Google reckon that SSL 3.0 is an insecure, obsolete protocol that has since been superseded. But even when servers support the more secure TLS 1.0, TLS 1.1 or TLS 1.2, the downgrading that takes place between servers and clients can be exploited using a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.
Bodo Möller from Google’s security team points out that this move will “break some sites” and the advice is to support TLS_FALLBACK_SCSV instead, at least for the time being. OR THE POODLES WILL GET YOU.
Basically an attacker can force this protocol downgrade to take place by preventing the initial connection from taking place. The encryption used in SSL 3.0 is fairly easily cracked and a relatively simple attack can then be used to intercept and decrypt secure cookies.
What that means is that hackers could steal browser cookies and potentially end up controlling your email, bank details and social network accounts.
So yes. BEWARE POODLES! Not only that – these POODLES are similar to another vulnerability called Firesheep. It seems that the internet is under threat from animals that have fluffy fur.
These problems will only affect people who haven’t updated their browsers in a while, so if you’re using Internet Explorer 6, you may find your computer filling up with wool. So update your browser now, y’idiot.
Industry body the British Bankers Association (BBA) has teamed up with the police to launch a campaign which they hope will raise the public’s awareness on all things fraud, looking at the most common scams that will happen online or down the phone.
Based on the results of a YouGov poll, the BBA said that eight million people are vulnerable to voice phishing scams, four million may transfer money to fraudsters, three million could potentially carry out “test transactions” and 1.7 million would hand their bank cards to couriers on their doorstep if they had a convincing form of ID.
Best not to answer the phone or door to anyone, ever.
Anthony Browne, chief executive of the BBA, said: “Being defrauded is a devastating experience for anyone which is why we are launching this campaign. The more people know about fraud, the less likely they are to become victims.”
“Our Know Fraud, No Fraud campaign will help you spot some of the tactics used by scammers. Your bank would never send someone to your home to collect your cash or ask you to transfer funds to a new account.”
So, for your records to be printed out and stapled to grandma’s forehead as a reminder to her and everyone else, here’s the BBA’s List of Things That Your Bank Will Never Ask For.
- Ask for your full PIN number or any online banking password over the phone or via email
- Send someone to your home to collect cash, bank cards or anything else
- Ask you to email or text personal or banking information
- Send an email with a link to a page that asks you to enter your online banking log-in details
- Ask you to authorise the transfer of funds to a new account or hand over cash
- Call to advise you to buy diamonds or land or other commodities
- Ask you to carry out a test transaction online
The latest in the long line of unending hackery was spotted after hackers were able to get at logins and passwords via a third party affair.
Hackers leaked 400 accounts onto site Pastebin, claiming to make the remaining 6.9 million hacked accounts available to users in return for Bitcoin donations, according to The Next Web.
The post threatened that 6.9 million Dropbox accounts had been hacked, including photos, videos and other files.
Obviously Dropbox don’t want to be seen as quite so vulnerable and so dismissed it, claiming: “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.
“We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”
Dropbox reckon that the service consistently expiries passwords for accounts that are being attacked, but could not provide a number of accounts that expired recently.
The news comes as wasteman Edward Snowden claims individuals who care about their privacy should “get rid of Dropbox”, counting it among the services that are “hostile to privacy.”
Either way, Dropbox should change their company logo from ‘your stuff, anywhere’, to ‘your stuff, bloody everywhere’.
The Minister of State for Culture and the Digital Economy wants to make it easier to fine the perpetrators of these heinous crimes.
Mr Vaizey would like to get it all sorted by the next general election, which suggests he needs to get his skates on.
A vague attempt at doing this last year was stopped, after a legal ruling went against the Information Commissioner’s Office (ICO) after it fined Christopher Niebel, the co-owner of marketing company Tetrus Telecoms, £30,000 for bombarding people with hundreds of thousands of texts regarding PPI and accident claims.
Simon Entwistle of ICO reckons: “This will make it much more straightforward for us to take action,”
“At the moment, it takes a large amount of effort to prove substantial distress and this change will make it much more proportionate to the problems these calls and texts cause.”
