SI
SI
discoversearch

   Technology StocksOff Topic (Every Day Technology)


Previous 10 
To: TimF who wrote (1421)10/4/2017 12:07:45 AM
From: Stock Puppy
1 Recommendation   of 1436
 
I"m getting adds on the lock screen. I didn't get anything other than from the app store. I've turned off notification for all apps, and still the ads don't go away.
Ads???

Galaxy S7 -
Oh.

Share RecommendKeepReplyMark as Last Read


From: TimF10/6/2017 5:10:02 PM
   of 1436
 
Ayuda! (Help!) Equifax Has My Data!

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may not yet be complete: According to information obtained by KrebsOnSecurity, Equifax can safely add Argentina — if not also other Latin American nations where it does business — to the list as well.

Equifax is one of the world’s three-largest consumer credit reporting bureaus, and a big part of what it does is maintain records on consumers that businesses can use to learn how risky it might be to loan someone money or to extend them new lines of credit. On the flip side, Equifax is somewhat answerable to those consumers, who have a legal right to dispute any information in their credit report which may be inaccurate.

Earlier today, this author was contacted by Alex Holden, founder of Milwaukee, Wisc.-based Hold Security LLC. Holden’s team of nearly 30 employees includes two native Argentinians who spent some time examining Equifax’s South American operations online after the company disclosed the breach involving its business units in North America.

It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

We’ll speak about this Equifax Argentina employee portal — known as Veraz or “truthful” in Spanish — in the past tense because the credit bureau took the whole thing offline shortly after being contacted by KrebsOnSecurity this afternoon. The specific Veraz application being described in this post was dubbed Ayuda or “help” in Spanish on internal documentation.

Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address. The “list of users” page also featured a clickable button that anyone authenticated with the “admin/admin” username and password could use to add, modify or delete user accounts on the system. A search on “Equifax Veraz” at Linkedin indicates the unit currently has approximately 111 employees in Argentina.

Each employee record included a company username in plain text, and a corresponding password that was obfuscated by a series of dots.

However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.

A review of those accounts shows all employee passwords were the same as each user’s username. Worse still, each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee’s last name, you also could work out their password for this credit dispute portal quite easily.

But wait, it gets worse. From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. The site also lists each person’s DNI — the Argentinian equivalent of the Social Security number — again, in plain text. All told, this section of the employee portal included more than 14,000 such records.

Jorge Speranza, manager of information technology at Hold Security, was born in Argentina and lived there for 40 years before moving to the United States. Speranza said he was aghast at seeing the personal data of so many Argentinians protected by virtually non-existent security.

Speranza explained that — unlike the United States — Argentina is traditionally a cash-based society that only recently saw citizens gaining access to credit.

“People there have put a lot of effort into getting a loan, and for them to have a situation like this would be a disaster,” he said. “In a country that has gone through so much — where there once was no credit, no mortgages or whatever — and now having the ability to get loans and lines of credit, this is potentially very damaging.”

Shortly after receiving details about this epic security weakness from Hold Security, I reached out to Equifax and soon after heard from a Washington, D.C.-based law firm that represents the credit bureau.

I briefly described what I’d been shown by Hold Security, and attorneys for Equifax said they’d get back to me after they validated the claims. They later confirmed that the Veraz portal was disabled and that Equifax is investigating how this may have happened. Here’s hoping it will stay offline until it is fortified with even the most basic of security protections.

According to Equifax’s own literature, the company has operations and consumer “customers” in several other South American nations, including Brazil, Chile, Ecuador, Paraguay, Peru and Uruguay. It is unclear whether the complete lack of security at Equifax’s Veraz unit in Argentina was indicative of a larger problem for the company’s online employee portals across the region, but it’s difficult to imagine they could be any worse.

“To me, this is just negligence,” Holden said. “In this case, their approach to security was just abysmal, and it’s hard to believe the rest of their operations are much better.”

I don’t have much advice for Argentinians whose data may have been exposed by sloppy security at Equifax. But I have urged my fellow Americans to assume their SSN and other personal data was compromised in the breach and to act accordingly. On Monday, KrebsOnSecurity published a Q&A about the breach, which includes all the information you need to know about this incident, as well as detailed advice for how to protect your credit file from identity thieves.

[Author’s note: I am listed as an adviser to Hold Security on the company’s Web site. However this is not a role for which I have been compensated in any way now or in the past.]

krebsonsecurity.com

Share RecommendKeepReplyMark as Last Read


To: TimF who wrote (1414)10/10/2017 9:40:35 PM
From: QuantHead
   of 1436
 
Advertising is definitely the way the big boys do it, but there are lots of way to make money once you've the visitors. As discussed previously, there are a ton of factors that play into how much you make from advertising but basically:

"The amount that you can make from AdSense depends on three factors:
1. The number of visitors to your blog
2. The visibility of the ads
3. The topic you are blogging about"
Source: theblogstarter.com

Of course, depending on your website structure, there is no reason you can't sell advertising space as well as monetizing in some other way as well (such as selling your own product).

