The future of the open internet — and our way of life — is in your hands

Why is net neutrality important and why should you care?

The war for the open internet is the defining issue of our time. It’s a scramble for control of the very fabric of human communication. And human communication is all that separates us from the utopia that thousands of generations of our ancestors slowly marched us toward — or the Orwellian, Huxleyan, Kafkaesque dystopia that a locked-down internet would make possible.

By the end of this article, you’ll understand what’s happening, the market forces that are driving this, and how you can help stop it. We’ll talk about the brazen monopolies who maneuver to lock down the internet, the scrappy idealists who fight to keep it open, and the vast majority of people who are completely oblivious to this battle for the future.

Please read this article in its entirety here…

Source: The future of the open internet — and our way of life — is in your hands

Fact Check now available in Google Search and News around the world

Hopefully, this service will expand and people will actually use it…

… last October, along with our partners at Jigsaw, we announced that in a few countries we would start enabling publishers to show a “Fact Check” tag in Google News for news stories. This label identifies articles that include information fact checked by news publishers and fact-checking organizations.

After assessing feedback from both users and publishers, we’re making the Fact Check label in Google News available everywhere, and expanding it into Search globally in all languages. For the first time, when you conduct a search on Google that returns an authoritative result containing fact checks for one or more public claims, you will see that information clearly on the search results page. The snippet will display information on the claim, who made the claim, and the fact check of that particular claim.

Read the article…

Source: Fact Check now available in Google Search and News around the world

Google Penalties Coming for Mobile Pop Ups – SiteProNews

Google is getting ready to enforce the strict mobile standards it has deemed the wave of the future.

“Pages that show intrusive interstitials provide a poorer experience to users than other pages where content is immediately accessible. This can be problematic on mobile devices where screens are often smaller. To improve the mobile search experience, after Jan. 10, 2017, pages where content is not easily accessible to a user on the transition from the mobile search results may not rank as highly.”

This is not all that shocking considering that many are keenly aware of just how intrusive certain pop ups can be and how these adverts effectively diminish the user experience. And when it comes to user experience, this is at the top of Google’s list of priorities.

Starting in January 2017, Google will be doing away with mobile friendly badges due to 85 percent of the mobile SERPs meeting its standards, and any site that is still leveraging the technology known as “interstitial” pop ups would effectively be penalized and demoted in Google’s mobile search rankings.

Read the entire article…

Source: Google Penalties Coming for Mobile Pop Ups – SiteProNews

5 Things to Know Before Starting a Web Project – Build Studio

This is really good information from the web developer’s point of view. We always try to charge appropriately, but some things just take time and resources — like backing up an entire site, creating a test environment so an update doesn’t hose the entire site, working in antiquated software the client insists upon — and there’s not much we can do about it except charge our client or eat the loss. After a bunch of times eating the costs for a number of clients because the actual charge seems awfully high, it’s hard to make a living.

If you’ve never been involved in the creation of a website before, there are some paths that can lead to delays or bloated budgets. We’ve identified what we feel are the biggest pitfalls and how to avoid them. 1. You’re Likely Underestimating How Long Content Will Take In the majority of sites we make, the client…. Continue Reading »

Source: 5 Things to Know Before Starting a Web Project – Build Studio

Beware of These Smartphone Scams, AARP Bulletin|Sid Kirchheimer

Beware of These Smartphone Scams,

Don’t expect the mobile mayhem to end anytime soon

With new technology comes new opportunities to fleece people out of their hard-earned money. Here are the latest scams from AARP and, while this is geared for older people, the information given works for all ages so don’t be put off by a presupposition.

Beware of These Smartphone Scams,

Don’t expect the mobile mayhem to end anytime soon

AARP Bulletin|Sid Kirchheimer|March 2016

Be prepared: Scammers target smartphones every day via constantly evolving cons. — Eric Nyffler

En español | Love your smartphone? So do scammers. With more than 1.5 billion smartphones forecast to be sold worldwide in 2016, you can expect more mobile mayhem this year. The reigning ruses include the following:

Spam

Nearly 70 percent of smartphone texters say they receive unwanted spam messages, studies show. And people are three times more likely to respond to spam received by cellphone than when using a desktop or laptop computer. That’s particularly dangerous because more than a quarter of text-message spam—such as free gift cards, cheap medications and similar text-message come-ons—is intended to criminally defraud you, compared with only about 10 percent of spam arriving by email. These texts often lead you to shady websites that install malware on your phone or otherwise seek to steal sensitive details for identity theft.

What to know: Don’t click on links or follow instructions to text “stop” or “no” to prevent future texts. This only confirms to scammers that yours is a live, active number for future spam. Use and regularly update anti-malware software designed for smartphones; ask your phone’s manufacturer or service provider for recommendations. Forward suspicious texts to 7726 (“SPAM” on most keypads) to alert your carrier to those numbers, and then delete them.

