Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - October 10, 2014

Oct 10, 2014 12:40AM PDT
Adobe's e-book reader sends your reading logs back to Adobe—in plain text [Updated]

"Digital Editions even tracks which pages you've read. It might break a New Jersey Law"

Adobe's Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local "library" along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers' shoulders.

Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply.

Continued : http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/

Related:
Adobe will update e-reader to mop up clear-text data spillage
Adobe Digital Editions eBook Software Collects User Data and Sends it Back Unencrypted

Discussion is locked

- Collapse -
Aggressive Selfmite SMS worm variant goes global
Oct 10, 2014 12:50AM PDT

The Selfmite Android SMS worm is back, and this new version is both more dangerous and more widespread that the initial one.

AdaptiveMobile researchers, who discovered both versions, call it "Selfmite on Steroids," and have tracked it in Canada, China, Costa Rica, Ghana, India, Iraq, Jamaica, Mexico, Morocco, Puerto Rico, Russia, Sudan, Syria, USA, Venezuela, and Vietnam.

"Selfmite.b infects many more users, uses several monetisation techniques and is generally more dangerous and difficult to stop," they noted.

As before, the infection circle starts with users receiving SMS messages touting the greatness of an app. "Hi buddy, try this, its amazing u know," and "Hey, try it, its very fine," they say, and include a shortened link.

Continued : http://www.net-security.org/malware_news.php?id=2881

@ AdaptiveMobile: Take Two: Selfmite.b Hits the Road

Related:
Android SMS worm Selfmite returns, more aggressive than ever
Selfmite on STEROIDS: Pumped-up SMS worm is BACK...

- Collapse -
Signed Malware = Expensive "Oops" for HP
Oct 10, 2014 12:50AM PDT

Computer and software industry maker HP is in the process of notifying customers about a seemingly harmless security incident in 2010 that nevertheless could prove expensive for the company to fix and present unique support problems for users of its older products.

Earlier this week, HP quietly produced several client advisories stating that on Oct. 21, 2014 it plans to revoke a digital certificate the company previously used to cryptographically sign software components that ship with many of its older products. HP said it was taking this step out of an abundance of caution because it discovered that the certificate had mistakenly been used to sign malicious software way back in May 2010.

Code-signing is a practice intended to give computer users and network administrators additional confidence about the integrity and security of a file or program. Consequently, private digital certificates that major software vendors use to sign code are highly prized by attackers, because they allow those attackers to better disguise malware as legitimate software.

Continued : http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/

- Collapse -
Reminder: iCloud's going to demand app-specific passwords..
Oct 10, 2014 12:50AM PDT
.. from third-party apps

"Dear ( ), thanks for turning on two-step verification (2SV) to protect your Apple ID and the data you store with iCloud, and please don't freak out tomorrow when all your apps keel over", Apple reminded everybody on Thursday.

Yes, starting today, your third-party calendar, mail and contacts apps that don't support Apple's new two-factor authentication system are going to turn 10 toes up on your iThings.

Do Not Panic. You just need to apply some app-specific passwords to get them breathing again.

App-specific passwords work as a pre-approved security bypass to let apps - including Microsoft Outlook and Mozilla Thunderbird, among others - to get at your iCloud data.

Continued : http://nakedsecurity.sophos.com/2014/10/10/reminder-iclouds-going-to-demand-app-specific-passwords-from-third-party-apps/
- Collapse -
Emma Watson leaked Facebook video delivers Trojans
Oct 10, 2014 2:04AM PDT

A new scam is taking advantage of Emma Watson's growing popularity and using the Harry Potter star as bait to spread malware on Facebook, warns antivirus solutions provider Bitdefender. The alleged sexy videos of the British actress - who has recently stood up against sexism in her new role as Goodwill Ambassador for Women - drop Trojans rather than the suggested images and, just as in many other sex tape scams, users do not get to see the promised content. [Screenshot]

The scam comes just weeks after a nude photo leak threat targeting Watson turned out to be a hoax by a site calling itself Rantic Marketing, seeking to shut the 4chan forum. Bitdefender advises that the videos are no marketing stunt this time. They harbour several harmful Trojans, which scrounge for personal data, steal tokens of legitimate apps, and hijack Facebook sessions. To monetise their efforts, malware writers also subscribe victims to premium SMS scams.

Continued : http://www.net-security.org/malware_news.php?id=2882

Related:
That leaked Emma Watson Facebook video could infect your PC with malware
Leaked Emma Watson Video - Facebook Scam Laced with Trojans

- Collapse -
Yahoo Server Hack: Shellshocked Or Not?
Oct 10, 2014 2:04AM PDT

Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure.