“We understand firms can have legitimate reasons to make marketing calls, but we reckon that for every one concern lodged with us there are about 1,000 nuisance calls or texts.”
Well, about time frankly.
Ads claiming to have nudey footage of the Harry Potter star are actually trojans riddled with malware.
Serves you right if you’re that type of person into leaked celebrity baps to be honest.
Bitdefender’s cooly-named Chief Security Strategist, Catalin Cosoi, told Digital Spy: “It all starts with a Facebook comment promising to reveal private or leaked videos of Emma Watson”.
“The comments are automatically posted by users infected with the malware. As is the case with many Facebook scams, victims end up as marketers for cyber-crooks.”
“When users click on the malicious links, they are redirected to a salacious YouTube copycat. Future victims are then asked to update their Flash Player to the latest secured version of Video Player, as an error allegedly prevents them from watching the leaked videos of Emma Watson.”
As if you needed reminding, trojan malware is a bastard, and will rifle through your computer for anything stealable.
Disguised by the Flash Player icon, Trojan downloads the infected components into computer files. The videos themselves are hosted by a fake YouTube account, identified by the Anonymous Guy Fawkes avatar in the left hand corner.
So anyway. Norks on the internet. More harm than good.
Large stadium events are always a bit of a faff, be it the limited amount of beer thanks to some watery lager sponsor, or be it it something to do with only being able to pay for things on certain credit cards.
Everyone knows the drill by now.
However, with the NFL coming to the UK, they’ve pulled a fast one that is almost impressive in its pointlessness. Basically, you can’t take any bag at all into Wembley stadium. Look at this exhaustive list of prohibited bags, which of course, are banned ‘for your safety’, even if you’ve been to big stadium shindigs before and managed to avoid a backpack maiming.
If you have a bag for your medicine and whatever, that’s fine, but as the warning leaflet says: “entry will be permitted, however you may experience a delay in entering the stadium.”
So what is fine then? What is permitted? Why, NFL approved bags you can buy outside the ground, which of course, are considerably safer than your average bag.
Of course, a huge sporting franchise taking the Michael at a enormodome is along the lines of “is the Pope Catholic?”, but this is next level ridiculousness.
If you want to watch an informative video and, if you’re going to any of the games and want to know the exact dimensions of purses that women are allowed to take, click here for the NFL’s official take on the whole thing.
The card giant has come out with SaftetyNet, which is designed to work with a bank or processor’s own security tools, and is apparently so amazing that it can thwart crimes before they happen.
According to Ajay Bhalla, who is our favourite named president of enterprise security solutions at MasterCard this week, said: “With SafetyNet we are really fast tracking the next generation of security solutions, which are designed to stop fraud or attacks before many of our partners have even noticed it is happening,”
We can do this because MasterCard’s SafetyNet operates as intelligent technology which can identify fraud in real time and decline a transaction before any exposure takes place.”
It is thought SaftetyNet uses the significant power of MasterCard’s global financial network to find potential attacks before they take place and in some cases will be able to do so before the bank or processor has noticed.
SafetyNet monitors different channels and geographic regions in order to provide the most appropriate level of support for each market and business partner involved, and works as complementary to the banks own security tools with a new layer of protection.
Bhalla added: “MasterCard is delivering a multi-layer approach to safety and security. For the consumer there are the security tools you can see including the EMV chip on your physical card or the SecureCode screen when at your online checkout. Through the launch of SafetyNet MasterCard is taking further steps to secure the payment data and transactions at both retailer and issuer”.
eBay have been having a right old time of it lately.
They’ve now been hit by online badmen who’ve been phishing and rinsing unsuspecting customers for their usernames and passwords, by placing fake item listings and redirecting users to external sites.
According to a BBC report, it was brought to attention by an eBay PowerSeller who thought something was a bit fishy about an iPhone 5 listing that took him to a weird address.
He’s also provided a video about, bless him.
The IT professional told the BBC: “It’s guaranteed – you can bet your bottom dollar that somebody’s going to click on that and be redirected to a third-party site and they’re going to enter their details and be compromised.
