UNM4SK3D: Dark Net, Vizio, and Homeland Security

#hacked

“Hello, Freedom Hosting II, you’ve been hacked.” That’s the message visitors to any of the 10,000 affected websites that were a part of a Dark Web hack received recently. So, it seems Anonymous isn’t afraid to pwn their peers. Talk about a very, very tangled web.

The Dark Web is hosted using the Tor network, which is designed to hide the identities of its users. Freedom Hosting II is the server that hosted the Tor pages, and those pages aren’t indexed by mainstream search engines, so it serves as a hub for illegal online activities. Among the illegal activities being conducted, 50% of the sites contained child pornography. This is said to be the motivator that led one Anonymous member to take them down, in what is apparently the hackers first hack, according to an interview with Motherboard. Looks like the Dark Web just got a little lighter.

In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database, one that is said to contain 381,000 email addresses. Thousands of them are rumored to have .gov extensions, although none have been verified at this time. The hacker’s statement read “We are disappointed…This is an excerpt from your front page ‘We have a zero tolerance policy to child pornography.’….We are Anonymous. We do not forgive. We do not forget. You should have expected us.” But the attack was far from expected. If anything, it shows that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge. It also points to the danger of concentrating resources in a central location.

I think the new pattern is going to be [that] as vulnerabilities are revealed on the open Web, people are going to go to the Dark Web and see if there are any sites with those same vulnerabilities -Tim Condello, technical account manager and security researcher, RedOwl

Various illegal enterprises have lured all kinds of people into the underground network. Read ‘Curiosity of the Dark Web and Its Dangerous Effects’ for a deeper look.

#acr

Have TVs become too smart for their own good? It’s a funny question to ask. That is until it was discovered that while you watch TV, your TV also watches you. Wait…what?

Big Brother has a new first name, Vizio. One of the largest smart TV makers has been caught secretly collecting consumers data through over 11 million smart TVs. What’s worse, they, in turn, sell this data to third-parties without your explicit consent. According to FTC, the smart TV maker installed data tracking software to collect viewing habits through its Smart Interactivity feature. In addition to viewing habits, they also tracked each household’s IP address, nearby access points, and zip code.

Is there a bright, less creepy side to this? Well, sort of. Vizio has agreed to pay a $2.2 million fine to settle the lawsuit. There’s also a way to check if you’re being spied on, and to change the setting if so. Open Vizio TV’s settings menu or directly open HDTV Settings app and check if options under “Automated content recognition (ACR)” are ON. Turn this setting to OFF immediately!

The data tracking software reportedly worked by collecting a selection of on-screen pixels every second your TV was on, and then compared that data to a database of known movies, television shows, and commercial commercials, and another type of video content. This practice is known as automatic content recognition (ACR) -The Hacker News

If you’re concerned in what other ways smart TVs are tracking your data, read this thought provoking article ‘Consumer Carelessness Leaves Sensitive Data in Returned Devices.’

#socialmedia

Border security has been major news lately. And in the latest wave, it’s been said that US embassies could ask visa applicants for passwords to their own social media accounts in future background checks.

This comes as many social media privacy policies, including Facebook’s, state in not-so unclear terms, “You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.” Which we’d say is just common sense. From Homeland Security’s perspective, this access may be a necessity in an effort to toughen vetting of visitors to screen out people who could pose a security threat.

Homeland Security Secretary John Kelly, while stressing no decision had been made on this proposal yet, also stated that tighter screening was definitely in the future, even if it means longer delays for awarding US visas to visitors. In a subsequent quote, he said “But if they come in, we want to say, what websites do they visit, and give us your passwords. So we can see what they do on the internet…If they don’t want to cooperate, then they don’t come in.”

The Immigration and Naturalization Act (INA), the body of law governing current immigration policy, provides for an annual worldwide limit of 675,000 permanent immigrants, with certain exceptions for close family members

Social media, like security, has many dimensions. Read ‘The Many Faces of Social Media’ to get a sense of them all.

#factbyte

The cyber security readiness study commissioned by insurance provider Hiscox, which involved 3,000 businesses, shows that 30% of companies in Germany, 36% in the U.K. and 55% in the U.S. already have cyber insurance.

#certspotlight

As you know, an understanding of networks is the foundation of a career in IT. Network Devices is one aspect which solidifies your knowledge in networking and allows you to work hands-on with a variety of essential equipment, furthering your cyber security career and providing a valuable skill set that will always be in demand.

Network devices are components used to connect computers or other electronic devices together so that they can share files or resources like printers or fax machines. Your network is comprised of many different types of devices, and all of them must be properly configured, hardened, and managed to ensure a smooth operation and optimal security.

The Network Devices Micro Certification course will strengthen your knowledge of switches, routers, firewalls, proxies, management networks, centralized authentication, and SIEM devices.

When you earn it, share your accomplishment with the Cybrary team by using #showmycert on Twitter.

This issue of UNM4SK3D was originally posted on the Cybrary.it blog and has be republished with permission. To access the original version, click here.

Olivia Lynch (Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.