Security vpns firewalls viruses etc

[SmokingElectronics]

Very sorry my grammar, punctuation, and just typing sucks

If someone is bored with too much time and wants to edit these let me know. The knowledge is more important to me than who does it or posts it my communication disabilities have always been my downfall

Recently a common subject has come up allot vpns.

Well to understand that you have to understand security networks etc. But it's not as hard as it sounds first a vpn is just a simple spoof it makes it look like you're in Russia or China not the us or uk now there's different types of vpns cheap one's and the ones that the government hates because every time they break it it routes them to a new country over and over

But before you can ever begin to try vpns you need to make sure that your network is secure! I have been a pc and network tec for 30 years security antiviral spyware malware and recently became a malwarebytes tec I have been studying malwarebytes webinars it's like @Nigelar has said wack a mole always has been there always finding new ways to get in

But there are easy basic facts to stick to and for a normal person be really secure! One hardware not software, software is a second defense once there in the system they have good hardware vpn firewall routers for $160 or something it's worth it you usually have to still pay for monthly vpn service but it's worth it

Software well droidbox has gone into this for the boxes and I have to agree with their suggestions dr web is the best malwarebytes is in the top those two are the main ones that are worth mentioning the rest don't hit on as many problems as they do

Your pc I say do the research and studies malwarebytes I stand behind because of using it successfully on so many machines spybot avg

If you are an advanced user or company use a network server based on Linux and a disconnected backup what's disconnected backup well for your home as simple as a usb 1tb drive you back up to then instantly disconnect a business it's a dedicated server for backup image that you disconnect every day after back ups to many homes and businesses think that if it's separately on the network or system it's safe no ransomware and hackers can still get it only safe option is complete disconnect

Now another myth and problem everyone thinks hackers do damage or problems No there was a water department that was hacked they only found out because there backup started to take forever a hacker was using the server to store his movies on so he wouldn't be caught with them on his drive
Now you say I'm a home user that won't happen probably not But they have found child porn and other smaller stuff stashed on home pcs it's rare but happens

You can avoid it all firewalls hardware and software viral software and malware software constantly checking windows process ctrl alt del don't know what all that means just Google the process almost all of the windows processes are in Google search and the ones that have been found to be malicious but be careful with processes watch your drive sizes and content regular backups even of android boxes and tablets

Just be aware and up to date on the current problems you don't have to be scared or paranoid just vigilant and on top of it like social media and other crap how much information are you putting out about yourself your cellphone there's bug's that can record audio and video and for ceos have been used for black mail so how much are you living on or around the cellphone learn more about cellphone security

Just ask feel free to ask anything else or to clarify things knowledge is powerful and the best weapon

 

[SmokingElectronics]

How often do you change your password? How complex is your password? Is your password a fact about your life? is that password recovery that sites ask a fact about yourself?

These are all important things we overlook or get lazy about, what's your pets name a@$$hole strange off the wall facts you remember but even family won't

To many users using birthdays sports etc use caps symbols numbers go to password checking sites https://howsecureismypassword.net make sure that it says very hard

But my memory is crap, join the club i can't remember my name without a name tag solution best software no scams that's been out as long as my old fart butt robo form https://www.roboform.com/lp?frm=rfp-006&affid=12e01&gclid=CLjPwJLKptMCFYqFfgodz0UN8w is the best in my book it can be password protected and stores all passwords websites and it fills the forms and logs in for you

https://www.flashrouters.com/blog/2015/03/07/best-vpn-routers-vpn-service-providers-february-2015/ look into routers with vpn providers tied to them more money some almost 400 so it's a investment but remember it's for lifetime better updates than normal router's factory security flaws patched and most importantly most you can use ipvanish on its still ipvanish monthly fee but it's worth it you even get add blockers built in read the website above its worth it trust me but less work for the average users people who are not technically savy or good with router's
https://www.flashrouters.com/vpn-types/ipvanish
on this page click your favorite vpn provider then click wireless because most wireless have 4 ports wired the rest use wireless for tabs etc
https://www.flashrouters.com/vpn-types

Backup your pcs and tv boxes weekly or monthly for pcs never backup over the same data last week's data could be infected the point of back ups is for viruses and ransom ware don't ever pay ransom ware there's decryption sites and forums for most out there and most are a variation of two forms

Don't use the same username on forums me I'm bored and a smart ass so this is easy it's a reason most may not worry about but should consider even if you are not causing trouble or doing something wrong it's very hard to track down your username or sites etc if you do this

Don't fall into the traps of it won't happen to me or i don't do this or that or i do everything to be secure that's how they get you

 

[SmokingElectronics]

Do your research and take it at your own speed there's no dumb questions there's no experts especially not me ask or correct my information
The only way to learn is to ask and be ready to eat crow or however it's said foot in mouth lol

http://vpnsoftware.co/ipvanish-review/

https://thevpn.guru/vpn-protocols-explained-info-compare/

http://computer.howstuffworks.com/vpn.htm

https://vpnobserver.com/vpn-explained-in-simple-words/

http://www.itsecurity.com/features/vpn-popularity-021108/

https://security.stackexchange.com/questions/86806/disadvantages-of-using-a-vpn

http://searchenterprisewan.techtarg...are-VPNs-Choose-the-right-enterprise-solution

No matter if you are a business with a 5 room server or even the server the size of a house or just your little home pc I can't stress enough separate backup for businesses with huge server's it's hard and expensive but if you get ransom ware down for weeks or longer loosing all data or being able to say screw you wipe the system find the leak that they got in on and your back up

Anytime your backup image is connected with the main pc it's at risk no firewalls nothing is gareenteed except disconnected it's risking your whole business or home stuff on well this said this or this expert said this or that no how much do you value your crap

 

[SmokingElectronics]

the Ohio Inspector General’s Office has just published a report revealing that two prison inmates were able to hide their own self-built PCs in the ceiling of a training room *and* connect them to the Marion Correctional Institution’s network.

Prison staff found the PCs back in 2015, but the security breach has only now been made public with the Inspector General’s investigation into the incident.

The first hint for prison authorities that something out-of-the-ordinary was occurring popped up in July 2015, when a security product sent an email alert to IT staff warning that a contractor’s PC connected to the Ohio Department of Rehabilitation and Correction’s (ODRC) network had exceeded its daily internet access quota.

Which was odd, because the contractor in question – Randy Canterbury – only worked Monday through Thursday. And the alert triggered on Friday, July 3 2015.

Two weeks later on Friday July 17, 2015, another alert appeared, again linked to Randy Canterbury’s account, and this time associated with attempts to access proxy avoidance websites.

Deeper investigation identified the computer’s IP address, and that it was unauthorised because its name fell outside of the six numbers assigned to known computers in the PC training area.

Certainly the inmates’ usage of the computers was audacious, not limiting themselves to downloading software, pornography and guides for making drugs and explosives, but also stealing the identity of another prisoner and submitting fake credit card applications and committing tax fraud.

 

[SmokingElectronics]

How to better protect your Instagram account using two-step verification (2SV)
Enable two-step verification to make it harder for hackers to hijack your online accounts.

As we all know, a complex and unique password for each of your web accounts goes only so far towards protecting you against hackers.

Data breaches compromise people's login credentials all the time, exposure which leaves users at the mercy of bad actors who traffic in stolen combinations on the dark web. These individuals have no qualms about buying a database of stolen usernames and passwords, authenticating a user for themselves, stealing personal and/or financial information contained on their account, and either monetizing that data or abusing it to commit fraud or secondary attacks.

Web services see these password attacks target their users every day.

That's why many let their users activate two-step verification (2SV), a additional security feature which adds another step in a login process. For instance, Facebook allows its users to enable what it calls "Login Approvals", while WhatsApp rolled out 2SV to its 1.2 billion users.in February 2017.

One of the newest services to join the 2SV bandwagon is Instagram, yet another company owned by Facebook. How do you set it up, you ask? It couldn't be easier! Let's take a look.

1. Go to your Instagram profile.

1. At the top right of the app's display window, you'll see three dots arranged in a horizontal line. Click that icon to access your Instagram account settings.

