SECURITY WARNINGS & Notices - Please post them here

[polonus]

This is Google Chrome Security's Viewpoint on the matter: https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
We have three levels here: Secure, Dubious, Insecure.
Read on here: https://sslmate.com/blog/post/chrome_cached_sha1_chains

polonus

[Para-Noid]

Fraud Tactics Against Chip-and-PIN Technology

https://blog.malwarebytes.org/fraud-scam/2015/10/fraud-tactics-against-chip-and-pin-technology/?utm_source=Gplus&utm_medium=social

TWO CRITICAL CHALLENGES FACING WEBSITE SECURITY

http://perezbox.com/2015/09/two-critical-challenges-facing-website-security/?utm_campaign=Tony%20Perez%20on%3A%20TWO%20CRITICAL%20CHALLENGES%20FACING%20WEBSITE%20SECURITY&utm_medium=social&utm_source=googleplus

[Asyn]

Oracle Critical Patch Update Advisory - October 2015
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

[Pondus]

CAS Team Finds Flaw in Computers’ Timekeeping
http://www.bu.edu/today/2015/hacking-network-time-protocol/


Attacking the Network Time Protocol
http://www.cs.bu.edu/~goldbe/NTPattack.html
pdf.doc  http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf

Patch  http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/

[Pondus]

Trend Micro Acquires HP TippingPoint, Establishing Game-Changing Network Defense Solution
http://newsroom.trendmicro.com/press-release/company-milestones/trend-micro-acquires-hp-tippingpoint?_ga=1.252947529.1387744404.1445433077

[Para-Noid]

Kampagnen Malvertising Campaign Goes After German Users

https://blog.malwarebytes.org/malvertising-2/2015/10/kampagnen-malvertising-campaign-goes-after-german-users/?utm_source=Gplus&utm_medium=social

10 Ways to Protect Against Hackers

https://www.malwarebytes.org/articles/10-ways-to-protect-against-hackers/?utm_source=Gplus&utm_medium=social

Steer Clear of this Apple Invoice Phish

https://blog.malwarebytes.org/fraud-scam/2015/10/steer-clear-of-this-apple-invoice-phish/?utm_source=Gplus&utm_medium=social

[Pondus]

Ransomware using Remote Desktop to spread itself
http://www.scmagazineuk.com/ransomware-using-remote-desktop-to-spread-itself/article/448377/

http://www.bleepingcomputer.com/news/security/help-recover-files-txt-ransomware-installed-by-targeted-terminal-services-attacks/

[Pondus]

Watch Out for Health Insurance Spam
https://www.bluecoat.com/security-blog/2015-10-22/watch-out-health-insurance-spam

[Pondus]

IBM Runs World’s Worst Spam-Hosting ISP?
http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/

[polonus]

The cat is out of the bag: http://www.theregister.co.uk/2015/10/24/nsa_encryption_hack/
Actual situation is as feared and predicted in 2005.
Is this a solution?

Stop using 1024-bit keys, and use longer prime numbers, and
Use the latest revisions of protocols (which require longer prime numbers)

I do not think so, when encryption gets more and more  secure governments want to have a look where the data resides unecrypted, and that is inside your computer!

These are big, big cats and an enormous amount of mice to chase. 

polonus

[essexboy]

OK that is now verging on paranoia who has personal information so secret (legal) that it must be kept hidden

[Asyn]

TalkTalk cyber-attack: Website hit by 'significant' breach
http://www.bbc.com/news/uk-34611857
http://www.bbc.com/news/uk-34615226
http://help2.talktalk.co.uk/oct22incident

[Para-Noid]

Furor Over IoT Dangers Could Fuel Innovative Security Measures

https://blog.malwarebytes.org/online-security/2015/10/furor-over-iot-dangers-could-fuel-innovative-security-measures/?utm_source=Gplus&utm_medium=social

Bizarre Essex Police #cyberaware Tweet Mystery

https://blog.malwarebytes.org/online-security/2015/10/bizarre-essex-police-cyberaware-tweet-mystery/?utm_source=Gplus&utm_medium=social

edit: additional:  I wonder why they call GCHQ "The Doughnut"? 

[polonus]

Add-ons may spy on you: https://www.reddit.com/r/firefox/comments/3pwcey/firefox_extension_download_manager_s3_asks_for/

Add-on now removed, but not yet added to this blocklist.

See the blocklist: https://addons.mozilla.org/en-US/firefox/blocked/

Certain add-ons can enhance your browser security. Excessive and unwanted add-ons can cripple security seriously!

polonus

[Para-Noid]

Am I Being Phished?

https://blog.malwarebytes.org/fraud-scam/2015/10/am-i-being-phished/?utm_source=Gplus&utm_medium=social