Spyware, Viruses, & Security forum

General discussion

NEWS - November 8, 2009

by Donna Buenaventura / November 7, 2009 4:22 PM PST
Vint Cerf: 'Google doesn't know who you are'

Interwebs founding father and Google evangelist Vint Cerf has insisted that when you search Google, the company doesn't know who you are.

Thursday morning, at a mini-conference in San Francisco, the always entertaining Cerf sat down with Wall Street Journal columnist Walt Mossberg and other tech luminaries to discuss "open" mobile networks. But at one point, the conversation turned to the epic amounts of user data pouring onto Google servers across the globe.

As Mossberg started to complain about Google using Gmail and other sign-in services to tie more and more search data to real live people, Cerf quickly interrupted. "We still don't know who you are," said the Google figurehead.

Mossberg begged to differ, pointing out that as netizens sign-in to their Google accounts in order to use other services, the company also ties those accounts to search data. "When I search Google, you can see - right up at the top of page - that I'm logged in. You can see my Gmail address," he told Cerf. "You know who I am."

But Cerf insisted that even in those situations, Google doesn't know you. "You are somehow conflating things that I think need to be disaggregated," Cerf told Mossberg. "A Gmail identifier doesn't tell us anything. It's just an identifier. We have no other thing to tie that to. It's just an identifier [You said that already. -Ed]. And by the way, you picked it. We didn't."

As ridiculous as that may sound, it's a common Google argument. When a federal court recently asked Google to divulge the identity of an innocent Gmail user - if the account was still active - the company told us that wasn't possible.

Discussion is locked
You are posting a reply to: NEWS - November 8, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 8, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Poking at Google's new privacy Dashboard
by Donna Buenaventura / November 7, 2009 4:23 PM PST

Google this week unveiled a new feature called Dashboard, intended to give users a way to view -- and in modest ways limit -- the breadth of information the search giant collects about our online lives.

Google said it was launching the service "to provide users with greater transparency and control over their own data." The reaction from privacy experts has been mixed. Ari Schwartz, vice president and chief operating officer at the Center for Democracy & Technology, called the Dashboard offering a good first step, and one that is several steps ahead of what Google's peers in the search businesses currently offer their users.

"Google has said that they want to give the user control, but this is the first time that we've really seen them organize that control over privacy sensitive information," Schwartz said.

But as others have observed, Dashboard doesn't really give users any clearer insights into what the company is doing with all of the data it collects. John Simpson, a consumer advocate with Consumer Watchdog, said if Google really wants people to use Dashboard, the company should make it easier to find, noting that there are few links to the tool from the landing pages of any Google properties. Simpson said Google also should make it easier for users to blow away stored search and activity data across multiple Google properties with a single click.

More with screenshot in http://voices.washingtonpost.com/securityfix/2009/11/poking_at_googles_privacy_dash.html

Collapse -
Singapore Foreign Exchange Market Web Infection
by Donna Buenaventura / November 7, 2009 4:26 PM PST


Collapse -
Are You Being (Facebook) Phished?
by Donna Buenaventura / November 7, 2009 4:29 PM PST

Trend Micro security experts received email messages that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the URL provided in the email message. When the user clicks the URL, it points them to a spoofed Facebook website where they are required to input their password only as their email address has been automatically filled up.

Once the users hit the 'Login&' button, it will redirect them to another fraudulent page where a link to download a suspicious update tool file is provided. Trend Micro detects this as TROJ_ZBOT.CDX.

As of this writing, the phishing URL as well as the malicious file has been blocked and detected already via the Trend Micro Smart Protection Network.

This is a great example showing just how cunning cybercriminals can be just to steal precious information. They even claimed to offer recipients security, which is really ironic. Not everyone though may be as hard to fool as, say, security experts. So how can you tell if your personal information is being phished?

Continue reading with useful tips: http://blog.trendmicro.com/are-you-being-facebook-phished/

Collapse -
Think you've won a MacBook Air? Beware email malware attack
by Donna Buenaventura / November 7, 2009 4:31 PM PST

Apple's super-skinny MacBook Air is one of the most desirable laptops on the planet - which means it's not too surprising if criminals try and take advantage of its allure to infect unsuspecting computer users.

And that's exactly what hackers are doing today in a malicious email campaign that has been spammed widely out across the internet.

Unsuspecting computer users may find an email with the subject line "Congratulations" in their inbox this morning, telling them that they "have won todays Macbook Air" and that they should open the attached file (called winner.zip) for more information.

Here's the full text of the email:

Congratulations!! You have won todays Macbook Air.
Please open attached file and see datails.

Of course, in reality you haven't one a competition, and there is no MacBook Air up for grabs. Instead, the hackers who spammed out the messages are hoping that the thought of winning a sexy laptop will be enough to make you open the attached file and infect your computer.

Sophos is detecting the attached Trojan horse as Mal/EncPk-LE.


I've seen that malware spam too! http://www.calendarofupdates.com/updates/topic24840 - Donna

Collapse -
New Trojan uses CloneCashSystem site
by Donna Buenaventura / November 7, 2009 4:34 PM PST

From Sunbelt Blog:

Patrick came across a new Trojan today that uses the CloneCashSystem site (WHOIS registration date Oct. 2).

Patrick's note:

"My iframedollars downloaded a Trojan from a VX Catus site[...]

"The 3 kb Trojan's only function is to change the users start page to: join. clonecashsystem com/track/NjU1ODMuMjYuMzEuMzUuMC4wLjAuMC4w, which is one of those free report scams. It tries to get you to buy a get-rich-quick scheme.

"The start page is similar to the old CWS hijacking start page Trojans. I have named it Trojan.StartPage.CloneCashSystem."


Collapse -
Click fraud Trojan uses Internet security company site
by Donna Buenaventura / November 7, 2009 4:40 PM PST

Our researcher Patrick Jordan ran one of the installers from seriall. com, which is an old fake serial crack site where one can get infected waaaaay too easily. It created a run32.dll which functions as a redirector. When a victim of this searches for the string "remove spyware," his infected computer re-directs to the web page of security firm Webroot. Clicking on the "Business" tab will take the browser to a redirect site.

On the left is the Webroot page redirect from an infected box and the right is the same action from a clean box. The sites that it redirects to are typical info-stealing sites with a cheap pay-per-click search pages.

Sunbelt already detects the installer and dll as Trojan.Win32.Generic!BT

Just to clarify: this is not a Webroot issue, the Trojan simply redirects a victim's browser to the Webroot page to give an appearance of authenticity before redirecting it on to a malicious site.


Collapse -
First iPhone worm discovered - ikee changes wallpaper to...
by Donna Buenaventura / November 8, 2009 4:52 AM PST
Rick Astley photo

Apple iPhone owners in Australia have reported that their smartphones have been infected by a worm that has changed their wallpaper to an image of 1980s pop crooner Rick Astley.

The worm, which could have spread to other countries although we have no confirmed reports outside Australia, is capable of breaking into jailbroken iPhones if their owners have not changed the default password after installing SSH. Once in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable, and installs itself again

On each installation, the worm - written by a hacker calling themselves "ikex" - changes the lock background wallpaper to an image of Rick Astley with the message:

ikee is never going to give you up

What's clear is that if you have jailbroken your iPhone or iPod Touch, and installed SSH, then you must always change your root user password to something different than the default, "alpine". In fact, it would be a good idea if you didn't use a dictionary word at all.

The worm will not affect users who have not jailbroken their iPhones or who have not installed SSH.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?