Source: Wikimedia Commons

1. Under the sub-heading labeled "Account," click on the option "Two-Factor Authentication."

Source: Turn On 2FA

1. Turn on the button that reads "Require Security Code." (Before you can activate that code, you may need to first add a phone number to your account.)

1. Enter the SMS confirmation code Instagram sends you.

You're all set! Now whenever you ever want to log in to your account, such as from another device, Instagram will send your verified phone number a 6-digit SMS security code.

Source: WIRED

That's some extra security worth celebrating!

 

[SmokingElectronics]

Android adware abusing plugin frameworks to promote potentially malicious apps
The host app controls all!

Android adware has embraced an innovative way to promote potentially malicious apps: abuse Android plugin frameworks.

App promotion isn't anything new on the Android platform.

In the past, we've seen adware install paid applications once they've landed on an device. But to the chagrin of these less-than-honest developers, anti-malware technology can block these efforts.

So what did adware creators do in response? Innovate, of course!

To evade detection, malware samples are now shipping out as plugin-enabled apps. This means the rogue software can abuse plugin frameworks like DroidPlugin and VirtualApp to load arbitrary apps in a virtualized application environment.

In other words, they can ingeniously launch a potentially malicious app (and thereby generate revenue) without actually installing it on a device.

Palo Alto Networks' security researchers Cong Zheng, Wenjun Hu, and Zhi Xu are concerned about this developing trend.As they explain in a blog post:

"This type of app promotion can post security risks because of the comparatively weak security mechanisms used in current plugin frameworks. These plugin frameworks lack the ability to separate permissions and isolate data amongst different plugin instances. Thus, when a promoted app is executed through the plugin framework, it has the same permissions as the host app (typically all Android permissions) and can access the data of the host app or other plugin apps."

Meaning? If a host app gains root permissions, any app it launches through a plugin framework will have those same rights. A scary thought if these secondary apps are malicious programs themselves!

Let's look at a few examples.

In September 2016, the developers behind "Clean Doctor" (CD) made their app more aggressive by creating shortcuts for secondary promoted apps on an infected device's home screen. Whenever a user clicks a shortcut, the promoted app loads in a virtualized environment, an action which generates revenue for the attackers. CD can also automatically launch one of the promoted apps when receiving system events.

A promoted game app is launched as a plugin. (Source: Palo Alto Networks)

A few months later in January 2017, the developers of an app called "bloodpressure" abused plugin technology that launched a promoted app capable of displaying apps and recommending multiple downloadable apps in a single screen. This technique gives adware creators all kinds of opportunities to make money from promoted apps.

The plugin app displays multiple ads. (Source: Palo Alto Networks)

In total, Palo Alto Networks' researchers found 32 apps abusing the DroidPlugin framework and 21 APKs doing the same to VirtualApp. All these applications were available on the Play Store. Fortunately, Google has worked with security researchers to remove the programs. But that's not to say there won't be more like them.

To protect against apps that abuse plugin technology, users should install a security solution on their devices that's capable of detecting adware samples.

They should also remain vigilant for warning signs like the creation of new shortcuts to apps they haven't installed on their phones. If they detect any suspicious behavior, they should think back to any new apps they might have downloaded and promptly uninstall them from their devices.

 

[SmokingElectronics]

 

[SmokingElectronics]

For anyone watching and reading this post Q&A any questions subjects ideas you have questions about? Any thing i have been wrong about or that someone can update my knowledge and experience tell me that I'm full of crap lol

I have only started android 5 years now just last year I was forced to get my first smart phone just last year I learned tv boxes.
I have a beautiful gift called adhd I learn technology mechanics etc like wild fire you tube books websites etc I started
When my dad brought home the first 8086 dos pcs 50 pound beasts over 20 years ago
I stopped working on pcs at pent 4 win xp but never stopped learning more and more im now a malwarebytes tec bench tech
I look forward to learning from everyone about TV boxes every detail i can come off arrogant opinionated bullheaded jerk
All of that but in reality my opinion is that I know nothing I'm here for helping sharing and learning

I know that my typing skills grammar run on all the important things sucks and I'm sorry about that any polite suggestions i am happy to listen to and try but I already try to use spaces enter comma etc

Thanks yall take care

 

[SmokingElectronics]

Another subject and problem that comes up allot buffering problems. Well despite what is said wireless is just not enough to stream off of, okay now we're going to get into one of those regular gas or premium gas debates right?
No there's very simple facts on this subject and proof on it. First let's get this out so there's no misunderstanding yes wireless will stream yes wireless will stream okay, BUT not as good as hard wired i have dsl 24 mg service for the first run my mxq was wireless it was okay but problems buffering and more then i ran a hard wire to it now very little buffering and other problems
22
https://www.wired.com/2013/05/optimize-video-stream
https://www.howtogeek.com/217463/wi-fi-vs.-ethernet-how-much-better-is-a-wired-connection/
https://www.copper.org/applications/telecomm/consumer/wired_ethernet.html

Copper is super tech but scroll through and scan the general details like

• Streaming video requires 20 to 100 Mbps for each television receiver, so at best, wireless can connect video from one source at a time, for example either Internet or Blu-ray, to one TV set.
• Because of its much lower throughput, a wireless LAN will be unable to handle much of the traffic that homeowners will be wanting within the next 5 to 10 years.
• If you have any near neighbors, especially in a multiple unit dwelling, it is very possible that you will interfere with each other.
• It is possible that a device like a microwave oven or a nearby medical diathermy machine, which use the same 2.4 GHz frequency as the wireless signal, will cause interference.

Details facts proof not opinions rumors etc just facts and details. Well you say i can't run wires or i just rent a flat easy where's your router? Okay the hardware store has cable covers
http://m.cabletiesandmore.com/categories-floor-cord-cable-covers-15
http://www.homedepot.com/b/Electrical-Home-Electronics-Cable-Management-Cord-Covers/N-5yc1vZc65e

You can run these along baseboards under the rugs etc a decent way to get the job done if you don't want to run wires or don't know how.
If you know how to run cable there are a number of easy ways to do it, drill a hole in the heating ac duct below the register then bring it through the vent make sure you silicone the hole shut to restore the air seal a simple floor drill you just drill a hole big enough for the wire run the wire make sure it's very close to the baseboard if you wanted to dress up the hole if it's not a carpeted floor use some wood putty the color of the foor or white silicone the color of the wall now you say but I can't find wires and don't know how to make network cable you don't need to
http://www.cablesforless.com/Default.aspx
Usually cat 6 cable is good you don't need fancy snagless etc search for feet 10ft 20ft etc as long as you get good quality cable feet doesn't matter it's the cheep cable that has problems and data loss I wired up churches business etc hundreds of feet of single cable only difference was i wired the connector on the ends these companies do it all the time nothing to worry about!
https://www.newegg.com/Network-Ethernet-Cables/SubCategory/ID-2825

What about your current cables or your having trouble with the new setup well you can ask me or others any time for a walk through I'm happy to help you out and try to do step by step this or any suggestions i have made on this site there's also cheap easy to use tools

http://m.tigerdirect.com/categories/tlc~1796/products

Mainly testers

https://www.amazon.com/network-cable-tester/s?ie=UTF8&page=1&rh=i:aps,k:network cable tester

Are you still having problems not sure what the heck is going on? Is it my service, my box, my router, the cables. Or even to many people or devices on the network.

Well one is really easy to many devices. Now what you may not know or realize is every device uses bandwidth even if it's not being used!
Now wired this doesn't matter like me my home pc is hard wire so that it doesn't drag the network down

Wireless network this is a very big deal because everyone and every device is sucking Internet speed now how big of a problem depends on the service you have 12mg 24mg 45mg 70 on up also another unknown and overlooked fact is the type of service if you have broadband connection i have bad news for you they omitted a fact you share the bandwidth with the section of the town that has the server
WHAT this means that they sold you 80mgs but server based broadband your sharing with your neighborhood and the section that the server services depending on the size of the town is how many server's and the division my town one server for the whole town i was paying for the 180mg service only getting 60mg it depends on the load and demand on the server

http://www.webopedia.com/DidYouKnow/Internet/cable_vs_dsl.asp

More just facts for you to decide for yourself. Now some towns are divided up well and the speeds are ok but your still sharing if you're neighbor started doing torrent download up the butt down goes speed will you notice maybe maybe not but dsl it's yours no one else no sharing me i want what i paid for

