Data breaches, not so smart devices, privacy learning games for kids and cloned debit cards
Welcome to Cyber Security Today. It’s Wednesday September 4th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
I’ve been away for a week so am behind in the latest events. Here’s a roundup:
If you haven’t been told by now, those who have accounts with Foxit Software for using the Foxit PDF reader need to reset your passwords when you log in. That’s because there’s been a data breach. Email addresses, real names and phone numbers are among the information stolen.
Also breached was XKCD, a web comics platform. According to The Hacker News, it is believed attackers access some 562,000 usernames and email addresses as well as scrambled passwords. The site’s forums have been offline for several days until administrators are sure they’re secure. Meanwhile subscribers are being warned to change any passwords for other sites where they use the same or a similar one they used on XKCD.
Attention parents: Canada’s privacy commissioner has released a couple of activity sheets to help you talk to your children about privacy. They are in the form of games, like Privacy Snakes and Ladders, and Learning About Passwords, which challenges kids to create a strong eight-character password by filling in the blanks. To get them, hit this link to the Privacy Commissioner of Canada website.
The ability to connect personal devices like cars, refrigerators, TVs and such to the Internet may give useful capabilities. But these so-called smart products, which often require you to set up an account with the manufacturer, also come with security risks. That’s what one American found after he returned a bunch of Philips smart lightbulbs. According to a Twitter thread from this guy, the company merely put the WiFi-controlled bulbs back online and sold them to a woman. However, he didn’t delete his Philips account, which was linked to the lightbulb and would be used for updates. As a result even though the new buyer created her own account the Internet platform was sending him messages on his account for her with personal information, like her name and email address. So the lesson is if you return any Internet-connected device you’ve registered — or resell it yourself — make sure to delete your online account. A Philips official says the product should have been reset by the company when returned before being put back for sale to prevent this.
Here’s a worrying report: Criminals have stolen more than $1.5 million from customers of a German bank by cloning their Mastercard debit cards and cashing out customers’ fund in Brazil. This despite the fact that the cards had special chips that are supposed to protect them from being copied. According to the ZDNet news service, the German bank said only 2,000 customers were affected. All have had the stolen money replaced. One expert interviewed said banks have to do a better job of detecting suspicious transactions, like a card issued in one country but being used to suddenly withdraw funds in another. Apparently security on chip cards has to improve as well.
Finally, for those who use the Firefox browser, version 69 was released Tuesday. It disables Adobe Flash video and slide show player, which has been used by hackers for years as a way to attack computers. The browser now always asks user permission before activating Flash on a website. The new version also includes a feature that blocks tracking cookies left by third parties.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon