Judge says not enough evidence of harm in D-Link suit by FCC

On Slashdot: Judge Kills FTC Lawsuit Against D-Link for Flimsy Security

Well, consumers weren't harmed, and D-Link doesn't get into trouble.  Well that means that there's no evidence that they've learned a lesson either

So let's all never buy crappy insecure D-Link  gear, huh?  Maybe the market will decide

IOS 11 Control Center, doesn't turn off Wi-Fi or Bluetooth

In the latest "WTF Apple", the weird control center that is accessed by dragging up from the bottom of the screen, even (optionally) while locked, has buttons to turn on off a bunch of things.

IOS control center in 10.3.3

According to a Motherboard article, turning off the RF in the control center:

Apple decided Control Panel should not disable the devices entirely because it wants services including “AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features” 

 Apparently it's still turned off correctly in the control panel - but who would know?

Time for a Faraday bag everyone?  (8.99 shipped)

Techdirt: HP is making printers reject third party cartridges again

Well, they tried it a year ago, got whacked, and are trying it again

HP Brings Back Obnoxious DRM That Cripples Competing Printer Cartridges

Think of the customers!  They want this!

Lets not forget Equifax

In a nutshell:

1. Equifax was hacked big time, everybody knows that
2. Came out in September 2017
3. Found out in March?
1.  Slashdot: Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
4. Execs sold lots of stock
1.  And even bigger and largely unappreciated, Options!
5. So if you're a responsible person with good credit, you're a target ripe for the picking
1. Equifax will do a credit with themselves for free ( and their PIN isn't even a time stamp )
2. Not sure about the others
3. Is something other than a credit freeze better?
4.  The Equifax Breach: Here's How to Protect Yourself | WIRED
5. There's something on TWIT, they discussed it on Security Now  #62
6. 
   

Update: Continuing this dumpster fire, according to Slashdot,  Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks for theft protection.  They created "EquifaxSecurity2017.com", but were sending people to "securityequifax2017.com" in tweets between September 9 and 20 2017.  in Gizmodo:

Another Update: (9/22/2017)

The 3 executives that made $2mil were a story, but the options that were bought on August 21 for $160K were worth about $10M on Sept 7

https://www.cnbc.com/2017/09/20/house-finance-committee-seeks-information-on-equifax-options-activity.html

Cell Phone Deprioritization is a thing?

 

On Slashdot: T-Mobile To Increase Deprioritization Threshold To 50GB This Week

 
"After raising its deprioritization threshold to 32GB in May, it looks like T-Mobile will bump it up to 50GB on September 20th, according to a TmoNews source. "

Hmm..

Forbes article on stealing bitcoins using phone system flaws.

Forbes has a remarkably good article on stealing bitcoins stored in Coinbase by using SS7 phone system flaws.

These attacks:

1. Have been shown to work by researchers
2. Have been used in the wild to commit crimes
3. Don't seem to be able to be fixed
4. Have the government's attention

For better 2-factor authentication (2FA),  Forbes suggests using an App, like Google Authenticator, or something similar 

Perry

CCCleaner 5.33 32-bit with actual developer signature gets a backdoor

CCCleaner 5.33 32-bit with actual developer signature gets a backdoor

Piriform ( acquired by Avast in the Summer of '17) got the word out out pretty early, Their Blog post is here,

Graham Cluley at Smashing Security seemed to get the scoop, where he cited Cisco Talos who "first identified the problem" and coordinated the disclosure.

 I think the most intriguing things are:

1. How did the attackers get use of the signing certificate, which seems to indicate that the Piriform/Avast infrastructure was compromised, and how will they revoke it? 
2. The free version of CCleaner doesn't auto-update. This might have saved a *LOT* of people since it's routinely used by tech support people to fix mysterious errors on corporate machines.  There seems to be a standalone "Portable" version available, Techspot talks about it here  , including a "Duplicate file finder", which sounds interesting for people like me with sucky backup and photo workflows :-/
3. Intriguing or Ironic - I've seen it run on an enterprise machine, and leave something behind which was picked by the enterprise software scanner, as obsolete software, with no indicator of the exact version.  How do you delete that?  more to follow, I hope...

Update: CCleaner might drop a startup turd on your system, even if it's the portable - this thread talks about it: https://forum.piriform.com/?showtopic=42073

WordPress Display Widgets Plugin installs backdoor

WordPress Display Widgets Plugin installs backdoor

According to Slashdot , Bleeping computer says

a WordPress plug that goes by the name Display Widgets has been used to install a backdoor on WordPress sites across the internet for the past two and a half months. 

 It's unclear, but Versions 2.6.0, 2.6.1 and 2.6.3 seem to be affected at various stages, and the perpetrator is much more motivated and persistent than the volunteer keeping up the site - is Wordpress the next critical Core Open Source Internet Infrastructure component?