Spyware, Viruses, & Security forum


NEWS - October 16, 2012

by Carol~ Forum moderator / October 16, 2012 3:51 AM PDT
Facebook to exclude phone numbers from reverse lookup - for users of two-factor authentication, anyway

A week or so back, we wrote to warn you about the privacy of your phone number on Facebook.

If you give Facebook your phone number, and mark it "visible to me only", then forward lookups are, as you would expect, blocked.

I can't go from your profile to your phone number.

That's a relief, since presumably you don't want just anyone who can find you on Facebook to be able to start pestering you directly by phone if you stop responding to them online.

But if I use Facebook's reverse lookup service (what is sometimes known pejoratively as a black pages directory), I can get your name from your phone number.

In other words, your phone number isn't "visible to you only." I just have to approach it from the other direction.

Continued : http://nakedsecurity.sophos.com/2012/10/16/facebook-to-exclude-phone-numbers-from-reverse-lookup/

Related: Facebook moves to keep phone numbers for two-factor protection private
Post a reply
Discussion is locked
You are posting a reply to: NEWS - October 16, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - October 16, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Gary McKinnon will not be extradited to US, Theresa May
by Carol~ Forum moderator / October 16, 2012 4:32 AM PDT
.. announced

"Mother of British hacker thanks 'brave' home secretary for withdrawing extradition order on human rights grounds"

The dramatic decision by Theresa May to defy the US authorities by halting the extradition of British computer hacker Gary McKinnon, has been greeted with delight by campaigners and politicians from all parties.

The home secretary told MPs she had taken the quasi-judicial decision on human rights grounds because of medical reports warning that McKinnon, 46, who has Asperger's syndrome and suffers from depressive illness, could kill himself if sent to stand trial in the US.

The irony that May's most popular decision as home secretary was taken because of the Human Rights Act, which she has pledged to scrap, was not lost on her critics. But in a promised overhaul of the extradition laws that accompanied the decision, May indicated that future home secretaries would be stripped of the very power that she had used to save the computer hacker.

Continued : http://www.guardian.co.uk/world/2012/oct/16/gary-mckinnon-not-extradited-may

Gary McKinnon's 10-year battle against extradition
Gary McKinnon saved from extradition after ten year fight
Gary McKinnon not to be extradited to the US
Collapse -
Twitter Phishing Campaign Spreading Via Direct Messages
by Carol~ Forum moderator / October 16, 2012 4:33 AM PDT

From the Kaspersky Lab Weblog:

I got the impression that lately the amount of phishing attacks via social media was not as great as we have seen in the past. But just as I logged in to Twitter today I noticed that I had received two direct messages, and they both had a very similar message.

Two days ago I received the first message, and when I tried to verify if it was a link spreading malware, or a phishing site, the URL was already inactive. Now when I received another one I wanted to look at it quickly, and at the time of writing the phishing site is still active.

The two messages which I received had more or less the same structure, the only difference is the choice of URL shortener, and a word which has been replaced. The two different URL shorteners were bit. ly and y.ahoo .it

"hey, someone is spreading nasty rumours about you URL"

"hey, someone is spreading terrible rumours about you URL"


What happens if you click the URL which is in the message? You will be redirected to the website http://twi[CUT]er.com/ where the attacker has created a rogue Twitter login-page, and if you enter your credentials they will end up in the wrong hands. The stolen credentials will most likely be used to find more victims, but also to maybe find victims on other social media.

Continued : http://www.securelist.com/en/blog/208193900/Twitter_Phishing_Campaign_Spreading_Via_Direct_Messages

Collapse -
Targeted Attacks Make WinHelp Files Not So Helpful
by Carol~ Forum moderator / October 16, 2012 4:33 AM PDT

From the Symantec Security Response Blog:

Last year Symantec reported on the use of the Windows Help File (.hlp) extension as an attack vector in targeted attacks. Symantec telemetry is now increasingly seeing this attack vector being used in targeted attacks against industry and government sectors. The nefarious WinHelp files being used in these targeted attacks are detected by Symantec as Bloodhoud.HLP.1 and Bloodhound.HLP.2. [Screenshot: Zip file attachment with malicious .hlp file]

The increase in the use of WinHelp files as an attack vector can be attributed to attackers who do not require the use of an exploit to successfully compromise a computer. Attackers use social engineering to attempt to dupe a victim into opening a Windows help file contained within a targeted email. The functionality of the help file permits a call to the Windows API which, in turn, permits shell code execution and the installation of malicious payload files. This functionality is not an exploit, but there by design. Microsoft is already aware of the security implications of this functionality, and as far back as 2006 began to phase out WinHelp as a supported platform. However, the phase out has not stopped attackers from seeing WinHelp as an attractive means of attacking targets.

Continued : http://www.symantec.com/connect/blogs/targeted-attacks-make-winhelp-files-not-so-helpful

Collapse -
Kaspersky developing OS for secure SCADA systems
by Carol~ Forum moderator / October 16, 2012 4:33 AM PDT

Eugene Kaspersky, founder of the eponymous anti-virus software company, wants to equip industrial control systems, such as those used by nuclear power stations, with a secure operating system developed from scratch by Kaspersky Lab. The company is reported to have been working on the project, code-named "11.11", for ten years.

The company has now confirmed the project but nonetheless shied away from providing any specific details or technical information. Instead, the truly epic project announcement and what purports to be a description meander off into very general lists of problems and concerns.

In an interview with Kaspersky's own Threatpost news service, the company's founder even goes so far as to say that, "It's true no one else ever tried to make a secure operating system." You don't necessarily have to like Theo de Raadt to recognise that this was exactly what OpenBSD set out to do - and with some success.

Continued : http://www.h-online.com/security/news/item/Kaspersky-developing-OS-for-secure-SCADA-systems-1730798.html

Collapse -
Santander downplays risk of 'personal data-stuffed' cookies
by Carol~ Forum moderator / October 16, 2012 4:33 AM PDT

"'If compromised', cookies would not allow access to online services 'on their own'"

The Spanish banking giant Santander has downplayed growing concerns over its alleged inclusion of "sensitive data" in its cookies.

The bank did not deny including personal data in cookies.

In a post on widely read security mailing list Full Disclosure, an anonymous contributor details a number of alleged problems on Santander UK's consumer eBanking site.

He claims that Santander online banking "unnecessarily stores sensitive information within cookies". Depending on which areas of online banking the customer uses, he claims this data allegedly includes the user's name, PAN (credit card number), bank account number and sort code, Alias and UserID.

"Of particular concern is the full PAN, which PCI DSS states should be rendered unreadable anywhere it is stored," the whistleblower stated.

Continued : http://www.theregister.co.uk/2012/10/16/santander_cookie_risk/

Also: Santander's online banking keeps passwords in cookies - Update

Popular Forums
Computer Help 51,224 discussions
Computer Newbies 10,453 discussions
Laptops 20,090 discussions
Security 30,722 discussions
TVs & Home Theaters 20,937 discussions
Windows 10 1,295 discussions
Phones 16,252 discussions
Windows 7 7,684 discussions
Networking & Wireless 15,215 discussions


What do the color stripes mean on your tires?

Brian Cooley tells you why you might see various color lines on the wheels of your automobile.