Security Alerts: Meta, Mastodon and Windows 8.1 Finally Retiring

Tis the season for...increased security risks. Not exactly how the saying goes, but unfortunately, this time of year the threats to data privacy and security can be increasingly dangerous. There are several reasons this happens, for example, we usually purchase more - both online and in-store, we are typically more distracted and in a greater hurry, and hackers are opportunists who try to take advantage of these changes in our patterns.

This post discusses a recent Meta threat, an averted threat to Mastodon, and the end of security updates for Windows 8.1.

Security Alerts: Meta, Mastodon and Windows 8.1 Finally Retiring

Meta

Last month Meta fired some contractors they used to support their products because these contractors were reportedly abusing their access. Meta let them go because these contractors were sharing information about user logins and other information that ultimately helped third parties take over some user accounts.

The tool the contractors used was originally created by Facebook to help certain Facebook users regain access to their accounts if they were having problems logging in. Unfortunately, this tool was used by the contractors for malicious purposes and ultimately led to them being fired.

The takeaway: This is a perfect reminder of how you can spend a great deal of effort and focus on preventing users outside of your company from gaining physical or digital access to items, tools, and accounts they should not have, but you can never forget inside threats. It is just as important to consider the threats that come from those with internal access. Users on the inside of your network, whether employees or contractors, introduce a great deal of risk to your organization.

There are several different types of threats that come in a variety of forms. Some threats are to a physical location, others are digital, but it is important to remember that anyone can present a threat, intentionally or not.

Mastodon

Logo for the Mastodon app via Wikipedia.

Mastodon, what some are calling a replacement for Twitter, recently averted a password stealing threat. How this vulnerability works is beyond the scope of this post, but luckily Mastodon's core software was not vulnarable to the threat and they have already updated their app. Additionally, users who had two-factor configured were never at risk!

Anytime you install a new app or create an account on a website, it is important to question the safety and security of the company behind it. When a company is new, and expands fast, this is often the time when its security is most tested. This is because more users are on the system which can tax its resources, in addition to the fact that any time a new app becomes popular, hackers pay more attention to that app knowing there is a treasure trove of data available if they can gain unauthorized access.

The takeaway: Anytime you create a new account, always use different credentials than accounts you use elsewhere. This is necessary to protect other accounts if there is ever an issue with that application. Additionally, it is worth saying that you NEVER want to recycle the credentials you use for email accounts. For the reasons why, check out our post discussing how important it is to never reuse an email password.

The end of Windows 8.1

January 10th, 2023 is the last day Microsoft will provide security updates for the Windows 8.1 operating system. This means if you are using a device running Windows 8.1, you will want to upgrade the operating system or replace the device as quickly as possible. This is a 10-year old operating system, so most users should have moved away from it by now, but often times people hang on to older devices.

The most common reasons users hang on to a device running an older operating system are because upgrading may prevent them from continuing to use the application. This happens with expensive legacy applications that:

  1. Do not play well with newer operating systems.
  2. Have not been updated in a long time.
  3. Are no longer supported by the company who created them.
  4. Were created by a company who has since gone out of business.

This leaves users with very few options, including large expenses to move to a new application, if they want to upgrade.

The takeaway: While it is impossible to know when a company may go out of business, it is important to choose one that is reputable and established where possible. This is especially true when you are choosing a software application that will have a large impact on your business. Keep in mind, any application you get may play a critical role in your business for many years to come. This means having support, which includes upgrades, for many years to come is important. In other words, choose wisely!

Recent security threats, including those by Meta contractors and against Mastodon have been remediated and/or addressed before being used, respectively. Additionally, Windows 8.1 users will want to upgrade their operating system before January 10th, 2023, when they will no longer receive security updates from Microsoft which puts their data and security at greater risk.

As always, being aware of current threats helps protect your data and privacy.