Slashdot Mirror

Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017...

* IMITATION truly IS the SINCEREST FORM of FLATTERY!!!

(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))

US DHS issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war...

APK

P.S.=> Folks, It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk

Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!

* IMITATION truly IS the SINCEREST FORM of FLATTERY!!!

(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))

US DHS issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war...

APK

P.S.=> Folks, It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk

You're doing it wrong eggshell perimeter security only! DNS = in trouble https://threatpost.com/gov-war... routers = attacked like crazy too (all have vulnerabilities).

See subject & addons make it worse using more resources & messagepass overhead (+ stacking multiple addons slows you down) + CHROME IS BREAKING YOUR ADDONS probably for GOOD as far as ad & malware blocking https://www.bleepingcomputer.c...

Severely limiting e.g. UBlock to only 30,000 blocks (far from complete like by 1/100th++ or more of what ACTUALLY EXISTS in bad things to block)

Hosts resolve your fav. sites (protects against DNS down OR POISONED too) FASTER vs. DNS!

PLUS less security issues - DNS poisoned kaminsky redirect flaw U.S. Gov't. WARNS OF https://threatpost.com/gov-war...

APK

P.S.=> Addons = easily detected & blocked by webmasters + run in SLOW usermode (vs. hosts in FASTER kernelmode as part of the IP stack) & NO SINGLE addon does as much as hosts & hosts do so for FAR LESS too, e.g. NO DNS RESOLUTION value faster in hosts (as it is blocking vs. NoScript in usermode vs. tracking/malware scripts)... apk

See subject & addons COMPOUND it more using more resources & messagepass overhead (WHY stacking multiple addons slows you down NO MATTER WHAT browser makers do) + CHROME IS BREAKING YOUR ADDONS probably for GOOD as far as ad & malware blocking https://www.bleepingcomputer.c...

Severely limiting e.g. UBlock to only 30,000 blocks (far from complete like by 1/100th++ or more of what ACTUALLY EXISTS in bad things to block)

Hosts resolve your fav. sites (protects against DNS down OR POISONED too) FASTER vs. DNS!

PLUS less security issues - DNS poisoned kaminsky redirect flaw U.S. Gov't. WARNS OF https://threatpost.com/gov-war...

APK

P.S.=> Addons = easily detected & blocked by webmasters + run in SLOW usermode (vs. hosts in FASTER kernelmode as part of the IP stack) & NO SINGLE addon does as much as hosts & hosts do so for FAR LESS too, e.g. NO DNS RESOLUTION value faster in hosts (as it is blocking vs. NoScript in usermode vs. tracking/malware scripts)... apk

See subject & addons COMPOUND it more using more resources & messagepass overhead (WHY stacking multiple addons slows you down NO MATTER WHAT browser makers do) + CHROME IS BREAKING YOUR ADDONS probably for GOOD as far as ad & malware blocking https://www.bleepingcomputer.c...

Severely limiting e.g. UBlock to only 30,000 blocks (far from complete like by 1/100th++ or more of what ACTUALLY EXISTS in bad things to block)

Hosts resolve your fav. sites (protects against DNS down OR POISONED too) FASTER vs. DNS!

PLUS less security issues - DNS poisoned kaminsky redirect flaw U.S. Gov't. WARNS OF https://threatpost.com/gov-war...

APK

P.S.=> Addons = easily detected & blocked by webmasters + run in SLOW usermode (vs. hosts in FASTER kernelmode as part of the IP stack itself) & NO SINGLE addon does as much as hosts & hosts do so for FAR LESS too, e.g. NO DNS RESOLUTION value faster in hosts (as it is blocking vs. NoScript in usermode vs. tracking/malware scripts)... apk

0.0.0.0 google-analytics.com IS a faster + more efficient way as hosts operate long before usermode addons + in faster/more cpu serviced kernelmode as part of the IP stack & hosts also don't parse html tags like NoScript has to for "script src" all thru a webpage (saves time on BOTH FRONTS for operational speed).

* Hosts also do a LOT MORE on the DNS/resolution front that addons CAN'T do - protecting you vs. DNS requestlog trackings OR the recent wave of DNS redirect poisonings that U.S. DHS warned us of https://threatpost.com/gov-war... by using hardcoded favorite sites of yours you spend most time at.

APK

P.S.=> For the best hosts file multiplatform:

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)

APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)

Soon 4 MacOS... apk

0.0.0.0 google-analytics.com IS a faster + more efficient way as hosts operate long before usermode addons + in faster/more cpu serviced kernelmode as part of the IP stack & hosts also don't parse html tags like NoScript has to for "script src" all thru a webpage (saves time on BOTH FRONTS for operational speed).

* Hosts also do a LOT MORE on the DNS/resolution front that addons CAN'T do - protecting you vs. DNS requestlog trackings OR the recent wave of DNS redirect poisonings that U.S. DHS warned us of https://threatpost.com/gov-war... by using hardcoded favorite sites of yours you spend most time at.

APK

P.S.=> For the best hosts file multiplatform:

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & download)

APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)

Soon 4 MacOS... apk

On systemd "dnscache" bs, turn it off via NetworkManager.conf in Linux via dns=208.67.222.222 + sudo service network-manager restart commandline & resolv.conf (under etc. & /run/systemd/resolve/ too to:

search 208.67.222.222 ::ffff:208.67.220.220
nameserver 208.67.222.222
nameserver 208.67.220.220

* OpenDNS = PATCHED vs. DNS poisoning & 95++% of ISP DNS aren't & DHC issued warnings vs. DNS redirect poisoning attacks https://threatpost.com/gov-war...

Your fav sites where you spend MOST TIME's via my program below @ TOP of hosts cached in RAM (kernelmode faster OS diskcache subsystem vs. slow usermode cache)

APK

P.S.=> To avoid DNS issues + dns requestlog tracking + to RESOLVE FASTER LOCALLY from SYSTEM RAM?

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between chars & DL)

APK Hosts File Engine 10++ 64-bit for Windows https://hosts-file.net/?s=Down...

Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!

* IMITATION truly IS the SINCEREST FORM of FLATTERY!!!

(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))

US DHC issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war...

APK

P.S.=> Folks, It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk

Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!

* IMITATION truly IS the SINCEREST FORM of FLATTERY!!!

(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))

US issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war...

APK

P.S.=> Folks, It's NOT EASY being "World-Class" like me (lol - 100,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk

"fix that will be released in a software update later this week,â an Apple spokesperson told Threatpost https://threatpost.com/apple-d...

* EAT YOUR WORDS!

APK

P.S.=> You TROLL CHUMP... apk

Oh and here's an RCE flaw in 100%-Java-code Apache Tomcat:

https://threatpost.com/apache-...

If even the Apache Foundation can't right secure Java code why should we expect an average-skilled Java coder is able to?

This game is fun. Shall I start listing comparable security bugs in software written in Ruby, Python and other such supposedly "safe" langauges?

Oh and back in August 2018 there was this other beauty of a bug in Apache Struts:

https://threatpost.com/apache-...

I bet the flaws exploited in the 100%-Java-code Apache Struts has caused far more widspread harm to consumers than this WiFi firmware bug.

“By placing the reflective material over a residual fingerprint on the phone’s display the capacitance fingerprint imaging mechanism can be tricked into authenticating a fingerprint.”

That is supported by a blog post at https://threatpost.com/critica.... It would be appreciated if people would learn the difference between a server and a client.

This is the company that installs password loggers on their customer's computers. Why anyone would still do business with them is beyond me.

You would be surprised at the dumb shit I have seen in dealing with securing similar systems. Yes it is layer upon layer of security measures, or it should be. But far too often someone forgets about that ancient tape changer in storage room b-37 that is still connected, or some PHB decides that they want to be able to check in on machines and shut them down from their cellphone while at home.

One of the problems with ICS systems and others like them is that they assume that the operator knows what they are doing as most of the time the people who are running these things do. The problem occurs when someone who isn't competent, or is malicious wants to do something else. Here the system may warn them before but will let them do it anyway, unless it was a known bad configuration when initially programed but this often is far too big of a state space to program for. Yes there are mechanical limits put on the machine but that doesn't mean it isn't possible to create an unsafe set of settings as was done with the aurora generator test where it was brought out of phase with the rest of the grid. Under normal operation that would have been impossible but by toggling things correctly it became possible to bring it out of phase. This took a bunch of very smart people to figure out the right sequence of events so while it isn't something that could be done easily it could be and with cellphone apps becomes more likely. That said of all the things to worry about this is very low on the list, unless it is your job, and instead would worry more about squirrels.