Contrary to news reports yesterday, an attack against several Yahoo servers this weekend was not related to Shellshock, according to Yahoo CISO Alex Stamos, who also says no user data was accessed during the attack. Stamos made his assertion after reports from the independent researcher Jonathan Hall that Romanian hackers had infiltrated Yahoo's network through the Bash bug vulnerability on its servers.

Though a company spokesperson did initially say Shellshock was to blame, Stamos said his team found that the incident was isolated to three Yahoo Sports servers, which attackers were probing for Shellshock vulnerabilities.

Continued : http://www.darkreading.com/attacks-breaches/yahoo-server-hack-shellshocked-or-not/d/d-id/1316437

Related:
Yahoo says attack wasn't Shellshock
FBI Talks to Researcher Who Discovered the Attack on Yahoo

- Collapse -
Shellshock Exploits Spreading Mayhem Botnet Malware
Oct 10, 2014 2:04AM PDT

The Mayhem malware piqued researchers' interest earlier this summer after a published report from researchers at Russian search engine Yandex shed light on its ability to target Linux and UNIX machines and run under restricted privileges.

Generally, web servers are well guarded against remote exploits and attempts to gain shell. Mayhem bots try to break that mold by using a number of plug-ins once it establishes backdoor communication with a centralized server to circumvent any controls in place.

The bots carry a PHP script that drops a malicious object that connects with a command server. The command server can then send down eight plug-ins that include commands for brute-force password cracking, data exfiltration, file requests and finding other servers vulnerable to remote file inclusion.

Continued : http://threatpost.com/shellshock-exploits-spreading-mayhem-botnet-malware/108793

- Collapse -
Backoff Malware Identified as Culprit in Dairy Queen Breach
Oct 10, 2014 3:29PM PDT
Backoff apparently has a sweet tooth.

International Dairy Queen on Thursday confirmed that 395 of its Dairy Queen locations nationwide were breached by hackers using the dangerous point-of-sale malware. One Orange Julius location was also involved in the breach.

The hackers were able to access payment card numbers, expiration dates and customer names, the company said in a statement.

"The company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection," the statement said.

Continued : http://threatpost.com/backoff-malware-identified-as-culprit-in-dairy-queen-breach/108811

Related:
Dairy Queen Confirms Breach at 395 Stores
Backoff POS malware found at nearly 400 Dairy Queen locations
Dairy Queen stores hit by 'Backoff' malware, payment card data stolen
- Collapse -
Malware Based Credit Card Breach at Kmart
Oct 10, 2014 3:29PM PDT
Sears Holding Co. late Friday said it recently discovered that point-of-sale registers at its Kmart stores were compromised by malicious software that stole customer credit and debit card information. The company says it has removed the malware from store registers and contained the breach, but that the investigation is ongoing.

"Yesterday our IT teams detected that our Kmart payment data systems had been breached," said Chris Brathwaite, spokesman for Sears. "They immediately launched a full investigation working with a leading IT security firm. Our investigation so far indicates that the breach started in early September."

According to those investigators, Brathwaite said, "our systems were infected with a form of malware that was currently undetectable by anti-malware systems. Our IT teams quickly removed that malware, however we do believe that debit and credit card numbers have been compromised."

Continued : http://krebsonsecurity.com/2014/10/malware-based-credit-card-breach-at-kmart/

Related : Kmart hacked, exposing customers' card numbers
- Collapse -
EFF Launches New Anti-Surveillance Site
Oct 10, 2014 3:49PM PDT

The EFF has launched a new site dedicated to educating users about how to resist pervasive surveillance online, through the promotion of encryption and other tools and the publication of first-person stories from people around the world who have fought surveillance in various ways.

The new site, I Fight Surveillance, is designed to bring attention to the problem of surveillance, what it involves and how to fight it. The site gives users advice on what kind of steps they can take to resist online surveillance, including the use of encryption and the Tor network.

"Too often, the debate over surveillance is seen as a 'domestic' issue, only of concern to citizens of the country doing the spying," EFF International Director Danny O'Brien said. "The truth is that mass surveillance isn't confined to national borders, and neither is the response to it. Technologists, activists, and Internet users are all working to fight back against mass surveillance. Wherever you are, whoever you are, there are people close to you working to stop the spying, and you can join them."

Continued : http://threatpost.com/eff-launches-new-anti-surveillance-site/108809

Related: EFF Launches Anti-Surveillance Site