Friday, March 10, 2017

Can my iPhone have viruses?

Yesterday, while browsing a supposedly mainstream news site on my iPhone 6, a popup claimed I had six viruses on my phone.  It took a little trouble to make it go away, but it finally did.
This does appear to be the old “fake anti-virus software” problem well known to Windows users from a decade ago.   I don’t see any evidence of tampering with any financial sites accessed from the phone (as I check them on varied environments frequently), and I don’t see any evidence of infection in any images or videos I moved to a windows machine for use (I did a full Trend Micro scan).

Nevertheless, I did a little check on the latest advice on iPhone and Mac malware, and here is a good article (although from 2012).   The article has some interesting discussion of past security problems in the java language and virtual machine, which was all the rage fifteen years ago.

You may be able to get rid of an “adware” message from Safari by going to airplane mode and closing and reopening Safari (video above).  This is similar to getting rid of a fake “system message” scareware browser hijack on a Windows machine.

Wednesday, March 08, 2017

CIA's Vault 7 does sound like a Roadside Attraction, to me at least

There’s a lot on the Internet now about the CIA’s Vault 7 “scandal”.  Milo Yiannopoulos carried the most bombastic story on his own beefed-up conservative news site (since he left Breitbart, but he presents very similar stories to Breitbart), here.

CNN has answered Milo by finally putting up a detailed story on how Wikileaks got the scoop, here.

This probably doesn’t matter to Internet users in the US much (except maybe those doing illegitimate stuff overseas on the Dark Web -- the CIA "normally" cannot "legally" spy on people at home).  But it does show that hackers could likewise compromise “the Internet of Things” and conceivably spy on people through smart TV’s (even when off but plugged in).  In the very worst circumstances, voyeurs could spy on women or children.  It also shows that in extreme circumstances, foreign hackers (like in Russia), maybe state supported, could spy on high profile Americans at home.

Young OAN correspondent Trey Yingst, 23, asked Sean Spicer about Vault 7 in a White House briefing Tuesday, and Spicer refused to comment.  I was watching (at home on CNN -- I don't have WH access, at least not yet).

This is almost the stuff you would need if you thought aliens from other planets could masquerade as Clark Kent clones among us. What would Donald Trump do about real aliens?  You can't deport somebody 40 light years away.

Saturday, March 04, 2017

Webroot warns of new IRS, Paypal phishing attacks

Webroot is warning users about fraudulent IRS W-2 emails, in this article.    The IRS won’t send you emails (except to verify that returns have been accepted – thru HRBlock).  State tax departments (like Virginia) often send business customers legitimate emails (like when sales tax reports are due).

And PayPal users are often targeted in phishing attacks (lately through Gmail), as in this Webroot story.   Since some small non-profits take Paypal but not credit cards (to help “unbanked” clients), most people need Paypal (which can be connected to a credit card for replenishment).

Tuesday, February 28, 2017

Fair use may help Internet and smart device users protect themselves from hackers

Kerry Sheehan has an interesting essay at Electronic Frontier Foundation, “Fair Use as Consumer Protection”, link.
As you read through the examples, it’s apparent that most of the uses given would help consumers protect their devices from hackers, even perhaps protect home routers from illegal use by others.  It’s possible to imagine that Airbnb would find some of this interesting.

Tuesday, February 07, 2017

Spam comments try to lead to fake Internet security links

I have become aware of the practice of some spammers to send spam comments to blog postings about various Internet security companies with links to fake sites pretending to be the security company   This is a variation of the usual email phishing, where the spammer tries to put spam comments on blogs with fake links.

Comment moderation (or use of services like Akismet) should stop this.

In one case, Google comment moderation warned me on a comment with a hidden link to “webrootsupportphone dot com”.  I have reported this to the company but it appears not to be legitimate.
This probably happens with all major security companies.

Tuesday, January 31, 2017

Trump postpones cybersecurity EO, but has specifically mentioned power grid security, which is unusual

President Trump postponed signing an executive order related to cybersecurity today, with no reason specified, according to NBC News, story here.

The president talked to some tech security companies today, and made a brief statement.  It is interesting that President Trump mentioned the power grid as a possible target, as so well documented in Ted Koppel’s book “Lights Out”.   I have actually tweeted "RealDonaldTrump" directly on this issue.

The president could tighten rules about network topology that even allows it to be possible to access the power grids or other infrastructure, or that makes components (like transformers) vulnerable to sabotage.

Sunday, January 01, 2017

"True Key" from Intel, provided facial recognition sign-on, seems to come with a recent Windows 10 update

I recently had problems with an install of a Microsoft update KB3206332 of Windows 10 after the cumulative upgrade last August, on a Toshiba satellite that had been converted from Windows 8.1,

I kept getting repeated errors "0x80070564" after very slow installs ("preparing to install, 1%, then 20%.  Also, when booting up, Trend Micro would take a long time to start, prompting warnings.

Geek Squad got it installed, but said it found malware (with Webroot) that Trend Micro had missed. It thought the errors were due to the malware.

But the adobe flash, which had updated before, now offers a "True Key" option rather than password for log on.  (It has not done this on my HP Envy with the same update.) I tried to use it, and I could not get it to take my picture properly.  Maybe my Comcast Internet wasn't strong enough (it has been shaky recently).  Eventually I had to opt out and go back to regular log on.  True Key will tell you to use your Microsoft password, but actually you have to use the password for that computer, which can be different.

Here's the link for True Key. But curiously that site (which displays the Intetl trademark has a gray rating from Trend, but there is another green link on Intel's site here.  Bleeping Computer says the original link is OK (answer to question here),