Part of their in-flight “free” entertainment package, United requests the user install DRM in order to view a movie on their laptop. In a previous generation of flight service, the passenger wouldn’t even require a laptop to watch a movie.
Entrepreneur Brian Fitzpatrick found the ransom pop-up much to his dismay, and by all indications declined to install a patch to his browser for the sole benefit of a single flight. Instead, he took to Twitter, saying:
The security-minded will have already reached the logical conclusion: Fitzpatrick could be the exception. Many users might gladly install the extension to watch the video, and never uninstall it.
There’s no telling how secure such an extension is; its popularity is not predicated on competition, but rather on how strong the user’s desire to watch the movie is or isn’t. The company’s system also reminds a wise user, who may have removed Flash in the wake of the recent Hacking Team dump and its disclosures, that he has no Flash, and offers to install it for the user.
What do you think? Is United Airlines overstepping its bounds? Would you install the plugin? Comment below.
Spotting a Well-Made Investment Scam
For every reasonably safe investment, there are 1000 scams and 10,000 reasonably toxic investments. Self-served advertising via social media and search engines exacerbates the problem – people sometimes click ads they think were search results, or, as humans are intended to, simply consumes the content on the screen instead of paying attention to where they’re being redirected to.
In this article we will review a recent example of a well-executed investment scam.
The intended victim, who did not actually get scammed but alerted this author to the hustle, was led to believe that the above image was redirecting to a CNN news article. This is the actual URL the link went to:
Now if you visit com-cat.press, all you see is a directory listing. This site’s entire purpose is to make people believe they are visiting legitimate .com websites, when in fact they are visiting others. It doesn’t always have to be a scam, sometimes it is simple an advertisement, but often enough it is a definite funnel to a scam. In this case, here’s where you wind up, at a place that looks an awful lot like CNN Money:
Again, this is not a real article on CNN. This is promotion for 10Markets.eu.
10Markets.eu is extremely professional looking. The platform looks to capture your details even just for demo trading. Most traders expect hurdles, so one can imagine tons of phone numbers and e-mail addresses entered:
The demo trading screen never loaded for this analyst, but the phone number is fake anyway. Took it from a coffee shop in Germany. Funnily, it appears the German exchange code is 030 in the first place, but you can’t edit that part. They also don’t allow you to visit the site at all if you’re in North America.
The tipster was clever enough to find out if 10Markets.eu was a registered broker or not. They’re not. According to ForexBrokerz.com:
10Markets is a forex and CFD broker that is headquartered in Scotland [sic] and supports the popular MetaTrader 4 platform. It is not licensed by any authority and there is not much information about the trading conditions on its website. What is worse, this broker is present in the warning lists of UK’s FCA, Australia’s ASIC and Cyprus’ CySEC, so we don’t recommend doing business with 10Markets.
There are review websites which help. Regarding 10Markets, we came up with this one.
The tipster happens to have been our own Jonas Borchgrevink. He is equipped with years of experience in website publishing, and this is why he quickly noticed that he was not reading a CNN article. The sad fact is that a high percentage of people who read that article believe it to be real, and a percentage of those people end up getting scammed. As such, here is a checklist for new trading outfits that you haven’t used or heard about before:
- Always try to get phone support right away. Before creating an account. If no one answers or there is anything suspicious, this is a scam.
- Always search for “[EXCHANGE NAME]” + “scam,” and read carefully any results that come up. Most scams could stop at one person if others listened to that one.
- In the US, you can use FINRA to check the legitimacy of an exchange or broker. In the UK, you have FCA. Many countries have sites like these, and it’s important to check the one from the country where the broker does business.
- Use ad blockers at least when legitimately searching for financial solutions.
- Check the URL! For every legitimate exchange website, there are a few fake ones designed to steal your account information.
In The Event That You Spot A Scam
Tattle! Spread the word far and wide, not just so others don’t get scammed, but also to give authorities the jump on the thieves. Otherwise, they may exit and get away with all the money before anyone stops them.
The Largest Breach of 2016: 412 Million FriendFinder Accounts Exposed
FriendFinder Networks, the parent company behind the likes of AdultFriendFinder, Cams, Penthouse, iCams and Stripshow has been hacked, with six databases from the company compromised, according to breach notification website LeakedSource.
A Local File Inclusion (LFI) exploit was all it took for server breaches that led to a mammoth 412,214,295 user-accounts’ credentials to leak online. Alarmingly, 99% of all available passwords gathered from the breach, are visible in plaintext.
CSOOnline reveals that information from the breached databases was circulating online since their compromise in October 2016. The incident itself is likely to have occurred before October 20, 2016 with the last login timestamps for user accounts occur on October 17.
As the publication reports, one researcher identified the LFI flaw and warned AdultFriendFinder about the vulnerability. More specifically, the LFI was discovered in a module on AdultFriendFinder’s production servers. While the researcher followed up the public reveal of the vulnerabilities with a post noting that the issue was resolved, the reality could not have been starker.
