Data security Archive

Keeping hackers away from your Webcam and microphone

Article

Creative Labs LiveCam Connect HD Webcam

Software now exists so you can gain better control over your Webcam

How To Stop Hackers From Spying With Your Webcam | Gizmodo

My Comments

A privacy issue that is being raised regarding the use of cameras and microphones connected to your computer is the fact that malware could be written to turn your computer in to a covert listening device.

Those of us who use a traditional “three-piece” desktop computer and have a physically-separate external Webcam may find this an easier issue because you cam simply disconnect the camera from your computer. But the issue of your Webcam or your computer’s microphone being hacked to spy on you would be of concern for those of us who have the camera or microphone integrated in the computer as with portable or all-in-one equipment, or the monitor which is something that could be offered as a product differentiator by display manufacturers.

The simplest technique that has been advocated to deal with this risk is to attach an opaque sticker or opaque sticky tape over the camera’s lens. Some computer and monitor manufacturers have approached this problem using a panel that slides over the Webcam as a privacy shield. But you wouldn’t be able to control the use of your computer’s integrated microphone unless it had a hardware on-off switch.

Most of the mobile computing platforms require that newly-installed software that wants to use the camera, microphone, GPS device or other phone sensors have to ask permission from the phone’s owner before the software can be installed or use these devices. The Apple iOS App Store even vets software to make sure it is doing the right thing before it is made available through that storefront and this is also becoming so for software sold through the Google Play Android storefront and the Microsoft Store Windows storefront.

Lately there have been some software solutions written for the Windows and Macintosh platforms that allow you to take back control of the camera and microphone due to the fact that these regular-computer platforms have historically made it easier for users to install software from anywhere. But I would also suggest that you scan the computer for malware and make sure that all of the software on the computer, including the operating system, is up-to-date and patched properly.

One of these solutions is Oversight which has been written for the Macintosh platforms and can detect if software is gaining access to your Mac’s Webcam or microphone. It also can detect of two or more programs are gaining access to the Webcam which is a new tactic for Webcam-based spyware because it can take advantage of people using the Webcam for business and personal videocalls and record these conversations. The user has the ability to allow or block a program’s access to the Webcam or microphone.

For the Windows platform, a similar program called “Who Stalks My Cam” detects events relating to your computer’s Webcam such as software wanting to acquire material from it.  This has the abilities for you to stop a program that is using the Webcam running or to shut down the Webcam process. But there is also the ability to track processes that are running while the computer system is idle because some spyware processes can be set up to come alive when the system isn’t being actively used. The program even allows you to “whitelist” programs that you trust like over-the-top communications programs or video-recording software so that it doesn’t get in their way.

The ability to track usage of attached / connected cameras and microphones or similar hardware like GPS units by software running on your computer will end up becoming part of a typical desktop/endpoint security program’s feature set as people become concerned about the use of these devices by spyware. This is in conjunction with operating systems also hardening access to devices that can be used to spy on their users by implementing software certification, sandboxing, privileged access and similar techniques.

It is definitely another threat vector that we are being concerned about when it comes to data security and personal privacy.

Send to Kindle

Celebrity gossip sites–attractive to malware distributors

Articles

Who Weekly celebrity-gossip-magazine Web site

Be sure you stick with trusted news sites when you are after celebrity gossip

The most dangerous celebrities to look up on Google | BGR.com

Searching for celebrity news on Google can be dangerous for your computer | Panda Security

Malware parasites feed on PerezHilton.com gossip fans | BBC News

My Comments

An issue that has been raised is that searching for the latest news and gossip about a celebrity can be risky for your computer’s security. Panda Security even described it as being of risk to a business’s computer systems because office workers would do it during slow times in their workday. It is though this activity is still today’s equivalent of looking through the gossip magazines at the supermarket checkout or in the doctor’s waiting room.

This is because the Internet has made it easier to push up “fly-by-night” gossip Websites that are laden with malware and have these advertised.

