Governments are using a Microsoft Zero-Day Vulnerability to Spy on Windows Computers

Government hackers were using a previously-unknown vulnerability in Microsoft’s .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world.

Details may be found at http://bit.ly/2f6rsO9.

Use the FREE On My Disk Software to Create Your Own Private and Secure Personal Cloud

You probably have read a lot in this web site and elsewhere about the various file storage services in the cloud. Some of the better known ones include Dropbox, Google Drive, iCloud, SugarSync, SpiderOak, Tresorit, Mega.nz, and perhaps a few dozen others. These are valuable services that allow you to gain access to your files wherever you are, to (optionally) share files with others, and to copy files from one of your computers to another. However, there are two major drawbacks to these services:

1. They tend to charge a lot of money if you have a lot of files you wish to keep available.

2. You have to give your files and, more importantly, CONTROL of your files, to someone else.

To be sure, all the better file storage services provide industrial-strength encryption that prevents anyone else from being able to read the contents of your files—not even the employees of the file storage service. Nonetheless, many people are uncomfortable with giving control to strangers on the Internet.

I often hear or read comments from non-technical computer owners who say, “I don’t trust the cloud.” That statement always comes from someone who doesn’t understand how encryption works. Even so, convincing someone to forego their fears of giving up control is nearly impossible.

One new product called “On My Disk” would seem to solve both problems.

Continue reading

Microsoft Won’t Patch 20-Yr-Old SMBv1 Vulnerability (You Should Just Turn the Service Off)

If you use Windows 10, you need to read an article by Laurent Giret that describes a recently-discovered security weakness in Windows that apparently has been there for at least 20 years. The fix is simple: turn off SMBv1 file sharing protocol from your PC. Most people don’t need it anyways.

You can find the article at: http://bit.ly/2whtwFR.

Kaspersky Now Offers a Free Antivirus Program for Your Windows PC

Kaspersky is a Russian security vendor that offers several well-known and well-respected anti-virus and anti-malware (“malevolent software) products. Now the company is launching a free version of its award-winning antivirus software worldwide. Kaspersky Free offers the most basic protection for free for everyone who wants it. And all without bombarding you with ads.

Kaspersky Free is now available in selected countries. In the words of Eugene Kaspersky himself, it offers “the bare essentials: file, email and web antivirus; automatic updates, self-defense; quarantine; and so on.” These are essentially “the indispensable basics that no one [Windows user] on the planet should do without.”

Continue reading

Telegram Now Sends Disappearing Messages, Just Like Snapchat

Telegram is a very popular program for instant messaging as well as for sending pictures, videos, and even making voice calls to other Telegram users. I have written about Telegram several times in the past. You can find my past articles by starting at: https://duckduckgo.com/?q=site%3Aprivacyblog.com+telegram&t=h_&ia=web.

Now Telegram has greatly increased user privacy even more.

The cell phone app now lets you send your friends “self-destructing” photos and videos that disappear after a few seconds. How long it takes for the media to go away depends on how long you set the timer for.

Continue reading

Password Manager Onelogin Hacked, Exposing Sensitive Customer Data

If you use Onelogin, you need to read the article in ZDnet at http://zd.net/2rZ1pgs.

Comment: Similar weaknesses exist in all password managers and is one of the reasons why I have never used a password manager. The idea of keeping all your passwords in one place simply strikes me as a very bad idea.

Any password manager automatically becomes a single point of failure. Anyone with the know-how could potentially hack into the password manager in a manner similar to what happened to Onelogin and, as a result, can extract all of a password manager’s data. In addition, if the password’s database becomes lost or corrupted, you lose everything! There are better ways to keeping your passwords safe.
Continue reading

Keybase Chat: a Free, Seamless Encrypted Web Chat Service for Everyone

Keybase Chat provides an easy-to-use, end-to-end encrypted chat built into the producing company’s earlier Keybase encrypted file sharing software. Unlike other encrypted messaging services such as WhatsApp or Signal, Keybase Chat works with public accounts and usernames you already have, so there’s no need to exchange phone numbers, email addresses or encryption keys.

Anyone can send a Keybase Chat message to anyone else on the internet — even if they haven’t signed up for Keybase yet. The Keybase Chat allows for 4,000-character messages and attachments, and includes some basic blocking and muting features.

Continue reading