tag:blogger.com,1999:blog-64772153974030172562024-02-28T15:43:06.457-08:00the JoshMeister on SecurityResearch and musings on malware and other facets of computer and online securityJosh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.comBlogger80125tag:blogger.com,1999:blog-6477215397403017256.post-28881694744016588042022-12-07T23:53:00.001-08:002022-12-07T23:53:32.975-08:00Scam E-mails Pose As Retail Store Rewards Programs<p><i>by Kylene Long</i></p><p>This holiday season, scammers have been working hard at tricking people into giving up their credit card numbers and other personal information.</p><p>A typical scam e-mail poses as a loyalty program from a big-box department store, for example <b>Costco, Dick's Sporting Goods, </b><b>Kohl's, Sam's Club, or Walmart</b>.</p><p>The e-mail typically claims that you've won a reward or prize. This might include <b>a Le Creuset dutch oven, </b><b>a Milwaukee tool chest, a Yeti cooler, a gift card</b>, or some other exciting giveaway.</p><p>When you open the e-mail, you will usually be asked to click on a link, fill out a survey, and provide your credit card info to cover the cost of shipping your coveted prize.</p><p>If your e-mail provider doesn't have the best spam filters, scam e-mails like these may end up in your inbox—and you might see quite a few of them.</p><p>Don’t be fooled. If something sounds too good to be true, it probably is.</p><p> </p><p>For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, follow Josh on <a href="https://twitter.com/theJoshMeister" rel="noopener">Twitter</a>, <a href="https://www.linkedin.com/in/theJoshMeister" rel="author noopener">LinkedIn</a>, <a href="https://infosec.exchange/@theJoshMeister" rel="me noopener" target="_blank">Mastodon</a>, and <a href="https://social.thejoshmeister.com/" rel="noopener">other social networks</a>.</p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-88394325405307880402019-06-15T06:56:00.000-07:002019-06-15T06:59:34.661-07:00Podcasts on Facebook, Google, and Apple privacy and security, and moreIt's time to catch up on sharing episodes of the <a href="http://podcast.intego.com/" target="_blank">Intego Mac Podcast</a> that I've co-hosted since my last big update on <b>the JoshMeister on Security</b>, in reverse chronological order.<br />
<br />
Please subscribe for free to the weekly podcast (via <a href="https://podcasts.apple.com/us/podcast/intego-mac-podcast/id1293834627" target="_blank">Apple Podcasts</a> or <a href="http://podcast.intego.com/" target="_blank">elsewhere</a>) to make sure you don't miss any future episodes!
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://podcasts.apple.com/us/podcast/intego-mac-podcast/id1293834627" style="margin-bottom: 1em; margin-left: 1em; margin-top: 1em;" target="_blank"><img border="0" data-original-height="254" data-original-width="1049" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6GqvRNtYu7Sp2M89Wc_oC6BJ3Pevn4tCEjiyFwR2N9X7YUZdk07XUNyi7cPNf5Zyl6mhTcvwL6lGDoG-c0cV2rNOVA54g2nc3oM9mW9gCKgjcIEvmOBssdXMmZTudMLIUuEWzdGWNsbTb/s200/US_UK_Apple_Podcasts_Listen_Badge_RGB.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="200" /></a>
<a href="https://podcasts.google.com/?feed=aHR0cDovL3BvZGNhc3QuaW50ZWdvLmNvbS9yc3M" style="margin-bottom: 1em; margin-right: 1em; margin-top: 1em;" target="_blank"><img border="0" data-original-height="254" data-original-width="1049" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiG-j0SQy_tlPOuIcJiuT-2cWB1zzTbRKC7p5J7aaRa3lM_XcuS9kDBghFPvNlA9D5_1au34cRaZ4Lf1xfiWn4BWTRB8NefMP9YpeijCB6Ns1vIEPQ5WmJW29lJLt9IhWQq42ZQu3CNH71C/s200/google_podcasts_badge_8x_modified-to-fit-apple-podcasts-badge-dimensions.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="200" /></a></div>
Click on the episode titles below for show notes and MP3 download links. Each episode is about 30 minutes long.<br />
<ul>
<li>Jun 14, 2019 — <a href="http://podcast.intego.com/87" target="_blank">87: Privacy policies more complicated than Kant's Critique of Pure Reason</a></li>
<li>Jun 7, 2019 — <a href="http://podcast.intego.com/86" target="_blank">86: New security and privacy features in macOS Catalina and iOS 13</a> </li>
<li>May 31, 2019 — <a href="http://podcast.intego.com/85" target="_blank">85: Deep dive: Software updates on Mac and iOS</a></li>
<li>May 24, 2019 — <a href="http://podcast.intego.com/84" target="_blank">84: Google may know everything you've bought</a></li>
<li>May 17, 2019 — <a href="http://podcast.intego.com/83" target="_blank">83: Epic disasters: ZombieLoad, WhatsApp, Google 2FA keys, Microsoft RDP</a></li>
<li>May 10, 2019 — <a href="http://podcast.intego.com/82" target="_blank">82: How we use Facebook</a></li>
<li>May 3, 2019 — <a href="http://podcast.intego.com/81" target="_blank">81: Malicious profiles threaten iOS</a></li>
<li>Apr 26, 2019 — <a href="http://podcast.intego.com/80" target="_blank">80: When should you upgrade your Mac?</a></li>
<li>Apr 19, 2019 — <a href="http://podcast.intego.com/79" target="_blank">79: Should Apple make a foldable phone?</a></li>
<li>Apr 12, 2019 — <a href="http://podcast.intego.com/78" target="_blank">78: Is Apple breaking up iTunes?</a></li>
<li>Apr 5, 2019 — <a href="http://podcast.intego.com/77" target="_blank">77: The one about the iPad</a></li>
<li>Mar 29, 2019 — <a href="http://podcast.intego.com/76" target="_blank">76: Apple's new services</a> (with guest Chuck Joiner)</li>
<li>Mar 22, 2019 — <a href="http://podcast.intego.com/75" target="_blank">75: Porn scams use a brain hack</a></li>
<li>Mar 15, 2019 — <a href="http://podcast.intego.com/74" target="_blank">74: SPOILER (attack) alert</a></li>
<li>Mar 8, 2019 — <a href="http://podcast.intego.com/73" target="_blank">73: Maintain your privacy when browsing the Web</a></li>
<li>Mar 1, 2019 — <a href="http://podcast.intego.com/72" target="_blank">72: Marzipan and the iOSification of macOS</a> (note: at WWDC in Jun 2019, Apple renamed Project Marzipan to Catalyst)</li>
<li>Feb 22, 2019 — <a href="http://podcast.intego.com/71" target="_blank">71: How to securely dispose of hard drives</a></li>
<li>Feb 15, 2019 — <a href="http://podcast.intego.com/70" target="_blank">70: How to avoid getting hacked after data breaches</a></li>
<li>Feb 8, 2019 — <a href="http://podcast.intego.com/69" target="_blank">69: Why doesn't Apple have a Mac bug bounty program?</a></li>
<li>Feb 1, 2019 — <a href="http://podcast.intego.com/68" target="_blank">68: FaceTime, Facebook, Google, Shortcuts, steganography, and more</a></li>
<li>Jan 25, 2019 — <a href="http://podcast.intego.com/67" target="_blank">67: The biggest data breach ever; is your data included?</a></li>
<li>Jan 18, 2019 — <a href="http://podcast.intego.com/66" target="_blank">66: Routers, tweets and privacy, bugs, and more</a></li>
<li>Jan 11, 2019 — <a href="http://podcast.intego.com/65" target="_blank">65: Apple: it's all about the ecosystem, baby</a></li>
<li>Jan 4, 2019 — <a href="http://podcast.intego.com/64" target="_blank">64: New year's resolutions to secure your Mac and iOS devices</a></li>
<li>Dec 28, 2018 — <a href="http://podcast.intego.com/63" target="_blank">63: The year in Mac and iOS security</a></li>
<li>Dec 21, 2018 — <a href="http://podcast.intego.com/62" target="_blank">62: How mobile apps track your location</a></li>
<li>Dec 14, 2018 — <a href="http://podcast.intego.com/61" target="_blank">61: How to set up a new Mac</a></li>
<li>Dec 7, 2018 — <a href="http://podcast.intego.com/60" target="_blank">60: How to choose the Mac you need</a></li>
<li>Nov 30, 2018 — <a href="http://podcast.intego.com/59" target="_blank">59: Is Apple changing from a hardware company to a software company?</a></li>
<li>Nov 23, 2018 — <a href="http://podcast.intego.com/58" target="_blank">58: New security features in iOS 12 and macOS Mojave</a></li>
<li>Nov 16, 2018 — <a href="http://podcast.intego.com/57" target="_blank">57: The advantages of using a VPN, with CyberGhost</a></li>
<li>Nov 9, 2018 — <a href="http://podcast.intego.com/56" target="_blank">56: How to shop securely (and save money) on Black Friday</a></li>
<li>Nov 2, 2018 — <a href="http://podcast.intego.com/55" target="_blank">55: Apple brings out new Mac and iPads</a></li>
<li>Oct 26, 2018 — <a href="http://podcast.intego.com/54" target="_blank">54: How to spot fake online product reviews</a></li>
<li>Oct 19, 2018 — <a href="http://podcast.intego.com/53" target="_blank">53: Security deep dive: digital certificates</a></li>
<li>Oct 12, 2018 — <a href="http://podcast.intego.com/52" target="_blank">52: Bloomberg alleges China planted rice grain-sized chips in U.S. hardware</a></li>
<li>Oct 5, 2018 — <a href="http://podcast.intego.com/51" target="_blank">51: Facebook blunders, sloppy Russian hackers, and more</a></li>
<li>Sep 28, 2018 — <a href="http://podcast.intego.com/50" target="_blank">50: macOS Mojave is here</a></li>
<li>Sep 21, 2018 — <a href="http://podcast.intego.com/49" target="_blank">49: What iOS 12 means for you</a></li>
<li>Sep 14, 2018 — <a href="http://podcast.intego.com/48" target="_blank">48: Is the Mac App Store really safe? Browser history-exfiltrating apps found</a></li>
<li>Sep 7, 2018 — <a href="http://podcast.intego.com/47" target="_blank">47: Coming soon from Apple: App Store mandatory privacy policies, and more</a></li>
<li>Aug 31, 2018 — <a href="http://podcast.intego.com/46" target="_blank">46: Advanced persistent threats by nation-state caliber threat actors</a></li>
<li>Aug 24, 2018 — <a href="http://podcast.intego.com/45" target="_blank">45: Can you prevent Google from tracking your movements?</a></li>
<li>Aug 17, 2018 — <a href="http://podcast.intego.com/44" target="_blank">44: What's a botnet, and how do they work?</a></li>
<li>Aug 10, 2018 — <a href="http://podcast.intego.com/43" target="_blank">43: Should you be concerned about porn blackmail e-mails?</a></li>
<li>Aug 3, 2018 — <a href="http://podcast.intego.com/42" target="_blank">42: Security software deep dive: How Intego NetBarrier firewall works</a></li>
<li>Jul 27, 2018 — <a href="http://podcast.intego.com/41" target="_blank">41: Malware (OSX/Calisto) masquerades as an Intego software installer</a></li>
<li>Jul 20, 2018 — <a href="http://podcast.intego.com/40" target="_blank">40: How to protect your digital legacy</a></li>
<li>Jul 13, 2018 — <a href="http://podcast.intego.com/39" target="_blank">39: Security software deep dive: How antivirus works</a></li>
<li>Jul 6, 2018 — <a href="http://podcast.intego.com/38" target="_blank">38: How to make sure your Mac's software is working smoothly</a></li>
<li>Jun 29, 2018 — <a href="http://podcast.intego.com/37" target="_blank">37: How to make sure your Mac's hardware is working properly</a></li>
<li>Jun 22, 2018 — <a href="http://podcast.intego.com/36" target="_blank">36: Lock down and secure your router</a></li>
<li>Jun 15, 2018 — <a href="http://podcast.intego.com/35" target="_blank">35: Where's the best place to buy Mac apps?</a></li>
<li>Jun 8, 2018 — <a href="http://podcast.intego.com/34" target="_blank">34: iOS 12, macOS Mojave: features and security, privacy enhancements</a></li>
<li>Jun 1, 2018 — <a href="http://podcast.intego.com/33" target="_blank">33: Cryptojacking, Russian router malware, and parental controls</a></li>
<li>May 25, 2018 — <a href="http://podcast.intego.com/32" target="_blank">32: Browser cookies and private browsing</a></li>
<li>May 18, 2018 — <a href="http://podcast.intego.com/31" target="_blank">31: Delete your social media history</a></li>
<li>May 11, 2018 — <a href="http://podcast.intego.com/30" target="_blank">30: What is a firewall, and how does it work?</a></li>
<li>May 4, 2018 — <a href="http://podcast.intego.com/29" target="_blank">29: Social engineering scams to beware of, and digital spring cleaning tips</a></li>
<li>Apr 27, 2018 — <a href="http://podcast.intego.com/28" target="_blank">28: Beware of trustjacking</a></li>
<li>Apr 20, 2018 — <a href="http://podcast.intego.com/27" target="_blank">27: How to securely sell your old Mac, iPhone, or iPad</a></li>
<li>Apr 11, 2018 — <a href="http://podcast.intego.com/26" target="_blank">26: Facebook, DNS, Apple privacy, new Mac Pro next year, and more</a></li>
<li>Apr 4, 2018 — <a href="http://podcast.intego.com/25" target="_blank">25: How to not get scammed online</a></li>
<li>Mar 28, 2018 — <a href="http://podcast.intego.com/24" target="_blank">24: Facebook, privacy, and logins</a></li>
<li>Mar 21, 2018 — <a href="http://podcast.intego.com/23" target="_blank">23: Which hard drive is best for your Mac?</a></li>
<li>Mar 14, 2018 — <a href="http://podcast.intego.com/22" target="_blank">22: Passwords in the cloud</a></li>
<li>Mar 7, 2018 — <a href="http://podcast.intego.com/21" target="_blank">21: Changes coming to macOS Server</a></li>
<li>Feb 28, 2018 — <a href="http://podcast.intego.com/20" target="_blank">20: To beta or not to beta…</a></li>
<li>Feb 21, 2018 — <a href="http://podcast.intego.com/19" target="_blank">19: Do you really want an AI listening to you all the time?</a></li>
<li>Feb 14, 2018 — <a href="http://podcast.intego.com/18" target="_blank">18: The year in Mac security, and tips for backing up your Mac</a></li>
<li>Feb 7, 2018 — <a href="http://podcast.intego.com/17" target="_blank">17: Ad blocking: the good, the bad, the ugly, and the ethics</a></li>
<li>Jan 31, 2018 — <a href="http://podcast.intego.com/16" target="_blank">16: Malware and security lingo: What do those words mean?</a></li>
<li>Jan 24, 2018 — <a href="http://podcast.intego.com/15" target="_blank">15: What's a VPN, and why should you use one?</a></li>
<li>Jan 17, 2018 — <a href="http://podcast.intego.com/14" target="_blank">14: What's up with my iPhone's battery?</a></li>
<li>Jan 10, 2018 — <a href="http://podcast.intego.com/13" target="_blank">13: Is my computer's CPU secure? (Meltdown and Spectre)</a></li>
<li>Jan 3, 2018 — <a href="http://podcast.intego.com/12" target="_blank">12: What to do if you've been hacked</a></li>
<li>Dec 27, 2017 — <a href="http://podcast.intego.com/11" target="_blank">11: Handcuffs made of tissue paper: Apple's differential privacy stinks</a></li>
<li>Dec 20, 2017 — <a href="http://podcast.intego.com/10" target="_blank">10: Tom Cruise is in every Starbucks</a></li>
<li>Dec 13, 2017 — <a href="http://podcast.intego.com/9" target="_blank">9: This is Potemkin security: iCloud backups and more</a></li>
<li>Dec 6, 2017 — <a href="http://podcast.intego.com/8" target="_blank">8: I have root ("I Am Root" macOS vulnerability)</a></li>
<li>Nov 29, 2017 — <a href="http://podcast.intego.com/7" target="_blank">7: Tom Cruise is in the row behind you: Trojans (FakeAV/Flash) and more</a></li>
<li>Nov 22, 2017 — <a href="http://podcast.intego.com/6" target="_blank">6: Passwords are hard (correct horse battery staple)</a></li>
</ul>
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, and follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> and <a href="https://www.linkedin.com/in/theJoshMeister" rel="author">LinkedIn</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-15824017836290063312019-06-15T03:34:00.000-07:002024-02-07T23:06:31.331-08:00Articles written from October 2017 to March 2019It's catch-up time again! Here's a list of articles I've written since my last post on <b>the JoshMeister on Security</b>, in reverse chronological order. Unless otherwise noted, these articles were published at Intego's <a href="https://www.intego.com/mac-security-blog/" target="_blank">The Mac Security Blog</a>.<br />
<br />
Articles <b>highlighted in bold</b> are either particularly interesting or are important and still relevant.<br />
<ul>
<li>Mar 15, 2019 — <a href="https://www.intego.com/mac-security-blog/rsa-conference-2019-highlights-a-mac-perspective/" target="_blank">RSA Conference 2019 highlights: a Mac perspective</a></li>
<li><b>Feb 22, 2019 — <a href="https://www.intego.com/mac-security-blog/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages/" target="_blank">iOS Safari flaw allows deceptive news headlines in Messages</a> (still not fixed as of Jun 2019)</b></li>
<li>Feb 1, 2019 — <a href="https://www.intego.com/mac-security-blog/are-ios-shortcuts-safe-reports-of-risks-surface/" target="_blank">Are iOS Shortcuts safe? Reports of risks surface</a></li>
<li>Jan 31, 2019 — <a href="https://www.intego.com/mac-security-blog/facebook-google-caught-deploying-invasive-apps-apple-shuts-them-down/" target="_blank">Facebook, Google caught deploying invasive apps; Apple shuts them down</a> (co-authored with Kirk McElhearn)</li>
<li>Jan 29, 2019 — <a href="https://www.intego.com/mac-security-blog/verymal-mac-attack-hides-data-within-a-picture/" target="_blank">VeryMal Mac attack hides data within a picture</a> </li>
<li>Jan 29, 2019 — <a href="https://www.intego.com/mac-security-blog/facetime-spying-bug-discovered-temporarily-worked-around/" target="_blank">Everything you need to know about the FaceTime spying bug</a> </li>
<li>Jan 18, 2019 — <a href="https://www.intego.com/mac-security-blog/collection-1-and-2-5-are-the-latest-massive-password-dumps/" target="_blank">Collection #1 (and #2–5) are the latest massive password dumps</a> </li>
<li><b>Jan 18, 2019 — <a href="https://www.intego.com/mac-security-blog/how-to-avoid-getting-hacked-after-data-breaches/" target="_blank">How to avoid getting hacked after data breaches</a> </b></li>
<b>
</b>
<li>Dec 4, 2018 — <a href="https://www.intego.com/mac-security-blog/did-instagram-leak-your-password/" target="_blank">Did Instagram leak your password?</a> </li>
<li>Nov 30, 2018 — <a href="https://www.intego.com/mac-security-blog/privacy-exodus-spam-delivers-mac-spyware/" target="_blank">Privacy Exodus: spam delivers Mac spyware</a> </li>
<li>Nov 14, 2018 — <a href="https://www.intego.com/mac-security-blog/ad-injecting-mac-malware-rediscovered/" target="_blank">Ad-injecting Mac malware rediscovered: SearchPageInjector/SearchAwesome</a></li>
<li><b>Sep 11, 2018 — <a href="https://www.intego.com/mac-security-blog/how-safe-is-the-mac-app-store-privacy-violating-apps-uncovered/" target="_blank">How safe is the Mac App Store? Privacy-violating apps uncovered</a> </b></li>
<b>
</b>
<li><b>Aug 27, 2018 — <a href="https://www.intego.com/mac-security-blog/operation-applejeus-and-osxlazarus-rise-of-a-mac-apt/" target="_blank">Operation AppleJeus and OSX/Lazarus: Rise of a Mac APT</a> </b></li>
<b>
</b>
<li><b>Aug 17, 2018 — <a href="https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/" target="_blank">Intego exclusive: HP leaves Mac users vulnerable to fax hacks</a> </b></li>
<b>
</b>
<li>Jul 26, 2018 — <a href="https://www.intego.com/mac-security-blog/osx-calisto-mac-malware-masquerades-as-intego-software/" target="_blank">OSX/Calisto Mac malware masquerades as Intego software</a></li>
<li><b>Jul 20, 2018 — <a href="https://www.intego.com/mac-security-blog/apples-quick-look-reveals-your-darkest-secrets/" target="_blank">Apple's Quick Look reveals your darkest secrets</a></b></li>
<b>
</b>
<li>Jul 14, 2018 — <a href="https://www.intego.com/mac-security-blog/anti-hack-feature-comes-to-ios-11-4-1-but-is-it-good-enough/" target="_blank">Anti-hack feature comes to iOS 11.4.1… but is it good enough?</a></li>
<li>Jul 6, 2018 — <a href="https://www.intego.com/mac-security-blog/new-mac-malware-targets-cryptocoin-dummies/" target="_blank">New Mac malware targets cryptocoin 'dummies'</a></li>
<li>Jun 6, 2018 — <a href="https://www.intego.com/mac-security-blog/macos-mojave-whats-new-in-security-and-privacy-features/" target="_blank">macOS Mojave: What's new in security and privacy features</a></li>
<li>Jun 5, 2018 — <a href="https://www.intego.com/mac-security-blog/why-ios-12-is-huge-for-security-and-privacy/" target="_blank">Why iOS 12 is huge for security and privacy</a></li>
<li><b>Apr 19, 2018 — <a href="https://www.intego.com/mac-security-blog/ios-trustjacking-how-attackers-can-hijack-your-iphone/" target="_blank">iOS trustjacking: How attackers can hijack your iPhone</a></b></li>
<b>
</b>
<li>Apr 17, 2018 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-march-2018/" target="_blank">Month in review: Apple security in March 2018</a></li>
<li><b>Apr 4, 2018 — <a href="https://web.archive.org/web/20200830052433/https://www.itspmagazine.com/from-the-newsroom/sorry-its-a-myth-that-macs-are-more-secure-than-pcs" target="_blank">Sorry, it's a myth that Macs are more secure than PCs</a> (ITSP Magazine; co-authored with/ghostwriting for Steve Kelly)</b></li>
<b>
</b>
<li>Mar 21, 2018 — <a href="https://www.intego.com/mac-security-blog/unwanted-cryptomining-debuts-briefly-in-mac-app-store/" target="_blank">Unwanted cryptomining debuts (briefly) in Mac App Store</a></li>
<li>Mar 6, 2018 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-february-2018/" target="_blank">Month in review: Apple security in February 2018</a></li>
<li><b>Mar 5, 2018 — <a href="https://www.intego.com/mac-security-blog/osxcoldroot-and-the-rat-invasion/" target="_blank">OSX/Coldroot and the RAT Invasion</a></b></li>
<b>
</b>
<li>Feb 21, 2018 — <a href="https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/" target="_blank">OSX/Shlayer: New Mac malware comes out of its shell</a></li>
<li>Feb 7, 2018 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-january-2018/" target="_blank">Month in review: Apple security in January 2018</a></li>
<li>Jan 31, 2018 — <a href="https://www.intego.com/mac-security-blog/a-look-back-at-the-top-mac-security-stories-of-2017/" target="_blank">A look back at the top Mac security stories of 2017</a></li>
<li>Jan 15, 2018 — <a href="https://www.intego.com/mac-security-blog/ay-mami-new-dns-hijacking-mac-malware-discovered/" target="_blank">¡Ay, MaMi! New DNS-hijacking Mac malware discovered</a></li>
<li>Jan 9, 2018 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-december-2017/" target="_blank">Month in review: Apple security in December 2017</a></li>
<li>Jan 8, 2018 — <a href="https://www.intego.com/mac-security-blog/meltdown-and-spectre-what-apple-users-need-to-know/" target="_blank">Meltdown and Spectre: What Apple users need to know</a></li>
<li>Dec 4, 2017 — <a href="https://www.intego.com/mac-security-blog/i-am-root-a-retrospective-on-a-severe-mac-vulnerability/" target="_blank">"I Am Root": a retrospective on a severe Mac vulnerability</a></li>
<li>Dec 4, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-november-2017/" target="_blank">Month in review: Apple security in November 2017</a></li>
<li><b>Nov 22, 2017 — <a href="https://www.intego.com/mac-security-blog/caution-black-friday-deals-may-be-bad-for-your-security/" target="_blank">Caution! These Black Friday "deals" may be bad for your security</a></b></li>
<b>
</b>
<li>Nov 1, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-october-2017/" target="_blank">Month in review: Apple security in October 2017</a></li>
</ul>
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, and follow me on <a href="https://twitter.com/theJoshMeister" target="_blank">Twitter</a> and <a href="https://www.linkedin.com/in/theJoshMeister" rel="author" target="_blank">LinkedIn</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-55105989028139837312017-11-20T21:23:00.002-08:002019-06-15T03:38:48.651-07:00Podcasts on Face ID, KRACK, Amazon Key, 2FA, Cryptojacking, iOS App Privacy, RSAC 2017, and MoreIt's time to catch up on sharing podcast episodes that I've co-hosted recently or published earlier this year.<br />
<br />
Click on the episode titles for more complete show notes and MP3 download links.<br />
<ul>
<li><b>November 15, 2017 — <a href="http://podcast.intego.com/5" target="_blank">Intego Mac Podcast #5: Two-Factor Authentication; Should You Be Worried about Bitcoin?</a></b></li>
<ul>
<li><img border="0" height="50" src="https://images.fireside.fm/podcasts/images/b/befa9c3e-5e51-4776-905a-ceeede7e11cf/cover.jpg" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Topics include:</li>
<ul>
<li>Why multifactor authentication is important</li>
<ul>
<li><i>including why SMS text messages are not an ideal "something you have" second factor</i></li>
</ul>
</ul>
<ul>
</ul>
<ul>
<li>What is cryptojacking, and what can you do to avoid it?</li>
<ul>
<li><i>including a brief overview of Bitcoin and cryptocurrency in general</i></li>
</ul>
</ul>
</ul>
<li><b>November 8, 2017 — <a href="http://podcast.intego.com/4" target="_blank">Intego Mac Podcast #4: iOS Apps and Privacy; Amazon Wants to Open Your Front Door</a></b></li>
<ul>
<li><img border="0" height="50" src="https://images.fireside.fm/podcasts/images/b/befa9c3e-5e51-4776-905a-ceeede7e11cf/cover.jpg" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Topics include:</li>
<ul>
<li>iOS apps can access your cameras whenever they're in the foreground, without notifying you, if you've ever authorized them once in the past</li>
<ul>
<li><i>including how to prevent unwanted use of the cameras on your own iPhone, iPad, or iPod touch</i></li>
</ul>
</ul>
<ul>
<li>What is Amazon Key, and could it really be safe to trust Amazon to let people enter your home unattended?</li>
</ul>
</ul>
<li><b>November 1, 2017 — <a href="http://podcast.intego.com/3" target="_blank">Intego Mac Podcast #3: KRACK Wi-Fi Attacks, and Apple's New APFS File System</a></b></li>
<ul>
<li><img border="0" height="50" src="https://images.fireside.fm/podcasts/images/b/befa9c3e-5e51-4776-905a-ceeede7e11cf/cover.jpg" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Topics include:</li>
<ul>
<li>What are Wi-Fi "KRACK attacks," and how might your Apple devices be affected by KRACK's collection of vulnerabilities?</li>
<li>What you should know about Apple's new APFS file system in macOS High Sierra</li>
</ul>
</ul>
<li><b>October 23, 2017 — <a href="http://podcast.intego.com/2" target="_blank">Intego Mac Podcast #2: A Look at Apple's Face ID, and Intego Turns 20</a></b></li>
<ul><ul>
<ul>
</ul>
</ul>
<li><img border="0" height="50" src="https://images.fireside.fm/podcasts/images/b/befa9c3e-5e51-4776-905a-ceeede7e11cf/cover.jpg" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Topics include:</li>
<ul>
<li>Discussion of the new Face ID authentication method in Apple's iPhone X smartphone</li>
<ul>
</ul>
</ul>
</ul>
<ul><ul>
<li>Intego's 20th anniversary: reflection on the early years with Serge Kameni</li>
<ul>
</ul>
</ul>
</ul>
<li><b>October 5, 2017 — <a href="http://podcast.intego.com/1" target="_blank">Intego Mac Podcast #1: Apple Privacy, and Secure Enclave</a></b></li>
<ul><ul>
<ul>
</ul>
</ul>
<li><img border="0" height="50" src="https://images.fireside.fm/podcasts/images/b/befa9c3e-5e51-4776-905a-ceeede7e11cf/cover.jpg" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Topics include:</li>
<ul>
<li>What does Apple claim about itself on its Privacy page?</li>
<ul>
</ul>
</ul>
<ul>
<li>What is Apple's "Secure Enclave," and does it matter that the Secure Enclave Processor firmware has allegedly been decrypted?</li>
<ul>
</ul>
</ul>
</ul>
<li><b>November 20, 2017 — <a href="http://www.techpulsepodcast.com/2017/11/rsac-2017-robert-graham-on-mirai-and.html" target="_blank">RSAC 2017: Robert Graham on Mirai and IoT Botnet Security</a></b></li>
<ul><ul>
<ul>
</ul>
</ul>
<li><img border="0" height="50" src="https://web.archive.org/web/20180310053932if_/https://www.talkshoe.com/custom/images/icons/TC-34949-MainIcon.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Recorded at RSA Conference USA in February 2017 (with permission from the speaker)</li>
<li>Robert Graham discusses:</li>
<ul>
<li>the Mirai botnet that took down Dyn and a significant portion of the Internet on October 21, 2016</li>
<li>his experience with obtaining an "Internet of Things" security camera from China via Amazon, and watching it get infected just 98 seconds after being connected to the Internet</li>
<ul>
</ul>
</ul>
</ul>
<li><b>March 23, 2017 — <a href="http://www.techpulsepodcast.com/2017/03/rsac-2017-amit-serper-on-osx-pirrit-and.html" target="_blank">RSAC 2017: Amit Serper on OSX Pirrit and Why You Should Care about Malicious Mac Adware</a></b></li>
<ul>
<li><img border="0" height="50" src="https://web.archive.org/web/20180310053932if_/https://www.talkshoe.com/custom/images/icons/TC-34949-MainIcon.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Recorded at RSA Conference USA in February 2017 (with permission from the speaker)</li>
<li>Amit Serper discusses:</li>
<ul>
<li>why some Mac adware can be particularly harmful</li>
<li>how he followed the rabbit trail to identify the perpetrators behind OSX.Pirrit</li>
</ul>
</ul>
<li><b>March 20, 2017 — <a href="http://www.techpulsepodcast.com/2017/03/rsac-2017-patrick-wardles-meet-and.html" target="_blank">RSAC 2017: Patrick Wardle's Meet and Greet with the macOS Malware Class of 2016</a></b></li>
<ul>
<li><img border="0" height="50" src="https://web.archive.org/web/20180310053932if_/https://www.talkshoe.com/custom/images/icons/TC-34949-MainIcon.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Recorded at RSA Conference USA in February 2017 (with permission from the speaker)</li>
<li>Patrick Wardle discusses:</li>
<ul>
<li>the Mac malware of 2016</li>
<li>Mac malware mitigations, including generic detection methods and tools</li>
</ul>
</ul>
</ul>
<br />
<b>Please <a href="https://itunes.apple.com/us/podcast/intego-mac-podcast/id1293834627" target="_blank">subscribe</a> to the Intego Mac Podcast</b> via the button below, and if you enjoy the show, please write us a 5-star review on iTunes! Every subscription and every review make a difference.<br />
<a href="https://itunes.apple.com/us/podcast/intego-mac-podcast/id1293834627" target="_blank"><img height="40" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK0pGXs6RQCV1SeL_EJCU6J0BSBsgiUCKUkXmzQc5wicSCNUF3_Eo-JCX7eoDF01OTTMzLoM_a7JYZ_o2rjqtR-eyMXMdGTV7s4V90ulVUO9r9pBBfvi2HCgh-7rMG-xqMqmCibX9NB599/s1600/Get-it-on-iTunes.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="109" /></a><br />
<br />
Also, in case you missed it…<br />
<br />