Share RecommendKeepReplyMark as Last Read


From: TimF11/30/2017 4:52:18 PM
1 Recommendation   of 1436
 
Persistent drive-by cryptomining coming to a browser near you

...The trick is that although the visible browser windows are closed, there is a hidden one that remains opened. This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock...
blog.malwarebytes.com

theregister.co.uk

Share RecommendKeepReplyMark as Last Read


From: TimF11/30/2017 4:59:31 PM
2 Recommendations   of 1436
 
Malware writer offers free trojan to hackers ... with one small drawback Beware of geeks bearing Cobian RAT gifts
By Iain Thomson in San Francisco
31 Aug 2017

Those looking on the dark web for malware capable of hijacking computers might have thought they were getting a bargain when a free trojan appeared on various online souks over the past few months.

The malware generator, dubbed the Cobian remote access trojan (RAT) by researchers at security shop Zscaler, is a fairly elemental bit of code and is based around the njRAT that surfaced around four years ago. It comes with all the usual bells and whistles – a keylogger, webcam hijacker, screen capturing and the ability to run your own code on an infected system.

But the Cobain RAT also has a secondary payload built in, hidden in an encrypted library. Once activated, it allows the original author of the malware to take control of any computers infected by the attack code and, if necessary, cut off the criminal who caused the infection in the first place.

"It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author," said Zscaler's advisory on Thursday. "The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators' Botnet."

The secondary payload communicates with a preset page on Pastebin to get the current address of the command and control servers run by the original writer. But the malware checks first to see if the second level operator is online, in which case it keeps quiet to avoid detection.

It's likely the original author won't automatically cut off the second level operator for fear of alerting that person. Instead it's in the author's interests to encourage as many infections as possible and to run a massive botnet without the bother of distributing the malware necessary to build a zombie army...

theregister.co.uk

Share RecommendKeepReplyMark as Last Read


From: TimF11/30/2017 5:02:54 PM
1 Recommendation   of 1436
 
You can log into macOS High Sierra as root with no password
theregister.co.uk

As Apple fixes macOS root password hole, here's what went wrong
While you patch your Mac, take a look at what upset the Apple cart this week
theregister.co.uk

Quick fix, or at least quick once it became publicly known. But something like this really needed a quick fix.

Share RecommendKeepReplyMark as Last Read


From: J.F. Sebastian12/5/2017 10:34:26 AM
1 Recommendation   of 1436
 
Bitcoin miner: 'I haven't paid for heat in three years'

It was roughly 30 ºF outside in Durham, North Carolina, on a recent day in late November, but Rahdi Fakhoury’s 1650-square-foot house was so warm he left a window open a bit. The heater he was using? Two Bitcoin mining machines and two Ethereum mining machines.

Fakhoury, 38, is part of a contingent of people who say mining bitcoins at home can be profitable while providing free heat. As the cryptocurrency price ( BTC-USD) skyrocketed and hit $11,000 last Wednesday, he woke up in a heated room and found his machines made $60, or 0.0026 bitcoin while costing $6 in electricity, in a day, according to calculations on whattomine.com.

Like gold, the quantity of bitcoins is finite. Out of 21 million bitcoins, 16.7 million have been mined as of November 2017. In this digital “Gold Rush,” miners no longer need to travel to California or use shovels to dig into the ground.

People like Fakhoury just put printer-shape ASIC mining machines in their garages and basements and plug them in; then, codes running on the machine create new bitcoins using a complex mathematical and computing process, which also generates a great deal of heat. (Just like how your laptop sometimes overheats, but much more.)

Fakhoury now runs two Bitmain S9 bitcoin mining machines in a 5-foot-tall box in the basement, and he plans to add one more when it gets colder. Each machine consumes about 1400 Watts per hour, similar to an average space heater. The average electricity cost in his town is 0.06 per kWh, and last month his electric bill was about $450. It’s $250 more than when he used a heater, but he says the expense has been offset by the proceeds from the bitcoins he had mined.

“I haven’t paid for heat for three years,” Fakhoury said. “I would suggest people put half of their bitcoin investment into mining and half into purchasing the coins. That way you hedge yourself in both directions.”

Home mining is not for everyone


Rahdi Fakhoury runs bitcoin mining machines in the basement to heat his house in North Carolina. (Rahdi Fakhoury)

More at: https://finance.yahoo.com/news/bitcoin-miner-havent-paid-heat-three-years-143714695.html

Share RecommendKeepReplyMark as Last Read
Previous 10 

Copyright © 1995-2017 Knight Sac Media. All rights reserved.Stock quotes are delayed at least 15 minutes - See Terms of Use.