“You don’t know how many of the hundreds of thousands of people who use eBay will have done that.”
eBay have removed the listings, but it’s likely to be the tip of a vast iceberg, as it tries to find out how many people had been fooled by it. It’s the last thing eBay need, having had a dozen service crashes this year already.
But anyway. Keep ‘em peeled.
The sites have been posing as government channels for health insurance cards, passports and birth certificates, leaving consumers baffled, poor and riotous.
The websites – europeanhealthcard.org.uk, uk-officialservices.co.uk and ukpassportoffices.co.uk – duped users into thinking they were official providers of services they were offering, the Advertising Standards Authority (ASA) said.
It also ruled that the websites must not appear again and any future versions must feature disclaimers that say “we’re not real”.
Although, putting a thing on a site saying it’s a fake, sort of defeats the purpose of being a moody front to steal your life.
The ASA said it received large numbers of consumer complaints about websites that offered access to online government services, but which were not official channels and typically charged a premium.
The ASA said the europeanhealthcard.org.uk website charged for an application verification service, while the EHIC was available for free when applied for via the official gov.uk website.
Only stick to the proper gov channels, and if in doubt, call ‘em up and waiting 45 minutes to get through to someone.
The airline’s purchase of the Boeing 737 MAX 200s, will be able to carry more passengers due to slimmer seats and less galley space than the current 737-800s.
Obviously, Michael O’Leary, Ryanair’s CEO, reckons the extra seats would generate around €1million of additional revenue per plane per year. Oh as a bonus, he hopes it will start an old fashioned price war… “which, like all the old price wars, Ryanair will win,” the charmer bellowed.
Ryanair do say that the legroom will in fact be increased due to the seats and smaller galleys. The customers – although not fully disclosed – would have 30 inches of leg room.
However Airbus said the MAX 200 configuration would mean the removal of three of eight galley trolleys, which would leave just five trolleys for almost 200 passengers.
This is the latest in the ongoing quest to get more passengers on to planes other than just laying them on top of each other, or sitting on laps.
The number of economy seats in Boeing 777s has gone from 15% of its 74 777s taking ten abreast (up from the original nine) in 2010, to 69% in 2012.
Even Airbus have offered up designs which show an 11-abreast seating arrangement on its A380 superjumbo efforts, which would gain 35-40 more seats.
The nutjobs also tried to offer up a design featuring just saddles, but that might have been the result of someone doing some smoking.
Air-rage is increasing as a result of the battery hen scenes on the long-haul flights, with at least three planes having to be diverted in the last month.
Shall we look at a chart showcasing who has the most legroom on their economy flights? Go on, it’ll be fun!
Legroom (pitch) Seat width
Monarch 28 ins* 17 ins
Thomson 28 16.5-17.2
Thomas Cook 28-33 16.2-18.5
EasyJet 29 17.5
Ryanair 30 17
Aer Lingus 31-32 17
British Airways 31-34 17-18
(*with an “extra legroom” option of 32 ins for a fee)
Well, you haven’t been on hard drugs after all, it’s a scam. A SCAM.
Known as the “Peter Pan virus” (which sounds like some unsavoury sex practice), due to the name of the production in question, it has been doing the rounds of the inboxes in the last 24 hours.
It is possibly the most convincing phishing email as yet, and WHY MUST THESE BOZOS KEEP DOING THIS. WHY?
Claiming to be from BH Live, it displays the recipient has booked nine tickets – NINE – to a 7pm performance of Peter Pan at Bournemouth Pavilion on December 23rd.
Phishing emails typically purport to come from organisations such as banks or HM Revenue & Customs, but this one is a bit sneakier and oddly British in approach. Rest assured, Bournemouth Pavilion are ON IT and have been warning people not to open it.
Thing is, BH Live is real, and one of their leisure entertainment solutions is the Pavilion, who are actually putting on Peter Pan this Christmas.
Although Earth Wind & Fire along with Sooty & Friends (not together, although that would be incredible) look like good nights out, should you find yourself down Bournemouth way.
But you’re not going to the panto, soz. Put all this distressing phishing nonsense BEHIND YOU and delete it.
