You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.
Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.
So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.
The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.
Photo by Sam Catanzaro @ Flickr
The Sony hack of late 2014 sent shock waves through Hollywood that rippled out into the rest of the world for months. The ironic hack of the dubious surveillance software company Hacking Team last summer showed no one is immune to a data breach - not even a company that specializes in breaking into systems. After a big hack, some of the first questions asked are how the attacker got in, and whether it could have been prevented. But today we're asking a different question: whether, once the attacker was already in the network, the breach could have been detected. And stopped. Here's why: Advanced attacks like the ones that hit Sony and Hacking Team are carried out by highly skilled attackers who specifically target a certain organization. Preventive measures block the great majority of threats out there, but advanced attackers know how to get around a company's defenses. The better preventive security a company has in place, the harder it will be to get in…but the most highly skilled, highly motivated attackers will still find a way in somehow. That's where detection comes in. Thinking like an attacker If an attacker does get through a company's defensive walls, it's critical to be able detect their presence as early as possible, to limit the damage they can do. There has been no official confirmation of when Sony's actual breach first took place, but some reports say the company had been breached for a year before the attackers froze up Sony's systems and began leaking volumes of juicy info about the studio's inner workings. That's a long time for someone to be roaming around in a network, harvesting data. So how does one detect an attacker inside a network? By thinking like an attacker. And thinking like an attacker requires having a thorough knowledge of how attackers work, to be able to spot their telltale traces and distinguish them from legitimate users. Advanced or APT (Advanced Persistent Threat) attacks differ depending on the situation and the goals of the attacker, but in general their attacks tend to follow a pattern. Once they've chosen a target company and performed reconnaissance to find out more about the company and how to best compromise it, their attacks generally cover the following phases: 1. Gain a foothold. The first step is to infect a machine within the organization. This is typically done by exploiting software vulnerabilities on servers or endpoints, or by using social engineering tactics such as phishing, spear-phishing, watering holes, or man-in-the-middle attacks. 2. Achieve persistence. The initial step must also perform some action that lets the attacker access the system later at will. This means a persistent component that creates a backdoor the attacker can re-enter through later. 3. Perform network reconnaissance. Gather information about the initial compromised system and the whole network to figure out where and how to advance in the network. 4. Lateral movement. Gain access to further systems as needed, depending on what the goal of the attack is. Steps 2-4 are then repeated as needed to gain access to the target data or system. 5. Collect target data. Identify and collect files, credentials, emails, and other forms of intercepted communications. 6. Exfiltrate target data. Copy data to the attackers via network. Steps 5 and 6 can also happen in small increments over time. In some cases these steps are augmented with sabotaging data or systems. 7. Cover tracks. Evidence of what was done and how it was done is easily erased by deleting and modifying logs and file access times. This can happen throughout the attack, not just at the end. For each phase, there are various tactics, techniques and procedures attackers use to accomplish the task as covertly as possible. Combined with an awareness and visibility of what is happening throughout the network, knowledge of these tools and techniques is what will enable companies to detect attackers in their networks and stop them in their tracks. Following the signs Sony may have been breached for a year, but signs of the attack were there all along. Perhaps these signs just weren't being watched for - or perhaps they were missed. The attackers tried to cover their tracks (step 7) with two specific tools that forged logs and file access and creation times - tools that could have been detected as being suspicious. These tools were used throughout the attack, not just at the end, so detection would have happened well before all the damage was done, saving Sony and its executives much embarrassment, difficult PR, lost productivity, and untold millions of dollars. In the case of Hacking Team, the hacker known as Phineas Fisher used a network scanner called nmap, a common network scanning tool, to gather information about the organization’s internal network and figure out how to advance the attack (step 3). Nmap activity on a company internal network should be flagged as a suspicious activity. For moving inside the network, step 4, he used methods based on the built-in Windows management framework, PowerShell, and the well-known tool psexec from SysInternals. These techniques could also potentially have been picked up on from the way they were used that would differ from a legitimate user. These are just a few examples of how a knowledge of how attackers work can be used to detect and stop them. In practice, F-Secure does this with a new service we've just launched called Rapid Detection Service. The service uses a combination of human and machine intelligence to monitor what's going on inside a company network and detect suspicious behavior. Our promise is that once we've detected a breach, we'll alert the company within 30 minutes. They'll find out about it first from us, not from the headlines. One F-Secure analyst sums it up nicely: "The goal is to make it impossible for an attacker to wiggle his way from an initial breach to his eventual goal." After all, breaches do happen. The next step, then, is to be prepared. Photo: Getty Images