Be sure to check out my <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-october-2017/?utm_campaign=blog-post&utm_medium=JoshLong&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Apple Security Month in Review article for October 2017</a>, along with the <a href="https://youtu.be/RyDnuql3-hs" target="_blank">video version</a> (and be sure to <a href="https://www.youtube.com/user/IntegoVideo/videos?sub_confirmation=1" target="_blank">subscribe on YouTube</a>):<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://youtu.be/RyDnuql3-hs" target="_blank"><img border="0" data-original-height="900" data-original-width="1600" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgOEYQFdTRGvCZuE7joExLbbot5dbQL5DRndhZ5S5tZk3qvAzFnFPUR8YQRY12Ashy8Ij02bcNfwP7sBpxgHxO_Z_nTx_rV4i7kvElI0_LqgRnm9FZOE374gbhPUqCmAPuRy53xSHhsbuW/s320/October-2017-video-preview-image.png" width="320" /></a></div>
<script src="https://apis.google.com/js/platform.js"></script><br />
<div class="g-ytsubscribe" data-channel="IntegoVideo" data-count="default" data-layout="default">
</div>
<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, and follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> and <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-56167688538801123262017-10-26T02:29:00.000-07:002017-11-20T21:22:11.427-08:00New Apple Security YouTube Video Series and Audio PodcastI have two exciting announcements!<br />
<br />
<b><span style="font-size: large;">YouTube Video Series – Month in Review</span></b><br />
First, I'm producing and starring in a brand new <b>monthly YouTube video series</b> featuring highlights from my Apple security month-in-review column. You can subscribe via <a href="https://www.youtube.com/user/IntegoVideo" target="_blank">Intego's YouTube channel</a>, and be sure to click on the 🔔bell icon to get notified whenever a new video is released:<br />
<script src="https://apis.google.com/js/platform.js"></script><br />
<div class="g-ytsubscribe" data-channel="IntegoVideo" data-count="default" data-layout="default">
</div>
<br />
<br />
Check out the first episode by clicking <a href="https://youtu.be/PlnMGp6Hnz4" target="_blank">here</a>:<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://youtu.be/PlnMGp6Hnz4" target="_blank"><img border="0" data-original-height="720" data-original-width="1280" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBDhhJRgE_vzz2MYvjddyUmPi6mXknV7XcKDtDJECRanSz8tzbJGLGOEwACwrwn_PhEIh2MWorpTg4E8ZybCHv9OqLbjpI9VzPZZAB-opmdk2rG1Vjm3xLam_PoWSijPohhEuT6v1p3JKp/s320/preview-image-sept-2017-reduced.jpg" width="320" /></a></div>
<br />
<b><span style="font-size: large;">Audio Podcast – Weekly Apple Discussion</span></b><br />
Second, I'm co-hosting a brand new <b>weekly audio podcast</b> focusing on Apple topics including Mac and iOS security. Check out the homepage for the new <a href="http://podcast.intego.com/" target="_blank">Intego Mac Podcast</a>, which features Kirk McElhearn and me as hosts:<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="http://podcast.intego.com/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="600" data-original-width="600" height="200" src="https://images.fireside.fm/podcasts/images/b/befa9c3e-5e51-4776-905a-ceeede7e11cf/cover.jpg" width="200" /></a></div>
<br />
Please <a href="https://itunes.apple.com/us/podcast/intego-mac-podcast/id1293834627" target="_blank">subscribe</a> via the button below, and if you enjoy the show, please write us a 5-star review on iTunes! Every subscription and every review make a difference.<br />
<a href="https://itunes.apple.com/us/podcast/intego-mac-podcast/id1293834627"><img height="40" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK0pGXs6RQCV1SeL_EJCU6J0BSBsgiUCKUkXmzQc5wicSCNUF3_Eo-JCX7eoDF01OTTMzLoM_a7JYZ_o2rjqtR-eyMXMdGTV7s4V90ulVUO9r9pBBfvi2HCgh-7rMG-xqMqmCibX9NB599/s1600/Get-it-on-iTunes.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="109" /></a>
<br />
<br />
<span style="font-size: large;"><b>Please share!</b></span><br />
Please share both of these new shows with your friends, family, coworkers, and social media pals to help others stay safe online.<br />
<br />
I look forward to sharing security news with you in these new and exciting ways! Thanks to <a href="https://www.intego.com/" target="_blank">Intego</a> for providing the opportunity and means to create these new shows.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, and follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> and <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-80949299983225102512017-10-26T01:17:00.000-07:002017-11-20T11:33:32.265-08:00Articles Written from December 2016 to September 2017It's catch-up time! Here's a list of articles I've written since my last post on <b>the JoshMeister on Security</b> (in reverse chronological order):<br />
<ul>
<li><b>October 3, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-september-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in September 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>Apple releases macOS 10.13 High Sierra, iOS 11, tvOS 11, and watchOS 4</li>
<li>Patrick Wardle's SKEL and Keychain vulnerability discoveries</li>
<li>DolphinAttack</li>
</ul>
</ul>
<li><b>September 22, 2017 — <a href="https://www.intego.com/mac-security-blog/what-is-blueborne-an-apple-device-faq/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=blueborne-bluetooth-vulnerability" target="_blank">What is BlueBorne? An Apple Device FAQ</a></b></li>
<ul>
<li><img border="0" height="40" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3GvgShae7ZTQaPVah37pCMxMI4DiOmonXhUevFEQVy0T45mP382ZLLof7z2_LhzVSx-RCrg8-2z6-8TWltFsv5u016NFGe_2X4VRuq5I28SlbkRbXH_WI-FwLsPu1Yh93q4k8lwqHGOEA/s200/BlueBorne-logo-cropped.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Discussing BlueBorne, a Bluetooth vulnerability that affects some iPhone, iPad, iPod touch, and Apple TV models that Apple is no longer updating</li>
</ul>
<li><b>August 30, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-august-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in August 2017</a></b> </li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>Touch ID Secure Enclave Processor firmware allegedly decrypted</li>
<li>New Mac malware: Pwnet malware distributed via supposed hack for Counter-Strike game</li>
<li>New Mac malware: Mughthesec and other Mac adware installers</li>
</ul>
</ul>
<li><b>July 31, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-july-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in July 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>New Mac malware: OSX/FruitFly.B, a variant of spy malware discovered in January</li>
<li>New Mac malware: OSX/FlashyComposer.A, a variant of OSX/Leverage backdoor malware from way back in 2013</li>
<li>DevilRobber Mac malware makes a comeback</li>
</ul>
</ul>
<li><b>June 29, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-june-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in June 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>Mac ransomware and spyware as a service</li>
<li>New Mac malware: OSX/OceanLotus returns with new variant</li>
<li>Scam software in iOS App Store</li>
</ul>
</ul>
<li><b>May 31, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-may-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in May 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>New Mac malware: OSX/Dok distributed via phishing</li>
<li>New Mac malware: OSX/Proton.B distributed via compromised Handbrake download server</li>
<li>New Mac malware: Snake gets ported from Windows</li>
</ul>
</ul>
<li><b>May 25, 2017 — <a href="https://www.intego.com/mac-security-blog/wannacry-and-the-state-of-mac-ransomware/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=wannacry-mac-ransomware" target="_blank">WannaCry and the State of Mac Ransomware</a></b></li>
<ul>
<li><img border="0" height="40" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYl4JoVyLprdXMQKeWhQvv6ZDACjik7YD2IINduGu57kjcR0PzDH69AH2CsZ8poxmHaNe3WdYoUvqz2-cfe0kZTsVd7ybqyci677q7_f_3Yx9eABu5Nepfq23wj0WVz0uJqlcujFRR2h7_/s200/WannaCry-Ransomware.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Windows systems worldwide were hit by a serious SMB vulnerability called EternalBlue; Macs that run Windows could be affected</li>
<li>A summary of recent macOS-targeted ransomware is also discussed</li>
</ul>
<li><b>April 27, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-april-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in April 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>Apple introduces security (and, oops… insecurity) updates</li>
<li>SMS phishing scams targeting iPhone users</li>
<li>Find My Mac can be disabled by anyone with physical access</li>
<li>Unofficial app store hidden in an App Store app</li>
<li>Proof-of-concept fake apple.com site revealed a Unicode implementation issue in major browsers (Chrome, Opera, Firefox) that could have facilitated phishing</li>
</ul>
</ul>
<li><b>April 20, 2017 — <a href="https://www.intego.com/mac-security-blog/windows-vista-is-dead-should-you-switch-to-apple/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=windows-switch-apple" target="_blank">Windows Vista is Dead; Should You Switch to Apple?</a></b></li>
<ul>
<li>
<img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY9IEdxRBKamWYlK_aV4oPOORKDOVUGDkNMFff-dgdfeIN2rWsF2APyXK5MdazhC1b5GU_Al_cbyT3mnbQVagfG8Said01AJ_r6xtpiDI9qUcW8MQa_C6s7hpLfCyG0I4ZrEUIxq2oSz4f/s200/TrashingVistaForMacmini-cropped.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Microsoft is no longer releasing security updates for Windows Vista, and the upgrade path to Windows 10 is rather bumpy; is this a good time for users of a legacy Windows operating system to switch to a Mac or iPad?</li>
<ul>
</ul>
</ul>
<li><b>March 24, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-march-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in March 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories:</li>
<ul>
<li>Mac hackers get root at Pwn2Own</li>
<li>WikiLeaks' Vault 7 and DarkMatter disclosures highlight previously patched iOS and Mac vulnerabilities</li>
</ul>
</ul>
<li><b>March 20, 2017 — <a href="https://www.intego.com/mac-security-blog/rsa-conference-2017-highlights/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=rsa-conference-2017" target="_blank">RSA Conference 2017 Highlights</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieQiRZ6ZjaYi-8tTvy8aRH2ZKfMOK50yz5Oaz3NtaVvoMT6iwDPPB7Zj4Yv4mg7kPSP1V03FGT3TejUNVmV5ulxEUrF_ylo-JPYwV65_CU1UK3HxulDE0sn0eqNJnBGa6uidD3bWDVreyZ/s200/RSAC-logo.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />An extensive article featuring my coverage and highlights from RSA Conference (USA) 2017, including authorized audio recordings of these presentations:</li>
<ul>
<li>Patrick Wardle: <a href="https://archive.org/details/RSAC2017PatrickWardle" target="_blank">🔊Meet the macOS Malware Class of 2016</a></li>
<li>Amit Serper: <a href="https://archive.org/details/RSAC2017AmitSerper" target="_blank">🔊OSX Pirrit and Why Care About Mac Adware</a></li>
<li>Robert Graham: <a href="https://archive.org/details/RSAC2017RobertGraham" target="_blank">🔊Mirai and IoT Botnet Analysis</a></li>
</ul>
</ul>
<li><b>February 24, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-february-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in February 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Featured stories:<b><br /></b></li>
<ul>
<li>New Mac malware: Filecoder/Findzip ransomware</li>
<li>New Mac malware: Sofacy XAgent</li>
<li>New Mac malware: iKitten</li>
<li>New Mac malware: EmPyre Word macro</li>
<li>New Mac malware: PROTON RAT</li>
<li>iCloud was storing "deleted" Safari history</li>
<li>Alleged nude celebrity photo leak blamed on "iCloud hack" but devoid of evidence</li>
</ul>
</ul>
<li><b>January 25, 2017 — <a href="https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-january-2017/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=month-in-security" target="_blank">Month in Review: Apple Security in January 2017</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmWRC_kzIn6hxMsLf1DlzqXKLoV4lINigxl-CUM9j2AHdR7GhO1urk-3-lAVHVxL4fg4U0dovb0kRFNtrmljL3vJbBmxRcSoF-eO3zjWOWiOqiBkeMVE8mUrtTllwqH0ndiSFaIqAfoJer/s1600/mac-security-month-in-review-2017.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Featured stories:<b><br /></b></li>
<ul>
<li>New Mac malware: ClientCapture/Fruitfly/Quimitchin</li>
<li>Scam site launched DoS attack against unpatched Macs</li>
</ul>
</ul>
<li><b>December 15, 2016 — <a href="https://www.intego.com/mac-security-blog/what-to-do-if-your-mac-cant-run-macos-sierra/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=macos-sierra-help" target="_blank">What to Do if Your Mac Can't Run macOS Sierra</a></b></li>
<ul>
<li><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFCaDk_HutCdL1Ma8s_z9XttA-nplWhHQJc7-xW0gQTHeobLfuhKNYGne1Dob_X56m4bCrD7gRVZMA6hYUH1AyzB9Q_sI9lCRCyQH7mm75Bc36OD7iSDklLj20CVsORmKWvYGbG5syq4Cm/s200/fix-macos.png" style="border-color: white; clear: right; float: right; margin: 0pt 0pt 0px 0px;" />Apple released a major new operating system, and it isn't compatible with some Macs that could run previous versions of OS X; this article includes ideas for users of older Mac hardware (note: macOS High Sierra, released in late 2017, has the same system requirements as Sierra)<b><br /></b></li>
</ul>
</ul>
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, and follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> and <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-52239168939143170072016-03-19T20:50:00.000-07:002016-03-19T20:58:42.756-07:00Articles Written from May 2014 to February 2016It has been a while since I've posted links on this site to my external articles.<br />
<br />
Here's a list of articles I've written since my last post on <b>the JoshMeister on Security</b> (in reverse chronological order):<br />
<ul>
<li><b>February 29, 2016 — <a href="https://www.intego.com/mac-security-blog/the-evolution-of-ios-security-and-privacy-features/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=apple-iOS-security" target="_blank">The Evolution of iOS Security and Privacy Features</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglPHBIba0JnUDEX7SOSJIpkm9rdyq00KnrLGLZw9yiC8gBZGYWAu4J9cVwgPP6gC3LpO8zfdA7YHWiZIMqLlmb-4NhyJKc6BIQiAHSMznp3qgfS40FnbTzLKDeqgI_KIsrEPr1Hs8ICQqy/s200/trust-this-computer-cropped.jpg" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Discussing notable security improvements in each major iOS release, from the first iPhone OS (which Apple originally called "OS X") through the upcoming iOS 9.3<b><br /></b></li>
</ul>
<li><b>February 17, 2016 — <a href="https://www.intego.com/mac-security-blog/mac-os-x-security-features-timeline/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=osx-security-evolution" target="_blank">The Evolution of Mac OS X Security and Privacy Features</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNkjjevYQcvZJeU4hGCc4q26AxxJwx3KHEOGKfi0LTYx9E7SH8jGx7ESRm5aJo82DC8RIpVq849KF1gI5rj3iTjbU2WTpBbP4KveIc2bG6dkrSpus0nUFXL8sIj2Ug3j_k3WN5IErL-5rE/s1600/OS-X-security-cropped.jpg" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Discussing notable security improvements in OS X over the past decade, from Mac OS X 10.4 Tiger (released in April 2005) through OS X 10.11 El Capitan (released in September 2015)</li>
</ul>
<li><b>April 6, 2015 — <a href="https://www.intego.com/mac-security-blog/truecrypt-has-been-audited-should-you-use-it/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=truecrypt-security-audit" target="_blank">TrueCrypt Has Been Audited! Should You Use It?</a></b> </li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhX_fhLlCQmmw610kDAoUau-vDyR6G9imxB3LKssmbASbgdeUslMMWM_-xl_B3RkqCCPR6eRSREu2ahWKHve5dvCqcyk9m-xNlB8snP5aVWjeAEyqXZom_HKb68LlFNu8ieUX9juxqSJgGq/s200/FileVault-logo.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Discussing findings from the two phases of the audit, whether TrueCrypt is still safe to use, and alternative solutions VeraCrypt, CipherShed, and FileVault 2</li>
</ul>
<li><b>January 27, 2015 — <a href="https://www.intego.com/mac-security-blog/3-hottest-physical-security-products-ces-2015/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=ces-2015-security" target="_blank">The 3 Hottest Physical Security Products at CES 2015</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidJVWZuEZypIcVWx0ihjFL-FqsgVSUaoF4cMe9pH5EEcFFQChI7V4lLaaEx8nSZnA0sz4b2gqHE8crrmO9tyH4c_Fjd4-xNO-ufL0NznBcZOqTfJLCSlaX7vgPRK8rUv4wOWZW8u5jR8tg/s200/CES2015Logo-AppleSecurity-cropped.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured interesting products (<b>not</b> paid endorsements/reviews):</li>
<ul>
<li>Vysk QS1 Quantum Security Case for iPhone</li>
<li>FŪZ Designs Noke (Bluetooth Padlock)</li>
<li>EyeLock myris (Biometric Iris Scanner)</li>
</ul>
</ul>
<li><b>January 21, 2015 — <a href="https://www.intego.com/mac-security-blog/os-x-market-share-statistics-1-in-5-macs-still-unsupported/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=osx-market-share" target="_blank">OS X Market Share Statistics: 1 in 5 Macs Still Unsupported</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH1LEiERDwNAXGTp62AnM1PgLTJ7ErQzwnPsx1vljfQ-b-1E9PU0bpn8Uz7YbJKu80OJTZxJVry9b2TqmpmIlamDEYT2fSl3ba-XvuG9kEK70nab42ZwN-pbAfq-y93djYxMJK4DZtIuZG/s200/LogoOSXMarketShareSupportedBleeding-cropped.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />20% of Macs are running a version of OS X that is no longer getting security updates</li>
</ul>
<li><b>January 13, 2015 — <a href="https://www.intego.com/mac-security-blog/apple-security-2014-year-in-review/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=apple-security-2014" target="_blank">Apple Security: 2014 Year In Review</a></b></li>
<ul>
<li><img border="0" height="60" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-zxLzNJq39URhjDakBMoq5wao8qaVhHLO3El7T4-q9I4MdyPyVmoRYUihr8j5PW7g-qDzvetdqRrl3rtbmKbFKGQpLM9HozpuR3c902NALUuAK7hyphenhyphenrb7Q-PWnh2gFZx9zqlFRowi0rlF0/s1600/apple-security-2014-year-review-cropped.jpg" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories include:</li>
<ul>
<li>iCloud celebrity photo leak</li>
<li>New Mac malware threats</li>
<li>Heartbleed, Shellshock, POODLE, and NTP vulnerabilities</li>
</ul>
</ul>
<li><b>November 4, 2014 — <a href="https://www.intego.com/mac-security-blog/what-to-do-if-your-mac-cant-run-os-x-yosemite/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=install-osx-yosemite" target="_blank">What to Do if Your Mac Can’t Run OS X Yosemite</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7s-qHJEivM3E-qA-JrA92XvOZF9cg6IV3vTGj1Ote1xtxp0qP-DkB09dBFcAAa6PUHOXaS2ALBehIKTFeMYOJa8PjVBvjEHYmD0MFIwKCCFAkguOheyJcJhQHIOaryEmtswieKNq4omH_/s200/OSXYosemiteLogo-300x300.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />A list of Macs capable of running OS X 10.10 Yosemite, the problems inherent in continuing to use a Mac that can't run the latest OS, and what users can do about it </li>
</ul>
<li><b>June 2, 2014 — <a href="https://www.intego.com/mac-security-blog/truecrypt-is-dead-what-does-this-mean-for-mac-users/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=apple-security-news" target="_blank">TrueCrypt is Dead; What Does This Mean for Mac Users?</a></b></li>
<ul>
<li><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNYoxA7_8ro6Tt5sHJK0uP7nTCFV7ySqYJJgyt3PCLPabcIsnJJKMoJ1M5xiKlttyLtt1Rhdc61CfBFLCPrFOeQCUJ9ENfGzSrSb_X7MRfTTHpvnG-H__NoOhhzVRqMcWYvQHhQJ9Yr9b4/s320/TrueCrypt_Logo.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />The development of whole-disk encryption software TrueCrypt has suddenly ceased, with a note on the developer's site: "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues" </li>
</ul>
<li><b>May 28, 2014 — <a href="https://www.intego.com/mac-security-blog/month-in-review-part-2-vulnerabilities-and-patches/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=apple-security-news" target="_blank">Month in Review, Part 2: Vulnerabilities and Patches</a></b></li>
<ul>
<li>
<img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq60P66k_0l2g6BydrbLSXXLYlKKE7j29H87luNj_cHle2q-jdk0ktLZOdBvK7ObuW-95OXsaCJo8g_hJngVx8bhj5n0sg0UDFjS87cHx3k4wvarewwknAGkrSGAdVCyAUmLXN1YPzehRV/s200/adobe.jpg" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories:</li>
<ul>
<li>Multiple Adobe Updates - And Lack Thereof for Shockwave</li>
<li>Windows XP Zero-day Vulnerabilities</li>
<li>iOS 7.1.1 Reportedly Not Encrypting E-mail Attachments</li>
<li>Multiple Apple Updates</li>
<li>Heartbleed Still Affects 300,000 Servers</li>
</ul>
</ul>
<li><b>May 27, 2014 — <a href="https://www.intego.com/mac-security-blog/month-in-review-part-1-database-breaches-compromised-passwords/?utm_campaign=blog-post&utm_medium=theJoshMeister&utm_source=security-thejoshmeister-com&utm_content=apple-security-news" target="_blank">Month in Review, Part 1: Database Breaches, Compromised Passwords</a></b></li>
<ul>
<li><img border="0" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5g1k93Z0LnOuKMhQSohqge7Sqy39eqxhVLIjgbSbQ-g1_hxFBbVgUQcfm_ndAAFPXBmD-tNLiq_mNIiQNFgrCoKuuPEG2klxeYyMUDw0nAUbTIvVTdXpAakjWTUou_M0Mq2wgFTVHcBhX/s1600/leaky-apple-logo-126x150.png" style="border-color: white; clear: right; float: right; margin-bottom: 1em; margin-left: 1em; margin: 0pt 0pt 0px 0px;" />Featured stories:</li>
<ul>
<li>Apple Developer and Employee Contact Info Leaked</li>
<li>AOL User Database Breach Confirmed - Password Change Needed</li>
<li>Bitly Account Credentials Compromised - Password Change Needed</li>
<li>eBay User Database Compromised - Password Change Needed </li>
</ul>
</ul>
</ul>
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-2038305492223458322014-05-05T07:00:00.000-07:002017-10-18T12:31:24.586-07:00Heartbleed Affected More Sites Than You Realized<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNbe5qb8PHqFU_ki2FkIe_EjIl94mOPJ5iVZt_Wr2wf4ghb71M0CyTzEOCpd6ozPQ9JilAyeXtxd0Ddeek3hGcy_CCnod2yx08qWbkmrdJ31yO1nM5FNCM8oOBGTBCcoe0JCmnssZasUm9/s1600/heartbleed.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNbe5qb8PHqFU_ki2FkIe_EjIl94mOPJ5iVZt_Wr2wf4ghb71M0CyTzEOCpd6ozPQ9JilAyeXtxd0Ddeek3hGcy_CCnod2yx08qWbkmrdJ31yO1nM5FNCM8oOBGTBCcoe0JCmnssZasUm9/s1600/heartbleed.png" width="165" /></a></div>
I don't have time to write up a detailed article describing the <a href="http://heartbleed.com/" rel="nofollow" target="_blank">Heartbleed</a> vulnerability, but plenty has been written about it elsewhere. Suffice it to say that it almost certainly affected sites you've used within the past two years, and <b>you need to change some of your passwords</b>. This article should help you determine which of your passwords you may need to change.<br />
<br />
Contrary to the popular belief that the Heartbleed vulnerability was first discovered in March or April 2014, there's evidence that it was being exploited in <a href="https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013" target="_blank">November 2013</a>, if not earlier. There's also a myth that Heartbleed doesn't affect users of Apple products, which is false; see Graham Cluley's <a href="http://www.intego.com/mac-security-blog/heartbleed-openssl-bug-faq-for-mac-iphone-and-ipad-users/" target="_blank">Heartbleed OpenSSL bug FAQ for Mac, iPhone and iPad users</a> for some basic factual information.<br />
<br />
A handful of major news sites have put together small lists of Web sites whose users should change their passwords, but I've found these lists to be quite lacking, so I decided to put together my own. I've been compiling this list for almost a month; it's big, so it took a lot of time. <b>This list includes some exclusives</b> that I haven't seen anywhere else.<br />
<br />
Given the enormity of this list, I strongly recommend that you <b>search within this page</b> for any sites you use, rather than trying to look through it alphabetically. Please note that there are several sections. Be sure to especially look at <b>the first <i>two</i> sections</b>; if you use any sites listed in those sections, you'll want to change your passwords for those sites (and anywhere else you may have shared the same password) as soon as possible.<br />
<br />
If you search this article and can't find a particular site, see the section at the bottom of this article which explains how you can conduct your own Heartbleed tests. (Note that over a month after the Heartbleed vulnerability was disclosed to the public, over <a href="http://blog.erratasec.com/2014/05/300k-servers-vulnerable-to-heartbleed.html" target="_blank">300,000 servers</a> are reportedly still vulnerable to Heartbleed attacks, so there's a decent chance that a server you use isn't on <i>anyone's</i> list, no matter how comprehensive the list may seem.)<br />
<br />
<br />
<br />
<u><b>Change Passwords NOW:</b></u><br />
<br />
<b>Amazon Web Services (AWS) e.g. EC2, S3, etc.</b> (aws.amazon.com): company statement - https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/ - according to Mashable, "<b>Elastic Load Balancing</b>, <b>Amazon EC2</b>, <b>Amazon Linux AMI</b>, <b>Red Hat Enterprise Linux</b>, <b>Ubuntu</b>, <b>AWS OpsWorks</b>, <b>AWS Elastic Beanstalk</b> and <b>Amazon CloudFront</b> were patched" - filippo.io/Heartbleed claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it - NOTE that the Amazon.com shopping site was unaffected by Heartbleed<br />
<br />
<b>App.net</b> (app.net / account.app.net / alpha.app.net / join.app.net): company statement - http://blog.app.net/2014/04/10/openssl-heartbleed-vulnerability-update/ - new certificate after Heartbleed publicly disclosed; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Ars Technica</b> (arstechnica.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Barracuda Networks</b> - see Copy <br />
<br />
<b>Bitly</b> (bitly.com / bit.ly): Qualys claims currently not vulnerable to Heartbleed attack; <b>however</b>, Bitly announced in early May 2014 that its system was breached (presumably unrelated to the Heartbleed bug), so the company recommends changing passwords and other account settings as outlined at https://bit.ly/SecurityDetails<br />
<br />
<b>Bizrate</b> (bizrate.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Blogger/Blogspot</b> - see Google<br />
<br />
<b>Box</b> (box.com): company statement - https://blog.box.com/2014/04/box-protection-against-openssl-heartbleed-vulnerability/ - new certificate after Heartbleed publicly disclosed; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>The Church of Jesus Christ of Latter-day Saints</b> (lds.org / signin.lds.org / mormonorg.lds.org / edge.mormoncdn.org etc.): LastPass says lds.org doesn't use OpenSSL but signin.lds.org does (it's unclear whether the site ever used a vulnerable version); new certificates after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys and Trend Micro claim currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Copy</b> cloud storage by Barracuda Networks (copy.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>comiXology</b> (www.comixology.com): currently/previously on dberkholz's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>CrashPlan</b> (crashplan.com): company statement - https://helpdesk.code42.com/entries/50328933-Code42-Products-and-the-Heartbleed-Bug (an e-mail was also sent to users on 15 April 2014 stating "As a precautionary measure, we recommend that all users update their CrashPlan passwords. It's not necessary to change your private password, nor your custom 448-bit key (if you are using these advanced security features)." - new certificate after Heartbleed publicly disclosed; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>custhelp.com</b> by Oracle (247pearsoned.custhelp.com / penguingroup.custhelp.com etc.): new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Dashlane</b> (www.dashlane.com) patched its servers and revoked its old certificates; they claim you don't need to change your password, but you should change it anyway<br />
<br />
<b>DirectPass</b> from Trend Micro (www.directpass.com): new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; LastPass says "known [to] use OpenSSL" so it could potentially have been affected in the past; however, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Dropbox</b> (dropbox.com / dl.dropbox.com / getdropbox.com / dl.dropboxusercontent.com): new certificate after Heartbleed publicly disclosed; company statement - https://twitter.com/dropbox_support/status/453673783480832000<br />
<br />
<b>Duke University</b> (duke.edu): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Dynadot</b> domain name registrar (dynadot.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>eBay</b> (signin.ebay.com / signin.ebay.ca / signin.ebay.co.uk): Trend Micro claims currently not vulnerable to Heartbleed attack; LastPass claims signin.ebay.com was not previously vulnerable, and signin.ebay.co.uk and signin.ebay.ca use OpenSSL and may possibly have been vulnerable in the past but have recently updated certificates; <b>however</b>, eBay announced on 21 May 2014 that its system was breached (presumably unrelated to the Heartbleed bug), so the company recommends changing passwords immediately; official statement at https://www.paypal-community.com/t5/PayPal-Forward/eBay-To-Ask-Users-to-Change-Their-Passwords-No-Evidence-PayPal/ba-p/815612 - meanwhile, eBay subsidiary PayPal was supposedly unaffected; see also PayPal in the "Known Safe" section<br />
<br />
<b>Facebook</b> (facebook.com): company stated, "We added protections for Facebook's implementation of OpenSSL before this issue was publicly disclosed. ... we encourage people to ... set up a unique password." When exactly did Facebook add protections? Current certificate was issued March 1st, more than a month before public Heartbleed disclosure; note, however, that there's been evidence that the vulnerability was being exploited prior to public disclosure, so it would be wise to change your Facebook password now<br />
<br />
<b>Fitbit</b> (fitbit.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Flickr</b> - see Yahoo!<br />
<br />
