched its public verification process in May for the first time since 2017… and then promptly hit pause on it again after being flooded with verification requests. All the while, Twitter quietly opened up the process to certain companies, brands, news organizations, activists, and other accounts that it’s deemed worthy of a blue checkmark.

Twitter said Friday that it’s slowly been rolling out public access once more to keep from overwhelming its team, and the option to apply will soon be available to all users. With this in mind, it’s working to make the entire process more transparent, such as by adding additional context to rejection emails.

“[We] know that generic rejection emails were confusing and frustrating for folks, so getting more specific information into the emails about verification decisions has been a top priority for our team,” said Twitter product lead of verification B Byrne.

G/O Media may get a commission

Twitter also said it plans to add more explicit guidelines within the application and will continue to incorporate feedback about how to make the verification process more user-friendly.

“Patience isn’t part of the criteria, but we appreciate yours,” Twitter wrote.

So if you (like me) are still among the checkless plebs, look on the bright side! At least Twitter will explain why you aren’t worthy of verification the next time it turns you down.

Read original article here

Technology

Uninstall These Malicious Android Apps That Stole Facebook Passwords

July 4, 2021 Admin Leave a comment

Photo: sitthiphong (Shutterstock)

Researchers from Dr. Web have found nine apps with more than 5.8 million combined downloads that were sneakily stealing user’s Facebook passwords using a genuine Facebook login page. As of writing, Google has banned the developer and removed these nine apps from the Play Store, but if you’ve downloaded any of them, it’s time to change your passwords.

How did the apps steal the data?

According to the researchers at Dr. Web, the developer, chikumburahamilton, created fully functional apps for photo editing, exercising, horoscopes, and junk cleaning (among others). After a point, these apps would prompt users to log in using Facebook to unlock the full functionality of the app.

When users did that, the app would kick in their own C&C server (a Command-and-Control server controlled by the developer used to copy and store data from a webpage). After receiving the settings from the C&C server, the app loaded then loaded the legitimate Facebook login page.

Then, the app loaded the JavaScript received from the C&C server into the Facebook login page (JavaScript code is versatile and can be inserted at any point, even when a user just taps on a text field). This Javascript code was then used to copy the username and password.

G/O Media may get a commission

The JavaScript then passed the copied data to the application, which in turn passed it to the app’s C&C server, where it was saved. Once the user logged in to the application, the app also stole cookies from the current authorized session, which were in turn sent to cybercriminals.

In this instance, the apps only used Facebook’s genuine login page. But because of the way JavaScript and C&C servers work, they could have easily done this with any service requiring you to log in.

What can you do about it?

The first thing you should do is to check if you were running one of these nine apps:

PIP Photo
Processing Photo
Rubbish Cleaner
Inwell Fitness
Horoscope Daily
App Lock Keep
Lockit Master
Horoscope Pi
App lock Manager

If you have any of these apps installed, the first step is to uninstall the application.

Then, if you used Facebook login with the app, you need to reset your password immediately.

Next, stay vigilant. Use a trusted anti-virus application like Malwarebytes to detect apps with malicious code. If possible, avoid connecting third-party services like Facebook with random apps downloaded from the Play Store. Because of the way Play Store works, it’s trivially easy for developers to reenter and resubmit apps even after they are taken down (a developer license only costs $25).

Lastly, turn on two-factor authentication for any site that allows it, and pair it with a password manager. This will help you generate and store long passwords securely. And even if a website leak reveals your password, two-factor authentication will protect you from hackers.

[Ars Technica]

Read original article here

Technology

Why You Should Switch From LastPass to Bitward’s Password Manager

February 18, 2021 Admin Leave a comment

Whether you’re looking to make a change in your password management just because, or you’re a LastPass user annoyed with the service’s recent changes to its free tier, switching to the much-loved (and free) Bitwarden service is a good choice. Bitwarden is now the best free password manager for most people—since it works across all of your devices to add convenience and security to your logins—and setting it up is quick and easy.

To get started, head to Bitwarden’s site and create an account. It’s free to do, and all you need to worry about is giving yourself a solid master password. Make it a good one, and one that you don’t use anywhere else, because it’ll be one of the gatekeepers for all of your other passwords that you’ll store on the service. Once you’ve created your account and logged in, make sure you verify your email address using the option in the upper-right corner.

Screenshot: David Murphy

If you’re coming from another service—like LastPass, for example—you’ll want to find a tool you can use to export your passwords. On LastPass, this is tucked away under the Advanced Options link at the bottom; exporting your passwords basically transforms them into a simple .CSV list.

Screenshot: David Murphy

G/O Media may get a commission

You then copy the list (which I’m not screen-shotting, for obvious reasons) directly into Bitwarden via the Tools menu > Import Data.

Screenshot: David Murphy

Your passwords will all appear in your main screen, and should also synchronize to your various Bitwarden apps the next time you go to use them. To edit any of your passwords, simply click on the hyperlink for a given site or service. You can also use the gear icon that appears when you hover over each listing to copy your user name or password directly to your clipboard.

Screenshot: David Murphy

Those are the basics of Bitwarden, but you’re not quite done yet. Click on the profile image in the upper-right corner and select My Account. From there, click on Two-step login in the left-most sidebar.

Screenshot: David Murphy

Here is where you’ll set up two-factor authentication for your account—this isn’t required in order for you to use Bitwarden, but it’s highly recommended to keep your account secure from unauthorized logins. You can choose to have 2FA codes emailed to you to verify any login attempts, but I recommend you use an authenticator app instead. They’re similarly easy to set up, and act like a password manager for all your two-factor authentication tokens.

You might also want to visit the Options link on the lefthand sidebar, which will let you adjust your Vault timeout—as in, how long it’ll stay open from the last time you accessed it. Go past that time, and you’ll have to enter your password once again. Turn this down if you’re on a shared computer, and consider turning it up a bit if you’re feeling especially secure in your setup.

Screenshot: David Murphy

After that, grab all the Bitwarden apps and extensions you’ll need for your devices and browsers. Installing them is easy, and they grant you access to everything you’ve stored in your Bitwarden vault. In the case of your browser, for example, you’ll simply need to right-click on a password prompt to pull up your Bitwarden autofill:

Screenshot: David Murphy

And that’s it. Bitwarden’s free version doesn’t offer a ton of features—no checking your saved passwords for leaks, for example—but it does give you an quick and easy way to synchronize passwords across all your devices. What’s not to like?

Read original article here

HeadlinesCurator

Tag Archives: Identity management

A Complete Guide to Not Getting Hacked

Uninstall These Malicious Android Apps That Stole Facebook Passwords

How did the apps steal the data?

What can you do about it?

Why You Should Switch From LastPass to Bitward’s Password Manager

The Ultimate News Site