Jetting off abroad? Pack protection ... for your Wi-Fi A US government agency is warning travellers to be wary of malware that installs itself via pop-up browser windows on hotel internet connections. The malicious dialogue boxes typically pose as software updates to legitimate software products, an advisory from the FBI's Internet Crime Complaint Center (IC3) explains. "The FBI …
This post has been deleted by its author
Yes, and remember that European money must be spent or changed into Dollars the day you get it or it will become worthless.
[Actual experience of working with 'merkins. Against all advice they made me stop at the Bureau de Change at a motorway border crossing and changed several thousand Swiss francs at a terrible exchange rate]
That's complete and utter BOLLOX!!!!!!!!!!!
"Yes, and remember that European money must be spent or changed into Dollars the day you get it or it will become worthless."
Did the 'cashiers' wore their baseball caps the wrong way around? Where they 'hoodies?' I've travelled to US loads of times. I know.
Did You visit America, or thought Disneyland, Paris was US????
Yeah, that sounds about right.
We all know that wifi is by nature insecure, but using fake software updates via wifi is a whole new level of nastiness.
I've heard of hotels using wifi set up with very strange filtering (presumably to stop pr0n downloading) and it asks you to agree to a whole slew of terms and conditions via popups before granting access.
On one occasion I had to later go into Firefox and remove a toolbar which simply wasn't there before, pretty sure it got in via this mechanism.
AC/DC and if anyone figures out how to upload a virus using "intelligent" power supplies I wll hunt them down, remove their heart for sale on the black market and give them a second rate "Crank 2" style replacement made by the lowest bidder....
...anyone who falls for a pop-up that appears out of nowhere and tells them they need to update their software while on a strange WiFi connection has got to be... shall we say... hopelessly goddamn' rock stupid.
Of course, one of the first things I did after installing my current Adobe Creative Suite was to turn off auto-updating and create a "deny forever" connection rule in LittleSnitch for all my Adobe CS apps. Turning auto-updating off in Firefox -- and everything else with the ability to auto-update -- pretty much goes without saying.
I think Firefox on Linux is likely to suffer the same vulnerabilities as Firefox on Windows if configured the same. Some malware attacks which rely on zero day sandbox failures and the native execution environment being Windows compatible won't get through probably because the attackers are less likely to try to install Linux executables. I remember once seeing what to me was obviously a fake virus scan running in Javascript on my browser telling me my C: drive was infected, which was a bit silly cause I was using Linux at the time which doesn't have a C: drive. Someone less knowledgeable on Linux could still have been taken in and reached for the credit card - as that one was clearly designed to infect wetware and not software - Firefox and Javascript were just doing what they were designed to do in this case. The same set of vulnerabilities on Linux as on Windows applies to most CSRF and XSS based attacks, simply because the attacker doesn't need to go outside the browser Javascript sandbox for these to work. In these cases the vulnerability is likely to relate to the design of a website, but the victim can still be a web client.
Y'know what I always got a laugh out of was -- while visiting any given site -- getting a pop-up window with an alert dialog box flashing a warning that malware has been detected on my system, and that I needed to visit some other site for a free malware scan and AV software download. It was absurdly easy to tell it was bogus, as the pop-up was always designed to look like a Windows XP alert dialog, and I was visiting the site from a Mac.
Granted, there's been more OSX-targeted malware/scamware going around lately, but it's still pretty easy to tell as -- with a proper set of Firefox extensions -- I can determine if it's a fake alert dialog by control-clicking on the alleged alert dialog to see if it's either an animated .gif or a Flash animation, and where it's loading from. This is assuming I even see them in the first place; I've got some fairly iron-fisted pop-up blocking rules set up in Firefox.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
