This week in computer security

[Bobthebuilder]

I agree, I had 2 instances where important files were lost because I didn't properly back them up:/ Acronis is a quite good one usually, a friend of mind is using it. For those that have their own server, here's some other things you can do for extra security of your data.

 

[Ripper]

https://www.armis.com/blueborne/

A new vulnerability affecting just about every computing device with Bluetooth. Look for updates for your devices.

 

[Thrasher]

Thanks for the alert!

 

[Arkadia7]

Dang, that bluetooth vulnerability does look serious. Microsoft is apparently patching it for windows today.

Speaking of computer security, I have been looking into ransomware. It's a very nasty threat that is becoming more common. Here is an article about some of the nastiest ransomware made, and what it does to computers (locks them down completely)
https://dialanerd.co.za/worst-ransomware-top-6-malicious-viruses?

Zone alarm has put out a good program that tested well that detects and removes ransomware exclusively, check it out if interested. It's $2 a month.
http://www.zonealarm.com/anti-ranso...83032d-78e5-42ea-92c0-7fb9186cf66b&network=cj

 

[Lucky Day]

Surprised no one has mentioned the 143 million potential accounts hacked from credit agency Equifax.

This happened in July? but they are only doing something about it now.

Click this link

https://www.equifaxsecurity2017.com/

And go to "enroll" with your name and last 6 digits of your SSN to see if you data has been breached.

You don't have to actually enroll. Tricking you into enrolling for paid services is what got this and the two other companies into trouble the first time requiring that free credit report website.

 

[Thrasher]

I am so fed up with businesses and government agencies being unable to protect our personal information entrusted with them. I hope that Equifax is ruined by lawsuits. Every 6 months there's another break in that affects me.

Microsoft STILL hasn't released it's patch for Windows 10 64bit. All other companies have for a while now. Incompetent douches.

 

[joxer]

And go to "enroll" with your name and last 6 digits of your SSN

Erm... What's SSN?

 

[Thrasher]

Yeah, like I should trust these assholes with anymore of my personal information. Grrrrr...

 

[Ripper]

Don't get me started on these wretched "credit agencies". It's an absolute bloody free-for-all with our personal data out there, conducted with utter indifference, and feeble security.

 

[RPGFool]

Computer Security = Delusion (A delusion is a belief that is held with strong conviction despite superior evidence to the contrary).

The best any of us can do is just try to make it difficult -- strong passwords, VPNs. etc.

__

 

[Myrthos]

Erm… What's SSN?

My guess would be Social Security Number.

I don't use Bluetooth on my Android phone. Besides that, it is not like Samsung is likely to provide any updates for an S5 mini Duos. My iPad isn't affected (but still doesn't use Bluetooth) and my PCs don't use Bluetooth either.
Our car does however, but I wouldn't know at the moment if they do security fixes for our car. It also can't be disabled.

 

[Thrasher]

I use both a Bluetooth keyboard and a mouse at work for my pc laptop, so I am concerned.

 

[Ripper]

I wouldn't worry about basic peripherals themselves, once the os is patched. As Myrthos points out, more of a worry are things with CPUs and storage, like car systems, fancy entertainment hubs, smart appliances and so on. Many of those have Bluetooth and run on minimal, often pathetically insecure Linux builds. They could potentially be a target.

 

[RPGFool]

Bruce Schneier has some choice comments about the Equifax data breach. The entire article is is worth reading; here's an excerpt:

Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims…

The market can't fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn't notice, you're not Equifax's customer. You're its product.

This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights.​

As to Bluetooth, apparently that has been a security threat to users for--basically--ever. One detailed analysis essentially recommends turning off all bluetooth devices. Further, an Ars Technica article details how most bluetooth devices leak information about the user, user's location and the like.

__

 

[Thrasher]

Yes but my laptop Bluetooth has to be enabled to use Bluetooth peripherals. Am disabling it for now until patched.

 

[Zloth]

Microsoft STILL hasn't released it's patch for Windows 10 64bit. All other companies have for a while now. Incompetent douches.

From what I heard, the patch was out back in March. Equifax just hadn't bothered to apply it yet. Or were you talking about the Bluetooth thing?

 

[Thrasher]

Bluetooth. Looks like they pushed a patch in the last couple of days. Not sure if it covers bt though.

 

[Alrik Fassbauer]

I am so fed up with businesses and government agencies being unable to protect our personal information entrusted with them. I hope that Equifax is ruined by lawsuits. Every 6 months there's another break in that affects me.

Not going online is the only answer, imho - but, on the other hand, they still have servers internally storing data. I do wonder, however, why they don't have so-called "de-militarized zones", or the data storing servers vbeing connected to the internet at all. One simply doesn't need internet connection for that. The servers should even have their own cables and their own servers, if one makes that strict.

And then there are employees still opening attachments ... Last bigger case was the government's servers of the federal state of Sachsen-Anhalt in Germany being taken down because of such an incident.

Employees should get informed as well. *Much* better informed. But who is the "technies" is able to put computter security into words so that even the dumbest employee will understand it ? They might be great at working with computers, but if an IT professional fails to explain what's important in computer secuity, then the whole firm might fail at one point. Because of one unknowing employee.

 

[you]

It is not that they can't protect the data; it is that they have no motivation to do so. Its no skin off their back if they screw everyone.

 

[Zloth]

And then CCleaner got hit: http://www.pcgamer.com/hackers-use-ccleaner-as-malware-host-affects-227-million-users/