Turn Off Automatic iOS App Updates TidBITS(cached at September 16, 2014, 11:34 pm)

With vast numbers of apps being updated for iOS 8 in the next few weeks, it’s safer to turn off automatic updates so you control which apps are updated and when. If it ain’t broke… don’t let it update so it doesn’t possibly break.

 

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

Turn Off Automatic iOS App Updates TidBITS(cached at September 16, 2014, 11:34 pm)

With vast numbers of apps being updated for iOS 8 in the next few weeks, it’s safer to turn off automatic updates so you control which apps are updated and when. If it ain’t broke… don’t let it update so it doesn’t possibly break.

 

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

Färre fattiga i USA SvD Utrikes(cached at September 16, 2014, 11:33 pm)

Andelen fattiga i USA föll i fjol för första gången sedan 2006, med en halv procentenhet till 14,5 procent. Den största förbättringen finns bland spansktalande så kallade hispanics, enligt färska siffror från statistikmyndigheten Census Bureau.
Färre fattiga i USA SvD Utrikes(cached at September 16, 2014, 11:33 pm)

Andelen fattiga i USA föll i fjol för första gången sedan 2006, med en halv procentenhet till 14,5 procent. Den största förbättringen finns bland spansktalande så kallade hispanics, enligt färska siffror från statistikmyndigheten Census Bureau.
HD-ägare tog ut 200 miljoner SvD Inrikes(cached at September 16, 2014, 11:33 pm)

Detaljerna kring Sydsvenskans köp av Helsingborgs Dagblad (HD) har inte varit kända. Men nu har HD:s förra ägare tagit ut 200 miljoner i aktieutdelning efter affären.
HD-ägare tog ut 200 miljoner SvD Inrikes(cached at September 16, 2014, 11:33 pm)

Detaljerna kring Sydsvenskans köp av Helsingborgs Dagblad (HD) har inte varit kända. Men nu har HD:s förra ägare tagit ut 200 miljoner i aktieutdelning efter affären.
'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques (SC Mag SANS ISC SecNewsFeed(cached at September 16, 2014, 11:30 pm)

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques (SC Mag SANS ISC SecNewsFeed(cached at September 16, 2014, 11:30 pm)

NIST Releases Draft Guidelines for 3-D Printer Security (September 11, 2014) (SANS SANS ISC SecNewsFeed(cached at September 16, 2014, 11:30 pm)

NIST Releases Draft Guidelines for 3-D Printer Security (September 11, 2014) (SANS SANS ISC SecNewsFeed(cached at September 16, 2014, 11:30 pm)

Adobe updates, Reader and Acrobat --> http://helpx.adobe.com/security/products/read SANS Internet Storm Center, InfoCON: green(cached at September 16, 2014, 11:30 pm)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Adobe updates, Reader and Acrobat --> http://helpx.adobe.com/security/products/read SANS Internet Storm Center, InfoCON: green(cached at September 16, 2014, 11:30 pm)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://yourfakebank.support -- TLD confusion starts!, (Tue, Sep 16th) SANS Internet Storm Center, InfoCON: green(cached at September 16, 2014, 11:30 pm)

Pretty much ever since the new top level domain (TLD) ".biz" went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live. It looks like a number of the "new" top level domains, like ".support", ".club", etc have now come online. And again, it seems like only the crooks are buying.

We are currently investigating a wave of phishing emails that try to lure the user to a copy of the Bank of America website. The main difference, of course, is that any login credentials entered do not end up with Bank of America, but rather with some crooks, who then help themselves to the savings.

Phishing emails per se are nothing new. But it appears that URLs like the one shown in the phishing email above have a higher success rate with users. I suspect this is due to the fact that the shown URL "looks different", but actually matches the linked URL, so the old common "wisdom" of hovering the mouse pointer over the link to look for links pointing to odd places .. won't help here.

But wait, there's more! Since the crooks in this case own the domain, and obviously trivially can pass the so-called "domain control validation" employed by some CA's, they actually managed to obtain a real, valid SSL certificate!

Quoting from the Certificate Authority's web site:

Comodo Free SSL is a fully functional Digital Certificate, recognized and trusted by 99.9% of browsers. Your visitors will see the golden padlock and won't see security warnings. What will you get:

They don't mention why they think any of this is a good idea.

Addition of SSL to the phish means that another "scam indicator" that we once taught our users is also no longer valid. When a user clicks on the link in the phishing email, the browser will actually show the "padlock" icon of a "secure site". See the screenshot below.

 

If you have seen other recent banking phishes that use new top level domains and/or valid SSL certificates, please let us know via the contact form, or the comments below!

 

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://yourfakebank.support -- TLD confusion starts!, (Tue, Sep 16th) SANS Internet Storm Center, InfoCON: green(cached at September 16, 2014, 11:30 pm)

Pretty much ever since the new top level domain (TLD) ".biz" went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live. It looks like a number of the "new" top level domains, like ".support", ".club", etc have now come online. And again, it seems like only the crooks are buying.

We are currently investigating a wave of phishing emails that try to lure the user to a copy of the Bank of America website. The main difference, of course, is that any login credentials entered do not end up with Bank of America, but rather with some crooks, who then help themselves to the savings.

Phishing emails per se are nothing new. But it appears that URLs like the one shown in the phishing email above have a higher success rate with users. I suspect this is due to the fact that the shown URL "looks different", but actually matches the linked URL, so the old common "wisdom" of hovering the mouse pointer over the link to look for links pointing to odd places .. won't help here.

But wait, there's more! Since the crooks in this case own the domain, and obviously trivially can pass the so-called "domain control validation" employed by some CA's, they actually managed to obtain a real, valid SSL certificate!

Quoting from the Certificate Authority's web site:

Comodo Free SSL is a fully functional Digital Certificate, recognized and trusted by 99.9% of browsers. Your visitors will see the golden padlock and won't see security warnings. What will you get:

They don't mention why they think any of this is a good idea.

Addition of SSL to the phish means that another "scam indicator" that we once taught our users is also no longer valid. When a user clicks on the link in the phishing email, the browser will actually show the "padlock" icon of a "secure site". See the screenshot below.

 

If you have seen other recent banking phishes that use new top level domains and/or valid SSL certificates, please let us know via the contact form, or the comments below!

 

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Micron Releases 16nm-Process SSDs With Dynamic Flash Programming Slashdotby Soulskill on storage at January 1, 1970, 1:00 am (cached at September 16, 2014, 11:03 pm)

Lucas123 writes: Micron's newest client flash drive line, the M600, uses its first 16nm process technology and dynamic write acceleration firmware that allows the flash to be programmed as SLC or MLC instead of using overprovisioning or reserving a permanent pool of flash cache to accelerate writes. The ability to dynamically program the flash reduces power use and improves write performance as much as 2.8 times over models without the feature, according to Jon Tanguy, Micron's senior technical marketing engineer. The new lithography process technology also allowed Micron to reduce the price of the flash drive to 45 cents a gigabyte.

Read more of this story at Slashdot.