Spyware, Viruses, & Security forum


NEWS - September 10, 2016

by Carol~ Moderator / September 10, 2016 3:16 PM PDT
Two critical bugs and more malicious apps make for a bad week for Android

"Google releases fixes for newer devices and ejects apps following reports."

It was a bad week for millions of Android phone users. Two critical vulnerabilities were disclosed but remain unpatched in a large percentage of devices, while, separately, malicious apps were downloaded as many as 2.5 million times from Google's official Play Marketplace.

The vulnerabilities, which are similar in severity to the Stagefright family of bugs disclosed last year, have been fixed in updates Google began distributing Tuesday. A large percentage of Android phones, however, aren't eligible to receive the fixes.

Continued : http://arstechnica.com/security/2016/09/two-critical-bugs-and-more-malicious-apps-make-for-a-bad-week-for-android/

Patched Android Libutils Vulnerability Harkens Back to Stagefright
Warning! Just an Image Can Hack Your Android Phone — Patch Now
Discussion is locked
You are posting a reply to: NEWS - September 10, 2016
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - September 10, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Google Chrome to shame leaky non-HTTPS sites from January
by Carol~ Moderator / September 10, 2016 3:19 PM PDT

Starting New Year's Day, Google will begin labeling as "insecure" all websites that transmit passwords or ask for credit card details over plain text HTTP.

If you use the ad giant's Chrome browser, and a lot of people do, in its 56th build and onwards any website that does not use a security certificate will feature a red exclamation mark and the text "Not secure," also in red, at the start of the web address.

Those that do use certificates and so have an HTTPS connection will continue to get a nice little green padlock icon.

Continued : http://www.theregister.co.uk/2016/09/08/chrome_to_shame_non_https_sites/

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017
Unencrypted website? Expect to start being shamed by Google Chrome from January

Collapse -
Small problem
by Bob__B / September 10, 2016 9:40 PM PDT

If I'm dealing with a web page I'm looking at the page.
I'm not looking at the address bar.

Unless there is something to draw my eyes to the address bar I would not notice what color it is.

Collapse -
USB device makes it easy to steal credentials from locked PC
by Carol~ Moderator / September 10, 2016 3:20 PM PDT

"Attackers can use rogue USB-to-Ethernet adapters to steal credentials from locked Windows, and possibly OS X, computers"

Most users lock their computer screens when they temporarily step away from them. While this seems like a good security measure, it isn't good enough, a researcher demonstrated this week.

Rob Fuller, principal security engineer at R5 Industries, found out that all it takes to copy an OS account password hash from a locked Windows computer is to plug in a special USB device for a few seconds. The hash can later be cracked or used directly in some network attacks.

Continued: http://www.computerworld.com/article/3117742/security/a-usb-device-makes-it-easy-to-steal-credentials-from-locked-pcs.html

Stealing login credentials from a locked PC or Mac just got easier

Collapse -
The Limits of SMS for 2-Factor Authentication
by Carol~ Moderator / September 10, 2016 3:22 PM PDT

A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online. The reader’s daughter had received a text message claiming to be from Google, warning that her Gmail account had been locked because someone in India had tried to access her account. The young woman was advised to expect a 6-digit verification code to be sent to her and to reply to the scammer’s message with that code.

Mark Cobb, a computer technician in Reno, Nev., said had his daughter fallen for the ruse, her Gmail account would indeed have been completely compromised, and she really would have been locked out of her account because the crooks would have changed her password straight away.

Continued : http://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/

Collapse -
CallJam malware infects Androids and keeps ringing premium..
by Carol~ Moderator / September 10, 2016 3:51 PM PDT
.. rate numbers

"Malware masquerades as Android game with a four-star rating on Google Play!"

A new mobile malware known as "CallJam" loves to continuously hit up premium phone numbers from the Android devices it infects.

Just like other Android trojans (such as Android.Xiny.19.origin and the DroidJack remote access tool), CallJam likes to masquerade as downloadable games in the official Google Play Store.

Specifically, this particular malware takes the form of a game called "Gems Chest for Clash Royale."

Continued: https://www.grahamcluley.com/2016/09/calljam-malware-infects-androids-keeps-ringing-premium-rate-numbers/
Collapse -
This USB stick will fry your unsecured computer
by Carol~ Moderator / September 10, 2016 4:46 PM PDT

A Hong Kong-based technology manufacturer, USBKill.com, has taken data security to the "Mission Impossible" extreme by creating a USB stick that uses an electrical discharge to fry an unauthorized computer into which it's plugged.

"When the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds," the company said in a news release.

Continued: http://www.computerworld.com/article/3118344/computer-hardware/this-usb-thumb-drive-will-fry-your-unsecured-computer.html

Now you can buy a USB stick that destroys anything in its path
New USB Kill 2.0 Thumb Drive Can Kill Your Laptop or PC in a Second

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?