Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"
Syndication feeds available

Safe Harbor is now EU-US Privacy Shield

February 3rd 2016 in safety and privacy on the Internet

“After months of intensive negotiations, today (February 2) the European Commission and the United States announced agreement on a new framework for transatlantic data flows: the EU-US Privacy Shield. This new framework will protect the rights of Europeans where their data is transferred to the United States and provide a path to legal certainty for […]

Read On No Comments

Malvertizing grows by 325% in 12 months

January 12th 2016

Yes, really, and it has far more dangerous than it used to be (think ransomware): http://www.pandasecurity.com/mediacenter/family-safety/all-you-need-to-know-about-the-worrying-popularity-of-malvertising/  

Read On No Comments

Malware on an LG Smart TV … maybe ….

January 12th 2016

Cite: https://www.reddit.com/r/Showerthoughts/comments/3zjl8p/ive_clicked_thousands_of_links_on_reddit_without/cymy89a You’ll see much arguing in the comments about whether the TV is infected with a DNS Hijacker, or if its just a web page pop-up/redirect.  While Smart TVs do have DNS controls, I have never heard of a webpage hosted malware changing TV managed DNS – its not as if Smart TVs are running Windows or OSX, […]

Read On No Comments

Microsoft only support IE 11 from now on

January 12th 2016

Well, it is already January 12 here in Australia… “Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates,” explains the software giant, in a post on its website. “Internet Explorer 11 is the last version of Internet Explorer, and […]

Read On No Comments

Oracle settles with FTC over “deceptive” security updates?

January 5th 2016

https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ. “In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not […]

Read On No Comments

Bugged electronic typewriters

October 14th 2015

Sure, it’s from the 1980’s, but gee it’s very interesting: https://www.nsa.gov/about/_files/cryptologic_heritage/center_crypt_history/publications/learning_from_the_enemy_the_gunman_project.pdf

Read On Comments Off on Bugged electronic typewriters

Sophos: Linux machines represented approximately 80% of the 178,635 newly malicious websites discovered during one week.

October 14th 2015

80%.  Really.  And here are the reasons they gave: Linux servers are preferred by budget cloud hosting providers for their low cost (free) and flexibility. These providers do not provide security services and largely cater to amateur web enthusiasts. Linux servers are undefended. Linux administrators and server operators have the perception that Linux is immune […]

Read On Comments Off on Sophos: Linux machines represented approximately 80% of the 178,635 newly malicious websites discovered during one week.

Malwarebytes reports on malvertising at dailymail.co.uk

October 14th 2015

Cite: https://blog.malwarebytes.org/malvertising-2/2015/10/angler-exploit-kit-blasts-daily-mail-visitors-via-malvertising/ And, it was being displayed on the home page of the site. Affected users were exposed to the Angler Exploit Kit and from there Cryptowall ransomware.  

Read On Comments Off on Malwarebytes reports on malvertising at dailymail.co.uk

Malvertizing getting in because of unpatched servers

October 9th 2015

Cite: https://nakedsecurity.sophos.com/2015/10/08/the-malicious-side-of-online-ads-how-unpatched-servers-hurt-us-all/ It’s hard to believe that an ad server could remain unpatched for *two years*.  Laziness, pure and simple.

Read On Comments Off on Malvertizing getting in because of unpatched servers