FBI needs home users to learn router programming skills to defeat determined foreign hackers

The FBI is warning consumers about malware that can attack home routers, especially VPN.
   

The Boston Globe has a typical story here. 

Rebooting the router (from the power button, or by disconnecting and reconnecting, which causes most routers to go through the reboot) usually causes installs of any firmware from the cable vendor.  But for this malware, the reboot install may not be sufficient.

The FBI is encouraging home router users to learn how to sign on and update their routers manually, which normally requires shell scripting skills and operating system knowledge.

   

Comcast, Cox, etc. will soon have comments on this issue.

US Cert has a bulletin on the issue here. 

Smart phone tracking and stalking a bigger problem than most people realize

Jennifer Valentino DeVries has a long article in the New York Times Saturday on smart phone stalking and tracking, here 

  

There seem to be dozens of apps that make this possible, at least a short distance.

  

The problem seems to occur the most with domestic abuse.

  

  

NBC Washington also presented a report May 17. Fox stations have also reported it.  

Chrome will suppress "secure icon", simply call out insecure sites in September 2018

Google Chrome will suppress it’s “secure” icon in September for sites that are accessed through https (have an SSL certificate) but leave the red “not secure” on for sites that are not.

Marietta Moon writes for Engadget here.

  

   

Google really wants to push unsecure content off the web, even when it doesn’t require user signin or collect data, partly because of increasing concerns over “man in the middle” attacks from foreign sources.
  

New concerns surface concerning vulnerabilities in email encryption standards

Electronic Frontier Foundation has sent out an advisory regarding vulnerabilities in various implementations of PGP encryption on various email platforms. The article is by Erica Portnoy, Danny O’Brien, and Nate Cardozo. 

Some of the vulnerabilities could enable an attacker to access other encrypted emails you have sent.

A lot of the public may not feel that this issue is as important as some others.  Most of us need to encryption standards when we deal with financial institutions to buy new products (like annuities) or go through real estate closings and need to do a lot of Docusigns.

One problem seems to be that some of the vulnerabilities could be activated merely by opening an email with html enabled, even without opening attachments. 

The IT departments of insurance companies and banks will be kept especially busy

Apple's new "Black Dot of Death": we need a fix quickly

There is a bug in IOS 11 versions on the iPhone that can cause the message app to freeze.  It has to do with Unicode that overfills a buffer associated with a “black dot” emoji ("The Black Dot of Death"). 

On Andrpid it only freezes WhatsApp. On the iPhone if freezes the entire message app.;  It is rather complicated to fix.

It could be a real problem, for example, if you are waiting for a taxi and getting messages from the taxi company.  (I don’t think it affects Uber.)

Typical story is here. 

  

It is a little unclear if it freezes the entire phone or just the messages app.  It takes a long time to send.

The demonstrator says it is easy to fix by starting a new messages occurrence.  Fox8 in Cleveland says to use the Siri app. 

The phone can overheat when sending or receiving the message.  Could this become an airline fire hazard?

  

Apple will surely fix this very soon. 

Russian hackers impersonated radical Islam, harassed military spouses online as early as 2015, well before Trump's candidacy and election

There was an alarming historical story on AP by Raphael Satter, about how Russian hackers had impersonated ISIS with text messages or other social media contact with military spouses, at least back in 2015. 

At least one of the spouses was part of Military Partners, an association of partners of LGBT service members, active since the repeal of DADT and also since Obergefell.

But the attack appears to have been part of a Russian troll attempt to spread confusion and dissension, even well before the 2016 elections and even before Donald Trump had announced his candidacy. 

   

This story bears watching.

Phishing emails asking for payment for fictitious loans

Here’s a new one.  I don’t recall getting an email before about a loan I didn’t make.

But I got an email from “elastic.co” claiming I owe a $19 payment to “accounts receivables”.  There was an attached pdf which I didn’t open. The “.co” refers to Colombia, so that’s suspicious. 

I’ll probably pull credit reports in a few days to make sure there is nothing going on. 

I generally open “suspicious” emails only on the iPhone (apple operating systems don’t seem to be as vulnerable) and don’t open the attachments at all.

“Elastic” does appear, from superficial checking, to be a real company that makes loans. I doubt this email came from them. But I did sent this on to Webroot and to Trend Micro to check further. 

   

I should also mention that I've gotten a few US mail letter offering $100,000 lines of credit (one of them was $500,000).  I've ignored them.  They've never shown up on a credit report.