Now there's apps for Android tablet, tv boxes, kodi, pc etc speed test net is the best now below 20mgs on the tv box your going to risk problems now 10mgs and below your garuenteed problems always run speed tests first time you have problems with streaming it answers and shortens the guessing list and makes it easier to diagnose the problem

https://www.lmi.net/support/dsl-troubleshooting-guide
http://freeola.com/line-test/

Watch your network watch for signs of being hacked higher usage run test software there are good security programs that alert you to devices on the network
https://www.lifewire.com/wireless-home-network-security-tips-818355
http://whoisonmywifi.com/more-info/...reless-network/intrusion-detection-software/#!

Find out your router login and password and change it the default admin and password literally password is the password lmao so change it
Turn on advanced settings in the router

 

[SmokingElectronics]

todays topic im bored wait no sorry

Got one of these 20+ models of Linksys Smart Wi-Fi routers? Bad news. 10 security holesdiscovered
Flaws enable DoS conditions, data harvesting, and more.
David Bisson | April 24, 2017 8:55 pm | Filed under: Denial of Service, Privacy, Vulnerability 3
Share on TwitterShare on Facebook

Linksys is working on a firmware update for 10 security vulnerabilities affecting its "Smart" Wi-Fi series of routers.

Tao Sauvage, a security consultant for IOActive, came across the flaws after reverse-engineering the firmware for the EA3500 Series, one of more than 20 Linksys Smart Wi-Fi router models which use the 802.11N and 802.11AC standards.

Sauvage and his friend Antide Petit discovered 10 bugs in total. Six of those are vulnerable to exploitation by an unauthenticated attacker.

Linksys EA3500 Series UART connection. (Source: IOActive)

The security holes break down as follows:

• An unauthenticated actor can exploit two of the flaws to create a denial of service (DoS) condition and thereby render the router unresponsive. Until the individual ceases their attack, an admin can't access the router's web interface and users can't connect to the network.
• Attackers can bypass the authentication measures protecting the Common Gateway Interface (CGI) scripts to collect information from the router. Vulnerable data includes the router's firmware version, running processes, as well as all connected devices and their respective operating systems.
• It's possible for an actor to execute commands with root privileges on the operating system of the router. The attacker can leverage this unintended functionality to create a backdoor or gain persistent access to the router.

Here's a list of the vulnerable models:

• EA2700
• EA2750
• EA3500
• EA4500v3
• EA6100
• EA6200
• EA6300
• EA6350v2
• EA6350v3
• EA6400
• EA6500
• EA6700
• EA6900
• EA7300
• EA7400
• EA7500
• EA8300
• EA8500
• EA9200
• EA9400
• EA9500
• WRT1200AC
• WRT1900AC
• WRT1900ACS
• WRT3200ACM

To evaluate the impact of the vulnerabilities, Sauvage and Petit used Shodan to identify vulnerable devices exposed on the web. The two researchers explain in a blog post what they discovered:

"We found about 7,000 vulnerable devices exposed at the time of the search. It should be noted that this number does not take into account vulnerable devices protected by strict firewall rules or running behind another network appliance, which could still be compromised by attackers who have access to the individual or company’s internal network."

The majority (69 percent) of those affected devices identified by the researchers are located in the United States.

IOActive notified Linksys of the flaws back in January 2017. Since then, the two firms have been coordinating responsible disclosure of the security holes. For instance, IOActive has said it won't release a technical write-up of the issues until Linksys publishes an update, which it says it's working on in a security advisory.

While admins await this fix, Linksys recommends they help protect their devices by enabling automatic updates, disabling Wi-Fi guest networks if they're not in use, and changing the default administrator password.