In a longtime calling scam, crooks leave voice messages asking you to call back a specific number because you have won a sweepstakes or have an undeliverable package. Now they simply program calls to smartphones to ring only once or disconnect when you answer. Your curiosity over a missed-call alert results in you spending upwards of $30 to call back. The reason: Despite a seemingly American area code, the call is to an international phone number—often in the Caribbean—that charges a premium connection fee and per-minute rate, which is extended through long holds and frequent transfers.

You might also find charges crammed onto your bill with such innocuous language as “special services,” “Internet advertising” or “minimum monthly usage fee.”

What to know: Beware of any unfamiliar calls—one ring or otherwise—with area codes 268, 284, 473, 649, 664, 767, 809, 829, 849 or 876.

Bank messages

These text messages claim to be from your bank or credit card company and say there’s a problem with your account. You’re instructed to click an included link, which leads you to a look-alike, scammer-run website that seeks your name, account number and online log-in credentials.

See also: Billed for fake debt

What to know: If there’s really an account problem, you might get an email, but it will include your name and a portion of your account number. Or your bank or credit card company may telephone you with a fraud alert, but it won’t ask for any personal data.

Finally, keep in mind that smartphones are prime targets for old-fashioned theft. Don’t let yours reveal your secrets if it winds up in the wrong hands. Always protect it with a strong PIN. And don’t use it to store credit card and account log-in information—or anything else potentially compromising.

More on Scams

DNS HiJacking ( Introduction ) – Cybrary

An introduction to DNS HiJacking

What is DNS and how does hijacking work? What are the dangers of DNS hijacking? How can you prevent or recover from hijacking or being hijacked? Well, read on!

Hello Readers… DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer …

Source: DNS HiJacking ( Introduction ) – Cybrary

How does The Internet Work?

So, how does the internet work?

The internet is something nearly everyone uses on a daily basis. We’ve all come to rely on it and some of us make our living using it. So, how does it work? How do computers connect? How do messages pass between computers? Is it really a bunch of tubes? (hint, nope!) Who owns it?

This article explains some of the more general points about an indispensible system.

Nowadays, internet has became essential after food. There are many people who will not be agree with this statement but once they start using internet, they will be agree. You are reading this article so i hope you are already aware of ‘what internet is’. But, really?

You will say ‘Yes i know what is internet’ but it is enough ? Don’t you ever wonder how does the internet work? Maybe you already know how it works if you are an IT pro or teacher but i think everyone should know this because internet is common and it is for everyone. So the study of internet should not be only for IT students. So coming to the point, i wrote this article to let everyone aware about internet concepts and its working with the help of website Howstuffworks.com . I hope you have enough time to read it patiently.

Source: How does The Internet Work?

36 Reasons Why Having a “Free Website” is a Bad Idea

This is a great article explaining exactly why you get what you pay for and nothing is ever “free.” The least of which is they can lock down your data, they can shut down your website, unprofessional web address (no credibility there), the company can disappear (with your stuff), you lose your site address, they can sell your information, notorious for distributing malware (do you really want to be a part of that?), and they are vulnerable to hacking attempts.

Is this the way you want potential clients/customers/members to see your organization? But wait, there’s more!…

Are you looking for a free website hosting service on the web? Take a look at these 36 reasons explaining why having a free website is a bad idea.

Source: 36 Reasons Why Having a “Free Website” is a Bad Idea

What to Expect from Cybersecurity in 2016, According to the Hacktivists Fighting ISIS | Hacked

According to Ghost Security Group, 2016 will be an eventful year in cybersecurity. Ransomware, ISIS, Bitcoin, hacks and breaches will likely paint the headlines as they did in 2015. 

“As was seen recently with the Ransom32 software earlier this year, ransomware is only getting better,”

Ghost Security Group activist Akenalus told Hacked. 

“At some point it may even begin scanning our computers, extracting credit card information and automatically paying its own ransom.” 

This isn’t likely to happen any time soon, but it will be coming in the next few years.

“We can most definitely expect ransomware to be more commonly used, maybe even being used to take over things like the Playstation network and hold either Sony or individual users hostage, extracting ransom that way,”

the hacktivist said. No matter how it is used, ransomware won’t disappear in the upcoming year. That’s clear by recent innovations in ransomware.

“And if Ransom32 was any kind of an example, we can expect it to get worse.”

As has already been shown in the last year, cyber warfare plays a huge role in modern war. Ghost Security Group has gained a name for itself in the online battle against ISIS. They feel this is the most effective way to undermine ISIS influence.

Read more…

Source: What to Expect from Cybersecurity in 2016, According to the Hacktivists Fighting ISIS | Hacked

Report: Cybercriminals Are Cooking up Malware in Record Numbers | Hacked

Report: Cybercriminals Are Cooking up Malware in Record Numbers

A press release by the Spanish security company revealed the startling number to be nine million new samples more than the previous year – 2014. Essentially, that’s 230,000 new malware samples produced every single day on average throughout 2015.

2015 also saw another record notched up wherein 27 percent of all malware samples – ever recorded – were observed during the previous year.

The highlights revealed that:

  • Trojans proved to be the undisputed king of malware at 51.45% of all collected samples.
  • Viruses constituted for 22.79%
  • Worms came after at 13.22%.

Potentially unwanted programs or PUPs figured in next at 10.71% followed by cases of spyware at 1.83%.

The notorious Cryptolocker ransomware was the most destructive, far-reaching and widely-scaled cyberattack of them all, affecting hundreds of thousands, if not millions of computers around the world.

Read more…

Source: Report: Cybercriminals Are Cooking up Malware in Record Numbers | Hacked

Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

path of apple servers to reading all of your messages

If you are backing up your data using iCloud Backup, then you need you watch your steps NOW!

In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products.

When it comes to Apple’s iMessage service, the company claims that it can’t read messages sent between its devices because they use end-to-end encryption, which apparently means that only you and the intended recipient can read it.

Moreover, in case, if the federal authorities ask Apple to hand over messages related to any of its users, there is nothing with Apple to offer them.

“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose back in 2014. “It is encrypted, and we do not have a key.”

But Wait!

There are still hundreds of Millions of Apple users whose data are stored on Apple’s servers in plain text even after Apple’s end-to-end encryption practice.

Read the rest of the article…

Source: Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

Facebook “Page Disabled” Phish Wants your Card Details | Malwarebytes UnPacked/Christopher Boyd

Facebook “Page Disabled” Phish Wants your Card Details — Targets Page Admins

Fake Facebook Security pages are quite a common sight, and there’s a “Your page will be disabled unless…” scam in circulation at the moment on random Facebook comment sections which you should steer clear of.

The scam begins with a message like this, courtesy of Twitter user Alukeonlife:

Warning!!!
Your page will be disabled.
Due to your page has been reported by other users.
Please re-confirm your page in order to avoid blocking. You violate our terms of service. If you are the original owner of this account, please re-confirm your account in order to avoid blocking.

If the multiple exclamation marks and generally terrible grammar didn’t give the game away, the following request certainly might:

To complete your pages account please confirm Http below:

https(dot)lnkd(dot)in/bNF9BUY?Facebook.Recovery.page

"Attention"

If you do not confirm, then our system will automatically block your account and you will not be able to use it again.
Thank you for the cooperation helping us improve our service.
The Facebook Team

Note that they use the Linkedin URL shortener, which is somewhat unusual – perhaps the scammers think people are growing suspicious of endless bit(dot)ly and goo(dot)gl URLs being sent their way, and are attempting to throw a business-centric sheen on their shenanigans. They won’t get away with it without a fight, however – Google Safe Browsing flags the final destination as a dubious website: and fires up a “Deceptive site ahead” warning:

Fake FaceBook Phishing Warning

As for the scam page itself, which is located at

report-fanpage(dot)gzpot(dot)com/Next/login(dot)htm

it looks like this:

FaceBook Phishing Scam Page

Read More…

Source:  Facebook “Page Disabled” Phish Wants your Card Details | Malwarebytes UnPacked/Christopher Boyd

When URL Shorteners and Ransomware Collide

When URL Shorteners and Ransomware Collide

We are all very familiar with URL shortening services, which are regularly used in Tweets and other social media. It is no secret that cyber criminals also use URL shorteners to aid them in achieving their objectives. URL shorteners are often used by cyber criminals to obfuscate redirects to malicious destinations.

Recently, a URL shortening service was used to shrink a dubious link, obfuscating a malicious destination:

46(dot)30(dot)45(dot)39/Statement.jpg

which was actually a malicious script dowloader “Statement.js”, dropping Cryptowall from

46(dot)30(dot)45(dot)39/yyo.w

Cryptowall is Ransomware which encrypts files on your computer and demands that a ransom be paid in order to receive instructions (private key) for decrypting your files (in this case, RSA-2048 encryption was used).

<…>

There are precautions that can be taken to avoid clicking on a malicious shortened link, such as not clicking on a shortened link if you do not know who it is from. If you want to take additional measures, there are services that unshorten shortened URL’s such as

checkshorturl(dot)com

Furthermore, it is highly recommended that you use anti-virus and anti-malware in conjunction for the best possible protection. Malwarebytes Anti-Malware protects users from this attack, including blocking identified malicious IPs and domains associated with Ransomware.

Read More…

Source:  When URL Shorteners and Ransomware Collide | Malwarebytes Labs

Password secrets: Your Passwords Aren’t As Secure As You Think

Password secrets: Your Passwords Aren’t As Secure As You Think – Technotification

There is one thing that make us so vulnerable is ignorance. Today, everything is going to be depended on the internet. Yes, and you know it better! and a concept that we use to secure our internet accounts and all is our passwords. but is it enough to set password and feel that we are secure? are you really aware about of how to use passwords?

Our lack of understanding about passwords is allowing crooks to spy on us, steal from us, and deceive us into thinking nothing ever happened. Despite the volumes of texts that have already been written about them, how many of us have ever read a single chapter paragraph about the nitty-gritty of passwords?

