Meltdown and Spectre explained by xkcd
There’s not much we mere mortals can do about the latest microprocessor-based vulnerabilites, except ensure we apply security patches immediately.
Source: xkcd
How to prevent being 'cryptojacked'
The Opera web browser has joined Brave in allowing users to turn on ‘cryptojacking’ protection:
Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter? Your CPU suddenly working at 100 percent capacity, the fan is going crazy for seemingly no reason and your battery quickly depleting might all be signs that someone is using your computer to mine for cryptocurrency.For a very short period of time around five years ago I 'cryptojacked' visitors to my blog using JavaScript. Back then, Bitcoin was worth so little, and the slowdown for visitors was so great, that I soon turned it off.
Given the recent explosive rise in Bitcoin’s value, however, it would seem that cryptojacking is yet another thing to guard against online…
Source: Opera blog
Commit to improving your security in 2018
We don’t live in a cosy world where everyone hugs fluffy bunnies who shoot rainbows out of their eyes. Hacks and data breaches affect everyone:
If you aren’t famous enough to be a target, you may still be a victim of a mass data breach. Whereas passwords are usually stored in hashed or encrypted form, answers to security questions are often stored — and therefore stolen — in plain text, as users entered them. This was the case in the 2015 breach of the extramarital encounters site Ashley Madison, which affected 32 million users, and in some of the Yahoo breaches, disclosed over the past year and a half, which affected all of its three billion accounts.Some of it isn't our fault, however. For example, you can bypass PayPal's two-factor authentication by opting to answer questions about your place of birth and mother's maiden name. This is not difficult information for hackers to obtain:
According to Troy Hunt, a cybersecurity expert, organizations continue to use security questions because they are easy to set up technically, and easy for users. “If you ask someone their favorite color, that’s not a drama,” Mr. Hunt said. “They’ll be able to give you a straight answer. If you say, ‘Hey, please download this authenticator app and point the camera at a QR code on the screen,’ you’re starting to lose people.” Some organizations have made a risk-based decision to retain this relatively weak security measure, often letting users opt for it over two-factor authentication, in the interest of getting people signed up.Remaining secure online is a constantly-moving target, and one that we would all do well to spend a bit more time thinking about. These principles by the EFF are a good starting point for conversations we should be having this year.
Source: The New York Times
Edward Snowden wants to help you use your Android smartphone to protect yourself
Since 2013, Edward Snowden has been advising people and creating software. The Haven app he’s been working on l interesting, and given I’ve got a spare Android smartphone, I might try it in my home office!
Designed to be installed on a cheap Android burner, Haven uses the phone's cameras, microphones and even accelerometers to monitor for any motion, sound or disturbance of the phone. Leave the app running in your hotel room, for instance, and it can capture photos and audio of anyone entering the room while you're out, whether an innocent housekeeper or an intelligence agent trying to use his alone time with your laptop to install spyware on it. It can then instantly send pictures and sound clips of those visitors to your primary phone, alerting you to the disturbance. The app even uses the phone's light sensor to trigger an alert if the room goes dark, or an unexpected flashlight flickers.Source: WIRED
Update: more details in an article at The Intercept