SECURITY WARNINGS & Notices - Please post them here

[polonus]

European cloud data not protected against US Government
Read: http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
link article author = Zack Whittaker

polonus

[MikeBCda]

Beware Keyloggers at Hotel Business Centers
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

There was an interesting article in this morning's Sophos newsletter -- the German government is seriously considering abandoning email entirely and switching to old-fashioned typewriters for communications.  And not even electric, let alone electronic, ones, they're talking about antique totally-manual machines.  I was surprised to learn that key-logging devices go all the way back to the IBM Selectric, probably the most widely used electric typewriter ever.

[mchain]

Beware Keyloggers at Hotel Business Centers
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

There was an interesting article in this morning's Sophos newsletter -- the German government is seriously considering abandoning email entirely and switching to old-fashioned typewriters for communications.  And not even electric, let alone electronic, ones, they're talking about antique totally-manual machines.  I was surprised to learn that key-logging devices go all the way back to the IBM Selectric, probably the most widely used electric typewriter ever.

Interesting comment.

With IoT devices on the way, (if they're not here already) expect more of the same, maybe worse.  IoT devices don't sell, then maybe less of a security concern.

http://en.wikipedia.org/wiki/Internet_of_Things

[Para-Noid]

CNET Hacked!

http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/

[bob3160]

CNET Hacked!

http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/

I think you're a little late....Sometimes, one needs to look up
https://forum.avast.com/index.php?topic=52252.msg1106150#msg1106150

[Pondus]

Does cars come with Antivirus in the future?

Chinese hackers take command of Tesla Model S
http://www.cnet.com/news/chinese-hackers-take-command-of-tesla-model-s/

[polonus]

NSA critics: Dropbox hostile to privacy
Read: http://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak

For more secure alternatives, see: ( http://lifehacker.com/the-best-cloud-storage-services-that-protect-your-priva-729639300 )
For a more secure alternative: http://www.arxshare.com

polonus

[DavidR]

NSA critics: Dropbox hostile to privacy
Read: hxxp://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak

For more secure alternatives, see: ( hxxp://lifehacker.com/the-best-cloud-storage-services-that-protect-your-priva-729639300 )
For a more secure alternative: hxxp://www.arxshare.com

polonus

I use dropbox, for some images and files. But in all honesty I don't store anything on any on-line storage that is in any way confidential/private.

I simply don't trust any on-line storage, regardless of its supposed privacy protection and stick to my normal adage don't publish/store anything on-line that you do not wish to be seen/accessed by anyone.

[Para-Noid]

Worst passwords of 2013!

http://splashdata.com/press/worstpasswords2013.htm

[Pondus]

Google's Chrome Web Browser Is Killing Your Laptop Battery
http://www.forbes.com/sites/ianmorris/2014/07/14/googles-chrome-web-browser-is-killing-your-laptop-battery/

[bob3160]

Google's Chrome Web Browser Is Killing Your Laptop Battery
http://www.forbes.com/sites/ianmorris/2014/07/14/googles-chrome-web-browser-is-killing-your-laptop-battery/

I guess it's a good thing that my laptop is always plugged in.

[polonus]

EFF states that the HTTP protocol should die completely and should definitely be gone from the Internet,
this because it is unencrypted and because of NSA-critical revelations etc.
Read: http://www.tomsguide.com/us/http-must-die,news-19188.html  link article author Paul Wagenseil
Only ads and content delivery (trackers) are still in need of HTTP, and also is avast! av, because it cannot scan inside HTTPS    .
So insecure HTTPS is not flagged, certification issues only reported by Google and Comodo?
What about insecure policies alerted? (Recx Security Analyser for Google Chrome, Calomel SSL-validation add-on for firefox    ).

The EEF standpoint can be read here: https://www.eff.org/event/hope-x

polonus

[polonus]

Interesting observation to the above issue:

It appears that every Alexa-ranked company from China offers NO SSL, which facilitates gov censorship and Amazon, Yandex, Instagram, Ebay, Craigslist all force http (as does OpenDNS non-dashboard use), likely due to mixed content.

- Quote taken from list link below.
See list link: https://docs.google.com/spreadsheets/d/1HirCBS8bK89-jPrLc2cmru48R-3s9mUTJVwni3DO_Sw/pubhtml

pol

[DavidR]

EFF states that the HTTP protocol should die completely and should definitely be gone from the Internet,
this because it is unencrypted and because of NSA-critical revelations etc.
Read: http://www.tomsguide.com/us/http-must-die,news-19188.html  link article author Paul Wagenseil
Only ads and content delivery (trackers) are still in need of HTTP, and also is avast! av, because it cannot scan inside HTTPS <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" /> <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />.
So insecure HTTPS is not flagged, certification issues only reported by Google and Comodo?<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
What about insecure policies alerted? (Recx Security Analyser for Google Chrome, Calomel SSL-validation add-on for firefox  <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" /> ).

The EEF standpoint can be read here: https://www.eff.org/event/hope-x

polonus

Well it has been an aspiration of avast to be able to scan https content, in so much as it does with secure email traffic. But I rather think it is more complex than that simple explanation and no date/time frame or avast version was given for these aspirations.

[polonus]

Hi DavidR,

I fully understand what you mean to say.
Reality and the EFF desired development are two quite different things.
It also isn't clear what is reality here.
It is all a little too little and too late.
These developments should have started years and years ago.
Now with hindsight knowledge we have quite another view of what http: security is.

polonus