Online ad - to be respected like advertising in printed media

Ads on sites like here need to be secure to obtain the same respect as magazine ads

It is also because there is a weakness that exists in the online advertising marketplace is that ad networks and publishers don’t subject the advertising that comes to these networks to thorough scrutiny on a safety perspective. This then allows online advertising to become a breeding ground for malware with such things as “malvertising” where scripted ads are used to “push” malware on to users’ systems. This is a topic I have raised because I am wanting to see the rise of a quality online ad marketplace that has the same level of respect as the advertising seen in traditional print media.

A similar situation happens whenever a new album or movie featuring a popular entertainer is released because sites and torrent files would pop up claiming to offer the material for free. To the same extent, this could include offers of “exclusive” photo, audio and video material relating to the content or its performers for free. The same thing also can happen with surveillance, personal-album or similar material that features celebrities in compromising situations and ends up being “leaked” to the public arena. Again these sites and the torrent “file-of-files” available to download would be a minefield of malware files if you aren’t careful.

The situation becomes worse during the time surrounding entertainment-industry awards events, the release of new headline content featuring the celebrities or whenever there are major personal events affecting these people such as new relationships or relationship breakups. The articles cited that people involved with the Hollywood entertainment scene are more likely to be targeted with fly-by-night malware sites, malvertising attempts and similar skulduggery. but I also would place at risk of this treatment the British Royal Family or past and present popular Presidents of the United States.

What can you do?

  • Make sure your regular or mobile computing device is running the latest version of the operating system and you are using the latest version of the Web browser(s) and other software that you surf the Web with. It may also be a good practice to run an up-to-date version of a desktop / endpoint security program which can scan for flaky links and files.
  • Most importantly, think before you click! When you are searching for information about a particular show, recording or star, get it “from the horse’s mouth” – go to the publisher’s or broadcaster’s site that relates to what you are after. Also visit the online presence of the mastheads that you know and trust when you are after the celebrity or entertainment-industry news. Examples of these would be those magazines available at the supermarket checkout
  • But be careful about anyone offering links to resources that are too good to be true, especially where words like “free” and “exclusive” are bandied around. These sites are the ones that are the malware traps.
  • You may find that using tools like search engines or browser plugins that verify Websites’ reputation may be of assistance when it comes to staying away from flaky Websites.
  • As for online advertising with sites that are suddenly popular, be careful about following through on these links or make sure you are using desktop security software to protect your computer against malware.

Conclusion

You can engage in the digital equivalent of browsing the gossip mags safely as long as you are sure of the resources that you are heading towards and don’t fall for the bait.

Send to Kindle

EU wants to establish a security baseline for Internet Of Things

Article

Netgear DG834G ADSL2 wireless router

The security of network connectivity equipment is now in question thanks to the Krebs On Security DDoS attack

The EU’s latest idea to secure the Internet of Things? Sticky labels | Naked Security Blog

My Comments

The European Commission wants to push forward with a set of minimum standards for data security especially in context with “dedicated-function” devices including the “Internet Of Things” or “Internet Of Everything”. This also includes a simplified consumer-facing product-label system along with a customer-education program very similar to what has taken place in most countries concerning the energy efficiency of the appliances or the nutritional value of the foodstuffs we purchase.

This issue has been driven by a recent cyber attack on the Krebs On Security blog where the “Mirai” botnet was used to overload that security blog, the latest in a string of many attacks that were inflicted against data-security journalist Brian Krebs. But this botnet was hosted not on regular computers that were running malware downloaded from questionable Internet sites, nor was it hosted on Web hosts that were serving small-time Websites running a popular content management system. It was based on poorly-secured “dedicated-function” devices like network-infrastructure devices, video-surveillance devices, printers and “Internet Of Things” devices that had their firmware meddled with.

Nest Learning Thermostat courtesy of Nest Labs

… as could other Internet-Of-Things devices like these room thermostats

There will be issues that concern how we set network-enabled equipment up to operate securely along with the level of software maintenance that takes place for their firmware. A question always raised in this context is the setup or installation procedure that you perform when you first use these devices – whether this should be about a “default-for-security” procedure like requiring an administrator password of sufficient strength to be set before you can use the device.

But I also see another question concerning the “durables” class of equipment like refrigerators, televisions, building security and the like which is expected to be pushed on for a long time, typically past the time that a manufacturer would cease providing support for it. What needs to happen is an approach towards keeping the software maintained such as, perhaps, open-sourcing it or establishing a baseline software for that device.

