Spyware, Viruses, & Security forum


NEWS - June 18, 2015

by Carol~ Moderator / June 18, 2015 11:08 AM PDT
reddit goes all-HTTPS—joining Wikipedia, Netflix and even the feds

If you were worried about spooks knowing that your favorite subreddit is /r/belize, fear not—reddit has finally joined the HTTPS party. Earlier this week, the site announced that starting June 29, it will refuse plaintext HTTP traffic.

Last September, reddit allowed HTTPS connections for users that turned the feature on or used something like HTTPS Everywhere.

reddit is merely the latest site in a long list of large outlets making the switch. For instance, Wikipedia announced it would be doing the same thing less than a week ago. In April 2015, Netflix announced it would make the switch for its video streams. And the White House Office of Management and Budget (OMB) did too after issuing the HTTPS-Only Standard directive, which requires all publicly accessible federal websites and Web services to use only HTTPS.

Continued : http://arstechnica.com/security/2015/06/reddit-goes-all-https-joining-wikipedia-netflix-and-even-the-feds/

Reddit to Move to HTTPS-Only
Reddit joins the HTTPS-only stampede
Reddit, Wikipedia, Bing and the FBI agree - an encrypted web is a safer web
Discussion is locked
You are posting a reply to: NEWS - June 18, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - June 18, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
DuckDuckGo search traffic soars 600% post-Snowden
by Carol~ Moderator / June 18, 2015 11:38 AM PDT
In reply to: NEWS - June 18, 2015

When Gabriel Weinberg launched a new search engine in 2008 I doubt even he thought it would gain any traction in an online world dominated by Google.

Now, seven years on, Philadelphia-based startup DuckDuckGo - a search engine that launched with a promise to respect user privacy - has seen a massive increase in traffic, thanks largely to ex-NSA contractor Edward Snowden's revelations.

Since Snowden began dumping documents two years ago, DuckDuckGo has seen a 600% increase in traffic (but not in China - just like its larger brethren, its blocked there), thanks largely to its unique selling point of not recording any information about its users or their previous searches.

Continued : https://nakedsecurity.sophos.com/2015/06/18/duckduckgo-search-traffic-soars-600-post-snowden/

[ Happy added by me~ ]

Collapse -
86.2 million phone scam calls delivered each month in U.S.
by Carol~ Moderator / June 18, 2015 11:39 AM PDT
In reply to: NEWS - June 18, 2015

Phone fraud continues to threaten enterprises across industries and borders, with the leading financial institutions’ call centers exposed to more than $9 million to potential fraud each year. [Screenshot]

Pindrop analyzed several million calls for threats. They found a 30 percent rise in enterprise attacks and more than 86.2 million attacks per month on U.S. consumers.

Financial and retail institutions have seen an increase in phone fraud of more than 30 percent since 2013, with one in every 2,200 calls being fraudulent. This rate increases for retailers that sell popular, expensive products with a high resell rate; one major retailer saw phone fraud rates for Apple product orders as high as one in every 300 calls.

Continued : http://www.net-security.org/secworld.php?id=18520

Related : Phone scamming up 30 percent last year: Report

Collapse -
Newly patched Flash Player bug exploited to deliver crypto..
by Carol~ Moderator / June 18, 2015 11:39 AM PDT
In reply to: NEWS - June 18, 2015
.. ransomware

It took less than a week for a functional exploit for a recently patched Adobe Flash Player vulnerability to be added to the Magnitude exploit kit, Trend Micro researchers warn.

"We saw a similar incident in March, where exploits for an Adobe Flash Player vulnerability were added to the Nuclear Exploit Kit just a week after the patch was released," they noted.

Users are urged to update their Flash Player as soon as possible to the latest version (v18.0.0.160) pushed out on June 9, as it solves the vulnerability in question (CVE-2015-3105).

Until they do, they are at risk of getting infected with CryptoWall 3.0, which is the latest malware to be slinged at users via the popular exploit kit.

Continued : http://www.net-security.org/malware_news.php?id=3060
Collapse -
Top US baseball team accused of hacking rival
by Carol~ Moderator / June 18, 2015 11:40 AM PDT
In reply to: NEWS - June 18, 2015

ESET's "We LIve Security" blog:

The St. Louis Cardinals, one the United States’s top major league baseball teams, is being investigated for allegedly hacking into the computer systems of sporting rivals.

According to claims first made public in a New York Times report, evidence has been uncovered that Cardinals staff broke into a network belonging to the Houston Astros, and accessed a database containing sensitive information.

Information held in the database (known as Ground Control) is said to have included internal conversations about trades, statistics and scouting reports.

Continued : http://www.welivesecurity.com/2015/06/17/st-louis-cardinals-houston-astros-hack/

Related :
FBI Investigates Cardinals for Hacking Astros to Steal Data
FBI investigates Cardinals for breaking into Astros' database in baseball data theft

Collapse -
MacKeeper - a(nother) reason not to use it
by Carol~ Moderator / June 18, 2015 11:50 AM PDT
In reply to: NEWS - June 18, 2015
Graham Cluley @ his Security Blog:

I've never been a fan of MacKeeper.

The utility suite which claims to help Mac users stop security threats, find duplicate files, and help you uninstall unwanted apps, has always been advertised too aggressively for my liking, and has been notoriously difficult to uninstall.

MacKeeper, developed by Zeobit and now owned by a company calling itself Kromtech Alliance, is - I think it's fair to say - somewhat controversial.

Just take a look at some articles about MacKeeper on the web:

Ongoing MacKeeper fraud
What MacKeeper is and why you should avoid it
MacKeeper celebrates a difficult birthday under the cloud of a class action lawsuit
Is MacKeeper really a scam?

(There are many many others...)

Continued : https://grahamcluley.com/2015/06/mackeeper-reason-use/
Collapse -
Hacking Drug Pumps
by Carol~ Moderator / June 18, 2015 12:04 PM PDT
In reply to: NEWS - June 18, 2015
Bruce Schneier @ his "Schneier on Security" blog:

When you connect hospital drug pumps to the Internet, they're hackable -- only surprising people who aren't paying attention.

'Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company "didn't believe it could be done." Hospira insisted there was "separation" between the communications module and the circuit board that would make this impossible. Rios says technically there is physical separation between the two. But the serial cable provides a bridge to jump from one to the other.

An attacker wouldn't need physical access to the pump because the communication modules are connected to hospital networks, which are in turn connected to the Internet.
...' [...]

One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise.

Continued : https://www.schneier.com/blog/archives/2015/06/hacking_drug_pu.html
Collapse -
The Ever-evolving Cyber Threat to Planes
by Carol~ Moderator / June 18, 2015 12:05 PM PDT
In reply to: NEWS - June 18, 2015

Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities -- including the fear that drones could be used to throw a plane off course.

Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system.

US computer security expert Chris Roberts recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.

Continued : http://www.securityweek.com/ever-evolving-cyber-threat-planes

Collapse -
Major Carriers AT&T, Verizon Continue to Lag in EFF Privacy
by Carol~ Moderator / June 18, 2015 1:16 PM PDT
In reply to: NEWS - June 18, 2015
.. Report

While many companies have made strides when it comes to how they handle transparency and government requests post-Snowden, major telecoms such as AT&T and Verizon continue to lag behind.

Despite publishing transparency reports within the last year, the two companies scored the lowest on the Electronic Frontier Foundation’s “Who Has Your Back” report, an annual survey the watchdog produces to keep track of how companies fight for their customers’ privacy.

Now in its fifth year, the report has gone through a bit of a shake-up as far as the categories each company is judged on. The EFF has consolidated all of the industry’s established standards from over the last several years and boiled them down into one category, “industry-accepted best practices.”

Continued : https://threatpost.com/major-carriers-att-verizon-continue-to-lag-in-eff-privacy-report/113387

Related : EFF Data Privacy Report Praises Apple, Slams AT&T
Collapse -
Microsoft's site dedicated to fighting US surveillance ...
by Carol~ Moderator / June 18, 2015 1:17 PM PDT
In reply to: NEWS - June 18, 2015
.. just got hacked

"The site, which appears to be running an older version of WordPress, was displaying spam links to casino-related pages." [Screenshot]

The site, which was launched in mid-2013 months after the Edward Snowden revelations were first published, soon became a platform for Microsoft's corporate views on government surveillance and a new case dedicated to fighting an international search warrant.

But the site appears to have been modified around 9:15pm ET on Wednesday, and remains affected at the time of publication.

It's not clear who is behind the attack.

Continued : http://www.zdnet.com/article/microsofts-site-devoted-to-fighting-the-us-government-just-got-hacked/

Related : Microsoft's anti-surveillance website was hacked
Collapse -
OPM’s Database for Sale? Nope, It Came from Another US .Gov
by Carol~ Moderator / June 18, 2015 1:17 PM PDT
In reply to: NEWS - June 18, 2015

A database supposedly from a sample of information stolen in the much publicized hack at the Office of Personnel Management (OPM) has been making the rounds in the cybercrime underground, with some ne’er-do-wells even offering to sell it as part of a larger package. But a review of the information made available as a teaser indicates that the database is instead a list of users stolen from a different government agency — Unicor.gov, also known as Federal Prison Industries.

Earlier this week, miscreants who frequent the Hell cybercrime forum (a “Deep Web” site reachable only via the Tor network) began passing around a text file that contained more than 23,000 records which appeared to be a user database populated exclusively by user accounts with dot-gov email addresses. I thought it rather unlikely that the file had anything to do with the OPM hack, which was widely attributed to Chinese hackers who are typically interested in espionage — not selling the data they steal on open-air markets.

Continued : http://krebsonsecurity.com/2015/06/opms-database-for-sale-nope-it-came-from-another-us-gov/

OPM Breach Related:
OPM Breach Exposes Agency's Systemic Security Woes
Encryption “would not have helped” at OPM, says DHS official

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?