Japanese one-click fraud evolves to lock smartphone browsers
Latest version of scam hijacks browsers and asks users for 99,800 yen (US$1,200).Read More
Latest version of scam hijacks browsers and asks users for 99,800 yen (US$1,200).Read More
Trojan.Carberp.C uses stealth tactics and seems to have a preference for Australia.Read More
Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 8 vulnerabilities. One of this month’s issues is rated ’Critical’.
Read More
Revision Note: V34.0 (January 13, 2015): Added the 3024663 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S…
最新のワンクリック詐欺は、ブラウザを乗っ取り、99,800 円を要求します。
Read More
summary
It was recently disclosed that Gogo, a provider of Wi-Fi Internet services on commercial aircraft, has been issuing spoofed SSL certificates for Google sites that were viewed by customers of Gogo’s service. It appears that Gogo Inflight Internet was acting as an SSL Man-in-the-middle (MITM), a technique used within some enterprises to allow themselves to inspect and control all web traffic, even traffic to secure web sites. To understand what this means, let me explain MITM in a bit more detail.
While not very common, there are enterprises that use SSL MITM technology to protect their employees and assets. For example, the enterprise can see when their employees visit sites that attempt to deliver malware to eventually block it. Some enterprises might want to ensure that their employees don’t visit inappropriate web sites using company equipment. The enterprise may also deploy a Data Loss Prevention (DLP) solution to guard against company secrets being divulged on public web sites. These uses are justified since the enterprise has an interest in securing its employees and their assets (laptops, desktops, corporate data, etc.)
Here’s how an SSL MITM works: a browser user tries to open an SSL connection to a web server. The connection attempt is intercepted by the SSL MITM, which opens its own SSL connection to the intended web server. When that web server returns its SSL certificate, the SSL MITM crafts a copy of the certificate using its own public-private key pair and signed by the SSL MITM’s private root certificate. It returns that copy of the certificate to the browser user, who sees a certificate containing the name of the intended web server. Essentially, two SSL connections are set up: one between the browser user and the SSL MITM, the other between the SSL MITM and the web server. The SSL MITM copies traffic back and forth between the parties so they are generally unaware of the SSL MITM. All SSL traffic is encrypted on the wire, but unencrypted in the SSL MITM. This allows the SSL MITM to see everything and even modify traffic in either direction.
It’s surprising to see a company use an SSL MITM with its customers. When used within an enterprise, the root certificate used by the SSL MITM can be installed and trusted in employee computers because the enterprise has complete control over those devices. But this can’t be done with the enterprise’s customers, who control their own devices. As a result, these customers will receive a warning when they visit a secure site intercepted by an SSL MITM. It’s clear from the screen shot in the articles related to this issue that the user’s browser warned them that the site’s certificate was signed by an untrusted issuer.
What’s not clear is if Gogo performed a man-in-the-middle interception only for YouTube, or only for Google web properties, or for all web properties secured by SSL. There’s no reason to expect that Gogo intercepted only YouTube traffic. If done for all SSL traffic, it’s likely that a Gogo customer visiting their bank online, for example, would be subject to the same SSL MITM. This would be worrisome, because Gogo would then be able to collect usernames and passwords used on all such sites. Gogo’s CTO said “Gogo takes our customer’s privacy very seriously”, but Gogo’s actions raise a red flag. They could possibly have access to customer data that has nothing to do with Gogo or its services, and Internet users in a post-Snowden era are less willing to trust third parties with their personal information.
Gogo has a legitimate interest in limiting or blocking video streaming, but the way they’ve done it is far overreaching. Perhaps they hoped that customers would avoid using YouTube when they saw a scary security warning. Sadly, an unintended side effect might be to train users to ignore and to click through those warnings, which is counterproductive to the industry’s push for better end-user practices. Ultimately this would devalue all legitimate SSL certificates, and weaken the Certificate Authority/Browser trust model that Certificate Authorities and browser vendors have built and strengthened over the past 15+ years.
We urge Gogo to reconsider their actions and deploy bandwidth limiting solutions that do not involve the use of spoofed SSL certificates.
Contributes resources to build workforce to combat next gen threats
SYMANTEC OFFICIAL RULES FOR THE
SCI-FI APPRECIATION DAY FACEBOOK SWEEPSTAKES DRAWING
THE SCI-FI APPRECIATION DAY FACEBOOK SWEEPSTAKES DRAWING IS OPEN TO LEGAL RESIDENTS OF THE 50 UNITED STATES AND THE DISTRICT OF COLUMBIA (EXCLUDING GUAM, PUERTO RICO, AND ALL OTHER U.S. TERRITORIES AND POSSESSIONS) AND CANADA (EXCLUDING QUEBEC) WHO ARE THE AGE OF MAJORITY IN THEIR STATE OF RESIDENCE AND AT LEAST 18 YEARS OR OLDER. THIS DRAWING SHALL BE CONSTRUCTED AND EVALUATED ACCORDING TO CALIFORNIA LAW.
NO PURCHASE NECESSARY TO ENTER OR WIN. PURCHASE WILL NOT INCREASE YOUR CHANCE OF WINNING.
BY PARTICIPATING IN THE DRAWING, YOU ACCEPT AND AGREE TO BE BOUND BY THESE “OFFICIAL RULES” AND THE DECISIONS OF THE JUDGES AND/OR SPONSOR RELATIVE TO THIS DRAWING.
1. SPONSOR
The Symantec Sci-Fi Appreciation Day Facebook Drawing (the “Drawing”) is sponsored by Symantec Corporation (the “Sponsor”), 350 Ellis Street, Mountain View, California, 94043, U.S.A. The Drawing begins on January 2nd, 2015 at 12:00:00am Pacific Time (PT) and ends January 5th, 2015 at 11:59:59pm PT (the “Drawing Period”).
THIS DRAWING IS IN NOT SPONSORED, ENDORSED OR ADMINISTRATED BY, OR ASSOCIATED WITH FACEBOOK.
2. ELIGIBILITY – VOID WHERE PROHIBITED
This Drawing is open to legal residents of one of the fifty United States or the District of Columbia and Canada (except Quebec), who have reached the age of majority in their state or of residence as of the starting date of the Drawing Period (“Participant”). Each Participant must have an account on www.facebook.com. Persons in any of the following categories are NOT eligible to enter, participate in, or win the Drawing: (a) persons who on or after the starting date of the Drawing Period were or are officers, directors or employees of Symantec Corporation, or any of its subsidiary, affiliated companies, service agencies, or independent contractors; and (b) persons who are immediate family members (defined as spouse or biological or step-mother, father, sister, brother, daughter, or son and each of their respective spouses) of any person in any of the preceding categories, regardless of where they live, and/or individuals who reside in the same household, whether related or not, as any person in any of the preceding categories. Any questions and/or issues concerning eligibility shall be determined at the sole discretion of the Sponsor. This Drawing is void in Guam, Puerto Rico, and where prohibited by law. Employees or representative of government agencies or organizations are not eligible to participate.
Participants understand that by participating in this Drawing, they are providing their information to Sponsor and not to Facebook. Further, Participants specifically release Facebook from any and all liability associated with this Drawing. The information you provide will be used as provided in Sponsor’s privacy policy (provide link). Any questions, comments or complaints regarding this Drawing shall be directed to Sponsor and not to Facebook. Participation constitutes Participant’s full and unconditional agreement to these Official Rules and Sponsor’s and/or Judges’ decisions, which are final and binding in all matters related to the Drawing. Winning a prize is contingent upon fulfilling all requirements set forth herein.
3. HOW TO ENTER. NO PURCHASE NECESSARY. PURCHASE WILL NOT INCREASE YOUR CHANCE OF WINNING.
You must have a valid Facebook account in order to participate. You can enter the Drawing by following these steps during the Drawing Period (“Entry”):
General Requirements
In addition to the above-listed required steps, all Participants must abide by these General Requirements:
a. violate applicable law;
b. depict hatred;
c. be in bad taste;
d. denigrate (or be derogatory toward) any person or group of persons or any race, ethnic group, or culture;
e. threaten a specific community in society, including any specific race, ethnic group, or culture;
f. incite violence or be likely to incite violence;
g. contain vulgar or obscene language or excessive violence;
h. contain pornography, obscenity, or sexual activity; or
i. disparage the Sponsor.
