bandy - Slashdot User

Submission + - Inside the Tech Support Scam Ecosystem

Submitted by Trailrunner7 on Friday April 14, 2017 @10:12AM

Trailrunner7 writes: A team of three doctoral students, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and victimizing people around the world.

The study is the first analysis of its kind on tech support scams, and it’s the work of three PhD candidates at Stony Brook University. The team built a custom tool called RoboVic that performed a “systematic analysis of technical support scam pages: identified their techniques, abused infrastructure, and campaigns”. The tool includes a man-in-the-middle proxy that catalogs requests and responses and also will click on pop-up ads, which are key to many tech-support scams.

In their study, the researchers found that the source for many of these scams were “malvertisements”, advertisements on legitimate websites, particularly using ad-based URL shorteners, that advertised for malicious scams. This gives the scammers an opportunity to strike on what would seem like a relatively safe page. Although victims of these scams can be anywhere, the researchers found that 85.4 percentof the IP addresses in these scams were located across different regions of India, with 9.7 percentlocated in the United States and 4.9 percent in Costa Rica. Scammers typically asked users for an average of $291, with prices ranging from $70 to $1,000.

Submission + - FDA slams St. Jude Medical for ignoring security flaws in medical devices (securityledger.com)

Submitted by chicksdaddy on Friday April 14, 2017 @09:13AM

chicksdaddy writes: The U.S. Food and Drug Administration issued a letter of warning to medical device maker Abbott on Wednesday, slamming the company for what it said was a pattern of overlooking security and reliability problems in its implantable medical devices at its St. Jude Medical division and describing a range of the company’s devices as “adulterated,” in violation of the US Federal Food, Drug and Cosmetic Act, the Security Ledger reports. (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fsecurityledger.com%2F2017%2F04%2Ffda-st-judes-knew-about-device-flaws-2-years-before-muddy-waters-report%2F)

In a damning warning letter (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.fda.gov%2FICECI%2FEnforcementActions%2FWarningLetters%2F2017%2Fucm552687.htm), the FDA said that St. Jude Medical knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or by replacing those devices. The government found that St. Jude, time and again, failed to adhere to internal security and product quality guidelines, a lapse that resulted in at least one patient death.

St. Jude Medical, which is now wholly owned by the firm Abbott, learned of serious and exploitable security holes in the company’s “high voltage and peripheral devices” in an April, 2014 “third party assessment” commissioned by the company. But St. Jude “failed to accurately incorporate the findings of that assessment” in subsequent risk assessments for the affected products, including Merlin@home, a home-based wireless transmitter that is used to provide remote care for patients with implanted cardiac devices, the FDA revealed. Among the security flaws: a “hardcoded universal unlock code” for the company’s implantable, high voltage devices.

The report casts doubt on a defamation lawsuit St. Jude filed against the firm MedSec Holdings Ltd over its August, 2016 report that warned of widespread security flaws in St. Jude products, including Merlin@home. The MedSec report on St. Judes technology was released in conjunction with a report by the investment firm Muddy Waters Research, which specializes in taking “short” positions on firms. (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fsecurityledger.com%2F2016%2F08%2Fthe-big-short-alleged-security-flaws-fuel-bet-against-st-jude-medical%2F) At the time, MedSec said that the security of the company’s medical devices and support software was “grossly inadequate compared with other leading manufacturers,” and represents “unnecessary health risks and should receive serious notice among hospitals, regulators, physicians and cardiac patients.” St. Judes has called the MedSec allegations false, but it now appears that the company had heard similar warnings raised by its own third-party security auditor more than a year prior.

Submission + - Unpatched zero day leaves 200,000 Magento merchants vulnerable (securityweek.com)

Submitted by patrickdece on Friday April 14, 2017 @08:12AM

patrickdece writes: Magento, the popular e-commerce platform used by more than 250,000 merchants worldwide, is affected by a potentially serious vulnerability that can be exploited to hijack online stores, researchers warned.

Comment Would you like some toast? (Score 1) 49

by bandy on Wednesday March 22, 2017 @01:52PM (#54089701) Attached to: Google Wants To Create Promotions That Aren't Ads For Its Voice-Controlled Assistant

"Would you like some toast? Some nice hot crisp brown buttered toast. No? How about a muffin then? Nothing? You know the last time you had toast. 18 days ago, 11.36, Tuesday 3rd, two rounds. I mean, what's the point in buying a toaster with artificial intelligence if you don't like toast. I mean, this is my job. This is cruel, just cruel." I was surprised when I heard that they pushed an advertisement out, and shocked when they tried to defend it. Now they're saying it's not an ad because they didn't get money (note the weaseling) for it? That's Don Draper-esque level hubris.

Comment They really should pay attention to other fields (Score 1) 426

by bandy on Thursday May 08, 2014 @04:07PM (#46952981) Attached to: Mathematical Model Suggests That Human Consciousness Is Noncomputable

Remembering something is like reading a DRAM bit. You read it, and then you re-write it. This is why memory is fallible. http://www.smithsonianmag.com/...

Comment Re:Bummer (Score 1) 258

by bandy on Thursday November 14, 2013 @02:54PM (#45424658) Attached to: Military Drone Lost Over Lake Ontario

7. Corpses, human and otherwise.

Comment Re: Let me be the First to Say... (Score 1) 258

by bandy on Thursday November 14, 2013 @02:52PM (#45424638) Attached to: Military Drone Lost Over Lake Ontario

But who knows "The Loss of the Antelope"?

Comment Re:It never worked (Score 2) 69

by bandy on Wednesday October 09, 2013 @11:01AM (#45081669) Attached to: Mountain View To Partially Replace Google Wi-Fi

And what makes you think that Google Fiber will actually be any better? Yes, I've used the Google Free WiFi in Mountain View. It was crap. What's now known as 1X celluar data service was faster and more reliable.

Submission + - Social media is getting young people drunk (vice.com)

Submitted by Daniel_Stuckey on Tuesday September 03, 2013 @02:24PM

Daniel_Stuckey writes: The Fear of Missing Out (FOMO) phenomenon is part of why people tend to get addicted to social networking and then depressed. And if you're a young, impressionable teenager, it could pressure you into making sure you, too, are happily intoxicated the next time someone snaps a group shot. That's the gist of the latest study to find that social media photos of people drinking and smoking can influence teens into partaking in the same degenerate behavior. The University of Southern California study was published online today in the Journal of Adolescent Health.

Journal Journal: LET ALLAH SORT IT OUT 4

Journal by fustakrakich on Tuesday September 03, 2013 @02:23PM

"So we're bombing Syria because Syria is bombing Syria? And I'm the idiot?" - Sarah Palin

Comment Re:Or Maybe... (Score 1) 175

by bandy on Wednesday August 28, 2013 @01:28PM (#44698015) Attached to: Silicon Valley's Loony Cheerleading Culture Is Out of Control

wasn't there already a story about females in tech?

Yesterday's (Monday's?) story about whether Grace Hopper could get hired in today's SV.

Comment Re:easy (Score 1) 296

by bandy on Wednesday August 14, 2013 @12:34PM (#44565833) Attached to: Ask Slashdot: Is There a Good Device Holster?

That may end up being a bad habit for her: http://ehtrust.org/keep-that-cell-phone-out-of-your-bra/

Or it may mean nothing at all: http://www.cbcf.org/central/AboutBreastCancerMain/AboutBreastCancer/Pages/Facts-and-Myths.aspx

Comment Re:Removing bins will not fix underlying problem (Score 1) 179

by bandy on Monday August 12, 2013 @02:13PM (#44543999) Attached to: London Bans Recycling Bins That Track Phones

The issue here isn't that MAC addresses are unique, it's that users aren't bright enough or are too lazy to turn off wi-fi detection when they're not using it.

Exactly. As to the "large" address space - it's large if the random-number generator is actually random and has been seeded with a unique value. We've seen lots of bugs and exploits show up because those two conditions were not met.

Comment Re:Removing bins will not fix underlying problem (Score 1) 179

by bandy on Monday August 12, 2013 @02:10PM (#44543971) Attached to: London Bans Recycling Bins That Track Phones

"Very small" - how many problems have we seen where the RNG used hasn't been adequate or was seeded with the same value across multiple devices?

Comment Re:Removing bins will not fix underlying problem (Score 2) 179

by bandy on Monday August 12, 2013 @01:42PM (#44543635) Attached to: London Bans Recycling Bins That Track Phones

And if two devices randomize to the same MAC? That Would Be Bad.

Slashdot Top Deals