That’s why i have compiled the following three short lists which outline the most common misconceptions about passwords; the ways in which our passwords can be stolen; and the tools you need to make sure it doesn’t happen to you.

Each of these sections can be read in less than two minutes. But once you’re done, you will have acquired enough information to deal safely and confidently with your passwords.

Password Myths You Should Stop Believing

  1. A file, folder, computer, or account protected by a password is safe.
    Read the rest of the article and learn why that statement is no longer true.

Read More…

Source: Password secrets: Your Passwords Aren’t As Secure As You Think

Hackers Install Free SSL Certs from Let’s Encrypt On Malicious Web Sites

Criminals are abusing Let’s Encrypt Certificates

TLDR

How can You Prevent Yourself From Such Attacks?

Trend Micro has reached out to both the Let’s Encrypt project, and the legitimate domain’s owner to notify them about the malvertising campaign.
And Here’s your take:

  • Users should be aware that a ‘secure’ website is not always or necessarily a safe website, and the best defense against exploit kits is still an easy go, i.e.:
  • Always keep your software up-to-date to minimize the number of vulnerabilities that may be exploited by cyber criminals.
  • For online advertisement brokers, an approach would be to implement internal controls to stop malicious advertisements.

Source: Hackers Install Free SSL Certs from Let’s Encrypt On Malicious Web Sites | The Hacker News

Read the entire article

Pioneer In Internet Anonymity Hands FBI A Huge Gift In Building Dangerous Backdoored Encryption System | Techdirt

Rockin’ Encryption, Open Back Door…

Few doubt Chaum’s cryptography skills or pedigree. He was instrumental in the early days of computer cryptography and what anonymity we have online today owes a lot to Chaum. But his latest plan is… troubling:

At the Real World Crypto conference at Stanford University today, Chaum plans to present for the first time a new encryption scheme he calls PrivaTegrity. Like other tools Chaum has spent his long career developing, PrivaTegrity is designed to allow fully secret, anonymous communications that no eavesdropper can crack, whether a hacker or an intelligence agency.

That part sounds good, right? But then there’s this:

That ambitious privacy toolset aside, Chaum is also building into PrivaTegrity another feature that’s sure to be far more controversial: a carefully controlled backdoor that allows anyone doing something “generally recognized as evil” to have their anonymity and privacy stripped altogether.

Whoever controls that backdoor within PrivaTegrity would have the power to decide who counts as “evil”—too much power, Chaum recognizes, for any single company or government. So he’s given the task to a sort of council system. When PrivaTegrity’s setup is complete, nine server administrators in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications. The result, Chaum argues, is a new approach that “breaks the crypto wars,” satisfying both the law enforcement agencies who argue that encryption offers a haven for criminals, and also those who argue that it’s necessary to hobble mass spying.

Unfortunately, Chaum is both totally missing the point and playing right into the FBI’s hands. The argument of basically every other cryptographer is that building any encryption system is incredibly difficult — and introducing any sort of backdoor opens up massive and dangerous vulnerabilities — whether the original creators recognize it or not. The second you introduce a backdoor — even using Chaum’s weird “nine people in nine countries” system — you have introduced a vulnerability. A vulnerability that can and will be abused by others. You are introducing a security flaw. And that’s a massive security problem.

Source: Pioneer In Internet Anonymity Hands FBI A Huge Gift In Building Dangerous Backdoored Encryption System | Techdirt

First Click: The quietest story of CES is also the biggest | The Verge

What happens to humans when all things move like information?

Are we prepared to play this out without setting any groundwork and without mitigating and reducing the consequences of an all-automated society?

So what happens when the robots reduce the cost and time of moving physical objects to not a lot and pretty fast? When a huge variety of autonomous vehicles in every shape and size from tiny drone to semi truck can be sent off to deliver things without having to slow down or take naps or feel inconvenienced? What does an already globalized culture look like when it’s not just information that can travel instantly, but actual things that can spread across the city and state and world faster and cheaper than ever?

We already know some answers: software-driven advances in logistics and warehousing are behind seemingly-simple things like Amazon’s ultrafast shipping, and services like Instacart and Uber have taught users to expect real-world results from pushing a smartphone button — even if they’re filling in the gaps with other humans for now. The goal is to automate everything, and the first step is teaching the machines to move around.

The machines are fast learners, it turns out. What happens when they have nothing left to learn?

Source: First Click: The quietest story of CES is also the biggest | The Verge

FBI Chief Asks Tech Companies to Stop Offering End-to-End Encryption | Motherboard

Sure, we should just open all information to all governments, right? Who needs a warrant? Who needs due process? Because all of those politicians — with their hands in the pockets of special interests — only have the citizens best interests at heart, right? I mean when has our government ever been corrupt and/or morally bankrupt? Actually, today. When has law enforcement ever overreached? Oh, yeah. Every day this year…

Today, FBI Director James Comey thinks tech companies that offer encryption should “change their business model.”
Despite there still being no solid evidence the attackers benefited from or even used encryption (in at least one case, they coordinated via distinctly unencrypted text messages) law enforcement and national security hawks have used the tragedies to continue pressing tech companies to give the US government access to encrypted communications—even if that means rolling back security and changing the nature of their businesses.

