Technology StocksOff Topic (Every Day Technology)

Previous 10 Next 10 
To: TimF who wrote (1424)9/23/2017 3:54:39 AM
From: J.F. Sebastian
1 Recommendation   of 1465
I understand that, I was simply pointing out it's an inherently unequal (and perhaps unfair) comparison when you analyze two phones with such different hardware specs due to a 3-year age difference.

No offense intended.

Share RecommendKeepReplyMark as Last ReadRead Replies (1)

To: J.F. Sebastian who wrote (1425)9/23/2017 12:13:42 PM
From: TimF
   of 1465
None taken

Share RecommendKeepReplyMark as Last Read

To: TimF who wrote (1412)10/1/2017 12:26:03 PM
From: QuantHead
   of 1465
Not necessarily. Total traffic doesn't say anything about the quality of the traffic. If you have 10k visitors per day to your site about free online games for Bangladeshis, then you can't demand as much as someone who has 1k visitors to their site about the best California golf clubs. The reason? Think of the purchasing power of the two different audiences.

There are also different payment structures for site advertising. You can get paid a flat monthly fee, paid by the number of times the ad is shown, or paid by the number of clicks on the ad.

Share RecommendKeepReplyMark as Last ReadRead Replies (1)

To: QuantHead who wrote (1427)10/1/2017 1:36:40 PM
From: TimF
   of 1465
Which is one of the reasons why I said its the general trend. Maybe even that statement was to strong.

All else being equal more traffic will tend to cause more revenue. Directly when the payment is for each time its shown. Indirectly when its number of clicks (more people viewing odds are more people click), and indirectly when its a flat fee per month (you can show higher traffic you can negotiate for a higher per month fee).

But "All else being equal" isn't a safe assumption as your example shows.

Share RecommendKeepReplyMark as Last ReadRead Replies (1)

To: TimF who wrote (1428)10/1/2017 1:44:03 PM
From: QuantHead
   of 1465
Yep, hard to generalize since things are so specific to each situation, but more traffic is never really a bad thing in terms of ad sales. Just a lot of other factors as well, as you point out.

Share RecommendKeepReplyMark as Last Read

To: TimF who wrote (1421)10/4/2017 12:07:45 AM
From: Stock Puppy
1 Recommendation   of 1465
I"m getting adds on the lock screen. I didn't get anything other than from the app store. I've turned off notification for all apps, and still the ads don't go away.

Galaxy S7 -

Share RecommendKeepReplyMark as Last Read

From: TimF10/6/2017 5:10:02 PM
   of 1465
Ayuda! (Help!) Equifax Has My Data!

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may not yet be complete: According to information obtained by KrebsOnSecurity, Equifax can safely add Argentina — if not also other Latin American nations where it does business — to the list as well.

Equifax is one of the world’s three-largest consumer credit reporting bureaus, and a big part of what it does is maintain records on consumers that businesses can use to learn how risky it might be to loan someone money or to extend them new lines of credit. On the flip side, Equifax is somewhat answerable to those consumers, who have a legal right to dispute any information in their credit report which may be inaccurate.

Earlier today, this author was contacted by Alex Holden, founder of Milwaukee, Wisc.-based Hold Security LLC. Holden’s team of nearly 30 employees includes two native Argentinians who spent some time examining Equifax’s South American operations online after the company disclosed the breach involving its business units in North America.

It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

We’ll speak about this Equifax Argentina employee portal — known as Veraz or “truthful” in Spanish — in the past tense because the credit bureau took the whole thing offline shortly after being contacted by KrebsOnSecurity this afternoon. The specific Veraz application being described in this post was dubbed Ayuda or “help” in Spanish on internal documentation.

Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address. The “list of users” page also featured a clickable button that anyone authenticated with the “admin/admin” username and password could use to add, modify or delete user accounts on the system. A search on “Equifax Veraz” at Linkedin indicates the unit currently has approximately 111 employees in Argentina.

Each employee record included a company username in plain text, and a corresponding password that was obfuscated by a series of dots.

However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.

A review of those accounts shows all employee passwords were the same as each user’s username. Worse still, each employee’s username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee’s last name, you also could work out their password for this credit dispute portal quite easily.

But wait, it gets worse. From the main page of the employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. The site also lists each person’s DNI — the Argentinian equivalent of the Social Security number — again, in plain text. All told, this section of the employee portal included more than 14,000 such records.