By submitting an Entry, you agree that Sponsor has the unrestricted right to use your Entry in whole or in part, commercially or non-commercially in any media known or unknown in perpetuity, worldwide, including the right to publish and display the Entry for advertising and publicity, and to edit and make derivative works, all without additional review or compensation. Additionally, you agree that Sponsor may post your Entry, including your name on its sponsored websites and/or third-party sites.
Limit one (1) entry per person, regardless of the number of Facebook accounts used, for the duration of the Drawing Period. If you enter or attempt to enter more than once using multiple Facebook identities, all of your entries may be declared null and void, and you may be disqualified and ineligible to participate in this Drawing. Duplicate entries and/or other mechanical reproductions of entries are not permitted. Illegible or incomplete entries will be disqualified.
Your entry may be disqualified, at the sole discretion of Sponsor if you attempt to enter through any means other than by the online submission requirement herein, if you disrupt the Drawing or circumvent the terms and conditions of these Official Rules, or violate the Facebook Terms of Service or Facebook Rules (https://www.facebook.com/policies/?ref=pf), which govern the use of Facebook. If any of the above occurs, Sponsor has the right to remedy any such action, disruption, or circumvention in a manner to be solely determined by Sponsor.
4. PRIZES
Symantec will award the following prize in the Drawing:
Qty |
Description |
Estimated Value (USD) |
1 |
Star Trek the Next Generation Motion Picture Box Set |
$35.00 |
The total estimated retail value of all of the prizes to be awarded under the Drawing is US$35.00. The odds of winning depend on the number of eligible entries received during the Drawing Period. Prizes are not transferable or exchangeable, or redeemable for cash. No prize substitution is allowed, except Sponsor may substitute a comparable prize at Sponsor’s sole discretion. Winner is solely responsible for any applicable federal, state, provincial, and local taxes. Any other costs and expenses associated with prize acceptance and use not specified herein as being provided are winner’s sole responsibility. All details and other restrictions of prizes not specified in these Official Rules will be determined by Sponsor in its sole discretion.
5. SELECTION OF WINNER; NEED NOT BE PRESENT TO WIN
A total of one (1) potential winner will be selected by random drawing on or around January 5th, 2015 at Symantec Corporation, 350 Ellis Street, Mountain View, CA.
Potential winner will be notified via his or her Facebook email account (e.g., “Congrats [Username!] You are a winner! To claim your prize, email Symantec at brook_chelmo@symantec.com with your contact information”). Potential winners must respond via Facebook within 7 business days of notification by sending an email message to brook_chelmo@symantec.com with your contact information. There will be no additional media or channels utilized to announce winners.
If a potential winner is (i) found to be ineligible or not in compliance with these Official Rules, (ii) declines to accept a prize, (iii) if Sponsor does not receive a timely response to a winner notification, or (iv) in the event that a prize notification or prize is returned undeliverable, then the corresponding prize will be forfeited, the potential winner disqualified, and at the Sponsor’s sole discretion, the prize may be awarded to an alternate winner chosen by Sponsor’s judges. Potential winners may be required to furnish proof of identification. Before being declared a winner, potential winner must execute and return an Affidavit of Eligibility and Waiver of Liability within seven (7) business days from the postmarked date as having been sent by the Sponsor’s representative or otherwise the corresponding prize may be forfeited.
In the event of a dispute as to the identity of an entrant, the affected entry will be deemed submitted by the authorized account holder of the Facebook account used to enter the prize drawing. A potential winner may be required to provide Sponsor with proof that the potential winner is the authorized holder of the associated Facebook account or email account. An authorized account holder is defined as the natural person who is assigned to the Facebook account by Facebook, Inc. If a dispute cannot be resolved to Sponsor’s satisfaction, the affected entry will be deemed disqualified and ineligible to win a prize, but these Official Rules will otherwise continue to govern the affected entry.