Source: FBI Chief Asks Tech Companies to Stop Offering End-to-End Encryption | Motherboard

Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

Here’s a rundown of the cyber threat landscape for 2016 and beyond, courtesy of a report from Intel security.
Coming In 2016

The 2016 predictions covers threats from ransomware, infrastructure attacks, attacks on automobile systems and the sale and warehousing of stolen data.

• Hardware: Attacks on hardware and firmware will continue while the market for the tools that facilitate them will increase. System firmware toolkits could target virtual machines.

• Ransomware: Ransomware is a growing threat that could anonymize payment methods and networks. More inexperienced cybercriminals will use ransomware-as-a-service.

• Wearables: Most wearable devices store only small amounts of information, but cybercriminals could target them to undermine the smartphones that manage them. The industry will have to protect attack surfaces like networking and wi-fi software, operating system kernels, memory, user interfaces, storage systems and local files, web apps, virtual machines and security and access control software.

• Employee systems: Attackers are likely to target organizations through their employees, including their home security systems, to access corporate networks. Organizations will have to stay vigilant by implementing new security technologies, create effective policies and hire experienced people.

• Cloud services: Attackers could exploit vulnerable security policies that protect cloud services. These services could undermine business strategy, financials, portfolio strategies, next-generation innovations, employee data, acquisition and divestiture plans, and other data.

• Automobiles: Connected automobile systems that lack security capabilities will be potential scenarios for exploitation. Automakers and IT vendors will partner to provide standards and solutions to protect attack surfaces like engine and transmission engine control units (ECUs), remote key systems, advanced driver assistance system ECUs, passive keyless entry, USBs, OBD IIs, V2X receiver, smartphone access and remote link type apps.

• Warehouses of stolen data: The dark market for stolen, personally-identifiable information and user names and passwords will increase in 2016. Big data warehouses that link together stolen, personally-identifiable information sets make combined records more valuable to attackers.

• Integrity attacks: Selective compromises to systems and data mark one of the most significant new attack vectors. Such attacks seize and modify transactions or data to favor perpetrators. An attacker can change direct deposit settings for a victim’s paychecks and direct the deposit to a different account. Cyber thieves could steal millions of dollars in an integrity attack in the financial sector in 2016, McAfee Labs predicts.

• Sharing threat intelligence: Enterprises and security vendors will increasingly share intelligence. Legislative action could allow governments and companies to share threat intelligence. Best practices in this area will increase, allowing success metrics to emerge and quantify protection improvement. Threat intelligence cooperatives among vendors will grow.

Source: Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

🎄Google Santa Tracker

Google’s Santa Tracker is Back!

On a lighter, seasonal note, the Google Santa Tracker is back! Every day during December something new is revealed to play, watch, learn, or otherwise interact with. And of course once Christmas rolls around, the site will track Santa as he travels around the world. There’s also a Google Play app that you can follow along with.

Use Google Santa Tracker to follow Santa Claus on Google Maps as he makes his journey around the world.

Source: 🎄Google Santa Tracker

FBI admits it uses stingrays, zero-day exploits | Ars Technica

FBI admits it uses stingrays, zero-day exploits

Yeah, these are the guys that want to put an end to encryption because: criminals. But without the ability to protect oneself, everyone is subject to these invasions. As a note, others have gone to jail (almost forever) for doing what the FBI is doing. How is their bending of the law any different than those in prison?

stingrays generally intercept all cell phone communications in a given area, not just those of a drug or kidnapping suspect. Paying large sums of money to buy zero-days, meanwhile, creates powerful incentives for governments to keep the underlying vulnerabilities secret

Source: FBI admits it uses stingrays, zero-day exploits | Ars Technica

CNN investigates: How Corporate America keeps huge hacks secret – Nov. 30, 2015

The US Energy Grid was Hacked 79 Times This Year

and we have learned nothing to protect ourselves better

There’s a reason you never hear about major hacks of power plants, manufacturers and banks. Federal law keeps them secret.

Source: CNN investigates: How Corporate America keeps huge hacks secret – Nov. 30, 2015

Internet Society Releases Internet of Things (IoT) Overview Whitepaper: Understanding the Issues and Challenges of a More Connected World | Internet Society

As you will see in the document, we believe the security in the Internet of Things is perhaps the most most significant challenge and we believe ensuring security in IoT must be a fundamental priority. Poorly secured IoT devices and services can serve as potential entry points for cyber attack and expose user data to theft by leaving data streams inadequately protected. A proliferation of poorly secured devices also has the potential to impact the security and resilience of the Internet globally. In order for IoT to be successful, users will need to trust that devices and related data services are secure from vulnerabilities, especially as this technology become more pervasive and integrated into our daily lives.

