Is Facebook Really Listening to you? Maybe…

Is Facebook Listening to you? Can you stop or prevent it?

People commonly post stories about how they talked about some product or service, and then suddenly started seeing advertisements for it on Facebook. While there are lots of stories about this happening, they are always based on conjecture and are simply speculation.

In a conversation with some friends a few YEARS ago, I believe not only did I prove this was happening, but I also think that I figured out how to prevent it.  Read more

New Facebook Vulnerability Found

I’m documenting this here since I could potentially need further documentation on this matter in the future.

A friend of mine (one of the people in the stable of assets Corry Area Consulting can utilize for large projects) reached out to me this morning and asked if I had ever seen a certain behavior on Facebook.com before. I had not. I went ahead and tested it myself. I confirmed the issue is legitimate. We tested an array of operating systems, browsers, and settings, and we were able to reproduce at will what we believe to be a critical flaw in Facebook’s security.

We have submitted a report via https://www.facebook.com/whitehat and in accordance with Facebook’s responsible disclosure policy we will publish no further details on this matter any time within the next 30 days, unless the issue is fixed before then. We hope to provide some more information on this exploit in the future, and sincerely hope that Facebook addresses this concern quickly.

Spectre? Meltdown? What can I do?

Have you been hearing about “MELTDOWN” and “SPECTRE” security exploits lately? What does it all mean? These are flaws in the methods computers use to protect your security while working on your computer. Essentially, for several years now, computers have used something called Address Space Layout Randomization to make it harder to attempt to “hack” a program that might be running on your computer (you don’t know how to target something if you can’t find it). To do this, operating systems like Windows, Linux, and Mac OS relied on code that resided inside the CPU of your computer, in the hardware itself. It turns out that the “random” numbers aren’t as random as once thought, and can now be deciphered.

One researcher showed an example on Twitter of how you can easily decipher a password in real time if you can find the address space to target a specific application:

It’s not hard to picture this being exploited, instead of as seen on screen in the GIF above, to a secret text file hidden on the computer, logging all of your keystrokes and passwords and the things you copy and paste, or even the results returned from a website after you log in. Almost anything could be logged and then sent quietly over the internet to someone else’s computer.

 

What you can do

January 9th, 2018 cannot get here soon enough – that’s when Microsoft intends to release its patches to the world to address these exploits, particularly the one called “Meltdown.” I wouldn’t even be surprised if Microsoft panics and releases an update out of cycle this weekend. Either way, next week: UPDATE YOUR COMPUTERS. This goes for 64-bit Windows 7, 8, 8.1, and 10. If you have 32-bit Windows, no patch is available and none has yet been developed. But keep checking, and if you have a 64-bit version of Windows, which you most likely do if you bought your computer in the last 10 years, just run Windows Update and install the latest fixes when they’re available. If you have a Mac / MacBook, make sure you have High Sierra 10.13.2 (the December 6th patch that also fixed the Root user access vulnerability). You simply need to check for updates in the app store to update MacOS. Linux users, you should apply the KPTI (formerly KAISER) patch.

The fallout

“Meltdown” targets specifically Intel CPUs; it has already and will receive many patches, and these patches will be further fine tuned. Right now they can lead to a loss in performance, but your average user shouldn’t notice much of a decrease in speed during their day-to-day activities.

“Spectre” will also target AMD and ARM brand CPU’s; what that means to you is that almost every single tablet and phone out there has an ARM CPU inside of it. Samsung phones. iPhones. Other Android and Windows Phone devices. They’re all vulnerable. The good news is that “Spectre” is much harder to exploit. In simplest terms, it’s more of a probe than the highly focused laser that is “Meltdown.” This would be used more for targeting specific people, than just broadly out there infecting random computers. While software and hardware vendors may release updates for your devices which will harden against those attacks, the long-term solution is going to require new hardware – and it’s my understanding that as of this posting, none on the market is immune to both of these attacks.

Just keep your systems hardened against attacks by keeping them up to date, whether they are a Mac OR a PC. That is your best course of action at this time.

Quick Tech Support: Disable Favorites Bar in Edge

So, Microsoft just turned on a “new feature” in the Microsoft Edge web browser that is built in to Windows 10. It allows you to pin your favorite websites across the top of the browser. Or, if you’re like me, you can turn it off, because it just showed up randomly and it didn’t do a very good job of explaining what it was – it looked like an annoying tip and not a new feature!

 

We’re Legal!

LegitIt’s official. Corry Area Consulting, LLC, was officially incorporated by the Commonwealth of Pennsylvania’s Department of State on 11/30/2017. I received the paper in the mail just yesterday.

 

As much as this is a new business venture, it’s also a whole new experience for me as a first time entrepreneur. I may occasionally use this “blog” section of the website to simply talk about the things I’m learning along the way.

 

Thanks for the support of friends and family, and for the trust instilled in me by my earliest clients.

Quick Tech Support: What is WMM?

For almost two full decades, I have had a website where I offer tech tips and advice, as well as using it for everything from movie and music reviews to talking about video games. Some of the videos I produced for that website are extremely informative, so I will occasionally share them here!

Today’s video is about demystifying a non-descript setting found in your household wireless router.

 

Quick Tech Support: Why you should never “Copy and Paste, Don’t Share” on Facebook

For almost two full decades, I have had a website where I offer tech tips and advice, as well as using it for everything from movie and music reviews to talking about video games. Some of the videos I produced for that website are extremely informative, so I will occasionally share them here!

Today’s video is about a common tactic used on Facebook that could be used to target you or contribute to the spreading of misinformation or “fake news.” Protect yourself from looking silly online, or worse!

 

%d bloggers like this: