March 4, 2019

YouTube disables comments on millions of videos of children

By Lisa Vaas

On Thursday, YouTube announced on its creator blog that it’s disabling comments on millions of videos featuring minors, in response to reports that creeps are leaving disgustingly sexual comments on videos featuring kids doing things like yoga or gymnastics, or playing games such as Twister.

As content creator Matt Watson had documented a week before, such comments sections had what he called a “wormhole.” Within as few as five clicks, you could find yourself in a “soft-core pedophilia ring” where child oglers leave sexual comments and connect with each other in the comments sections of innocuous videos featuring children, sharing contact information or, sometimes, links to actual child abuse imagery.

The news caused a mob of advertisers to flee, as big brands such as Disney, Fortnite maker Epic Games, GNC and Nestle pulled their ads.

YouTube said on Thursday that over the prior week, the platform had disabled comments on tens of millions of videos that could be “subject to predatory behavior.” Over the coming months, it also plans to suspend comments on videos featuring “young minors” and those featuring older minors that “could be at risk of attracting predatory behavior.”

It’s not shutting down comments on all such videos: YouTube said that a small number of creators will be able to keep comments enabled, though they’ll be required to actively moderate comments and demonstrate a low risk of predatory behavior. YouTube says it’s going to work with such creators directly and hopes that their numbers increase as it works on improving its ability to catch violative comments.

Read more at https://nakedsecurity.sophos.com/2019/03/04/youtube-disables-comments-on-millions-of-videos-of-children/

TikTok to pay record fine for collecting children’s data

By Lisa Vaas

Video streaming app TikTok has agreed to pay a $5.7 million fine for allegedly collecting names, email addresses, pictures and locations of children younger than 13 – all illegal under the US’s Children’s Online Privacy Protection Act (COPPA).

This is the largest settlement ever handed down for violating the nation’s child privacy law, the Federal Trade Commission (FTC) said when it announced the settlement on Thursday.

TikTok, based in Los Angeles, merged with Musical.ly in 2018. The Musical.ly app allowed users to create short videos lip-syncing or dancing to music and to share those videos with other users. Beyond letting users create and share videos, the app also allowed users to interact with other users by commenting on their videos and sending direct messages.

80 million US downloads

TikTok is both massively popular and considered to be addictive. It originally launched in China in 2016, where it was known as Douyin (literally: “vibrating sound”). A year later, it hit the international market with its new name, TikTok.

Read more at https://nakedsecurity.sophos.com/2019/03/04/tiktok-to-pay-record-fine-for-collecting-childrens-data/

Is a Facebookcoin in the works?

By Danny Bradbury

Facebook, Signal and Telegram are all planning cryptocurrencies. But why these companies, why now, and will they be successful?

The New York Times published a round-up article looking at the cryptocurrency plans for these three companies, detailing reports that each of them is well along the road to creating its own coins. Facebook’s is the most secretive project.

CEO Mark Zuckerberg has been publicly expressing interest in cryptocurrency since at least January 2018, when he wrote it up in his annual mission statement.

In May that year, he appointed David Marcus, formerly head of the Messenger chat app, to run the company’s blockchain team. Marcus has a history in both fintech and cryptocurrency, having been president at PayPal and spending time on the board of directors at cryptocurrency payments company Coinbase. He resigned that position three months after taking the blockchain lead at Facebook.

Sources told Bloomberg in December that Facebook is reportedly working on a stablecoin, which is a digital currency pegged to a reliable real-world asset like the US dollar. Stablecoins look less like tradable assets that speculators hope will skyrocket in price, and more like proper currencies used to drive everyday transactions. The cryptocurrency would reportedly enable people to transfer money on the WhatsApp messaging system, focusing first on the remittance market in India.

Read more at https://nakedsecurity.sophos.com/2019/03/04/coming-soon-to-a-messaging-app-near-you-facebookcoin/

Anomaly in pen-test tool made malware servers visible

By John E Dunn

For four years, a security company was able to track command and control (C&C) traffic generated by several well-known hacking groups thanks to a tiny anomaly in a penetration-testing tool.

This news emerged in a write-up by Fox-IT, which described how in 2015 one of its researchers spotted a small ‘whitespace’ error in HTTP responses from the ‘beacon’ NanoHTTPD-based web server that can be implanted inside a target network as part of a tool called Cobalt Strike.

Cobalt Strike is a legitimate pen-testing tool used to simulate adversaries in red team testing scenarios. Unfortunately, in recent years it’s also acquired a following among cybercriminals who use it after first breaking its copy protection.

It’s a ready-made platform that gives an adversary (legitimate or otherwise) a foothold through which they can control sideways movement in the network and serve payloads from the comfort of a GUI.

However, the harmless and almost imperceptible whitespace flaw allowed Fox-It to turn this communication into an Intrusion Detection System (IDS) fingerprint which let its analysts see public Cobalt Strike servers.

That remained true until early January, when Cobalt Strike v3.13 finally noticed and fixed an issue which Fox-It believes has been in the software since 2012.

Read more at https://nakedsecurity.sophos.com/2019/03/04/anomaly-in-pen-test-tool-made-malware-servers-visible/

The Momo Challenge urban legend – what on earth is going on?

By Mark Stockley

Some ideas are so good at getting people to spread them that they go viral.

There doesn’t have to be any design, purpose or merit in an idea to make it spread. It doesn’t have to be good, interesting, helpful, useful or true, in fact it can even be a very bad, even harmful, idea. All it has to do to spread is trigger our urge to share it with others.

One way to do that is to trigger the deep, primal urge inside parents to protect their children (and the deep primal urge within online news outlets to scare parents for clicks). And, over the last week or so, that’s exactly what an idea called the Momo Challenge has been preying upon.

This article is about why you shouldn’t worry about the Momo Challenge, how we got here, and what we can usefully take away from this situation.

I’ll start by looking at what the Momo challenge is and isn’t.

What is the Momo Challenge?

The Momo Challenge is a modern equivalent of a campfire-side horror story.

Its fifteen minutes of infamy began with a story about a “haunted” WhatsApp account with the name Momo and a very creepy picture of a woman’s distorted face for an avatar.

Read more at https://nakedsecurity.sophos.com/2019/03/01/the-momo-challenge-urban-legend-what-on-earth-is-going-on/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation