Group items tagged

"Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."

Of course, they could look for a username that sounds like you in the list of 8 million LinkedIn and EHarmony logins and then just use the password published there, or the ones posted following the hack of 77 million user accounts at Sony or the 130 million credit-card accounts taken from the clearinghouse that processes your credit card payments, or tens of thousands lost by a New York electric utility or the California government services agency you thought was unquestionably trustworthy or the 24 million emails and user names swiped from Zappos or almost anywhere else.

you should use a different highly secure password at every site you use.

That way, no matter what web-site login database is breached next, your loss can be limited to only the information (or money) on that one site,

All of which suggests that close to 300,000 people could have just seen their personal, non-Yahoo e-mail accounts compromised as well as their Yahoo accounts.

To be on the safe side, if you have a Yahoo ID, you should assume it's no longer secure and change its password. (I just did, and I've never visited Yahoo's contributor-network site until today.) Yahoo is also changing the passwords of affected users. You should, however, also change other passwords if: You've used the same password for any other major service -- particularly for sensitive accounts such as banking, investing, or e-mail. You've ever signed into Yahoo or Associated Content with a non-Yahoo e-mail address.

However, the bill goes much further, permitting ISPs to funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient.

And what comes through loud and clear is that the Rogers-Ruppersberger CISPA bill will allow for much greater information sharing of companies sending private communication data to the government -- including the NSA, who has been trying very, very hard to get this data, not for cybersecurity reasons, but to spy on people.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too. Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on.

Religious sites had and average of 115 software threats, while porn sites only had 25. The religious sites were mostly full of fake anti-virus software, which sounds relatively harmless, but it can leave an unsuspecting user's computer totally vulnerable. Symantec wasn't able to come up with a good explanation for why the religious were such a popular target for the fake software.

ike everyone else, I, too, always assumed that it was because either they were idiots or non-native English speakers. But I have very recently learned that is not the case. Indeed, the real answer is one of the more astonishing (at least to me) things I've heard in quite some time!It turns out that the dead giveaways of "spamese" are completely deliberate and carefully calibrated. Huh? Why? Because very few people of the type who frequent Quora would be fooled for ten seconds by these things. And guess what? Quora readers are the ANTI-audience for them!Instead, the obvious giveaways are used as a *pre-qualifier*, to ensure with the least possible effort that the ONLY people who respond to the scammers' initial mass mailings (and therefore have to be brought along individually during the later stages) are the absolutely most gullible, ignorant, susceptible, suckers they can find.Think of it this way: if you were running this as a business, which would make more sense: developing a highly believable pitch and sending it to 1,000 Quorans, knowing that 500 of them would eventually figure it out and call the cops? or writing a completely obvious scam and sending it automatically to 1,000,000 people, knowing that 999,990 will simply laugh and trash it...but the other ten have a very high likelihood of sending you thousands of bucks, with no one calling the cops?

According to one website: "Experienced scammers expect a 'strike rate' of 1 or 2 replies per 1,000 messages emailed; ... One scammer boasted 'When you get a reply it's 70% sure you'll get the money.'"