Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"
Syndication feeds available

Chrome extensions transforming into adware

July 14th 2017 in Google Chrome

Recent incident: https://www.bleepingcomputer.com/news/security/-particle-chrome-extension-sold-to-new-dev-who-immediately-turns-it-into-adware/ Such trickery has been going on for years.  Google changed its policy back in 2014 so that extensions could only be ‘single purpose’ but that hasn’t stopped it. Reality is, although Chrome does prompt the user to accept new permissions if a previously innocuous extension has been updated to introduce advertising functionality, […]

Read On No Comments

Ransomware… again…

June 28th 2017

Microsoft released patches against the infamous Wannacrypt (SMB) vulnerability for older operating systems going back to Windows XP. Get them from the Microsoft website: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ They later issued warning about “potential nation state activity” and issued additional security patches. Again, get them from the Microsoft website. Those patches can be found at the URL below. […]

Read On No Comments
Read On Comments Off on Fake Amazon themed email.

Yeah… nah.

May 17th 2017
Read On Comments Off on Yeah… nah.

ALERT – StrawberryNet.Com is revealing the name, addresses and phone numbers associated with a purchaser’s email address without authentication

May 3rd 2017

If you, your family or friends have used that website, please warn them. Here is what happens: Go to the website and put anything into the shopping cart. Click “checkout”. Enter an email address when prompted. If the email address is already in their database the name, address and phone number associated with that email […]

Read On Comments Off on ALERT – StrawberryNet.Com is revealing the name, addresses and phone numbers associated with a purchaser’s email address without authentication

Big news re Google and Symantec issued EVs

March 24th 2017

Cite: https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/ “In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates. Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued […]

Read On 1 Comment

Naughty Adobe!!!

January 12th 2017

Not only is it impossible for the typical user to disable or change the software update settings for Adobe Acrobat Reader DC, the most recent SILENT update of Adobe Acrobat Reader DC also installed an Adobe Acrobat extension to Google Chrome without notice or consent. To add insult the injury, the extension’s option to “Allow […]

Read On Comments Off on Naughty Adobe!!!

That moment one “privacy” app interferes with another “privacy” app

January 7th 2017

Ghostery interfering with HTTPS Everywhere.

Read On Comments Off on That moment one “privacy” app interferes with another “privacy” app

Do you have an ASK Toolbar installed? Beware…

November 23rd 2016

Discovery by Red Canary: https://blog.redcanary.com/ask-partner-network-compromise “On 5 November, Red Canary detected suspicious activity associated with Windows applications distributed by the Ask Partner Network (a.k.a. APN, Ask.com, or simply Ask). Upon further inspection, we discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints. “

Read On Comments Off on Do you have an ASK Toolbar installed? Beware…


Archives