Connect with us
Cybersecurity 101 Cybersecurity 101

Technology

Cybersecurity 101: Changing Your Facebook And Instagram Passwords Amid The Facebook Password Leak

Published

on

ad1

Facebook confirms Thursday last week that hundred and millions of user passwords were being stored in a “readable form” that allows thousands of its employees to access and understand it. While Facebook has already notified the users affected by the password leak, the California-based tech company has assured that none of its employees violated any privacy protocols in handling the exposed database.

Facebook’s Pedro Canahuati, vice president of engineering for security and privacy, initially referred to “some” user passwords that were accessible to Facebook employees. A paragraph later, he revealed that “hundreds of millions of Facebook Lite users, millions of Facebook users, and tens of thousands of Instagram users” would be notified.

Facebook said that the issue is an internal one. “To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati wrote.

There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” he added.

Those who were affected by the said data leak are advised to change their passwords. And if you are one of those with an exposed password, you should do it now.

HOW TO CHANGE FACEBOOK PASSWORD

To change your password on Facebook if you’re already logged in:

  1. Click account settings in the top right corner of any Facebook page and select Settings.
  2. Click Security and Login.
  3. Click Edit next to Change Password.
  4. Enter your current password and new password.
  5. Click Save Changes.

If you’re logged in but have forgotten your password, follow the steps under Change Your Password then click “Forgot your password?” and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.

To reset your password if you’re not logged in to Facebook:

  1. Go to the Find Your Account Page.
  2. Type the email, mobile phone number, full name or username associated with your account, then click Search.
  3. Follow the on-screen instructions.

If you’re still having trouble resetting or changing your password, it’s better to contact Facebook support for help.

Furthermore, the leak also affected Instagram users. If you have been messaged by Facebook to notify you that your Instagram account was one of those with exposed passwords, you should also change your password as soon as possible.

HOW TO CHANGE YOUR INSTAGRAM PASSWORD

If you’re able to log into your account and know your current password, you can change it from your Settings:

  1. Go to your profile and tap the button in the top right.
  2. Tap Settings > Privacy and Security > Password.
  3. Enter your current password and then enter your new password.
  4. Tap Save or the check button in the top right.

Instagram also urges people to use strong passwords by using a combination of at least six numbers, letters and punctuation marks (like! and %).

While the concept of a “strong password” is clear to some, there are still people who create passwords that are relatively weak. The password strength indicator that some services have is not even accurate. If you’re one of those who is struggling to create a strong password, here’s a few tips.

HOW TO CREATE STRONG PASSWORDS

According to Chris Hofman, the following are the best practices to make sure that your passwords are strong:

Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.

Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.

Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.

Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

Conclusion:

If you have been notified by Facebook that your account password was included in the data breach, change it as soon as possible. Also, even if you’re not part of that breach, it’s also advisable to change your passwords as well (for an added layer of protection). All you have to remember is to make sure that your new password is stronger than your previous one. /apr

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Apps

Wireless Networks are throttling video streaming 24/7

All because of competition, and not due to internet congestion.

Published

on

Photo by Markus Spiske on Unsplash
ad1

U.S. wireless networks assert the need to throttle down internet speeds to avoid network congestion and make internet access well-distributed to all users. However, a recent study debunks this claims, saying that wireless carriers throttling internet speed is prevalent — and it’s not because of congestion.

Researchers from Northeastern University and the University of Massachusetts Amherst conducted more than 650,000 tests in the U.S. found out that internet service providers are throttling different services with a bias to other services — a violation of the basic tenet of net neutrality.

The researchers uncovered that from early 2018 to early 2019, AT&T Inc. throttled Netflix Inc. 70% of the time and Google’s YouTube service 74% of the time. Even if AT&T claims that this move is to make sure that there will be no network congestion, it appears that this claim is not the reason for throttling Netflix and Youtube, as researchers discovered that, at the same time, the wireless carrier did not touch the internet speed when people use the services of Amazon.com Inc.’s Prime Video at all.

Conversely, T-Mobile U.S. Inc. slowed down the internet speed for Amazon’s Prime Video at least 51% of the time without throttling Skype and Vimeo, the researchers said in a paper entitled “A Large-Scale Analysis of Deployed Traffic Differentiation Practices,” to be presented in an industry conference this month.

The researchers of the study, namely, Fangfan Li, Alan Mislove, and David Choffnes from Northeastern University, together with Arian Akhavan Niaki, and Phillipa Gill from University of Massachusetts Amherst, said that wireless companies are throttling internet speeds all the time, and the practice is very “pervasive.”