Jorge Speranza, manager of information technology at Hold Security, was born in Argentina and lived there for 40 years before moving to the United States. Speranza said he was aghast at seeing the personal data of so many Argentinians protected by virtually non-existent security.

Speranza explained that — unlike the United States — Argentina is traditionally a cash-based society that only recently saw citizens gaining access to credit.

“People there have put a lot of effort into getting a loan, and for them to have a situation like this would be a disaster,” he said. “In a country that has gone through so much — where there once was no credit, no mortgages or whatever — and now having the ability to get loans and lines of credit, this is potentially very damaging.”

Shortly after receiving details about this epic security weakness from Hold Security, I reached out to Equifax and soon after heard from a Washington, D.C.-based law firm that represents the credit bureau.

I briefly described what I’d been shown by Hold Security, and attorneys for Equifax said they’d get back to me after they validated the claims. They later confirmed that the Veraz portal was disabled and that Equifax is investigating how this may have happened. Here’s hoping it will stay offline until it is fortified with even the most basic of security protections.

According to Equifax’s own literature, the company has operations and consumer “customers” in several other South American nations, including Brazil, Chile, Ecuador, Paraguay, Peru and Uruguay. It is unclear whether the complete lack of security at Equifax’s Veraz unit in Argentina was indicative of a larger problem for the company’s online employee portals across the region, but it’s difficult to imagine they could be any worse.

“To me, this is just negligence,” Holden said. “In this case, their approach to security was just abysmal, and it’s hard to believe the rest of their operations are much better.”

I don’t have much advice for Argentinians whose data may have been exposed by sloppy security at Equifax. But I have urged my fellow Americans to assume their SSN and other personal data was compromised in the breach and to act accordingly. On Monday, KrebsOnSecurity published a Q&A about the breach, which includes all the information you need to know about this incident, as well as detailed advice for how to protect your credit file from identity thieves.

[Author’s note: I am listed as an adviser to Hold Security on the company’s Web site. However this is not a role for which I have been compensated in any way now or in the past.]

Share RecommendKeepReplyMark as Last Read

To: TimF who wrote (1414)10/10/2017 9:40:35 PM
From: QuantHead
   of 1465
Advertising is definitely the way the big boys do it, but there are lots of way to make money once you've the visitors. As discussed previously, there are a ton of factors that play into how much you make from advertising but basically:

"The amount that you can make from AdSense depends on three factors:
1. The number of visitors to your blog
2. The visibility of the ads
3. The topic you are blogging about"

Of course, depending on your website structure, there is no reason you can't sell advertising space as well as monetizing in some other way as well (such as selling your own product).

Share RecommendKeepReplyMark as Last Read

From: TimF11/30/2017 4:52:18 PM
1 Recommendation   of 1465
Persistent drive-by cryptomining coming to a browser near you

...The trick is that although the visible browser windows are closed, there is a hidden one that remains opened. This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock...

Share RecommendKeepReplyMark as Last Read

From: TimF11/30/2017 4:59:31 PM
2 Recommendations   of 1465
Malware writer offers free trojan to hackers ... with one small drawback Beware of geeks bearing Cobian RAT gifts
By Iain Thomson in San Francisco
31 Aug 2017

Those looking on the dark web for malware capable of hijacking computers might have thought they were getting a bargain when a free trojan appeared on various online souks over the past few months.

The malware generator, dubbed the Cobian remote access trojan (RAT) by researchers at security shop Zscaler, is a fairly elemental bit of code and is based around the njRAT that surfaced around four years ago. It comes with all the usual bells and whistles – a keylogger, webcam hijacker, screen capturing and the ability to run your own code on an infected system.

But the Cobain RAT also has a secondary payload built in, hidden in an encrypted library. Once activated, it allows the original author of the malware to take control of any computers infected by the attack code and, if necessary, cut off the criminal who caused the infection in the first place.

"It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author," said Zscaler's advisory on Thursday. "The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators' Botnet."

The secondary payload communicates with a preset page on Pastebin to get the current address of the command and control servers run by the original writer. But the malware checks first to see if the second level operator is online, in which case it keeps quiet to avoid detection.

It's likely the original author won't automatically cut off the second level operator for fear of alerting that person. Instead it's in the author's interests to encourage as many infections as possible and to run a massive botnet without the bother of distributing the malware necessary to build a zombie army...

Share RecommendKeepReplyMark as Last ReadRead Replies (1)
Previous 10 Next 10 

Copyright © 1995-2018 Knight Sac Media. All rights reserved.Stock quotes are delayed at least 15 minutes - See Terms of Use.