Happy December! It’s hard to believe another holiday season is here. The joys of holiday festivities are coming up and the anticipation of a New (and hopefully much better) Year are upon us. Regrettably, the holidays normally cause a sharp increase in cybercrime. It will probably run rampant this time of year as it has in years past. Not to worry, however. We’ve broken down some recent cyber news, a good data protection strategy, and tips for staying ahead of the bad guys during the Holidays. Here we go!
Apache Log4j2: Shields up, red alert!
Last week, an attack on a previously-unknown vulnerability was discovered and made public. Two huge issues here:
1) The exploit code to take advantage of this vulnerability is available on the Internet for anyone to download, including cybercriminals.
2) The system that it attacks (Apache Log4j2) is in a huge number of things: from Minecraft (yes, that Minecraft) to VMWare of parts of Okta, this is being called the biggest cybersecurity issue in a decade, and it may well turn out to be.
For home users, stop playing Minecraft until further notice. For technology professionals, we have a long road ahead as patches come in from here, there and everywhere. You need to scan your environments for this vulnerability. You need to consider taking impacted systems offline for the time being. If your impacted systems are Internet-facing, TAKE THEM OFFLINE RIGHT NOW. Do not pass GO! Do not collect $200. For developers, start working to update to Apache log4j 2.15.0.
Some antivirus companies are claiming to already be monitoring for attempts to exploit this vulnerability, which is a positive. This is a developing story so please do your own research. Here are some good areas to start:
One-time use emails. Good idea? We may be onto something here.
Ever thought of ways to scam the scammers? Well, okay, they’re not scammers (depending on how you look at it), but they are companies that are trying to track your every move on the Internet. Not sure how to slow them down? Here’s an idea: use fake email addresses.
You might have used “anonymous” email addresses before. Have you ever bought or sold something on Craigslist? As a way to protect both buyers and sellers not just from data collecting companies but from scam artists and even potentially dangerous people, Craigslist set up an email system where in order to communicate with someone, you have to go through an email address that is generated by Craigslist. The email address is relayed to/from Craigslist, without either side knowing the real email address being used by either party. Without a real email address, no personal information is exchanged. No possibility of selling your email address to others. No chance of unwanted spam from this transaction.
There are several ways Big Tech keeps tabs on you, but one of the most prominent ways is by linking and tracking your page visits and shopping habits through your email address.
Consumer Reports columnist Thomas Germain outlined this in an article. He says when you use fake email addresses across several different companies, “That means companies won’t collect quite as much data on details such as your political views, shopping habits, work life, hobbies, and finances. And, as a bonus, using a fake email address can also cut down on spam.” Sounds like a Christmas miracle!
Turns out it would be quite a bit of work to create several different email accounts for all the things you would need them for. But, in a stroke of pure genius, a number of companies have done the work for you. “Sign In with Apple” and “Firefox Relay” are two such services that will help you create faux emails for all your consumer needs.
Until next month, stay safe!