Source: Internet Society Releases Internet of Things (IoT) Overview Whitepaper: Understanding the Issues and Challenges of a More Connected World | Internet Society

Adobe to Kill ‘FLASH’, but by Just Renaming it as ‘Adobe Animate CC’ – The Hacker News

Adobe to Kill ‘FLASH’ by Just Renaming it as ‘Adobe Animate CC’

“What it won’t bring is:

Fix for the number of security issues that have plagued Adobe Flash for years

The platform has a new name, but the development tool lives on.

So, Flash isn’t actually dead; it’s just renamed.

“Adobe’s strategy is to make money regardless of what happens in the market,” says Jeffrey Hammonds, principal analyst at Forrester Research. “They understand that there is a slow transition to HTML5 going on.”

“At some point you have to embrace the change,” Hammond adds. “The rebranding is the visible sign of that, but the internal focus on supporting the technologies like HTML5 has been going on a while.”

So, hiding Flash behind a different name doesn’t solve the stability and security issues. In fact, a recently uncovered flaw in the software was so nasty that the only way to get rid of it was to completely uninstall Flash Player.”

Make the Breakup with Internet Explorer 8 — TODAY!

Yes, there is an official site urging you to break up with IE8.  Not just to make us developers lives so much easier — and one less browser to test — but because, little one, it’s definitely way past time. They even make it fun! Start the breakup today!

From the official site:

#BREAKUPWITHIE8

You’ve spent six long, excruciating years trying to extract joy from your tired relationship with IE8. That’s a lifetime of cache-clearing, vm-running despair you’ll never get back. March 19, 2015 was your six year anniversary, so we think it’s time to cut your losses and start seeing other browsers.

To put it in perspective, six years in internet time is something like 20 cat years, which makes Internet Explorer 8 very old indeed. Also, when IE8 came out, Susan Boyle was cool. Just sayin’.

(Now we put our serious face on)

For whatever reason, Internet Explorer 8 recently increased in browser share… which is a real kick in the pants for your garden-variety webhead. The sooner we all stop supporting it, the sooner we can collectively work on a more awesome interweb.

Join the intervention and stop supporting IE8. It’s time for an upgrade.

http://breakupwithie8.com/

Social Presence v. Website Presence

A social business or organization presence is a great idea. You can listen to what people say and think and you can get in contact with like-minded groups and/or individuals. This allows you to share your passion, learn from others, and share resources. For many, social media is fun, and not a chore.

The main issue with social media is that it will never be yours. The social network can gather data, change how it publishes, change it’s privacy policies, or any number of things because it belongs to them. They can also fold up and just go away leaving you high and dry and with no presence.

A website, however, is an element on one of the largest networks of all — the world wide web — and you control it. This is the place where you give all those individuals that have clicked on the social media link to your website all the information they are looking for. A place where you control what is published, including all the images, details, and resources you deem necessary to appropriately represent you or your organization/business.

Add your resume, sell your products, impart wisdom, tell the world about your business or organization, but make sure you are in control and that all social media links directly back to your website.

4 Stats to Make You Rethink Your Web Design Plan

By Lindsay Silberman

Business on Tapp, 101

And now, for a mouthwatering thought experiment…

You’re going out to dinner and deciding between two restaurants. When you visit the restaurant sites, option A takes forever to load, and when it finally does, you can’t find the menu anywhere.

Option B is beautifully designed and not only has the menu prominently featured, there are also tempting photos of their signature burger, crispy french fries, and apple pie. Adios, option A.

More likely than not, your website will be the first impression customers have of your business. So even if some delicious #foodporn doesn’t fit your brand, having a great website does.

Need even more motivation to get your site in gear? Here are 4 stats that prove it:

1. 48% of people say a website’s design is the No.1 criterion for deciding on the credibility of a business.

2. 67% of shoppers were more likely to buy from a website that is compatible with mobile devices.

3. 94% of survey respondents cited lousy web design as the reason they mistrusted or rejected a website.

4. 40% would leave a website if it took more than 3 seconds to load.
By Lindsay Silberman

How the US’ Requests for Linked-In Member Info Measures Up Worldwide

So I just got the notification that Linked-In had changed their privacy and transparency policy so I took a minute to see what the changes were. During my perusal I see a link to their Government Requests Transparency Report. It’s interesting to see how many more requests the US makes of Linked-In than any other country and how many member accounts are impacted by their requests.

I encourage you to view the policy changes here and take a moment to see their other privacy information here.

The New Calculator Speller: Hex Codes!

When you first got your shiny, new calculator, can you remember discovering that you could spell words with the numbers? Did you also experience the joy of figuring out how to spell all the various words? Well, BADA55.io has a an upgrade with a little twist to that youthful pastime: a huge list of words you can spell with color Hex codes, set on the colors they create. For example, IDIOTS (1D1075) is a dark blue, while TARDIS (7A2D15) is a reddish-brown.

