Be Careful What You Click On — Man-in-the-middle attacks disguised as Twitter “branding”.

Update 10/31/2016:

Today I came across another company doing the same thing. Look out for snip.ly links. They are also compromising your security and privacy.

Update 11/26/2016:

You have to remove Linkis from a desktop browser. The correct settings page doesn’t show up in a mobile browser or app.

This is something that we educators need to teach our students as a part of Digital Citizenship.

A disturbing trend on Twitter.

In the last several weeks I have become aware of an insidious, disturbing “service” called Linkis. Linkis.com man-in-the-middle attacks your browsing to inject their content into your stream. This violates your privacy allowing Linkis to track your browsing and modify what you see on pages  you visit.

Wikipedia describes man-in-the-middle attacks:

 “In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM attack or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.”

When contacting the people who have been using this “service” I found a disturbing trend, none of them knew that they were using it. That is right they had a service linked to their Twitter account (and possibly Tumblr) that was changing their posts without their knowledge.

How does this happen?

Linkis spreads like a virus. One person gets it but doesn’t notice the symptom of the changed link in their post. After all, with Twitter using link shortening sometimes the link changes for a valid reason. Then another unsuspecting person opens the link and when it opens it looks exactly like what they expected to find except for the URL and a box on the side of the webpage.linkis callout.png

 

Linkis then pops up a window that looks like this that can make you think that you need to click it to see the content you planned to view. If you click connect then it links to your Twitter account and you have caught the Linkis bug.

This slideshow requires JavaScript.

Once you have caught the Linkis bug then when you post a link in your tweets Linkis will replace the links in your tweets with their link. Anyone that clicks this link goes to Linkis’ site instead of the place you intended to send them and is vulnerable to accidentally adding Linkis to their account.

I figured out that I caught the Linkis bug, how do I fix it?

In order to stop Linkis you have to go into your Twitter, Tumblr, and other sites to deauthorize their access to your account. I also recommend that you report them to Twitter. The gif below shows how to do it and here are links to how-to videos on my YouTube channel. Remove Linkis from Twitter and Tumblr. Edit: 7/13/16 Videos embedded at the end of the post.

Remove Linkis

Please share this with everyone you know so that we can block Linkis from spreading. You might also think about contacting or tweeting to the Electronic Freedom Foundation (@eff) about Linkis and its man-in-the-middle attacks. The EFF is an organization that champions people’s privacy and security on the internet.

Video Tutorials (Added 7/13/2016)

(Crosspost) Digital Citizenship – Strong, Memorable Passwords

(Crossposted from my EdTechTeam Teacher Leader Certificate Portfolio  https://mcarlingoldbergtlcportfolio.wordpress.com)

It is 2016, as educators it is no longer enough to teach our kids how to keep themselves safe on the streets because so much of all of our lives takes place on the internet. Internet safety is one aspect of Digital Citizenship in which we must make sure that our students and children are fully fluent. One aspect of internet safety that I think is incredibly important for everyone, child or adult, to get behind and understand is the need for strong, memorable passwords.

Strong, memorable passwords that are unique to every situation are an absolute necessity in today’s world. Having weak passwords, especially if you reuse them in different places, is like asking someone to steal your identity, your money, even your safety as they get access to all of your personal data and accounts online.

Generally, most people do passwords very badly. Even those who actually try to have good passwords. One aspect of this is illustrated by the XKCD comic.

password_strength Source: https://xkcd.com/936/ (CC BY-NC 2.5)Read More »