Little changes can make a difference. For instance, Twitter's decision to switch a star for a heart as its "Favorite" button increased use of the button by as much as 27.82 percent. And it's clear that despite Wall St. demanding that site grow faster and be easier for new users to grasp to have some hope of keeping up with competitors like Facebook and Snapchat, the site is still sweating the small stuff. Here are the four changes to the service announced this week: Replies: When replying to a Tweet, @names will no longer count toward the 140-character count. This will make having conversations on Twitter easier and more straightforward, no more penny-pinching your words to ensure they reach the whole group. Media attachments: When you add attachments like photos, GIFs, videos, polls, or Quote Tweets, that media will no longer count as characters within your Tweet. More room for words! Retweet and Quote Tweet yourself: We’ll be enabling the Retweet button on your own Tweets, so you can easily Retweet or Quote Tweet yourself when you want to share a new reflection or feel like a really good one went unnoticed. Goodbye, .@: These changes will help simplify the rules around Tweets that start with a username. New Tweets that begin with a username will reach all your followers. (That means you’ll no longer have to use the ”.@” convention, which people currently use to broadcast Tweets broadly.) If you want a reply to be seen by all your followers, you will be able to Retweet it to signal that you intend for it to be viewed more broadly. These tweaks are in line with Twitter's tradition of paying attention to how people use the site and make it easier for them to do what early adopters are already doing. That's how we got hashtags, retweet buttons and @ replies. Now you'll be able to tweet a bit longer messages, something people do now with screenshots of text, and have more public conversations, something people do now by putting a "." before someone's @username so their whole feed sees the conversation not just people who happen to follow you and the user you're conversing with. Cool. These are useful little nudges that will keep people who already love the site engaged -- even though they may have some ugly unforeseen consequences. But will they transform Twitter and spark a new wave of growth? Not likely. What would without alienating the hundreds of millions of loyal users? Tough question and we'd like to know what you think. [polldaddy poll=9429603] Cheers, Jason [Image by dominiccampbell | Flickr]
Allegations that Facebook "suppressed" conservative news, first reported by Gizmodo, quickly snowballed into broader charges that Facebook "censors" viewpoints its employees doesn't like. Facebook is the first access point to the internet for hundreds of millions if not a billion people around the world. And for millennials in the U.S., it is their primary source for political news. Some have suggested that the site could actually tilt the 2016 U.S. presidential election. Hence Facebook takes these allegations and the damage they've done to Facebook's image among conservatives seriously. Users will never be able to control the "Trending" section of the site, which Facebook insists is handled objectively as possible through curators (and, apparently, a lot of help from Google). But you do have some control over your news feed, which is generated by Facebook's algorithm "Edgerank." There are things you can do to influence your feed in hopes of seeing a diverse flow of information that doesn't simply confirm your biases. Here are 5: Get rid of the noise. Go to https://www.facebook.com/friends/organize and add the people you want to get less news from to your "acquaintances" list. You'll see their posts a lot less often and -- best of all -- they'll have no idea you've demoted them. Let Facebook do less of the picking for you. On the left column of your home page, under Favorites, next to News Feed click the arrow and select "Most Recent". This won't turn off Facebook's algorithm completely, but it will make it more likely you'll see a diversity of sources in your feed. Trust someone. Find a few people you respect who have a different political leanings than you and ask them for one Facebook page to follow. Just one? That's enough. Once you like the page, Facebook will help from there by suggesting a few pages with similar leanings. Of course, you're relying on Facebook's recommendations. But if you don't trust Facebook at all, this would be a good time to delete your account. Prioritize the new blood. Click on the down arrow in the upper right corner of any Facebook page and select "News Feed Preferences" and then select "Prioritize who to see first" and then on the dropdown menu select "Pages only." Now click on those new pages you just added to your stream -- along with the other valuable news sources you think help keep you informed. 5. Teach Facebook what you like. When you see something you like, click on it, comment on it, interact with it. Facebook exists to keep you in Facebook and will reward your clicks with similar content. And if you get a post you don't like, you can tell Facebook by clicking on that subtle little down arrow, which will show you this: Yes, you're sort of "censoring" your feed. But at least it's you doing it. Cheers, Jason [Image by Turinboy | Flickr]