As a developer, you might be surprised at what I spell with the colors I suggest for your marketing and branding! If you see a color with a word that expresses you or your business, let me know!

The JAVA Security Risk

Why everyone should be concerned about Java

An article by Woody Leonhard, Microsoft Office Expert

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies, delves into all the Win8 nooks and crannies.  His many writings tell it like it is — whether Microsoft likes it or not.

Please note, right from the start that Java is NOT JavaScript!  Disabling or removing Java on your devices will not cause the wonderful JavaScript apps on most websites to stop running.  You can disable or remove Java with impunity!

In the computing world, Java is very nearly ubiquitous. As noted on Oracle’s Java FAQ site, it runs on lots of PCs, but it also runs on “billions of devices worldwide, including mobile and TV devices.” Java is not JavaScript, as Susan Bradley notes in her companion piece, “Java: More than the usual cup of coding coffee,” about what Java is and isn’t.

In this article, I focus on one task — disabling Java in your Web browser(s). It’s the most effective way to protect yourself from most Java-based threats. Yes, some PC users still need Java in their browsers to work with specific websites. But most of us have little to lose and much security to gain by keeping our browsers Java-free. (And yes, Mac users should block Java, too.) Java in browsers has been a malware magnet for years — it’s unlikely that fact will change anytime soon.

I’m not going to review the most recent round of Java exploits, their patches, or new exploits built onto the backs of Java fixes. Java updates are routinely covered in the twice-monthly Patch Watch column. Brian Krebs has an interesting Krebs on Security post detailing the latest war between Java security and hackers.

Scorched earth: Remove Java from all browsers

These days, it’s common for PC users to use multiple browsers. Most versions of Windows have Internet Explorer installed, and many — if not most PC users — are running Firefox or Chrome — or both. On any PC with multiple browsers, the most effective security policy is to disable Java in all browsers; then see what, if anything, breaks. Most likely, you’ll never miss it.

Continue reading

PWN — The New Term In Town

So you may have been seeing this word “pwn” in articles regarding security and hacking and thought it was a typo and it should have read “own.”  Well you’re partly correct.  Pwn (pronounced “powned“) “is an leetspeak (elite speak) term meaning to appropriate or to conquer or gain ownership.  In hacker-ese, it means to compromise or control, specifically another computer (server or PC), web site, gateway device or application.”  See Wikipedia article.

The Urban Dictionary describes pwn as the following:

    1.  1. An act of dominating an opponent.
      2. Great, ingenious; applied to methods and objects.
      Originally dates back to the days of WarCraft, when a map designer mispelled “Own” as “Pwn”.  What was originally supose to be “player has been owned.” was “player has been pwned”.
      Pwn eventually grew from there and is now used throughout the online world, especially in online games.

      1. “I pwn these guys on battlenet”
      2. “This strategy pwns!” or “This game pwn.”
    2. Perfect ownage.  Flawless victory.  Schooled.  Lesson taught.  Owned beyond conventional words, and so excited about it, it’s mistyped.
    3. The word Pwn was originally a typo from when the writer wanted to say Own. Pwn is commonly used in internet games, for example: Counter-Strike. Pwn is used to explain that the player was badly beaten.

So, the next time to own someone, make sure you pwn them!  Make sure your antivirus is up-to-date and that you don’t click links you shouldn’t or you will be pwned by hackers!

What is Two-Factor Authentication? Why Should You Care?

What is two-factor authentication?  According to Wikipedia:

Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: “something the user knows”, “something the user has”, and “something the user is”.

There are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor authentication requires the system to use two of these.

Why should you care?  For extra security, having two or more of the mentioned security factors for authentication helps to make your login more secure.

For email purposes, currently only Google’s Gmail service is the only major webmail provider that offers this option, although Microsoft Hotmail’s forum moderators recently thought differently.  An interesting article by Fahmida Y. Rashid outlines the questions asked of the support forum regarding Microsoft Hotmail’s authentication with some surprising responses.  It only took 3 weeks for an informed response to be posted.

So now you know what two-factor authentication is, shock and awe your friends!

Taken Over

According to Neil J. Rubenking taking over your computer remotely appears to be ridiculously easy, as long as you’re a bit gullible and don’t have any antivirus productions.  Apparently he’s done it, along with several other tech journalists as part of a recent McAfee Consumer Journalist Day at McAfee Headquarters in Santa Clara.

Each of hte journalists was provided a laptop already running VMWare virtual machines.  One VM represented the attacker and the other the victim, with no outside connection for safety’s sake.

Starting with the installation of Shark Trojan, they got to work.  Shark Trojan bills itself as “an advanced reverse connecting, firewall bypassing remote administration tool,” and warns the user not to use it to do anything illegal.  This, and other similar tools, are available for prices that rarely exceed 2 figures.

Shark, according to Rubenking,

“makes hacking so simple it’s ridiculous, especially with the script of instructions supplied by McAfee. With one click I created a server to handle command and control for my attack. Binding my Trojan attack to a legitimate (but outdated) McAfee antivirus tool was equally simple. Had the script called for it, I could have configured the Trojan to lay low if it detected certain tracking tools. Finished with setup, I copied my Trojanized antivirus into the web server’s download folder.

Viewed in a browser, that server serves up a site that looks exactly like McAfee’s. You have to look closely to notice that the URL says “macfee.com.” I sent an official-looking email to the victim system with a link to my evil creation, then switched to the victim’s virtual machine and launched the link.

Back on the attacker system, I immediately saw the victim show up in the Shark console. From that console I had virtually total control over the victim. I launched a DOS shell, viewed and changed Registry entries, tweaked files, launched programs, and manipulated services, all with simple commands from the console. I installed a keylogger, typed a little in the victim system, and verified that the keystrokes were captured.

As a final act of simulated malice, I copied a virus to the victim’s system and launched it. Back on the victim system I ran the Trojanized antivirus, which functioned in detection-only mode. It found hundreds of infected files. That poor victim was completely and totally pwned.”

While this venture took place on a virtual machine on a virtual network and harmed no one, it was increasingly apparent how easy it would be for any ordinary hacker or wannabe to go after any oblivious person or machine.

Word to the wise:  be careful what you click AND Get Your Antivirus Running!!!

Read the entire article here.

 

A Clever Idea for Your Phone Camera

There are a lot of things you use your phone for, but have you considered you can use it as a reminder?  Using your phone camera makes remembering things a breeze.  You’re at Disneyland and you’ve parked in some character’s colored section — take a snapshot of where you parked!  Your meds keep changing — take a pic of your prescription bottles.  Have you ever gotten to Costco for printer refills and forgotten the number?  Just take a snap of the cartridges but make sure the numbers show.  Below is a list of some of the more common uses for your camera phone courtesy of www.apartmenttherapy.com.  One Caveat:  if you’re going to add pictures of items with sensitive information, either blur out the sensitive info or make sure your phone has an encryption program.

Here are a few things that can easily be remembered with a quick snap of your camera phone’s shutter button:

A reminder of where you parked. Parking in the city is no joke.
Your printer cartridges. Make sure you can see the refill numbers.
Your family members’ clothing sizes.
The measurements of your air filter.
Travel confirmation numbers. Take a screenshot of the email your airline sends you. When you check in later and need to find confirmation numbers, your photo album will be less cluttered than your inbox.
Pictures of current medications. Make sure you can see the prescriptions’ names and dosages in the photo.
The types of lightbulbs that fit your home fixtures.
A recipe from a book or magazine that you want to use soon.
Anything “borrowed” that you might want to buy later, like the brand of a smooth-writing pen at the bank or a great-smelling hotel shampoo.
Expensive home furnishings you just know you can DIY at home. Get shots of all the important angles for when you’re ready to DIY.

(Courtesy of  ApartmentTherapy.com)

Microsoft Warning: Email Worm Posing as MS Update

John Lister / InfoPackets on 20110107 @ 12:11AM EST

Microsoft is today warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.

Microsoft Email Security Updates Are a Scam

Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.

This scam in particular takes advantage of Microsoft’s well-established Patch Tuesday schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft’s Director of Security Assurance, Steve Lipner (who in fact does hold that role).

Continue reading

New Microsoft Web Worm Threat

One of my favorite e-magazines is Windows Secrets (http://windowssecrets.com).  This is a free and for-pay newsletter that gets to the bottom of many Windows (and other) issues.  Windows Secrets is also the voice of reason when deciding whether to run a Microsoft/Windows security, or other, update.  As you know, many updates issued by Microsoft have the Windows community recipients beta testing half-assed solutions to serious issues.  Almost always, the intrepid team at Windows Secrets has advised on the side of caution, having recipients wait until all testing had been done and showing issues so we could make informed decisions.

So, when Brian Livingston of Windows Secrets advises everyone to install the new MS patch without hesitation, you know it’s serious.  Brian states that this is the first time in 1-1/2 years that Microsoft has released an emergency fix outside of its monthly “Patch Tuesday” cycle. 

Continue reading

Fake Windows Update Ignored by Outlook’s Email Defenses

There’s a fake Microsoft email message with a nasty file attachment wending it’s way around the internet.  It’s supposedly a Windows update .exe sent as an attachment to a Microsoft email.

Though almost all email programs block .exe attachment files by default, they don’t always send the entire email to the junk mail folder.  Although, having an executable as an attachment should tip the junk filter to the suspicious category and at least send it to the Junk Folder in an abundance of caution.

If you see this email message, DELETE it post haste.  Microsoft would NEVER send an .exe or .msi file through the email system.  Microsoft sends updates through the update process on your PC or MAC.

The current message supposedly comes from “Microsoft Update Center [securityassurance@microsoft.com]” and contains an attachment KB825559.exe – which should NOT be opened under any circumstances.

The complete message and details can be found on the Office Watch website http://news.office-watch.com/?699.