Hasta La Gadget!

Hacking collective D33Ds Company has posted login details for more than 453,000 user accounts that it claims to have retrieved in plaintext from an unconfirmed service on Yahoo. More »

Facebook may be a little lax when it comes to privacy, but it seems to be doubling down on security. The site is now directing users who think their computer might be infected with malware to sites where they can get free antivirus software. More »

How much warning is too much warning? At what point does an excess of caution evolve into fear, uncertainty and doubt? That the DNSChanger malware failed to down internet connections across the globe on Monday, despite increasingly shrill warnings that the FBI was preparing to pull the plug on the temporary servers keeping them afloat, is undoubtedly A Good Thing. However, it highlights one of the persistent issues facing computing: the challenges in balancing caution and panic.

DNSChanger was undoubtedly a high-risk issue, certainly before the FBI weighed in. The trojan changed user DNS settings so as to rely on compromised servers, serving up pages with malware, sites that secretly collected user-data, and adverts for fake products. The FBI seized the network and a temporary – and safe – DNS replacement system was set up for those unknowingly relying on the dangerous one.

All good things must come to an end, though, and on July 9 the FBI’s mandate to run the replacement servers ran out. With hundreds of thousands of computers still relying on the makeshift DNS provisions to bridge browsers and sites, that meant warning those users that they’d need to take an active role in their system security if they wanted to stay online.

“We lack a single point of communication – instead we have a hosepipe of hysteria”

Problem is, the sort of users who were inadvertently infected and didn’t realize might not be the sort who would also go hunting for the latest news in malware. What we lack is a single point of communication to highlight security problems; instead, we have a pretty much all-or-nothing hosepipe of rising hysteria.

Microsoft has attempted something like that single point, with its Security Center in Windows. Apple, late to the game when it comes to malware and virus threats, hasn’t a centralized security hub in OS X, though the company has been doing more to prevent insidious apps working their way into the platform.

Windows Security Center is too easily overlooked. Third-party security firms individually push alerts to their blogs – and to their (generally paid) software packages – but there’s no all-inclusive feed that distills all of that to the user’s desktop in an easily understood way.

It’s a problem with no easy solution. In the aftermath of the DNSChanger anticlimax, there’s likely to be no shortage of accusations that the malware was “over-hyped” and its potential impact “overstated” so as to drive pageviews. Still, while we’ve gotten off easy now – a somewhat breathless and clogged news-cycle notwithstanding – there’s the distinct possibility that the next big security crisis could be made exponentially worse when contingency gives way to uncontrollable FUD and users’ eyes glaze over.

DNSChanger Danger: Damned if you do, Damned if you don’t is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Five months on from the Wall Street Journal spotting that Google was circumventing cookie privacy settings in Safari, the big G is now close to settling the matter with the FTC. There’s one bitter pill that still remains to be swallowed, though: the WSJ reports that Google is set to pony up $22.5 million, the FTC’s largest ever fine. More »

Thousands of internet users are waking up to no web connection this morning, with the temporary servers handling those infected by DNSChanger being shut down. ISPs and the FBI had warned surfers that, had their DNS settings been changed by the malware, they would lose access to the workaround fix that had been in operation for the past few months. Estimates of how many people will be impacted today are unclear, with the numbers of those relying on the most active servers last month exceeding 100,000.

In fact, according to the DNSChanger Working Group, the team established to handle the fall-out of the malware, back on June 13 there were 135,331 unique IPs accessing the top 25 replacement servers. Since then there has been a sizable outreach campaign as ISPs and others attempt to warn those users affected. In late May, around 330,000 systems were believed to be infected.

DNSChanger was a trojan that changed DNS settings – the links to servers which point browsers in the right direction for the sites you request – to alternative, compromised ones. Control of those sites allowed the malware operators to collect user data, show adverts for fake products and otherwise manipulate the internet experience.

Thankfully, the method of cleaning up a DNSChanger infection has improved since the early days, when a complete reinstallation of the OS – whether Windows or OS X – was required. Now, there’s a simple set of tools which do it without all of that headache, though it’s still advisable to run a full backup of personal files beforehand, just in case.

If you’re reading this (and you’ve not been forced to turn to a smartphone or tablet with your regular computer refusing to load sites) then you’re okay, but stand-by for parents and friends who may have complaints.

Internet goes offline for thousands as DNSChanger cleanup peaks is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.