<b>Get Satisfaction</b> (getsatisfaction.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>GitHub</b> (github.com): company statement - https://github.com/blog/1818-security-heartbleed-vulnerability - new certificate after Heartbleed publicly disclosed; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>GoDaddy</b> domain name registrar (godaddy.com): company statement - http://godaddyblog.com/open-ssl-heartbleed-weve-patched-servers/ - Qualys claims that the primary domain godaddy.com (which is supposedly running Microsoft IIS, not OpenSSL, according to LastPass Heartbleed Checker) currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Google</b> (including google.com search / blogger.com and blogspot.com / youtube.com / Gmail mail.google.com / Google Play Store play.google.com / Google Wallet checkout.google.com / Google Apps / Google App Engine appengine.google.com / developers.google.com / cloud.google.com etc.): company statement according to Mashable - "We have assessed the SSL vulnerability and applied patches to key Google services."<br />
<br />
<b>Gravatar</b> (secure.gravatar.com): new certificate after Heartbleed publicly disclosed - hints at possibly having been affected<br />
<br />
<b>Great Lakes</b> student loans (mygreatlakes.org): new certificate after Heartbleed publicly disclosed - hints at possibly having been affected<br />
<br />
<b>IFTTT</b> "if this then that" (ifttt.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Instagram</b>, a Facebook company (instagram.com): company statement to Mashable: "Our security teams worked quickly on a fix... because this event impacted many services across the web, we recommend you update your password on Instagram and other sites, particularly if you use the same password on multiple sites."<br />
<br />
<b>Jehovah's Witnesses</b> - see Watch Tower Bible and Tract Society<br />
<br />
<b>LastPass</b> (lastpass.com) servers were affected and patched; although the company says you don't need to change your master password, if you've ever logged into your account on their site it would be a good idea to change your LastPass account password<br />
<br />
<b>LDS</b> - see Church of Jesus Christ of Latter-day Saints<br />
<br />
<b>Libsyn</b> (libsyn.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Mormon</b> - see Church of Jesus Christ of Latter-day Saints<br />
<br />
<b>Netflix</b> (netflix.com): from company statement to Mashable - "we took immediate action to assess the vulnerability and address it. ... It's a good practice to change passwords from time to time, now would be a good time to think about doing so."<br />
<br />
<b>Network Solutions</b> (networksolutions.com) claims in a statement
from 9 April 2014
(https://www.networksolutions.com/blog/2014/04/notice-to-web-com-network-solutions-and-register-com-customers-about-the-heartbleed-vulnerability/)
that its systems have been patched<br />
<br />
<b>OkCupid</b> (okcupid.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Pinterest</b> (pinterest.com): from company statement to Mashable - "We fixed the issue on Pinterest.com... To be extra careful, we e-mailed Pinners who may have been impacted, and encouraged them to change their passwords." Better advice: change it now, regardless of whether you get an e-mail.<br />
<br />
<b>ReadWrite</b> (readwrite.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Reddit</b> (reddit.com / pay.reddit.com): new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims pay.reddit.com is currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>ReverbNation</b> (reverbnation.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Rockstar Games</b> (socialclub.rockstargames.com / support.rockstargames.com): company statement - https://support.rockstargames.com/hc/en-us/articles/202393788-Effect-of-Heartbleed-Security-Issue-on-Rockstar-Social-Club-Members - not all certificates used by this company appear to have been reissued after Heartbleed publicly disclosed (although non-reissued certificates might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, filippo.io/Heartbleed claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Scoop.it</b> (scoop.it): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Shopzilla</b> (shopzilla.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Skrill</b> online payment site (skrill.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Smashwords</b> (smashwords.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>SoundCloud</b> (soundcloud.com): on Mashable's list; also notifying logged-in users that a password change is recommended due to Heartbleed bug, so change it now<br />
<br />
<b>Sourceforge</b> (sourceforge.net) was only partially affected: "the only vulnerable service was SourceForge's Subversion over HTTPS on Allura (svn.code.sourceforge.net)" http://sourceforge.net/blog/sourceforge-response-to-heartbleed/ - if you think you may have used svn.code.sourceforge.net within the past two years, read the full company statement and change your password (the certificate for *.code.sourceforge.net has been reissued)<br />
<br />
<b>Squidoo</b> (squidoo.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Steam</b> gaming site by Valve (steamcommunity.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Toshiba</b> (toshiba.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Trend Micro</b> - see DirectPass<br />
<br />
<b>Tumblr</b> - see Yahoo!<br />
<br />
<b>Twitter</b> initially claimed to be unaffected (http://status.twitter.com/post/82109064906/ssl-security-update) but later told Mashable it had applied a patch; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Unity Technologies</b> (unity3d.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>University of California, Los Angeles aka UCLA</b> (ucla.edu / gateway.it.ucla.edu): ucla.edu currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>University of Illinois at Urbana-Champaign</b> (uiuc.edu / uofi.illinois.edu / uofi.uic.edu / uofi.uis.edu / illinois.edu / uofi.uillinois.edu): uiuc.edu currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>University of Maryland</b> (umd.edu): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>USAA</b> banking/insurance (usaa.com): company statement at https://communities.usaa.com/t5/USAA-News/USAA-Takes-Measures-Against-Heartbleed-Bug/ba-p/25876 says "A security patch was implemented...and...we have obtained new certificates for usaa.com... we recommend members periodically change their passwords, especially when there is a known vulnerability, and use a unique password for each site"<br />
<br />
<b>VUDU</b> (my.vudu.com): vudu.com currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Watch Tower Bible and Tract Society</b> (www.jw.org / watchtower.org / watchtower.com): watchtower.com currently/previously on Ragic's list of supposedly affected sites (even though it doesn't appear to accept HTTPS connections); www.jw.org has a new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims www.jw.org currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Wikipedia and other Wikimedia sites</b> (wikipedia.org / wikimedia.org / wikibooks.org / wikidata.org / wikinews.org / wikiquote.org / wikisource.org / wiktionary.org / mediawiki.org): company statement at https://blog.wikimedia.org/2014/04/10/wikimedias-response-to-the-heartbleed-security-vulnerability/ explains that their SSL certificate provider keeps the original "not valid before" date on replaced certificates; Qualys claims currently not vulnerable to Heartbleed attack, so if you have an account at wikipedia.org or its sister sites, now's the time to change your password<br />
<br />
<b>Wikispaces</b> (wikispaces.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>Yahoo!</b> (including <b>Flickr</b> flickr.com / <b>Tumblr</b> tumblr.com /<b> Yahoo! Mail</b> mail.yahoo.com / login.yahoo.com etc.) - Mashable states that "<b>Yahoo Homepage</b>, <b>Yahoo Search</b>, <b>Yahoo Mail</b>, <b>Yahoo Finance</b>, <b>Yahoo Sports</b>, <b>Yahoo Food</b>, <b>Yahoo Tech</b>, <b>Flickr</b> and <b>Tumblr</b> were patched"; new certificates after Heartbleed publicly disclosed; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<b>YouTube</b> - see Google<br />
<br />
<b>Zendesk</b> (zendesk.com): company statement - https://support.zendesk.com/entries/50648937 - excerpt: "we strongly recommend that you regenerate your Zendesk hosted SSL certificate and reset all user passwords"<br />
<br />
<b>ZergNet</b> (zergnet.com): currently/previously on Ragic's list of supposedly affected sites; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now's the time to change it<br />
<br />
<br />
<br />
<u><b>Change Passwords NOW (but make sure you do it while connected to a trusted network):</b></u><br />
<br />
<b>Advertising Age</b> (adage.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>AddThis</b> (addthis.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Airbnb</b> (www.airbnb.com): on CNNMoney's list of passwords to change; not all certificates used by this domain appear to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Answers</b> - see ResellerRatings <br />
<br />
<b>AOL</b> (my.screenname.aol.com / mail.aol.com / webmail.aol.com / beta.mail.aol.com): "AOL told Mashable it was not running the vulnerable version"; Qualys claims the listed domains are currently not vulnerable to Heartbleed attack; <b>however</b>, AOL announced on 28 April 2014 that its encrypted passwords database was breached (presumably unrelated to the Heartbleed bug), so the company recommends changing passwords immediately at https://account.aol.com - I've put this in the "make sure you do it while connected to a trusted network" section because AOL is notorious for not maintaining an HTTPS connection on all pages after logging in<br />
<br />
<b>archive.org</b> - see Internet Archive<br />
<b><br />The Atlantic</b> (theatlantic.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Beliefnet</b> (beliefnet.com): currently/previously on dberkholz's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Bio</b> - A&E Biography (biography.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>BitTorrent</b> (bittorrent.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Blip</b> (blip.tv): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Buenos Aires Ciudad</b> - government site in Argentina (id.buenosaires.gob.ar): "buenosaires.gob.ar" currently/previously on Ragic's list of supposedly affected sites; id.buenosaires.gob.ar certificate was NOT reissued after Heartbleed was publicly disclosed - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Cheezburger</b> (cheezburger.com): currently/previously on dberkholz's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Chess.com</b> (chess.com): currently/previously on dberkholz's list of supposedly affected sites; not all certificates used by this domain appear to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>The Christian Post</b> (christianpost.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Creative Commons</b> (creativecommons.org): currently/previously on dberkholz's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Daily Mail</b> (www.dailymail.co.uk / secured.dailymail.co.uk): on CNET's "Be on alert" list, and has not responded to CNET's request for comment; new certificate after Heartbleed publicly disclosed - hints at possibly having been affected; Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else (note that the login page itself isn't encrypted, so you'll want to change your password while connected to a trusted network, and don't give any sensitive information to this site)<br />
<br />
<b>Deseret News</b> (deseretnews.com): currently/previously on dberkholz's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Drugs.com</b> (drugs.com): currently/previously on dberkholz's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>DuckDuckGo</b> search engine (duckduckgo.com / duck.co): duckduckgo.com currently/previously on Ragic's list of supposedly affected sites; new certificate for duckduckgo.com after Heartbleed publicly disclosed - hints at possibly having been affected; duck.co certificate was NOT reissued after Heartbleed was publicly disclosed - theoretically may be spoofable by a MITM; nevertheless, Qualys claims both domains currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>The Economist</b> (economist.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>EdgeCast CDN</b> (edgecastcdn.net): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Eventbrite</b> (eventbrite.com / eventbrite.co.uk etc.): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Fark</b> (fark.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>FatWallet</b> (fatwallet.com): currently/previously on Ragic's list of supposedly affected sites; not all certificates used by this domain appear to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Favstar</b> (favstar.fm): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Fixya</b> (www.fixya.com): ssllabs said vulnerable until I tested again on 13 April 2014 at 18:43 UTC; previously on dberkholz's list of affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, ssllabs & filippo.io/Heartbleed both indicate it's no longer vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>fool.com</b> - see Motley Fool<br />
<br />
<b>Friend or Follow</b> (friendorfollow.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>The Heritage Foundation</b> (secure.heritage.org): "heritage.org" currently/previously on Ragic's list of supposedly affected sites; secure.heritage.org certificate was NOT reissued after Heartbleed was publicly disclosed - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Hide My Ass</b> (hidemyass.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Imgur</b> (imgur.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Indiegogo</b> (indiegogo.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Internet Archive</b> (archive.org): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Kaspersky</b> (kaspersky.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Lonely Planet</b> (lonelyplanet.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>mail.com</b>: currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Merriam-Webster</b> (secure.merriam-webster.com): "m-w.com" currently/previously on Ragic's list of supposedly affected sites; secure.merriam-webster.com certificate was reissued on 4 April 2014, after Heartbleed was disclosed but PRIOR to when OpenSSL 1.0.1g was released on 7 April - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>The Motley Fool</b> (fool.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>National Journal</b> (nationaljournal.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>North Carolina State University</b> (ncsu.edu): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Outbrain</b> (outbrain.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Path</b> (path.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>The PHP Group (php.net)</b>: currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>phpBB</b> (phpbb.com): currently/previously on Ragic's list of supposedly affected sites; certificate was reissued on 5 April 2014, after Heartbleed was disclosed but PRIOR to when OpenSSL 1.0.1g was released on 7 April - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>phpnuke</b> (phpnuke.org): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>PicMonkey</b> (picmonkey.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>RapidShare</b> (rapidshare.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Remember The Milk</b> (rememberthemilk.com): currently/previously on Ragic's list of supposedly affected sites; not all certificates used by this domain appear to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>ResellerRatings</b> by Answers (resellerratings.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Rolling Stone</b> (rollingstone.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>SoftCoin</b> branding and coupons (softcoin.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Squarespace</b> (static.squarespace.com): Squarespace claims "All public-facing Squarespace services are safe and not vulnerable to the #heartbleed TLS vulnerability" https://twitter.com/Squarespace/status/453690949005094912 - you can supposedly e-mail customercare@squarespace.com for "full details" - however, currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Stack Exchange</b> (stackexchange.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>State Government of Victoria</b> (vic.gov.au): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>The Street</b> (thestreet.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Twitpic</b> (twitpic.com): ssllabs said vulnerable until I tested again on 15 April 2014 at 05:19 UTC; previously on dberkholz's list of affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, ssllabs & filippo.io/Heartbleed both indicate it's no longer vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Userscripts.org</b> (userscripts.org): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Us Weekly</b> (usmagazine.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>uTorrent</b> (utorrent.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Victoria government site</b> - see State Government of Victoria<br />
<br />
<b>Vocabulary.com</b> (vocabulary.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Webster's Dictionary</b> - see Merriam-Webster<br />
<br />
<b>Zagat</b> (zagat.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<b>Zap2it</b> (zap2it.com): currently/previously on Ragic's list of supposedly affected sites; certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM; nevertheless, Qualys claims currently not vulnerable to Heartbleed attack, so if you have a password at this site now may be a good time to change it to a new password you don't use anywhere else<br />
<br />
<br />
<br />
<u><b>Unknown/Ambiguous:</b></u><br />
I'm not aware of public statements made by these companies, and their certificates haven't been replaced since Heartbleed became public knowledge, but they're not <i>currently</i> vulnerable according to SSLLabs<br />
<br />
<b>A&E</b> - see History Channel<br />
<br />
<b>AbeBooks</b> (abebooks.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>about.me</b>: Qualys claims currently not vulnerable to Heartbleed attack; note that parent company AOL is in the "Change Passwords NOW (but make sure you do it while connected to a trusted network)" category but not because of Heartbleed<br />
<br />
<b>Alaska Airlines</b> (alaskaair.com / www.alaskaair.com / webselfservice.alaskaair.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Allegiance</b> feedback site (www.allegiancetech.com - used for the feedback page on mormon.org and other sites)<br />
<br />
<b>American Airlines</b> (aa.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>American InterContinental University Online</b> (aiuonline.edu): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>BabyCenter</b> (babycenter.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Barack Obama</b> (login.barackobama.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Burrtec Waste Industries</b> - see MyOnlineBill.com<br />
<br />
<b>CafePress</b> (cafepress.com / members.cafepress.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Catholic Online e-mail</b> (webmail.catholic.org): Qualys claims currently not vulnerable to Heartbleed attack, but LastPass says "known [to] use OpenSSL" so it could potentially have been affected in the past<br />
<br />
<b>Charter Communications e-mail</b> (web.charter.net): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Convio</b> nonprofit donation site by Blackbaud (secure2.convio.net): Qualys claims currently not vulnerable to Heartbleed attack, but LastPass says "known [to] use OpenSSL" so it could potentially have been affected in the past<br />
<br />
<b>Costco</b> (costco.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Delicious</b> bookmarking site (delicious.com, formerly del.icio.us): LastPast says this site is "known [to] use OpenSSL" but filippo.io/Heartbleed claims currently not vulnerable to Heartbleed attack; I e-mailed company on 12 April 2014 and have not received any statement<br />
<br />
<b>Delta Air Lines</b> (www.delta.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Delta Dental Insurance</b> (deltadentalins.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Department of Motor Vehicles, California</b> (dmv.ca.gov): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Disney</b> login/registration (register.go.com / registerdisney.go.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>E*TRADE</b> (etrade.com / us.etrade.com): Qualys claims currently not vulnerable to Heartbleed attack; LastPass claims E*TRADE was not vulnerable to Heartbleed (but doesn't really offer evidence to support this assertion); on CNNMoney's list of supposedly unaffected sites; public statement to Mashable on 9 April 2014 was that the company was "still investigating"<br />
<br />
<b>eSellerate</b> (mycommerce.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>FAFSA</b> financial aid (fafsa.ed.gov): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>FriendFeed</b> (friendfeed.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Gazelle</b> (gazelle.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Hawaiian Airlines</b> (apps.hawaiianairlines.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>History Channel / A&E Television Networks</b> shopping (secure.history.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>JetBlue Airways</b> (book.jetblue.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>LegitScript</b> online pharmacy legitimacy verification (secure.legitscript.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>McAfee support site</b> (mysupport.mcafee.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>mint.com</b> (Qualys claims currently not vulnerable to Heartbleed attack)<br />
<br />
<b>MyOnlineBill.com</b> bill payment site used by waste disposal (e.g. Burrtec) and insurance companies (app.myonlinebill.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>MySpace</b> (myspace.com): Qualys claims currently not vulnerable to Heartbleed attack; I e-mailed company on 12 April 2014 and have received no response<br />
<br />
<b>Northcentral University</b> (learners.ncu.edu): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Norton / Symantec</b> (account.norton.com / login.norton.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Pacific Gas and Electric</b> (www.pge.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Patient Compass</b> hospital bill payment (patientcompass.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Plurk</b> (plurk.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>ProtectMyID</b> identity theft monitoring - offered to Target customers after holiday 2013 breach (protectmyid.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Safeway</b> grocery store (auth.safeway.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Slashdot</b> (slashdot.org): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Snapchat</b> (support.snapchat.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Southern California Edison</b> (sce.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Southern California Gas Company</b> (myaccount.socalgas.com): Qualys claims currently not vulnerable to Heartbleed attack <br />
<br />
<b>Southwest Airlines</b> (www.southwest.com): Qualys claims currently not vulnerable to Heartbleed attack — BUT may be vulnerable to MITM attacks<br />
<br />
<b>Spotify</b> (spotify.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>StumbleUpon</b> (stumbleupon.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Symantec</b> - see Norton<br />
<br />
<b>Target</b> theft monitoring partner - see ProtectMyID <br />
<br />
<b>Time Warner Cable</b> (twlax.convergentcare.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>United Airlines</b> (www.united.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>United Stated Postal Service</b> (usps.com): Qualys claims currently not vulnerable to Heartbleed attack — BUT IS vulnerable to MITM attacks<br />
<br />
<b>University of Phoenix</b> (www.phoenix.edu / ecampus.phoenix.edu): Qualys claims currently not vulnerable to Heartbleed attack — BUT ecampus subdomain IS vulnerable to MITM attacks<br />
<br />
<b>Upromise</b> (lty.s.upromise.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Verizon</b> - not Wireless (signin.verizon.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Verizon Wireless</b> (login.verizonwireless.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Virgin America airline</b> (virginamerica.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>VirusShare.com</b> (virusshare.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>VirusTotal</b> (www.virustotal.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Vons</b> grocery store (rss.vons.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>Web of Trust</b> (mywot.com): Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<br />
<br />
<u><b>Known Safe - No Password Change Needed (according to the company and/or third-party tests):</b></u><br />
<br />
<b>AirTran Airways</b> (ebyepass.airtran.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Amazon</b> (www.amazon.com) told Mashable, "Amazon.com is not affected" - also on CNET and CNNMoney safe lists - filippo.io/Heartbleed claims currently not vulnerable to Heartbleed attack - <b>HOWEVER</b>, note that the separate site Amazon Web Services is in the "Change Passwords NOW" section; see also comiXology which is a recently acquired Amazon property that's also in the "Change Passwords NOW" section<br />
<br />
<b>American Express</b> (online.americanexpress.com): Qualys claims currently not vulnerable to Heartbleed attack; LastPass claims AmEx was not vulnerable to Heartbleed (but doesn't really offer evidence to support this assertion); AmEx told Mashable, "There was no compromise of any customer data. While we are not requiring customers to take any specific action at this time, it is a good security practice to regularly update Internet passwords."<br />
<br />
<b>Ancestry.com</b> (secure.ancestry.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Apple</b> (bugreport.apple.com / idmsa.apple.com / lists.apple.com / ssl.apple.com etc.): Mashable says Apple claims "key Web-based services were not affected"; Qualys claims the listed domains are currently not vulnerable to Heartbleed attack (<b>however</b>, it is a bit suspicious that the certificate for ssl.apple.com was reissued on 16 April 2014 even though the old certificate wasn't due to expire until November 2015, according to the Firefox add-on Certificate Patrol)<br />
<br />
<b>Bank of America</b> (www.bankofamerica.com) told Mashable, "A majority of our platforms do NOT use OpenSSL, and the ones that do, we have confirmed no vulnerabilities."<br />
<br />
<b>BECU credit union</b> (www.becu.org): uses Microsoft IIS, not OpenSSL (also on CNNMoney's "Don't worry about these" list)<br />
<br />
<b>Capital One</b> bank (www.capitalone.com) told Mashable, "Capital One uses a version of encryption that is not vulnerable to Heartbleed" (filippo.io/Heartbleed claims currently not vulnerable to Heartbleed attack)<br />
<br />
<b>Charter Communications billing</b> (myaccount.charter.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Chase</b> bank (www.chase.com) told Mashable, "These sites [which?] don't use the encryption software that is vulnerable to the Heartbleed bug."<br />
<br />
<b>Citibank / Citigroup</b> (online.citibank.com / www.citigroup.com): Citigroup told Mashable that it doesn't use OpenSSL in "customer-facing retail banking and credit card sites and mobile apps"<br />
<br />
<b>CNET</b> (e.g. upload.cnet.com) according to CNET's article in Sources section below; Qualys claims upload.cnet.com currently not vulnerable to Heartbleed attack — BUT IS vulnerable to MITM attacks<br />
<br />
<b>Deseret Book</b> (deseretbook.com / bookshelf.deseretbook.com): privately stated in an e-mail to me that "Deseret Book was not effected by the bug. We already had some security features in place so that we would not be vulnerable." - Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>deviantART</b> (deviantart.com): LastPass claims site was not vulnerable; Qualys claims currently not vulnerable to Heartbleed attack<br />
<br />
<b>EDJOIN</b> job site (edjoin.org): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>eSellerate Affiliates</b> (affiliates.esellerate.net): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Evernote</b> (evernote.com): company statement - http://discussion.evernote.com/topic/56287-heartbleed/<br />
<br />
<b>F-Secure</b> - see younited<br />
<br />
<b>FamilySearch</b> (familysearch.org / new.familysearch.org): company statement - https://familysearch.org/campaign/heart-bleed - Qualys claims currently not vulnerable to Heartbleed attack (<b>however</b>, see Church of Jesus Christ of Latter-day Saints in the "Change Passwords NOW" section for other LDS sites)<br />
<br />
<b>Frontier Airlines</b> (www.flyfrontier.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>H&R Block</b> (www.hrblock.com) according to CNNMoney, Mashable, and LastPass; statement to Mashable on 9 April 2014: "We are reviewing our systems and currently have found no risk to client data from this issue."<br />
<br />
<b>HealthCare.gov</b> (www.healthcare.gov) according to CNNMoney, Mashable, and LastPass; statement to Mashable: "Healthcare.gov consumer accounts are not affected by this vulnerability."<br />
<br />
<b>Hotmail</b> - see Microsoft<br />
<br />
<b>Hulu</b> (secure.hulu.com) according to CNNMoney and LastPass; filippo.io/Heartbleed also confirms currently unaffected<br />
<br />
<b>iCloud</b> - on CNNMoney's "Don't worry about these" list; see also Apple<br />
<br />
<b>Intuit</b> - see TurboTax<br />
<br />
<b>IRS</b> (irs.gov) according to CNNMoney, LastPass, and IRS statement at http://www.irs.gov/uac/Newsroom/IRS-Statement-on-Heartbleed-and-Filing-Season<br />
<br />
<b>iTunes</b> - on CNNMoney's "Don't worry about these" list; see also Apple<br />
<br />
