Facebook changes algorithms but denies allegations of anti-conservative bias

The following article appeared in the Telegraph on 25 May, 2016

Mark Zuckerberg

Facebook on Monday said it was making changes aimed at keeping political bias out of its “trending” stories list even though an internal investigation revealed no evidence it was happening.

“Our investigation has revealed no evidence of systematic political bias in the selection or prominence of stories included in the Trending Topics feature,” Colin Stretch, Facebook general counsel, said in a letter responding to a query from John Thune, Republican US Senator, who chairs the commerce committee.

“In fact, our analysis indicated that the rates of approval of conservative and liberal topics are virtually identical in Trending Topics.”

Facebook was unable to substantiate any specific accusations of bias made in media reports, which relied on anonymous sources, Mr Stretch said in the letter, a copy of which was made available by the leading social network.

“At the same time, as you would expect with an inquiry of this nature, our investigation could not exclude the possibility of isolated improper actions or unintentional bias in the implementation of our guidelines or policies,” said Mr Stretch.

“As part of our commitment to continually improve our products and to minimize risks where human judgment is involved, we are making a number of changes.”

Facebook updated terminology in its guidelines to be clearer and gave reviewers refresher training that emphasised content decisions may not be based on politics or ideology, the letter said.

The review team will be subject to more oversight and controls, and Facebook will no longer rely on lists of external websites and news outlets to assess the importance of topics in stories.

Headlines from an exclusive handful of media outlets like the New York Times will no longer be used to define newsworthiness of trends.

The company has also renamed two key tools to make it clear what they actually do: the “blacklist” tool which is used to remove certain topics from the Trending list will be called “revisit”.

The “injection” feature that allows manual insert or edit headlines will now be branded “topic correction.”

“We want people to be confident that our community welcomes all viewpoints,” Stretch said in the letter.

Mark Zuckerberg, Facebook founder, said last week that conservatives were an important part of the social network after a meeting aimed at defusing concerns it was politically biased.

“We’ve built Facebook to be a platform for all ideas,” he said on his Facebook page after a meeting at the company’s California headquarters to discuss the allegations about anti-conservative bias.

“It doesn’t make sense for our mission or our business to suppress political content or prevent anyone from seeing what matters most to them.”

Mr Zuckerberg called the meeting after technology news outlet Gizmodo a week earlier reported allegations that Facebook was deliberately omitting articles with conservative viewpoints from the sidebar that lists popular stories.

Allegedly suppressed topics relate to known conservative figures such as American news aggregator the Drudge Report, politicians Mitt Romney and Rand Paul.

Millions of LinkedIn passwords and email addresses published online

Here’s a good reason why you should grab a copy of our FREE eGuide on Computer SecurityHow to protect yourself and your company.

The following article originally appeared in Smart Company.

LinkedIn Passwords and Emails Published

LinkedIn has revealed millions of its users’ email addresses and passwords have been published online from a security breach that occurred in 2012.

The leak could affect more than 100 million LinkedIn users, according to the professional networking platform.

While LinkedIn took steps back in 2012 to reset user passwords it believed were affected by the original security breach, the social media giant is now taking further steps to invalidate the most recent passwords and accounts published online.

“We will contact those members to reset their passwords,” LinkedIn said in a statement.

“We have no indication that this is as a result of a new security breach. We take the safety and security of our members’ accounts seriously.”

LinkedIn is the third most popular social media platform in Australia, with more than 6 million users.

Small business owners also regard LinkedIn as the most effective social media platform, according to research.

Social media expert Dionne Lew, who trains executives on how to get the most out of LinkedIn, told SmartCompany small business owners need to be very conscious of online security when using social media.

“That includes setting strong passwords and changing them regularly,” Lew says.

“You don’t have to be a cyber security expert to know that good digital security hygiene is vital and should be a part of everyone’s practice.

“Be aware of the amount of hacking gong on and to do what you can as a user. Use long, complex passwords with a mix of numbers, symbols and [make sure they’re] not related to any personal details. And don’t reuse the same password across sites.”

Lew points out that when it comes to social media, online security is just as important as having engaging content.

“It simply has to be part of our DNA now that we think about digital safety,” she says.

“But also, we can only do so much as the users. The platforms are mainly responsible, but we need to do our part.”

Google updates Chrome to address security flaws

Google has updated Chrome to protect users from attacks that exploit security vulnerabilities in the widely used browser. Chrome version 50.0.2661.94 includes nine security fixes for vulnerabilities affecting the browser on Windows, Mac and Linux.

