Tag Archives: spyware

Apple Alerts Users In 92 Nations To Mercenary Spyware Attacks

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks,TechCrunch reported.

The company said it sent the alert levels to individuals in 92 nations at 12 p.m. Pacific Time Wednesday. The notification, which TechCrunch has seen, did not disclose the attackers’ identities or the countries where users received notifications.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID – xxx-,” it wrote in the warning to affected customers.

“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously,” Apple added in the text.

Apple Support posted “About Apple threat notifications and protecting against mercenary spyware” From the post:

Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.

BleepingComputer reported Apple has been notifying iPhone users in 92 countries about a “mercenary spyware attack” attempting to remotely compromise their device.

In a sample notification the company shared with BleepingComputer, Apple says that it has high confidence in the warning and urgent the recipient to take seriously.

According to BleepingComputer, to protect against such attacks, Apple recommends a set of immediate actions that include enabling lockdown mode on the device, updating the iPhone and any other Apple products to the latest software version, and seeking expert assistance such as that from the Digital Security Helpline – a non-profit that provides technical support at no cost for journalists, activists, and human rights defenders.

When describing mercenary spyware attacks, the notification highlights NSO Group’s Pegasus kit and says that they are exceptionally well-funded, sophisticated, and target a small number of individuals. 

Apple also updated its support page on the spyware protection yesterday, replacing the term “state sponsored” with “mercenary spyware,” noting that these attacks are ongoing and global and sometimes involve private companies that develop spying tools for state actors.

In my opinion, Apple did the right thing by reporting about the mercenary spyware that might be targeting someone’s iPhone. 

GNC-2012-04-20 #758 Back from NAB!

Back from NAB with a rare Friday show, be sure to check out the podcast and get all caught up.. Headed to Florida tomorrow night so there will be two shows from Florida next week.

Support my Show Sponsor: Best Godaddy Promo Codes
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Download the Audio Show File

Links to all the articles talked about in this Podcast are on the GNC Show Notes Page [Click Here]

GNC-2011-12-01 #725 Foot in Mouth

Between the phone ringing, computers rebooting and me sticking my foot in my mouth 2-3 times I have a great show for you.. Back for one show here in Honolulu and off to Austin next week. Then home for Christmas and to prepare for CES 2012!

Support my Show Sponsor: Best Godaddy Promo Codes
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Subscribe Today: Audio | Video | Mobile Video | iTunes | Zune
Download the Show File

Follow me on Google+
Follow @geeknews on Twitter
Geek News Central Facebook Page
Purchase GNC gear from the Ohana Store!
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com

Links to articles talked about in this Podcast are on the GNC Show Notes Page [Click Here]

Jack Ellis – Executive Producer
Mike Baine – Associate Producer

Sophos Security Threat Report 2011

Digital security firm Sophos today released their Security Threat Report for 2011, which reviews all the ways that the bad guys are out to get you. It’s a glossy 52 page report and is worth a quick read to understand the threats that are out there, especially in areas that you might not be familiar with.

The report covers the key threats from 2010:

  • Fake anti-virus software and scareware – through a warning dialog, users are scared into paying for and installing fake anti-virus software, which at best does nothing and at worst steals passwords and credit card information.
  • SEO poisoning – manipulating search engine results to point users to fake and rogue websites, which are loaded with browser exploits and malware.
  • Clickjacking or UI redressing – hiding malicious buttons underneath innocuous images, e.g. clicking on a “Like” or “Share” image actually emails out malware to all the users friends.
  • Survey scam – in order to complete a questionnaire that typically offers a non-existent but  sought-after prize, software has to be installed or access given to personal data. This information is then used to propagate the questionnaire onwards, earning affiliate revenue for the application developer.
  • Spam – not exactly a new entrant in 2010 but the rise of spam on social networking sites is an increasing problem.
  • Spearphishing – a variant on the original phishing but in this case the attack is well targetted and much more convincing and consequently more likely to succeed.
  • Stuxnet worm – a traditional vector but with a new target, the Stuxnet worm went after SCADA systems and industrial PLC controllers. Very sophisticated, leading to conspiracy theories involving industrial sabotage.
  • Malvertising – the infection of advertising on legitimate websites that links to malware or fake anti-virus software.
  • Compromised sites and accounts – Legitimate websites and typically celebrate accounts are hacked to serve infected webpages or link to malware sites.