Manufacturers could be researching ways to implement centralised simplified secure setup for consumer “Internet-Of-Things” devices along with maintaining the software that comes with these devices. This could be also about working on these issues with industry associations so that this kind of management can work industry-wide.

But the certification and distinct labelling requirement could be about enforcing secure-by-design approaches so that customers prefer hardware that has this quality. Similarly, a distinct label could be implemented to show that a device benefits from regular secure software maintenance so that it is protected against newer threats.

It usually just requires something to happen in a significant manner to be a wake-up call regarding computer and data security. But once a standard is worked out, it could answer the question of keeping “dedicated-purpose” computing devices secure.

Send to Kindle

Be careful about USB memory keys left in the letterbox

Articles USB memory keys press picture courtesy of Victoria Police

Police warn of malware-laden USB sticks dropped in letterboxes | The Register

Crims place booby-trapped USB drives in letter boxes | IT News

Don’t plug it in! Scammers post infected USB sticks through letterboxes | Naked Security (Sophos blog)

From the horse’s mouth

Victoria Police

Press Release

My Comments

An issue that is being raised concerning data security is people loading data from USB memory keys that they don’t expect.

This has been used as a way to distribute malware to businessmen at conferences because these thumbdrives, like floppy discs and optical discs, have been accepted as a way to distribute conference content or “electronic brochures” and added to participants’ “show-bags” handed out at these events. The typical method of delivering a malware-laded USB stick was to abandon it at the venue, hotel or “watering-hole” bar and it would inspire people’s curiosity to pick up this memory key, plug it in to their laptop and load up what was on the stick.

Newer iterations of the desktop operating systems i.e. Windows or MacOS have made it hard to allow one to run a program off a USB memory key by default. Similarly, most of the desktop security software would implement removable-media scanning routines to automatically check for malware on a USB stick or other removable media. But there have been some USB thumbdrive variants which have had the firmware altered to run keystroke macros or meddle with network settings.

This situation has now been found to occur in a personal-computing context in some of the outer south-eastern Melbourne suburbs like Pakenham. This was where USB memory keys were left on households’ mail boxes and these thumbdrives were full of malware including fraudulent content-streaming offers. Infact Victoria Police even encouraged Australian householders who received these thumbdrives in their mailbox to contact Crimestoppers Victoria by phoning 1-800-333-000 or using the online form.

But the common security advice to deal with USB memory keys that you didn’t expect to receive is not to insert them in your computer. If you do expect to receive one of these sticks such as them being in a show-bag from a vendor or you receiving conference material on one of them, make sure that you have your operating system and desktop security software patched and updated.

Send to Kindle

Avoiding a mess-up with your small business’s or community organisation’s IT

Lenovo ThinkPad Helix 2 connected to Wi-Fi hotspot at Bean Counter Cafe

Make sure you know where you stand with your small business’s or community organisation’s IT software and services

A very common situation that can come about with a small business that is starting out or a community organisation that is running with a handful of core volunteers is that you can end up with a messy information-technology situation.

Typically this happens because the people who are behind the organisation typically buy the hardware, software and services out of their own pocket, assuming that the organisation is running on the “smell of an oily rag” with very minimal funds. This situation affects organisations in the religious, charitable or voluntary sector where they want to spend as little on office-related or capital expenses as possible so the money that comes in is focused on the organisation’s raison d’etre.

What can happen especially with software is that the it ends up being licensed in the name of the contributor or volunteer while a service like Web-site hosting and domain-name renewal is paid out of a member’s or volunteer’s personal funds and managed in the name of that member. In the case of operating systems or other software that are furnished with donated computer hardware, the software can also be licensed in the name of the donor rather than the beneficiary and no procedure takes place to technically and legally transfer this ownership.

Then you can end up with issues like software piracy and non-compliance or a service being paid for by someone who has left the organisation then you don’t know where that service is going or whom the computer software should be in the name of. You also have the issue of where the organisation legally stands when it come to using the service and this can also place the continuity of that service in doubt.

Do you know the organisation’s legal entity?