I can't emphasize that last recommendation enough. Not only is it a basic step for protecting all Wi-Fi routers, but it will also help defend against malware like Mirai that compromises IoT devices by brute-forcing their default login credentials.


this brings up an important topic. patches and updates! here on droidboxes one of the few boxes on the market with constant updates, patches, and support. most boxes your left to get outdated.

windows has proven this many times outdated is vulnerable hackable. windows is forcing everyone to use windows 10 by stopping support and updates for any version below 10 they did this with xp! it works because the hackers find the weak spots that are no longer patched and updated so your forced to upgrade or risk being hacked.

everything routers tv boxes tablets etc has updates watching for them is essential! you say well these mx and mxq and i think t8 mini all use the same chip, the android won't update! wrong there's the work around libreelec dual boot options for almost every box out that give stability and more security!

kodi is acting up allot recently dont know why i cant get answers from kodi facebook or forums maybe they hate my typing but @Nigelar has pointed out a very good company real debrid. they host sources, you get better quality hd dolby at times and 360 days is only 20 something euros i think 30 something American!

I don't recommend any other debrid source real debrid is the biggest and the most, and they have sponsor or whatever sites like they showed me that you can use paypal etc other than bit coin!

here is real debrid us and uk prices not uro
https://keyinstant.com/real-debrid-premium-account.html

 

[SmokingElectronics]

whats this shady bitcoin crap??? is it dangerous secure safe??

http://raszl.com/blog/bitcoin-benefits-and-risks

everyone on facebook especially the mxq project mock and make fun of paypal! well i have had paypal since it came out! and its only getting better now on ebay my paypal purchases need a phone verification code there system calls you gives you a number and you type it in the box. they also have free return shipping. its far from perfect i had our amex bluebird prepaid card take over the account once in my wife's name took an hour or so to get back control of the account but that's the only problem in i don't know how many years of using it!

now bitcoin digital no protection security etc very short time its been around easily hacked it immerged as a dark web form of payment and still is mainly dark web and porn!

http://www.coindesk.com/information/how-bitcoin-mining-works/

http://www.moneycrashers.com/what-are-bitcoins/

 

[SmokingElectronics]

now we also have allot of buffering and source issues. lets look into this and what it all means

https://www.lifewire.com/how-to-avoid-buffering-issues-1847399

https://www.tvaddons.ag/buffering-tips-kodi/

https://www.dacast.com/blog/how-to-stop-buffering-on-your-live-video-streams/

https://kinkeadtech.com/get-reliable-kodi-stream-sources-real-debrid/

http://hometheatredublin.com/XBMC-Kodi-Buffering-Issues

now everyone wants free free free. well as we all know nothing in life is free! you do get billions of movies and tv ask my wife she irritates me every weekend scrolling through the millions of movies!!
then i cant find anything! woman dont make me smak you everything back to the 60s and older and you cant find anything?

now real debrid gives you good quality sources, in hd and dolby when possible. now there's a app called trakt https://trakt.tv/ its free and it traks all your tv shows and movies! i have lost count of the new tv shows i have found with it. it puts in exudos a link called my tv shows and my movies, uder the tv shows there's episodes right there is ery tv show you love and watch with the latest episodes no more searching or other hard tasks one click everything at your fingertips! and under collection, it has all your tv shows where you can watch any episode any season no more searching even not airing tv shows!

just ask I use it every day

 

[SmokingElectronics]

Today I will be asking questions. I am always the first to admit how horrible my typing grammar punctuation communication skills are and the first to poke fun about it.
After 42 years of living with learning disabilities it's always a sore subject but you learn to just get over it and have a good laugh
I have tried speaking programs grammarly apps you name it nothing seems to be able to help.
I try to take all suggestions and surveys i have done on forums and other places about it but it's about as good as possible
I try exaggerated spaces and enter to not make run ons and separate things
My main concern and aim is not to make everyone happy or to get the most likes or views but I want to share knowledge with everyone. I want to learn more from everyone. I want to be corrected and fact checked by everyone!
There are no experts i just know a little bit and want to learn everything about anything!

You will also notice i can't be serious about anything or take anything serious im a major smarta I love life and have found that it is to short to be serious all the time to get angry at everything all of the time
So speak up or make suggestions on current posts add spaces or periods within them so they are easier to read

Or just feedback input etc i can't say that I don't bite we won't go there lmao

 

[SmokingElectronics]

how much do we rely upon technology today? Do we rely to much upon technology today?

