Spyware, Viruses, & Security forum


NEWS - January 17, 2012

by Carol~ Moderator / January 16, 2012 10:46 PM PST
Wikipedia to Go Dark on Wednesday to Protest Bills on Web Piracy

The wave of online protests against two Congressional bills that aim to curtail copyright violations on the Internet is gathering momentum.

Wikipedia is the latest Web site to decide to shut on Wednesday in protest against the two Congressional bills, the Stop Online Piracy Act, often called SOPA, and the Protect IP Act, which is often called PIPA. The bills have attracted fierce opposition from many corners of the technology industry. Opponents say several of the provisions in the legislation, including those that may force search engines and Internet service providers to block access to Web sites that offer or link to copyrighted material, would stifle innovation, enable censorship and tamper with the livelihood of businesses on the Internet.

Nearly 800 members of Wikipedia have been debating and voting whether the site should participate in a blackout since December.

Jimmy Wales, co-founder of Wikipedia, confirmed the site's decision on Monday on Twitter, writing: "Student warning! Do your homework early. Wikipedia protesting bad law on Wednesday!"

Continued : http://bits.blogs.nytimes.com/2012/01/16/wikipedia-plans-to-go-dark-on-wednesday-to-protest-sopa/?ref=technology

Wikipedia to black out all 3.8 million English-language pages to protest PIPA
Wikipedia joins web blackout in Sopa protest
Wikipedia blackout to protest SOPA progress in Congress
Discussion is locked
You are posting a reply to: NEWS - January 17, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 17, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Phishing Your Employees 101
by Carol~ Moderator / January 16, 2012 11:01 PM PST

A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one could be abused by miscreants to launch malicious attacks.

The Simple Phishing Toolkit includes a site scraper that can clone any Web page — such as a corporate Intranet or Webmail login page — with a single click, and ships with an easy-to-use phishing lure creator.

An education package is bundled with the toolkit that allows administrators to record various metrics about how recipients respond, such as whether a link was clicked, the date and time the link was followed, and the user's Internet address, browser and operating system. Lists of targets to receive the phishing lure can be loaded into the toolkit via a spreadsheet file.

The makers of the software, two longtime system administrators who asked to be identified only by their first names so as not to jeopardize their day jobs, say they created it to help companies educate employees about the dangers of phishing scams. [Screenshot]

"The whole concept with this project started out with the discussion of, "Hey, wouldn't it be great if we could phish ourselves in a safe manner,'" said Will, one of the toolkit's co-developers. "It seems like in every organization there is always a short list of people we know are phishable, who keep falling for the same thing every six to eight weeks, and some of this stuff is pretty lame."

Continued : http://krebsonsecurity.com/2012/01/phishing-your-employees-101/

Collapse -
Web Gang Operating in the Open
by Carol~ Moderator / January 16, 2012 11:01 PM PST

Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook and several independent computer security researchers.

The men live comfortable lives in St. Petersburg — and have frolicked on luxury vacations in places like Monte Carlo, Bali and, earlier this month, Turkey, according to photographs posted on social network sites — even though their identities have been known for years to Facebook, computer security investigators and law enforcement officials.

One member of the group, which is popularly known as the Koobface gang, has regularly broadcast the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter. Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

Beginning in July 2008, the Koobface gang aimed at Web users with invitations to watch a funny or sexy video. Those curious enough to click the link got a message to update their computer's Flash software, which begins the download of the Koobface malware. Victims' computers are drafted into a "botnet," or network of infected PCs, and are sent official-looking advertisements of fake antivirus software and their Web searches are also hijacked and the clicks delivered to unscrupulous marketers. The group made money from people who bought the bogus software and from unsuspecting advertisers.

Continued : http://www.nytimes.com/2012/01/17/technology/koobface-gang-uses-facebook-to-spread-powerful-worm.html?_r=1

Collapse -
Exclusive: How 5 members of Koobface gang were unmasked
by Carol~ Moderator / January 17, 2012 12:06 AM PST

"Exclusive: How five members of the Koobface malware gang were unmasked"

According to the New York Times, Facebook is making public the names of the people it believes are responsible for the Koobface worm: a botnet which has helped its creators earn millions of dollars every year by compromising computers. [Screenshot]

The five men are named as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeiko, and are said to be involved in the Koobface malware gang, which has blighted millions of computer users.

Naked Security has great pleasure in being able to tell the in-depth story of how these individuals were identified as part of the Koobface gang, in a detailed investigation conducted by independent researcher Jan Dromer, and Dirk Kollberg of SophosLabs between early October 2009 and February 2010.

Read: The Koobface malware gang - exposed!

(Not familiar with Koobface? Here's some background information you may find handy to read first.)

The names uncovered by the researchers are the same as those announced today.

It's an incredible detective story of tireless investigation, which involved scouring the internet, searching company records and taking advantage of schoolboy social networking errors made by the suspected criminals, their friends and family.

Continued : http://nakedsecurity.sophos.com/2012/01/17/how-koobface-malware-gang-unmasked/

Collapse -
Stop Online Piracy Act dead in the water, claims opponent
by Carol~ Moderator / January 17, 2012 12:06 AM PST

Controversial online copyright enforcement bill the Stop Online Piracy Act may be stalled in the US House of Representatives as lawmakers try to iron out a compromise, an opponent of the legislation said.

Representative Darrell Issa said he's been assured by House Majority Leader Eric Cantor that SOPA will not move forward unless consensus is reached.

"Majority Leader Cantor has assured me that we will continue to work to address outstanding concerns and work to build consensus prior to any anti-piracy legislation coming before the House for a vote," Issa said. "The voice of the Internet community has been heard. Much more education for Members of Congress about the workings of the Internet is essential if anti-piracy legislation is to be workable and achieve broad appeal."

A spokeswoman for Cantor declined to comment. A spokeswoman for Representative Lamar Smith, chief sponsor of SOPA, said she does not believe Cantor has made a public comment about delaying SOPA.

Continued : http://news.techworld.com/security/3330471/stop-online-piracy-act-dead-in-water-claims-opponent/

Collapse -
Optical transaction signing device limits ebanking fraud
by Carol~ Moderator / January 17, 2012 12:06 AM PST

SafeNet announced the eToken 3500, an electronic signing and strong authentication token-based device that will enable financial services organizations to achieve risk mitigation and usability when securing ebanking applications.

The device uses an optical sensor to read financial transaction data from a Web browser, generating a unique electronic signature that validates each transaction, reducing threats such as Man-in-the-Browser (MitB) and Man-in-the-Middle (MitM), in which hackers hijack legitimate user identities during a transaction and redirect funds.

Additionally, the optical features of the device scan the transaction data automatically, eliminating the need for manual inputs, which simplify the electronic signing process for the user while reducing errors.

Financial institutions have to manage heavy volumes of high-risk transactions on a daily basis. The rising tide of cyber threats, as well as increased regulatory pressures, has necessitated a new approach to online transaction protection. Additional validation, to ensure that each transaction is authorized by a legitimate customer, can contribute significantly to reducing online banking fraud.

Continued : http://www.net-security.org/secworld.php?id=12223

Collapse -
WhatsApp Demands Money from Customers Who Don't Spam, Hoax
by Carol~ Moderator / January 17, 2012 12:06 AM PST

The latest scam post that circulates on social networking websites claims that WhatsApp Messenger's providers are planning to set a fee for using their app, urging readers to send messages to friends in order to become a so-called "frequent user."

"Hallo everybody. WhatsApp is going to cost us money soon. The only way that it will stay free is if you are a frequent user i.e. you have at least 10 people you are chatting with.

"To become a frequent user send this message to 10 people who receive it (2 ticks) and your WhatsApp logo should turn Red to indicate a frequent user," reads the hoax provided by Hoax Slayer.

A number of versions are hitting social media sites, all of them falsely reporting that the cross-platform mobile messaging app will no longer be free of charge.

