Liking a Facebook Post = Violating a Restraining Order?

“Liking” a Facebook post means violating a restraining order? “[Justin] Bellanco’s ex-girlfriend April Holland had filed a restraining order against him after he had threatened to ‘shoot her knee cap to watch her suffer.’ The restraining order forbade Bellanco for having any contact with Holland for at least a year, but he was arrested earlier this week after Holland had told authorities that he had liked 22 of her photos and videos on Facebook.”

Lenovo Gets Caught With the Crapware Again

Ewww. Looks like Lenovo’s in the middle of another crapware scandal. I am actually typing this on a Lenovo, but happy, it’s a Lenovo which was formatted and set up with Linux. Ask me if I’m buying another one. (No.) “Windows 8 and Windows 10 contain a surprising feature that many users will find unwelcome: PC OEMs can embed a Windows executable in their system firmware. Windows 8 and 10 will then extract this executable during boot time and run it automatically. In this way, the OEM can inject software onto a Windows machine even if the operating system was cleanly installed. The good news is that most OEMs fortunately do not seem to take advantage of this feature. The bad news is that ‘most’ is not ‘all.’ Between October 2014 and April of this year, Lenovo used this feature to preinstall software onto certain Lenovo desktop and laptop systems, […]

Yet Another Flash Update

Oh how shocking: More Flash updates. “Adobe’s latest patch for Flash (it has issued more than a dozen this year alone) fixes at least 34 separate security vulnerabilities in Flash and Adobe AIR. Mercifully, Adobe said this time around it is not aware of malicious hackers actively exploiting any of the flaws addressed in this release.”

Twitter is Expanding Its Transparency Report

Twitter is expanding its transparency report. “Since 2012, we’ve published a biannual transparency report covering government requests and copyright notices. Now, for the first time, we’re expanding the scope of the report to include two new sections: trademark notices and email privacy practices. In addition to the two new sections and updated data, we’ve rolled out a site-wide redesign, including an updated homepage, more mobile-friendly layouts, and easier access to individual country reports.”

Harvesting Facebook Details Through Randomly-Generated Phone Numbers

If you’ve made your Facebook account discoverable through your phone number, you may want to change that. “Facebook has been urged to tighten its privacy settings after a software engineer was able to harvest data about thousands of users – simply by guessing their mobile numbers. The developer obtained the names, profile pictures and locations of users who had linked their mobile number to their Facebook account but had chosen not to make it public.”

HTC Stored Fingerprint Images in Unencrypted Image File

Is there anything worse to store in plain text than passwords? Like, say fingerprint images? “Researchers from FireEye have found that data that could be used to clone a user’s fingerprint was stored as an unencrypted “world readable” image file on HTC smartphones. Four security researchers discovered that the image file, which is clear replica of a user’s fingerprint, could be stolen by rogue apps or hackers.”

Another Big Ol’ Android Vulnerability — Certifi-Gate

Another day, another Android vulnerability. Maybe it is as bad as Flash. “Dubbed Certifi-gate, the researchers say that vulnerabilities in the OEM (manufacturers of Android devices like Samsung, LG and Sony) implementation of Remote Support allows a third party app’s plugins to access a device’s screens and actions using an OEMs own signed certificates. That means a nefarious individual could see what you’re doing and control your phone or tablet. And according to the researchers, there’s no reasonable way to revoke the certificates as an end user.”

Nasty Firefox Exploit Found In the Wild

A nasty Firefox exploit has been found. Update! “Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.”

Google, Samsung to do Monthly Android Security Updates

Samsung and Google will release Android security patches every month. “Alongside the new frequent security updates, Google has finally released a patch for Stagefright for its own Nexus line of phones, which it sells directly to customers. The company argues that the majority of users weren’t at risk, however, with application sandboxing limiting the amount of damage an attacker could do.”

San Francisco PD Has An “Instagram Officer”

The San Francisco Police Department has an Instagram officer. And it’s apparently useful. “The Instagram photos showed the minor, who was already on probation and prohibited from possessing any type of firearm, with a gun tucked into the waistband of his pants. Based on the Instagram photographs that showed the two suspects brandishing firearms, the officers decided to perform a probation search, where the suspects were detained — still wearing the same clothes they had been wearing in the Instagram photographs that Ochoa had seen earlier that evening.”

Google’s Retail Beacons May Have Some Security Issues

Google’s new retail beacons have some potential security issues. “Being able to push unauthorized updates to beacons in the field means that a physical version of the classic email ‘phishing’ scam is possible. And while we may be used to ignoring scam emails, scam notifications on phones are something new; apps and people who receive the notifications may be more easily taken in.”

Facebook, Now with Really Icky Patent

Facebook has gotten a really icky patent. “On Tuesday, the social network was granted a patent for authorizing and authenticating a user based on their social network on Facebook, as first spotted by SmartUp Legal. Though the document details multiple applications for the patent, including filtering out SPAM and helping with search queries, it also explicitly states that it could be used to approve a loan based on a user’s social connections…”

Yahoo Ads Used to Distribute Malware

A vulnerability in Flash has been used to distribute malvertising. “According to a recent discovery, it seems that hackers have actually been taking advantage of another Flash vulnerability and for the past seven days, they have actually used Yahoo’s ad network to distribute malicious bits of code. The malware was hidden inside Yahoo’s ads which rely on Flash, meaning that anyone who visited a website with Yahoo ads could potentially have been infected.”

Windows 10 Mentions + Phishing = Ransomware

Heads up official and unofficial tech support people: ransomware and Windows 10 mentions have intersected in a phishing scam. “Microsoft released Windows 10 earlier this week (July 29) and it will be available as a free upgrade to users who are currently using Windows 7 or Windows 8. This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain. The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign.”