Spyware, Viruses, & Security forum


NEWS - May 15, 2014

by Carol~ Forum moderator / May 15, 2014 5:33 AM PDT
DRM and the Challenge of Serving Users

From The Mozilla Blog:

Today at Mozilla we find ourselves at a difficult spot. We face a choice between a feature our users want and the degree to which that feature can be built to embody user control and privacy. Here's why.

People want to watch video, including movies and TV shows. Browsers must provide the ability to watch video or the browser becomes less and less the tool users need. A number of content owners (in particular film and TV studios) require technical mechanisms to reduce the ways in which people can use that content, such as preventing people from making copies. This technical mechanism is generally called "DRM" for "digital rights management." Browsers must implement DRM in a way that makes the content owners comfortable. Otherwise they won't allow their content to be viewed through that browser.

Continued : https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/

Reconciling Mozilla's Mission and W3C EME
Firefox's adoption of closed-source DRM breaks my heart
Can This Web Be Saved? Mozilla Accepts DRM, and We All Lose
Post a reply
Discussion is locked
You are posting a reply to: NEWS - May 15, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - May 15, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Former Subway sandwich franchisee cops to $40,000 gift-card
by Carol~ Forum moderator / May 15, 2014 6:11 AM PDT
In reply to: NEWS - May 15, 2014
.. hack scheme

"Man used LogMeIn to access point-of-sale terminals of other shops, feds say."

A former Subway sandwich shop franchisee pled guilty to taking part in a scheme to hack point-of-sale terminals for at least 13 stores and obtaining gift cards worth $40,000.

Shahin Abdollahi, who also ran a business that sold and maintained point-of-sale terminals, sold the computerized checkout registers to the Subway shops that were illegally accessed, according to federal prosecutors in Massachusetts. He set up the terminals with software from LogMeIn, which allows people to remotely log in to PCs over the Internet. Abdollahi and other conspirators then used the software to repeatedly access the Subway terminals without authorization, usually early in the morning, when the restaurants were closed.

Continued : http://arstechnica.com/security/2014/05/former-subway-sandwich-franchisee-cops-to-40000-gift-card-hack-scheme/

Related: Former Subway franchise owner pleads guilty to POS hacking
Collapse -
Fake antivirus - attack of the clones
by Carol~ Forum moderator / May 15, 2014 6:11 AM PDT
In reply to: NEWS - May 15, 2014

Kaspersky Lab Weblog:

Experts recently discovered a scam antivirus app on Google Play going by the name of Virus Shield. A distinct feature of this particular app was the fact that users had to pay for it - most fake AV can initially be downloaded for free. This meant its creators immediately started making money and didn't have to demand payments from users to remove "malware" that had supposedly been detected on their computers. To avoid negative reviews on Google Play all that was required was to make it look like the app was doing something useful.

Virus Shield was followed by a series of other similar fake apps. Early last week, for instance, we detected two rather interesting fake antivirus programs.

The first fake app was discovered on Windows Phone Store, which in itself was unusual - scammers tend to use Google Play. This app, which also had to be paid for up front, went by the name of Kaspersky Mobile. The fact that there is no program with that name in Kaspersky Lab's product line didn't deter the fraudsters - they obviously didn't expect anyone to notice. [Screenshot]

Continued : http://www.securelist.com/en/blog/8221/Fake_antivirus_attack_of_the_clones

Collapse -
Phishers Cast Wider Net, Now Asking for Multiple Email
by Carol~ Forum moderator / May 15, 2014 6:11 AM PDT
In reply to: NEWS - May 15, 2014

TrendLabs Security Intelligence Blog:

From a security perspective, phishing attempts are pretty much old hat. In most cases, phishing attempts or attacks focus on getting one particular credential, such as those for credit cards or user accounts. We are now seeing cybercriminals attempt to get more credentials by using phishing pages that allow for multiple email logins.

Multiple Logins Allowed

We came across some shortened URLs that lead users are lead to phishing pages that mimic popular sites, including Facebook, Google Docs (now known as Google Drive), OneDrive, and several property websites. In order to proceed, users must log in using their email address. [Screenshot]

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/phishers-cast-wider-net-now-asking-for-multiple-emails/

Related : Phishing campaigns target diverse webmail users at once

Collapse -
"Police Ransomware" Expands To Android Ecosystem
by Carol~ Forum moderator / May 15, 2014 6:56 AM PDT
In reply to: NEWS - May 15, 2014

F-Secure Antivirus Weblog:

Crimeware has steadily transferred Windows-based technology to Android. We've seen phishing, fake-antivirus scams, banking trojan components, and now... ransomware.

Yep. "Police ransomware" on Android. Our name for it is, Koler.

The crimeware ecosystem has long been aware of Android systems it routinely comes into contact with — it's not really much of a surprise to see ransomware attempt to make the jump.

Here's how it works:

Compromise occurs when the user visits a booby trapped (pornographic) website with his Android device. The malware then pretends to be video player and requests installation. This is dependent upon the "enable unknown sources" setting being configured.

Continued: http://www.f-secure.com/weblog/archives/00002704.html

Collapse -
Is That 'iCloud-Locked' iPhone on eBay Stolen? Probably!
by Carol~ Forum moderator / May 15, 2014 6:56 AM PDT
In reply to: NEWS - May 15, 2014

If you've browsed eBay for an iPhone in the past few months, you've probably noticed the preponderance of auctions selling low-priced "iCloud-locked" phone. "iCloud locked?," I hear you cry. "But I thought iCloud just synced contacts!" No, dear reader, it's much more powerful than that, but in this case it means that these phones are almost certainly stolen.

iCloud Locked

Apple has provided the very useful Find My iPhone tool for years, but it got even better after iOS 7.0 introduced the "reactivation lock," or iCloud lock. This means that if your iPhone is lost or stolen and you wipe it remotely with Find My iPhone, you'll need to enter your iCloud password to reactivate it.

This feature should mean that stolen phones have little value to thieves. After all, the thief can't use it or sell it as a fully functional phone. Plus, the fact that it's locked should tip off potential buyers that the deal isn't on the level.

Continued : http://securitywatch.pcmag.com/mobile-security/323624-is-that-icloud-locked-iphone-on-ebay-stolen-probably

Collapse -
The Mad, Mad Dash to Update Flash
by Carol~ Forum moderator / May 15, 2014 6:57 AM PDT
In reply to: NEWS - May 15, 2014

An analysis of how quickly different browser users patch Adobe Flash vulnerabilities shows a marked variation among browser makers. The data suggest that Google Chrome and Mozilla Firefox users tend to get Flash updates relatively quickly, while many users on Microsoft's Internet Explorer browser consistently lag behind.

The information comes from ThreatMetrix, a company that helps retailers and financial institutions detect and block patterns of online fraud. ThreatMetrix Chief Technology Officer Andreas Baumhof looked back over the past five months across 10,000+ sites the company serves, to see how quickly visitors were updating to the latest versions of Flash.

Baumhof measured the rates of update adoption for these six Flash patches:

Continued : http://krebsonsecurity.com/2014/05/the-mad-mad-dash-to-update-flash/

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.