Here, you have to know how the business or organisation is legally referred to and represented. This includes a business, company or other legal name that represents the organisation as well as its trading or other “public-facing” name. Typically, the organisation’s legal name may be written out in any stationery associated with its bank account.

Software

Make sure that any software that the organisation uses is bought in the name of the organisation, If someone wants to donate a program to the organisation, they need to either donate the program’s value to the organisation as cash through the normal paths like a church’s offering plate or basket. Or they could buy the software as an unencumbered package using their funds and hand the software package over to the organisation.

Some “buy and download” software providers may allow you to register a copy of the software in one name while allowing you to pay using a credit card or PayPal account in a different name. This measure is typically provided to allow one to give the software as a personal gift.

Services

Increasingly business IT is being focused towards the purchasing of services like Web hosting, domain names and the like, with a an increasing amount of IT functions like software suites being sold “as a service”. Typically this involves someone having to pay for the service on a regular basis.

Payment for the services

What these organisations can do is to maintain a business debit card based on a major payment-card platform and drawing from the organisation’s funds. The organisation adopts strict usage and accounting procedures with establishing payments using this card and uses it primarily for paying for business services that can only be paid with a major payment card. On the other hand, they could make sure that the service they want to engage can accept a standing direct-debit order as the payment method. Anyone who wishes to donate the cost of a service could do so through a cash payment to the organisation in the usual payment path.

Whose name is the service under?

As for these services, make sure that they are registered or set up in the name of the organisation. For example, a domain name’s WHOIS data must reflect the name of the organisation and whoever is in executive position. For organisations who have a home as their office, it may be better to supply a mailing address like a PO box or a mail-drop; or use the shopfront’s address as a mailing address if they do operate a long-term physical shopfront.

Login details and user accounts

All login details like usernames and passwords associated with these services have to be known to authorised personnel currently in that organisation. This could be achieved through either a paper document or electronic-form document file that is on a USB memory key which has to be kept in safe storage on the organisation’s premises like a safe. Here, you could use a “secure” USB memory key which uses encryption and password security for this purpose and keep the password for that in a separate envelope. This list of passwords needs to be updated every time these passwords are changed and they should be changed regularly such as whenever people leave the organisation.

You may find that it is better to use multiple user accounts for these services so you can add and remove users easily and allow these users to determine their login parameters. The multiple-user-account setup also gives you the benefit of limiting what privileges a user’s account has, so that the privileges reflect the expected job function for the account-holder But the administrator password for these services needs to be kept on the above-mentioned organisational password list that is to be kept in safe storage.

Similarly, you may find that the multiple-user-account setup that a service uses may work with single-sign-on so that the credentials are verified with a third-party platform like Microsoft.com, Google or Facebook with the service receiving the “all-clear” in the form of a token. This may be OK to pursue if the employee or volunteer agrees to using the account associated with one of these platforms as part of single sign-on.

Conclusion

Once your small business or community organisation has their software and services properly under their own umbrella, they can make sure that they know where it stands through the life of the software and services rather than dealing with a dog’s breakfast.

Send to Kindle

August responds to its smart lock’s security weaknesses by patching its software

Article August Smart Lock press picture courtesy of August

IoT manufacturer caught fixing security holes | The Register

Here’s what happened when someone hacked the August Smart Lock | CNet

My Comments

The Internet Of Things, along with network hardware focused at consumers and small businesses, has been considered a thorn in the side of people who are involved with data security. This is because of a poor software-maintenance cycle associated with these devices along with customers not installing new software updates for these devices.

Recently, at the DEFCON “hack-a-thon” conference in Las Vegas, a few of the smart locks were found to have software weaknesses that made them vulnerable.

But August, who makes one of these smart locks which are retrofitted to existing “bore-through” single-cylinder tubular deadbolts, answered this issue in a manner that is considered out-of-place for the “Internet Of Things”. Here, they issued software patches to rectify these security issues and offered them as a user-downloadable firmware update.

What is a sad reality for a lot of these devices is that the manufacturer rarely maintains the firmware that runs these devices, if not at all. Some manufacturers think that this practice is about having to “add functionality” to these devices which they would rather do with subsequent models or product generations. But this kind of updating is about making sure that the software ecosystem associated with the product is secure and stable with all the “bugs” ironed out. Similarly, it is also about making sure that the product is complying with industry standards and specifications so as to work properly with other devices.

