Facebook is Copying your Contacts

Finally upgraded my phone, and with it all apps including Facebook Messenger. Which really wants access to my contact list.

“Your contacts will be continuously synced with our servers.”

No no, and if you have little dossiers attached to a contact, bet those are copied too.

The app is aggressive, and about every 12th use it prompts.

Now begins the game of “it’s one slip of the finger and I accidentally hit okay…”

Then what, turn my phone off? That’s seconds, it’s likely done hoovering the list by now, or just pick up where it left off when the phone is turned back on.

Do you have a hard copy of your contact list?

Saved on a USB that’s tucked away safe?

How would you find your loved ones if you lost access to your account? Everything’s in the cloud and it fails? If your only copy of your contacts is stored in Facebook, please leave my blog.

Maybe it’s me. Maybe just give Facebook everything it wants, forget this all, and look at my new coat.

Blog tag = Facebook

 

 

Car Hacking Looks like This

Screenshots from the Black Hat presentation about the first remote hack of a passenger vehicle – a 2015 Jeep Cherokee (more here.)

It was these guys – Charlier Miller and Chris Valasek.

2 Biggest Takeaways for the Average Driver

1 – the attack they released no longer works

As of publishing of this post, the attack stopped working because Sprint closed the port they were using to enter the car (nice Sprint.)

If you own a Chrysler and were part of the 1.4 million recall, breathe a bit easier.

2 – update your car

This Jeep thing is a wakeup call – if your automaker issues an update, make it a priority. The industry is still in its infancy, the update will probably be inconvenient “pick up a USB from the dealership” DO IT.

Be mindful about how you connect your car to the internet (please never pair your car to public WiFi.)

From Black Hat 2015.

 

 

Good to Meet You Black Hat, I’m Keri

We’ve maybe met before, this is my 4th Black Hat as media. Media.

Because to be clear: compared to you guys I’m a baby, a script kiddie at best. I’m okay at OSCINT and SE, it ends there.

I’m an auto journalist with Sun Media, a Canadian newspaper chain. I write the news, car reviews and a weekly column – Keri on Driving – 400 words about whatever I want. For a sample, read my 150th Anniversary column.

Been starting to specialize in auto security, which is why I’m here.

Blog tag = Auto Security (34), and I run the security section of the newspaper here.

About my blog’s security section

I doubt this section would much interest you, I write for the end user. It’s more for like, a housewife in Iowa.

Like my Blackberry security video:

Please don’t hack me! Really, it’d be like picking on the kid at recess wearing a helmet.

I’ll leave you something
only this crowd will appreciate

Despite everyone rolling their eyes when I tell them, it’s maybe the thing about my blog I’m most proud of, more than it making through bank filters

…. my blog and I have been flown around North America, gained access to some amazing places and tested almost $10 million in cars…. ready….

… all without an About Page! Nor a LinkedIn! And I kept my last name offline for 5 years.

Tada!

Find me fastest on Twitter @KeriBlog, if you see me say hi, and have a great conference!

Keri

Blog tag = Black Hat

 

 

I’m Not Blogging This Week

I’m leaving for Vegas to be media at Black Hat – the premier international security conference. AKA the most hostile network in the world.

Best way to go online is to not.  I’ll be walking around with my phone OFF.

I don’t stand a chance against this crowd.

These are screenshots from a media email I received.

Here’s what I’m walking into:

1 – blog tag = social engineering 

2 – remember when this happened to me at the LA Auto Show? The USB -> EGO attack

3 – Blog tags – NFC and RFID

1never leave a laptop unattended

2 – see that, “by far…”  While I’m taking my laptop in case of an emergency at the newspaper, I have zero intention of opening it

3 – friendly reminder to change your passwords, because when was the last time you did?

***

TTY on Twitter @KeriBlog, and here when I’m back later this week.