Spyware, Viruses, & Security forum


NEWS - April 01, 2014

by Carol~ Moderator / March 31, 2014 10:56 PM PDT
LinkedIn warns of Sell Hack browser plugin that claims to reveal hidden email addresses

A browser extension called "Sell Hack" is creating something of a storm, after claiming it can reveal the hidden email addresses of LinkedIn users.

The tool, first spotted by Yahoo Tech columnist Alyssa Bereznak, initially gives the impression that it allows anyone to visit a LinkedIn profile page and "hack" into LinkedIn's systems to extract the page owner's (normally private and hidden) email address.

And all this power, it is claimed, is available to you by quickly installing a plugin for your Chrome, Safari or Firefox browser. [Screenshot]

Sounds like a stalker's or recruitment advisor's wet dream, doesn't it?

But in my testing, Sell Hack didn't quite live up to its promise.

Continued : http://grahamcluley.com/2014/04/sellhack-linkedin/

Related: LinkedIn sends cease and desist to Sell Hack, which lets you see anyone's email address on the service
Discussion is locked
You are posting a reply to: NEWS - April 01, 2014
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - April 01, 2014
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Researcher Identifies Potential Security Issues With Tesla S
by Carol~ Moderator / March 31, 2014 11:03 PM PDT
In reply to: NEWS - April 01, 2014

The current move by auto makers to stuff their vehicles full of networked devices, Bluetooth radios and WiFi connectivity has not gone unnoticed by security researchers. Charlie Miller and Chris Valasek spent months taking apart-literally and figuratively-a Toyota Prius to see what vulnerabilities might lie inside; and they found plenty. Now, another researcher has identified a number of issues with the security of the Tesla S, including its dependence upon a weak one-factor authentication system linked to a mobile app that can unlock the car remotely.

The Tesla S is a high-end, all-electric vehicle that includes a number of interesting features, including a center console touchscreen that controls much of the car's systems. There also is an iPhone app that allows users to control a number of the car's functions, including the door locks, the suspension and braking system and sunroof. Nitesh Dhanjani found that when new owners sign up for an account on the Tesla site, they must create a six-character password. That password is then used to login to the iPhone app.

Continued: http://threatpost.com/researcher-identifies-potential-security-issues-with-tesla-s/105146

Related: Researcher lights fire under Tesla security

Collapse -
CryptoDefense, the CryptoLocker Imitator, Makes Over $34,000
by Carol~ Moderator / March 31, 2014 11:04 PM PDT
In reply to: NEWS - April 01, 2014
.. in One Month

Symantec Security Response Blog:

On the back of Cryptolocker's (Trojan.Cryptolocker) perceived success, malware authors have been turning their attention to writing new ransomcrypt malware. The sophisticated CryptoDefense (Trojan.Cryptodefense) is one such malware. CryptoDefense appeared in late February 2014 and since that time Symantec telemetry shows that we have blocked over 11,000 unique CryptoDefense infections. Using the Bitcoin addresses provided by the malware authors for payment of the ransom and looking at the publicly available Bitcoin blockchain information, we can estimate that this malware earned cybercriminals over $34,000 in one month alone (according to Bitcoin value at time of writing).

"Imitation is not just the sincerest form of flattery - it's the sincerest form of learning" - George Bernard Shaw.

CryptoDefense, in essence, is a sophisticated hybrid design incorporating a number of effective techniques previously used by other ransomcrypt malware authors to extort money from victims. ...

Continued: http://www.symantec.com/connect/blogs/cryptodefense-cryptolocker-imitator-makes-over-34000-one-month

Related: Mistake in ransomware program leaves decryption key accessible
Collapse -
Windows XP to remain in most organizations after deadline
by Carol~ Moderator / March 31, 2014 11:04 PM PDT
In reply to: NEWS - April 01, 2014

Over three quarters (77 per cent) of UK organizations will have Windows XP running somewhere in their IT estate after the April 8th end of support deadline, according to AppSense. 68 per cent of organizations had no plans to pay for extended support despite repeated warnings about the vulnerability of the 12 year-old operating system to exploits and malware.

The survey, of 100 UK IT decision makers, also suggested that while Windows XP is still present in the majority of organizations, it is very much in the minority in terms of penetration with these businesses. 87 per cent of those surveyed had less than 25 per cent of desktop estate still running Windows XP, while on average it is estimated that overall penetration of the operating system is just under 13 per cent.

Continued : http://www.net-security.org/secworld.php?id=16607

Related: Windows XP phantom will haunt majority of businesses after deadline

Collapse -
Who's Behind the 'BLS Weblearn' Credit Card Scam?
by Carol~ Moderator / March 31, 2014 11:31 PM PDT
In reply to: NEWS - April 01, 2014

A new rash of credit and debit card scams involving bogus sub-$15 charges and attributed to a company called "BLS Weblearn" is part of a prolific international scheme designed to fleece unwary consumers. This post delves deeper into the history and identity of the credit card processing network that has been enabling this type of activity for years.

