Showing posts with label faceyspaces. Show all posts
Showing posts with label faceyspaces. Show all posts
Friday, December 20, 2019
Vivaldi Plays Beethoven
If your browser is having trouble getting in the front door, just tell the door you're not that browser. Vivaldi changed its user agent string so it can get through blocks.
Oops - Honda exposed 26k North American customers' data.
Are you ready? It was a misconfigured Elasticsearch cluster. Misconfigured as in Wide Open. This wasn't a big deal for Honda, because the exact problem occurred in July.
Honda: Yes, we seem to have a bit of a spill in the.. uh.. American market.
Customers: All of our personal info was open to the planet?
Honda: Yes, terribly sorry.
Customers: But you had the same thing happen earlier this year. Didn't you learn anything?
Honda: Yes, yes we did. We learned from our mistake, enough to repeat it again exactly.
[apologies to Peter Cook and Dudley Moore]
If you need a quick, industry-related laugh, and who doesn't, read this little ditty on Faceyspaces, lawmakers, location tracking, and 'certain security functions.' The sheer creativity, legalese, and attempts to appear innocently-stupid are breathtaking.
"Stupid design decisions made by engineers who had no idea how to create a secure system. And this, in a nutshell, is the problem with the Internet-of-Things."
Bruce Schneier speaks like he's in my head.
Wawa, the convenience store chain around the Philly area (not the guitar pedal), said all 850 stores were affected by PoS malware skimmers. It took from March to December to discover it. Notice was given on their webpage, because everybody goes to Wawa's web page.
Linux environment variable tips and tricks
Wednesday, December 18, 2019
Yes, We Stole it, Yes, We'll Sell it Back to You
Hackers stole data for 15 million people, sold it back to the lab that lost it.
Who says there's nothing new under the sun?
Gee, Mrs Lubner, we're awful sorry our Chrome update made your android data disappear. It's ok, though - the next upgrade will make it visible.
Over 1,000 US schools hit by ransomware in 2019.
Never thought I'd be saying it's worse than I thought....
With all the schools, businesses, and state governments not backing up and falling victim to ransomware, it's a great time to be in ITSec.
7 ways to remember linux commands
Faceyspaces' TOR site down for 2 weeks due to expired TLS cert.
Friday, November 29, 2019
Always Pay Cash - Especially at Hotels
In an event no one could foresee, there's more malware at hotels. Oddly, this time the infection vector is email. Sleep Easily.
We need a new malware category, called IronyWare. This is any kind of malware that attacks security firms, like Prosegur, which does alarms, physical security, and armored cars.
Adobe's Magento Marketplace breached, 250,000 affected.
Previous breach in 2013, affecting 38 million accounts.
At least they learn from their mistakes.
More android malware: this time it's stalkerware - check the story for apps.
Faceyspaces was down during Thanksgiving.
Global productivity up 76%
It was a light Thanksgiving, but Black Friday tech deals abound, even for hackers.
Sometimes I like to preview these entries before they go up, just to see how ugly the blog continues to look. But at least we're full of content, if not full of anything else.
Tuesday, November 26, 2019
Faceyspaces, Twitter. Again.
Two third-party SDKs used by hundreds of thousands of #Android apps have been caught holding unauthorized access to users' personal data associated with their connected social media accounts. SHOCK - Faceyspaces and Twitter affected.
Not that this will affect a single login, but we Security Folk, who go running round in circles, waving our hands over our heads, have to make note of it. Just wait til those video Faceyspaces interfaces hit homes. They will watch every facet of your life, including your sleep. Orwell was half right: Big Brother, yes - only it's not the government - it's Faceyspaces/Google/Amazon/Twitter.
Hot on the ransomware hit parade is DeathRansom.
Yeah, it didn't really encrypt your files at first, but it's back and does encrypt your files.
VCPI, an IT company, was hit with ransomware, preventing access to crucial patient records. I think they call this irony.
How to mount your iDevice as an external drive in Ubuntu
Wednesday, November 13, 2019
The Jesus Ransomware
No, seriously... someone's working on it. The file extension is .jc
While the article said this much, it didn't mention what it did after it infected the computer.
Let me guess... it puts ten rules onscreen....
- Thou shalt have no other processors before me
- Thou shalt not covet thy neighbor's RAM
- Thou shalt not not lay with Macs
- In order to decripteth, thou shalt require 17 bitcoins and the Holy Hand Grenade of Antioch
- Thou shalt not overclock, unlessith thou cooleth properly
- Thou shalt not take the name of Linus Torvalds in vain
- Remember Black Friday sales, and keep them holy
- Thou shalt not steal CPU cycles for pictures of kitties
- Honor thy processors that came before
- If thou art bored, thou can get in some coveting of thy neighbor's wife's ass
Infection vector: clicking on a link in an email from A. Priest.
