Sophos Cloud Optix
Your daily round-up of some of the other stories in the news
Facebook moves on ‘revenge porn’
Facebook has moved to tackle “revenge porn”, intimate photographs posted without consent, with tools to prevent those images being being shared once they’ve been flagged up to the social media company.
The California-based company said that it would use photo-matching technologies so that if a photograph that has already been identified as revenge porn and removed, another user wouldn’t be able to post it again: they’ll be told it violates Facebook policies and that they can’t share the picture.
Facebook’s announcement came as its attempt to challenge 381 search warrants was rejected by New York State’s Court of Appeals. Prosecutors had obtained the warrants in 2013 ordering Facebook to turn over the account details of people who were suspected of fraud. Facebook had argued that the warrants went too far by prohibiting the company from alerting their users to the warrants.
The court upheld a ruling in 2015 that it was up to the targets of the warrants to challenge them, not a third party such as Facebook.
Microsoft addresses privacy fears – again
Microsoft has launched another attempt to address concerns about the data it collects in Windows 10. Critics have been complaining since its 2015 launch that Microsoft’s telemetry collection is a privacy-sucking spying apparatus despite the allegation being refuted many, many times.
Microsoft has made many previous attempts to soothe those fears, and now “for the first time, we have published a complete list of the diagnostic data collected at the Basic level”, said Windows privacy officer Marisa Rogers and Terry Myerson, Windows chief, in a corporate blog post.
The more detailed information will be introduced in the Creators Update, which should start rolling out on April 11, and Myerson added that Microsoft has “reduced the number of events collected and reduced, by about half, the volume of data we collect at the Basic level”.
Security pros confess all about their passwords
When did you last change your passwords to Facebook, Twitter, Instagram, Snapchat etc? If you’re like just over half of the people surveyed by security company Thycotic, you probably haven’t changed them for more than a year – if at all.
The high proportion of people not changing their passwords was all the more surprising as the survey was done at the RSA conference in San Francisco – people you’d expect to be more than usually clued up about security.
The survey also found that the security professionals were disregarding their own advice about passwords, with nearly 30% of those surveyed saying they still used birthdays, pets’ names and their kids’ names for passwords.
If this has made you think again about your own passwords, here’s a reminder of how to choose a good password.
Catch up with all of today’s stories on Naked Security
Regularly changing your passwords is *NOT* recommended, and does not increase your security. And good passwords are not “chosen”; the only good password is one you can’t remember.
Use a password manager; have it generate a strong and unique password for each site; and only change the password if you think there’s a possibility that it has been compromised.
The FTC, the UK government, and security experts like Paul Moore (@Paul_Reviews) all give the same advice.
So if I Choose a password of r2d2&c3p0l0veo1L and I can remember it, that’s bad? I think not. More like they have low expectations of peoples ability to remember complex things without writing them down.
The trouble is, that’s still not entirely random, and computers are particularly good at finding slight modifications of non-random data.
Given the number of different passwords most people have to deal with, coming up with – and remembering – something that’s random, complicated, and unique for each site is impossible for most people. The chances are, unless you have an exceptional memory for random strings of characters, you’re going to end up using a variant of the same password on multiple sites.
Whereas, if you use a password manager, you can generate truly unique and random passwords for each site, and you never have to remember them.