August uses the latest iterations of their smartphone apps to deploy the firmware updates to their products, typically requiring that you place your phone with the app running near the door that is equipped with these locks.

The computing security industry and computing press congratulated August on responding to the security weakness in its products through a firmware update with “The Register” describing it as being beyond the norm for the “Internet Of Everything”. But they wanted more in the form of them disclosing the nature of the threats in the lock’s firmware in a similar manner to how Microsoft, Google or Apple would disclose weaknesses in their operating-system software.

This issue also is something that is applying to home-network equipment like routers, along with toys and games that connect to the Internet. What is being called out for is a feedback loop where bugs and other software deficiencies in all these devices are called out and a simplified, if not automatic, in-field software-update process takes place whenever newer firmware that answers these problems is released. This also includes the manufacturers disclosing the security issues that have been found and explaining to customers how to mitigate the risks or update the affected software.

Send to Kindle

More malware being discovered for the Macintosh platform

Article

Apple MacBook Pro running MacOS X Mavericks - press picture courtesy of Apple

Even Apple Macintosh users need to keep secure computing habits

Mac Malware Opens OS X Backdoor to Attackers | Tom’s Guide

My Comments

A lot of Apple Macintosh users have jumped to this platform based on an initial fact that there was very little malware written for it. But now, as more people are using Macs, they are becoming a target for malware including some “backdoor” software which weakens the MacOS’s defences against other malware.

This time, what was being called out was a Trojan-horse program that pretends to be a file-conversion program, the kind of program that is easily downloaded in a hurry.

Keep your Mac’s operating system and software patched and updated

A good practice regarding keeping your Mac secure, as with other computing platforms, is to make sure that the MacOS operating system is up-to-date with all the patches that Apple releases. This is because Apple may have released bug-fixes or remedied exploits that have been discovered in your version of the MacOS operating system.

Preferably, I would recommend you have this set up to work automatically so that when you are connected to the Internet via Wi-Fi or Ethernet, your Mac is kept updated and patched.

You can set this up to be performed automatically by going to [Apple] – [System Preferences]. Then you go to the App Store panel if you have one of the newer versions of MacOS (Yosemite onwards) then check the boxes for “Automatically check for updates” and “Download newly available updates in the background”. This will then make the “Install OS X Updates” option available which you should check.

For Macs that run prior versions, you would still go via [Apple]-[Software Update] and set the appropriate options to automatically patch your version of MacOS X.

You can manually update and patch your Mac by visiting the App Store if you are in Yosemite or newer versions and tick off all of the software that needs updating in the Updates panel. For prior operating systems, you would need to visit the [Apple]-[Software Update] menu and click the option to download and install the latest patches for your Mac.

You can still visit the Updates panel in the App Store and go through all the apps that need updating so you can be sure they are up-to-date. If you have software that isn’t delivered via the App Store, use its interface or the software developer’s Website to keep it up-to-date. This is also important because older versions of application and other software can carry bugs or exploits.

This is something you should do when you switch your Mac on if you haven’t used your Mac or haven’t connected it to the Internet for a significant amount of time, such as with a secondary-use MacBook or a Mac that you use as part of multi-platform computing.

Upgrade your Mac’s operating system if you can

It may be worth upgrading your Mac’s operating system to a newer version if your computer can handle it. In most cases, you can update the system for either pennies’ worth or for free. Here, you could check the App Store or Apple’s website regarding newer operating systems for your Mac.

The main advantages that these new operating systems offer encompass system-wide hardening including the availability of the Mac App Store where the software is verified before it is made available.

Make sure you download software from reputable sources

For all computing platforms, one requirement for safe and secure computing is to obtain computer software from known reputable sources.

In the case of the Macintosh, either download new software from the Mac App Store where the software is verified or from the website of a trusted and known developer. Even when you obtain software from the Mac App Store, check the quality of the software by looking through the reviews that are posted about it and checking the reviews also for other software offered by the same developer. I have written an article about obtaining software from app stores because there has been a risk of them turning in to the equivalent of bulletin boards and download sites that host poor-quality software.