Also you seem to have forgotten about the whole Stuxnet incident and other related and similar attacks. All of which were able to abuse equipment. Of course there was the attack against the Ukrainian power grid a little more than 2 years ago too. So I stand by my statement that very often this is overblown in the media who love spreading FUD, there is a nugget of truth hidden there and people who have to deal with these systems need to pay attention.

Unfortunately, that font will be rendered in kernel space, because there have never been any security vulnerabilities in fonts...

Who the hell decided that was a good idea?

UEFI isn't that secure anyway. It isn't that hard to break. Personally I think the only reasons for putting it in place was to give Linux a hard time (make i hard for people to move to Linux, thank you M$) while at the same time to give a false sense of security. Given that Intel (and AMD in some processors) have an OS on the CPU that can effective be a full privileged back door, I wouldn't be surprised if UEFI had elements of the same:

https://threatpost.com/cert-wa...

It would be nice if computer hardware was actually made to fully protect the purchaser rather than other interested parties. (In OS we have Linux)

Due to a 'bug' in the code, you can access the AMT with a zero length password. The ME cannot be completely removed, but due to a request from the NSA, it can be disabled with a secret kill switch.

https://threatpost.com/windows...

"The vulnerability affects every version of the SMB protocol and every Windows version dating back to Windows 2000."

Microsoft's announcement shows the opposite. The attackers were related to the Russian military and they were keeping this to themselves.

Microsoft has singled out Sofacy, an APT group long thought to have ties to Russia’s military intelligence arm GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe Flash zero days in targeted attacks.

See more at Kaspersky's blog.

not only is logitech encrypting the communication, they actually release security updates when vulnerabilities are discovered. https://threatpost.com/mouseja...

They're NOT meaningfully encrypting the communications between their universal receiver and their devices; only bluetooth devices have meaningful encryption, and it's considered breakable anyway. That fix was for mousejacking.

not only is logitech encrypting the communication, they actually release security updates when vulnerabilities are discovered. https://threatpost.com/mouseja...

So when are we going to get this: https://threatpost.com/ibm-unv...

I mean it's not like I've been waiting or asking for it for years: https://it.slashdot.org/commen...
https://mobile.slashdot.org/co...

Shared key WPA2 means that anyone who knows the shared key can decrypt other people's traffic if they managed to sniff the 4-way handshake messages:
https://mrncciew.com/2014/08/1...
http://www.howtogeek.com/20433...

It's true using WiFi means you still have to trust the entity providing it, but that's the same with a wired network or using an ISP.

To those who say "use VPNs" I'd say:
1) Defense in depth
2) that's a different layer - just because you can workaround a broken layer doesn't mean the broken layer isn't broken. The fact is the layer already has encryption but it has a broken implementation which can be improved.

I thought Microsoft is abandoning the mobile platform entirely, because of overwhelmingly poor sales.

Also... considering their hideous track record for security in general (Most recently: https://threatpost.com/office-... which was nothing short of breathtakingly boneheaded...), even if I had a Windows Phone (which I never will), I would never trust it to hold something as important as my credit card details.

http://www.theregister.co.uk/2...
https://threatpost.com/en_us/b...
http://www.zdnet.com/dutch-dns...
http://www.dshield.org/diary/n...
http://www.theregister.co.uk/2...

APK

P.S.=> Next: Rogue DNS + GHOST domains - THEN, onto AntiVirus' ADMITTED inefficacy (SYMANTEC) & SECURITY FLAWS (Tavis Ormandy anyone?) ... apk

Coreflood, Fareit, NJWorm, Citadel, DNS Changer, Panix, GhostClick:

FAREIT ATTACKS:

http://www.theregister.co.uk/2...

COREFLOOD ATTACKS:

http://www.secureworks.com/cyb...

LAND ATTACKS:

http://www.dshield.org/diary/L...

NJWORM ATTACKS:

http://threatpost.com/njw0rm-a...

CITADEL DNS ATTACKS:

http://www.webopedia.com/TERM/...

PANIX ATTACKS:

http://www.dshield.org/diary/P...

GHOSTCLICK ATTACKS:

http://www.dshield.org/diary/F...

DNS CHANGER:

http://news.slashdot.org/story...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...

APK

P.S.=> Next is DNS being abused in SEO DNS piggybacking + ABUSING BGP via DNS... apk

http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://it.slashdot.org/story/1...
http://nakedsecurity.sophos.co...
http://thestack.com/zyxeltech-...
https://nakedsecurity.sophos.c...
http://www.itworld.com/article...
http://www.eweek.com/security/...
http://it.slashdot.org/story/1...
https://threatpost.com/exploit...
http://www.theregister.co.uk/2...
http://www.zdnet.com/linkedin-...
http://www.bing.com/search?q=r...

APK

P.S.=> See subject & now more specific attacks on DNS by malware's next... apk

With Rogue DNS used by malware makers also for MORE DNS BS against your crap (wait till I do antivir too, lol):

http://tech.slashdot.org/story...
https://threatpost.com/en_us/b...
http://dns.measurement-factory...

ROGUE DNS SERVERS:

http://blogs.cisco.com/securit...

APK

P.S.=> See subject & ROUTER DNS issues next... apk

http://www.networkworld.com/ne...
http://www.dshield.org/diary/U...
http://www.theregister.co.uk/2...
http://www.theregister.co.uk/2...
http://www.networkworld.com/ne...
http://politics.slashdot.org/s...
http://www.theregister.co.uk/2...
http://blog.cloudflare.com/dee...
http://threatpost.com/dns-base...
http://www.webroot.com/blog/20...

APK

P.S.=> Router DNS issues are next... apk

http://tech.slashdot.org/story...
http://www.theregister.co.uk/2...
http://news.softpedia.com/news...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://www.dshield.org/diary/D...
http://threatpost.com/ultradns... restored_after_ddos_takes_out_dns/
http://www.dshield.org/diary/I...
http://www.itnews.com.au/News/...
http://tech.slashdot.org/story...
http://news.softpedia.com/news...
http://www.dshield.org/diary/P...
http://www.dshield.org/diary/D...

APK

https://nakedsecurity.sophos.c...
https://nakedsecurity.sophos.c...
https://threatpost.com/exploit...
https://www.hackread.com/cisco...
https://www.incapsula.com/blog...
https://www.schneier.com/blog/...
http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://news.slashdot.org/story...
http://news.slashdot.org/story...
http://news.com.com/Bug+expose...
http://news.cnet.com/8301-1009...
http://it.slashdot.org/story/1...
http://www.theregister.co.uk/2...

* STILL BELIEVE routers = best security alone?

YOU SAID YOUR DNS NEVER WENT DOWN TOO?

Funny YOU ADMIT IT DOES -> http://slashdot.org/comments.p... & you FAIL vs. myself as usual, noob do-nothing "rookie ne'er-do-well" CHUMP!

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each) & YOU OUTRIGHT LIED ON YOUR DNS NEVER GOING DOWN TOO - HUGE fail (one for my bookmarks)... apk

http://www.bing.com/search?q=r...
http://tech.slashdot.org/story...
http://thestack.com/root-comma...
http://thestack.com/zyxeltech-...
http://threatpost.com/12-milli...
http://threatpost.com/dns-base...
http://threatpost.com/internet...
http://voices.washingtonpost.c...
http://www.cbc.ca/technology/s...
http://www.dshield.org/diary/+...
http://www.dshield.org/diary/2...
http://www.dshield.org/diary/5...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

http://www.bing.com/search?q=r...
http://tech.slashdot.org/story...
http://thestack.com/root-comma...
http://thestack.com/zyxeltech-...
http://threatpost.com/12-milli...
http://threatpost.com/dns-base...
http://threatpost.com/internet...
http://voices.washingtonpost.c...
http://www.cbc.ca/technology/s...
http://www.dshield.org/diary/+...
http://www.dshield.org/diary/2...
http://www.dshield.org/diary/5...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

http://www.bing.com/search?q=r...
http://tech.slashdot.org/story...
http://thestack.com/root-comma...
http://thestack.com/zyxeltech-...
http://threatpost.com/12-milli...
http://threatpost.com/dns-base...
http://threatpost.com/internet...
http://voices.washingtonpost.c...
http://www.cbc.ca/technology/s...
http://www.dshield.org/diary/+...
http://www.dshield.org/diary/2...
http://www.dshield.org/diary/5...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

Why are these ATMs connected to the Internet and who decided to run Windows on them: Carbank ring steals $1 billion from banks

Link.

