This is the Shared Security Weekly Blaze for August 13, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!
Show Transcript
This is your Shared Security Weekly Blaze for August 13th 2018 with your host, Tom Eston. In this week’s episode: Facebook and your financial transactions, Smart Home security and critical HP printer vulnerabilities.
The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, this is Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
The Wall Street Journal reports that Facebook is asking large banks to share customer information and financial records so that they can potentially offer financial services via Facebook Messenger. The proposal from Facebook includes getting access to bank customer’s card transactions, account balances as well as information on where customers are spending their money. In return for customer information, Facebook will provide banks with access to Facebook user information, which may be lucrative to a large bank looking to sell and target their services to existing and new customers. Facebook has said that they would not use any information provided by banks for targeted ads and would not share this data with third-parties. This news comes as Facebook is still conducting damage control on their public relations after the infamous Cambridge Analytica scandal where the personal data of approximately 87 million Facebook users was harvested without user consent.
My take on this story is that Facebook needs to find new and innovative ways to collect user data which in turn allows companies to use the Facebook Platform to give you, guess what, more ads. We all know how Facebook makes money and that’s through your data being used to sell you more stuff. It should be no surprise then that Facebook is looking to get into the social financial business recently made popular by PayPal’s Venmo app. Haven’t heard of Venmo? Venmo is an application which allows social sharing of financial transactions. Venmo itself has been also in the news recently for the ease of which anyone can publicly view the financial transactions of anyone using the app. This is because all Venmo transactions are made public by default. This past July a savvy developer created a Twitter bot called “@VenmoDrugs” to showcase any financial transactions related to drug deals, sex or alcohol. The developer eventually removed the Twitter account after being the center of some controversy and news reports, but it does demonstrate that there is money to be made with an app that allows transactions to be public by default. Venmo won’t be the last app that will monetize the social sharing of financial transactions and it seems Facebook doesn’t want to be the last.
Have you recently sold your home or moved into a home that has smart devices like thermostats, lights, cameras, alarm systems and other “Internet of Things” devices installed? Have you thought about resetting or changing the passwords that would allow access to those devices? Smart-device security, especially in a home that is being sold or if someone is moving out because of a domestic abuse situation, is being reported as a large problem that many people are now dealing with. For example, it can be very common for an ex-husband to leave a home due to a pending divorce but still have access to all the smart-devices like lights, cameras and even thermostats. This can lead to abuse of this technology and causing real privacy concerns, especially with victims of domestic abuse. In regards to new homes we all know that whenever you purchase a home, that had a previous owner, you should always change the locks, garage and alarm codes and anything else that the previous owner had knowledge of. But if you happen to inherit smart devices as part of the purchase, you need to make sure you reset these devices back to default to ensure any previous access is removed. For other domestic situations, it’s advisable to reset any Internet of Things devices as well ensure you have administrative access to these accounts or disable or change passwords as necessary. With the increase of smart-devices in our homes we need ensure we add smart devices to the list of things to secure whenever our living situations change.
Do you own an HP Inkjet printer? If so, you may have to patch your printer due to recent critical vulnerabilities that were identified by security researchers in approximately 166 different models of HP Inkjet printers. These models include popular OfficeJet, DeskJet, Envy, as well as DesignJet and PageWide Pro printers. HP states that these two vulnerabilities would allow an attacker to create a file that can be sent to the printer to cause a stack or stack buffer overflow allowing remote code execution. Check out our show notes for details from HP to see if your specific printer is vulnerable and to learn how to update your printer if affected.
So, you may be asking yourself…why should I care about printer security anyway? Well, printer security is something that is often overlooked since it’s a device that does a very simple task which is printing a document for us. However, most printers these days are multifunction, meaning, you can scan, print, fax and connect to various cloud based services to retrieve and save documents. Most modern printers also allow you to print to your home printer from any Internet connection and sometimes allow this access by default when you first set up a new printer. If your printer happens to be accessible to the entire Internet and you allow files to be uploaded, an attacker could compromise your printer which would allow a foothold into your home network. This type of attack vector is much more serious for businesses that may be using their printers in this way. Especially if your business requires printing and storing of sensitive or confidential information. Check out our show notes for this episode for links to articles on printer security best practices.
That’s a wrap for this week’s show. Be sure to follow the Shared Security Podcast on all the regular social media channels like Facebook, Twitter and Instagram for frequent posts, commentary and updates. If you have feedback or topic ideas for the show you can email us at feedback[aT]sharedsecurity.net. First time listener to the podcast? Please subscribe on your favorite podcast listening app such as Apple Podcasts or on our YouTube channel. Thanks for listening and see you next week for another episode of the Shared Security Weekly Blaze.
