HolidayBuyer's Guide

Spyware, Viruses, & Security forum

Alert

NEWS - September 10, 2016

by Carol~ Forum moderator / September 10, 2016 3:16 PM PDT
Two critical bugs and more malicious apps make for a bad week for Android

"Google releases fixes for newer devices and ejects apps following reports."

It was a bad week for millions of Android phone users. Two critical vulnerabilities were disclosed but remain unpatched in a large percentage of devices, while, separately, malicious apps were downloaded as many as 2.5 million times from Google's official Play Marketplace.

The vulnerabilities, which are similar in severity to the Stagefright family of bugs disclosed last year, have been fixed in updates Google began distributing Tuesday. A large percentage of Android phones, however, aren't eligible to receive the fixes.

Continued : http://arstechnica.com/security/2016/09/two-critical-bugs-and-more-malicious-apps-make-for-a-bad-week-for-android/

Related:
Patched Android Libutils Vulnerability Harkens Back to Stagefright
https://threatpost.com/patched-android-libutils-vulnerability-harkens-back-to-stagefright/120481/
Warning! Just an Image Can Hack Your Android Phone — Patch Now
http://thehackernews.com/2016/09/hack-android-phone-security.html
Discussion is locked
You are posting a reply to: NEWS - September 10, 2016
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - September 10, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Google Chrome to shame leaky non-HTTPS sites from January
by Carol~ Forum moderator / September 10, 2016 3:19 PM PDT

Starting New Year's Day, Google will begin labeling as "insecure" all websites that transmit passwords or ask for credit card details over plain text HTTP.

If you use the ad giant's Chrome browser, and a lot of people do, in its 56th build and onwards any website that does not use a security certificate will feature a red exclamation mark and the text "Not secure," also in red, at the start of the web address.

Those that do use certificates and so have an HTTPS connection will continue to get a nice little green padlock icon.

Continued : http://www.theregister.co.uk/2016/09/08/chrome_to_shame_non_https_sites/

Related:
Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017
https://threatpost.com/chrome-to-label-some-http-sites-not-secure-in-2017/120452/
Unencrypted website? Expect to start being shamed by Google Chrome from January
https://www.hotforsecurity.com/blog/unencrypted-website-expect-to-start-being-shamed-by-google-chrome-from-january-16597.html

Collapse -
Small problem
by Bob__B / September 10, 2016 9:40 PM PDT

If I'm dealing with a web page I'm looking at the page.
I'm not looking at the address bar.

Unless there is something to draw my eyes to the address bar I would not notice what color it is.

Collapse -
USB device makes it easy to steal credentials from locked PC
by Carol~ Forum moderator / September 10, 2016 3:20 PM PDT

"Attackers can use rogue USB-to-Ethernet adapters to steal credentials from locked Windows, and possibly OS X, computers"

Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.

Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.

Continued: http://www.computerworld.com/article/3117742/security/a-usb-device-makes-it-easy-to-steal-credentials-from-locked-pcs.html

Related:
Stealing login credentials from a locked PC or Mac just got easier
http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/

Collapse -
The Limits of SMS for 2-Factor Authentication
by Carol~ Forum moderator / September 10, 2016 3:22 PM PDT

A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code.

Mark Cobb, a computer technician in Reno, Nev., said had his daughter fallen for the ruse, her Gmail account would indeed have been completely compromised, and she really would have been locked out of her account because the crooks would have changed her password straight away.

Continued : http://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/

Collapse -
CallJam malware infects Androids and keeps ringing premium..
by Carol~ Forum moderator / September 10, 2016 3:51 PM PDT
.. rate numbers

"Malware masquerades as Android game with a four-star rating on Google Play!"

A new mobile malware known as "CallJam" loves to continuously hit up premium phone numbers from the Android devices it infects.

Just like other Android trojans (such as Android.Xiny.19.origin and the DroidJack remote access tool), CallJam likes to masquerade as downloadable games in the official Google Play Store.

Specifically, this particular malware takes the form of a game called "Gems Chest for Clash Royale."

Continued: https://www.grahamcluley.com/2016/09/calljam-malware-infects-androids-keeps-ringing-premium-rate-numbers/
Collapse -
This USB stick will fry your unsecured computer
by Carol~ Forum moderator / September 10, 2016 4:46 PM PDT

A Hong Kong-based technology manufacturer, USBKill.com, has taken data security to the "Mission Impossible" extreme by creating a USB stick that uses an electrical discharge to fry an unauthorized computer into which it's plugged.

"When the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds," the company said in a news release.

Continued: http://www.computerworld.com/article/3118344/computer-hardware/this-usb-thumb-drive-will-fry-your-unsecured-computer.html

Related:
Now you can buy a USB stick that destroys anything in its path
http://www.zdnet.com/article/now-you-can-buy-a-usb-stick-that-destroys-laptops/
New USB Kill 2.0 Thumb Drive Can Kill Your Laptop or PC in a Second
http://news.softpedia.com/news/new-usb-kill-2-0-thumb-drive-can-kill-your-laptop-or-pc-in-a-second-508126.shtml

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.