sophos.com · Domains · Slashdot Mirror

Re:And yet... by ArmoredDragon · 2016-07-30 21:12 · Score: 0 · on Android Stagefright Bug Required 115 Patches, Millions Still At Risk (eweek.com)

As for iPhones, people talk about Apple has never has had a security hole in the wild that has affected anything but jailbroken devices.

Apple has had plenty of security breaches in iOS, including one really big one that they still aren't even sure if they've cleaned up yet.

https://nakedsecurity.sophos.c...

Re:Good by StevenMaurer · 2016-07-29 16:34 · Score: 3, Interesting · on Clinton Campaign Breached By Hackers

Remember everyone, the DNC can be hacked and the Clinton campaign can be hacked, but there's NO WAY IN THE WORLD that Hillary's homebrew email server was hacked. Nope. Not possible. Pure as the driven snow.

You mean that sarcastically, but it's basically true. Hacking a server is one thing. Hacking a server without leaving any tracks whatsoever is insanely difficult. Hillary Clinton's server was examined by top FBI forensic analysts, and no breach was detected. This is unlike the system she supposedly "should" have been using, OpenNet (the state.gov email system), which has been hacked so many times, they judge them by how bad they are Sources: State Dept. hack the 'worst ever'. Every other hack has been detected and analyzed - it strains credulity that of all these emails servers, only clintonemail.com would have been hacked so perfectly that there was no trace left, even in the many backups.

This doesn't mean that the Russians don't have her emails, since anything sent to a state.gov email address was copied by them. But that's not Secretary Clinton's fault, and the sheer incompetence of State's IT department (their "solution" to her emails going to people's spam bucket wasn't to whitelist clintonemail.com, but to turn off all spam filtering), lends credence to the idea that she was just trying to work around some very incompetent people in the bureaucracy to get her job done.

What is absolutely proven at this point, is that if she'd done things the "right way", then all her emails would be now in the possession of foreign intelligence agencies. Having clintonemail.com didn't hurt, and may in certain ways, helped.

Re:Encryption by tburkhol · 2016-07-24 23:37 · Score: 2 · on Homeland Security Border Agents Can Seize Your Phone (cnn.com)

In the UK they can detain you for hours on a whim.

Hours, you say... Whole hours and more than one of them? What a terrible inconvenience: that would probably go right through tea.

The US, outside of border crossings, can generally detain people for 2 days without specifying charges, although any detention without charges carries risk of civil retribution. If you decline to provide encryption keys, you may be held for months Not proven for years, yet, but 'contempt of court' is generally used to lock people up until they do what the judge asks (current record is 14 years). I see no reason why they wouldn't hold border-crossers, already subject to substantial rights exceptions, in just the same way. Contempt of court requires a judge's order, so ICE would have to go to a judge (presumably FISA) and explain why decrypting that specific device is an interest of justice/security, but I don't think anyone believes that would be very difficult.

Re:This is it! The year of the Linux desktop! by hairyfeet · 2016-07-02 06:53 · Score: 1 · on 'UpgradeSubscription.exe' File In Preview Build Hints At Windows 10 Subscriptions (zdnet.com)

Heartbleed, shellshock, or take your pick from this list of Linux malware. Here is an an excellent article on the subject with actual examples of Linux malware infections, heck even Fedora removed their "virus free" bullet point from their home page.

Re:yet more poor design. by TheLink · 2016-06-30 03:07 · Score: 1 · on Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (fortune.com)

From a security standpoint you shouldn't be using antivirus software for real-time scanning. These issues have been known for years and keep occurring ( https://www.blackhat.com/prese...
http://www.pcworld.com/article...
http://www.theinquirer.net/inq...
https://community.sophos.com/k...
). Antivirus vendors have been screwing up too often - false positives (blacklisting OS files etc), being exploitable (like this), being unstable, using too much resources.

Real time AV scanning should only be used by people who are incompetent enough to screw up their own systems (or let malware do it) more often than a AV company would. If you know what you are doing you wouldn't be using real-time AV scanning. You'd only scan certain stuff using sacrificial machines and more as a precaution and additional layer of defence.

Re: Par for the course with Android by ArmoredDragon · 2016-06-24 19:46 · Score: 1 · on 'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones (arstechnica.com)

It's easy to say malware is there (in the absence of any evidence of widespread malware)

Actually, there is:

https://nakedsecurity.sophos.c...

Re:How did they steal their Bitcoins? by JcMorin · 2016-06-12 08:12 · Score: 1 · on Ransomware Thieves Cost Canada University C$20,000 In Bitcoin (itworldcanada.com)

If the data worth more than what the ransom is why not? Even the FBI recommend paying in bitcoin if you really want the data back. It's sound terrible but that's cheap to get a lesson and secure or backup your data properly!

