Podcast Episode Details
Back to Podcast Episodes
Google Chrome Zero-Day, Facebook Phone Number Privacy, NSA Phone Data Collection Program
This is your Shared Security Weekly Blaze for March 11th 2019 with your host, Tom Eston. In this week’s episode: a new Google Chrome Zero-Day, how Facebook uses your phone number, and the shutdown of the NSA’s phone data collection program.
Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Google announced last week that a patch released on March 1st for the Google Chrome web browser was actually to fix a zero-day vulnerability that has been under active attack. The vulnerability, which is known as a use-after-free bug, is a type of memory error which can allow malicious code to escape Chrome’s built in security sandbox and will allow commands to be ran on the local operating system. This particular vulnerability was found in what’s known as the “FileReader API” that allows web applications to read the contents of files within a user’s computer. Google updated their original post about the patch to indicate that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix”. This is, of course, done to prevent malicious actors from accessing details on how the vulnerability works so that it cannot be replicated. As always, ensure you keep your web browser of choice updated. In fact, all modern browsers have a nifty auto-update feature. The Chrome browser will show you a “green, orange, red” three dot indicator at the top right of your browser. If its green, an update has been available for 2 days, if it’s orange, 4 days, and if it’s red, 7 days. Click on the three dots and simply click “Update Google Chrome”. If you don’t see this button or any color indicators, you’re at the most current version. Our advice is to take a minute now to ensure you’re using the latest version of Chrome.
First up in Facebook news last week was the controversy with how Facebook uses your phone number. The Electronic Frontier Foundation said that phone numbers in Facebook, which happen to be used for two-factor authentication, have the privacy setting set to searchable by “Everyone” as the default. In fact, Facebook only gives you the choice of “Everyone”, “Friends of Friends” and “Friends” which means there is no option to opt-out. Facebook is essentially forcing us into a trade-off between the security of two-factor authentication and privacy of our phone number. Keep in mind, back in April of last year, Facebook did remove the ability to search for a user by entering a phone number or email address in the Facebook search bar but it did not disable the ability for someone to search for you when they upload a list of their contacts, which happens to have your phone number in it.
In other Facebook news, a report from the Guardian shows that Facebook targeted politicians around the world, promising various forms of investments and incentives so that they would lobby on Facebook’s behalf against data privacy legislation. This was all made public via a brand new leak of internal Facebook documents. And if that wasn’t e
Published on 6 years, 9 months ago