The report briefly covers the threats posed to iOS, Android, Windows 7 and Blackberry smartphones before moving onto to review issues with Facebook, Adobe products, removeable media and USB drives. Windows 7 and OS X are also discussed.

The report continues with some of the success stories when the justice system has managed to catch up with the criminals before closing with advice and guidance on how to avoid getting hit.

Give it a read. Warning – 4MB .pdf download.

GNC-2010-06-04 #581 I Flat out Go Off on AT&T!

Are you as mad as I am over the latest AT&T announcement I get on the GNC Soapbox and stay there for a bit. Last show in Hawaii for two weeks, I head out to Texas and NY over the next 4 shows. Join me live at more civilized times. Listen to show for details. Looking for some feedback on the Insider Video on how you liked it..

Sponsor: Visit gotomeeting.com, click the try it free button & use promo code: Podcast.
[Save 15% on orders $20.00 or more at >GoDaddy.com!] use Code Geek5 Complete List of GoDaddy Promo Codes for huge Savings!

Follow @geeknews on Twitter http://www.twitter.com/geeknews
My Personal Facebook Profile
Geek News Central Podcast Facebook Page
Video of Show at www.youtube.com/user/geeknews
Be Geek News Central Insider!
Check out all of our Special Offers!
Check out the new Ohana Store
Show Comments please call 1-619-342-7365 or e-mail geeknews@gmail.com

Listener Links:
Seagate Momentus Review.
480Gb SSD.
10 Blackberry Apps for Travel.
Lego Printer.
Hawaii Solar Bond Initiative.
Spyware on Mac.

Show Links:
AT&T Versus the Pigs.
AT&T Bait and Switch!
Tether iPad Nope Pay to Tether Phone!
AT&T Threatens a Customer?!
Live Stream from YouTube?
520 Day Mars Mission in Moscow.
Ballmer on Google.
Skype Rdio?
FTC Spanks Key Logger.
Don’t be this Stupid!
Verizon bringing 4g to Country?
Windows iPad.
Will Paywall Fail?
Google gives up Wi-Fi data to Germany.
81 Iridium Birds Ordered.
Coal to Elephant Grass.
Urine to Power your Car?
Falcon 9 Launch for Today.
More Water Proof for Mars.
Nuke for Oil Leak off the Table.
Eyeball Tickets in Columbus.
App Rejection Criteria for Apple App Store.
AT&T King of 3G (whatever).
Tax to Save Newspapers.
Police do not want to be Filmed?
Border Guards can take your Laptop.
EFF Helping Time Warner.
Product Placement Questions.
Google Biggest Looser?
Stinky Helmets.
Zoom H1 $99.00.
Apple’s Slave Labor?
Sony Betamax and what’s Left.
Nikon Lense Thermos.

Send in your stories to geeknews@gmail.com and be sure to provide a link to your websites!

Are You Safe Surfing the Internet?

McAfee just released their annual report talking about the dangers of surfing the Internet. In the report they highlighted the most “dangerous” online celebrities.

Fans searching for “Jessica Biel” or “Jessica Biel downloads,” “Jessica Biel wallpaper,” “Jessica Biel screen savers,” “Jessica Biel photos” and “Jessica Biel videos” have a one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware. Searching for the latest celebrity news and downloads can cause serious damage to one’s personal computer.

I know McAfee is a provider of anti-virus/malware software so they have a lot to gain by going public with this report. But software alone doesn’t make it less dangerous.

I’ve talked to a number of people who don’t worry about viruses or malware because they are using a anti-virus program and think they are safe. I even know someone who goes to sites to download music knowing that most of the downloads are infected (they get warning messages from their anti-virus program all the time). They think their anti-virus program will protect them.

