September 25, 2019

Patch released for Windows-pwning VPN bug

By Danny Bradbury

VPN vendor Forcepoint has patched a security flaw that could have given attackers unfettered access to its users’ Windows computers.

Security company SafeBreach Labs discovered the vulnerability in Forcepoint’s VPN client software. The software used to be called the Stonesoft VPN client before Raytheon Websense rebranded as Forcepoint and bought it in 2016. It provides a secure connection between Windows endpoints and the Forcepoint Next Generation Firewall. You’d use it to log in securely to your company’s servers over public Wi-Fi, for example.

The vulnerability lies in the client software’s choice of directory paths when loading a critical software module. It loads on bootup as sgvpn.exe, which is an executable digitally signed by Forcepoint, running under a privileged NT AUTHORITY\SYSTEM account.

sgvpn.exe then tries to find another file called sgpm.exe, which is the VPN’s policy manager. It looks in two locations: C:\Program.exe and C:\Program Files (x86)\Forcepoint\VPN.exe.

The problem is that it isn’t supposed to look in those locations.

In its article detailing the bug, Forcepoint explained that the incorrect directory paths are due to an unquoted search path vulnerability. sgvpn.exe creates a command sent to the Windows command line that includes the executable and a command line argument that tells the operating system how to run it.


Google wins landmark case: Right to be forgotten only applies in EU

By Lisa Vaas

Be careful what you put online, we constantly tell kids: the internet never forgets.

Well, unless you’re European, that is. In Europe, people have the right to ask the internet to develop select amnesia when it comes to what Google Search captures and retains in its expansive maw.

It’s called the right to be forgotten (RTBF): a right bestowed in 2014 when the European Court of Justice (ECJ) ruled that people are entitled to having the internet forget them.

Since 2015, Google and the French data privacy regulator, CNIL, have been wrestling over how wide a net that implies. Does the amnesia only include results returned to Europeans? Or does it pertain to Google’s worldwide list of domains?

On Tuesday, the ECJ ruled in Google’s favor: RTBF is EU-only, it decreed.


In June 2015, the French data protection agency told Google that it doesn’t care if a URL’s got .fr, .uk or .com glued to the end. If a European makes a legitimate request to be forgotten in search results, make it so on all your search engines in all countries, it said.

Google’s response came a month later: Ain’t happening, it said. Google filed an informal appeal saying that it would defy CNIL, that the ECJ’s ruling wasn’t global in nature, and that any move to make it so would be “a troubling development that risks serious chilling effects on the web”.

In September 2015, CNIL rejected Google’s appeal, saying that its decision didn’t mean that CNIL was trying to apply French law extraterritorially:

It simply requests full observance of European legislation by non-European players offering their services in Europe.

In February 2016, facing fines from the CNIL, Google gave in, extending RTBF to all its domains. It did what EU privacy regulators had been asking it to do and what France legally forced it to do: it submerged RTBF search results on all domains, making it impossible for people to simply hop off the .fr version of Google to go find the material on another Google domain – say,


Twitter’s new policy bans financial scams

By Lisa Vaas

Around about a year ago, it looked like Elon Musk was promoting a great deal: send a little bit of Bitcoin to the wallet of a blue-checkmark verified Twitter account, and get back 10x your money!!!!

…except, of course, he wasn’t. It was a scam: some flimflammer had gotten hold of a verified account, kept the handle (Knip), and changed the display name next to “Promoted by” to read “Elon Musk.”

At the time, Naked Security’s Maria Varmazis wondered how in the world the behavioral red flags of the hijacked account hadn’t set off any warning bells at Twitter:

This verified account was inactive for a few months and then suddenly sprang to life, tweeting about cryptocurrency and asking for deposits. The display name was changed and the avatar was reset. In isolation, just one of these behaviors might not mean much, but in series, they paint a picture of an account that’s likely up to no good.

We don’t know what kept Twitter from spotting a string of behavior that led up to such an egregious scam: whoever it was had made withdrawals of at least $3,000 from the $10,000 worth of Bitcoin in their wallet at the time Maria checked.

Crackdown on scams

But now, we’re pleased to report that Twitter is finally cracking down on these kinds of financial scams.

On Monday, the platform unveiled a new policy that prohibits using “scam tactics” to weasel money or private financial information out of others. It’s outlawing behavior that involves deceiving others into sending money or personal financial information via phishing, deception or fraud.

One of the examples of scam tactics that Twitter listed matches the Elon Musk scam: Deceiving others into sending money or personal financial information by operating a fake account or by posing as a public figure or an organization.



Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation