Security

The Register: Comcast promises not to sell your data.

Submitted by Sam Moore on Sat, 04/01/2017 - 11:27

In other news, your check is in the mail.

 

Comcast says its customers shouldn't worry about having their browsing histories or personal information sold off by Comcast, because the cable giant doesn't have any immediate plans to do so. And if they do decide to change that policy, customers should rely on the state governments to stand up to a company that writes its own laws in many places.

In short, Comcast may be able to sell out its customers now, but customers should trust them not to.

And who can you trust, if not the company that once changed a customer's name to "Asshole Brown" out of spite?



https://www.theregister.co.uk/2017/03/31/comcast_we_will_never_sell_your_data/

The Register: Now your dishwasher's web server is vulnerable to attack.

Submitted by Sam Moore on Fri, 03/31/2017 - 15:09

In other news, your dishwasher may have a web server in it.
Maybe Kelly Conway wasn't so far wrong after all? (Nah, she probably still was).

Can't wait to see what some script kiddie decides to tell our kitchen appliances to do.

https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/

HTTPS Everywhere: Deep Dive Into Making the Switch

Submitted by Sam Moore on Mon, 03/06/2017 - 21:00

HTTPS image

Not only are some browsers now throwing flares when forms are presented without encryption, but Google is starting to notice as well.
Bottom line - it's time to get a cert and make your site work over encrypted connections.

Here's a detailed article that will take you through the steps required to get HTTPS working on your site(s).

https://www.lullabot.com/articles/https-everywhere-deep-dive-into-making-the-switch

 

Hacker News: Thousands of websites still vulnerable to Heartbleed

Submitted by Sam Moore on Mon, 01/23/2017 - 12:03

Hacker news logo

It takes roughly three steps to remediate the Heartbleed bug.
 

  1. Patching: Update your software to the latest versions of OpenSSL; thankfully almost all organization have accomplished this step.
  2. Creation of New Private Keys: Creating new private keys will prevent an attacker, who already exploited the flaw before patching, from being able to spy on your encrypted.
  3. Reissuance of Security Certificates: This step will eliminate the ability of any attacker to spoof organizations and fool or phish their customers.

http://thehackernews.com/2017/01/heartbleed-openssl-vulnerability.html

Krebs: $3-5M in Ad Fraud Daily from ‘Methbot’

Submitted by Sam Moore on Thu, 12/22/2016 - 10:57

As usual, Krebs has a much more detailed exigesis of how this thing actually works.

New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.

https://krebsonsecurity.com/2016/12/report-3-5m-in-ad-fraud-daily-from-methbot/

Hacker News: Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach

Submitted by Sam Moore on Thu, 12/15/2016 - 10:41

And in other news, Yahoo is still in business...
Seriously, who has a Yahoo account?

 

The data breach officially disclosed on Wednesday actually occurred in 2013 and, just like the one in 2014, allowed the cyber crooks to obtain personal information of its users but not credit card details.

 

http://thehackernews.com/2016/12/yahoo-data-breach-billion.html

Krebs: New Critical Fixes for Flash, MS Windows

Submitted by Sam Moore on Wed, 12/14/2016 - 15:27

Please please please for the love of all that's good, stop using Flash.
And don't get me started on Windows.

According to analysis released this month by Recorded Future, Adobe Flash vulnerabilities provided six of the top 10 vulnerabilities used by exploit kits in 2016. Exploit kits are automated tools that criminals stitch into the fabric of hacked or malicious Web sites, so that visitors who visit one of these sites with an outdated version of Flash in their browser can have malware silently installed. 

https://krebsonsecurity.com/2016/12/new-critical-fixes-for-flash-ms-windows/

Hacker News: Stop Using these 2 Easily Hackable Netgear Router Models

Submitted by Sam Moore on Sat, 12/10/2016 - 19:03

Carnegie Mellon's Computer Emerency Response Team (CERT) warns

Netgear's R7000 and R6400 routers, running current and latest versions of firmware, are vulnerable to arbitrary command injection attacks, though the number of users affected by the flaw is still unclear.

http://thehackernews.com/2016/12/netgear-router-hacking.html

Hacker News: This Ransomware Unlocks Your Files For Free If You Infect Others

Submitted by Sam Moore on Fri, 12/09/2016 - 10:47

Multi-level marketing comes to ransomware.

...to get their important files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect two other people and have them pay the ransom to get a free decryption key.

http://thehackernews.com/2016/12/ransomware-malware.html