These types of hoax messages aren't doing anyone any good and users can be certain that they're not helping if they spam their friends.

WhatsApp's developers learned of the scam and issued an official warning on the company's blog to make sure their customers don't fall for the spammy campaign.

Continued : http://news.softpedia.com/news/WhatsApp-Demands-Money-from-Customers-Who-Don-t-Spam-Hoax-246727.shtml

Collapse -
The Zappos Breach and Textual Password Based Authentication
by Carol~ Moderator / January 17, 2012 5:19 AM PST

From the Kaspersky Labs Weblog:

Following their major database breach, Zappos leadership is doing the right thing by what seems to be quickly and clearly communicating what data was accessed and what was not - there are no unexplained delays or confusion on their part about the event. It's like another Aurora moment in my book, when Google extraordinarily opened up about their breach while the other 30-odd Aurora-breached major corporations did the opposite, aggressively maintaining NDA's to hide their Aurora incidents and hide their heads in the sand. Zappos reset 24 million customers' passwords and emailed all of them about the problem last night. [Screenshot]

Zappos also sent all 24 million users a concise email explaining "We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password," while "THE DATABASE THAT STORES OUR CUSTOMERS' CRITICAL CREDIT CARD AND OTHER PAYMENT DATA WAS NOT AFFECTED OR ACCESSED." All of this has been discussed and should be standard, timely stuff for notifications. But there remain a couple interesting points.

Continued : http://www.securelist.com/en/blog/208193346/The_Zappos_Breach_and_Textual_Password_Based_Authentication

Related: Zappos Latest Company Hit by Data Breach

Collapse -
Fake Browser Plug-in—A New Vehicle for Scammers
by Carol~ Moderator / January 17, 2012 5:19 AM PST

Symantec Security Response Blog:

Facebook scams have become a common propagation vector for scammers to earn commissions. But once in a while, something interesting happens that makes security researchers sit up and take notice. One such case is a scam that is currently fooling victims into downloading a fake browser plug-in. The scenario is very simple: the victim is lured into watching some video; but instead of asking the victim to share/like the video, (which we have seen in many scams) the scammers present the victim with a fake plug-in download image, which is required to see the video. One such case is described below. [Screenshot]

The fake screen is nothing but an image that has been loaded from another site through an iframe. The iframe that loads the fake contents can be seen below: [Screenshot]

Upon visiting the iframe-loaded site we are presented with the following image: [Screenshot]

Once the victim clicks on the image, the User-Agent info is retrieved and accordingly, the fake plug-in is downloaded. Currently only Mozilla Firefox and Google Chrome plug-ins are being used. Below is the script that is responsible for retrieving the plug-in: [Screenshot]

Continued : http://www.symantec.com/connect/blogs/fake-browser-plug-new-vehicle-scammers

Collapse -
Olympics volunteers urged not to blab online
by Carol~ Moderator / January 17, 2012 5:19 AM PST

Volunteers at this year's Olympics should not "get involved in detailed discussion about the games online", according to guildelines issued by organisers, a report says.

A spokesman for the London Organising Committee (LOCOG) told Out-Law.com that the volunteers, known as 'Games Makers', would be advised to go through official channels before commenting in the media, though they would not be forced to do so.

The spokesman rejected claims that the organisation had banned volunteers from making unapproved comments. He said LOCOG had issued the volunteers with "guidelines" about their interaction with the media and their use of social media during the Games with the intention of helping those inexperienced in media-handling from being "tricked".

The guidelines include a "what to do and what not to do" section, according to a report by the BBC. Volunteers are told "not to disclose their location; not to post a picture or video of LOCOG backstage areas closed to the public; not to disclose breaking news about an athlete; not to tell their social network about a visiting VIP, eg an athlete, celebrity or dignitary; not to get involved in detailed discussion about the Games online," the report said. The volunteers are allowed to 'retweet' official London 2012 messages, it said.

Continued : http://www.theregister.co.uk/2012/01/17/olympics_guidelines/

Also: Olympics 'Games Makers' Advised Not to Give Details Online

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?