Me im a 80s child so my answer is always bias and big yes! We have cars, alexa home, Google home, every device now has a camera.
Pages and pages of the reliance on technology and the devices used!

Don't get me wrong we have allot of great advances and huge steps forward. And my dad was a engineer him and his friend made the SDS system for Dell assembly lines in the now defunk micro switch so he raised me learning the first pcs and Internet technology out.

But now we have alexa look yup the amazon home alexa now has a camera! I have to risk putting my foot in my mouth and say come on people how dumb are we?
A wifi camera in the house. They hack baby cams house security, and so much more yet your dumb enough to put alexa look in the house!
I see regularly on my security briefing with the company im with things that would make your head spin, latest car hacks. So far not tv quality of the car hacking where they control it but they do steal them make tire pressure reading etc you have to really think about what you allow into your life and what you rely on!

Now you might be thinking I'm antitechnonology no far from it. I love technology and learning more and more every day but I am also aware of both sides of the problem.
It's not like the conspiracy theories of terminators ruling the world crap. More of a society that has become over dependant and bottle fed off too much of it! Most of our kids don't even touch books anymore! Most schools are becoming physical education is optional. Look at the mortality rate among the youth of today to when you were growing up even if your only in your 20s it gets higher every year parents care less monitor less it's a sad state

 

[SmokingElectronics]

smile and put your junk away the kids are no longer the only ones catching you runnin neked

 

[SmokingElectronics]

IBM has been shipping malware-infected USB sticks
Think before you click on your stick.
Graham Cluley | May 2, 2017 1:56 pm | Filed under: Malware 4
Share on TwitterShare on Facebook

IBM has warned customers that it accidentally shipped a number of malware-infected USB sticks to enterprises ordering its IBM Storwize V3500, V3700 and V5000 Gen 1 flash storage solutions.

The malware is found in the intitialisation tool's directory, and when tool is launched from the USB stick to configuring the Storwize storage solution, the malware is copied to a temporary directory on the computer's hard drive.

On Windows systems, that temporary folder can be found at %TMP%\initTool, and on Linux and OS X it is /tmp/initTool.

IBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code.

Affected Products
The Initialization Tool on the USB flash drive with the partnumber 01AC585 that shipped with the following System models may have an infected file:
IBM Storwize V3500 - 2071 models 02A and 10A
IBM Storwize V3700 - 2072 models 12C, 24C and 2DC
IBM Storwize V5000 - 2077 models 12C and 24C
IBM Storwize V5000 - 2078 models 12C and 24C

IBM Storwize Systems with serial numbers starting with the characters 78D2 are not affected.

IBM has not said how many infected USB sticks it believes it has shipped to customers, but even if it's a relatively small number that will be of little comfort if you were one of the unlucky recipients.

The good news is that the malware is only copied onto the computer. The initialisation process does not actually run the malicious code, and a computer can only become infected if the malicious file is executed.

While the malware does not target the integrity of the storage systems themselves, if the malicious code is launched it will attempt to infect the Windows computer it is run on, and may download further malware from the internet.

IBM is recommending that the malware-infected USB sticks should either be securely destroyed, or have the offending folder wiped and a clean version of the installation tool package downloaded and installed in its place.

Personally I would think that USB sticks are so cheap that the simplest choice is to destroy the infected one (in order to prevent someone else innocently using it) and download the software you need afresh.

According to IBM, up-to-date versions of the following anti-virus products have been confirmed to detect the malware: AhnLab-V3, ESET NOD-32, Kaspersky, McAfee, McAfee-GW-Edition, Microsoft, Qihoo-360, Symantec, Tencent, Trend Micro, Trend Micro Housecall, ZoneAlarm.

I would imagine other vendors are also busily updating their security products if they have not already done so.

It's important to remember that malware doesn't just present a risk to you when you open on an email attachment, or click on a link, or visit a website with poisoned adverts. Your computer can also come to harm through malware which has been physically shipped to you on CD ROM, on a USB stick, or even pre-installed on a hard drive.

We tend to trust companies like IBM to take greater care over what they ship to their customers and assume it to be uncompromised and squeaky-clean. Clearly that trust is sometimes misplaced.


from Graham Cluley security updates