No software on your computer can protect you completely. Operating systems are very complex and WILL contain bugs that hackers can exploit. Once vendors know about these holes they do try to patch them but it may be too late for some users. Anti-virus/malware programs try to protect you but they may not always be up-to-date or in some cases are not able to detect/fix the problem.

In the past most viruses/malware were spread by email attachments or clicking links in emails. Now, you can be infected by going to the wrong website. These sites take advantage of bugs/holes in the operating system or in applications like Adobe PDF reader, Flash player, etc. A while back there was a flaw in Windows where all you had to do was go to a website with an inflected photo, and your machine was infected. No piece of software on your computer would have protected you from that.

What can you do to keep from getting infected and stay safe? Buy a Mac (just kidding). Mac users don’t have the same issues with viruses and malware but that could change. Apple has put out a number of security patches for Mac OS 10.5 lately and there are rumors that they will include anti-virus software in the upcoming release of Snow Leopard. Reports on viruses for the Mac have been few but that may change as the number of users grow and hackers refocus their attacks.

So here are my tips to keep your computer safe (for both Windows and Mac):

  1. Keep your computer Operating System (OS) up-to-date. Don’t disable or put off updates your OS vendor sends. Chances are they are patching a problem that is currently being exploited.
  2. Keep your applications up-to-date. In the past you may have put off updating to the latest Adobe Reader because you didn’t see any problems with the one you’re using. Now the update may include a security fix too.
  3. Don’t click on unknown links. Be careful clicking on links in emails or social sites (like Twitter and Facebook). If your bank sends you an email saying there is a problem with your account and says “click here,” close the email and enter the bank’s website address yourself so you know you’re going to the right place.
  4. Don’t go to risky sites. Some browsers (i.e. Firefox) use a list of infected sites and will warn you if you about to go there. Google search does the same. http://googleonlinesecurity.blogspot.com/
  5. Be careful when you get a message box saying that a program wants permission to install or access one of your computer’s resources. Don’t blindly hit Yes/Ok unless you know that is what you want to do.
  6. Don’t believe message boxes that pop up when you go to a new website. A common popup is a warning that your computer is infected and you need to click this link to run a scan of your computer or download a program to remove the infection. Generally, the program you download (and install) IS the infection! Once, I ran this scan on my Mac and it told me my Windows computer was infected with a virus.
  7. Don’t reuse passwords. A lot of sites require you to sign up for an account and create a password. Don’t use your email account password for your online banking account. Get a program to manage your passwords and use a different password for each site. Most of these password programs will generate a long random password that can’t be guessed. (I use 1Password for the Mac, and Personal Passworder for Windows.)
  8. When going to secure sites, like banks or sites to purchase items, make sure you have a secure secure connection when you are about to enter sensitive information (i.e. credit card number, password, etc.). You should  look for the small padlock symbol at the bottom of your browser window and make sure the URL to the site begins with HTTPS, indicating that you are using a SSL (Secured Sockets Layer) connection. The URL should match what you are expecting. If you go to the Bank of America website make sure the URL shows  https://www.bankofamerica.com and not .

I know the above list doesn’t cover everything that you should do to keep your computer safe, but I think it’s a good start.

If you’re a regular to Geek News Central, you most likely know what to do and what not to do to be safe. Do your family and friends a favor and send them a link to this post or, at the very least, talk to them about how to be safe on the Internet.

73’s, Tom

CES 2008 SmartRestart Software Information

Smart Restart is a dream product for those of you that never change your computer configuration or maybe a parents or grandparents computer. This software resets your computer every time you reboot it. You decide when you want to take a snapshot of your install and Smart Restart remembers that configuration from that point on and resets it to that configuration after every reboot. Perfect for that friend or family member that is always messing up there computer

If you want more information on Smart Restart and info on future special offers please visit www.rawvoiceoffers.com and enter promo code “restart” or visit www.smart-restart.com

Download Link