When it comes to software delivered in a packaged form, avoid the temptation to install from anything unless you have bought it yourself from a reputable dealer.

Consider desktop-security software for the Mac

This may sound foreign to Apple Macintosh users but you may also find that it may be worth considering the installation of a desktop-security / endpoint-security program on your Mac. It is more so if you or others who use your Mac are not astute when it comes to downloading software or handling the Internet.

Most of the developers who have written these kind of programs for the Windows-based computers have now written versions of these programs for the Macintosh platform because of the rise of threats against this platform. Like with Windows, the better desktop-security programs also offer protection against Internet-borne threats such as site-reputation checking, content filtering, and spam filtering. Similarly, better-quality software runs in a manner that doesn’t impinge on your Mac’s performance.

Conclusion

Like other computer platforms like DOS / Windows, the Apple Macintosh needs its users to be careful about keeping their computer and data secure. This includes keeping the operating system up-to-date along with being sure about what software you have on your computer.

Send to Kindle

ISPs another vector for tech-support scams

Article

Tech support scams target victims via their ISP | BBC News

Fraudsters impersonate victims’ ISPs in new tech support scam | Graham Cluley Blog

My Comments

Previously, as I have known from close friends’ experiences, there have been the fake tech-support phone calls claiming to be from Microsoft or another major software vendor. This was with me congratulating a person who wasn’t computer-literate immediately hanging up on one of these calls along with someone else asking another of these scammers for their Australian Business Number (equivalent to a VAT number in Europe).

These scams have evolved to a pop-up message pretending to be from one of the major software firms but asking them to call a number listed on that message. Typically this comes in the form of a virus or pirated-software alert as the message and some of these messages even appear on the lock screen that you normally enter your password.

Now the messages are appearing to come from ISPs, typically the ones who have most of the Internet business in the US, UK and Canada. But this is about the ISP detecting malware on the customer’s system with a requirement to call a fake customer-support number.

In this case, they identify a customer’s ISP based on a “spy pixel” ad on a site infected with malware or a “malvertisement”. The ads are typically served through large ad networks offering low-risk advertising products. This is used to identify the customer’s “outside” or WAN IP address which effectively is the same for all computers accessing the Internet from the same router.

Here, most residential and small-business Internet services have this IP address automatically determined upon login or at regular intervals and is obtained from a pool of known IP addresses that were assigned to that ISP to give to their customers. There is logic in the malware used to identify which ISP a customer is with based which IP address pool the IP address is a member of.

In these cases, call the ISP using the number they have provided you for technical support: typically written on their own Website which you should type in the URL for; written on any documents that you receive from them like accounts or brochures, as part of doing business with them; or by looking them up in the phone book. As well, don’t give any account numbers or personally-identifiable information to unsolicited approaches for technical support that you are not sure about.

But in all cases, you are most likely to initiate the call for personal or business tech support yourself when you need this support because you know your computer and network and how these systems perform. Typically you will approach one of the computer experts in your community, your workplace’s IT department if they have one, or your computer supplier for knowledge or assistance.

Send to Kindle

You could enable your existing computer for Windows Hello

Article

USB accessories add Windows Hello capabilities to any PC | Windows Central

My Comments

Lenovo ThinkPad Helix 2 connected to Wi-Fi hotspot at Bean Counter Cafe

You could be soon able to equip your existing laptop or 2-in-1 with the same kind of fingerprint scanner as the Lenovo ThinkPad Helix 2

An increasing number of business-focused Windows laptops are being made ready for Windows Hello which is the password-free login ability that Windows 10 offers. This allows for facial recognition or fingerprint recognition as an alternative to keying in that Windows password.

But what if you have that tower desktop, all-in-one or existing laptop that has no RealSense camera or fingerprint reader. Normally, you would think that you were cut out of this feature.

At the Computex 2016 “geek-fest” in Taiwan, there were two aftermarket USB accessories that bless these computers with Windows Hello login abilities. One of these is a webcam that is compliant to Intel RealSense specifications which opens up the path for facial recognition, while another of these is a USB fingerprint-reader dongle that is very similar to a Bluetooth or wireless-peripheral-transceiver dongle and plugs in to the side of a laptop computer.