6. CONDITIONS
BY PARTICIPATING IN THE DRAWING, YOU AGREE TO RELEASE AND HOLD SPONSOR, FACEBOOK, THEIR RESPECTIVE PARENT COMPANIES, SUBSIDIARIES, AFFILIATES, PRODUCTION AND ADVERTISING AGENCIES, AND EACH OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS (COLLECTIVELY, THE “RELEASED PARTIES”) HARMLESS FROM ANY AND ALL LOSSES, DAMAGES, RIGHTS, AND CLAIMS OF ANY KIND IN CONNECTION WITH THE DRAWING, DRAWING-RELATED ACTIVITY, OR YOUR ACCEPTANCE, POSSESSION, USE OR MISUSE OF ANY PRIZE, INCLUDING, WITHOUT LIMITATION, PERSONAL INJURIES, PROPERTY DAMAGE, INVASION OF PRIVACY, AND MERCHANDISE DELIVERY.
Sponsor assumes no responsibility for any damage to your computer device which is occasioned by participation in the Drawing, or for any computer device, phone line, hardware, website, software or program malfunctions, or other errors, failures, delayed computer transmissions or network connections that are human or technical in nature.
All federal, state, provincial, and local laws apply. Without limiting the generality of the foregoing, Sponsor is not responsible for incomplete, illegible, typographical errors, misdirected, misprinted, late, lost, damaged, stolen, or intercepted Drawing entries or prize notifications; or for lost, interrupted, inaccessible or unavailable networks, servers, satellites, Internet Service Providers, websites, or other connections; or for miscommunications, failed, jumbled, scrambled, delayed, or misdirected tweets, or computer, telephone or cable transmissions; or for any technical malfunctions, failures, difficulties or other errors of any kind or nature; or for the incorrect or inaccurate capture of information, or the failure to capture any information. In the case of any of the aforementioned events occur, Sponsor shall have the right to modify, suspend, or terminate the Drawing in its sole discretion. Sponsor reserves the right in its sole discretion to disqualify any individual who is found to be tampering with the entry process or the operation of the Drawing, or to be acting in violation of these Official Rules, or to be acting in an unsportsmanlike or disruptive manner, or with the intent to disrupt or undermine the legitimate operation of the Drawing, or to annoy, abuse, threaten or harass any other person, and Sponsor reserves the right to seek damages and other remedies from any such person to the fullest extent permitted by law. In the event Sponsor is prevented from awarding prize(s) or continuing with the Drawing as contemplated herein by any event beyond its control, including but not limited to fire, flood, natural or man-made epidemic, earthquake, explosion, labor dispute or strike, act of God or public enemy, satellite, equipment or software failure, riot or civil disturbance, terrorist threat or activity, war (declared or undeclared) or any federal state or local government law, order, or regulation, public health crisis (e.g. SARS), order of any court or jurisdiction, or other cause not reasonably within Sponsor’s control (each a “Force Majeure” event or occurrence), then subject to any governmental approval which may be required, Sponsor shall have the right to modify, suspend, or terminate the Drawing in its sole discretion.
By entering the Drawing, you agree: (i) to be bound by these Official Rules and by all applicable laws and decisions of Sponsor which shall be binding and final; (ii) to waive any rights to claim ambiguity with respect to these Official Rules; (iii) to waive all of rights to bring any claim, action, or proceeding against the Released Parties in connection with the Drawing; and (iv) to forever and irrevocably agree to release, defend, indemnify, and hold harmless the Released Parties from any and all claims, lawsuits, judgments, causes of action, proceedings, demands, fines, penalties, liability costs and expenses (including, without limitation, reasonable outside attorneys’ fees) that may arise in connection with your participation in this Drawing.
By posting to Facebook, you must (i) make no false or misleading representations or advertisements with regard to Sponsor; (ii) make no statements regarding Sponsor that you do not have a reasonable basis for or that are inconsistent with your honest opinions, findings, beliefs, or experiences; (iii) comply with all applicable laws and regulations, including but not limited to advertising and marketing laws such as the Federal Trade Commission’s Endorsement Guidelines; (iv) comply with the Facebook terms of service and other policies; and (vi) comply with any other policies of Sponsor as may be communicated to you during the Drawing Period.
All issues and questions concerning the construction, validity, interpretation and enforceability of these Official Rules, or the rights and obligations of a Participant and/or Sponsor in connection with the Drawing, will be governed by, and construed in accordance with, the laws of the State of California without regard to California conflicts of law principles. All Participants consent to the exclusive jurisdiction and venue in Santa Clara County, California, U.S.A.
The invalidity or unenforceability of any provision of these Official Rules will not affect the validity or enforceability of any other provision. In the event that any provision is determined to be invalid or otherwise unenforceable or illegal, these Official Rules will otherwise remain in effect and will be construed in accordance with their terms as if the invalid or illegal provision were not contained herein. In particular, Sponsor’s employees are not authorized to waive, modify, or amend any provision or provisions of these Official Rules in any manner whatsoever.
By entering the Drawing, Participants agree to the terms of Sponsor’s Privacy Policy (http://www.symantec.com/about/profile/privacypolicy/index.jsp). Unless Participants indicate otherwise at the time of entry, personal information collected from Participants may be used by Sponsor for the purpose of not only administering this Drawing but also contacting you regarding your interest in Sponsor’s products and services. Winner’s name and identity will be publicly announced via Facebook.
AFFIDAVIT OF ELIGIBILITY AND WAIVER OF LIABILITY
By signing below, the undersigned Participant in the Symantec Sci-Fi Appreciation Day Facebook Drawing (the “Drawing”) sponsored by Symantec Corporation (“Symantec”) hereby attests that, prior to participating in the Drawing he/she read the Official Rules for the Drawing and has previously agreed that his/her participation in the Drawing is governed exclusively by those Official Rules. In consideration for the prize awarded to Participant through his/her participation in the Drawing, Participant agrees and acknowledges as follows:
1. Eligibility: Participant was at least 18 years old and had reached the age of majority in his/her state of residence as of the starting date of the Drawing Period, and is an individual eligible to participate in the Drawing in accordance with the Official Rules, and, accordingly, is eligible to receive any prize awarded to him/her through the Drawing. Participant acknowledges that his/her right to receive a prize may not be transferred, substituted for another prize, or exchanged for cash, and that Participant is solely responsible for all taxes or governmental fees due for receiving, owning, or using the prize. Should it thereafter be discovered or determined that Participant was not eligible to receive a prize, Participant agrees to return such prize within ten days of written notice by Symantec, or by a duly authorized agent of Symantec, and to pay all costs associated with the return of such prize.
2. Waiver of Liability: As set forth in the Official Rules, Participant hereby releases Symantec and Facebook, and their respective subsidiaries, affiliates, agencies, and their respective officers, directors, employees and representatives (collectively, the “Released Parties”) from any and all liability, loss, or damage arising from Participant’s acceptance, possession, or use of a prize, including, but not limited to, claims for product liability, personal injury, breach of contract, and negligence. Participant acknowledges and agrees that the Released Parties make no warranty, expressed or implied, with respect to the accuracy of any information relating to the prizes awarded, including pricing and product editorials, and Participant hereby waives and releases the Released Parties from any liability, loss, or damage caused directly or indirectly by any inaccuracy associated with such information. Without in any way limiting the generality of the foregoing, Participant agrees that this waiver embraces, covers and includes each, every, and all matters, transactions, causes of action, claims, demands and obligations arising in favor of Participant as against the Released Parties relating to Participant’s participation in the Drawing. Participant hereby waives any and all rights under the provisions of California Civil Code Section 1542, which provides as follows:
A general release does not extend to claims which the creditor does not know or suspect to exist in his or her favor at the time of executing the release which if known by him must have materially affected his or her settlement with the debtor.
3. Governing Law: Participant agrees that any dispute that arises as a consequence of his/her participation in the Drawing will be governed by the laws of the State of California.
Participant:
Signature:
Date:
Address:
Email Address:
Mobile spyware authors market their products as legitimate, but the software’s secretive nature give stalkers, thieves, and abusive partners the means to spy on their victims’ every move.
Read More