October 23, 2018

Why is Elon Musk promoting this Bitcoin scam? (He’s not)

By Maria Varmazis

Bitcoin scammers subvert Twitter verified accounts and ad promotions to impersonate celebs and fool victims. While scrolling through my own Twitter feed this past Sunday, I saw one such scam pop up. It was so unabashed that I had to take a screenshot of it.

https://sophosnews.files.wordpress.com/2018/10/promoted-tweet-nakedsecurity-maria.jpg?w=499&h=953

How could something so obviously fake have a prayer of working? Surely Twitter has protective measures in place to stop such ‘promotions’ from running. I didn’t think these tweets would last online for more than a few minutes.

As I found out the next day, this scam actually ran for almost 12 hours before Twitter caught on and put an end to it. And 12 hours was plenty of time for the scammers to separate a few victims from their Bitcoins.

Read more at https://nakedsecurity.sophos.com/2018/10/23/why-is-elon-musk-promoting-this-bitcoin-scam-hes-not/

Pirates! Don’t blame your illegal file sharing on family members

By Danny Bradbury

Europeans: Thinking of blaming your illicit file sharing activity on a family member to get off the hook? Forget it. The European Court of Justice (ECJ) just closed that particular loophole.

Earlier this month, the ECJ ruled in the case of German publisher Bastei Lübbe vs internet user Michael Strotzer. In May 2010, someone shared one of the company’s audiobooks on a P2P file sharing service via Strotzer’s internet connection. After he failed to comply with a cease and desist notice, the publisher sued him for damages in a Munich court.

Shared internet access

Strotzer denied infringing any copyright himself, instead asserting that his computer was switched off at the time the infringement happened, and that his parents also had access to his internet connection. However, they don’t use file sharing services and didn’t have the audiobook in question, he added.

The Munich court seized on the fact that Strotzer’s parents had access to the internet connection. This meant he couldn’t be held liable, it said. So Bastei Lübbe appealed to a regional Munich court.

Read more at https://nakedsecurity.sophos.com/2018/10/23/pirates-dont-blame-your-illegal-file-sharing-on-family-members/

Popular website plugin harbored a serious 0-day for years

By John E Dunn

Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile.

An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin, jQuery File Upload, used to add user-friendly file upload capabilities like drag and drop to websites and web content management systems, including WordPress.

According to the node.js repository NPM, it’s being downloaded around 1.5 million times per week, which is not surprising given that it’s used by thousands of third-party packages.

The disturbing part wasn’t simply the flaw itself – which would allow an attacker to upload files and run their own command line shell on any affected server – but that it’s a zero day, and that went unnoticed for so long.

The term zero day is sometimes used loosely but the strict definition is that it’s a vulnerability being exploited by cybercriminals for which there is no patch.

Read more at https://nakedsecurity.sophos.com/2018/10/22/popular-website-plugin-harboured-a-serious-0-day-for-years/

Alleged robber busted after Facebook-friending victim to apologize

By Lisa Vaas

Around 1am on a night in early August, a pizza delivery driver brought a big order to a home in the US town of Reading, Pennsylvania.

Nobody was there to take the food, so after several tries, she gave up and went back to the restaurant. That’s a whole lot of pizza to dump in the trash, though: $75 worth. Her boss told her to go back and try again.

So she did. This time, a guy came out to meet her. As the local paper the Reading Eagle tells it, he fumbled in his pockets for money, but no money was forthcoming.

Instead, a second man came out of an alley, holding a gun. Put down the food and give me all your money, he told the delivery driver. The driver did as she was told, putting $35 on top of the food.

That was 1 August. Twenty-six days later, the driver, who wasn’t identified, got a Facebook friend request. Hey, I recognize that guy, she said: that’s the guy with the gun.

On Monday, police arrested 26-year-old Jerel Guzman, charging him with robbery, theft and simple assault.

The police didn’t say just how, exactly, Guzman allegedly found the driver on Facebook. When he first contacted her, investigators said, she didn’t want to talk to him, assuming that he was using a fake profile.

Read more at https://nakedsecurity.sophos.com/2018/10/22/alleged-robber-busted-after-facebook-friending-victim-to-apologize/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation