ByBill Toulas-February 4 2020.358 Twitter apologizes to its user base after telling everyone that its Api was being manipulated by state-backed actors. A large number of Twitter users are believed to have their names connected to their phone numbers. The date of the attacks almost coincides with the moment a researcher discovered the possibility of Twitter’s Api being abused. We have recently discovered a problem that allowed bad actors to match a specific phone number with corresponding Twitter accounts. We resolved this problem quickly and we’re sorry it happened. You will read more about our investigation here: Twitter Support (@TwitterSupport) February 3, 2020 The functionality that enables the specific Api endpoint to exist is the mechanism that allows users to find people they know on Twitter using their phone number. This is of course only possible if a phone number has been inserted by the user so this incident affects this specific user group. If you didn’t provide your phone number to Twitter then you weren’t revealed. This vulnerability was introduced to the world by a researcher called Ibrahim Balic back in December after he managed to match 17 million phone numbers with Twitter user accounts. It just happens that the researcher was a day late compared to the malicious actors on Twitter who tried to do the same. Or at least that is what the social media platform right now tells us. What they are not telling us is whether or not, as a result of this exploit, any users have been compromised by how many they are and if they plan to notify them of the fact. If you are a Twitter user who has added their phone number to the website, it is recommended that you use this online form to answer any specific questions that you may have to the Data Protection Officer of Twitter. One thing to remember is that the vulnerability would also work for those who have allowed two-factor authentication via Sms so you might have been exposed if you provided your phone number for safety purposes. That said beware of any attempts at phishing and scamming as your phone number is now a useful resource in crooks ‘ pockets. Even if you use the same number on other sites to authenticate that 2Fa you are now at risk of getting Sim-swapped and losing access to these accounts. If that number can be replaced with a new and unspecified one. You Should Delete Data Permanently: Here’s How
BySydney Butler-January 31 2018.359 The technology world is moving fast. People buy new smartphones every 2 years, or even every year. We purchase flash drives from new laptops and generally have a merry time with tech. Once our machinery breaks down we throw out the old things and simply replace them. Landfills full of old computer equipment are pending (hopefully) recycling. The thing is that unless you’ve done things the right way, a whole lot of your private information will still be on all the gadgets you’ve thrown away. Yeah, including stuff you deleted. Someone with the right knows how to access private correspondence documents from your pictures, and more. Personally I purchased second-hand gadgets full of stuff that I really didn’t want to see. What can I do about it?
All data on a drive can almost certainly be lost if you know how. We’re going to look at two approaches out in the wild today for the two major drive technologies. All magnetic drives spinning-platter, and solid-state drives. Do not throw or share any of your current drives until you have provided
Securely Delete a Magnetic Drive.360.360 The best way to ensure that no deleted data is retrieved from a drive is to overwrite each single bit on the drive with the ones and zeros. You’ll have to get a piece of software to do the job. Many of them use the norm of wiping of the Us Department of Defense drive which should be good enough for most people. Boot and Nuke of Darik (Dban) comes highly recommended. It burns to a disk or flash drive, and without an operating system on the host machine you can boot straight there. Which makes it perfect for an old computer which is to be sold or given away. Just be warned that it can take a long time to get such a detailed and total drive wipe. The larger the drive the longer it takes. So make sure you get it done beforehand. Secure Erasing of an Ssd
.361.361 Ssds operates very differently with magnetic drives. They use non-volatile memory chips to store data and are becoming ever more popular as the price drops. While Ssds are much more robust and durable than the magnetic drives they suffer from destructive writing. What this means is that those memory modules wear out when the drive writes data to a field. After a number of articles, the part of the drive can’t be written to and reaches the end of its life. This overwrite location drive wiping program does not work correctly with Ssds due to this hardware-level control. But thanks to the Trim it is not too much of a problem. Trim will support all of the latest Ssds and operating systems. What the command does is inform the Ssd which parts of their stored data are now garbage. Then the drive should delete those sectors properly quietly. It’s not doing this because of worries about privacy which is just a bonus. This does this because it takes more time for an Ssd to delete and then write to a sector than simply writing to a blank drive field. Therefore, trim allows garbage collection to increase speed of movement. You should use disk encryption if you want to make sure the drive is absolutely unrecoverable. If you have an operating system that offers disk encryption (like Windows 10) then you can encrypt the entire Ssd and then format it. If not, use a third party software like CipherShed. If the data is recovered by some miracle then it will still be encrypted.
Physical Storage Destruction.362.362 If your old hard storage is disabled, the data must be permanently destroyed. Even from non-functional hard drives, specialist data recovery tools can be used to get information from. It’s not very likely but if Mr. Snowden is your name then it’s just common sense. And how’d you do that? Open up the hard drive case for mechanical drives detach the read / write arms and then take the shiny round disks. There might just be more. Then completely smash those platters with a hammer or other suitable device into small pieces. If you feel particularly suspicious you can dispose of the parts on the platter in different bags or places. Though there are more ways to destroy a hard drive, this is one process. What’s up with Ssd? Drilling holes or hammering an Ssd isn’t going to be quite comprehensive as these drives are more resilient to physical damage.A common sense phone or tablet says you need to do a factory reset before you sell or throw away. Nonetheless, as you might expect, this does not always erase everything so that it can never be found. You need to: Disable factory reset security on Android 5.0 and up devices Delete Google Accounts manually Remove vendor accounts such as your Samsung account if any, before you can actually get rid of your data on an Android device. Encrypting and then resetting your factory after deleting your manual password should be enough, but you can use wiping software to properly store your phone in the Google Play Store. Apple has actually done quite a good job here when it comes to iOs. There has been hardware encryption since iOs 5. If you have set a passcode then you’re good at protecting your data. When you reset a factory, the key will be gone and no one will get the information. Until resetting your iOs: Turn off “find my iphone” Sign out of all you can. The ton for the Apple iCloud accounts.
No Stone Unturned
Everyone seems to be concerned that big companies like Facebook will collect and sell our user data, but then they go and sell to a pawn shop an old laptop with incredibly sensitive documents thereon. This is a bit like people who don’t use online credit cards but don’t mind sending them to a waiter who can quickly copy the details. That is a bit misguided, in other words. It is important to carefully think about where your information is stored. Encrypting and password securing tools like flash drives and external hard drives. Using passcodes on mobile devices and trigger kill switches or available remote wipe facilities. Before you get rid of it, conduct proper cleans on data storage and you will sleep much better at night knowing your embarrassing photos won’t end up on the internet.A common sense phone or tablet says you need to do a factory reset before you sell or throw away. Nonetheless, as you might expect, this does not always erase everything so that it can never be found. You need to: Disable factory reset security on Android 5.0 and up devices Delete Google Accounts manually Remove vendor accounts such as your Samsung account if any, before you can actually get rid of your data on an Android device. Encrypting and then resetting your factory after deleting your manual password should be enough, but you can use wiping software to properly store your phone in the Google Play Store. Apple has actually done quite a good job here when it comes to iOs. There has been hardware encryption since iOs 5. If you have set a passcode then you’re good at protecting your data. When you reset a factory, the key will be gone and no one will get the information. Until resetting your iOs: Turn off “find my iphone” Sign out of all you can. The ton for the Apple iCloud accounts.
No Stone Unturned
Everyone seems to be concerned that big companies like Facebook will collect and sell our user data, but then they go and sell to a pawn shop an old laptop with incredibly sensitive documents thereon. This is a bit like people who don’t use online credit cards but don’t mind sending them to a waiter who can quickly copy the details. That is a bit misguided, in other words. It is important to carefully think about where your information is stored. Encrypting and password securing tools like flash drives and external hard drives. Using passcodes on mobile devices and trigger kill switches or available remote wipe facilities. Before you get rid of it, conduct proper cleans on data storage and you will sleep much better at night knowing your embarrassing photos won’t end up on the internet.