“They are doing it all the time, 24/7, and it’s not based on networks being overloaded,” said David Choffnes, associate professor at Northeastern University and one of the study’s authors.

The authors of the study denounce the claims made by wireless carriers that internet speed should be sacrificed to serve everyone. While it is true that slowing down internet speeds per user could ease congestion in the network, the researchers claimed that based on their results, carriers like Verizon Communications Inc., AT&T, and T-Mobile are doing it for a different reason.

Furthermore, the researchers raise how these practices violate the principle of net neutrality, where internet service providers should not discriminate based on user, app, or content — meaning, no matter what service a user is accessing on the internet, it should be treated equally, with similar internet speed allocation as other services.

“Net neutrality has been the subject of considerable public debate over the past decade. Despite the potential impact on content providers and users, there is currently a lack of tools or data for stakeholders to independently audit the net neutrality policies of network providers,” reads the study manuscript.

In the past, the FCC has attempted to safeguard net neutrality and has voted a regulation that would make sure that internet service providers will abide by the net neutrality principles. But, was later abolished by the Republican FCC after President Donald Trump was elected in 2016.

The study uncovered that wireless network providers are throttling internet speed with particular distinction in video streaming services. While different internet service providers throttle sites differently, there is a consensus that they are throttling, mostly video streaming services.

“We found that most throttling targets video streaming and that there is a wide range of throttling implementations detected in our dataset. In addition, we investigated the impact of throttling on video streaming resolution, finding that while throttling does limit video resolution, it is also the case that default settings in video streaming apps in some cases are the primary reason for low resolution,” the researchers said in the study.

But Choffnes said that these discrepancies they found could be a result of errors, as some carriers haven’t been able to detect and limit some video apps after they made technical tweaks.

“They may try to throttle all video to make things fair, but the internet providers can’t dictate how the content providers deliver their video,” Choffnes said. “Then you have certain content providers that get throttled and some that don’t,” he added.

Nonetheless, the researcher pointed out that net neutrality is an issue that should not be forgotten, and that is the reason why they are motivated to share their results publicly.

“‘It’s important to keep publishing the work,” Choffnes said. “It would be nice if this is not completely forgotten. At least when ‘there’s an appetite for legislation on this topic, we’ll have the data.”

Continue Reading

Gadgets

Apple iPhone 11 rumored to unveil on September 10

A13 chips?

Published

on

ad1

The announcement date for the iPhone 11 is said to be found on the beta version of its new operating system. This news follows Apple’s release of iOS 13’s beta version to developers last August 15.

Within the seventh beta version of iOS 13, there is an asset labeled “HoldForRelease” that suggests the latest iPhone models could be announced on September 10. The image found in the systems files indicating the said date was first spotted by iHelpBR.

In 2018, just before the official event date for the iPhone was revealed, a similar leak happened to Apple. The leak indicated that the launch of the iPhone XS, iPhone XS Max, and iPhone XR would fall on September 12. The prediction proved to be correct.

Apart from the announcement date, there have been rumors that the newest iPhone line would be released on September 20. The president of Japan’s Softbank Ken Miyauchi implied that the new iPhones would be unveiled during the Apple keynote event on September 10, and they will be released to the market ten days after.

In the past four years, Apple has scheduled the release event in September. The Cupertino-based tech giant has been holding its iPhone event either on the second Tuesday or Wednesday of the month.

It is unlikely that Apple would be hosting the said event on September 11. This makes September 10 as the most probable date. If the rumor proves to be accurate, pre-ordering would most likely start on September 13, and shipping would begin a week after.

While Apple’s announcement is only a few weeks away, there have been leaks and tips regarding the names of the latest iPhones. According to phone case company, ESR, the newest phones would be called iPhone 11, iPhone 11 Pro, and the iPhone 11 Pro Max.

With the growing anticipation for the release of the 2019 Apple iPhone models, the question of what these smartphones can offer is brewing. Apple has recently experienced a 12% decrease in iPhone sales, and it has reported a dip in its quarterly profit as well.

Its rivals — Samsung, Google, and Huawei — recently released their latest smartphones, and they are priced cheaper compared to Apple’s recently released iPhones. With these issues at hand, Apple is expected to deliver a product that can attract new customers and keep its current users.

According to analysts, they don’t see major changes in the iPhone 11. The more extensive changes would be happening in 2020. This might include features like 5G support and 120Hz OLED Retina display.

One of the biggest changes being anticipated with the release of iPhone 11 is its camera set-up. In a Bloomberg report made in January 2019, it seems Apple would be giving at least one of the 2019 iPhone models three rear-facing lenses. This feature would allow the phone to take greater and better wide-angle shots.

