Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - January 15, 2015

Jan 15, 2015 7:58AM PST
This ad company is using Verizon's unstoppable supercookies to track you

A company that correlates data about users across different websites to share with marketers is using unique IDs inserted by Verizon into mobile Web traffic to recreate tracking cookies that have been deleted by users.

The story began a few months ago when it was reported that both Verizon and AT&T were injecting unique identifiers in the Web requests of their mobile customers. Privacy activists criticized the practice because it creates so-called perma-cookies (permanent cookies) that cannot be deleted by users as they're added en-route, at the carrier level.

AT&T later said that it was only testing the system and has since stopped, but Verizon continues to add UIDHs (Unique Identifier Headers) to Web traffic as part of two programs that allows advertisers to identify users based on demographics, interests, location and other criteria.

Continued : http://www.pcworld.com/article/2871192/cleared-your-browser-cookies-it-wont-stop-ad-company-using-verizon-tracking-header.html

Related :
Verizon's tracking header: Can they do better?
PROOF the undead STALK Verizon users: Admen caught using 'perma-cookie'

Discussion is locked

- Collapse -
The Free Encryption App That Wants to Replace Gmail, Dropbox
Jan 15, 2015 8:01AM PST
..and HipChat

Cryptographers devote their careers to the science of securing your communications. Twenty-four-year-old Nadim Kobeissi has devoted his to the art of making that security as easy as possible. His software creations like Cryptocat and Minilock encrypt instant messages or shared files with three-letter-agency-level protection, with user interfaces that require Lincoln-Log-level skills. Now he's combining elements of his dead-simple apps into what he's calling his biggest release yet, a single platform designed to encrypt everything you and any group of collaborators do on the desktop.

Today, Kobeissi plans to announce Peerio, an "encrypted productivity suite" meant to help individual users and businesses encrypt everything from IMs to online file storage. The software, initially launching as a Windows and Mac app as well as a Chrome plugin but coming to mobile platforms soon, resembles a simplified Gmail with IM and Google Drive features included. Unlike Gmail, all communication sent via Peerio are end-to-end encrypted and can't be decrypted by anyone but the recipient—not even someone with access to the Peerio server itself.

Continued : http://www.wired.com/2015/01/peerio-free-encryption-app/

Related: Encrypted messaging and file storage app Peerio goes open beta
- Collapse -
Google AdWords Campaigns Hijacked by Malvertisers
Jan 15, 2015 8:06AM PST

A malvertising scheme has hijacked at least two distinct Google AdWords advertising campaigns, redirecting users who had browsed to the sites hosting the poisoned ads without those visitors even clicking on them. Some of the sites in question service more than a million monthly users.

Last week, website security firm Sucuri noticed a substantial uptick in requests to scan sites for malware. Oddly enough, the malicious redirects did not discriminate among platforms nor browsers, but some visitors were not redirected while others complained that impacted sites became barely usable. The reason for that has to do with the way online advertising firms use mined data to target ads toward supposedly relevant customers. In extreme cases, advertisers deploy real-time ad-bidding, in which groups compete for seconds or minutes ad space on particular sites at specific times.

Continued : http://threatpost.com/google-adwords-campaigns-hijacked-by-malvertisers/110457

- Collapse -
Several critical vulnerabilities addressed in Firefox 35
Jan 15, 2015 8:06AM PST

Mozilla released Firefox 35 on Tuesday, and it comes with fixes for numerous vulnerabilities, a few of which are deemed critical.

Security researcher Nils is credited with discovering a critical 'Gecko Media Plugin (GMP) sandbox escape' vulnerability that could enable an attacker to "escape or bypass the GMP sandbox if another exploitable bug is found in a GMP media plugin which allowed them to compromise the GMP process," according to an advisory.

Continued : http://www.scmagazine.com/gecko-media-plugin-sandbox-escape-among-vulnerabilities-fixed/article/392802/

Also see : Mozilla Firefox Version 35.0 released

- Collapse -
Park 'N Fly, OneStopParking Confirm Breaches
Jan 15, 2015 8:10AM PST

Late last year, KrebsOnSecurity wrote that two huge swaths of credit card numbers put up for sale in the cybercrime underground had likely been stolen from Park 'N Fly and from OneStopParking.com, competing airport parking services that lets customers reserve spots in advance of travel via Internet reservation systems. This week, both companies confirmed that they had indeed suffered a breach.

When contacted by this author on Dec. 15, Atlanta-based Park 'N Fly said while it had recently engaged multiple security firms to investigate breach claims, it had not found any proof of an intrusion. In a statement released Tuesday, however, the company acknowledged that its site was hacked and leaking credit card data, but stopped short of saying how long the breach persisted or how many customers may have been affected. A portion of their statement reads:

Continued : http://krebsonsecurity.com/2015/01/park-n-fly-onestopparking-confirm-breaches/

- Collapse -
New Strain of Crowti Ransomware Moving in I2P
Jan 15, 2015 8:11AM PST

A new strain of the Crowti ransomware, also dubbed Cryptowall 3.0, was spotted by researchers early this week after a quiet period during the holiday season.

The twist to these recent infections is that the malware communicates over the I2P anonymity network.

French researcher Kafeine confirmed this morning the use of I2P for command and control communication, while Microsoft reported that links to pages describing how to decrypt locked files are sent over Tor.

Continued : http://threatpost.com/new-strain-of-crowti-ransomware-moving-in-i2p-network/110416

Related : Under the hood of I2P, the Tor alternative that reloaded Silk Road