Since the 1990s I have been very involved with fighting the military "don't ask don't tell" policy for gays in the military, and with First Amendment issues. Best contact is 571-334-6107 (legitimate calls; messages can be left; if not picked up retry; I don't answer when driving) Three other url's: doaskdotell.com, billboushka.com johnwboushka.com Links to my URLs are provided for legitimate content and user navigation purposes only.
My legal name is "John William Boushka" or "John W. Boushka"; my parents gave me the nickname of "Bill" based on my middle name, and this is how I am generally greeted. This is also the name for my book authorship. On the Web, you can find me as both "Bill Boushka" and "John W. Boushka"; this has been the case since the late 1990s. Sometimes I can be located as "John Boushka" without the "W." That's the identity my parents dealt me in 1943!
Tonight, on Black Friday, several media sources noted that companies (selling in major box stores) that don't have their own smart phone apps are likely to find that crooks will create phony apps in their name.
The advice is to download the app from the vendor or possibly the retailer but not from an app store.
Another risk is that individuals who do not sign up for a particular service may learn that others have created accounts in their name. This could happen with Snapchat and Instagram. When I signed up for Instagram, I found a bogus account in my name with nothing in it, but it had to be removed first.
Google is recommending that users of Google accounts on true laptops or desktops with USB ports, now consider getting security key thumb drives for use in 2-step verification of their Google accounts, rather than use pin codes by smartphone or pre-print. They also recommend financial institutions offer similar products, which can work with Google Chrome. The writeup is here.
Although the 2-step process now available pretty much stops password cracking, it’s possible for a hacker to entice a user with a duplicate built to look exactly like the original (and presumably use phishing to entice clicks, or misspellings, that today lock up browsers with scare ware.
Microsoft plans to patch a vulnerability in its Windows operating systems from 7 to 10 on Nov. 8 (Election Day, ironically), a bug known as “Strontium” or “Fancy Near”. The “Strontium” name seems to refer to loose nuclear waste in former Soviet republics (especially Georgia). A British security site Itpro has a good explanation here.
The zero-day vulnerability seems to be spread by phishing attacks, especially those appealing to the “It’s free” mentality, and seem to affect Adobe. There is some suggestion that the vulnerability originated in Russia and is intended to sabotage political campaigns.
Adobe also is warning users about the vulnerability “CVE-2016-7855” (story)
An attacker could gain control of a user’s system when viewing an infected flash file. Almost any operating system could be affected, but Adobe says its fixes will work on all systems.