IT news, malware, virii, trojans (both kinds), generalized IT sarcasm, 2nd ugliest blog on the net, vaguely related to ThermionicEmissions
Thursday, October 31, 2019
The Entire Multiverse Has Blown Up
Microsoft just signed on with Oracle's OpenJDK; the official open source Java. They want to be good citizens within this group.
Ok, we need to look this gift horse in the mouth. First a linux subsystem under Windows. Now open source Java? Santa, the Easter Bunny, and Jesus will be by your house after work, with your one million dollar Publishers Clearing House check.
So about those DNA genetic makeup services... Why shouldn't you use them?
Well, firstly, there's the sharing with the letter agencies. Second, insurance will want to get their hands on the data. Third, you'll only be disappointed when you find out one of your parents was a donkey in stone age Scotland.
Then there's this: GEDmatch is a service that matches your profile to other profiles that have been uploaded. The only problem is that there are way too many ways to get into the site. GEDmatch was apparently secured by the aforementioned donkey (before he graduated from Security School).
Just Don't Do It.
What is web.com? The company that owns Network Solutions and register.com.
And they just disclosed a small security breach. Someone got into their network and accessed millions of records in late August.
Stolen were names, addresses, phone numbers, email addresses, and information about services offered to customers. And shoe sizes.
The good news is that no credit card information was compromised.
Why?
They encrypt the credit card information before it goes into their databases, per PCI (Payment Card Industry) standards.
Why not encrypt everything?
Because they're stupid.
Affected customers are being notified.
Customers are urged to go to web.com's headquarters and hang around, insisting to talk to the CEO and generally being a pest.
Who's in your firmware?
And why should you care?
This video gives you some idea of the problems and the soon-to-be problems.
11 best CAD software(s) for linux
Never let anyone tell you there's a shortage of linux offerings.
McAfee has been observing a new phishing campaign against O365, using a fake voicemail message. The victim gets an email that they missed a call and please login to their account to check their voicemail. When the attached HTML file is loaded, it redirects to the phishing site. Users login and POOF - the phishers have their credentials. Surprisingly, McAfee products will recognize this.
Last but not least, Kortrijk, a vacation spot in Belgium, uses a mobile phone provider's data to count the people in the town and where they come from. Even better, city officials will try to cross-reference this with credit and debit card databases. The city pays Proximus 40,000 EuroYens a year for this data.
Enough, I say. Time to anonymize services. This whole tracking thing has gotten way out of hand.
Wednesday, October 30, 2019
More Facial Recognition Woes
While messing around with this new blog's visual settings, I went for the most hideous combinations I could find. I hope you'll agree I succeeded. ThermionicEmissions has been described as "ugly as hell", "burns my retina", and "WTF?" I can't hope to top that, so I may go more standard here. Please send a comment, regardless.
Facial recognition could compromise your medical images(!)
Rest assured, this data will be combined with other data and POOF - you're no longer anonymous.
Several vulnerabilities were found in VLC.
If you're not aware, VLC is an excellent media player that plays almost everything on almost every platform. One was in the OGG format, one ASF. These have been patched by VideoLAN, so update immediately.
The linux kernel is getting more reliable - Linus Torvalds.
Plus, what does a Chief Linux Maintainer do?
(at very least, a foul temper is required - and appreciated)
Faceyspaces will let someone find out your new identity even after you blocked them. Like an abusive ex. I very desperately need to get me an account!
Another product I like, Firefox, has a bug that could copy saved passwords without the master password. This has been fixed as of 68.0.2. Once again: do not save browser passwords or use browser password lockers. You're asking for it.
Brian Krebs on the $566 million breach of BriansClub.
- The 26 million cards in this breach represent almost 1/3 of the accounts for sale in the underground.
- What the watchdogs did.
- Large banks knew, smaller banks found out through VISA/MC alerts.
Apparently there's a Ford app that allows an owner/renter to remote control start/stop, lock/unlock, and track.
5 months after renting, a man still has the app and can still start/stop, lock/unlock, and track the vehicle. Ford has leapt to inaction by doing nothing.
While we're at it, the next time you rent a vehicle, DON'T HOOK YOUR PHONE TO THE STEREO. People don't delete their data and neither do the rental agencies. What kind of information is in your phone that you don't want to share with anyone who rents a car?
Tuesday, October 29, 2019
Xubuntu 19.10 Upgrade
The system told me there was an update, and I hit GO.
I don't normally do what I'm told, but I trust Ubuntu.
Upgrading from 19.04 to 19.10 (Extreme Elephant).