Oh really by ArchieBunker · 2016-05-02 04:09 · Score: 1 · on The Government Wants Your Fingerprint To Unlock Phones (dailygazette.com)

Tell that to this guy https://nakedsecurity.sophos.c...

DNS CACHE POISONING HIJACKS #2/2 by Anonymous Coward · 2016-04-24 07:10 · Score: 0 · on Google Admits That Google.com Is Partially Dangerous (eweek.com)

http://www.dshield.org/diary/G...
http://www.theregister.co.uk/2...
http://www.networkworld.com/ne...
http://www.computerworld.com/s...
http://it.slashdot.org/story/1...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.dshield.org/diary/g...
http://it.slashdot.org/story/1...
http://www.dshield.org/diary/S...
http://www.itnews.com.au/News/...
https://nakedsecurity.sophos.c...
https://blog.malwarebytes.org/...

APK

P.S.=> Next is DNS serving up malware & abused by malware to do it (acting as C&C data transfer + more etc.)... apk

ROUTER/MODEM DNS SECURITY ISSUES by Anonymous Coward · 2016-04-24 04:51 · Score: 0 · on Google Admits That Google.com Is Partially Dangerous (eweek.com)

http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://it.slashdot.org/story/1...
http://nakedsecurity.sophos.co...
http://thestack.com/zyxeltech-...
https://nakedsecurity.sophos.c...
http://www.itworld.com/article...
http://www.eweek.com/security/...
http://it.slashdot.org/story/1...
https://threatpost.com/exploit...
http://www.theregister.co.uk/2...
http://www.zdnet.com/linkedin-...
http://www.bing.com/search?q=r...

APK

P.S.=> See subject & now more specific attacks on DNS by malware's next... apk

ROUTER/MODEM DNS SECURITY ISSUES by Anonymous Coward · 2016-04-24 04:51 · Score: 0 · on Google Admits That Google.com Is Partially Dangerous (eweek.com)

http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://it.slashdot.org/story/1...
http://nakedsecurity.sophos.co...
http://thestack.com/zyxeltech-...
https://nakedsecurity.sophos.c...
http://www.itworld.com/article...
http://www.eweek.com/security/...
http://it.slashdot.org/story/1...
https://threatpost.com/exploit...
http://www.theregister.co.uk/2...
http://www.zdnet.com/linkedin-...
http://www.bing.com/search?q=r...

APK

P.S.=> See subject & now more specific attacks on DNS by malware's next... apk

DNS ATTACKED & DOWNED con't. by Anonymous Coward · 2016-04-24 02:14 · Score: 0 · on Google Admits That Google.com Is Partially Dangerous (eweek.com)

https://isc.sans.edu/diary/wor...
http://www.theregister.co.uk/2...
http://www.dshield.org/diary/W...
http://www.theregister.co.uk/2...
http://tech.slashdot.org/story...
http://tech.slashdot.org/story...
http://www.zdnet.com/au/optus-...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.dshield.org/diary/N...
http://yro.slashdot.org/story/...
http://nakedsecurity.sophos.co...
http://www.crn.com/news/securi...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...

APK

P.S.=> Next is SECURITY BREACHES due to DNS failures... apk

Re:And hacked by the Chinese in 3...2...1... by Niddix · 2016-04-04 10:57 · Score: 1 · on The White House Finally Got Color Printers (gizmodo.com)

They US Navy actually stopped teaching celestial navigation around 1995 and only recently started teaching it again. https://nakedsecurity.sophos.c...

First? My ass... by evilviper · 2016-03-07 22:32 · Score: 5, Informative · on Brazilian Coders Are Pioneering the First Cross-OS Malware Using JAR Files

2008: http://citeseerx.ist.psu.edu/v...

2009: https://en.wikipedia.org/wiki/...

2010: https://nakedsecurity.sophos.c...

Look what some moron said about the same subject back in 2011:
http://www.developers.slashdot...

2012: https://www.intego.com/mac-sec...

2012: http://www.zdnet.com/article/c...

2012: http://www.infosecisland.com/b...

etc., etc.

just wait for an auto drive car to mess up like th by Joe_Dragon · 2016-03-01 10:35 · Score: 1 · on Israeli Troops Who Relied On Waze Blundered Into Deadly Palestinian Firefight (washingtonpost.com)

just wait for an auto drive car to mess up like this and who will do the hard time when you drives on to the airport runway?

https://nakedsecurity.sophos.c...

Or drive though a armed forces base?

On to a bus only lane / road?

Re:And there you are... by mitcheli · 2016-02-22 08:05 · Score: 2 · on HTTP GZIP Compression Leaks Data On the Location of Tor Web Servers

Let's see... FBI takes over Onion servers, supposedly paid universities for "research", managed to find the operator to silk road 2.0, and managed a rather large bust of criminals. Then you've got the issue of "fake tor clients"... Seems to me that considering tor (be it with a VPN before or after) is really irrelevant and that the underlying technology of tor has just been under attack for two long and needs to be replaced.

