Language Selection

English French German Italian Portuguese Spanish

Security: Windows, Salon, Fraud. Skype and More

Filed under
Security
  • Critical Telegram flaw under attack disguised malware as benign images [Ed: Windows]

    The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages.

  • Salon to ad blockers: Can we use your browser to mine cryptocurrency?

    Salon explains what's going on in a new FAQ. "How does Salon make money by using my processing power?" the FAQ says. "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution, and innovation. For our beta program, we'll start by applying your processing power to help support the evolution and growth of blockchain technology and cryptocurrencies."

  • Why children are now prime targets for identity theft [sic] [iophk: "the real name for this is "fraud" and there are already existing laws on it"]

    SSA believed this change would make it more difficult for thieves to “guess” someone’s SSN by looking at other public information available for that person. However, now that an SSN is not tied to additional data points, such as a location or year of birth, it becomes harder for financial institutions, health care providers, and others to verify that the person using the SSN is in fact the person to whom it was issued.

    In other words: Thieves now target SSNs issued after this change as they know your 6-year-old niece or your 4-year-old son will not have an established credit file.

  • Microsoft won't plug a huge zero-day in Skype because it'd be too much work

    The bug in the automatic updater (turd polisher) for the Windows desktop app has a ruddy great hole in it that will let dodgy DLLs through.

  • ‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories

    The bug itself didn’t expose anything too sensitive. No passwords, social security numbers, or credit card data was exposed. But it did expose customers’ email addresses, their billing account numbers, and the phone’s IMSI numbers, standardized unique number that identifies subscribers. Just by knowing (or guessing) customer’s phone numbers, hackers could get their target’s data.

    Once they had that, they could impersonate them with T-Mobile’s customer support staff and steal their phone numbers. This is how it works: a criminal calls T-Mobile, pretends to be you, convinces the customer rep to issue a new SIM card for your number, the criminal activates it, and they take control of your number.

More in Tux Machines

New Raspberry Pi A+ board shrinks RPi 3B+ features to HAT dimensions

A HAT-sized, $25, Raspberry Pi 3 Model A+ will soon arrive with the same 1.4GHz quad-A53 SoC, dual-band WiFi, and 40-pin GPIO of the RPi 3B+, but with only 512MB RAM, one USB, and no LAN. As promised, Raspberry Pi Trading has revived its old mini-size, four-year old Raspberry Pi Model A+ SBC with a new Raspberry Pi 3 Model A+ model. Measuring the same 65 x 56mm as the earlier $20 RPi A+, the SBC will go on sale in early December for $25. Read more

Android Leftovers

Canonical Extends Ubuntu 18.04 LTS Linux Support to 10 Years

BERLIN — In a keynote at the OpenStack Summit here, Mark Shuttleworth, founder and CEO of Canonical Inc and Ubuntu, detailed the progress made by his Linux distribution in the cloud and announced new extended support. The Ubuntu 18.04 LTS (Long Term Support) debuted back on April 26, providing new server and cloud capabilities. An LTS release comes with five year of support, but during his keynote Shuttleworth announced that 18.04 would have support that is available for up to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," Shuttleworth said. "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IOT where manufacturing lines for example are being deployed that will be in production for at least a decade ." Read more

Benchmarking Packet.com's Bare Metal Intel Xeon / AMD EPYC Cloud

With the tests earlier this week of the 16-way AMD EPYC cloud comparison the real standout of those tests across Amazon EC2, Packet, and SkySilk was Packet's bare metal cloud. For just $1.00 USD per hour it's possible to have bare metal access to an AMD EPYC 7401P 24-core / 48-thread server that offers incredible value compared to the other public cloud options for on-demand pricing. That led me to running some more benchmarks of Packet.com's other bare metal cloud options to see how the Intel Xeon and AMD EPYC options compare. Packet's on-demand server options for their "bare metal cloud" offerings range from an Intel Atom C2550 quad-core server with 8GB of RAM at just 7 cents per hour up to a dual Xeon Gold 6120 server with 28 cores at two dollars per hour with 384GB of RAM and 3.2TB of NVMe storage. There are also higher-end instances including NVIDIA GPUs but those are on a dynamic spot pricing basis. Read more