Sweden’s McDonald’s have come up with a green festival campaign. The Big Mac hitmakers are now accepting empty cans in exchange for burger-based treats.
In stores mainly around festival areas and green spaces, they are now accepting cards, cash and cans.
And so that collectors can have a handy guide as to working out the “exchange rate”, McDonald’s have provided bin bags with illustrations um, illustrating them.
For ten cans, you “can” HAHAHA have a hamburger.
However, anyone who has been to Sweden will know that everywhere is quite pricey, so you’d be better off just buying McDonalds instead, but hey – the planet and all that.
Now, who knows anything about Maccies and deforestation?
The man – and it had to be a man – who invented the pop-up advert has apologised for his behaviour.
Ethan Zuckerman, for it is he, reckoned he did not realise what fresh hell he was about to submit the internet to when he birth the code more than 20 years ago.
Wring on The Atlantic, Zuckerman said: “I’m sorry. Our intentions were good,”
“It was a way to associate an ad with a user’s page without putting it directly on the page, which advertisers worried would imply an association between their brand and the page’s content.”
Where to start with the pop-up advert? It’s seemingly innocent intentions were hijacked by the spammers to bring every internet user misery.
Put it this way, if pop-ups were unannoying, there would be no need for the invention of the pop-up blocker.
Anyway, Zuckerman seems apologetic enough. Nothing that a good jail term wouldn’t straighten out.
According to new evidence based on 3,300 internet and broadband issues handled by the CAB, shone light on the shocking behaviour of broadband companies, be it throwing cancellation charges at people or driving customers into terrible contracts.
If customers refuse to pay charges, the cancellation fee is passed to a debt collection agency which, according to Gillian Guy, the CAB chief exec, is “punishment” for wanting to change supplier or end a contract. Before adding that “People are finding themselves held captive by bad broadband services”.
As a simple request, the CAB are suggesting that broadband providers don’t charge people when they say ‘you are utterly shit, I’m off’.
Especially if the customer is facing dreadful connection speeds and general faults. Even the customer service chapters of the broadband giants were blamed for being generally quite unpleasant and unhelpful.
The worst case included a woman being hit by a cancellation fee even though her service was so bad she was forced to visit an internet café, or perhaps it was the 70yr old man who cancelled his service early and was still charged £200.
A Citizens Advice Bureau spokesman said that “Companies should be responding to their customers”.
He probably went on and described Broadband providers were behaving like slightly shit highwaymen, but our internet cut out before he finished.
The TPS runs a register designed to reduce any unsolicited sales calls. Firms can be fined for ignoring the list.
According to the findings of the research, while the TPS is “highly effective” at stopping calls to consumers registered on TPS by legitimate telemarketing companies, TPS-registered consumers still receive on average 2.5 nuisance calls per month.
It transpires that only a third of “nuisance” calls are blocked by the service, which allows individuals to opt-out of marketing calls, research has found.
However some rogue companies are flouting the rules, according to regulators. And us lot unwittingly give consent for calls by ticking a box on devious online sales forms.
The research, commissioned by Ofcom and the Information Commissioner’s Office, found that registering with the TPS blocked 35% of all nuisance calls.
If you’re an individual, registration on the TPS is free and takes 28 days to become effective.
It is a legal requirement that all organisations – including charities, voluntary organisations and political parties – do not make such calls to numbers registered on the TPS unless they have the individual’s consent to do so.
There are plans to increase the level of fines levied on firms that make nuisance calls, and these are due in October.
Fines of up to 20% of annual turnover could be handed down to firms using information gathered by unlawful unsolicited calls and texts. That’ll learn ‘em.
Let’s see what the swarthly named Claudio Pollack from Ofcom has to say: “We understand how frustrating it is to still receive some unsolicited sales calls despite being TPS-registered,”
“That is why we welcome tough enforcement action from the ICO against rogue companies who breach the rules.”
Currently, the ICO must demonstrate “significant damage or distress” caused to individuals by nuisance calls or spam texts in order to issue monetary penalties of up to £500,000.
Christ, let’s hope no mobile company has pissed off its users by spamming them willy nilly then. Oh.