Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

New security steps for linked Skype and Microsoft accounts

November 23rd 2016

I received a spam message via Skype today from a person who I normally think of as too sophisticated to do something silly like re-use passwords.  And heard of another person who had also been compromised, but had absolutely no idea how it may have happened. I learned as part of my research into what may […]

Read On No Comments

Google Chrome extensions sold and adware/tracking behavior added without notice

November 8th 2016

This morning I have read about four extensions, all of which have now been removed from the Chrome Store and which should have been automatically disabled if installed to Chrome: “Live HTTP Headers”, “Tab Manager”, “Appspector” and “Give Me CRX”. The common thread is the extensions started injecting code into webpages pointing to “s3.eu-central-1.amazonaws.com/forton/*****.js”.  The goal […]

Read On No Comments

Web of Trust (WOT) scandal

November 7th 2016

Originally reported in Germany (http://www.ndr.de/nachrichten/netzwelt/Nackt-im-Netz-Millionen-Nutzer-ausgespaeht,nacktimnetz100.html) and picked up by PCMag (http://www.pcmag.com/news/349328/web-of-trust-browser-extension-cannot-be-trusted). From the German site (apologies for the translation errors): “In the background, however, the extension also logs and transmits the data for the surfing behavior of the user to a server abroad. A profile is created where the date, time, location, and controlled web […]

Read On 1 Comment

Fix for when Windows 7 is stuck at “checking for updates”

September 26th 2016

It works a treat: https://support.microsoft.com/en-us/kb/3172605

Read On Comments Off on Fix for when Windows 7 is stuck at “checking for updates”

Australian Bureau of Statistics waves a big red flag at a bull (aka hackers)

August 3rd 2016

The 5 yearly Australian Census is collecting the names and addresses of all Australians (nothing unusual there), matching that information to myriad questions in the Census (again, nothing unusual). However, they are now retaining names and addresses to enable the Census to be linked to other national data for up to four years, instead of just 18 […]

Read On Comments Off on Australian Bureau of Statistics waves a big red flag at a bull (aka hackers)

Information about the AdGholas Malvertising Campaigns

July 29th 2016

Cite: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight The checks that were made to identify infection candidates are especially interesting, going so far as to check for OEM branding.

Read On Comments Off on Information about the AdGholas Malvertising Campaigns

NetGear and Symantec vulnerabilities

July 1st 2016

NetGear Web GUI Password Recovery and Exposure Security Vulnerability: http://kb.netgear.com/app/answers/detail/a_id/30632 “NETGEAR is aware of the security issue that can expose web GUI login passwords while the password recovery feature is disabled. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router.” Norton vulnerability: unclicked links […]

Read On Comments Off on NetGear and Symantec vulnerabilities

Are you being prompted to download a JS (javascript) from areyouahuman.com?

April 23rd 2016

Apparently an areyouadownload.com partner incorrectly implemented a tag, causing the download prompt. Cite: https://twitter.com/areyouahuman/status/723529493202137088 areyouahuman.com is a service that tries to differentiate between bots, and “verified humans” before content, services and ads are presented to a website visitor.

Read On Comments Off on Are you being prompted to download a JS (javascript) from areyouahuman.com?

No more Wepawet or Anubis

April 11th 2016

How unfortunate 🙁

Read On Comments Off on No more Wepawet or Anubis

Warning: malware via Facebook

April 11th 2016

Displayed URL in FB wall posts: IPV6.GOOGLE.COM Displayed picture associated with the URL: the infected victim’s Facebook profile pic Facebook wall post is set to Public. Behavior: The text of the FB wall post is only a lot of friends being tagged.  Sometimes multiple Facebook wall posts appear.  Some people report that clicking on the link on […]

Read On Comments Off on Warning: malware via Facebook


Archives