Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Oracle settles with FTC over “deceptive” security updates?

January 5th 2016

https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ. “In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not […]

Read On No Comments

Not a good look there, Optus

March 27th 2015

Enforceable Undertaking offer by Optus to the Office of the Australian Information Commissioner: http://www.oaic.gov.au/privacy/applying-privacy-law/enforceable-undertakings/singtel-optus-enforceable-undertaking What did Optus do wrong?… In February 2013, Optus made a change to its website. Due to a coding error that occurred during this change, between February 2013 and April 2014, when Optus customers who had elected not to have their […]

Read On Comments Off on Not a good look there, Optus

For those of you in Australia, welcome ACORN

December 12th 2014

The Australian Cybercrime Online Reporting Network: “The Australian Cybercrime Online Reporting Network (ACORN) is a national policing initiative of the Commonwealth, State and Territory governments. It is a national online system that will allow the public to securely report instances of cybercrime. It will also provide advice to help people recognise and avoid common types of […]

Read On Comments Off on For those of you in Australia, welcome ACORN

Malvertizing is still around…

October 28th 2014

Incident reported on 22 October 2014.  Cite: http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php “Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 […]

Read On Comments Off on Malvertizing is still around…

Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”

October 28th 2014

https://support.google.com/accounts/answer/6103523 “If you use 2-Step Verification, you can choose Security Key as your primary method, instead of having verification codes sent to your phone. With Security Key, there’s no looking at codes and re-typing―you simply insert your Security Key into your computer’s USB port when asked.” Yes, you have to make sure you don’t lose […]

Read On Comments Off on Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”

Interesting Absolute Software article

August 12th 2014

Worth a read: http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700 Coincidentally I’m dealing with a couple of laptops at the moment that seem to be impacted by this issue.  There is almost constant network traffic to and from Absolute Software servers emanating from the laptops. I sat there and watched the live network traffic capture for 15 minutes and the traffic did not […]

Read On Comments Off on Interesting Absolute Software article