You are advised to review and apply the Chrome update immediately.

Attackers can potentially exploit software vulnerabilities to take control of computer systems, and gain access to sensitive personal information, including online banking details that can then be used to steal victims’ money or identities.

The IT Guru recommends that you automatically apply security updates when they become available. Automatic updates minimise the risk of you delaying or forgetting to apply an update, and restrict the ability of attackers to gain access to your computer and sensitive personal and financial data.


Ransomware, ransomware, ransomware…

Ransomware takes centre stage again this month as one Cybercrime monitoring group warns the Ransomware epidemic could become the ‘largest crime wave in modern history.’ Source

The Ransomware model only works if individuals or businesses don’t have backups of their data. If everyone had effective backups, no-one would have to pay ransoms and the Ransomware business would not exist. DNG Technology offers a simple, secure and cost effective Cloud backup service. Take a look at DNG StoreSafe.

Before the advent of Ransomware, there wasn’t any effective business model to generate income from malware. The introduction of untraceable financial transactions using Bitcoin and the completely anonymous and encrypted Tor network have made it far easier to demand and collect payments without being tracked down by ‘the law’. Cyber criminals are beginning to collect significant payback for their efforts and some of this money is being spent improving their tools. i.e. more advanced malware.

At the same time, malware distribution is becoming less specialised. You don’t need to be an expert hacker or coder to enter the Ransomware industry, you can buy what’s effectively a ‘starter kit’, complete with an advanced exploit kit and even a performance dashboard that shows active victims and infection statistics. Some even include a period of tech support from the authors.

The result of this increased accessibility is more malware from more sources more often so…
never open an email attachment you aren’t expecting and never click a link in an email for which you are not sure of the destination.

If you want to check if a link is safe, copy it then submit it to Virus Total (use the URL tab) here. If I’ve made you paranoid enough to not want to click on that link, search for ‘Virus Total’ using your favourite search provider.

Malware News

TeslaCrypt version 4.0 has appeared with tougher to break encryption and the ability to access even more of your PCs files and data. It also recruits infected machines to its ‘bot’ army to help it infect even more machines. TeslaCrypt, like many other currently active malware, uses the Angler exploit kit as part of its distribution strategy (exploit kits are explained in our February security update). So keep your system and applications updated or you will be exposed. Further information is available from Heimdal Security.

Petya, a new form of Ransomware appeared during March. Forget your garden variety Ransomware that is particular about which files it encrypts and which it leaves in-tact so your computer can still function, Petya doesn’t care about any of that, it takes out the entire computer by encrypting critical portions of the hard drive. In Russian, Petya means ‘stone’. I wonder if this is intended as a (not so) humorous reference to the concept of ‘bricking’ a device which literally means, making it as useful as a brick!

Once infected with Petya, the drive is modified then a reboot undertaken allowing the ransomware to load before any anti-malware can spot it. The Petya loader displays a fake check disk (CHKDSK) screen but in actual fact, it’s busy encrypting or re-writing parts of the drive.

At the time of writing, a couple of security researchers have provided a means to decrypt the drive, but this opportunity may not last long as the Petya authors are likely to update their malware to ‘plug the leak’. If/when this happens, there is no way to salvage the drive without paying the ransom (currently 0.9 Bitcoin or $500 AUD).

The SamSam file encrypter is delivered to machines connected to the same network as an infected application server (JBoss Java based web application servers have been targeted). Windows machines can be infected when users of those machines access their organisations internal applications which are served by the infected JBoss server. This particular variant of Ransomware has been targeting the health care industry in the US. Further information here.

Maktub locker is being distributed through an email phishing campaign but rather than the usual generic type of content, the emails used in this campaign are likely to include your name and address details, adding to their credibility. The document being distributed claims to be a Terms of Service update and indeed it looks to be one when opened. The file extension is actually .scr which is definitely not a document extension. Delete any messages containing attachments with .scr extensions.

Anti-malware Performance

Our managed anti-malware product, Guardian Managed Anti-Virus, built on Bitdefender Endpoint Security, has once again scored 100% detection rate in the latest round of Windows 10 AV testing by the independent AV Test organisation. This result places it in No. 1 position. Read the full report here.

Software Vendor Security Updates

Critical updates have been released this week by Microsoft and Adobe. Ensure your computers are up to date or subscribe to our Guardian service and we’ll make sure your machines are always up to date.