USUAL DISCLAIMER
I have a customized desktop, so upgrades don't look different.
I like my menus at the bottom, not the top.
The Ubuntu people sometimes get way too excited over new colors and shapes on the desktop. They should absolutely have their fun.
As usual, the upgrade completed quickly - perhaps 15-20 minutes.
Note for the ADD people: watch the terminal. It will ask you questions the moment you get busy with something else.
It went smoothly.
Then it got a little unpleasant, which I haven't experienced before.
Thunderbird threw up issues. The Lightning calendar coughed and died, as did a bunch of addins. The addins didn't play nicely with Thunderbird and only some of them were replaceable.
There were a few tiny icon changes.
BFD.
All of the sudden, the machine developed a locking screensaver. This was disconcerting, as I didn't install it. All sorts of options presented themselves. Nothing worked, including adjusting the Illudium P-32 Explosive Space Modulator. After some research, I was sent to the screensaver to adjust everything there. Apparently this overrides other settings.
Otherwise, it works as it did - just fine.
Verdict: safe to update, unless you don't like versions starting with E.
I don't normally do what I'm told, but I trust Ubuntu.
Upgrading from 19.04 to 19.10 (Extreme Elephant).
USUAL DISCLAIMER
I have a customized desktop, so upgrades don't look different.
I like my menus at the bottom, not the top.
The Ubuntu people sometimes get way too excited over new colors and shapes on the desktop. They should absolutely have their fun.
As usual, the upgrade completed quickly - perhaps 15-20 minutes.
Note for the ADD people: watch the terminal. It will ask you questions the moment you get busy with something else.
It went smoothly.
Then it got a little unpleasant, which I haven't experienced before.
Thunderbird threw up issues. The Lightning calendar coughed and died, as did a bunch of addins. The addins didn't play nicely with Thunderbird and only some of them were replaceable.
There were a few tiny icon changes.
BFD.
All of the sudden, the machine developed a locking screensaver. This was disconcerting, as I didn't install it. All sorts of options presented themselves. Nothing worked, including adjusting the Illudium P-32 Explosive Space Modulator. After some research, I was sent to the screensaver to adjust everything there. Apparently this overrides other settings.
Otherwise, it works as it did - just fine.
Verdict: safe to update, unless you don't like versions starting with E.
Honest Crapware Stuff Here
You know those stupid exercises on websites where you have to prove you're human (CAPTCHAs)? Here's an interesting article that explains it and gives examples of how organizations are working around it. Warning: do not stab your monitor with a knife. It will ruin an LCD screen and chip a regular old monitor. Don't get me started on cell phones.
A dental data backup service offering ransomware protection got hit with ransomware. Ironic, no?
Foxit PDF software company suffered a data breach - you are asked to change your password. Why you need to log into a site for software is beyond me.
Samsung Galaxy 10 fingerprint sensor bypassed with a cheap gel screen protector. Don't use fingerprint readers, we said.
A dental data backup service offering ransomware protection got hit with ransomware. Ironic, no?
Foxit PDF software company suffered a data breach - you are asked to change your password. Why you need to log into a site for software is beyond me.
Samsung Galaxy 10 fingerprint sensor bypassed with a cheap gel screen protector. Don't use fingerprint readers, we said.
Linux Azure?
Per Microsoft: Azure Sphere OS, a linux-based IoT platform, will be available in February 2020. Obviously this is an attempt to undermine linux
An Australian consumer watchdog sues Google over location data use.
Somebody needs to.
Q. What happens when your IoT device needs updating?
A. Nothing.
If you've got an iPhone 5, you better update it by November 3, or you'll lose your net access. I don't like iDevices, but isn't that a little old?
Speaking of Apple, Airpods Pro will scan your ears to tell you if they fit correctly. And if they're giving off enough superiority spray.
A religious website exposed user data for at least 6-7 months. Oh God.
Mozilla acknowledged an issue in Firefox 70.0 with pages that use dynamic JavaScript. It affects at very least YouTube and Facebook. And the problem is?
HAPPY BIRTHDAY, Internet 50 years young
Ahacker security researcher managed to get access to all Xiaimo pet feeders around the world. She found 10,950 devices whose API allowed it to locate the rest of them. Unrelated news: a pet obesity epidemic is upon us.
A persistent android dropper called Xhelper has infected 45,000 devices in the past 6 months. It plays ads incessantly, and if you try to uninstall, it reinstalls itself.
Have you ever spellchecked a tech blog? I have a very serious headache.
An Australian consumer watchdog sues Google over location data use.
Somebody needs to.
