Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Safe Harbor is now EU-US Privacy Shield

February 3rd 2016

“After months of intensive negotiations, today (February 2) the European Commission and the United States announced agreement on a new framework for transatlantic data flows: the EU-US Privacy Shield. This new framework will protect the rights of Europeans where their data is transferred to the United States and provide a path to legal certainty for […]

Read On No Comments

Oracle settles with FTC over “deceptive” security updates?

January 5th 2016

https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ. “In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not […]

Read On No Comments

Bugged electronic typewriters

October 14th 2015

Sure, it’s from the 1980’s, but gee it’s very interesting: https://www.nsa.gov/about/_files/cryptologic_heritage/center_crypt_history/publications/learning_from_the_enemy_the_gunman_project.pdf

Read On Comments Off on Bugged electronic typewriters

Sophos: Linux machines represented approximately 80% of the 178,635 newly malicious websites discovered during one week.

October 14th 2015

80%.  Really.  And here are the reasons they gave: Linux servers are preferred by budget cloud hosting providers for their low cost (free) and flexibility. These providers do not provide security services and largely cater to amateur web enthusiasts. Linux servers are undefended. Linux administrators and server operators have the perception that Linux is immune […]

Read On Comments Off on Sophos: Linux machines represented approximately 80% of the 178,635 newly malicious websites discovered during one week.

Not a good look there, Optus

March 27th 2015

Enforceable Undertaking offer by Optus to the Office of the Australian Information Commissioner: http://www.oaic.gov.au/privacy/applying-privacy-law/enforceable-undertakings/singtel-optus-enforceable-undertaking What did Optus do wrong?… In February 2013, Optus made a change to its website. Due to a coding error that occurred during this change, between February 2013 and April 2014, when Optus customers who had elected not to have their […]

Read On Comments Off on Not a good look there, Optus

For those of you in Australia, welcome ACORN

December 12th 2014

The Australian Cybercrime Online Reporting Network: “The Australian Cybercrime Online Reporting Network (ACORN) is a national policing initiative of the Commonwealth, State and Territory governments. It is a national online system that will allow the public to securely report instances of cybercrime. It will also provide advice to help people recognise and avoid common types of […]

Read On Comments Off on For those of you in Australia, welcome ACORN

Hold off installing MS14-066 / KB 2992611

November 16th 2014

Word is it is breaking stuff, including the ability to access using secure sites using Chrome. Possible fixes if you’re already affected: Open gpedit.msc Go to computer configuration > administrative templates > Network > SSL Configuration Settings > SSL Cipher Suite Order Set it to enabled Reboot The policy populates the Windows registry with the […]

Read On Comments Off on Hold off installing MS14-066 / KB 2992611

Malvertizing is still around…

October 28th 2014

Incident reported on 22 October 2014.  Cite: http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php “Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 […]

Read On Comments Off on Malvertizing is still around…

Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”

October 28th 2014

https://support.google.com/accounts/answer/6103523 “If you use 2-Step Verification, you can choose Security Key as your primary method, instead of having verification codes sent to your phone. With Security Key, there’s no looking at codes and re-typing―you simply insert your Security Key into your computer’s USB port when asked.” Yes, you have to make sure you don’t lose […]

Read On Comments Off on Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”

Fake support scammer take-down

October 27th 2014

A New York based tech support scam business made $2,500,000 in the past two-and-a-half years. Is it any wonder those ‘your computer is infected’ phone calls are increasing?  The company in question also purchased deceptive ads online that led consumers to believe they were calling the technical support line for legitimate companies. The defendants are Pairsys, Inc., […]

Read On Comments Off on Fake support scammer take-down