New Episode Alert EP124

Why is eBay port scanning your computer? 😕

June 08, 2020

Weekly Blaze PodcastEpisode 124June 8, 2020

Minneapolis Police Website HackedZoom End-to-End EncryptioneBay Port Scanning

Wireless technology such as Wi-Fi, Bluetooth, and RFID are integrated into every part of our daily lives. In fact, because everything these days is wireless we can often take the security risks for granted. And if you're looking to have the ultimate peace of mind, you should strongly consider the use of a faraday sleeve. A faraday sleeve blocks all wireless signals which makes any wireless device completely undetectable. And using a faraday sleeve is so much faster than disabling the wireless on a laptop or smartphone. Just place your device in the faraday sleeve for instant protection. And if you want the very best faraday products on the market, then you'll want Silent Pocket. Visit

slientpocket.com

and check out their full line of faraday products and receive 15% off your order using discount code, "sharedsecurity".

Over 90% of individuals show risky behavior in handling potential phishing messages according to Click Armor's free

CanIBePhished.com self-assessment

. This engaging coronavirus edition of CanIBePhished.com can help identify your teams total vulnerability to phishing attacks that exploit the pandemic situation. So test your own vulnerability to phishing attacks for free now at

CanIBePhished.com

After Anonymous Promises Retribution for George Floyd’s Death, Minneapolis Police Website Shows Signs It Was Hacked

The city of Minneapolis Police Department's website

has been offline for the last week

because of a cyber-attack that may have been committed by the hacker collective known as Anonymous. Throughout last week pages on the website were requiring visitors to submit CAPTCHAs, which are used to mitigate denial of service attacks that will overwhelm a website with requests. Anonymous posted a video on Facebook back on May 28th specifically directed at the Minneapolis police accusing them of having a quote "horrific track record of violence and corruption." The video was released just as violence swept across the US as protesters clashed with law enforcement and the National Guard.

If you're not familiar with Anonymous, they are a loose collective of "hacktivists" which have been around since at least 2003, getting their start on popular message boards like 4chan. Since then, they've been involved in the shutdown of various government websites around the world and are also known for "doxing" where they have exposed personal details of people involved in many different high profile incidents. However, this doesn't mean that Anonymous members don't stay, well, Anonymous. Just last November, one person claiming to be a member of Anonymous, James Robinson, was

sentenced to six years in prison

for conducting a distributed denial of service attack on the Akron Ohio police and local government back in 2017. While it may be easy to blame the hack of the Minneapolis Police Department website on Anonymous because of a video posted, this herein lies the problem with being Anonymous. Anyone can claim to be part of this group to conduct attacks under their name.

Zoom to offer end-to-end encryption only to paying customers

Zoom recently announced that they will be bringing much needed end-to-end encryption to their popular video conferencing product in the near future,

but only for paid users

. Zoom CEO Eric Yuan said on a company earnings call last week that "Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose." Zoom said that they often have to fight abuse with the free version of their software as it seems people are using Zoom to conduct all sorts of illegal things where they try to hide their real identity by using fake email addresses and VPNs. This is why it's important for law enforcement to have access to the audio and video which end-to-end encryption would normally prevent. On the flip side, some privacy advocates argue that groups like activists, journalists, non-profits, and human rights defenders, who could greatly benefit from end-to-end encryption, may not have the money to pay for the paid version of Zoom. And let's not forget, the US government has been on a campaign as of late to force companies to build encryption backdoors into products like Zoom, or even force tech companies to eliminate plans for end-to-end encryption all together through things like the

EARN IT Act

. So I guess it goes to show that if you want better security in a "free" product like Zoom, you're going to have to pay for it.

eBay port scans visitors' computers for remote access programs

The other week a security researcher made an interesting discovery that

eBay was port scanning visitors' computers when they browsed their site

. This is actually true, and to the surprise of many people, is actually more of a common practice than we all thought. So why would a site like eBay be port scanning your computer? Well it comes down to preventing fraudulent bids and transactions. You see, eBay has had a huge problem for years with remote access programs like Team Viewer which have been used though compromised computers to conduct fraudulent transactions. Since almost all eBay users use a web browser to buy and sell on eBay, if an attacker can take remote control of a user's computer, they can leverage this to access eBay. In addition, there are many other types of malware that use network ports to conduct what are known as "man-in-the-browser" and other bot attacks that masquerade as real user behavior.

Now to many, port scanning your computer without permission is a very invasive tactic and does raise concern from both privacy and cybersecurity professionals. And it's not just eBay doing this. Last week it was reported that many

well-known websites are also using these same techniques

in what are called "fraud protection scripts" that port scan your computer. These sites include ones like Citibank, TD Bank, Ameriprise, Chick-fil-A, any many more. Now if this concerns you, and want to prevent these scripts from running in your web browser, you can block them with privacy plugins like

uBlock Origin

. Check out our show notes for a link for a list of popular websites that conduct port scanning on your computer and for details on how to block them.

MayMonthly ShowEpisode 100In episode 100 of our May monthly show we discuss the history of the podcast, some of the most interesting cybersecurity and privacy news and events over the years, and speak with former guest Rachel Tobac, CEO and Co-Founder of SocialProof Security, about what she's been up to and of course the David Lynch daily weather report!We also catch up with Kathleen Smith, CMO of ClearedJobs.net and CyberSecJobs.com to talk about the current cybersecurity job market, recruiting, and the one thing you need to stop doing with your resume.

Watch this episode on our YouTube Channel!

Thank you to our sponsor

Silent Pocket!

Take advantage of this exclusive offer and help support this podcast!

Visit

silent-pocket.com

to shop Silent Pocket's great line of privacy focused products.