These peripherals would be a step in the right direction for small businesses and consumers if they were sold at reasonable prices and were made available at most electrical stores, computer stores and the like, rather than just being sold to value-added resellers that cater to big businesses.

A solution I would like to see especially for desktop users or people who set up primary workstations would be a fingerprint reader integrated in to a keyboard or mouse. This could be offered as a differentiating feature for business and gaming peripherals. Similarly, a standalone desktop fingerprint reader could be offered as a way to have your existing workstation or “gaming rig” working with Windows Hello. Similarly, a fingerprint reader could be offered as a “short-form” device that can be integrated in to the PC cases that tend to modified by gaming enthusiasts.

Similarly, more manufacturers and resellers could contribute to this class of device in order to allow more of us to benefit from Windows Hello.

Send to Kindle

Cleaning up online advertising: Google and Bing make life hard for undesirable advertisers

Article

Advertising of predatory financial services

Google Will Start Banning All Ads From Payday Lenders | Mashable

Advertising of online tech-support scams

Bing brings in blanket ban on online tech support ads | Naked Security

My Comments

Google clamps down on advertising of predatory financial services

An issue that has caused a lot of concern with the Global Financial Crisis is the existence of predatory sub-prime financing services like payday and other short-term loans. This issue has been raised as a civil rights issue as well as a consumer-protection issue because predatory lending occurs more with disadvantaged communities and the kind of loan products charge exorbitant amounts of interest.

Google has attacked this issue by prohibiting payday and similar lenders from advertising through their Adwords search-advertising platform. As far as I know, it doesn’t affect any of Google’s display advertising services like Adsense or Admob. This follows similar action that Facebook had taken concerning their online advertising platform, with both these companies being the biggest online advertising platforms encompassing both their own properties and the ad networks that serve other publishers and mobile app developers. It is part of Silicon Valley’s reaction to contemporary issues of concern like civil rights.

This will effect the advertising of loan products that are due within 60 days or have an interest rate of 36% or more in the USA. But the issue that may surface is whether Google will apply this rule to their display advertising networks and if other online advertising services will follow suit and apply it across their products.

Bing clamping down on online tech-support scams

I have given a fair bit of airtime on HomeNetworking01.info about the online tech-support scams due to hearing from people in my community who have had near misses with these scams.

This typically manifested in the form of the phone calls that people received from someone pretending to be the tech-support team associated with a respected IT or telecommunications name, stating that the user’s computer has a virus or something else is wrong with the user’s computer hardware or software.  But they lead you to establish a remote-access path to your computer so they can “fix” the perceived “problem” or “threat” for a fee, with these scammers making off with a large sum of money or installing software of questionable provenance and relevance on your computer.

Most of us have become aware of these scams through the various customer-education efforts by the IT community and consumer-protection organisations, encouraging us to seek IT support from people whom you know and have met in person like your business’s IT department or the IT experts in your household, family or community.

This has led to computer users not answering these calls or simply hanging up when they receive those calls. Now the scammers’ MO has changed towards cost-per-click Web ads or popups that flash up warning messages saying that your computer has problems and instructing you to call a toll-free number. This plays on the fact that you are seeking a problem to be rectified by placing that phone call.

Bing Ads, which is part of Microsoft’s Bing search platform, have banned the advertisement of third-party tech-support services because of the quality issues that are affecting end-users’ data safety. There has been an unintended consequence from this ruling which has made it hard for honest IT-support providers to advertise their services on that platform.

Conclusion

I see it as one of many efforts by the online advertising industry to clean up its act and gain the same level of respect as traditional advertising but there could be a more uniform approach to the problem of questionable online and mobile advertising.

The only way I see this coming about is for the industry to adopt a code of practice with conformance being indicated to end-users, publishers, content-filter software and others through distinct trademarks and symbols. This could address issues like advertising that is allowed, the kinds of ad contracts offered including the tenure of these contracts and the kind of payment received, due-diligence requirements, and liaison with law enforcement, customer protection and other authorities.

Send to Kindle