Please, no applause. Just throw money.

https://threatpost.com/spree-of-bank-robberies-show-cybercriminals-borrowing-from-apt-attacks/116173/

For me in the article header is a clickable link next to the headline "Metel Hackers Roll Back ATM Transactions, Steal Millions ": (threatpost.com)

If you could heist that many millions you could retire right there and be set. If they're stealing a billion then what do you use that for? That's more like nationstate or mega corp level money and influence.

https://nakedsecurity.sophos.c...
https://nakedsecurity.sophos.c...
https://threatpost.com/exploit...
https://www.hackread.com/cisco...
https://www.incapsula.com/blog...
https://www.schneier.com/blog/...
http://hardware.slashdot.org/s...
http://www.theregister.co.uk/2...
http://news.slashdot.org/story...
http://news.slashdot.org/story...
http://news.slashdot.org/story...
http://news.com.com/Bug+expose...
http://news.cnet.com/8301-1009...

* STILL BELIEVE routers = best security alone?

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

http://tech.slashdot.org/story...
http://thestack.com/root-comma...
http://thestack.com/zyxeltech-...
http://threatpost.com/12-milli...
http://threatpost.com/dns-base...
http://threatpost.com/internet...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://voices.washingtonpost.c...
http://www.bing.com/search?q=r...
http://www.cbc.ca/technology/s...
http://www.dshield.org/diary/+...
http://www.dshield.org/diary/2...
http://www.dshield.org/diary/5...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

http://tech.slashdot.org/story...
http://thestack.com/root-comma...
http://thestack.com/zyxeltech-...
http://threatpost.com/12-milli...
http://threatpost.com/dns-base...
http://threatpost.com/internet...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://voices.washingtonpost.c...
http://www.bing.com/search?q=r...
http://www.cbc.ca/technology/s...
http://www.dshield.org/diary/+...
http://www.dshield.org/diary/2...
http://www.dshield.org/diary/5...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

http://tech.slashdot.org/story...
http://thestack.com/root-comma...
http://thestack.com/zyxeltech-...
http://threatpost.com/12-milli...
http://threatpost.com/dns-base...
http://threatpost.com/internet...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://tools.cisco.com/securit...
http://voices.washingtonpost.c...
http://www.bing.com/search?q=r...
http://www.cbc.ca/technology/s...
http://www.dshield.org/diary/+...
http://www.dshield.org/diary/2...
http://www.dshield.org/diary/5...

APK

P.S.=> So much for your faith in routers alone stupid (225 in total, 15 posts with 15 items each)... apk

It's just application telemetry. Reading these posts seriously makes me wonder if the current Slashot readership does any professional development. If they did, they would know it's pretty much completely standard to collect telemetry from applications.

Oh please.

Just because everybody else does it, doesn't mean it's not a security hole: https://threatpost.com/unencrypted-windows-error-crash-reports-a-treasure-for-nsa-hackers-alike/103363

A responsible vendor can use telemetry, but must always give the end user the ability to disable it. To do otherwise is to open an attack vector for third parties.

As of a few days ago, Cryptowall 4.0 has been released. Version 3.0 caused over 320 million in damages so far. This thing infects via spammed e-mail attachments, Flash, JS exploits, and MS Word / Excel documents containing instructions on allowing an untrusted macro (virus). Aside from proper lock-down of a Windows network and blocking file attachments, I'm real curious as to how all these ad servers are getting infected? These drive-by-downloads are nasty. AKA "malvertisements".

Cryptowall is perhaps the most professionally engineered, crafted, and ran operation of malware in the history of computing in that if anything is going to crash the web and fold companies, this fucker will do it!!!

"80 percent of browsers in the researchers’ sample size were 32-bit processes executing on a 64-bit host running WOW64, putting them all at risk. ref

What were the names of these browsers with no 64-bit versions?

"Duo Security, a cloud-based access security provider" ref

Here's another set of Android vulns that I believe were not mentioned here on Slashdot earlier.....

[Veracrypt's] Idrassi said he agrees with Forshaw that the vulnerabilities were not intentionally introduced and that they are the types of flaws that could have been known and exploited for years. --Kaspersky threatpost

But I can't find a statement by Forshaw that he thinks it wasn't intentional, only this tweet:

To clarify my last tweet, not saying the bugs were intentionally added.

I don't think the word "spy" means what you think it does... They collect usage information to improve the quality of their product. Knowing that XYZ program is run on 42 million PCs means that they need to add it to their testing suite for new releases. Knowing that ABC program is only run on 300,000 machines means they don't.

Then let the end user opt out. If it's such a good thing and totally not a side channel that inadvertently leaks data that helps adversaries with spear-phishing campaigns, nobody in the software industry would opt out, would they?