<b>Kaiser Permanente</b> (kaiserpermanente.org / healthy.kaiserpermanente.org / kp.org): privately stated in an e-mail to me on 13 April 2014 that "We have confirmed that kp.org, the website our members use to manage their care, is not vulnerable to the 'Heartbleed' bug. However, members may want to change their passwords periodically, a practice recommended by many online security experts." - Qualys claims the listed domains are currently not vulnerable to Heartbleed attack; however, it is a bit suspicious that the certificate for healthy.kaiserpermanente.org was reissued on 16 April 2014 after this statement was made - hints at possibly having been affected after all; when I followed up in early May, Kaiser responded, "We use several kinds of encryption protocols, in addition to the version of OpenSSL that has been identified as having the 'Heartbleed' vulnerability. After we learned of the new vulnerability, we immediately began assessing our data network and applying security patches where needed. However, it is important to note that kp.org, the website our members use to manage their care, is not vulnerable to the 'Heartbleed' bug." - it sounds like internal systems were affected and patched, but public-facing sites were not affected<br />
<br />
<b>LinkedIn</b> (www.linkedin.com / www.slideshare.net) told Mashable, "We didn't use the offending implementation of OpenSSL in www.linkedin.com or www.slideshare.net. As a result, HeartBleed does not present a risk to these web properties."<br />
<br />
<b>Mapquest</b>, an AOL company - unaffected according to CNN/CNNMoney; note that parent company AOL is in the "Change Passwords NOW (but make sure you do it while connected to a trusted network)" category but not because of Heartbleed<br />
<br />
<b>McAfee customer login</b> (secure.mcafee.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Microsoft</b> (including <b>Hotmail</b>, <b>MSN</b>, and <b>Outlook.com</b>) according to CNNMoney and CNET<br />
<br />
<b>Monster</b> job search (login.monster.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>MSN</b> - see Microsoft<br />
<br />
<b>National Marrow Donor Program</b> (donors.marrow.org): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Newegg</b> (secure.newegg.com): http://blog.newegg.com/heartbleed-bug-threatens-world-wide-web-newegg-remains-safe/ (Qualys claims currently not vulnerable to Heartbleed attack)<br />
<br />
<b>OpenDNS</b> (opendns.com): http://labs.opendns.com/2014/04/09/hitting-ground-running/ (Qualys claims currently not vulnerable to Heartbleed attack)<br />
<br />
<b>Outlook.com</b> - see Microsoft<br />
<br />
<b>Patreon</b> donation site (www.patreon.com): LastPass says they run OpenSSL 1.0.1e (an affected version), but Qualys claims currently not vulnerable to Heartbleed attack (so presumably the heartbeat feature is disabled), while Filippo.io/Heartbleed can't seem to test the site; Patreon responded to me on 19 April 2014 stating that "Our dev team has run several tests and patreon.com is secure."<br />
<br />
<b>PayPal</b> (www.paypal.com): Trend Micro claims currently not vulnerable to Heartbleed attack; LastPass claims was not previously vulnerable; note that parent company eBay is in the "Change Passwords NOW" category but not because of Heartbleed, and PayPal supposedly wasn't affected by that breach<br />
<br />
<b>Pearson VUE</b> testing site (www1.pearsonvue.com and also www2., www6., www7., www8., and www9.): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>proXPN</b> OpenVPN provider (proxpn.com / support.proxpn.com) according to company statement at https://support.proxpn.com/index.php?/News/NewsItem/View/6/proxpn-and-the-openssl-heartbleed-vulnerability - "your service and personal information is not and was not compromised due to this vulnerability. proXPN was not affected by this vulnerability, and have taken steps to ensure we never will." - another statement at https://twitter.com/proXPN/status/453778527561596928 explains that proXPN uses OpenSSL 1.0.0e which is unaffected; also, filippo.io/Heartbleed claims proXPN's site is currently not vulnerable to Heartbleed attack<br />
<br />
<b>Redbox</b> (www.redbox.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>SAS Institute</b> (sas.com / login.sas.com): LastPass claims these domains were not vulnerable; Qualys claims currently not vulnerable to Heartbleed attack — BUT IS vulnerable to MITM attacks<br />
<br />
<b>Seattle Cancer Care Alliance</b> (www.seattlecca.org / secure.seattlecca.org): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>Spirit Airlines</b> (spirit.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>TaxACT</b> (taxact.com) according to Mashable and LastPass; statement to Mashable: "Customers can update their passwords at any time, although we are not proactively advising them to do so at this time."<br />
<br />
<b>Thriftbooks.com</b> online bookstore (thriftbooks.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>TurboTax</b> by Intuit (myturbotax.intuit.com / support.turbotax.intuit.com) according to CNNMoney, Mashable, and LastPass; filippo.io/Heartbleed also confirms currently unaffected<br />
<br />
<b>U.S. Bank</b> (www.usbank.com) stated to Mashable, "We do not use OpenSSL for customer-facing, Internet banking channels, so U.S. Bank customer data is NOT at risk" (filippo.io/Heartbleed claims currently not vulnerable to Heartbleed attack)<br />
<br />
<b>US Airways</b> (www.usairways.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<b>younited</b> by F-Secure (younited.com): company statement - http://blog.younited.com/2014/04/14/tldr-younited-is-not-vulnerable-to-heartbleed-but-action-may-be-needed/ (Qualys claims currently not vulnerable to Heartbleed attack)<br />
<br />
<b>Zazzle</b> custom design shop (www.zazzle.com): uses Microsoft IIS, not OpenSSL<br />
<br />
<br />
<br />
<b>Further Notes and Explanations</b><br />
<br />
When I say "now's the time to change it," I'm making the assumption that the Heartbleed bug was fixed on the server prior to when the new certificate was reissued. Unfortunately, there doesn't seem to be a good way to tell whether this was the case, so we just have to trust that the sites did these things in the correct order. The worst that could happen is that the old certificate was either never revoked (and thus it's theoretically possible for there to be a MITM) or was revoked after the new certificate was issued (which would mean there was a window when MITM attacks could occur, or MITM attacks could still occur now if your browser isn't checking for certificate revocation).<br />
<br />
The best practice with passwords is to have a <b>strong and completely unique password on every site</b>, and for this reason some prefer to use a trusted, secure password management system. You can either trust someone like LastPass or 1Password to manage passwords for you, or you could roll your own password management solution (for example, on Macs you could create a writable, encrypted disk image using Disk Utility and store all your passwords as folders on that disk, and unmount it whenever you're done retrieving a password from it). <b>I recommend generating passwords with <a href="https://www.grc.com/passwords.htm" target="_blank">https://www.grc.com/passwords.htm</a></b> (an alternative is <a href="https://lastpass.com/generatepassword.php" target="_blank">https://lastpass.com/generatepassword.php</a> but it's not my personal preference)<br />
<br />
Also, when I say, "<b>certificate appears NOT to have been reissued after Heartbleed publicly disclosed (although it might have been rekeyed while retaining the same date) - theoretically may be spoofable by a MITM</b>," I haven't verified whether the old certificate was just rekeyed instead of being reissued (and I'm not aware of an easy way to verify this). According to Filippo Valsorda at http://filippo.io/Heartbleed/faq.html - "a certificate can be re-keyed without dates being updated, and many CAs are doing this." To clarify, "<b>theoretically may be spoofable by a MITM</b>" means that a third party between you and the actual site (a "man in the middle") could intercept the connection without you knowing it. Another possible attack that has been demonstrated is that a stolen certificate can be used in conjunction with an attack on DNS (e.g. a HOSTS file redirect or DNS cache poisoning) to enable a fraudulent site (for example a phishing page) to appear perfectly valid and legitimate to the browser (jump to about 1:20:22 and watch/listen until about 1:25:21 in Security Now 451 at <a href="http://twit.tv/sn451" target="_blank">http://twit.tv/sn451</a> or see page 7 of the show notes <a href="https://www.grc.com/sn/sn-451-notes.pdf" target="_blank">https://www.grc.com/sn/sn-451-notes.pdf</a>).<br />
<br />
Lastly, and I haven't seen anyone else discuss this yet, sites that are <i>currently</i> running Microsoft IIS or some other unaffected platform may have been running an affected version of OpenSSL <i>sometime within the past two years</i>, and it would be difficult to find out without directly asking the system administrators for each site (and hoping they respond; I'm surprised that major news sites like CNET evidently never got a response from several major companies). Obviously, that's a lot of work, but I'd guess that in most cases we can assume that if a site is running IIS now then they likely were running it prior to the discovery of the Heartbleed bug.<br />
<br />
<br />
<b>Other Lists of Current/Past Allegedly Affected Sites</b><br />
<br />
<a href="http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/" rel="nofollow" target="_blank">http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/</a><br />
<a href="http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/" rel="nofollow" target="_blank">http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/</a><br />
<a href="http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/" rel="nofollow" target="_blank">http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/</a><br />
<a href="https://gist.github.com/dberkholz/10169691" rel="nofollow" target="_blank">https://gist.github.com/dberkholz/10169691</a><br />
<a href="http://www.ragic.com/heartbleed/heartbleed/1" rel="nofollow" target="_blank">http://www.ragic.com/heartbleed/heartbleed/1</a><br />
<a href="http://www.netskope.com/blog/heartbleed-remediation-status-for-enterprise-cloud-apps/" rel="nofollow" target="_blank">http://www.netskope.com/blog/heartbleed-remediation-status-for-enterprise-cloud-apps/</a> (enterprise cloud apps; continues to be updated as of early May 2014)<br />
<br />
<br />
<br />
<b>Test Pages - How to Check Whether a Site Is/Was Vulnerable</b><br />
<br />
For many of the domains in the lists above (particularly those that weren't on a list of reportedly affected sites, as far as I knew), I first used the LastPass Heartbleed Checker first, and then followed up by testing with Qualys SSL Labs (or occasionally another site if I was short on time). For most of the sites that were already on someone else's list as reportedly vulnerable, I mostly just tested with SSL Labs to see if they were still vulnerable. If Qualys SSL Labs then identified a site as vulnerable to Heartbleed (which only happened a couple times), I double-checked those domains with Filippo Valsorda's Heartbleed test page for an additional confirmation.<br />
<br />
Note that in some jurisdictions, scanning another site with one of these tools may be considered illegal. You may wish to check your local laws or consult with a lawyer before conducting any tests on a site you don't own. Remember, you can always contact the site's support and ask them whether their site has ever been affected by the Heartbleed vulnerability.<br />
<br />
<b>If you're testing sites on your own</b> (especially domains not listed in this article), I recommend using <b>LastPass Heartbleed Checker</b> first, then <b>Qualys SSL Labs</b> second. To check e-mail servers (IMAP or SMTP), also use <b>1Password Watchtower</b> third. If it isn't clear whether a site may have been vulnerable in the past, contact the site and ask.<br />
<br />
<a href="https://lastpass.com/heartbleed/" target="_blank">https://lastpass.com/heartbleed/</a> (<b>LastPass Heartbleed Checker</b>; includes notes about <b>past Heartbleed status</b> of some domains; lists <b>certificate validity dates</b>)<br />
<br />
<a href="https://www.ssllabs.com/ssltest/index.html" target="_blank">https://www.ssllabs.com/ssltest/index.html</a> (<b>Qualys SSL Labs</b>; comprehensive SSL/TLS tests including <i>current</i> Heartbleed status; lists <b>certificate validity dates</b>; does <i>NOT</i> include notes about past Heartbleed status of domains; <b>also notifies if a site might be vulnerable to MITM attacks</b> for other reasons)<br />
<br />
<a href="https://filippo.io/Heartbleed/" target="_blank">https://filippo.io/Heartbleed/</a> (<b>Filippo Valsorda's Heartbleed Test</b>; only tests <i>current</i> Heartbleed status; does <i>NOT</i> include notes about past Heartbleed status of domains)<br />
<br />
<a href="https://www.directpass.com/heartbleeddetector" target="_blank">https://www.directpass.com/heartbleeddetector</a> (<b>Trend Micro Heartbleed Detector</b>; like Filippo.io, it only tests <i>current</i> Heartbleed status; does <i>NOT</i> include notes about past Heartbleed status of domains)<br />
<br />
<a href="https://watchtower.agilebits.com/" target="_blank">https://watchtower.agilebits.com</a> (<b>1Password Watchtower</b>; some status messages and recommendations on this site can be a bit confusing, but on the positive side, this service <b>checks Secure IMAP and SMTP servers</b> on ports 993 and 465 (not just HTTPS on port 443 like the other sites); only tests <i>current</i> Heartbleed status; does <i>NOT</i> include notes about past Heartbleed status of domains)<br />
<br />
<br />
<br />
<b>UPDATE, 15 May 2014:</b> Moved Bitly to the list of passwords to change immediately (the site was recently hacked, unrelated to Heartbleed). Added link to Robert Graham's recent finding that 300,000 servers are still vulnerable.<br />
<br />
<b>UPDATE, 21 May 2014:</b> Added eBay to the list of passwords to change immediately (the site was recently hacked, unrelated to Heartbleed). Added PayPal to Known Safe section. Hat tip: Graham Cluley <a href="http://grahamcluley.com/2014/05/ebay-confirms-security-breach-users-asked-change-passwords/" target="_blank">http://grahamcluley.com/2014/05/ebay-confirms-security-breach-users-asked-change-passwords/</a><br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, and follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> and <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-7464704879675427152014-05-05T06:40:00.001-07:002017-10-18T12:33:12.344-07:00Windows XP's Death: Good Time to Switch to Apple?<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzs4HxRAyjtxcEIuNpSLM8TWH7TOHyvFoOMCHeq2AWnWf1KGOlPsfxWlHMPUtKQQfbqNeaUz8kLWkr2FkWn_e7pDbojiZL6_hcWAjrsr1nwWC1FIFBTEJ9FlsbqOrQws8iRnnaeFWl6qfh/s1600/AppleSuperimposingWindowsXP.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimlxCVWUaIChQXRbcaT92XNOFY2tZafkoFaS1YGwX47scEtBVt2Jk5-MhoDfiMq2y_JwyEEB8FMPKs-e5s5i6fU3DFgO4Pn5ZllBEvLFRR0MJi_IQTGdCwD4qYmALJlzssPboEQhxNORw8/s1600/TrashingXPForiPad.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimlxCVWUaIChQXRbcaT92XNOFY2tZafkoFaS1YGwX47scEtBVt2Jk5-MhoDfiMq2y_JwyEEB8FMPKs-e5s5i6fU3DFgO4Pn5ZllBEvLFRR0MJi_IQTGdCwD4qYmALJlzssPboEQhxNORw8/s1600/TrashingXPForiPad.png" height="182" width="200" /></a></div>
Last month after Microsoft officially ended support for Windows XP and the company declared (somewhat misleadingly, <a href="http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released-to-address-recent-internet-explorer-vulnerability.aspx">it turns out</a>) that it would never again release any more security updates for the nearly 13-year-old operating system, I wrote an article to help users decide whether it might be a good time to switch to an Apple product, especially a Mac or an iPad. Read the article, published by Intego at The Mac Security Blog:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/windows-xps-death-good-time-to-switch-to-apple/">Windows XP's Death: Good Time to Switch to Apple?</a><br />
<br />
Of course, if you're geeky enough (or on a particularly tight budget), you could keep your old PC hardware and switch to Linux instead.<br />
<br />
And don't forget, if you dual-boot your Mac or use Windows XP in a virtual machine (for example, Parallels Desktop, VMWare Fusion, or Oracle VirtualBox), it might be a good idea to upgrade to a currently supported version of Windows.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-13800153732988330802014-05-05T06:25:00.001-07:002017-10-18T12:34:00.012-07:00What to Do if Your Mac Can't Run OS X Mavericks<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaAL9npR4VuGDFEETzSMuh_RK1f-TYfHy10ik9eoBm0Cj-lvbmlqRY7PFP_A2YcQhuIHQjE7SimJ5dW7eKxaR4v-BnbybVVt5T4EP5WNL9brFJMQArr5kzpVbHh96TtnjHDbNSqGFVPMM_/s1600/OSXMavericksLogo-400x400.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaAL9npR4VuGDFEETzSMuh_RK1f-TYfHy10ik9eoBm0Cj-lvbmlqRY7PFP_A2YcQhuIHQjE7SimJ5dW7eKxaR4v-BnbybVVt5T4EP5WNL9brFJMQArr5kzpVbHh96TtnjHDbNSqGFVPMM_/s1600/OSXMavericksLogo-400x400.png" height="200" width="200" /></a></div>
On the day after Mac OS X v10.9 Mavericks' public release in October 2013, I updated my extremely popular "What to Do if Your Mac Can't Run Mountain Lion" article and released a new version that applies to Mavericks.<br />
<br />
If you've been trying to figure out whether your Mac is upgradeable, or if you already know it won't run OS X Mavericks and are wondering if there's anything you can do about it, check out my article over at The Mac Security Blog by Intego:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/what-to-do-if-your-mac-cant-run-os-x-mavericks/" target="">What to Do if Your Mac Can't Run OS X Mavericks</a><br />
<br />
<br />
Another article I wrote at the end of August 2013 describes Apple's most recent update to its XProtect "Safe Downloads List" at the time, which bumped the minimum allowed versions of the Oracle Java browser plug-in:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/apple-updates-xprotect-to-block-vulnerable-java-versions/">Apple Updates XProtect to Block Vulnerable Java Versions</a><br />
<br />
Since that article was published, the minimum allowed version of the Adobe Flash Player browser plug-in was increased to 11.8.800.94 on September 10th and again to 12.0.0.44 on February 5th. Although critical security updates have been released for Flash Player since then, Apple still has not increased the minimum allowed version of Flash Player. The current version as of today is 13.0.0.206, which was released one week ago on April 28, 2014 to patch a <a href="http://helpx.adobe.com/security/products/flash-player/apsb14-13.html" rel="nofollow" target="_blank">critical zero-day vulnerability</a> that was actively being exploited in the wild on Windows systems.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="https://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-10446987046717133012013-08-07T05:06:00.000-07:002013-08-08T15:24:41.964-07:00"Hack Facebook" Site Hacks You Instead! On Blog Spam and SMS ScamsSpammers will do anything to drive traffic to their sites, from sending unsolicited e-mail to posting links on Facebook, Twitter, or Pinterest. They even try to leave spammy comments on popular news sites and blogs.<br />
<br />
I find it somewhat amusing when spammers attempt to leave comments on my articles here at <b>the JoshMeister on Security</b>. Usually these attempted spam comments aren't noteworthy enough to merit any mention on this site, for example most diet drug spam or other run-of-the-mill unsolicited advertisements. But this time, someone attempted to link to a site that supposedly allows you to "hack a Facebook account."<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiAouf6C8uBUCDTfvu3ZP1aH5jpm0OcjnsHFrMTyKjPcLW8-rc8z45hAPvTbGdOkWvXTWUfTlIwy8DtYWyPw8AgXhYDxyKw3xQXi15prS_XM8-IPUKrLjB5YKoyBu3KDrRqS2czTAYEMKp/s1600/pirater-face_com-screenshot-20130803234749.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiAouf6C8uBUCDTfvu3ZP1aH5jpm0OcjnsHFrMTyKjPcLW8-rc8z45hAPvTbGdOkWvXTWUfTlIwy8DtYWyPw8AgXhYDxyKw3xQXi15prS_XM8-IPUKrLjB5YKoyBu3KDrRqS2czTAYEMKp/s1600/pirater-face_com-screenshot-20130803234749.png" width="360" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><i>pirater-face(dot)com, translated from French; click to enlarge</i></td></tr>
</tbody></table>
<span id="goog_1539360863"></span><span id="goog_1539360864"></span><br />
I've written an article (published at The Mac Security Blog on antivirus firm Intego's site) about my investigation into the various ways this site tries to scam you:<br />
<br />
<b><a href="http://www.intego.com/mac-security-blog/facebook-hacking-site-leads-to-costly-sms-scam" target="_blank">"Facebook Hacking Site" Leads to Costly SMS Scam</a> </b><br />
<br />
In short, the site tricks wannabe hackers into sending texts to a <b>premium SMS</b> number (81073), which leads to charges on their next phone bill. The site may also collect login details that could later be used to try to hack into the would-be hacker's various online accounts (Facebook or otherwise), and of course once the spammers have your phone number they might also send you text message spam (or sell your number to other spammers). Be sure to read the <a href="http://www.intego.com/mac-security-blog/facebook-hacking-site-leads-to-costly-sms-scam" target="_blank">full article</a> for all the juicy details.<br />
<br />
If you don't wish to ever fall victim to a premium text messaging scam, some of the most important things you can do are to avoid visiting sketchy sites, be extremely careful about giving out your mobile phone number, and don't send text messages or replies to spammers.<br />
<br />
Some mobile phone service providers like Verizon allow you to <b>opt out of premium text messages</b>, or if nothing else you can dispute charges that you have received. Here are instructions for the most popular providers in the United States; <b>please post a comment to share opt-out instructions or billing contact info</b> for major mobile phone service providers outside the U.S.:<br />
<ul>
<li><b>AT&T:</b> Forward spam messages to 7726 (SPAM); call 1-800-331-0500 to dispute any charges; <a href="https://www.att.com/esupport/article.jsp?sid=KB115812" target="_blank">more info</a><br /> </li>
<li><b>Sprint:</b> Individual short codes can be added to a block list; see the "Blocking text messages" section toward the bottom at <a href="http://www.sprint.com/premiummessaging" target="_blank">sprint.com/premiummessaging</a>; presumably to dispute any charges you would have to call 1-888-211-4727 to speak with a representative<b><br /> </b></li>
<li><b>T-Mobile (U.S.):</b> Forward spam messages to 7726 (SPAM); <a href="https://support.t-mobile.com/docs/DOC-2747" target="_blank">more info</a>; presumably to dispute any charges you would have to call 1-877-746-0909 to speak with a representative<br /> </li>
<li><b>Verizon Wireless:</b> Premium SMS can be blocked, and this must be done for each device on your account; see the list of instructions for <a href="https://support.verizonwireless.com/faqs/Premium_TXT_and_MMS/faq_premium_txt_and_mms.html#item5" target="_blank">opting out of Premium Messaging</a>; presumably to dispute any charges you would have to call 1-800-922-0204, or 1-888-294-6804 if you're a prepaid customer<br /> </li>
<li>Regardless of your cell phone provider, you may want to add your phone number to the <b>National Do Not Call Registry</b> at <a href="https://donotcall.gov/" target="_blank">donotcall.gov</a></li>
</ul>
<br />
<b>If you own or operate a blog or news site, what can you do to prevent spammers from leaving comments on your site?</b> Depending on the site, you may have any of a variety of options.<br />
<br />
The most foolproof, assuming you're good at recognizing spam and that you don't get an overwhelming volume of comments, is to enable <b>comment moderation</b>. This usually means that you or another site administrator, editor, or moderator will have to manually approve all new comments before they appear on your site. (In the case of the Facebook-hacking spam, the attempt to post the comment was blocked thanks to moderation being enabled. I saw the contents of the comment and was able to mark it as spam and prevent it from ever appearing on this site.)<br />
<br />
You can also implement features such as <b>requiring commenters to log in</b> to a blog/comment platform, or with an OpenID. Put another way, you can <b>disable anonymous commenting</b>. This may not necessarily be the best option for your site or blog, depending on your content and the type of people who might be interested in posting legitimate comments. Requiring commenters to log in may deter some spammers, but it could also inadvertently scare off some privacy-conscious humans as well. (Incidentally, the Facebook-hacking spam attempt came from a logged-in Blogger/Google+ account; read the next section below for details.)<br />
<br />
Another option is to require commenters to type the words from a <b>CAPTCHA</b> or a similar test to try to prove that the commenter is a human rather than an automated program (a spam bot). One potential problem with CAPTCHA-like systems is accessibility; regardless of whether you try to decipher the default visual code or listen to an audio variation for the visually impaired, some humans find the task tedious or frustrating and may avoid posting legitimate comments because of it. Furthermore, some spammers would be willing to type in a CAPTCHA to spread their spam instead of (or in addition to) using a spam bot to spray comments all over the Web.<br />
<br />
If your blog or news site uses WordPress and you get a high volume of spam, you may consider using a WP add-on like <a href="https://akismet.com/" target="_blank">Akismet</a> or <a href="https://wordpress.org/plugins/bad-behavior/" target="_blank">Bad Behavior</a>; see also <a href="http://www.problogger.net/archives/2011/06/07/how-to-keep-your-blog-hacker-spammer-and-spyware-free/" rel="nofollow" target="_blank">this article</a> by F-Secure's Sean Sullivan (<a href="https://twitter.com/5ean5ullivan" target="_blank">@5ean5ullivan</a>) for more WordPress security and anti-spam tips.<br />
<br />
<br />
<b>So what about this particular spam and the person who posted it?</b> The spammer was signed in with a Google account registered to an "Elizabeth J. Neal" (most likely not the spammer's real name). The Blogger profile URL (http://www.blogger.com/profile/01824134730760179008) redirects to a Google+ account (https://plus.google.com/117406979534609059211). The account has been submitting spammy posts linking to various dubious-looking sites since May 1, 2013 (mistakenly assuming in every post that links on Google+ are made using HTML "a href" tags, when it should have been clear after the first post that Google+ creates a link automatically whenever there's a URL in a post; this leads me to wonder whether the Google+ account is operated by a bot rather than a human).<br />
<br />
The same account has successfully left spam comments on various blog sites in May, June, July, and August. In some cases, the spammer returned to previously spammed blogs and posted a second comment at a later date.<br />
<br />
I blocked the Google+ profile and reported it to Google as a spam account, but so far Google does not appear to have taken any action.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rYiskplpptU/UYC8xKTHofI/AAAAAAAAABM/1bYeYtCglXk/w366-h368-no/images.jpeg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="150" src="http://2.bp.blogspot.com/-rYiskplpptU/UYC8xKTHofI/AAAAAAAAABM/1bYeYtCglXk/w366-h368-no/images.jpeg" width="150" /></a></div>
The user's Google+ profile picture is in reality a photograph of <a href="https://www.facebook.com/marykillman/photos_stream" target="_blank">Mary Killman</a>, an American synchronized swimmer who competed in the 2012 Summer Olympics in London. (I've also reported the account to Google for celebrity impersonation, but given that the account name doesn't match the celebrity photo, I'm not sure whether Google's spam team will recognize this as a celebrity impostor.)<br />
<br />
It's not uncommon for spammers and scammers to use photographs of other people, including celebrities; see the comments posted by "Yip Man" and myself on <a href="http://nakedsecurity.sophos.com/2012/11/15/tns24-courier-company/" target="_blank">this Sophos article</a> written by Graham Cluley (<a href="https://twitter.com/gcluley" target="_blank">@gcluley</a>) in November 2012.<br />
<br />
Incidentally, there's a Facebook account (https://www.facebook.com/profile.php?id=100005859514726) with exactly the same name and profile photo as the Google+ account. The account was created on May 4, 2013, just a few days after the Google+ account started posting spam.<br />
<br />
The site to which this particular spam comment attempted to link was pirater-face .com (see the <a href="https://www.mywot.com/en/scorecard/pirater-face.com" target="_blank">Web of Trust report</a>). This site already had a "red" rating on WOT because hpHosts blacklisted it on July 20th in its "fraudulent software and websites" category. <a href="http://www.urlvoid.com/scan/pirater-face.com/" target="_blank">According to URLVoid</a>, only one other blacklist currently seems to be blocking this domain, namely Spamhaus DBL (Domain Block List).<br />
<br />
Stay safe out there, and avoid visiting sites to which spam links!<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-69241214905363430492013-06-28T09:38:00.000-07:002013-06-29T01:28:37.560-07:00"Garcinia Cambogia" Spam on Twitter, Facebook, Pinterest, and Tumblr<a href="https://jannefi.wordpress.com/2013/06/27/about-the-twitter-diet-spam/" target="_blank">Janne Ahlberg</a> and <a href="http://grahamcluley.com/2013/06/another-day-another-round-of-diet-spam-on-twitter/" target="_blank">Graham Cluley</a> have reported on the latest round of diet drug spam being advertised on sites like Twitter, Facebook, Pinterest, and Tumblr.<br />
<br />
Sites involved with this spam campaign purport to be Women's Health
Magazine's site and use deceptive subdomains. The sites falsely imply endorsement by Dr.
Oz by auto-playing a video segment from his television show about "garcinia cambogia extract."<br />
<br />
The following domains have been advertised via spam bots and hacked accounts. Note that these links lead to the Web of Trust report for each site, and that some of these domains have been blacklisted by SURBL.<br />
<br />
<a href="https://www.mywot.com/en/scorecard/com-10.us" target="_blank">https://www.mywot.com/en/scorecard/com-10.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-11.us" target="_blank">https://www.mywot.com/en/scorecard/com-11.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-14.us" target="_blank">https://www.mywot.com/en/scorecard/com-14.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-15.us" target="_blank">https://www.mywot.com/en/scorecard/com-15.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-16.us" target="_blank">https://www.mywot.com/en/scorecard/com-16.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-17.us" target="_blank">https://www.mywot.com/en/scorecard/com-17.us</a><br />
<a href="https://www.mywot.com/en/scorecard/msnbc.msn.com-april.us" target="_blank">https://www.mywot.com/en/scorecard/msnbc.msn.com-april.us</a><br />
<a href="https://www.mywot.com/en/scorecard/msn.com-april.us" target="_blank">https://www.mywot.com/en/scorecard/msn.com-april.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-april.us" target="_blank">https://www.mywot.com/en/scorecard/com-april.us</a><br />
<a href="https://www.mywot.com/en/scorecard/womenshealthmag.com-may.us" target="_blank">https://www.mywot.com/en/scorecard/womenshealthmag.com-may.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-may.us" target="_blank">https://www.mywot.com/en/scorecard/com-may.us</a><br />
<a href="https://www.mywot.com/en/scorecard/com-june.us" target="_blank">https://www.mywot.com/en/scorecard/com-june.us</a><br />
<a href="https://www.mywot.com/en/scorecard/womenshealth.com-ar1.info" target="_blank">https://www.mywot.com/en/scorecard/womenshealth.com-ar1.info</a><br />
<a href="https://www.mywot.com/en/scorecard/com-ar1.info" target="_blank">https://www.mywot.com/en/scorecard/com-ar1.info</a><br />
<a href="https://www.mywot.com/en/scorecard/com-ar2.info" target="_blank">https://www.mywot.com/en/scorecard/com-ar2.info</a><br />
<a href="https://www.mywot.com/en/scorecard/com-ar3.info" target="_blank">https://www.mywot.com/en/scorecard/com-ar3.info</a><br />
<a href="https://www.mywot.com/en/scorecard/com-article-diet.net" target="_blank">https://www.mywot.com/en/scorecard/com-article-diet.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-articles-diet.net" target="_blank">https://www.mywot.com/en/scorecard/com-articles-diet.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-expo.in" target="_blank">https://www.mywot.com/en/scorecard/com-expo.in</a><br />
<a href="https://www.mywot.com/en/scorecard/healthywomen.com-garcinia-diet.net" target="_blank">https://www.mywot.com/en/scorecard/healthywomen.com-garcinia-diet.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-garcinia-diet.net" target="_blank">https://www.mywot.com/en/scorecard/com-garcinia-diet.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-gc.net" target="_blank">https://www.mywot.com/en/scorecard/com-gc.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-lifestyle-article.net" target="_blank">https://www.mywot.com/en/scorecard/com-lifestyle-article.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-mgc.pw" target="_blank">https://www.mywot.com/en/scorecard/com-mgc.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/com-mgc1.pw" target="_blank">https://www.mywot.com/en/scorecard/com-mgc1.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/com-wen.pw" target="_blank">https://www.mywot.com/en/scorecard/com-wen.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/net-10.us" target="_blank">https://www.mywot.com/en/scorecard/net-10.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-11.us" target="_blank">https://www.mywot.com/en/scorecard/net-11.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-12.us" target="_blank">https://www.mywot.com/en/scorecard/net-12.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-13.us" target="_blank">https://www.mywot.com/en/scorecard/net-13.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-14.us" target="_blank">https://www.mywot.com/en/scorecard/net-14.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-15.us" target="_blank">https://www.mywot.com/en/scorecard/net-15.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-16.us" target="_blank">https://www.mywot.com/en/scorecard/net-16.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-17.us" target="_blank">https://www.mywot.com/en/scorecard/net-17.us</a><br />
<a href="https://www.mywot.com/en/scorecard/net-18.us" target="_blank">https://www.mywot.com/en/scorecard/net-18.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-10.us" target="_blank">https://www.mywot.com/en/scorecard/org-10.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-11.us" target="_blank">https://www.mywot.com/en/scorecard/org-11.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-12.us" target="_blank">https://www.mywot.com/en/scorecard/org-12.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-13.us" target="_blank">https://www.mywot.com/en/scorecard/org-13.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-14.us" target="_blank">https://www.mywot.com/en/scorecard/org-14.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-15.us" target="_blank">https://www.mywot.com/en/scorecard/org-15.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-16.us" target="_blank">https://www.mywot.com/en/scorecard/org-16.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-17.us" target="_blank">https://www.mywot.com/en/scorecard/org-17.us</a><br />
<a href="https://www.mywot.com/en/scorecard/org-18.us" target="_blank">https://www.mywot.com/en/scorecard/org-18.us</a><br />
<a href="https://www.mywot.com/en/scorecard/miraclegarciniacambogia.com" target="_blank">https://www.mywot.com/en/scorecard/miraclegarciniacambogia.com</a><br />
<a href="https://www.mywot.com/en/scorecard/womenshealth.com-c.pw" target="_blank">https://www.mywot.com/en/scorecard/womenshealth.com-c.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/twitter.com-c.pw" target="_blank">https://www.mywot.com/en/scorecard/twitter.com-c.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/com-c.pw" target="_blank">https://www.mywot.com/en/scorecard/com-c.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/womenshealth.com-lot.pw" target="_blank">https://www.mywot.com/en/scorecard/womenshealth.com-lot.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/com-lot.pw" target="_blank">https://www.mywot.com/en/scorecard/com-lot.pw</a><br />
<a href="https://www.mywot.com/en/scorecard/loseweight.com-06-24-12.net" target="_blank">https://www.mywot.com/en/scorecard/loseweight.com-06-24-12.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-06-24-12.net" target="_blank">https://www.mywot.com/en/scorecard/com-06-24-12.net</a><br />
<a href="https://www.mywot.com/en/scorecard/weightloss.com-0624.net" target="_blank">https://www.mywot.com/en/scorecard/weightloss.com-0624.net</a><br />
<a href="https://www.mywot.com/en/scorecard/com-0624.net" target="_blank">https://www.mywot.com/en/scorecard/com-0624.net</a><br />
<a href="https://www.mywot.com/en/scorecard/net-2.us" target="_blank">https://www.mywot.com/en/scorecard/net-2.us</a><br />
<a href="https://www.mywot.com/en/scorecard/cnbc.com-ar2.info" target="_blank">https://www.mywot.com/en/scorecard/cnbc.com-ar2.info</a> (added 29 June 2013)<br />
<a href="https://www.mywot.com/en/scorecard/com-indexrx.us" target="_blank">https://www.mywot.com/en/scorecard/com-indexrx.us</a> (added 29 June 2013)<br />
<a href="https://www.mywot.com/en/scorecard/com-mo.com" target="_blank">https://www.mywot.com/en/scorecard/com-mo.com</a> (added 29 June 2013)<br />
<br />
<br />
Never attempt to buy products from spam-advertised sites. You wouldn't entrust your credit card information to a shady drug dealer on the street; spam sites are the online equivalent.<br />
<br />
You may notice this spam campaign's use of the uncommon ".pw" top-level domain. Registration of .pw domains opened to the general public three months ago. <a href="https://en.wikipedia.org/wiki/.pw" target="_blank">According to Wikipedia</a>, .pw was originally intended for sites from the island nation of Palau, and it is currently being branded as short for "Professional Web."<br />
<br />
Please refer to <a href="https://jannefi.wordpress.com/2013/06/27/about-the-twitter-diet-spam/" target="_blank">Janne's article</a> for further updates as this spam campaign continues.<br />
<br />
Janne has also written a <a href="https://jannefi.wordpress.com/2013/06/28/how-diet-spammers-hijacked-twitter-accounts/" target="_blank">separate article</a> about how he believes user accounts may have been hijacked (through phishing sites hosted on the same domains).<br />
<br />
See also other articles I've written on the topic of <a href="http://security.thejoshmeister.com/search/label/spam">spam</a>, including an article about <a href="http://security.thejoshmeister.com/2013/01/hacked-e-mails-and-web-sites-pushing.html">weight loss drug spam e-mails</a> and an article about <a href="http://security.thejoshmeister.com/2012/07/on-mac-and-ios-security-twitter-hack.html">fake CNBC news sites spamvertized on Twitter</a>.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-87988507504355773152013-06-03T23:59:00.000-07:002013-06-29T00:59:29.031-07:00Camino Canceled: Mac Browser Calls It Quits<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ugc8bRIqd9W8DjrPLHd7FH41PV_31HBwSVvV9bQigbXXqowP6ezv8TGK6Bl2HFULWtsqIX0FUK-y-8rHNLYzg2Hq67FPpWJL5BmI8-fU2YBi7uo8bzqMlNo0TqPuju4tKiJ8Yy9_5tKh/s512/Camino_icon.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ugc8bRIqd9W8DjrPLHd7FH41PV_31HBwSVvV9bQigbXXqowP6ezv8TGK6Bl2HFULWtsqIX0FUK-y-8rHNLYzg2Hq67FPpWJL5BmI8-fU2YBi7uo8bzqMlNo0TqPuju4tKiJ8Yy9_5tKh/s200/Camino_icon.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="200" /></a></div>
The developers of <a href="http://caminobrowser.org/" target="_blank">Camino</a>, a Mac-exclusive Web browser that has been around since 2002, have announced that the browser has reached its end of life.<br />
<br />
Camino was the last relatively popular browser to support Mac OS X v10.4 Tiger and v10.5 Leopard, operating systems which Apple is no longer patching. The current versions of Chrome, Firefox, and Safari do not support Tiger or Leopard.<br />
<br />
The relatively obscure <a href="http://www.floodgap.com/software/tenfourfox/" target="_blank">TenFourFox</a> browser, designed specifically to run on now-unsupported PowerPC-based (G3, G4, and G5) Macs, is the last remaining browser that's being actively updated for unsupported versions of Mac OS X.<br />
<br />
Meanwhile, online ad network Chitika <a href="https://chitika.com/os-x-version-distribution" rel="nofollow" target="_blank">reported</a> in March that Leopard and Tiger are installed on approximately 10% of Macs used online in North America. Mac OS X v10.6 Snow Leopard had the largest share at roughly 35%, trumping the newer Lion and Mountain Lion operating systems at approximately 28% and 27% respectively:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUOULxIli1-V0_hPLIAXx5MMYvzvnAIqHBXVeF010jAvTFAKhtmOzJoymlhA672ihAUyidu-8i5NQH0_HzW_yVu1r6RMNykti5jZjFPjerwz7XXJmPLQZ_XxuzJnvOBZJEJE2Uv4MdYuRd/s664/ChitikaNorthAmericanOSXVersionDistribution201303.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="365" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUOULxIli1-V0_hPLIAXx5MMYvzvnAIqHBXVeF010jAvTFAKhtmOzJoymlhA672ihAUyidu-8i5NQH0_HzW_yVu1r6RMNykti5jZjFPjerwz7XXJmPLQZ_XxuzJnvOBZJEJE2Uv4MdYuRd/s400/ChitikaNorthAmericanOSXVersionDistribution201303.png" width="400" /></a></div>
<br />
<br />
At this time it is unknown whether Apple will continue to issue security patches for Snow Leopard after the upcoming release of OS X v10.9.<br />
<br />
For more details, please read my <a href="http://www.intego.com/mac-security-blog/camino-canceled-mac-browser-calls-it-quits/" target="_blank">full article</a> at The Mac Security Blog on Intego's site.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-90777364614041029952013-04-09T07:00:00.000-07:002013-04-17T04:18:03.162-07:00Windows XP Death Watch: 365 Days RemainingThe XPocalypse cometh? Let's hope not, but be prepared just in case.<br />
<br />
<b>There's just one year left until Microsoft pulls the plug on Windows XP security updates.</b><br />
<br />
Microsoft has announced no plans to change course, in spite of the fact that the now three-generations-old desktop OS is still number two in terms of active installed base, commanding nearly 39% of the market while Windows 7 holds the top spot at just under 45%.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRU2Yyt3A3hExuIzZnm0q1TS7Cfs8X95j3RkwYpp8XK6jC_H30JGKJG_jRHv1yFjg0M1Dx77rKAEnALwEiiqTr8T_VKBstxsOv9v62D7po0yWfVydu9Gk83qyVl2ZPodveFM3ACrLYuwUo/s1600/DesktopOSMarketShare201304.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRU2Yyt3A3hExuIzZnm0q1TS7Cfs8X95j3RkwYpp8XK6jC_H30JGKJG_jRHv1yFjg0M1Dx77rKAEnALwEiiqTr8T_VKBstxsOv9v62D7po0yWfVydu9Gk83qyVl2ZPodveFM3ACrLYuwUo/s1600/DesktopOSMarketShare201304.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i>Image credit: <a href="http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=11" rel="nofollow" target="_blank">Net Applications</a></i></span> </div>
<br />
For more on this subject, see my full article at the award-winning Sophos Naked Security blog:<br />
<a href="http://nakedsecurity.sophos.com/2013/04/08/windows-xp-death-watch-365/" target="_blank"><br /></a>
<a href="http://nakedsecurity.sophos.com/2013/04/08/windows-xp-death-watch-365/" target="_blank">Windows XP death watch: 365 days remaining</a><br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-40174135855667894392013-03-18T07:00:00.000-07:002013-03-18T08:50:44.126-07:00Apple Shocks Security World with Safari 5.1.8 for Snow LeopardIn my latest article for The Mac Security Blog, I wrote about the surprise release of Safari 5.1.8 for Snow Leopard.<br />
<br />
Apple silently included the Safari update as part of <a href="http://support.apple.com/kb/HT5672" target="_blank">Security Update 2003-001</a>. Prior to this update, Safari had remained at version 5.1.7 for 10 months while only Safari 6.0 (available exclusively for Lion and Mountain Lion) had been updated.<br />
<br />
Apple has not made any mention of Safari 5.1.8 anywhere on its site, so it's unclear whether the new version patches the same 201 vulnerabilities that have been patched from Safari 6.0 to 6.0.3.<br />
<br />
Meanwhile, Apple continues to leave Safari for Windows languishing at version 5.1.7.<br />
<br />
For more information and screenshots, see the full article:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/apple-shocks-security-world-with-safari-5-1-8-for-snow-leopard/" target="_blank">Apple Shocks Security World with Safari 5.1.8 for Snow Leopard</a><br />
<br />
It's worthy of mention that I was the first journalist to notice and write about Safari 5.1.8.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-90625672881921620172013-02-04T17:00:00.000-08:002013-03-18T07:58:29.245-07:00Apple Releases Java 6u39 (and 41, and 43) for Snow Leopard; Still No Safari PatchesOn February 1, Apple released Java 6 Update 39 for Snow Leopard users as "<a href="http://support.apple.com/kb/HT5647" target="_blank">Java for Mac OS X v10.6 Update 12</a>."<br />
<br />
Ironically, even though Apple continues to update this third-party component, Apple continues to be negligent in releasing any security updates for its own Safari browser that shipped with Snow Leopard.<br />
<br />
Snow Leopard's version of Safari has been stuck at version 5.1.7 since May 9, 2012. This version has been publicly known to be insecure since the release of Safari 6.0 for Lion and Mountain Lion in July 2012.<br />
<br />
For more details, see my latest article at The Mac Security Blog:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/apple-releases-java-6u39-for-snow-leopard-still-no-safari-patches/">Apple Releases Java 6u39 for Snow Leopard; Still No Safari Patches</a><br />
<br />
<b>UPDATE 1:</b> On February 19, Apple released Java 6 Update 41 as "<a href="http://support.apple.com/kb/HT5666" target="_blank">Java for Mac OS X v10.6 Update 13</a>." Still no Safari update for Snow Leopard.<br />
<br />
<b>UPDATE 2:</b> On March 4, Apple has released Java 6 Update 43 as "<a href="http://support.apple.com/kb/HT5677" target="_blank">Java for Mac OS X v10.6 Update 14</a>." Still no Safari update for Snow Leopard.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-80358281570812437432013-01-19T06:48:00.000-08:002013-01-19T06:48:32.370-08:00Hacked E-mails and Web Sites Pushing Weight Loss Drug Spam, Round 2Six months ago, in July 2012, I wrote about "<a href="http://security.thejoshmeister.com/2012/07/hacked-e-mails-and-web-sites-pushing.html">Hacked E-mails and Web Sites Pushing Weight Loss Drug Spam</a>."<br />
<br />
Now in January 2013, hackers and scammers are up to the same tricks.<br />
<br />
(<b>If you believe you may have been victimized</b>, you can skip to the bottom for suggestions.)<br />
<br />
I've recently received three e-mails from two hacked Yahoo! accounts owned by people I know. Each e-mail contained only a link and no explanatory text, and the subject line was blank.<br />
<br />
In each case, the link address contained a directory called "wp-content" which indicates that all these spammed pages were hosted on hacked WordPress blogs (although I later discovered other hacked sites without wp-content in the URL).<br />
<br />
At least one of these hacked blogs was using an outdated version of WordPress (3.3.1). One site didn't display the version number. Surprisingly, the third hacked site was actually running the current version of WordPress (3.5). Most often when I've seen hacked WordPress sites they've been running an old version of WordPress for which there are publicly disclosed vulnerabilities.<br />
<br />
If a victim clicks on the link in one of these e-mails that appears to be from someone they know, they are redirected to a page that either says "You see this page because one of your friends have invited you. Page loading, please wait...." or else it automatically redirects right away or in 1 to 5 seconds.<br />
<br />
The victim is then redirected to one of three types of sites:<br />
<ol>
<li>a fake Fox news site advertising a "Raspberry Ultra Drops" weight loss drug, which the site implies is endorsed by television host Dr. Oz (see screenshot below)</li>
<li>a fake CNBC news site advertising a "work from your home" scam; see my June 2012 <a href="http://nakedsecurity.sophos.com/2012/06/20/twitter-account-hack-cnbc-spam/" target="_blank">article about related fake news sites</a> at Sophos' Naked Security blog for lots of details and screenshots</li>
<li>a site specifically for those who clicked on the e-mail link on an Android device (which reportedly attempts to install Android malware; see below)</li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9bY5DcEii4tEK6HKCOlXRuNnoBU5j9H0J7QMv2IwQSVFgm2dM7AaL-DQIrIdYBRt3a-IGO71JZTeAsxiIdqZ3XoaGzoOaKWbju1iXjRO7e20mjzM4rTUHan-hYQcBKTYw0-MewlLBTRId/s1600/fake-fox-news-raspberry-ultra-drops.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9bY5DcEii4tEK6HKCOlXRuNnoBU5j9H0J7QMv2IwQSVFgm2dM7AaL-DQIrIdYBRt3a-IGO71JZTeAsxiIdqZ3XoaGzoOaKWbju1iXjRO7e20mjzM4rTUHan-hYQcBKTYw0-MewlLBTRId/s400/fake-fox-news-raspberry-ultra-drops.png" width="295" /></a></div>
<div style="text-align: center;">
<i>A fraudulent site purporting to be Fox News</i></div>
<br />
Based on <a href="https://blog.lookout.com/blog/2012/05/02/security-alert-hacked-websites-serve-suspicious-android-apps-noncompatible/" target="_blank">an article at Lookout Mobile Security</a> and one of the comments there, apparently the Android-specific redirection leads to (or at one time led to) a file named "Update.apk", a malicious Android app. It appears that as of the last time this file was uploaded to VirusTotal, <a href="https://www.virustotal.com/file/2c5e656af90044cf5cc694519a42477cb18bd4b2722b1474cdead4a8748d3f70/analysis/" target="_blank">32 out of 46</a> antivirus engines detected it as malware and identified it as one of the following:<br />
<br />
Andr/Notcom-A, Android_dc.MK, Android:NotCom-A [Trj], Android.Notcompatible, Android.Notcompatible.A4ad, Android.Proxy.1.origin, Android.Troj.Undef.(kcloud), Android.Trojan.NotCompatible.A, Android.Trojan.NotCompatible.A (B), Android/NoComA.A, Android/NotCompatible.A!tr.bdr, Android/NotCompatible.A.2, AndroidOS_FAKEUPDATES.VL, AndroidOS/GenBl.0B2E9A9E!Olympus, AndroidOS/MalAndroid, Backdoor.AndroidOS.Nisev.a, Backdoor/AndroidOS.bqz, Backdoor/AndroidOS.Nisev, HEUR:Backdoor.AndroidOS.Nisev.a, NotComp.A, TROJ_GEN.F47V1211, Trojan, Trojan:AndroidOS/NoCom.A, Trojan.AndroidOS.NoCom, Trojan.AndroidOS.NoCom.a (v), Trojan.Nisev.bdokyh, UnclassifiedMalware<br />
<br />
Following are some various file names that may be found in a directory on one of the hacked sites. Based on my investigation into the similar hack/spam/fraud campaign last July, I am certain that this is not an exhaustive list of file names. (In fact, I observed that additional files with different names appeared within just the past few hours on one hacked site while I was writing this article.) Note that the links below lead to VirusTotal scan reports, NOT the files themselves.<br />
<br />
<a href="https://www.virustotal.com/file/29f5167dda17bfc77c668b5a97029492c91948790c1b2153e95bd01f4c8a5cd1/analysis/1358559788/" target="_blank">111a.php</a>, <a href="https://www.virustotal.com/file/5a807fdb0e983f125b8ec1c1a0eb1599d41910b5f07369a3c5ec77e885eb8b0b/analysis/1358560396/" target="_blank">addht.php</a>, <a href="https://www.virustotal.com/file/97b050685db612b3db04523ade8181337e1dd3a52bdd42e5143c24575e2ae6c4/analysis/1358560556/" target="_blank">avmdkg.php</a>, bhesp.php, <a href="https://www.virustotal.com/file/32b753632e33c09ffc4b353eeae7cc2df700869f6f9b4bf8e7de8a06930c96f1/analysis/1358560708/" target="_blank">biokrls.html</a>, <a href="https://www.virustotal.com/file/35d1d08998d3bb795f45fbabe48b16cc122976ea81110a7c8684fcfb4eb3f773/analysis/1358561549/" target="_blank">bjsdvs.php</a>, <a href="https://www.virustotal.com/file/aa0a8af97db600e58f1abe12a50c07cf293c0adcd389ff333bda3bc02dfd787d/analysis/1358590213/" target="_blank">bonuspack.php</a>, casualwor.php, <a href="https://www.virustotal.com/file/fa4a601d488590592718fd814cfa4e9123f2554706bb24c16a8095bc797709d7/analysis/1358590340/" target="_blank">cizxusod.php</a>, <a href="https://www.virustotal.com/file/346025a2c917f5a265e16bd0c8a2b7ee0bff08022b9724cc8075e76d9da1285b/analysis/1358560311/" target="_blank">colsdj.php</a>, conneng.php, creatives.php, curioso.html, <a href="https://www.virustotal.com/file/3daa52b5cc546e267952a2ccde8558f8cfae27d1a12c1498a4eb7ab9e4cfa77b/analysis/1358562529/" target="_blank">dgjdgs.php</a>, <a href="https://www.virustotal.com/file/53d4f9d05b991feac2d554d445aee20d4145ae3c43ca77dcde5fd4105f32ba99/analysis/1358561661/" target="_blank">dsfv.php</a>, dspvs.php, <a href="https://www.virustotal.com/file/fb5ae7131ccbdffe940743cf338ee764ccd64feadaf00a07373c8aece12884b9/analysis/1358562824/" target="_blank">duna.php</a>, <a href="https://www.virustotal.com/file/c37be91d24fa63f363b707d4c5d6c949b60474516f1b45ba923f2d8708018963/analysis/1358563056/" target="_blank">dwncst.php</a>, ebolsg.php, <a href="https://www.virustotal.com/file/edfbcfb466d6fa6697eddd355f2c540ac828129019597c6a2748a69ee83cb3e8/analysis/1358561725/" target="_blank">enjslol.html</a>, <a href="https://www.virustotal.com/file/840a77d6c9c315d32f0b7fc865b0fd8139264d5f30c01d9073f75c3ad8e6f45f/analysis/1358561735/" target="_blank">eopikal.html</a>, <a href="https://www.virustotal.com/file/c69156d65724e58d01445b014309b77d377abbb68ee709a65cfad0149a9447eb/analysis/1358561747/" target="_blank">etheha.php</a>, fbgogos.php, <a href="https://www.virustotal.com/file/b8e724c61fec06111f2b36e5911a053bb3206cd1410ba67d8cdd79b6a8bcadef/analysis/1358592562/" target="_blank">firstfight.php</a>, <a href="https://www.virustotal.com/file/445312c251185c69a47dced16e4fca98d9110e1ea96550a472186c0c02a2b0d1/analysis/1358561756/" target="_blank">fkbmns.php</a>, <a href="https://www.virustotal.com/file/d11d0935f3ba7b8d807c752b65df4e034bb276b8bdad986cc3e12c48999aff87/analysis/1358563475/" target="_blank">fogjlop.html</a>, <a href="https://www.virustotal.com/file/accb552a9dc170648fc585c313891ede6a96f12e72bc07aa5b6e3afb75e0000d/analysis/1358561770/" target="_blank">foglsd.php</a>, fpbs.php, frnds.php, fusion.php, <a href="https://www.virustotal.com/file/cca1dbb0df2c3497810e6cf9ea03141afb6a070685c36f978b26b0033d13df83/analysis/1358561778/" target="_blank">fvcagex.php</a>, <a href="https://www.virustotal.com/file/18d8af9678fb7d6e3899a936175b81cee375abf9669a64b3d7b7db3946d45bdb/analysis/1358564429/" target="_blank">fvjsvg.php</a>, <a href="https://www.virustotal.com/file/3834d044c566e3362c4203fc758380689e85139613e3e6b16e15d11f13be6a07/analysis/1358564505/" target="_blank">gbdlg.php</a>, gdkedns.php, geopic.php, <a href="https://www.virustotal.com/file/7ba4db785d4b5e34ec540f9f0ec7eb3c060e56a10fc0ffab4228174005cc6745/analysis/1358564961/" target="_blank">gfobnd.php</a>, ghsakl.html, <a href="https://www.virustotal.com/file/2b42646eaccb934b7d6e34803f16709cc3566ecb1cfe5877a6e32869c56d8d9e/analysis/1358565030/" target="_blank">gjuk.php</a>, gnslfs.php, <a href="https://www.virustotal.com/file/87ce7afed19b049c4bfced4702b62e0f4ed17df7b118fd631bc1b0c6a54f56ee/analysis/1358561842/" target="_blank">gsm.php</a>, hamiltons.php, <a href="https://www.virustotal.com/file/309ff4125120fbae087ad0f999ecebf657c7974ee444ffecdb81e891d12b8c11/analysis/1358592568/" target="_blank">hellodear.php</a>, <a href="https://www.virustotal.com/file/6c406407803038c2c982a85fd3118f22bbfff57be42eac90ccf51c5c759b799b/analysis/1358595766/" target="_blank">helpsx.php</a>, hposvds.php, <a href="https://www.virustotal.com/file/4b926c27759fdbf7fd3329b683f25bd78b2263455e10ca6c7b6df02b76494146/analysis/1358565318/" target="_blank">ikhkjskl.php</a>, j.php, jhikdba.php, <a href="https://www.virustotal.com/file/357f53f41c75784bb7dd32eb38d69841737a4edcc2db11772a21b3e57bbc53d7/analysis/1358590265/" target="_blank">kawabagga.html</a>, kawabangas.php, kllem.php, <a href="https://www.virustotal.com/file/0083ca84281bb0e749cdcc549884f36113ec84b70b20326ef1e9fd6324c35c7b/analysis/1358592585/" target="_blank">mainats.php</a>, <a href="https://www.virustotal.com/file/7a83b1fa4212648bc5d9f49b74b54edd4743223a83e1e1773e35efb90edccf00/analysis/1358595621/" target="_blank">maincl.php</a>, mainx.php, <a href="https://www.virustotal.com/file/5d5a9d6832b893c2bcd63eb1ff4d9a0c348b70fd0bd7895a4f12928aaeab79e0/analysis/1358565361/" target="_blank">makoler.html</a>, ndold.php, newinform.php, newsts.php, nextgt.php, <a href="https://www.virustotal.com/file/04d127e8984a58babebdae8536c841f0f8f3d89bed62ae005ab569f43a2fe4e7/analysis/1358568332/" target="_blank">nmklsi.php</a>, <a href="https://www.virustotal.com/file/417b20d47bf1e99642821abc4d84dbe83bdc82cb876fc1502d163cef09f0e716/analysis/1358568412/" target="_blank">nwmslck.php</a>, <a href="https://www.virustotal.com/file/55204d25a4019bf04ca6789d93256d426d0de15c61b01e59507db3dd70be159d/analysis/1358561883/" target="_blank">odnhgls.html</a>, ofneg.php, ornvls.php, <a href="https://www.virustotal.com/file/98cb791f93bacbfc40cd2417d13a32f7ff1f716bb2f3fbcd5b40a8324e1d523f/analysis/1358561902/" target="_blank">pdklsa.php</a>, <a href="https://www.virustotal.com/file/f58f6835d5b60bb5a2f6b0b3c2fc9e5081913b850f5f41a7f16b2ba92fc104b6/analysis/1358595626/" target="_blank">pmcntr.php</a>, <a href="https://www.virustotal.com/file/8eff32edc88cefcbe830a76757a24c5a986912956b7ad64f440645ba621b9aec/analysis/1358568727/" target="_blank">privsek.html</a>, rcccy.php, <a href="https://www.virustotal.com/file/7ad2445251414b866b295ca1b5d5ec718de426983f62fadae5fef8992ba3973f/analysis/1358595487/" target="_blank">rcctm.php</a>, ronnd.php, <a href="https://www.virustotal.com/file/9c853c6d064268c8d9f5c4ff2ccb33b491aa630186a0f2145b59e36b80c1cb8d/analysis/1358561921/" target="_blank">rtebcsw.php</a>, <a href="https://www.virustotal.com/file/65b4837b7bdf73a7d56a02cdc196c124e2b2f11f0d8d499a0abcd4fe2af56900/analysis/1358590292/" target="_blank">SanFrancisco.htm</a>, <a href="https://www.virustotal.com/file/1551b12de597ca3c7649d2d55197ab8e7025ad07a162addd109646129bcea380/analysis/1358561924/" target="_blank">saweg.php</a>, stesa.php, stndrt.php, unitds.php, <a href="https://www.virustotal.com/file/61b4efe63fbcdbc18d1f92ccad3231a7473dcdb2522f952a794a07de5bfb932d/analysis/1358595634/" target="_blank">upmlc.php</a>, vghjdk.php, vozivapso.php, wmnhl.php, <a href="https://www.virustotal.com/file/39808de58e8331e8e05b20978801ca2ff1acd98b06bce620c85900ac52fd9c35/analysis/1358561931/" target="_blank">wrvfsfd.php</a>, xdll.php, <a href="https://www.virustotal.com/file/8d57af2d24e5110e54a513a97380110aad91eb14d3fe8426c5f55f98a87c62c4/analysis/1358561938/" target="_blank">xhjg.php</a>, xxxxjs.php, <a href="https://www.virustotal.com/file/072c698e80cc4187da9e255ef826803f5b961e5f69614b1fe73943d607fcafe3/analysis/1358595515/" target="_blank">yahmlc.php</a>, yepyep.php, yiTUdso.html, youranswerrr.php, zjgfnwe.php<br />
<br />
These files have rather low detection rates by major antivirus engines; a few redirection files are currently not detected at all, while some are only detected by as many as 14 out of 46 engines. Thus there's a pretty good chance that your antivirus software won't detect these Web pages as malicious. The files are identified as any of the following types of malware (or similar names):<br />
<br />
HTML:Redirector-AI, HTML:Redirector-AI [Trj], HTML:RedirME-inf, HTML:RedirME-inf [Trj], HTML:Refresher-A, HTML:Refresher-A [Trj], HTML.Redirector, HTML.RedirME, HTML.Refresher, JS:Redirector-AAC [Trj], JS.A.Redirector.336, JS.A.Redirector.340.A, JS.A.Redirector.341, JS.A.Redirector.412.A, JS/Redirector.PN, JS/Redirector.WB!tr, TROJ_GEN.F47V0108, TROJ_GEN.F47V0109, TROJ_GEN.F47V0114, TROJ_GEN.F47V0115, TROJ_GEN.F47V0116, TROJ_GEN.F47V0118, TROJ_GEN.F47V1228, TROJ_GEN.F47V1229, TROJ_GEN.RCBH1I4, TROJ_GEN.RCBH1I5, TROJ_GEN.RCBH1IA, TROJ_GEN.RCBH1IK, TROJ_GEN.RCBH1J8, TROJ_GEN.RCBH1JN, Trojan.JS.Redirector, Trojan.JS.Redirector (A), Trojan.JS.Redirector.ASR, Trojan.JS.Redirector.ASR (B), Trojan.JS.Redirector.wb, UnclassifiedMalware<br />
<br />
One file was rather different from the rest: <b>gsm.php</b>. This file had an <a href="https://www.virustotal.com/file/87ce7afed19b049c4bfced4702b62e0f4ed17df7b118fd631bc1b0c6a54f56ee/analysis/1358561842/" target="_blank">18/46 detection rate on VirusTotal</a>, and it was identified as a PHP shell backdoor by the antivirus engines that detected it:<br />
<br />
Backdoor, Backdoor:PHP/C99shell.R, Backdoor.HTML.EMO.D, Backdoor.HTML.PHPShell-Interface (v), Backdoor.PHP.C99Shell, C99Shell.CX, EXP/C99Shell.W, Exploit.C99Shell.Gen, HTML:Shellface-D, HTML:Shellface-D [Trj], HTML/Shellnine.A, PHP/BackDoor.AO, PHP/C99Shell.A, PHP/C99shell.R, PHP/CShell.Y, Trojan.Html.C99Shell.dwlsk, Trojan/PHP.Shell<br />
<br />
Following is a list of some of the domains to which these pages attempt to redirect. Note that the links below lead to the Web of Trust reports for each domain, NOT the domains themselves.<br />
<br />
<a href="https://www.mywot.com/en/scorecard/194.60.242.54" target="_blank">194.60.242.54</a> (the site hosting Android malware), <a href="https://www.mywot.com/en/scorecard/allnewsjob.ru" target="_blank">allnewsjob.ru</a>, <a href="https://www.mywot.com/en/scorecard/foxfoxnws.com" target="_blank">foxfoxnws.com</a>, <a href="https://www.mywot.com/en/scorecard/foxfxnws.com" target="_blank">foxfxnws.com</a>, <a href="https://www.mywot.com/en/scorecard/foxnews.top10.super.fxpublication.com" target="_blank">foxnews.top10.super.fxpublication.com</a> (a subdomain of <a href="https://www.mywot.com/en/scorecard/fxpublication.com" target="_blank">fxpublication.com</a>), <a href="https://www.mywot.com/en/scorecard/fx-nwstop.com" target="_blank">fx-nwstop.com</a>, <a href="https://www.mywot.com/en/scorecard/fxnew12.com" target="_blank">fxnew12.com</a>, <a href="https://www.mywot.com/en/scorecard/fxs-news.com" target="_blank">fxs-news.com</a>, <a href="https://www.mywot.com/en/scorecard/fxsclocks.com" target="_blank">fxsclocks.com</a>, <a href="https://www.mywot.com/en/scorecard/fxsnws24.com" target="_blank">fxsnws24.com</a>, <a href="https://www.mywot.com/en/scorecard/fxsyounews.com" target="_blank">fxsyounews.com</a>, <a href="https://www.mywot.com/en/scorecard/fxx-news.com" target="_blank">fxx-news.com</a>, <a href="https://www.mywot.com/en/scorecard/fxxnws24.com" target="_blank">fxxnws24.com</a>, <a href="https://www.mywot.com/en/scorecard/greatlifechance.net" target="_blank">greatlifechance.net</a>, <a href="https://www.mywot.com/en/scorecard/homeincomenow10.com" target="_blank">homeincomenow10.com</a>, <a href="https://www.mywot.com/en/scorecard/homeincomenow6.com" target="_blank">homeincomenow6.com</a>, <a href="https://www.mywot.com/en/scorecard/hot-foxnws.com" target="_blank">hot-foxnws.com</a>, <a href="https://www.mywot.com/en/scorecard/journals26.com" target="_blank">journals26.com</a>, <a href="https://www.mywot.com/en/scorecard/life-news1241.ru" target="_blank">life-news1241.ru</a>, <a href="https://www.mywot.com/en/scorecard/lifenews241.ru" target="_blank">lifenews241.ru</a>, <a href="https://www.mywot.com/en/scorecard/msnb21.com" target="_blank">msnb21.com</a>, <a href="https://www.mywot.com/en/scorecard/msnb24c.com" target="_blank">msnb24c.com</a>, <a href="https://www.mywot.com/en/scorecard/mynewstop.com" target="_blank">mynewstop.com</a>, <a href="https://www.mywot.com/en/scorecard/news1241.ru" target="_blank">news1241.ru</a>, <a href="https://www.mywot.com/en/scorecard/newsfoxs.com" target="_blank">newsfoxs.com</a>, <a href="https://www.mywot.com/en/scorecard/newsonlinework.com" target="_blank">newsonlinework.com</a>, <a href="https://www.mywot.com/en/scorecard/njournal24.com" target="_blank">njournal24.com</a>, <a href="https://www.mywot.com/en/scorecard/nws5fxs.com" target="_blank">nws5fxs.com</a>, <a href="https://www.mywot.com/en/scorecard/nwsfxs.com" target="_blank">nwsfxs.com</a>, <a href="https://www.mywot.com/en/scorecard/online18work.com" target="_blank">online18work.com</a>, <a href="https://www.mywot.com/en/scorecard/onlinebestnews.ru" target="_blank">onlinebestnews.ru</a>, <a href="https://www.mywot.com/en/scorecard/raspberryhots.com" target="_blank">raspberryhots.com</a> (purchasing site), <a href="https://www.mywot.com/en/scorecard/raspbuyberry.com" target="_blank">raspbuyberry.com</a> (purchasing site), <a href="https://www.mywot.com/en/scorecard/rasptrims.com" target="_blank">rasptrims.com</a> (purchasing site), <a href="https://www.mywot.com/en/scorecard/slimsfox.com" target="_blank">slimsfox.com</a>, <a href="https://www.mywot.com/en/scorecard/story29.com" target="_blank">story29.com</a>, <a href="https://www.mywot.com/en/scorecard/story76.com" target="_blank">story76.com</a>, <a href="https://www.mywot.com/en/scorecard/topfox24.com" target="_blank">topfox24.com</a>, <a href="https://www.mywot.com/en/scorecard/toplastnews.ru" target="_blank">toplastnews.ru</a>, <a href="https://www.mywot.com/en/scorecard/workfromyourhome15.com" target="_blank">workfromyourhome15.com</a>, <a href="https://www.mywot.com/en/scorecard/workfromyourhome8.com" target="_blank">workfromyourhome8.com</a>, <a href="https://www.mywot.com/en/scorecard/workinghome31.com" target="_blank">workinghome31.com</a>, <a href="https://www.mywot.com/en/scorecard/workinghome46.com" target="_blank">workinghome46.com</a>, <a href="https://www.mywot.com/en/scorecard/workinghome47.com" target="_blank">workinghome47.com</a>, <a href="https://www.mywot.com/en/scorecard/xtranws.com" target="_blank">xtranws.com</a><br />
<br />
<b>What To Do If Your E-mail Account Has Been Hacked</b><br />
<br />
<b>If your e-mail account has been hacked</b> and you can still log into it, <b>change your password immediately</b>, and be sure to use a good, strong, long, and unique password; if you
need some advice, read the detailed explanations of what makes a
password secure at GRC's <a href="https://www.grc.com/passwords.htm" target="_blank">perfect passwords</a> and <a href="https://www.grc.com/haystack.htm" target="_blank">password haystacks</a>
pages. Keep your new password exclusive to this e-mail account; <b>don't reuse your password</b> on any other site. <b>Send an e-mail to your contacts</b> (please use BCC rather than To or CC) asking them to delete any recent e-mails from your account that just contained a link (and if you want, you can suggest that they read this article if they clicked on the link). <b>If you used your old password on any other sites</b>, change your passwords at those sites as well (and be sure to use different passwords than the new one you just created for your e-mail account). <b>If your e-mail provider has security questions</b> as a backdoor if you forget your password (e.g. Yahoo!), change your security questions and answers, and be sure to not choose answers that other people might know or be able to find out about you. It wouldn't hurt to <b>scan your computer for malware</b> (and get a
second opinion from a trusted free scanner, for example <a href="http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline" target="_blank">Windows Defender Offline</a>
or another antivirus boot disc, or <a href="http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx" target="_blank">Sophos' Virus Removal Tool</a> which can be run alongside your existing antivirus software). If your e-mail provider has an option to <b>enable two-factor authentication</b> (for example, sending you a code via SMS text message whenever someone tries to log in), enable this option for better security. <b>Never log into your e-mail from a public computer</b> (for example at a hotel or library) <b>or while connected to a public Wi-Fi network</b> (for example at a restaurant, coffee shop, or airport). See also this <a href="http://nakedsecurity.sophos.com/2012/07/11/hacked-email-accounts-unleash-weight-loss-spam/" target="_blank">Sophos article</a>
for additional tips on how to protect your e-mail accounts.<br />
<br />
<b>What To Do If Your Web Site Has Been Hacked</b><br />
<br />
<b>If your Web site has been hacked, </b>don't
merely delete the files listed above. If possible, <b>restore your server from a
clean backup</b>. <b>Scan for rootkits and other malware</b> (and get a
second opinion from a trusted free scanner, for example <a href="http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline" target="_blank">Windows Defender Offline</a>
or another antivirus boot disc). <b>Change all passwords on the server</b>, and be sure to use good, strong, long, and unique passwords; if you
need some advice, read the detailed explanations of what makes a
password secure at GRC's <a href="https://www.grc.com/passwords.htm" target="_blank">perfect passwords</a> and <a href="https://www.grc.com/haystack.htm" target="_blank">password haystacks</a>
pages. <b>Disable any services you don't use</b> on your server. <b>Make sure all the
software on the server (WordPress, Apache, etc.) is up to date</b> and has all the latest security
patches. See also this <a href="http://nakedsecurity.sophos.com/2012/07/11/hacked-email-accounts-unleash-weight-loss-spam/" target="_blank">Sophos article</a>
for additional tips on how to protect your Web servers.<br />
<br />
<b>What To Do If You Clicked On a Link</b><br />
<br />
<b>If you clicked on a link in one of these e-mails,</b> don't panic. <b>If you entered your credit card number</b> on one of the sites, call your credit card provider to report the fraudulent transaction and follow their instructions and advice; you may need to cancel that card number and get a new card. <b>If you visited a link on your Android device</b>, you probably only need to worry about infection if you installed the Update.apk file. If you installed it, you can try restoring your Android device from a backup (assuming you have one) and/or install antivirus software such as <a href="https://play.google.com/store/apps/details?id=com.sophos.smsec" target="_blank">Sophos Mobile Security</a> (which is free) onto your device to clean up the infection. <b>If you visited a link on your PC</b>, for your own peace of mind you may wish to scan your computer for malware (and get a
second opinion from a trusted free scanner, for example <a href="http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline" target="_blank">Windows Defender Offline</a>
or another antivirus boot disc, or <a href="http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx" target="_blank">Sophos' Virus Removal Tool</a> which can be run alongside your existing antivirus software). <b>If you visited a link on your Mac</b>, for your own peace of mind you may wish to scan your computer for malware (if you don't have antivirus software, you can get <a href="http://www.sophos.com/freemacav" target="_blank">free Mac antivirus software</a> from Sophos for home use, or get a <a href="http://www.intego.com/intego-free-trial" target="_blank">free trial of a security suite</a> from Intego). <b>If you visited a link on your iPhone or iPad</b>, you probably don't have anything to worry about as long as you didn't enter your credit card information on one of the sites.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com3tag:blogger.com,1999:blog-6477215397403017256.post-19631879258357302152013-01-07T13:44:00.000-08:002013-01-07T14:21:24.392-08:00Basic Computer and Mobile Security Tips<i>by Kylene Long</i><br />
<br />
Whether you are a Mac or Windows user, iOS or Android user, your computer or device is potentially vulnerable to infection. You should be cautious about where you go on the Web, what links you click on, and what apps you install.<br />
<br />
One way to avoid visiting potentially harmful sites is to use <a href="https://www.mywot.com/" target="_blank">Web of Trust</a> (WOT), a plug-in for desktop browsers that can help you decide whether or not a site might be safe to visit. It uses simple stoplight colors (red, yellow, and green, with an alternative setting for colorblind users) to indicate potentially harmful and likely safe sites. With the WOT plug-in installed, when you search the Web with sites like Google and Bing you'll see colored circles next to each search result so you can have some idea of how trustworthy the site is before you click. If you ever accidentally visit a page that has a poor rating, the plug-in will display a warning. WOT's browser add-on is useful for computer experts and novices alike.<br />
<br />
Also, don't always trust that you are typing in a Web address (URL) correctly. Look in the address bar to verify that what you've typed is correct before you press a button to go there. When you're not sure about the spelling of a site or whether it ends in .com or .org for example, or if you make frequent typos, you can alternatively do a Google search for the site's name instead of trying to type it from memory; normally the site you want is within the top few hits. Once you've found the site, you can bookmark it to make it easier to return to later.<br />
<br />
Visiting links isn't the only thing to be cautious about. It's also wise to be careful when installing software on your computer or mobile device, including apps from popular app stores like Apple's iOS or Mac App Store, Google Play Store, or Amazon Appstore.<br />
<br />
Just because Apple and Google have a vetting process for apps doesn't mean that nothing undesirable ever slips past their app review processes (<a href="http://nakedsecurity.sophos.com/2012/06/29/apple-mobile-device-security/" target="_blank">it happens</a>—and <a href="http://nakedsecurity.sophos.com/2012/07/25/windows-malware-found-in-ios-app-store-say-what/" target="_blank">more often than you might think</a>). Always check the ratings on an app before downloading it. If an app has hundreds of reviews and an overall positive rating, it's probably safe. Be aware that there are some look-alike apps out there that at first glance may appear to be popular apps, or affiliated with popular app makers. Checking customer reviews can sometimes help you avoid the more shady apps.<br />
<br />
Consider this: If you met a random stranger on the street, would you hand them your phone and let them do whatever they want with it, unsupervised? Whenever you visit a site you've never been to before, or install an app that you've never heard of, you should be aware that you're taking a risk. Obviously there's some risk inherent in doing <i>anything;</i> even legitimate sites can be hacked, for example. But it's still a good idea to keep your guard up, even if you use a Mac or an iPhone, iPad, or other smartphone or tablet.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow Josh on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-6477215397403017256.post-58009845290615999282013-01-02T17:00:00.000-08:002013-01-07T14:57:10.292-08:00Get Windows 8 Pro for $39.99 by January 31<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7tvopiejHDvug1Kk9eteTx8r509b0aMFet-knG2f36XXfSVeWFHaEZSAvKQXu3DSuxxYSdr_HcDZZBjjRZ6aNOD1TwsEme1osEHtnZhYSi-G37OEhap9Be-RgB1IXMLT25z2rQw6Hzh4x/s1600/Windows8ProBoxCropped.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7tvopiejHDvug1Kk9eteTx8r509b0aMFet-knG2f36XXfSVeWFHaEZSAvKQXu3DSuxxYSdr_HcDZZBjjRZ6aNOD1TwsEme1osEHtnZhYSi-G37OEhap9Be-RgB1IXMLT25z2rQw6Hzh4x/s200/Windows8ProBoxCropped.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="166" /></a></div>
Do you still have Windows XP on your computer? Unless you have plans to replace that computer within the next 15 months, now's a good time to upgrade your operating system.<br />
<br />
<b>Until January 31, 2013, Microsoft is offering upgrades to Windows 8 Pro for only $39.99 for all users of Windows XP SP3, Windows Vista, and Windows 7.</b><br />
<br />
Given that Windows XP will only get security updates <a href="https://support.microsoft.com/lifecycle/?ln=en-us&c2=1173" target="_blank">until April 2014</a> (only a year and 3 months from now), and given that the cost of the upgrade after this month will reportedly jump to $199, this is a great opportunity for PC users to move to a newer and more secure operating system without having to spend a lot of money.<br />
<br />
And if you're a Mac user with an old version of Windows on a Boot Camp partition or in a virtual machine like Parallels Desktop, VMWare Fusion, or Oracle VirtualBox, Microsoft is offering the same upgrade pricing for you as well.<br />
<br />
Before you make the jump to Windows 8, you'll have to ensure your system can handle it (in particular, you may need to buy a RAM upgrade first), and there are other considerations to keep in mind as well. Read more details in my article at The Mac Security Blog:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/upgrade-to-windows-8-pro-on-your-mac/">Upgrade to Windows 8 Pro on Your Mac</a><br />
<br />
Then read the system requirements and download the upgrade from Microsoft:<br />
<br />
<a href="http://windows.microsoft.com/en-US/windows/buy">http://windows.microsoft.com/en-US/windows/buy</a> <br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-1600367943380371022012-11-16T17:00:00.000-08:002013-01-07T11:18:41.004-08:00Apple Updates XProtect FunctionalityWithout any fanfare, Apple added new functionality to the Safe Downloads List (XProtect) feature of Mac OS X in late September. The new feature allows Apple to block certain known-vulnerable versions of browser plug-ins such as Oracle Java and Adobe Flash Player.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgop7FTJgSOB25ec1xVcUe4D0gWkM17nmpaKXHFyWkl6Q8mfk9xinSQjVEQOrPyLtWcNIDMhqwLUWoC4MLPAb_JJaX4yXq_NS0O-SeV3EFLVGlE4_j68JtTOqY01B4prkVazDHx2eEW86oe/s1600/XProtect.meta-Plug-Ins2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgop7FTJgSOB25ec1xVcUe4D0gWkM17nmpaKXHFyWkl6Q8mfk9xinSQjVEQOrPyLtWcNIDMhqwLUWoC4MLPAb_JJaX4yXq_NS0O-SeV3EFLVGlE4_j68JtTOqY01B4prkVazDHx2eEW86oe/s320/XProtect.meta-Plug-Ins2.png" width="308" /></a></div>
Apple is currently only blocking certain very old versions of Flash Player and one particular version of the Java plug-in. More recent versions of these plug-ins with numerous publicly exploited vulnerabilities are not currently blocked by Apple, so in practice this feature does not currently provide a lot of protection.<br />
<br />
More details about recent XProtect updates can be found in my article at The Mac Security Blog:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/apple-updates-xprotect-malware-definitions-for-latest-imuler-variant/">Apple Updates XProtect Malware Definitions for Latest Imuler Variant</a><br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-52139247072247643062012-09-07T17:00:00.000-07:002013-01-07T15:18:57.974-08:00Is Apple Still Releasing Snow Leopard Updates?<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUBLPobGiw5HmasSGslEZXlEdPBhOhp91QRiG4LWtw9LDAiXuYWLh8Qc7Y5n_GzoZRCnEoKHXwI0-Xbg0kTWWT2ATvxpgUIziaaXM9EAD3qZaOL0nU1JMnyJr3iv1cLmuvCn5JG73ZZPxc/s1600/MountainLionLionSnowLeopard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUBLPobGiw5HmasSGslEZXlEdPBhOhp91QRiG4LWtw9LDAiXuYWLh8Qc7Y5n_GzoZRCnEoKHXwI0-Xbg0kTWWT2ATvxpgUIziaaXM9EAD3qZaOL0nU1JMnyJr3iv1cLmuvCn5JG73ZZPxc/s640/MountainLionLionSnowLeopard.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="640" /></a></div>
<br />
Is Apple still releasing security updates for Mac OS X v10.6 Snow Leopard? Oddly, the answer isn't a simple yes or no.<br />
<br />
In the past, Apple typically released security updates only for the current and one previous version of OS X. However, Apple recently switched from a roughly two-year OS cycle to a yearly cycle, and this may or many not have changed how long Apple will continue releasing security updates for previous versions of its desktop operating system.<br />
<br />
So far, Apple <i>has</i> been releasing Java security updates for Snow Leopard since the release of OS X v10.8 Mountain Lion (which was released approximately one year after OS X v10.7 Lion and three years after Snow Leopard). However, <a href="http://security.thejoshmeister.com/2012/07/windows-and-snow-leopard-no-more-safari.html">Apple <i>has <b>NOT</b></i> been releasing updates for the Snow Leopard version of Safari</a>, the browser that comes bundled with Mac OS X.<br />
<br />
While Microsoft makes known to the public exactly how long its operating systems and software will be patched, Apple makes no such public disclosure.<br />
<br />
Read my article at The Mac Security Blog for more information:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/apples-java-update-surprise-for-snow-leopard/">Apple's Java Update Surprise for Snow Leopard</a><br />
<br />
<b>UPDATE, 7 Jan 2013:</b> Net Applications has released its <a href="http://techcrunch.com/2013/01/04/os-x-mountain-lion-now-accounts-for-a-majority-share-of-mac-web-traffic-growing-nearly-twice-as-fast-as-lion/" target="_blank">Web traffic analytics for December 2012</a>, which indicate that Snow Leopard accounts for just over 29% of Web traffic from Macs—slightly higher than Lion which accounts for just over 28%. Both are only slightly behind Mountain Lion at just over 32%. The percentages are roughly the same when filtering for Macs browsing with Safari.<br />
<br />
Given the apparently high percentage of Mac users still browsing Web sites on Snow Leopard, in my opinion it is inexcusable for Apple to no longer release security updates for the Snow Leopard version of Safari. At the very least, Apple should warn these users (and Windows Safari users) that their browser is no longer being updated and is no longer safe to use online.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-38828016161732025752012-08-01T17:00:00.000-07:002013-01-07T14:54:33.854-08:00What to Do if Your Mac Can't Run Mountain Lion<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb5MlpFHyTPAwt2WbxMZWC6XBYvaK0I_S1UKxeaUKyVmkPA8drPK8Rn7Mvi8XeoMi3z3BaXeuJUBAO0Dj09qsL2urXeYVh7hecMS30M3d47hxF3xKo3Jk7mKrIupkYuLVe04c8TAaeld79/s1600/mountain_lion_hero-tongue.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb5MlpFHyTPAwt2WbxMZWC6XBYvaK0I_S1UKxeaUKyVmkPA8drPK8Rn7Mvi8XeoMi3z3BaXeuJUBAO0Dj09qsL2urXeYVh7hecMS30M3d47hxF3xKo3Jk7mKrIupkYuLVe04c8TAaeld79/s1600/mountain_lion_hero-tongue.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" /></a>With each successive version of Apple's Mac OS X operating system, more Mac hardware gets left behind. The recent release of OS X Mountain Lion (v10.8) is no exception.<br />
<br />
There are some good reasons why Apple might drop support for older hardware. For example, Apple might want to clear our legacy code to make its software run more efficiently on newer computers, and some brand new or updated features of the OS may run much better on newer hardware.<br />
<br />
On the other hand, one could argue that it's also in Apple's best interest to enforce scheduled hardware obsolescence so the company can generate revenue from new hardware sales.<br />
<br />
Whereas Microsoft makes the operating system but not the hardware—and thus generates more profits by continuing to support very old PCs with each new version of Windows—Apple makes both the hardware and the operating system. At $29.99 per OS upgrade (or apparently $19.99 annually beginning with Mountain Lion), it's clear that Apple stands to make a lot more money by getting customers to buy a $1000+ Mac every 5 or 6 years (and perhaps a few OS upgrades in between) rather than merely sell them $100 worth of OS upgrades over the same time period.<br />
<br />
And so with Mountain Lion, Apple has dropped a lot more hardware. Every Mac made before mid-2007—and even some 2008 models—are no longer supported by Apple's latest desktop operating system.<br />
<br />
So what can you do if your Mac is no longer supported? I've written an in-depth article covering which models are supported by Mountain Lion, which Macs max out at Lion, and why Snow Leopard may no longer be completely safe to use—and what you can do if you're stuck with an unsupported Mac. Read the full article on The Mac Security Blog:<br />
<br />
<a href="http://www.intego.com/mac-security-blog/what-to-do-if-your-mac-cant-run-mountain-lion/">What to Do if Your Mac Can't Run Mountain Lion</a><br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-932587018582839192012-07-30T17:00:00.000-07:002013-01-07T14:41:36.180-08:00Windows and Snow Leopard: No More Safari Security Updates<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2T9ATCvPXKOcHrT3756FWrnluQLD8Qb3S9cM3XO0TOomlajMqiATUuGTI47JyQvYzmBpAn60zvzyOY8l96r7LnxIO13hfGElUlf5g6MAroLhhhPSOq8-aDqiP4FDZYUi6J7pklTmgPAWo/s1600/no-safari-for-you-3.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2T9ATCvPXKOcHrT3756FWrnluQLD8Qb3S9cM3XO0TOomlajMqiATUuGTI47JyQvYzmBpAn60zvzyOY8l96r7LnxIO13hfGElUlf5g6MAroLhhhPSOq8-aDqiP4FDZYUi6J7pklTmgPAWo/s320/no-safari-for-you-3.png" style="border-color: white; margin: 0pt 0pt 0px 0px;" width="320" /></a>To coincide with the release of Mac OS X v10.8 Mountain Lion, Apple also released the new Safari 6 Web browser (which comes with Mountain Lion) for OS X v10.7 Lion.<br />
<br />
Not surprisingly, Apple did not release the new browser for Mac OS X v10.6 Snow Leopard, which was released 3 years prior to Mountain Lion and is now two major OS versions old.<br />
<br />
However, what <i>is</i> surprising is that Apple did not release the Safari update for Windows, either. Nor did Apple release a security-only patch for the Windows or Snow Leopard versions of Safari 5.1 to close the 121 security vulnerabilities fixed in Safari 6.0.<br />
<br />
<b>This means that anyone still using Safari on Windows or Snow Leopard is unknowingly leaving their system vulnerable to exploitation and infection.</b><br />
<br />
Read the detailed article I wrote for Sophos Naked Security for more information:<br />
<br />
<a href="http://nakedsecurity.sophos.com/2012/07/30/no-safari-security-updates/">Where are the Safari security updates for Windows and Snow Leopard? Users left exposed</a><br />
<br />
<b>UPDATE, 7 Jan 2013:</b> Apple has since released Safari 6.0.1 and 6.0.2, patching an additional 63 vulnerabilities. No corresponding security updates have been released for the Windows or Snow Leopard versions of Safari.<br />
<br />
See also <a href="http://security.thejoshmeister.com/2012/09/is-apple-still-releasing-snow-leopard.html">Is Apple Still Releasing Snow Leopard Updates?</a><br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-62760172908506731312012-07-25T11:57:00.000-07:002012-07-25T12:01:49.777-07:00Windows Malware Found in iOS App StoreYes, you read that headline correctly.<br />
<br />
Yesterday it was discovered that a Windows worm was embedded inside an iOS application. The app, called "Instaquotes-Quotes Cards for Instagram," was available in the iOS App Store from July 19 through July 24. It contained two infected files:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">Instaqoutes 1.0.ipa:Payload:Instaqoutes.app:FBDialog.bundle:FBDialog.bundle.exe</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">Instaqoutes 1.0.ipa:Payload:Instaqoutes.app:FBDialog.bundle:images:images.exe</span></div>
<br />
This is unlikely to have caused any actual harm to anyone's systems given that iPhones and iPads can't run Windows programs, and any Windows user who may have downloaded the infected iOS app would have had to manually extract an .exe file and consciously decide to run it on his or her PC.<br />
<br />
The most interesting part of this discovery is that it seems to indicate that <b>Apple may not be scanning apps for viruses as part of its vetting process. </b>Let's hope Apple adds this to the app approval checklist right away.<br />
<br />
<b>Please see <a href="http://nakedsecurity.sophos.com/2012/07/25/windows-malware-found-in-ios-app-store-say-what/">my article at Sophos Naked Security</a> for more details.</b><br />
<br />
Meanwhile, Mac antivirus firm Intego reported yesterday that it had discovered new Mac malware, which the company dubbed <a href="http://www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/" target="_blank">OSX/Crisis</a> (Sophos identifies it as <a href="http://nakedsecurity.sophos.com/2012/07/25/mac-malware-crisis-on-mountain-lion-eve/" target="_blank">OSX/Morcut-A</a>). Intego said that as of yesterday, the malware had not yet been found in the wild.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0tag:blogger.com,1999:blog-6477215397403017256.post-80640512655313624382012-07-13T19:39:00.000-07:002012-07-14T21:53:52.727-07:00Hacked E-mails and Web Sites Pushing Weight Loss Drug SpamA recent hack/spam/fraud campaign has recently been flooding the Internet with weight loss spam. I began investigating this on Tuesday night when a close relative's e-mail account was hacked.<br />
<br />
On Wednesday, Sophos' Fraser Howard wrote up <a href="http://nakedsecurity.sophos.com/2012/07/11/hacked-email-accounts-unleash-weight-loss-spam/" target="_blank">lots of details</a> about this campaign on Naked Security. The article has lots of screenshots so you can see exactly what the e-mails, hacked sites, and spam sites look like.<br />
<br />
<b>If your e-mail account or Web site has been compromised, please read that article.</b><br />
<br />
One side note before I continue: if you're using <b>AOL Mail</b> for your personal e-mail and you ever want to check it via the Web when connected to a public Wi-Fi network, <b>don't</b>. The current mobile version of the AOL Mail site does offer any option for securing the connection, and the non-mobile version isn't completely secure either. If you must use AOL for some reason, set up an e-mail application to connect to AOL's IMAP and SMTP servers over SSL/TLS using <a href="http://help.aol.com/help/microsites/search.do?cmd=displayKC&docType=kc&externalId=217449" target="_blank">these instructions</a> (it's <a href="http://help.aol.com/help/microsites/search.do?cmd=displayKC&docType=kc&externalId=222780" target="_blank">even easier</a> for iPhone, iPad, and iPod touch users).<br />
<br />
In my opinion, though, you're better off switching to <b>Gmail</b>, arguably the most security-conscious personal e-mail provider, and enable <a href="https://support.google.com/accounts/bin/answer.py?hl=en&answer=180744" target="_blank">two-factor authentication</a> (and preferably configure it to text you at a different phone number than that of the device you're using to check your mail).<br />
<br />
And no matter which e-mail provider you use, <b>never</b> check your e-mail or type any passwords at a public kiosk (such as those you might find at a library or hotel).<br />
<br />
Anyway, back to the hack/spam/fraud campaign...<br />
<br />
I collected information from a few different e-mails sent from my relative's hacked e-mail account and used this to begin my search. Google searches were immensely helpful in finding hacked Web sites.<br />
<br />
In total I discovered <b>366 hacked sites</b> that are currently hosting pages that usually redirect to fake Fox News sites with "articles" advertising an "HCG Ultra Drops" weight loss drug. The hacked domains hosted various files with any of <b>76 file names</b>, and these files linked to about <b>30 fake news domains</b>.<br />
<br />
<b>Those numbers are just the tip of the iceberg.</b><br />
<br />
Every time I searched Google for another of the file names, I found more file names and more fake news domains. I only did comprehensive searching of Google for <b>11 out of the 76 file names</b> before I had to force myself to call it quits (I do have a life, you know).<br />
<br />
To any budding security researchers who may want to continue my work, here are the 76 file names I'm aware of, with Google links for each one. I thoroughly searched the first 11 (the ones with an asterisk):<br />
<br />
<a href="https://encrypted.google.com/search?q=%22jjllrt.html%22" target="_blank">jjllrt.html</a>*,
<a href="https://encrypted.google.com/search?q=%22rehrt.html%22" target="_blank">rehrt.html</a>*,
<a href="https://encrypted.google.com/search?q=%22oelas.html%22" target="_blank">oelas.html</a>*,
<a href="https://encrypted.google.com/search?q=%22dofpla.html%22" target="_blank">dofpla.html</a>*,
<a href="https://encrypted.google.com/search?q=%22efkcnsd.html%22" target="_blank">efkcnsd.html</a>*,
<a href="https://encrypted.google.com/search?q=%22lkdndrb.html%22" target="_blank">lkdndrb.html</a>*,
<a href="https://encrypted.google.com/search?q=%22mdnnka.html%22" target="_blank">mdnnka.html</a>*,
<a href="https://encrypted.google.com/search?q=%22golrua.html%22" target="_blank">golrua.html</a>*,
<a href="https://encrypted.google.com/search?q=%22dfgseg.html%22" target="_blank">dfgseg.html</a>*,
<a href="https://encrypted.google.com/search?q=%22nvlauty.html%22" target="_blank">nvlauty.html</a>*,
<a href="https://encrypted.google.com/search?q=%22rumyn.html%22" target="_blank">rumyn.html</a>*,
<a href="https://encrypted.google.com/search?q=%22xxxxt.html%22" target="_blank">xxxxt.html</a>,
<a href="https://encrypted.google.com/search?q=%22xxklfd.html%22" target="_blank">xxklfd.html</a>,
<a href="https://encrypted.google.com/search?q=%22cnmasd.html%22" target="_blank">cnmasd.html</a>,
<a href="https://encrypted.google.com/search?q=%22llkdr.html%22" target="_blank">llkdr.html</a>,
<a href="https://encrypted.google.com/search?q=%22ttfbm.html%22" target="_blank">ttfbm.html</a>,
<a href="https://encrypted.google.com/search?q=%22ggtero.html%22" target="_blank">ggtero.html</a>,
<a href="https://encrypted.google.com/search?q=%22owgle.html%22" target="_blank">owgle.html</a>,
<a href="https://encrypted.google.com/search?q=%22uibjrq.html%22" target="_blank">uibjrq.html</a>,
<a href="https://encrypted.google.com/search?q=%22tstx.html%22" target="_blank">tstx.html</a>,
<a href="https://encrypted.google.com/search?q=%22dfgqp.html%22" target="_blank">dfgqp.html</a>,
<a href="https://encrypted.google.com/search?q=%22rtvea.html%22" target="_blank">rtvea.html</a>,
<a href="https://encrypted.google.com/search?q=%22weelk.html%22" target="_blank">weelk.html</a>,
<a href="https://encrypted.google.com/search?q=%22gjrhbd.html%22" target="_blank">gjrhbd.html</a>,
<a href="https://encrypted.google.com/search?q=%22pagnrk.html%22" target="_blank">pagnrk.html</a>,
<a href="https://encrypted.google.com/search?q=%22upmfks.html%22" target="_blank">upmfks.html</a>,
<a href="https://encrypted.google.com/search?q=%22polmtn.html%22" target="_blank">polmtn.html</a>,
<a href="https://encrypted.google.com/search?q=%22xntsb.html%22" target="_blank">xntsb.html</a>,
<a href="https://encrypted.google.com/search?q=%22ollsn.html%22" target="_blank">ollsn.html</a>,
<a href="https://encrypted.google.com/search?q=%22jtosag.html%22" target="_blank">jtosag.html</a>,
<a href="https://encrypted.google.com/search?q=%22olgrus.html%22" target="_blank">olgrus.html</a>,
<a href="https://encrypted.google.com/search?q=%22olgruss.html%22" target="_blank">olgruss.html</a>,
<a href="https://encrypted.google.com/search?q=%22ghehgs.html%22" target="_blank">ghehgs.html</a>,
<a href="https://encrypted.google.com/search?q=%22klang.html%22" target="_blank">klang.html</a>,
<a href="https://encrypted.google.com/search?q=%22lgkssa.html%22" target="_blank">lgkssa.html</a>,
<a href="https://encrypted.google.com/search?q=%22ptmase.html%22" target="_blank">ptmase.html</a>,
<a href="https://encrypted.google.com/search?q=%22nsdlls.html%22" target="_blank">nsdlls.html</a>,
<a href="https://encrypted.google.com/search?q=%22tyusa.html%22" target="_blank">tyusa.html</a>,
<a href="https://encrypted.google.com/search?q=%22sorrbn.html%22" target="_blank">sorrbn.html</a>,
<a href="https://encrypted.google.com/search?q=%22fhgre.html%22" target="_blank">fhgre.html</a>,
<a href="https://encrypted.google.com/search?q=%22tttt.html%22" target="_blank">tttt.html</a>,
<a href="https://encrypted.google.com/search?q=%22therpo.html%22" target="_blank">therpo.html</a>,
<a href="https://encrypted.google.com/search?q=%22wpxml.html%22" target="_blank">wpxml.html</a>,
<a href="https://encrypted.google.com/search?q=%22eadfs.html%22" target="_blank">eadfs.html</a>,
<a href="https://encrypted.google.com/search?q=%22toshy.html%22" target="_blank">toshy.html</a>,
<a href="https://encrypted.google.com/search?q=%22csndra.html%22" target="_blank">csndra.html</a>,
<a href="https://encrypted.google.com/search?q=%22dfpois.html%22" target="_blank">dfpois.html</a>,
<a href="https://encrypted.google.com/search?q=%22uimnf.html%22" target="_blank">uimnf.html</a>,
<a href="https://encrypted.google.com/search?q=%22ollfje.html%22" target="_blank">ollfje.html</a>,
<a href="https://encrypted.google.com/search?q=%22doremj.html%22" target="_blank">doremj.html</a>,
<a href="https://encrypted.google.com/search?q=%22mlllka.html%22" target="_blank">mlllka.html</a>,
<a href="https://encrypted.google.com/search?q=%22wrehge.html%22" target="_blank">wrehge.html</a>,
<a href="https://encrypted.google.com/search?q=%22jhglpd.html%22" target="_blank">jhglpd.html</a>,
<a href="https://encrypted.google.com/search?q=%22llxsa.html%22" target="_blank">llxsa.html</a>,
<a href="https://encrypted.google.com/search?q=%22ppuds.html%22" target="_blank">ppuds.html</a>,
<a href="https://encrypted.google.com/search?q=%22otldcv.html%22" target="_blank">otldcv.html</a>,
<a href="https://encrypted.google.com/search?q=%22pscda.html%22" target="_blank">pscda.html</a>,
<a href="https://encrypted.google.com/search?q=%22chopa.html%22" target="_blank">chopa.html</a>,
<a href="https://encrypted.google.com/search?q=%22hslkgs.html%22" target="_blank">hslkgs.html</a>,
<a href="https://encrypted.google.com/search?q=%22kmbre.php%22" target="_blank">kmbre.php</a>,
<a href="https://encrypted.google.com/search?q=%22oosdn.php%22" target="_blank">oosdn.php</a>,
<a href="https://encrypted.google.com/search?q=%22pprds.php%22" target="_blank">pprds.php</a>,
<a href="https://encrypted.google.com/search?q=%22phnll.html%22" target="_blank">phnll.html</a>,
<a href="https://encrypted.google.com/search?q=%22ssddl.html%22" target="_blank">ssddl.html</a>,
<a href="https://encrypted.google.com/search?q=%22xclrp.html%22" target="_blank">xclrp.html</a>,
<a href="https://encrypted.google.com/search?q=%22etropk.html%22" target="_blank">etropk.html</a>,
<a href="https://encrypted.google.com/search?q=%22resus.html%22" target="_blank">resus.html</a>,
<a href="https://encrypted.google.com/search?q=%22pgflls.html%22" target="_blank">pgflls.html</a>,
<a href="https://encrypted.google.com/search?q=%22rldka.html%22" target="_blank">rldka.html</a>,
<a href="https://encrypted.google.com/search?q=%22trifr.html%22" target="_blank">trifr.html</a>,
<a href="https://encrypted.google.com/search?q=%22vbepo.html%22" target="_blank">vbepo.html</a>,
<a href="https://encrypted.google.com/search?q=%22gmolad.html%22" target="_blank">gmolad.html</a>,
<a href="https://encrypted.google.com/search?q=%22lgkesa.html%22" target="_blank">lgkesa.html</a>,
<a href="https://encrypted.google.com/search?q=%22tjgey.html%22" target="_blank">tjgey.html</a>,
<a href="https://encrypted.google.com/search?q=%22toepr.html%22" target="_blank">toepr.html</a>,
<a href="https://encrypted.google.com/search?q=%22vvert.html%22" target="_blank">vvert.html</a><br />
<br />
<b>If you manage any Web servers, be sure to check your servers for any file names like the ones above.</b> If you find any evidence that your server has been compromised, don't merely delete the files. Assume the worst. Restore your server from a clean backup if possible, scan for rootkits and other malware (and get a second opinion, for example from <a href="http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline" target="_blank">Windows Defender Offline</a> or another antivirus boot disc), change all passwords on the server (and be sure to use good, strong, long, and unique passwords; if you need some advice, read the detailed explanations of what makes a password secure at GRC's <a href="https://www.grc.com/passwords.htm" target="_blank">perfect passwords</a> and <a href="https://www.grc.com/haystack.htm" target="_blank">password haystacks</a> pages), disable any services you don't use, and make sure all the software on the server is up-to-date and has all the latest security patches.<br />
<br />
Many of these files have at most a 14 out of 42 detection rate on VirusTotal (see the scan results for <a href="https://www.virustotal.com/file/0c9114f361b0c4fca6b95f58a40e4ec1f11c8b272e602904565a0c1b378c40e4/analysis/1342325050/" target="_blank">chopa.html</a>, <a href="https://www.virustotal.com/file/7efa7b536e31a075246e253a08beaf76c9d78e962888ba657aee94d647aed930/analysis/1342326203/" target="_blank">csndra sample 2</a>, <a href="https://www.virustotal.com/file/4143f1ba545b32608173ced95229e78453997b09f52f512d57282a103ad09110/analysis/1342319313/" target="_blank"> dfgseg.html</a>, <a href="https://www.virustotal.com/file/038d20fa2e3981d273e92801959f899cd4ff09eb4251c54ba765a536445d9167/analysis/1342325087/" target="_blank">nvlauty.html</a>, <a href="https://www.virustotal.com/file/fc1b41d535fe72845ebcead1208f02112b1d20a5b98cb7a6b7af1b760d12b519/analysis/1342325084/" target="_blank">resus.html</a>, <a href="https://www.virustotal.com/file/bda92bd8e44d13f7612b5a96a7fad44ef465bc6ff136147f304919e055c9161c/analysis/1342325117/" target="_blank">rumyn.html</a>, <a href="https://www.virustotal.com/file/e36bfa4c83a126df62f0fcd32cac2c23e2b4097fa4b4cec50066d48d191bfecc/analysis/1342327337/" target="_blank">trifr.html</a>, <a href="https://www.virustotal.com/file/8fe34a60d45c733cc16e64e69e1e57abdc79931205bebafced8dabc5e4f259d0/analysis/1342322607/" target="_blank">tstx.html sample 1</a>, <a href="https://www.virustotal.com/file/a0b643ec5dbe93e40f987b3ecab8b616f58ecb23bc2b28d8cde11ba81373a03c/analysis/1342322053/" target="_blank">tstx.html sample 2</a>). Avast, BitDefender, F-Secure, GData, Kaspersky, Norman, nProtect, and Sophos seem to offer pretty consistent detection of most files, and Antiy-ATL, Avira AntiVir, Comodo, Emsisoft, Fortinet, Ikarus, TrendMicro-HouseCall, and ViRobot have hit-or-miss detection, for these files under the following malware names:<br />
<br />
HTML:Refresher-A, HTML:Refresher-A [Trj], HTML.A.Redirector.174, HTML.A.Redirector.176.D, HTML.A.Redirector.176.E,
HTML.Refresher, HTML.Refresher!IK, HTML/Redirect.EM, HTML/Redirector.AM!tr, Redirector.FL, TROJ_GEN.RCBH1GD, TROJ_GEN.RFFH1G4, TROJ_GEN.RFFH1G5, Troj/Redir-O, Trojan.HTML.Redirector, Trojan.HTML.Redirector!IK, Trojan.HTML.Redirector.AI, Trojan.HTML.Redirector.am, Trojan/HTML.Redirector, UnclassifiedMalware, W32/Redir.O!tr<br />
<br />
Note that many popular anti-virus vendors, including but not limited to AVG, ClamAV, Dr.WEB, McAfee, Microsoft (Security Essentials, Forefront), Symantec (Norton), and Panda (Cloud Antivirus), do not currently detect the redirection files as malicious.<br />
<br />
If a victim browses to one of these pages, it will briefly display a message before redirecting, usually "You are here because one of your friends have invited you. Page loading, please wait...."<br />
<br />
I came across one file (trifr.html) with a different message: "You are here because one of your friends have invited you to try our FREE TRIAL!!! Page loading, please wait...." This page redirected to a site advertising the weight loss drug, but this time it wasn't a fake Fox News site (see the last domain in the list below).<br />
<br />
Following are the 30 fake news domains. The five with an asterisk are actually fake "7 Money News" sites with the headline "Work At Home Mum Makes $10,397/Month Part-Time" rather than fake Fox News sites with a headline of "HCG Ultra Drops to Help Your Weight Drop" like the first 25. The 31st domain listed below just advertises the weight loss drug without a fake news motif, but it was also linked from one of the files listed above. Note that these links lead to the Web of Trust reports, not the spamvertised domains themselves:<br />
<br />
<a href="https://www.mywot.com/en/scorecard/cbns24.com" target="_blank">cbns24.com</a>,
<a href="https://www.mywot.com/en/scorecard/cnm-story.com" target="_blank">cnm-story.com</a>,
<a href="https://www.mywot.com/en/scorecard/e-nbcnews.com" target="_blank">e-nbcnews.com</a>,
<a href="https://www.mywot.com/en/scorecard/estory24.com" target="_blank">estory24.com</a>,
<a href="https://www.mywot.com/en/scorecard/fxhtm.com" target="_blank">fxhtm.com</a>,
<a href="https://www.mywot.com/en/scorecard/fxnwsw.com" target="_blank">fxnwsw.com</a>,
<a href="https://www.mywot.com/en/scorecard/hcg-news-html.com" target="_blank">hcg-news-html.com</a>,
<a href="https://www.mywot.com/en/scorecard/health-news24.com" target="_blank">health-news24.com</a>,
<a href="https://www.mywot.com/en/scorecard/istory24.com" target="_blank">istory24.com</a>,
<a href="https://www.mywot.com/en/scorecard/msb-article.com" target="_blank">msb-article.com</a>,
<a href="https://www.mywot.com/en/scorecard/msbcn-story.com" target="_blank">msbcn-story.com</a>,
<a href="https://www.mywot.com/en/scorecard/msnbc-html.com" target="_blank">msnbc-html.com</a>,
<a href="https://www.mywot.com/en/scorecard/nbcws24.com" target="_blank">nbcws24.com</a>,
<a href="https://www.mywot.com/en/scorecard/nbsn24.com" target="_blank">nbsn24.com</a>,
<a href="https://www.mywot.com/en/scorecard/nbsw24.com" target="_blank">nbsw24.com</a>,
<a href="https://www.mywot.com/en/scorecard/new-article24.com" target="_blank">new-article24.com</a>,
<a href="https://www.mywot.com/en/scorecard/new-story24.com" target="_blank">new-story24.com</a>,
<a href="https://www.mywot.com/en/scorecard/news-article24.com" target="_blank">news-article24.com</a>,
<a href="https://www.mywot.com/en/scorecard/news-story24.com" target="_blank">news-story24.com</a>,
<a href="https://www.mywot.com/en/scorecard/news861.com" target="_blank">news861.com</a>,
<a href="https://www.mywot.com/en/scorecard/news981.com" target="_blank">news981.com</a>,
<a href="https://www.mywot.com/en/scorecard/newsfxhtml.com" target="_blank">newsfxhtml.com</a>,
<a href="https://www.mywot.com/en/scorecard/nmbs24.com" target="_blank">nmbs24.com</a>,
<a href="https://www.mywot.com/en/scorecard/online-article24.com" target="_blank">online-article24.com</a>,
<a href="https://www.mywot.com/en/scorecard/online-story24.com" target="_blank">online-story24.com</a>,
<a href="https://www.mywot.com/en/scorecard/blognewsguide.ru" target="_blank">blognewsguide.ru</a>*,
<a href="https://www.mywot.com/en/scorecard/weeknewssite.ru" target="_blank">weeknewssite.ru</a>*,
<a href="https://www.mywot.com/en/scorecard/allhotinfo.net" target="_blank">allhotinfo.net</a>*,
<a href="https://www.mywot.com/en/scorecard/goodnewschannels.com" target="_blank">goodnewschannels.com</a>*,
<a href="https://www.mywot.com/en/scorecard/jobnewssite.org" target="_blank">jobnewssite.org</a>*,
<a href="https://www.mywot.com/en/scorecard/nopfo.ru" target="_blank">nopfo.ru</a> <br />
<br />
Here are the 366 hacked domains that are currently hosting one or more of the files listed above. Again, these are links to Web of Trust reports, not the hacked domains themselves:<br />
<br />
<span style="font-size: x-small;" target="_blank"><a href="https://www.mywot.com/en/scorecard/00host.com.ar" target="_blank">00host.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/1in0.com.hk" target="_blank">1in0.com.hk</a>,
<a href="https://www.mywot.com/en/scorecard/2lava.com" target="_blank">2lava.com</a>,
<a href="https://www.mywot.com/en/scorecard/904.gr" target="_blank">904.gr</a>,
<a href="https://www.mywot.com/en/scorecard/acetocaustin.bg" target="_blank">acetocaustin.bg</a>,
<a href="https://www.mywot.com/en/scorecard/adagma.cz" target="_blank">adagma.cz</a>,
<a href="https://www.mywot.com/en/scorecard/adcv.co.za" target="_blank">adcv.co.za</a>,
<a href="https://www.mywot.com/en/scorecard/adultblogfriend.com" target="_blank">adultblogfriend.com</a>,
<a href="https://www.mywot.com/en/scorecard/adventureparts.pl" target="_blank">adventureparts.pl</a>,
<a href="https://www.mywot.com/en/scorecard/advimp.clanteam.com" target="_blank">advimp.clanteam.com</a>,
<a href="https://www.mywot.com/en/scorecard/agenziaideaimmobiliare.com" target="_blank">agenziaideaimmobiliare.com</a>,
<a href="https://www.mywot.com/en/scorecard/agitadf.com" target="_blank">agitadf.com</a>,
<a href="https://www.mywot.com/en/scorecard/aidafrozen.com" target="_blank">aidafrozen.com</a>,
<a href="https://www.mywot.com/en/scorecard/aietnrt.in" target="_blank">aietnrt.in</a>,
<a href="https://www.mywot.com/en/scorecard/aikidomurskasobota.com" target="_blank">aikidomurskasobota.com</a>,
<a href="https://www.mywot.com/en/scorecard/airjamaicacheaptickets.com.jm" target="_blank">airjamaicacheaptickets.com.jm</a>,
<a href="https://www.mywot.com/en/scorecard/akssas.com" target="_blank">akssas.com</a>,
<a href="https://www.mywot.com/en/scorecard/aladenise-demezicq.fr" target="_blank">aladenise-demezicq.fr</a>,
<a href="https://www.mywot.com/en/scorecard/alfader.es" target="_blank">alfader.es</a>,
<a href="https://www.mywot.com/en/scorecard/alians-chemicals.rs" target="_blank">alians-chemicals.rs</a>,
<a href="https://www.mywot.com/en/scorecard/ancos.es" target="_blank">ancos.es</a>,
<a href="https://www.mywot.com/en/scorecard/aoleitechocolateria.com.br" target="_blank">aoleitechocolateria.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/archlabs.net" target="_blank">archlabs.net</a>,
<a href="https://www.mywot.com/en/scorecard/argentinetangousa.com" target="_blank">argentinetangousa.com</a>,
<a href="https://www.mywot.com/en/scorecard/arimaheena.com" target="_blank">arimaheena.com</a>,
<a href="https://www.mywot.com/en/scorecard/artemfurniture.com" target="_blank">artemfurniture.com</a>,
<a href="https://www.mywot.com/en/scorecard/artfarce.co.uk" target="_blank">artfarce.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/arunmathews.com" target="_blank">arunmathews.com</a>,
<a href="https://www.mywot.com/en/scorecard/assignmentmanager.com" target="_blank">assignmentmanager.com</a>,
<a href="https://www.mywot.com/en/scorecard/ayurvediclife.in" target="_blank">ayurvediclife.in</a>,
<a href="https://www.mywot.com/en/scorecard/bag-iw.com" target="_blank">bag-iw.com</a>,
<a href="https://www.mywot.com/en/scorecard/barcello.xf.cz" target="_blank">barcello.xf.cz</a>,
<a href="https://www.mywot.com/en/scorecard/batanghari.net" target="_blank">batanghari.net</a>,
<a href="https://www.mywot.com/en/scorecard/baz.cl" target="_blank">baz.cl</a>,
<a href="https://www.mywot.com/en/scorecard/bestplugs.com" target="_blank">bestplugs.com</a>,
<a href="https://www.mywot.com/en/scorecard/betterpractice.athost.net" target="_blank">betterpractice.athost.net</a>,
<a href="https://www.mywot.com/en/scorecard/bfab.writerbin.com" target="_blank">bfab.writerbin.com</a>,
<a href="https://www.mywot.com/en/scorecard/bickmart.com" target="_blank">bickmart.com</a>,
<a href="https://www.mywot.com/en/scorecard/bid4hunting.com" target="_blank">bid4hunting.com</a>,
<a href="https://www.mywot.com/en/scorecard/bigmoemedia.com" target="_blank">bigmoemedia.com</a>,
<a href="https://www.mywot.com/en/scorecard/bizgramonline.com" target="_blank">bizgramonline.com</a>,
<a href="https://www.mywot.com/en/scorecard/bizsuccess.co.za" target="_blank">bizsuccess.co.za</a>,
<a href="https://www.mywot.com/en/scorecard/bkmlsz.hu" target="_blank">bkmlsz.hu</a>,
<a href="https://www.mywot.com/en/scorecard/blue-raincoat.com" target="_blank">blue-raincoat.com</a>,
<a href="https://www.mywot.com/en/scorecard/bootvets.co.uk" target="_blank">bootvets.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/bosch.opole.pl" target="_blank">bosch.opole.pl</a>,
<a href="https://www.mywot.com/en/scorecard/bukat.pl" target="_blank">bukat.pl</a>,
<a href="https://www.mywot.com/en/scorecard/bumireksa.com" target="_blank">bumireksa.com</a>,
<a href="https://www.mywot.com/en/scorecard/bworldnepal.com" target="_blank">bworldnepal.com</a>,
<a href="https://www.mywot.com/en/scorecard/caodangnghekg.edu.vn" target="_blank">caodangnghekg.edu.vn</a>,
<a href="https://www.mywot.com/en/scorecard/car.galaxyconnections.com" target="_blank">car.galaxyconnections.com</a>,
<a href="https://www.mywot.com/en/scorecard/carey.cl" target="_blank">carey.cl</a>,
<a href="https://www.mywot.com/en/scorecard/cas.co.id" target="_blank">cas.co.id</a>,
<a href="https://www.mywot.com/en/scorecard/cbspevc.com" target="_blank">cbspevc.com</a>,
<a href="https://www.mywot.com/en/scorecard/centrum-narzedziowe.pl" target="_blank">centrum-narzedziowe.pl</a>,
<a href="https://www.mywot.com/en/scorecard/ceynet.com" target="_blank">ceynet.com</a>,
<a href="https://www.mywot.com/en/scorecard/chanfainita.com" target="_blank">chanfainita.com</a>,
<a href="https://www.mywot.com/en/scorecard/chicas-con-cam.com" target="_blank">chicas-con-cam.com</a>,
<a href="https://www.mywot.com/en/scorecard/chinnies.nl" target="_blank">chinnies.nl</a>,
<a href="https://www.mywot.com/en/scorecard/cipa.uem.br" target="_blank">cipa.uem.br</a>,
<a href="https://www.mywot.com/en/scorecard/cityspots.ro" target="_blank">cityspots.ro</a>,
<a href="https://www.mywot.com/en/scorecard/ciudadcamiseta.com" target="_blank">ciudadcamiseta.com</a>,
<a href="https://www.mywot.com/en/scorecard/cmi7.fr" target="_blank">cmi7.fr</a>,
<a href="https://www.mywot.com/en/scorecard/coamalaga.es" target="_blank">coamalaga.es</a>,
<a href="https://www.mywot.com/en/scorecard/columbus-i.com" target="_blank">columbus-i.com</a>,
<a href="https://www.mywot.com/en/scorecard/coracyt.gob.mx" target="_blank">coracyt.gob.mx</a>,
<a href="https://www.mywot.com/en/scorecard/corsaracingteam.com.ar" target="_blank">corsaracingteam.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/cosmeticsurgery-thailand.com" target="_blank">cosmeticsurgery-thailand.com</a>,
<a href="https://www.mywot.com/en/scorecard/csivietnam.com" target="_blank">csivietnam.com</a>,
<a href="https://www.mywot.com/en/scorecard/customcar.fr" target="_blank">customcar.fr</a>,
<a href="https://www.mywot.com/en/scorecard/cztorrent.tym.cz" target="_blank">cztorrent.tym.cz</a>,
<a href="https://www.mywot.com/en/scorecard/d155415.si32.rehost.co.il" target="_blank">d155415.si32.rehost.co.il</a>,
<a href="https://www.mywot.com/en/scorecard/da-marcello.eu" target="_blank">da-marcello.eu</a>,
<a href="https://www.mywot.com/en/scorecard/darzgrzyb.nazwa.pl" target="_blank">darzgrzyb.nazwa.pl</a>,
<a href="https://www.mywot.com/en/scorecard/daser.gr" target="_blank">daser.gr</a>,
<a href="https://www.mywot.com/en/scorecard/dav14gurgaon.org" target="_blank">dav14gurgaon.org</a>,
<a href="https://www.mywot.com/en/scorecard/dawidadesign.cba.pl" target="_blank">dawidadesign.cba.pl</a>,
<a href="https://www.mywot.com/en/scorecard/dazzle-fashion.nl" target="_blank">dazzle-fashion.nl</a>,
<a href="https://www.mywot.com/en/scorecard/deepikainfratech.com" target="_blank">deepikainfratech.com</a>,
<a href="https://www.mywot.com/en/scorecard/demo.aragorn.in" target="_blank">demo.aragorn.in</a>,
<a href="https://www.mywot.com/en/scorecard/dfvisions.com" target="_blank">dfvisions.com</a>,
<a href="https://www.mywot.com/en/scorecard/dialogv.coeus-solutions.de" target="_blank">dialogv.coeus-solutions.de</a>,
<a href="https://www.mywot.com/en/scorecard/diplomat-c.com" target="_blank">diplomat-c.com</a>,
<a href="https://www.mywot.com/en/scorecard/diyanetvanegitim.gov.tr" target="_blank">diyanetvanegitim.gov.tr</a> (a Turkey government domain... whoops),
<a href="https://www.mywot.com/en/scorecard/dmn.rs" target="_blank">dmn.rs</a>,
<a href="https://www.mywot.com/en/scorecard/donaueinkaufszentrum.com" target="_blank">donaueinkaufszentrum.com</a>,
<a href="https://www.mywot.com/en/scorecard/dottystylecreative.com" target="_blank">dottystylecreative.com</a>,
<a href="https://www.mywot.com/en/scorecard/drevovyrobafiala.ic.cz" target="_blank">drevovyrobafiala.ic.cz</a>,
<a href="https://www.mywot.com/en/scorecard/dropyourtalent.com" target="_blank">dropyourtalent.com</a>,
<a href="https://www.mywot.com/en/scorecard/dsconsulting.cba.pl" target="_blank">dsconsulting.cba.pl</a>,
<a href="https://www.mywot.com/en/scorecard/dtc.com.kw" target="_blank">dtc.com.kw</a>,
<a href="https://www.mywot.com/en/scorecard/dual-sport-gaming.com" target="_blank">dual-sport-gaming.com</a>,
<a href="https://www.mywot.com/en/scorecard/dulachotel.gr" target="_blank">dulachotel.gr</a>,
