I couldn't have said it better myself...
"there are plenty of opportunities that don't involve infecting people's devices and encrypting their photos. It might even start with uninstalling Windows. ®"
126 publicly visible posts • joined 29 Oct 2017
"Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add."
Probably because this would be a huge privacy concern.
With an extension, the user would be notified of the privacy risks involved and would be opting-in to the T's and C's and also digitally signing that they had (could have) read the privacy policy.
There are several websites where you can upload a hash and it will show you what the hash correlates to in it's database.
These antivirus companies can positively identify what a user is downloading by the SHA/MD5 sums and share what it is the user just downloaded (along with the users IP address and browser fingerprint) and passes this info along to it's affiliates (IE: Facebook, Experian etc.)
Starting to understand the privacy risks now?
Same thing goes for Google's Safe Browsing and others that collect the users web browsing history.
Google has partnered with ESET in it's Chrome browser for another example.
ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK.
(Just like almost all the AV engines on Virus Total)
This is much more of a cocern.
I loved the fact that in Defender Stargate the high score wasn't limited to just putting in your 3 initials, you were able to write almost a full sentence next to your high score.
I was in heavy competition with another intense Stargate master and we would write terrible things about each other when we beat the others high score.
My friend and I were in a (real) Asteroids competition that was sponsored by Atari.
The owner of the local convenience store where the Asteroids machines were located kept a log of our scores and hours that we played.
My Asteroids partner and I would have so many extra lives (ships) stored in memory that the Asteroids machine would start glitching out and the rocks (asteroids) would sometimes become detached at their vector points.
Atari had to replace 2 of the Asteroid consoles due to memory corruption.
My Asteroids partner and I had to forfeit the competition because our parents wouldn't allow us to miss school for the playoffs.
An older guy won the competition and was awarded a brand new stand-up Asteroids Deluxe machine.
(I never did like Asteroids Deluxe)
"The CEO of Equifax is retiring from the credit reporting bureau with a pay day worth as much as $90 million—or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach."
http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/
I did a quick Google search yesterday using the base 64 string for PHP shellcode backdoors hidden in image EXIF and one of the first websites to pop up happened to be hosted nearby.
I contacted the webmaster by phone using WHOIS and another well known family tree site and the owner turned out to be a 70 year old man.
(Really nice guy.)
The image of a MOPAR muscle car in his sites gallery had been dropping shells on visitors since November of 2009.
He shut the site down (which was not my intention) stating he didn't have time to maintain it and that he was getting much more traffic on his "Wordpress" site.
Perhaps I should elaborate before I get deservedly downvoted into oblivion..
I do believe that it is great for ANY company to open source their software.
Especially if that software enables users to communicate over a (supposedly) secure, encrytped way.
I am a staunch supporter of open source software especially any software that helps with security and/or privacy.
But trust is earned not given.
Zuck and Co. are well known for collecting as much personal, private information from as many people as possible and aggragating all that data into graphs and selling it or even giving it away freely to anyone with a FB developer account.
Facebook has the technology, money and manpower to create powerful software that could help keep communications secure but it goes 180 degrees from what their current format is all about.
So pardon me when I have an knee jerk reaction to any software that is supposed to be private and secure with the Facebook name attached.
I have several computers with different configurations, I have a Windows 7 machine running with Microsoft's Security essentials on it that already had this registry key set before the infamous update. Another computer with Windows 7 that has Trend Micro installed needed this registry key added.
(Trend Micro created a .reg file for users to download to add the key)
I don't know when the registry key on the Security Essentials machine was added but I know it existed before I installed the Meltdown update.
"Sounds normal. No-one believed the Okapi existed until a european person found one. The locals of course had known about them forever."
Fascinating indeed! I have never heard of or seen an Okapi until I looked it up on the web after reading your post.
(Are you a local or a European?)
...as well as giving web developers and app developers full access to users Facebook accounts through the Graph API to post comments or hijack web links to host scareware/adware/fraud using the users Facebook access tokens..
In fact, I'm having a real tough time trying to figure out just what Facebook would actually define as "misuse" of their tools?
"I've noticed BS claims are being made (on the various tech new shows) about facial recognition again. BBC WS mentioned about a system that seemed to claim pulling accurate recognition from only a few pixels. They should make it a capital offense to over-hype such things."
You'd be surprised how much data can be obtained by just ONE single pixel:
https://www.facebook.com/impression.php/f2441a81bf8bca8/?lid=115&payload={%22source%22%3A%22jssdk%22}
I believe it has a lot to do with how much technical knowledge a person has (or wants to have).
I see lots of people take steps to protect their data at least in some small degree but they clearly have no understanding of how things work and end up giving away the keys to the kingdom.
Many people have "antivirus" apps on their Android devices because they have at least some concern that their data may get stolen by some "virus" but most of these apps are stealing far more data from their devices than any "real" malware ever could.
Some of these dodgy "antivirus" developers go so far as to "advertise" their apps by tricking users into installing their warez through the use of fake virus warnings capitalizing on the users inherent fears as well as their lack of technical knowledge.
I was looking at the web browser 'Brave" the other day, it claims to be pro-privacy and in the browser extension request webpage of Brave users were requesting all kinds of dodgy VPN add-on's and other extensions that would defeat the whole purpose of using Brave.
I believe that most people care about their privacy/security but "convenience" wins out or users just get overwhelmed.
It is kind of a pain trying to limit your data footprint, and the more knowledge you have the more you have to do.
I run a custom OS on my phone with only a few FOSS apps that I personally inspected, script blockers on my web browsers, block a multitude of social media sites on my router and HOSTS file, run BleachBit several times a day, only allow programs through the firewall when needed etc etc...I really feel I was better off 5 years ago when I was blissfully unaware of the things I now know.
And to hear members of congress or politicians speak..they're either more clueless than everyone or they're all in on it.
It's all so tiresome.
(sorry for the rant)
The same thing happens when people have their computers repaired by the "Geek Squad".
https://www.nbcnews.com/tech/security/customer-sues-best-buy-alleges-geek-squad-worker-stole-published-f6C10929636
https://consumerist.com/2007/07/12/geek-squad-hatched-plot-to-harvest-porn-from-pornstar-jasmine-greys-harddrive-days-before-she-died-i/
http://www.businessinsider.com/best-buy-customer-geek-squad-employee-kept-racy-photos-of-her-2012-7
https://nakedsecurity.sophos.com/2017/05/22/yes-geek-squad-can-search-your-files-and-hand-you-over-to-the-police/
https://www.washingtonpost.com/local/public-safety/if-a-best-buy-technician-is-a-paid-fbi-informant-are-his-computer-searches-legal/2017/01/09/f56028b4-d442-11e6-9cb0-54ab630851e8_story.html
I received Cerber ransomeware every week for several months in an old email account of mine.
They always arrived in the form of a .zip attachment claiming that: "UPS package undeliverable"
and the .zip file was supposed to contain tracking information.
I unzipped one in a Windows 7 VM for kicks and it encrypted any .jpg, .pdf, .zip and .doc files but left pretty much everything else alone.