The severity of the breach saw the leak of FriendFinder Networks’ source code and public/private key-pairs alongside the databases – which contained email addresses and passwords, stored in plain text or hashed using SHA1 with pepper.
The bemusing and weak encryption habit deployed means that 99% of all websites gained from the FriendFinder Networks databases have been cracked.
Furthermore, LeakedSource was able to determine that a notable number of users had an email in the form of ‘[email protected]@deleted1.com’, a clear indicator that the user associated with the account sought to delete the account, while AdultFriendFinder tagged these to-be-deleted accounts with “@deleted.com.” A mammoth 16,766,727 so-called deleted accounts were discovered in total.
LeakedSource lays out the startling numbers. The websites that have been targeted, along with the number of compromised user accounts.
- Adultfriendfinder .com – 339,774,493 users
- Cams .com – 62,668,630 users
- Penthouse .com – 7,176,877 users
- Stripshow .com – 1,423,192 users
- iCams .com – 1,133,731 users
- An unknown domain – 35,372 users
Altogether, that’s over a staggering 400 million user accounts or 20 years of customer data leaked during the breach, making it the largest recorded breach this year, firmly scaling the MySpace breach which saw 360 million compromised user accounts. By way of comparing, this particular breach makes the infamous Ashley Madison breach meagre in comparison.
Image from AdultFriendFinder.
Anonymous India: Mobile Network Reliance Jio is Sharing Call Data with Advertisers
The hacking group Anonymous is accusing the telecom network, Reliance Jio, of sharing its call data with advertisers in the U.S. and Singapore.
In a recent blog post, Anonymous India exposes how Reliance Jio has been sharing customers’ call data with foreign companies. Anonymous India also provide steps to see how Reliance Jio are sharing the data.
A year ago we had posted about how Reliance Jio was sharing user location data with China. One year on and nothing has changed.
In the blog post, Anonymous India claims that data from Reliance Jio’s My Jio and Jio Dialer apps are being sent to an advertiser called Mad.Me. It further adds that Reliance Jio is utilizing a third-party software development kit and is failing to verify what data is being sent and collected through it.
Reliance Jio Accused a Second Time
This, however, isn’t the first time that Anonymous India has accused Reliance Jio.
Last year the hacker activist group highlighted in another blog post that Reliance Jio had security flaws in its RJio chat app.
According to the 2015 post, data was being sent to a Chinese IP without encrypting it beforehand. This meant that while data was being leaked to the Chinese, anyone who wanted to could easily look into a conversation and know what was being shared or discussed, making it vulnerable to hackers.
Anonymous Never Forgets
When it comes to bringing the wrongs of others to light, the hacker activist group, Anonymous, are not afraid of standing up to the challenge.
At the beginning of the year, Anonymous targeted Thai police after protesting the conviction of two Burmese men who faced a death sentence in connection to two murdered British backpackers.
In May, Hacked reported that Anonymous had played a significant role in the target of financial institutions such as Greece’s central bank, which was targeted in a DDoS attack. According to the report, Anonymous consider central banks around the world as a ‘global banking cartel.’
In a bid to target those that it believes should be targeted, bringing greater awareness to the public, it seems that the hacktivist collective Anonymous won’t be stopping anytime soon.
Featured image from Shutterstock.
- Bitcoin Futures Officially Launch on CBOE
- Bitcoin Plunges $2,000 on Eve of Futures Contract
- Trade Recommendation: Stellar
- Ethereum’s Pullback from Record Territory Co...
- Technical Analysis: Litecoin Continues Surge as Bi...
- Trade Recommendation: Zcash
- Asian Market Update – Monday: Bitcoin surges after...
- Altcoin Investing Strategy as Futures Hit the Market December 12, 2017
- Companies are Lining Up to Launch Bitcoin ETF, According to SEC December 12, 2017
- Technical Analysis: Litecoin Continues Surge as Bitcoin Tests Highs December 11, 2017
- Trade Recommendation: Ride ETN and EW on Breakout December 11, 2017
- Trade Recommendation: Buy BBY, ZNH, CLX, and USCR December 11, 2017
- Power Consumption for Bitcoin Mining Is Now Ranked 61st in the World December 11, 2017
- Trade Recommendation: USDCHF December 11, 2017
- ICO Analysis: Gimmer Token December 11, 2017
- Swiss Banks Join Forces to Launch Ethereum Platform December 11, 2017
- Trade Recommendation: Stellar December 11, 2017
A part of CCN
Analysis1 week ago
Long-Term Cryptocurrency Analysis: A Major Top Could Be In
Altcoins1 week ago
IOTA Doing Big Things as Microsoft Partnership Announced
Recommendations4 days ago
Trade Recommendation: Litecoin
Analysis2 days ago
Long-Term Cryptocurrency Analysis: Look Out Below?
Cryptocurrencies1 week ago
Trade Recommendation: Neo
Analysis7 days ago
$100 Litecoin Looks Poised for Greater Upside
Cryptocurrencies1 week ago
Trade Recommendation: Zcash
Cryptocurrencies3 days ago
Trade Recommendation: Stellar