Q. What happens when your IoT device needs updating?
A. Nothing.
If you've got an iPhone 5, you better update it by November 3, or you'll lose your net access. I don't like iDevices, but isn't that a little old?
Speaking of Apple, Airpods Pro will scan your ears to tell you if they fit correctly. And if they're giving off enough superiority spray.
A religious website exposed user data for at least 6-7 months. Oh God.
Mozilla acknowledged an issue in Firefox 70.0 with pages that use dynamic JavaScript. It affects at very least YouTube and Facebook. And the problem is?
HAPPY BIRTHDAY, Internet 50 years young
A
A persistent android dropper called Xhelper has infected 45,000 devices in the past 6 months. It plays ads incessantly, and if you try to uninstall, it reinstalls itself.
Have you ever spellchecked a tech blog? I have a very serious headache.
Monday, October 28, 2019
Android Apple Malicious Apps
17 malicious apps from the Apple app store infect users with clicker trojan malware.
Complete list at the link.
Not to be outdone, 42(!) dangerous android apps have been identified. They were formerly in the play store and contain harmful adware:
Raccoon, an information stealer, is becoming popular with the Bad People. Hundreds of millions infected. It infects devices and steals credit card data, email credentials, and more. The authors work to improve it and provide service, unlike certain operating systems. This falls into a category called Malware as a Service (MaaS) and you pay $200 a month to use it. It hails from Russia and gives you a free stuffed raccoon after the first month. That last bit was completely made up.
UniCredit, an Italian bank, had a breach of its systems, affecting millions of customer records. UniCredit has worked diligently on improving their outcomes. The proof is the 2.4 billion pounds invested after their previous breech affected only 400,000 customers. These guys are moving up!
If you use Adobe, and you shouldn't, nearly 7.5 million account details were discovered online. How did this happen? Their database was online without any password. Only the best and brightest.
our sister blog, ThermionicEmissions, features all sorts of sarcasm and Other Stuff.
Complete list at the link.
Not to be outdone, 42(!) dangerous android apps have been identified. They were formerly in the play store and contain harmful adware:
Smart Gallery, SaveInsta, Mini lite for Facebook, Free Radio FM Online, Free Video Downloader, Free social video downloader, File Downloader, Water Drink Reminder, Smart Notes for You, DU Recorder, Tank classic, Heroes Jump, Solucionario, Ringtone Maker, Video downloader, Ringtone Maker Pro, Basketball Perfect Shot, HikeTop+, MP4 video downloader, Flat Music Player, Free Top Video Downloader.
Raccoon, an information stealer, is becoming popular with the Bad People. Hundreds of millions infected. It infects devices and steals credit card data, email credentials, and more. The authors work to improve it and provide service, unlike certain operating systems. This falls into a category called Malware as a Service (MaaS) and you pay $200 a month to use it. It hails from Russia and gives you a free stuffed raccoon after the first month. That last bit was completely made up.
UniCredit, an Italian bank, had a breach of its systems, affecting millions of customer records. UniCredit has worked diligently on improving their outcomes. The proof is the 2.4 billion pounds invested after their previous breech affected only 400,000 customers. These guys are moving up!
If you use Adobe, and you shouldn't, nearly 7.5 million account details were discovered online. How did this happen? Their database was online without any password. Only the best and brightest.
“The information does not pose a direct financial or security threat. No credit cards or other payment information was exposed, nor were any passwords.”
our sister blog, ThermionicEmissions, features all sorts of sarcasm and Other Stuff.
Welcome. Maybe?
Since my original blog, ThermionicEmissions doesn't have a ton of readers, the only sensible thing to do was create another blog. This one will focus on Tech. Stuff you should know, from the headlines. Warnings about malware and virii. Funny tech stories. Interesting things to do with network cables.
ThermionicEmissions will continue to feature everything else in the known universe.
I pledge to bring stories to you in a timely manner.
I also pledge to bring a custom ugly theme. In the meantime, you're stuck with this one.
ThermionicEmissions will continue to feature everything else in the known universe.
I pledge to bring stories to you in a timely manner.
I also pledge to bring a custom ugly theme. In the meantime, you're stuck with this one.
Subscribe to:
Posts (Atom)
Corona Malware
This blog has been suspended for a bit because it's practicing social distancing. Or no one reads it. Or I'm too lazy. Or the str...
-
Crafty Web Skimming Domain Spoofs “https” What WHO calling the coronavirus outbreak a pandemic means it means more headlines to bea...
-
Microsoft delivers emergency patch to fix wormable Windows 10 flaw Modern RAM used for computers, smartphones still vulnerable to...
-
The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OS...