Here’s What Happens When You Install the Top 10 Download.com Apps

We installed the top 10 apps from Download.com, and you’ll never believe what happened! Well… I guess maybe you might have a good guess. Awful things. Awful things are what happens. Join us for the fun!

We’ve been railing against freeware download recommendations for years, and recently we taught you how to test any software safely using a virtual machine. So we thought, why not have some fun and see what really happens if you download software like a regular clueless user might?

For the purpose of this experiment, we’re going to just click through all regular installation screens with the default options using a fresh virtual machine. And we’re going to install ten applications from the most popular downloads list. And we’re going to assume the persona of a regular non-geek user.

Why would we choose Download.com? Because their policies page states clearly that they do not allow malicious software on the site, and further that they do NOT accept any software that contains the following:

• Software that installs viruses, Trojan horses, malicious adware, spyware, or other malicious software at any point during or after installation.
• Software that installs without notice and without the user’s consent.
• Software that includes or uses surreptitious data collection.
• Software that diverts or modifies end users’ default browsers, search-engine home pages, providers, security, or privacy-protection settings without the users’ permission.
• Software that installs in a concealed manner or denies users an opportunity to read the license agreement and/or to knowingly consent to the installation.
• Software that induces installation by making false or misleading claims about the software or the software publisher.

I mean, with all those protections in place from the trusty people over there at CNET, why would anybody worry? I mean, CNET News is a trusted source, right? Right.

Danger! Do NOT Try This at Home!

Source:
http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps/

Posted in Internet, Privacy, Security, Windows | No Comments

New Apple malware is undetectable, unstoppable, and can infect any Thunderbolt-equipped device

Apple products have long enjoyed a reputation for superior security in relation to Windows systems, but a new proof-of-concept malware delivery method could put a serious dent in that reputation. The exploit, dubbed Thunderstrike, currently can’t be detected or removed by any known process without using specialized hardware. Security researcher Trammell Hudson has demonstrated how to use a Thunderbolt peripheral to load what he’s calling a “bootkit” via the device’s Option ROM.

Option ROMs are optional or peripheral-specific blocks of memory that were first deployed in the 1980s as a way of storing critical programs or retrieving peripheral-specific blocks of memory. They’re initialized early in the boot process and often “hook” to the BIOS to provide a bootable device or network boot. Thunderbolt devices contain their own Option ROMs, and Apple hardware checks these areas as part of its boot sequence.

The exploit package is injected from the infected Thunderbolt device’s Option ROM directly into the system’s extensible firmware interface (EFI). Official documentation on the EFI/UEFI standard, shown below, seems to imply that this is impossible, since the firmware is supposed to be locked by default.

Source:
http://www.extremetech.com/mobile/197005-new-apple-malware-is-undetectable-unstoppable-and-can-infect-any-thunderbolt-equipped-device

Posted in Hardware, Internet, Privacy, Security | No Comments

Browsing in privacy mode? Super Cookies can track you anyway

For years, Chrome, Firefox, and virtually all other browsers have offered a setting that doesn’t save or refer to website cookies, browsing history, or temporary files. Privacy-conscious people rely on it to help cloak their identities and prevent websites from tracking their previous steps. Now, a software consultant has devised a simple way websites can in many cases bypass these privacy modes unless users take special care.

Ironically, the chink that allows websites to uniquely track people’s incognito browsing is a much-needed and relatively new security mechanism known as HTTP Strict Transport Security. Websites use it to ensure that an end user interacts with their servers only when using secure HTTPS connections. By appending a flag to the header a browser receives when making a request to a server, HSTS ensures that all later connections to a website are encrypted using one of the widely used HTTPS protocols. By requiring all subsequent connections to be encrypted, HSTS protects users against downgrade attacks, in which hackers convert an encrypted connection back into plain-text HTTP.

Sam Greenhalgh, a technology and software consultant who operates RadicalResearch, has figured out a way to turn this security feature into a potential privacy hazard. His proof of concept is known as HSTS Super Cookies. Like normal cookies, they allow him to fingerprint users who browse to his site in non-privacy mode, so if they return later, he will know what pages they looked at. There are two things that give his cookies super powers. The first is that once set and depending on the specific browser and platform it runs on, the cookies will be visible even if a user has switched to incognito browsing. The second is that the cookies can be read by websites from multiple domain names, not just the one that originally set the identifier. The result: unless users take special precautions, super cookies will persist in their browser even when private browsing is turned on and will allow multiple websites to track user movements across the Web.

Source:
http://arstechnica.com/security/2015/01/browsing-in-privacy-mode-super-cookies-can-track-you-anyway/

Posted in Internet, Privacy | No Comments

4 Moves You Need to Make Immediately After Your Credit Card Is Hacked

If you paid for the bulk of your holiday shopping with plastic, you may not be looking forward to your first statement of the new year but you can’t afford not to. The holidays are prime time for identity thieves who want to get their hands on your personal information, as two MyBankTracker staffers recently found out.

In one instance, it was a credit card that was compromised and in the other, a prepaid card. In both cases, it’s led to a number of headaches, including new credit cards opened and a slew of fraudulent charges, as they try to sort out the mess created by hackers. If you’ve ever been a victim of credit or debit card fraud, you probably have an idea what I’m talking about.

For one thing, there’s the hassle of getting a new card. Credit card companies will usually overnight it for free but your bank might be a different matter. You could end up paying anywhere from $15 to $20 if you need the card by the next day. You’ve also got to go through the trouble of switching over any automatic bill payments linked to the account and updating the card number through PayPal, eBay or anywhere else you have it stored online.

Once that’s done, you’re stuck worrying about whether your information is really safe. Keeping an eye on your accounts and checking your credit reports is a must but those online monitoring services usually come with a pretty decent monthly fee. The good news is, there are some ways to track your credit or debit card activity that won’t cost you a dime. If your credit card got hacked over the holidays or you’re just paranoid about it happening in the future, here’s what you can do to keep an eye on your credit for free.

Source:
http://www.mybanktracker.com/news/credit-card-hacked

Posted in Internet, Privacy, Security | No Comments

How to Ensure Your Home Router Has the Latest Security Updates

Keeping your home router updated is a crucial part of staying secure. Shellshock affected a number of routers, and we’ve also seen routers hacked and turned into botnets. Home router security is notoriously poor.

You should ensure your router is getting security updates, too. Depending on your router, you may have to do this by hand, set up automatic updates — or not do anything at all.

Your Router’s Firmware is an OS, and it’s Particularly At Risk

Your router runs a “firmware,” which is essentially its operating system. Quite a few routers are actually built on top of Linux, and that means security vulnerabilities in the Linux kernel or related software — like the Shellshock bug in the Bash shell — could affect your router. Problems can also occur due to poor router firmware design in general, such as the backdoors that have been discovered in routers produced by Linksys, Netgear, and other massive companies.

Home routers are particularly vulnerable because they’re exposed directly to the Internet. Every other device you own is shielded behind the router, and isn’t publicly addressable. Your router essentially functions as a firewall, shielding your other devices from inbound connections by keeping them all to itself. But, by design, your router is the one point in your home network that’s exposed directly to the Internet. As any attacker could contact your router, it’s crucial your router is secure.

Source:
http://www.howtogeek.com/205299/how-to-ensure-your-home-router-has-the-latest-security-updates/

Posted in Hardware, Internet, Networking, Security | No Comments