Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT – StrawberryNet.Com is revealing the name, addresses and phone numbers associated with a purchaser’s email address without authentication

May 3rd 2017

If you, your family or friends have used that website, please warn them. Here is what happens: Go to the website and put anything into the shopping cart. Click “checkout”. Enter an email address when prompted. If the email address is already in their database the name, address and phone number associated with that email […]

Read On Comments Off on ALERT – StrawberryNet.Com is revealing the name, addresses and phone numbers associated with a purchaser’s email address without authentication

Big news re Google and Symantec issued EVs

March 24th 2017

Cite: https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/ “In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates. Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued […]

Read On 1 Comment

New security steps for linked Skype and Microsoft accounts

November 23rd 2016

I received a spam message via Skype today from a person who I normally think of as too sophisticated to do something silly like re-use passwords.  And heard of another person who had also been compromised, but had absolutely no idea how it may have happened. I learned as part of my research into what may […]

Read On Comments Off on New security steps for linked Skype and Microsoft accounts

Kryptowire discovers mobile phone firmware that transmitted personally identifiable information without user consent or disclosure

November 16th 2016

The Kryptowire article can be seen here: http://www.kryptowire.com/adups_security_analysis.html Adups response can be found here: http://www.adups.com/article/show_article.php?id=162

Read On Comments Off on Kryptowire discovers mobile phone firmware that transmitted personally identifiable information without user consent or disclosure

Fake “Your Apple ID has been suspended” email

May 4th 2016

The domain being used to steal Apple ID usernames and passwords is mycloud-4.net, registered on 1 May 2016 via Crazy Domains.  Stay away.    

Read On Comments Off on Fake “Your Apple ID has been suspended” email

Oracle settles with FTC over “deceptive” security updates?

January 5th 2016

https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ. “In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not […]

Read On Comments Off on Oracle settles with FTC over “deceptive” security updates?

Not a good look there, Optus

March 27th 2015

Enforceable Undertaking offer by Optus to the Office of the Australian Information Commissioner: http://www.oaic.gov.au/privacy/applying-privacy-law/enforceable-undertakings/singtel-optus-enforceable-undertaking What did Optus do wrong?… In February 2013, Optus made a change to its website. Due to a coding error that occurred during this change, between February 2013 and April 2014, when Optus customers who had elected not to have their […]

Read On Comments Off on Not a good look there, Optus

For those of you in Australia, welcome ACORN

December 12th 2014

The Australian Cybercrime Online Reporting Network: “The Australian Cybercrime Online Reporting Network (ACORN) is a national policing initiative of the Commonwealth, State and Territory governments. It is a national online system that will allow the public to securely report instances of cybercrime. It will also provide advice to help people recognise and avoid common types of […]

Read On Comments Off on For those of you in Australia, welcome ACORN

Malvertizing is still around…

October 28th 2014

Incident reported on 22 October 2014.  Cite: http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php “Without having to click on anything, visitors to the impacted websites may be stealthily infected with the CryptoWall 2.0 ransomware. Using Adobe Flash, the malvertisements silently “pull in” malicious exploits from the FlashPack Exploit Kit. The exploits attack a vulnerability in the end-users’ browser and install CryptoWall 2.0 […]

Read On Comments Off on Malvertizing is still around…

Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”

October 28th 2014

https://support.google.com/accounts/answer/6103523 “If you use 2-Step Verification, you can choose Security Key as your primary method, instead of having verification codes sent to your phone. With Security Key, there’s no looking at codes and re-typing―you simply insert your Security Key into your computer’s USB port when asked.” Yes, you have to make sure you don’t lose […]

Read On Comments Off on Do you use Chrome? And have a Google account? And use 2 Factor Authentication? You may want a “security key”


Archives