Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Salon, Fraud. Skype and More

Filed under
Security
  • Critical Telegram flaw under attack disguised malware as benign images [Ed: Windows]

    The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages.

  • Salon to ad blockers: Can we use your browser to mine cryptocurrency?

    Salon explains what's going on in a new FAQ. "How does Salon make money by using my processing power?" the FAQ says. "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution, and innovation. For our beta program, we'll start by applying your processing power to help support the evolution and growth of blockchain technology and cryptocurrencies."

  • Why children are now prime targets for identity theft [sic] [iophk: "the real name for this is "fraud" and there are already existing laws on it"]

    SSA believed this change would make it more difficult for thieves to “guess” someone’s SSN by looking at other public information available for that person. However, now that an SSN is not tied to additional data points, such as a location or year of birth, it becomes harder for financial institutions, health care providers, and others to verify that the person using the SSN is in fact the person to whom it was issued.

    In other words: Thieves now target SSNs issued after this change as they know your 6-year-old niece or your 4-year-old son will not have an established credit file.

  • Microsoft won't plug a huge zero-day in Skype because it'd be too much work

    The bug in the automatic updater (turd polisher) for the Windows desktop app has a ruddy great hole in it that will let dodgy DLLs through.

  • ‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories

    The bug itself didn’t expose anything too sensitive. No passwords, social security numbers, or credit card data was exposed. But it did expose customers’ email addresses, their billing account numbers, and the phone’s IMSI numbers, standardized unique number that identifies subscribers. Just by knowing (or guessing) customer’s phone numbers, hackers could get their target’s data.

    Once they had that, they could impersonate them with T-Mobile’s customer support staff and steal their phone numbers. This is how it works: a criminal calls T-Mobile, pretends to be you, convinces the customer rep to issue a new SIM card for your number, the criminal activates it, and they take control of your number.

More in Tux Machines

Red Hat on Middleware, RHEL AUDITD, and More Security Issues

  • Open Outlook: Middleware (part 1)
    Middleware, both as a term and as a concept, has been around for decades. As a term, like other terms in the Darwinian world of IT jargon, it has followed a typical fashion lifecycle and is perhaps somewhat past its apogee of vogue. As a concept, however, middleware is more relevant than ever, and while a memetic new label hasn't quite displaced the traditional term, the capabilities themselves are still very much at the heart of enterprise application development. Middleware is about making both developers and operators more productive. Analogous to standardized, widely-used, proven subassemblies in the manufacture of physical goods such as cars, middleware relieves developers from "reinventing the wheel" so that they can compose and innovate at higher levels of abstraction. For the staff responsible for operating applications in production, at scale, with high reliability and performance, the more such applications use standardized middleware components and services, the more efficient and reliable the running of the application can be.
  • RHEL AUDITD
  • Security updates for Tuesday

Vulkan/DXVK and More GNU/Linux Games (Native)

Software and HowTos: Organizer, Handbrake, Logical & in Bash and Python

Android Leftovers