Re:my submission was plagiarised. by Ol+Olsoc · 2016-02-20 10:53 · Score: 1 · on The Heat Is On: Climate Change Causes Birds To Hatch Early (australiangeographic.com.au)

my words were stolen to promote a poorly written substitute to the story that i quoted and that i intended to share. if the plagiarist wanted to promote a different story, then that person should never have used MY NAME nor MY WORDS to do so. this bait-and-switch plagiarism should not be allowed to stand on this, or any, reputable site.

First off, calm down. Bait and switch - I do not think it means what I think you think it means. And given that the folks who make those decisions have been catching a load of bad feedback from references to Forbes.com, they did think your story was interesting enough to search out an alternative link.

That's all. I do suspect that you will never again have to worry about them "plagiarizing" any submission of yours in the future.

FYI: here's the link to the story that i shared: http://www.forbes.com/sites/gr...

i am sure you'll agree that the piece i shared is far superior to the bait-and-switched australian geographic story.

I'll never know, because I won't ever see that article, because I won't disable my adblocker. By the way, this isn't just petulance upon the part of many Slashdotters http://www.tripwire.com/state-...

https://adland.tv/adnews/forbe...

http://www.networkworld.com/ar...

Angler Exploit Kit and CryptoWall ransomware https://nakedsecurity.sophos.c...

Befause Forbes is such a noted provider of these malware exploits, and demand you enable the mechanism to allow them installed on your computer in order to see their content - Naaahhh ain't happening.

Regardless - you cured your own problem with your outrage.

Routers alone = shit (here's proof #15/15) by Anonymous Coward · 2016-02-14 11:51 · Score: 0 · on Firefox 44 Deletes Fine-Grained Cookie Management (mozilla.org)

https://nakedsecurity.sophos.c...
https://nakedsecurity.sophos.c...
https://threatpost.com/exploit...
https://www.hackread.com/cisco...
https://www.incapsula.com/blog...
https://www.schneier.com/blog/...
http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://news.slashdot.org/story...
http://news.slashdot.org/story...
http://news.com.com/Bug+expose...
http://news.cnet.com/8301-1009...
http://it.slashdot.org/story/1...
http://www.theregister.co.uk/2...

* STILL BELIEVE routers = best security alone?

YOU SAID YOUR DNS NEVER WENT DOWN TOO?

Funny YOU ADMIT IT DOES -> http://slashdot.org/comments.p... & you FAIL vs. myself as usual, noob do-nothing "rookie ne'er-do-well" CHUMP!

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each) & YOU OUTRIGHT LIED ON YOUR DNS NEVER GOING DOWN TOO - HUGE fail (one for my bookmarks)... apk

Routers alone = shit (here's proof #15/15) by Anonymous Coward · 2016-02-14 11:51 · Score: 0 · on Firefox 44 Deletes Fine-Grained Cookie Management (mozilla.org)

https://nakedsecurity.sophos.c...
https://nakedsecurity.sophos.c...
https://threatpost.com/exploit...
https://www.hackread.com/cisco...
https://www.incapsula.com/blog...
https://www.schneier.com/blog/...
http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://news.slashdot.org/story...
http://news.slashdot.org/story...
http://news.com.com/Bug+expose...
http://news.cnet.com/8301-1009...
http://it.slashdot.org/story/1...
http://www.theregister.co.uk/2...

* STILL BELIEVE routers = best security alone?

YOU SAID YOUR DNS NEVER WENT DOWN TOO?

Funny YOU ADMIT IT DOES -> http://slashdot.org/comments.p... & you FAIL vs. myself as usual, noob do-nothing "rookie ne'er-do-well" CHUMP!

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each) & YOU OUTRIGHT LIED ON YOUR DNS NEVER GOING DOWN TOO - HUGE fail (one for my bookmarks)... apk

Routers alone = shit (here's proof #14/15) by Anonymous Coward · 2016-02-14 11:48 · Score: 0 · on Firefox 44 Deletes Fine-Grained Cookie Management (mozilla.org)

http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2..." ADD_DATE="1449501567" LAST_VISITED="0">Lock up your top-of-racks, says Cisco, theres a bug in the USB code â The Register
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/P...
http://www.wired.com/threatlev...
http://www.zdnet.com.au/cisco-...
http://www.zdnet.com/cisco-fix...
http://yro.slashdot.org/commen...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...
http://yro.slashdot.org/story/...
https://isc.sans.edu/forums/di...
https://nakedsecurity.sophos.c...
http://www.theregister.co.uk/2...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk