 There are times when corporations lose their temper. Well, they're people too. In Microsoft's case, it's people and politics that are driving the company crazy. I'm quite used to hearing that Microsoft has annoyed someone. Usually, it's a Windows user who's angry about Redmond's keenness to slip unwanted products onto their screens. I was rather moved, then, to hear that Microsoft itself is enduring conniptions of the most fundamental kind. You see, the company recently commissioned research company YouGov to ask 5,000 registered voters about their innermost feelings. One or two deeply felt highlights emerged. 90% of respondents admitted they're worried every time they share their information online. 70% privately pointed their fingers at the US government. They said it isn't doing enough to protect their personal data. A similar 70% said they'd like to see the next administration enact privacy legislation. How do I know this made Microsoft angry? Well, these details come from a bracingly seething blog post -- published this week -- from the company's "Corporate Vice-President For Global Privacy and Regulatory Affairs and Chief Privacy Officer." Extraordinarily, we're talking about just one person with all those titles, Julie Brill. She doesn't think the US government is doing brilliantly. Brill tried to rein in her irksome. She began by talking about the importance of data in our new, more domestically confined world. She said: "Data is critical not just in rebuilding our economy but in helping us understand societal inequalities that have contributed to dramatically higher rates of sickness and death among Black communities and other communities of color due to COVID-19. Data can also help us focus resources on rebuilding a more just, fair, and equitable economy that benefits all." A fundamental problem said Brill is the lack of trust in society today. In bold letters, she declared: "The United States has fallen far behind the rest of the world in privacy protection." I can't imagine it's fallen behind Russia, but how poetic if that was true. Still, Brill really isn't happy with our government: "In total, over 130 countries and jurisdictions have enacted privacy laws. Yet, one country has not done so yet: the United States." Brill worries our isolation isn't too splendid. She mused: "In contrast to the role our country has traditionally played on global issues, the US is not leading, or even participating in, the discussion over common privacy norms." That's like Microsoft not participating in the creation of excellent smartphones. It's not too smart. Brill fears other parts of the world will continue to lead in privacy, while the US continues to lead in inaction and chaos. It sounds like the whole company is mad as hell and isn't going to take it anymore. Yet it's not as if Microsoft has truly spent the last 20 years championing privacy much more than most other big tech companies. In common with its west coast brethren, it's been too busy making money. Brill is undeterred. She tried to offer good news. Some states are taking the matter of privacy into their own jurisdictions. And then she offers words of hope that, to this reader at least, swim in baths of sarcasm: "There are also signs of real interest among some members of Congress." Real interest among members of Congress can often feel like real sincerity. You hope it's there, but you suspect it's not. Yet I sense Brill doesn't have too much hope in governmental action. So, spurred again by the company's research, she turned to the corporate world. "The YouGov study found that significantly more people believe companies bear the primary responsibility for protecting data privacy -- not the government," she said. Yet what do those companies do? They make privacy controls your responsibility, dear citizen. Full details are posted on OUR FORUM.  This underappreciated Android gem can protect your privacy and make your phone significantly more secure, but it's up to you to dust it off and use it. It's amazing how many useful Android features get buried in the operating system and then forgotten over time. When you stop and think about it, it's also kind of inevitable: With every passing year, Android grows increasingly robust and complex, as more advanced options make their way into the software. So it's only logical that certain elements will become out of sight and out of mind and get lost in the shuffle somewhere along the way. One such item jumped out at me the other day, triggering an immediate "AHAH!" in this rusty ol' noggin of mine as I remembered its existence and then scolded myself for forgetting to use it all this time. It's a little somethin' called Android Guest Mode, and it first showed up way back in the Android 5.0 (Lollipop) era of 2014. Guest Mode, in case you've also forgotten, does exactly what you'd expect: It gives you an on-demand way to switch your phone into a blank-slate-like state, where your personal apps, accounts, and data are all securely tucked away and you instead get an out-of-the-box-like experience, with only the basic preinstalled system apps in place. It's almost like an incognito mode of sorts, applied to your entire phone: All your regular stuff is gone, and nothing done in that environment