Posts Tagged ‘security’

Weather Underground’s security issue

May 1, 2016
Malware download page

Image of the malware download page

I will often use the Weather Underground website to check the forecast, but I may start using the National Weather Service’s site instead. If I leave a tab on my web browser at work on the Weather Underground site, the image in this post will eventually result. The browser is an up-to-date Firefox without Adobe Flash running on Windows 7. It gets redirected to another website, always with a different domain name, and always with two seemingly random numbers in the path (visible in the image when large enough). The page looks like it is for downloading Adobe Flash, but isn’t on Adobe’s website. It sure stinks of malware. It may be coming from something like an advertisement that can sneak a redirection into the web page rather than content generated by Weather Underground, or maybe they have a more direct breach of security. Either way, I’m sure Weather Underground wouldn’t do this, but it is still annoying.

The issue has occurred five times over more than a month, maybe two, on the same computer. I did attempt to inform them of the issue, but I haven’t seen any indication that anyone took it seriously. It has happened twice since then.

At home, I run Firefox on Linux and do have Flash installed, although I usually have it disabled. The issue never happens there. I haven’t yet tried on another system without Flash, but suspect that may trigger the redirection.

What this doesn’t answer is what happens when this malware could redirect a browser, but finds one with Flash installed and enabled instead. I also didn’t accept this download. I’m not employed to do security research, and the IT department is quite distant.

Advertisements

Adafruit’s Puft Cloud

September 9, 2013

There is a nice post on the Adafruit blog about the networks of stuff. It features this wonderful picture:

Adafruit's Puft Cloud

Adafruit’s puft cloud grabs hold of everything

A very happy looking cloud is grabbing everything in sight. It seems like the artist tried to think of the most harmless thing; something that could never possibly destroy us. The post is a short summary of a way to tame the puft cloud put forth by Limor Fried. There is also a Google+ page for it. The basic notion is to keep things open so that what is collected is known and how it is used can be limited and controlled by users. Given how companies love to keep everything proprietary, we may be doomed. But, maybe after a few more incidents like the Samsung Smartly-taking-away-your-privacy-through-security-flaws TV, companies might finally get the idea when users demand security they can verify. If no one outside the originating company can verify their device’s security, it is only a short matter of time until someone outside that company verifies the device’s lack of security. Such lacking security of a device used in the presumed  privacy of one’s home is a problem most people would rather not have, but a few will want to profit from.


False Steps

The Space Race as it might have been

keithlugcom.wordpress.com/

You Control The Action!

High Frontier

the space colony simulation game

Simple Climate

Straightforwardly explaining climate change, so you can read, react and then get on with your life.