The iPhone 11 is rumored to come in four different colors — gold, white, black, and dark green. There are also reports saying that Apple will be dropping the 3D Touch feature this year. Apple might be incorporating a new Haptic Touch technology dubbed as “leap haptics.”

If your other Apple device is running out of battery, the iPhone 11 might be able to give it some juice through its bilateral charging feature. Similar to Samsung’s Galaxy 10 phones, and their ability to power the Galaxy Watch Active and Galaxy Buds, you can use the iPhone 11 to charge the 2019 Apple AirPods or other iPhones.

There is a prediction going around that the 2019 iPhone models would include larger batteries. This means that there is a possibility that their battery life would be much better compared to the older iPhone models.

When it comes to the phone display, Apple is likely offering another LCD phone this year. In last year’s release, the iPhone XR had an LCD display while the iPhone XS and XS Max had high-resolution OLED displays.

With last year’s iPhone releases, the smartphones were equipped with the highly-powerful A12 Bionic chip. Rumors are saying that the iPhone 11 might be powered by a processor that’s quite similar to the one found in the iPad Pros called the A12X. Apple could also be using the new A13 chip.

Continue Reading

Cybersecurity

Kaspersky Antivirus zero-day could ironically allow hackers to track users

Kaspersky has already issued a patch to resolve the vulnerability.

Published

on

Photo: David Orban | Flickr | CC BY 2.0
ad1

A German journalist discovered a flaw in the system of Kaspersky Lab’s antivirus that led to a significant security risk which allowed cybercriminals to track Kaspersky customer without their knowledge.

This all started when Ronald Eikenberg began testing antivirus programs for his own publication. A few months later he discovered that on a website, Kaspersky’s antivirus has been injecting some code. Eikenberg said that it seems that Kaspersky is trying to find ways in interacting with the site even though there is no browser extension on the system.

“One of the purposes of the script is to evaluate Google search results displayed in the user’s browser. If a link is safe, the Kaspersky software will display a green shield behind it,” he added.

In this era, most of the companies and websites would require tracking users across the internet to identify them and learn their interest to provide the target advertisements to be shown to them. Usually, this would require 3rd-party cookies, and this would allow even Facebook or Google to track your movement throughout multiple websites.

The problem however when using Kaspersky Antivirus is that it exposes a user by tagging them with a unique identifier that will record and keep track of what you visited in the past four years, which would allow some sites and third-party services to track them even though users have already blocked them. This will be putting the users at risk since everything that the user does is being monitored or kept track of.

“That’s a bad idea because other scripts that run in the context of the website domain can access the HTML code at any time—and thus the injected Kaspersky ID. This means in plain language that any website can simply read the Kaspersky ID of the user and misuse it for tracking,” the researcher says.

Instead of using unique identifiers, they were given a specific ID assigned to a particular computer; thus, it does not change after several days.

This attack could lead to scamming people by either asking their personal information or bank account information through the form of a payment system. One good example would be that a pop-up will show up and say ‘your license has expired, please enter your credit card information to renew your subscription.’

This process would affect multiple users that are using Kaspersky Antivirus. 

There was a patch that was issued last month to update all Kaspersky antivirus program for all the user of a specific version. However, there is still a version of the security tool that still allows a malicious hacker to know that antivirus software is installed on the machine.

Another way to somehow mitigate the problem is to manually uncheck in the software settings depending on the situation that you feel you are being spied on.

Kaspersky has already removed the unique identifiers for the GET request to enhance somehow the process of checking web pages when it comes to malicious activity. The change was provoked by Eikenberg after he notified Kaspersky about the possible risk of personal information disclosure when using unique identifiers for the GET request.

A statement released by Kaspersky revealed that based on their research, there is a minimal chance that this could be carried out in practice, but it is theoretically possible to happen. The complexity of the program would help fend off the leak of private information and also its low profitability would somehow be a discouragement for the hacker. 

Nevertheless, the company would still need to improve their system in order to prevent further mishaps, the private information that should be protected by the company is a due responsibility that should not be taken short for. Thus it is a severe issue if Kaspersky does not resolve the problem at hand right away. 

On a brighter note, if users want to disable tracking altogether, they can manually disable the URL advisor feature from the settings – additional – network- uncheck traffic processing box. This procedure will allow the user to be safe and not be monitored for the meantime while using the said application.

Users of specific tools that sole purpose is to protect our information and protect the user, having this kind of issue will bring distraught to the public in trusting some of the protection programs to install on their devices.

Continue Reading

Trending