Category Archives: Link list

Turns out that you can’t trust ‘Trump free Wifi’ at the Republican National Congress

Posted on by

The cheeky japesters at Avast created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland, as Silicon Angle reports:

Avast’s team set up several networks, using names such as “Trump free Wifi” or “Google Starbucks,” which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices.

Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.

By the way, whether the SSID “Trump free Wifi” is supposed to represent a Wi-Fi that is “free of Trump”, or “free on behalf of Trump” is unclear to this writer. Your preference may vary.

Apparently some RNC attendees also used the fake Wi-Fi hotspots to access their umm.. Tinder and Grindr accounts. Oh, and about 5.1% of people who accessed the phony free Wi-Fi used it to play Pokémon Go.

I guess they wanted to mix the serious business of choosing a US presidential candidate with a little fun. Who can blame them?

You should always take care about what Wi-Fi hotspots you connect to, and use a VPN to help keep their sensitive information out of the hands of snoopers.

You can learn more about Avast’s findings in its press release.

Continue reading Turns out that you can’t trust ‘Trump free Wifi’ at the Republican National Congress

Salesforce will only support Nexus and Samsung Galaxy phones to avoid Android fragmentation

Posted on by

Ina Fried at Recode writes:

One of the big challenges for Android app developers is the fact that there are just so many different phones out there using a variety of versions of Google’s operating system.

That often means a lot more time and money spent testing and supporting Android than Apple’s iOS, but with Android running on the majority of smartphones out there, what’s a large developer to do?

Salesforce is taking a rather unusual stance in an effort to avoid this problem. Starting with an update to its Salesforce1 app later this year, the company will offer support for its app only to those using certain Google Nexus or Samsung Galaxy devices.

When I have friends and family who ask me which Android they should buy, I normally answer by saying “Get an iPhone instead.”

Because security updates matter.

When they continue to insist they *really* do want an Android, I tell them to get a Google Nexus. Or, maybe at a stretch, a Samsung. But personally I would steer clear of anything else because of this fragmentation issue.

Seems like I was right.

When popular apps like Salesforce basically throw in the towel and admit it’s too hard to properly support the multitude of different devices running Android, you know you’ve got a problem.

Continue reading Salesforce will only support Nexus and Samsung Galaxy phones to avoid Android fragmentation

Russian security firm linked to cybercrime gang

Posted on by

Brian Krebs has been doing what he does best, following a trail of clues scattered across the internet and joining the dots.

This week he followed-up on information shared with him by security researcher Ron Guilmette, who uncovered “interesting commonalities” in website registration records, revealing strange links between a Russian security firm called Infocube (also known as Infokube) and the notorious Carbanak cybercrime gang.

Carbanak, of course, has been blamed for stealing hundreds of millions of dollars, after targeting e-payment systems and installing malware on ATM infrastructure that resulted in theft from cash machines.

Infokube, meanwhile, claims to work with some of the best known firms in computer security.

Krebs reached out to Artem Tveritinov, Infokube’s apparent CEO, to ask if he had any explanation for the website registration details showing such similarities:

“Our company never did anything illegal, and conducts all activities according to the laws of Russian Federation,” Tveritinov said in an email. “Also, it’s quite stupid to use our own personal data to register domains to be used for crimes, as [we are] specialists in the information security field.”

Krebs reports that as he sent Tveritinov questions by email, the Russian deleted his social media presence:

“I noticed that the Vkontakte social networking profile that Tveritinov had maintained regularly since April 2012 was being permanently deleted before my eyes. Tveritinov’s profile page and photos actually disappeared from the screen I had up on one monitor as I was in the process of composing an email to him in the other.”

Read the whole fascinating story on Krebs on Security.

Continue reading Russian security firm linked to cybercrime gang

Adobe cockup means you may have two different versions of Flash installed on your PC

Posted on by

Shaun Nichols writing for The Register:

Adobe says a buggy installer is the reason some people have two different versions of Flash Player on their Windows PCs.

The software house told The Register it had to create an additional build of the browser plugin specifically for Microsoft’s Internet Explorer after the version made for other browsers – such as Mozilla’s Firefox and Microsoft’s Edge – wouldn’t install properly for IE.