Repair: when repair is threatened, ransomware moves the infection to a different computer, in a different country; pretends nothing happened.
Oopsie - Faceyspaces did it again.
A bug in the app accesses the iPhone's camera while the user scrolls through News Feed.
Reached for comment, Faceyspaces confirmed the bug was "inadvertently introduced" and promised a fix was in the works.
"Inadvertently introduced" - the same way impeachment was inadvertently introduced.
- An oopherectomy is getting rid of ovaries. An uberectomy is getting rid of a car service that will either rape or kill you.
Bad Intel drivers give hackers a backdoor to the Windows kernel.
Patch yer damn computers.
As if it weren't enough that Google is after every possible piece of information it can get, it just went into healthcare. As if healthcare wasn't enough, it's now in banking, via checking accounts. Early next year, it will start monitoring air and change its name to Cyberdyne Systems. In response to the rapid growth, Google has decided to drop its privacy policy, beacause.. you know... Google.
How about a video on a DDOS attack?
Warning: don't click the link if you aren't interested.
I just get done mentioning the PinePhone, and here's an article, with it running KDE's OS. This is Big News<tm>. No Google. No Apple. Open source hardware and the linux phone platform you choose. I'm going to wait for the next generation, which will hopefully have more horsepower. Or maybe I won't....
McAfee Antivirus lets hackers execute arbitrary code and escalate system privilege. It was patched, but make sure your system is ok and that it was patched.
Newer Intel CPUs vulnerable to variant 2 of ZombieLoad attack.
Just in case your CPU wasn't vulnerable to the first version, here's your attack.
Here's further info on MDS, the hardware vulnerability.
These guys found the initial processor loophole.
These guys find themselves too busy singing to deal with vulnerabilities.
And because you just haven't had enough of today's shit show of vulnerabilities, your Trusted Platform Module may leak your VPN server's private key.
Aside from that, it was a pretty good day.
Friday, November 8, 2019
Pinebooks are comin'
There are many pros and cons, if you read the reviews, but for $199, you get a functional laptop. The second batch went out to customers and they are naturally posting unboxing videos, because if you don't post video of you physically opening a box, you never got the box or what was supposed to be inside it.
At the price, it's almost a throwaway. I'm tempted, especially because you can't get a tablet for that little. I urge you to read the reviews, forum, and all of the specs before you say or do anything. Understand that this is a 64 bit ARM processor. There's also a linux-only open source hardware phone, to be available for pre-order. It's compatible with all major linux phone project software. In other words, buy the phone, install your favorite OS. I'm watching this project carefully.
So do you, for some strange reason, have an iDevice and run MS Office?
Be careful because it turns out that when you disable the macros, they aren't disabled. Aside from that, I'm sure Office is every bit as lovely as it is on Windows systems.
Popular period tracking apps share your sexual health data with Faceyspaces. Read about how this came to be and what, if anything, is being done about it.
Told you so.
The CEO of Foursquare has called on Congress to regulate the location data industry. Next week, oil companies are going to call on Congress to regulate them too. My question is whether the gentleman has already made the adjustments he asks for to his own company (the article doesn't say).
My suggestion: run your company the way you ask and encourage other companies to also. Because you don't need tech-illiterate, overreaching blowhards to legislate things for you. In fact, it's in your best interests to self-regulate, because you have no idea what will happen when the tech-illiterates 'help' you with regulation. Unless they're already in your pocket.
Happy weekend.
At the price, it's almost a throwaway. I'm tempted, especially because you can't get a tablet for that little. I urge you to read the reviews, forum, and all of the specs before you say or do anything. Understand that this is a 64 bit ARM processor. There's also a linux-only open source hardware phone, to be available for pre-order. It's compatible with all major linux phone project software. In other words, buy the phone, install your favorite OS. I'm watching this project carefully.
So do you, for some strange reason, have an iDevice and run MS Office?
Be careful because it turns out that when you disable the macros, they aren't disabled. Aside from that, I'm sure Office is every bit as lovely as it is on Windows systems.
Popular period tracking apps share your sexual health data with Faceyspaces. Read about how this came to be and what, if anything, is being done about it.
Told you so.
The CEO of Foursquare has called on Congress to regulate the location data industry. Next week, oil companies are going to call on Congress to regulate them too. My question is whether the gentleman has already made the adjustments he asks for to his own company (the article doesn't say).
My suggestion: run your company the way you ask and encourage other companies to also. Because you don't need tech-illiterate, overreaching blowhards to legislate things for you. In fact, it's in your best interests to self-regulate, because you have no idea what will happen when the tech-illiterates 'help' you with regulation. Unless they're already in your pocket.
Happy weekend.
Subscribe to:
Posts (Atom)