<a href="https://www.mywot.com/en/scorecard/dulichquoctehanoi.com" target="_blank">dulichquoctehanoi.com</a>,
<a href="https://www.mywot.com/en/scorecard/edicionescuevacarrionabogados.com" target="_blank">edicionescuevacarrionabogados.com</a>,
<a href="https://www.mywot.com/en/scorecard/educareseguros.com.br" target="_blank">educareseguros.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/efesertekstil.com" target="_blank">efesertekstil.com</a>,
<a href="https://www.mywot.com/en/scorecard/eicorp.rs" target="_blank">eicorp.rs</a>,
<a href="https://www.mywot.com/en/scorecard/ela2006.com" target="_blank">ela2006.com</a>,
<a href="https://www.mywot.com/en/scorecard/elpais.co.cr" target="_blank">elpais.co.cr</a>,
<a href="https://www.mywot.com/en/scorecard/embassyinnbd.com" target="_blank">embassyinnbd.com</a>,
<a href="https://www.mywot.com/en/scorecard/emka.xaa.pl" target="_blank">emka.xaa.pl</a>,
<a href="https://www.mywot.com/en/scorecard/en.bakai.kg" target="_blank">en.bakai.kg</a>,
<a href="https://www.mywot.com/en/scorecard/endamhotels.com" target="_blank">endamhotels.com</a>,
<a href="https://www.mywot.com/en/scorecard/espera2000.de" target="_blank">espera2000.de</a>,
<a href="https://www.mywot.com/en/scorecard/estalagemdonpablo.com" target="_blank">estalagemdonpablo.com</a>,
<a href="https://www.mywot.com/en/scorecard/estudiopuntocaiman.com" target="_blank">estudiopuntocaiman.com</a>,
<a href="https://www.mywot.com/en/scorecard/etaton.com" target="_blank">etaton.com</a>,
<a href="https://www.mywot.com/en/scorecard/exemplar.it" target="_blank">exemplar.it</a>,
<a href="https://www.mywot.com/en/scorecard/extuned.com" target="_blank">extuned.com</a>,
<a href="https://www.mywot.com/en/scorecard/falcon07.com" target="_blank">falcon07.com</a>,
<a href="https://www.mywot.com/en/scorecard/fan.org.ec" target="_blank">fan.org.ec</a>,
<a href="https://www.mywot.com/en/scorecard/fcdl-rs.com.br" target="_blank">fcdl-rs.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/ferrysirait.web.ugm.ac.id" target="_blank">ferrysirait.web.ugm.ac.id</a>,
<a href="https://www.mywot.com/en/scorecard/figarobuilders.com" target="_blank">figarobuilders.com</a>,
<a href="https://www.mywot.com/en/scorecard/files.karamellasa.gr" target="_blank">files.karamellasa.gr</a>,
<a href="https://www.mywot.com/en/scorecard/firmaquick.com" target="_blank">firmaquick.com</a>,
<a href="https://www.mywot.com/en/scorecard/fittedkitchens-rotherham.co.uk" target="_blank">fittedkitchens-rotherham.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/furnituremerchants.co.za" target="_blank">furnituremerchants.co.za</a>,
<a href="https://www.mywot.com/en/scorecard/galaxyconnections.com" target="_blank">galaxyconnections.com</a>,
<a href="https://www.mywot.com/en/scorecard/galeriehk.cz" target="_blank">galeriehk.cz</a>,
<a href="https://www.mywot.com/en/scorecard/genwest.com.cn" target="_blank">genwest.com.cn</a>,
<a href="https://www.mywot.com/en/scorecard/glenwoodmicro.com" target="_blank">glenwoodmicro.com</a>,
<a href="https://www.mywot.com/en/scorecard/goldcoastmarine.com" target="_blank">goldcoastmarine.com</a>,
<a href="https://www.mywot.com/en/scorecard/gourmetservicesinc.com" target="_blank">gourmetservicesinc.com</a>,
<a href="https://www.mywot.com/en/scorecard/gtoil.com.br" target="_blank">gtoil.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/guerrillapro.com" target="_blank">guerrillapro.com</a>,
<a href="https://www.mywot.com/en/scorecard/gulfmatesolutions.com" target="_blank">gulfmatesolutions.com</a>,
<a href="https://www.mywot.com/en/scorecard/gym-sprossenwand.de" target="_blank">gym-sprossenwand.de</a>,
<a href="https://www.mywot.com/en/scorecard/hafidabdeddaim.eu" target="_blank">hafidabdeddaim.eu</a>,
<a href="https://www.mywot.com/en/scorecard/hamidashirakuen.web.fc2.com" target="_blank">hamidashirakuen.web.fc2.com</a>,
<a href="https://www.mywot.com/en/scorecard/hazipvc.com" target="_blank">hazipvc.com</a>,
<a href="https://www.mywot.com/en/scorecard/hearthpatio.com" target="_blank">hearthpatio.com</a>,
<a href="https://www.mywot.com/en/scorecard/heatexinfotech.com" target="_blank">heatexinfotech.com</a>,
<a href="https://www.mywot.com/en/scorecard/helicopeter.at" target="_blank">helicopeter.at</a>,
<a href="https://www.mywot.com/en/scorecard/hi-tektraining.com" target="_blank">hi-tektraining.com</a>,
<a href="https://www.mywot.com/en/scorecard/holpnet.com" target="_blank">holpnet.com</a>,
<a href="https://www.mywot.com/en/scorecard/hostsecureserver.com" target="_blank">hostsecureserver.com</a>,
<a href="https://www.mywot.com/en/scorecard/hotelinkingstonjamaica.com.jm" target="_blank">hotelinkingstonjamaica.com.jm</a>,
<a href="https://www.mywot.com/en/scorecard/hulibuli.com" target="_blank">hulibuli.com</a>,
<a href="https://www.mywot.com/en/scorecard/ic-argentina.com.ar" target="_blank">ic-argentina.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/id7ak.com" target="_blank">id7ak.com</a>,
<a href="https://www.mywot.com/en/scorecard/idesign-london.co.uk" target="_blank">idesign-london.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/ids.co.id" target="_blank">ids.co.id</a>,
<a href="https://www.mywot.com/en/scorecard/ifldubai.com" target="_blank">ifldubai.com</a>,
<a href="https://www.mywot.com/en/scorecard/ikatdoo.com" target="_blank">ikatdoo.com</a>,
<a href="https://www.mywot.com/en/scorecard/image.athanael.com" target="_blank">image.athanael.com</a>,
<a href="https://www.mywot.com/en/scorecard/indiapropertyratings.com" target="_blank">indiapropertyratings.com</a>,
<a href="https://www.mywot.com/en/scorecard/infoardis.com" target="_blank">infoardis.com</a>,
<a href="https://www.mywot.com/en/scorecard/inmotion.com.mx" target="_blank">inmotion.com.mx</a>,
<a href="https://www.mywot.com/en/scorecard/insearchofwealth.com" target="_blank">insearchofwealth.com</a>,
<a href="https://www.mywot.com/en/scorecard/institutoresearch.com.ar" target="_blank">institutoresearch.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/investors-europe.com" target="_blank">investors-europe.com</a>,
<a href="https://www.mywot.com/en/scorecard/ishanusa.com" target="_blank">ishanusa.com</a>,
<a href="https://www.mywot.com/en/scorecard/islamlecture.com" target="_blank">islamlecture.com</a>,
<a href="https://www.mywot.com/en/scorecard/itwfinishing.com.cn" target="_blank">itwfinishing.com.cn</a>,
<a href="https://www.mywot.com/en/scorecard/jandsarchitects.com" target="_blank">jandsarchitects.com</a>,
<a href="https://www.mywot.com/en/scorecard/janhaviconstructions.com" target="_blank">janhaviconstructions.com</a>,
<a href="https://www.mywot.com/en/scorecard/jannuslive.tv" target="_blank">jannuslive.tv</a>,
<a href="https://www.mywot.com/en/scorecard/jeanpaul.ca" target="_blank">jeanpaul.ca</a>,
<a href="https://www.mywot.com/en/scorecard/jeanveer.pl" target="_blank">jeanveer.pl</a>,
<a href="https://www.mywot.com/en/scorecard/jedynka.zgora.pl" target="_blank">jedynka.zgora.pl</a>,
<a href="https://www.mywot.com/en/scorecard/jeugdennatuurmaasbree.nl" target="_blank">jeugdennatuurmaasbree.nl</a>,
<a href="https://www.mywot.com/en/scorecard/jlinox.com.br" target="_blank">jlinox.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/josmutsaers.nl" target="_blank">josmutsaers.nl</a>,
<a href="https://www.mywot.com/en/scorecard/jponcet.net" target="_blank">jponcet.net</a>,
<a href="https://www.mywot.com/en/scorecard/junjun4416.web.fc2.com" target="_blank">junjun4416.web.fc2.com</a>,
<a href="https://www.mywot.com/en/scorecard/kassor.com" target="_blank">kassor.com</a>,
<a href="https://www.mywot.com/en/scorecard/kekavasprojekts.lv" target="_blank">kekavasprojekts.lv</a>,
<a href="https://www.mywot.com/en/scorecard/kenyarad.com" target="_blank">kenyarad.com</a>,
<a href="https://www.mywot.com/en/scorecard/kikkoman.com.cn" target="_blank">kikkoman.com.cn</a>,
<a href="https://www.mywot.com/en/scorecard/kmdcompany.com" target="_blank">kmdcompany.com</a>,
<a href="https://www.mywot.com/en/scorecard/kobesweetsfarm.ciao.jp" target="_blank">kobesweetsfarm.ciao.jp</a>,
<a href="https://www.mywot.com/en/scorecard/kpoli.com" target="_blank">kpoli.com</a>,
<a href="https://www.mywot.com/en/scorecard/kpp-test.xf.cz" target="_blank">kpp-test.xf.cz</a>,
<a href="https://www.mywot.com/en/scorecard/krystynagoss.pl" target="_blank">krystynagoss.pl</a>,
<a href="https://www.mywot.com/en/scorecard/laboratoriosantalucia.com" target="_blank">laboratoriosantalucia.com</a>,
<a href="https://www.mywot.com/en/scorecard/laboratoriowasser.com.ar" target="_blank">laboratoriowasser.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/lackliebhaber.de" target="_blank">lackliebhaber.de</a>,
<a href="https://www.mywot.com/en/scorecard/ladycroft-tuning.webzdarma.cz" target="_blank">ladycroft-tuning.webzdarma.cz</a>,
<a href="https://www.mywot.com/en/scorecard/lammasrl.com" target="_blank">lammasrl.com</a>,
<a href="https://www.mywot.com/en/scorecard/larecredescavaliers.fr" target="_blank">larecredescavaliers.fr</a>,
<a href="https://www.mywot.com/en/scorecard/lasal.com" target="_blank">lasal.com</a>,
<a href="https://www.mywot.com/en/scorecard/link-scotland.co.uk" target="_blank">link-scotland.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/ljhproperty.com" target="_blank">ljhproperty.com</a>,
<a href="https://www.mywot.com/en/scorecard/lordelmusique.com" target="_blank">lordelmusique.com</a>,
<a href="https://www.mywot.com/en/scorecard/loreal.cat" target="_blank">loreal.cat</a>,
<a href="https://www.mywot.com/en/scorecard/ltamarketing.com" target="_blank">ltamarketing.com</a>,
<a href="https://www.mywot.com/en/scorecard/lyricgroup.com.bd" target="_blank">lyricgroup.com.bd</a>,
<a href="https://www.mywot.com/en/scorecard/maapro.it" target="_blank">maapro.it</a>,
<a href="https://www.mywot.com/en/scorecard/macafe.com.mx" target="_blank">macafe.com.mx</a>,
<a href="https://www.mywot.com/en/scorecard/magazynboom.com" target="_blank">magazynboom.com</a>,
<a href="https://www.mywot.com/en/scorecard/magzimpel.com" target="_blank">magzimpel.com</a>,
<a href="https://www.mywot.com/en/scorecard/makscafe.com" target="_blank">makscafe.com</a>,
<a href="https://www.mywot.com/en/scorecard/mal.ba" target="_blank">mal.ba</a>,
<a href="https://www.mywot.com/en/scorecard/malteseclock.com" target="_blank">malteseclock.com</a>,
<a href="https://www.mywot.com/en/scorecard/maquettes.alteo.fr" target="_blank">maquettes.alteo.fr</a>,
<a href="https://www.mywot.com/en/scorecard/marhefka.najlepsza.pl" target="_blank">marhefka.najlepsza.pl</a>,
<a href="https://www.mywot.com/en/scorecard/markaolustur.com" target="_blank">markaolustur.com</a>,
<a href="https://www.mywot.com/en/scorecard/mbhsband.com" target="_blank">mbhsband.com</a>,
<a href="https://www.mywot.com/en/scorecard/mdpighana.org" target="_blank">mdpighana.org</a>,
<a href="https://www.mywot.com/en/scorecard/mediamodedesign.com" target="_blank">mediamodedesign.com</a>,
<a href="https://www.mywot.com/en/scorecard/medikumokymai.lt" target="_blank">medikumokymai.lt</a>,
<a href="https://www.mywot.com/en/scorecard/medioscomunitarios.org" target="_blank">medioscomunitarios.org</a>,
<a href="https://www.mywot.com/en/scorecard/mejores-webcams.com" target="_blank">mejores-webcams.com</a>,
<a href="https://www.mywot.com/en/scorecard/meljin.co.za" target="_blank">meljin.co.za</a>,
<a href="https://www.mywot.com/en/scorecard/merapublications.com" target="_blank">merapublications.com</a>,
<a href="https://www.mywot.com/en/scorecard/meremichele.com" target="_blank">meremichele.com</a>,
<a href="https://www.mywot.com/en/scorecard/metrostartech.com" target="_blank">metrostartech.com</a>,
<a href="https://www.mywot.com/en/scorecard/mfaraj57.dreamoem.net" target="_blank">mfaraj57.dreamoem.net</a>,
<a href="https://www.mywot.com/en/scorecard/mgttransport.com" target="_blank">mgttransport.com</a>,
<a href="https://www.mywot.com/en/scorecard/minauto.com.br" target="_blank">minauto.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/miroloinmobiliaria.com.ar" target="_blank">miroloinmobiliaria.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/mixman.wifiwork.net" target="_blank">mixman.wifiwork.net</a>,
<a href="https://www.mywot.com/en/scorecard/mobo.cn" target="_blank">mobo.cn</a>,
<a href="https://www.mywot.com/en/scorecard/modular-infotech.com" target="_blank">modular-infotech.com</a>,
<a href="https://www.mywot.com/en/scorecard/montmartreartstudio.com" target="_blank">montmartreartstudio.com</a>,
<a href="https://www.mywot.com/en/scorecard/morepix.de" target="_blank">morepix.de</a>,
<a href="https://www.mywot.com/en/scorecard/muhibbah.com" target="_blank">muhibbah.com</a>,
<a href="https://www.mywot.com/en/scorecard/multiintegra.co.id" target="_blank">multiintegra.co.id</a>,
<a href="https://www.mywot.com/en/scorecard/munjiza.com" target="_blank">munjiza.com</a>,
<a href="https://www.mywot.com/en/scorecard/mvch.co.uk" target="_blank">mvch.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/mybandar.com" target="_blank">mybandar.com</a>,
<a href="https://www.mywot.com/en/scorecard/myreclinershop.com" target="_blank">myreclinershop.com</a>,
<a href="https://www.mywot.com/en/scorecard/naphthachem.com" target="_blank">naphthachem.com</a>,
<a href="https://www.mywot.com/en/scorecard/naszsochaczew.pl" target="_blank">naszsochaczew.pl</a>,
<a href="https://www.mywot.com/en/scorecard/nationalinjuryadviceline.co.uk" target="_blank">nationalinjuryadviceline.co.uk</a>,
<a href="https://www.mywot.com/en/scorecard/navitrolla.ee" target="_blank">navitrolla.ee</a>,
<a href="https://www.mywot.com/en/scorecard/neoproyectos.com.ar" target="_blank">neoproyectos.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/networkingquotient.com" target="_blank">networkingquotient.com</a>,
<a href="https://www.mywot.com/en/scorecard/newdigm.com" target="_blank">newdigm.com</a>,
<a href="https://www.mywot.com/en/scorecard/nicolassiah.com" target="_blank">nicolassiah.com</a>,
<a href="https://www.mywot.com/en/scorecard/night-skies.fr" target="_blank">night-skies.fr</a>,
<a href="https://www.mywot.com/en/scorecard/norfaiz.com" target="_blank">norfaiz.com</a>,
<a href="https://www.mywot.com/en/scorecard/nuovo.fiadic.it" target="_blank">nuovo.fiadic.it</a>,
<a href="https://www.mywot.com/en/scorecard/offshoregamedevelopment.com" target="_blank">offshoregamedevelopment.com</a>,
<a href="https://www.mywot.com/en/scorecard/oknomax.home.pl" target="_blank">oknomax.home.pl</a>,
<a href="https://www.mywot.com/en/scorecard/okutanmaden.com" target="_blank">okutanmaden.com</a>,
<a href="https://www.mywot.com/en/scorecard/omr.co.in" target="_blank">omr.co.in</a>,
<a href="https://www.mywot.com/en/scorecard/omshantiinfotech.in" target="_blank">omshantiinfotech.in</a>,
<a href="https://www.mywot.com/en/scorecard/onoil.cn" target="_blank">onoil.cn</a>,
<a href="https://www.mywot.com/en/scorecard/orixe.org" target="_blank">orixe.org</a>,
<a href="https://www.mywot.com/en/scorecard/oudeboeken.be" target="_blank">oudeboeken.be</a>,
<a href="https://www.mywot.com/en/scorecard/ourgreen.co.th" target="_blank">ourgreen.co.th</a>,
<a href="https://www.mywot.com/en/scorecard/ozbekhacimalzemeleri.com" target="_blank">ozbekhacimalzemeleri.com</a>,
<a href="https://www.mywot.com/en/scorecard/pandaro3.web.fc2.com" target="_blank">pandaro3.web.fc2.com</a>,
<a href="https://www.mywot.com/en/scorecard/paweldrag.cba.pl" target="_blank">paweldrag.cba.pl</a>,
<a href="https://www.mywot.com/en/scorecard/pedronassif.com.br" target="_blank">pedronassif.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/peet.pl" target="_blank">peet.pl</a>,
<a href="https://www.mywot.com/en/scorecard/pennystockmania.com" target="_blank">pennystockmania.com</a>,
<a href="https://www.mywot.com/en/scorecard/per-modum.home.pl" target="_blank">per-modum.home.pl</a>,
<a href="https://www.mywot.com/en/scorecard/percsizoltan.hu" target="_blank">percsizoltan.hu</a>,
<a href="https://www.mywot.com/en/scorecard/photographie-der-sinnlichkeit.de" target="_blank">photographie-der-sinnlichkeit.de</a>,
<a href="https://www.mywot.com/en/scorecard/phototopoparts.com" target="_blank">phototopoparts.com</a>,
<a href="https://www.mywot.com/en/scorecard/pneumatica.com.pl" target="_blank">pneumatica.com.pl</a>,
<a href="https://www.mywot.com/en/scorecard/polart.asso.fr" target="_blank">polart.asso.fr</a>,
<a href="https://www.mywot.com/en/scorecard/portalsolucoeste.com.br" target="_blank">portalsolucoeste.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/practicumecheyde.comlu.com" target="_blank">practicumecheyde.comlu.com</a>,
<a href="https://www.mywot.com/en/scorecard/promo-bon.be" target="_blank">promo-bon.be</a>,
<a href="https://www.mywot.com/en/scorecard/promo-mailing.com" target="_blank">promo-mailing.com</a>,
<a href="https://www.mywot.com/en/scorecard/propaganda.civ.pl" target="_blank">propaganda.civ.pl</a>,
<a href="https://www.mywot.com/en/scorecard/propetrol.com.do" target="_blank">propetrol.com.do</a>,
<a href="https://www.mywot.com/en/scorecard/prosystem.home.pl" target="_blank">prosystem.home.pl</a>,
<a href="https://www.mywot.com/en/scorecard/pslcnp.pl" target="_blank">pslcnp.pl</a>,
<a href="https://www.mywot.com/en/scorecard/putricinta.com" target="_blank">putricinta.com</a>,
<a href="https://www.mywot.com/en/scorecard/quickfix.uuuq.com" target="_blank">quickfix.uuuq.com</a>,
<a href="https://www.mywot.com/en/scorecard/quintaalemar.com" target="_blank">quintaalemar.com</a>,
<a href="https://www.mywot.com/en/scorecard/redesistemas.com" target="_blank">redesistemas.com</a>,
<a href="https://www.mywot.com/en/scorecard/redlayerproduction.com" target="_blank">redlayerproduction.com</a>,
<a href="https://www.mywot.com/en/scorecard/resalahnet.com" target="_blank">resalahnet.com</a>,
<a href="https://www.mywot.com/en/scorecard/revistaxalapan.com" target="_blank">revistaxalapan.com</a>,
<a href="https://www.mywot.com/en/scorecard/ristorantezummohren.de" target="_blank">ristorantezummohren.de</a>,
<a href="https://www.mywot.com/en/scorecard/rizjayasejati.com" target="_blank">rizjayasejati.com</a>,
<a href="https://www.mywot.com/en/scorecard/robbertschipper.nl" target="_blank">robbertschipper.nl</a>,
<a href="https://www.mywot.com/en/scorecard/rockinchiado.com" target="_blank">rockinchiado.com</a>,
<a href="https://www.mywot.com/en/scorecard/rojam2u.biz" target="_blank">rojam2u.biz</a>,
<a href="https://www.mywot.com/en/scorecard/rotexmalhas.com" target="_blank">rotexmalhas.com</a>,
<a href="https://www.mywot.com/en/scorecard/rotinagroup.com" target="_blank">rotinagroup.com</a>,
<a href="https://www.mywot.com/en/scorecard/rowerychrzanow.pl" target="_blank">rowerychrzanow.pl</a>,
<a href="https://www.mywot.com/en/scorecard/rsdeltasurya.com" target="_blank">rsdeltasurya.com</a>,
<a href="https://www.mywot.com/en/scorecard/rus.ctn.com.kg" target="_blank">rus.ctn.com.kg</a>,
<a href="https://www.mywot.com/en/scorecard/sacramentotherapy.com" target="_blank">sacramentotherapy.com</a>,
<a href="https://www.mywot.com/en/scorecard/saintbernadettechurch.com" target="_blank">saintbernadettechurch.com</a>,
<a href="https://www.mywot.com/en/scorecard/saintfrancisfoundation.org" target="_blank">saintfrancisfoundation.org</a>,
<a href="https://www.mywot.com/en/scorecard/saudi-dev.com" target="_blank">saudi-dev.com</a>,
<a href="https://www.mywot.com/en/scorecard/savak.com.tr" target="_blank">savak.com.tr</a>,
<a href="https://www.mywot.com/en/scorecard/saykus.info" target="_blank">saykus.info</a>,
<a href="https://www.mywot.com/en/scorecard/schyzosoft.net" target="_blank">schyzosoft.net</a>,
<a href="https://www.mywot.com/en/scorecard/sengteck.com" target="_blank">sengteck.com</a>,
<a href="https://www.mywot.com/en/scorecard/senioridependencia.com" target="_blank">senioridependencia.com</a>,
<a href="https://www.mywot.com/en/scorecard/sfterezaiasi.cnet.ro" target="_blank">sfterezaiasi.cnet.ro</a>,
<a href="https://www.mywot.com/en/scorecard/sg-instruments.com" target="_blank">sg-instruments.com</a>,
<a href="https://www.mywot.com/en/scorecard/sgshow.com.br" target="_blank">sgshow.com.br</a>,
<a href="https://www.mywot.com/en/scorecard/shoutcamp.com" target="_blank">shoutcamp.com</a>,
<a href="https://www.mywot.com/en/scorecard/showbit.info" target="_blank">showbit.info</a>,
<a href="https://www.mywot.com/en/scorecard/shreeguruvision.com" target="_blank">shreeguruvision.com</a>,
<a href="https://www.mywot.com/en/scorecard/shuqunsec.demellows.com" target="_blank">shuqunsec.demellows.com</a>,
<a href="https://www.mywot.com/en/scorecard/simonjarvis.customer.netspace.net.au" target="_blank">simonjarvis.customer.netspace.net.au</a>,
<a href="https://www.mywot.com/en/scorecard/simrad.es" target="_blank">simrad.es</a>,
<a href="https://www.mywot.com/en/scorecard/sipafilm.com" target="_blank">sipafilm.com</a>,
<a href="https://www.mywot.com/en/scorecard/sitecr.com" target="_blank">sitecr.com</a>,
<a href="https://www.mywot.com/en/scorecard/skynetplus.it" target="_blank">skynetplus.it</a>,
<a href="https://www.mywot.com/en/scorecard/smitche858.startlogic.com" target="_blank">smitche858.startlogic.com</a>,
<a href="https://www.mywot.com/en/scorecard/sniglobal.net" target="_blank">sniglobal.net</a>,
<a href="https://www.mywot.com/en/scorecard/sommeiller.it" target="_blank">sommeiller.it</a>,
<a href="https://www.mywot.com/en/scorecard/sosamazon.org" target="_blank">sosamazon.org</a>,
<a href="https://www.mywot.com/en/scorecard/sotb-orlando.com" target="_blank">sotb-orlando.com</a>,
<a href="https://www.mywot.com/en/scorecard/spanishbarfinders.com" target="_blank">spanishbarfinders.com</a>,
<a href="https://www.mywot.com/en/scorecard/spc.lt" target="_blank">spc.lt</a>,
<a href="https://www.mywot.com/en/scorecard/spniedrzwicad.h2.pl" target="_blank">spniedrzwicad.h2.pl</a>,
<a href="https://www.mywot.com/en/scorecard/spp2007.com" target="_blank">spp2007.com</a>,
<a href="https://www.mywot.com/en/scorecard/starcraft2guidetowin.com" target="_blank">starcraft2guidetowin.com</a>,
<a href="https://www.mywot.com/en/scorecard/stcogroup.net" target="_blank">stcogroup.net</a>,
<a href="https://www.mywot.com/en/scorecard/steakhouse-amigos.nl" target="_blank">steakhouse-amigos.nl</a>,
<a href="https://www.mywot.com/en/scorecard/steeltrademart.com" target="_blank">steeltrademart.com</a>,
<a href="https://www.mywot.com/en/scorecard/studiorancangimaji.com" target="_blank">studiorancangimaji.com</a>,
<a href="https://www.mywot.com/en/scorecard/subaa.com" target="_blank">subaa.com</a>,
<a href="https://www.mywot.com/en/scorecard/sugb.sakura.ne.jp" target="_blank">sugb.sakura.ne.jp</a>,
<a href="https://www.mywot.com/en/scorecard/sutbirligi.org" target="_blank">sutbirligi.org</a>,
<a href="https://www.mywot.com/en/scorecard/svf.net.in" target="_blank">svf.net.in</a>,
<a href="https://www.mywot.com/en/scorecard/swat.belasanet.sk" target="_blank">swat.belasanet.sk</a>,
<a href="https://www.mywot.com/en/scorecard/swolfgang.de" target="_blank">swolfgang.de</a>,
<a href="https://www.mywot.com/en/scorecard/tafa2004.com" target="_blank">tafa2004.com</a>,
<a href="https://www.mywot.com/en/scorecard/tamsat.org.tr" target="_blank">tamsat.org.tr</a>,
<a href="https://www.mywot.com/en/scorecard/teday.org" target="_blank">teday.org</a>,
<a href="https://www.mywot.com/en/scorecard/templocalvario.com.uy" target="_blank">templocalvario.com.uy</a>,
<a href="https://www.mywot.com/en/scorecard/terapiadebiomagnetismo.com" target="_blank">terapiadebiomagnetismo.com</a>,
<a href="https://www.mywot.com/en/scorecard/theinformedpatient.in" target="_blank">theinformedpatient.in</a>,
<a href="https://www.mywot.com/en/scorecard/thependulumgrp.com" target="_blank">thependulumgrp.com</a>,
<a href="https://www.mywot.com/en/scorecard/thet.com.ar" target="_blank">thet.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/thetouchband.com" target="_blank">thetouchband.com</a>,
<a href="https://www.mywot.com/en/scorecard/tompix.se" target="_blank">tompix.se</a>,
<a href="https://www.mywot.com/en/scorecard/totalguestlist.com" target="_blank">totalguestlist.com</a>,
<a href="https://www.mywot.com/en/scorecard/travestiscam.net" target="_blank">travestiscam.net</a>,
<a href="https://www.mywot.com/en/scorecard/tresena.x-br.com" target="_blank">tresena.x-br.com</a>,
<a href="https://www.mywot.com/en/scorecard/triathletevolution.com" target="_blank">triathletevolution.com</a>,
<a href="https://www.mywot.com/en/scorecard/trimasonline.com" target="_blank">trimasonline.com</a>,
<a href="https://www.mywot.com/en/scorecard/trylonhotel.com" target="_blank">trylonhotel.com</a>,
<a href="https://www.mywot.com/en/scorecard/tus-favoritos.com.ar" target="_blank">tus-favoritos.com.ar</a>,
<a href="https://www.mywot.com/en/scorecard/twotart.com" target="_blank">twotart.com</a>,
<a href="https://www.mywot.com/en/scorecard/uniteck.net" target="_blank">uniteck.net</a>,
<a href="https://www.mywot.com/en/scorecard/universaltours.in" target="_blank">universaltours.in</a>,
<a href="https://www.mywot.com/en/scorecard/v002470.home.net.pl" target="_blank">v002470.home.net.pl</a>,
<a href="https://www.mywot.com/en/scorecard/v046809.home.net.pl" target="_blank">v046809.home.net.pl</a>,
<a href="https://www.mywot.com/en/scorecard/v093272.home.net.pl" target="_blank">v093272.home.net.pl</a>,
<a href="https://www.mywot.com/en/scorecard/valquiriavisual.com" target="_blank">valquiriavisual.com</a>,
<a href="https://www.mywot.com/en/scorecard/vandeghen.be" target="_blank">vandeghen.be</a>,
<a href="https://www.mywot.com/en/scorecard/vertex.mc" target="_blank">vertex.mc</a>,
<a href="https://www.mywot.com/en/scorecard/virtuasolution.com" target="_blank">virtuasolution.com</a>,
<a href="https://www.mywot.com/en/scorecard/vistacooperative.org.np" target="_blank">vistacooperative.org.np</a>,
<a href="https://www.mywot.com/en/scorecard/viziteazasitu.ro" target="_blank">viziteazasitu.ro</a>,
<a href="https://www.mywot.com/en/scorecard/vnkhomeshopping.com" target="_blank">vnkhomeshopping.com</a>,
<a href="https://www.mywot.com/en/scorecard/vosbelastingadvies.nl" target="_blank">vosbelastingadvies.nl</a>,
<a href="https://www.mywot.com/en/scorecard/vresinskastrz.ic.cz" target="_blank">vresinskastrz.ic.cz</a>,
<a href="https://www.mywot.com/en/scorecard/vyapin.com" target="_blank">vyapin.com</a>,
<a href="https://www.mywot.com/en/scorecard/vyapin.com.cnchost.com" target="_blank">vyapin.com.cnchost.com</a>,
<a href="https://www.mywot.com/en/scorecard/wellsite.altervista.org" target="_blank">wellsite.altervista.org</a>,
<a href="https://www.mywot.com/en/scorecard/windowcare.org" target="_blank">windowcare.org</a>,
<a href="https://www.mywot.com/en/scorecard/windsor.co.th" target="_blank">windsor.co.th</a>,
<a href="https://www.mywot.com/en/scorecard/woolcloth.com" target="_blank">woolcloth.com</a>,
<a href="https://www.mywot.com/en/scorecard/worldchem.com.ec" target="_blank">worldchem.com.ec</a>,
<a href="https://www.mywot.com/en/scorecard/worldwinnerz.com" target="_blank">worldwinnerz.com</a>,
<a href="https://www.mywot.com/en/scorecard/wreeec2011bali.com" target="_blank">wreeec2011bali.com</a>,
<a href="https://www.mywot.com/en/scorecard/xploreseo.com" target="_blank">xploreseo.com</a>,
<a href="https://www.mywot.com/en/scorecard/yercaudhotels.com" target="_blank">yercaudhotels.com</a>,
<a href="https://www.mywot.com/en/scorecard/zccom.com.cn" target="_blank">zccom.com.cn</a></span><br />
<br />
It's clear looking through this list that very few locales and types of organizations have been spared from attacks by this hack-and-spam campaign. <b>Churches, porn sites, government sites, and more have been compromised.</b> You'll notice a surprising number of TLDs in there as well, representing a huge variety of countries and cultures (for example: .ar, .au, .ba, .bd, .be, .bg, .br, .ca, .cl, .cn, .cr, .cz, .de, .ec, .ee, .es, .eu, .fr, .gr, .hk, .hu, .il, .in, .it, .jm, .jp, .lt, .lv, .kg, .kw, .mc, .mx, .nl, .np, .pl, .ro, .rs, .sk, .th, .tr, .uk, .uy, .vn, .za, and even .cat).<br />
<br />
Again, I recommend reading the <a href="http://nakedsecurity.sophos.com/2012/07/11/hacked-email-accounts-unleash-weight-loss-spam/" target="_blank">Sophos article</a>
about this hack/spam/fraud campaign for additional tips on how to protect your e-mail accounts and Web servers.<br />
<br />
<b>UPDATE, 14 July 2012:</b> I've added anti-virus detection information for some of the redirect files. I also added details about the messages displayed momentarily before a page redirection occurs.<br />
<br />
<br />
For more from <span style="font-weight: bold;">the JoshMeister on Security</span>, please subscribe via <a href="https://feedburner.google.com/fb/a/mailverify?uri=theJoshMeisterOnSecurity">e-mail</a> or <a href="http://security.thejoshmeister.com/feeds/posts/default?alt=rss">RSS</a>, or follow me on <a href="https://twitter.com/theJoshMeister">Twitter</a> or <a href="https://profiles.google.com/theJoshMeister/about" rel="author">Google+</a>.Josh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.com0