has any impact on your standard smartphone setup. The implications for that are enormous. The biggest realistic threat with smartphone security, after all, isn't the coming invasion of scary-sounding malware monsters (which, as we've discussed to death 'round these parts, are more about sensationalism and security software sales than any pressing, practical danger). Nope — it's your own negligence and occasional lapse in judgment. And even if you take every possible step to protect your privacy and strengthen your phone's security, all it takes is a single, brief pass-off of your device to the wrong person to send all your best-laid efforts swirling down the drain. Whether we're talking about sensitive company data or your own personal photos, messages, and maybe even browsing history, it doesn't take long for the wrong set of eyes to see something they shouldn't — whether it's deliberate or by mistake. That's exactly the sort of slip-up Android's Guest Mode can prevent — and best of all? Once you remember that it's there, it's simple as can be to deploy. First things first, we need to make sure your phone is set up properly to support the feature, as it's often disabled by default these days. If you have a Samsung phone, unfortunately, you're out of luck here, as Samsung has for no apparent reason opted to remove this standard operating system element from its software. When you're ready to exit out of Guest Mode and get back to normal, just repeat the same first two steps from above — opening the Quick Settings panel and tapping the user profile picture — and this time, select "Remove guest" from the menu that comes up. That'll completely erase and reset everything that was done in that temporary profile and, once you put in your PIN, pattern, or password (or use biometric authentication), take you back to your own standard Android setup. A pretty useful possibility, right? The power's been right there at your fingertips all along — and now that you've got it activated and in the back of your mind, you can tap into it anytime the need arises. Visit OUR FORUM for more details and a guide on how to enable this privacy measure.
 Emotet diversifies arsenal with new lures to trick users into infecting themselves. In today's cyber-security landscape, the Emotet botnet is one of the largest sources of malspam — a term used to describe emails that deliver malware-laced file attachments. These malspam campaigns are absolutely crucial to Emotet operators. They are the base that props up the botnet, feeding new victims to the Emotet machine — a Malware-as-a-Service (MaaS) cybercrime operation that's rented to other criminal groups. To prevent security firms from catching up and marking their emails as "malicious" or "spam," the Emotet group regularly changes how these emails are delivered and how the file attachments look. Emotet operators change email subject lines, the text in the email body, the file attachment type, but also the content of the file attachment, which is as important as the rest of the email. That's because users who receive Emotet malspam, besides reading the email and opening the file, they still need to allow the file to execute automated scripts called "macros." Office macros only execute after the user has pressed the "Enable Editing" button that's shown inside an Office file. Tricking users to enable editing is just as important to malware operators as the design of their email templates, their malware, or the botnet's backend infrastructure. Across the years, Emotet has developed a collection of boobytrapped Office documents that use a wide variety of "lures" to convince users to click the "Enable Editing" button. But this week, Emotet arrived from a recent vacation with a new document lure. File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button (don't press it). According to an update from the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world. Per this report, on some infected hosts, Emotet installed the TrickBot trojan, confirming a ZDNet report from earlier this week that the TrickBot botnet survived a recent takedown attempt from Microsoft and its partners. These boobytrapped documents are being sent from emails with spoofed identities, appearing to come from acquaintances and business partners. Furthermore, Emotet often uses a technique called conversation hijacking, through which it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and adding the boobytrapped Office documents as attachments. The technique is hard to pick up, especially among users who work with business emails on a daily basis, and that is why Emotet very often manages to infect corporate or government networks on a regular basis. In these cases, training and awareness is the best way to prevent Emotet attacks. Users who work with emails on a regular basis should be made aware of the danger of enabling macros inside documents, a feature that is very rarely used for legitimate purposes. Knowing how the typical Emotet lure documents look like is also a good start, as users will be able to dodge the most common Emotet tricks when one of these emails lands in their inboxes, even from a known correspondent. For more detailed information visit OUR FORUM. |
Latest Articles
|