At issue are a rash of phony charges levied against countless consumers for odd amounts — such as $10.37, or $12.96. When they appear on your statement, the charges generally reference a company in St. Julians, Malta such as BLS*Weblearn or PLI*Weblearn, and include a 1-888 number that may or may not work (the most common being 888-461-2032 and 888-210-6574).

I began hearing from readers about this early this month, in part because of my previous sleuthing on an eerily similar scheme that also leveraged payment systems in Malta to put through unauthorized junk charges ($9.84) for "online learning" software systems. Unfortunately, while the names of the companies and payment systems have changed, this latest scam appears to be remarkably similar in every way.

Continued : http://krebsonsecurity.com/2014/03/whos-behind-the-bls-weblearn-credit-card-scam/

Collapse -
World Backup Day - are your important files backed up?
by Carol~ Moderator / April 1, 2014 3:37 AM PDT
In reply to: NEWS - April 01, 2014

March 31, 2014

31 March is World Backup Day, a campaign to persuade us to be more careful about keeping backups of our precious data. The day's catchphrase is "Don't be an April Fool" - urging us to ensure we all have good backups in place in time for 1 April.

Backup basics

If your storage system fails, both in business or at home, any valuable data could be lost for good. So it's essential to back up your data.

Important backups need to be kept separate from master copies. They should be stored on a different medium from the master, and in a different location.

They should certainly not be on the same hard drive, as that one device becomes a single point of failure for the whole set of data. Backing up files locally can provide a quick recourse in the event of accidental deletion, corruption or unwanted change, but you should think of them as spare copies rather than proper backups.

Continued: http://nakedsecurity.sophos.com/2014/03/31/world-backup-day-are-your-important-files-backed-up/

Note: It shouldn't matter if you were unaware yesterday was officially World Backup Day. Today would (also) be an excellent day to begin the practice of routinely backing up your data. Happy World Backup Day! Happy

Collapse -
Report: RSA endowed crypto product with 2nd NSA-influenced
by Carol~ Moderator / April 1, 2014 3:39 AM PDT
In reply to: NEWS - April 01, 2014
.. code

Security provider RSA endowed its BSAFE cryptography toolkit with a second NSA-influenced random number generator (RNG) that's so weak it makes it easier for eavesdroppers to decrypt protected communications, Reuters reported Monday.

Citing soon-to-be-published research from several universities, Reuters said the Extended Random extension for secure websites allows attackers to work tens of thousands of times faster when breaking cryptography that uses the Dual EC_DRBG algorithm to generate the random numbers that populate a specific cryptographic key. Dual EC_DRBG is a pseudo-random number generator that was developed by cryptographers from the National Security Agency and was the default RNG in BSAFE even after researchers demonstrated weaknesses so severe that many suspected they were introduced intentionally so the US spy agency could exploit them to crack encrypted communications of people it wanted to monitor. In December, Reuters reported that the NSA paid RSA $10 million to give Dual EC_DRBG its favored position in BSAFE.

Continued : http://arstechnica.com/security/2014/03/report-rsa-endowed-crypto-product-with-second-nsa-influenced-code/

Additional NSA-backed code found in RSA crypto products
Second NSA Crypto Tool Found in RSA BSafe
RSA caught again in NSA subverting of Dual EC encryption
Collapse -
Fake Google Apps Leaked in Windows Phone Store
by Carol~ Moderator / April 1, 2014 5:22 AM PDT
In reply to: NEWS - April 01, 2014

Bitdefender's "HOTforSecurity" Blog:

Some of the most popular Google mobile apps including Hangouts, Google Maps, Google+, Google Search and Google Voice have been seen recently in the Windows Phone Store retailing at the not-so-bargain price of $1.99, as announced by Windows on winbeta.org.

The site says the applications are fake. In the Android and iOS mobile markets, these services are free of charge. Moreover, the developer's name is misspelled: the valid applications are signed Google Inc, while the new versions are published by Google, Inc.

Designed to empty users' wallets, fake applications can pose serious security and privacy risks by secretly tracking the user's location, leaking email addresses or phone logs to third-parties. What's more, developers can manipulate an Android app's SDK to implement rogue features to intercept text messages or execute man-in-the-middle attacks.

Continued : http://www.hotforsecurity.com/blog/fake-google-apps-leaked-in-windows-phone-store-8269.html

Collapse -
DVR Infected with Bitcoin Mining Malware
by Carol~ Moderator / April 1, 2014 5:23 AM PDT
In reply to: NEWS - April 01, 2014

Johannes Ullrich of the SANS Institute claims to have found malware infecting digital video recorders (DVR) predominately used to record footage captured by surveillance camera systems.

Oddly enough, Ullrich claims that one of the two binaries of malware implicated in this attack scheme appears to be a Bitcoin miner. The other, he says, looks like a HTTP agent that likely makes it easier to download further tools or malware. However, at the present time, the malware seems to only be scanning for other vulnerable devices.

"D72BNr, the bitcoin miner (according to the usage info based on strings) and mzkk8g, which looks like a simplar(sp.) http agent, maybe to download additional tools easily (similar to curl/wget which isn't installed on this DVR by default)," Ullrich wrote on SANS diary.

Continued : http://threatpost.com/dvr-infected-with-bitcoin-mining-malware/105167

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?