So, for example, if you have Internet Explorer and Firefox on your machine, you’ll have two slightly different copies of Flash that should be functionally the same.

Quality control? Testing? What’s that then?

I wouldn’t blame you if you feel that this is the straw that broke the camel’s back. Here is how to completely uninstall Adobe Flash from your computer.

Continue reading Adobe cockup means you may have two different versions of Flash installed on your PC

Android banking malware stops you calling customer service to cancel your cards

Posted on by

Symantec describes some Android banking malware making things more complicated for victims in Russia and South Korea:
Typically, when a banking customer calls a customer care number through a registered mobile device, their call will be routed to an In… Continue reading Android banking malware stops you calling customer service to cancel your cards

How you could steal money from Instagram, Microsoft and Google with help from a premium rate phone number

Posted on by

Researcher Arne Swinnen found an ingenious way to make money from the likes of Google, Microsoft and Instagram – getting their two-factor authentication registration schemes to call a premium rate phone number:
“They all offer services to supply users … Continue reading How you could steal money from Instagram, Microsoft and Google with help from a premium rate phone number

Ubuntu Forums hacked (again)

Posted on by

Canonical, the company behind Ubuntu, has warned that there has been a security breach on the Ubuntu Forums site, resulting in the theft of two million members’ usernames, IP addresses, and email addresses:

At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu Forums Council that someone was claiming to have a copy of the Forums database.

After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.

If you think you may have heard a similar story in the past, your memory isn’t deceiving you. Ubuntu Forums was previously hacked in 2013.

Continue reading Ubuntu Forums hacked (again)

Be careful in your inbox. Massive Locky ransomware campaign underway

Posted on by

F-Secure is warning computer users about a significant increase in sightings of the Locky ransomware, typically spammed out posing as invoices or profiles for positions at your company.

Here is how researcher Päivi Tynninen described the scale of the malware campaign:

Yesterday, Tuesday, we saw two new campaigns with a totally different magnitude: more than 120,000 spam hits per hour. In other words, over 200 times more than on normal days, and 4 times more than on last week’s campaigns.

If you make the mistake of opening one of the ZIP files attached to the spammed out messages, you will find a JavaScript file inside. Clicking on it would be a big mistake and lead to your computer being hit by the notorious Locky ransomware. Before you know it, you may have lost access to your files and find yourself being blackmailed for their safe return.

Stay safe folks. Always be suspicious of unsolicited attachments.

Continue reading Be careful in your inbox. Massive Locky ransomware campaign underway

Couldn’t care less about Pokémon Go? Get this Chrome extension

Posted on by

Chrome users may be interested in a new browser extension called PokeGone:

Remove Pokemon from the Internet!

Sick and tired of hearing about Pokemon? PokeGone will take care of that! This extension will stop your eyes from seeing grown adults raving on about Pokemon – simple as.

Remove all traces of Pokemon from the internet with one simple extension!

Unfortunately, there are mixed reports of PokeGone’s ability to “catch ’em all” – so it may be that you find it an ineffective way to filter talk of Pokémon Go from your screen.

This was a public service announcement.

Continue reading Couldn’t care less about Pokémon Go? Get this Chrome extension

Here’s the very best advice on what you should do with Adobe Flash

Posted on by

On Tuesday, Adobe released a critical update patching over 50 security holes in its Flash Player plugin.

Security blogger Brian Krebs says it better than me:

It’s bad enough that hackers are constantly finding and exploiting zero-day flaws in Flash Player before Adobe even knows about the bugs.

The bigger issue is that Flash is an extremely powerful program that runs inside the browser, which means users can compromise their computer just by browsing to a hacked or malicious site that targets unpatched Flash flaws.

The smartest option is probably to ditch this insecure program once and for all and significantly increase the security of your system in the process.

That seems pretty reasonable to me.

Here is our guide on how you can update Adobe Flash on your computer or (even better) uninstall it entirely.

The full advisory on the Flash security vulnerabilities can be read on Adobe’s website, as can details of the security update they have released for another of their beleaguered products – Adobe Reader.

Continue reading Here’s the very best advice on what you should do with Adobe Flash