allheart55 Cindy E

Microsoft has taken down thousands of ads for tech support scams that had infested the company’s TechNet support domain in a sly attempt to boost their search ranking. According to Cody Johnston, the self-styled ad hunter who reported the issue to Microsoft, until a few days ago Microsoft’s site was home to around 3,000 of these ads, mostly associated with the gallery.technet.microsoft.com downloads section. The ads covered a wide range of fraudulent support issues, from virtual currency sites to Google Wallet and Instagram. Johnston told ZDNet: I was able to find a total of 3,090 results, ranging back to August 2018. Twelve new ones have been created in the last week. After reporting the problem to Microsoft, the ads were taken down within 24 hours, he said on Twitter. However, within hours new ads quickly replaced the deleted ones on the same domains, which brings home the scale of Microsoft’s content monitoring challenge. How is this possible? Finding the ads wasn’t hard, requiring a custom Google search that anyone could run. So why didn’t Microsoft notice the issue and react sooner? Probably because it didn’t anticipate how quickly this can become a problem – and it doesn’t appear to be only one caught napping. Tech support scammers never stop looking for prominent places to host their rotten content, whether by squirrelling it away on high-ranking domains or by simply buying prominent ad spots from search companies which don’t do enough manual checking. The latter has become such a popular approach that Google recently announced that it would require companies advertising tech support to sign up for its advanced verification process that subjects them to manual checks. Borrowing domains such as Microsoft’s is a free alternative with a big SEO pay-off. Since last year, Johnston said he’d noticed the issue on other forums, including Spotify, Tinder, Linksys, AOL, Turbotax, and the Salesforce-owned Quip. It’s a simple tactic – bypass a site’s user authentication (assuming the site has any), post the content and wait for search engines to pick it up. The bigger the domain reputation, the bigger the ad boost. One counter is to force the spammers to jump through more hoops by enforcing user checks before they are allowed to post content. The issue is like a web version of the rise of spam in the early 2000s. This scourge was never stopped (huge amounts of spam is still sent today), so much as rendered mostly invisible thanks to content filtering by service providers such as Google. Doing the same for the somewhat smaller but still troubling problem of SEO-driven web spam might turn out to require new tools, processes or human attention. Source: Sophos

Will let you know but so far, so good.

That is a key piece of information missing from the Forbes article. Good find, Liz!

After January 2020, Microsoft is only going to make security patches and updates available to those pay for the subscription to Windows 7.

I was just getting ready to post that, from Forbes. I think it's ridiculous! I have one desktop and one laptop running Windows 10 and one desktop running Win 8.1. One desktop still has Win 7 on it.

It’s one thing to slip spyware onto somebody’s phone so you can surreptitiously intercept text messages, call logs, emails, location tracking, calendar information and record conversations – that kind of privacy-spurning stuff. It’s another thing entirely to be the company that makes and markets the software… and – the coup de GAH! – to suffer a breach that exposes not only the private data of the buggers, but that of the buggees… Twice. In three years. Yes, we’re talking about mSpy. The “ultimate tracking software” runs on mobile phones and tablets, including iPhones and Androids. The company claims that it helps more than a million paying customers spy on the mobile devices of their kids and partners. (Is it illegal? Well, mumble mumble, totally legal if you tell the target… which of course you’ll do, right… well, anyway, it’s your problem.) The most recent breach, first reported by security journalist Brian Krebs on Tuesday, involves what he says is millions of sensitive records published online, “including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.” The open database was discovered by security researcher Nitish Shah. It’s since been taken offline, but while it was flapping open, anyone could query what Krebs said were “up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software,” all accessible without requiring user authentication. That includes usernames, passwords and the private encryption keys of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. Shah said that with the private key, anyone could track and view details of a mobile device running the software. But wait, there’s more, Krebs reports: n addition, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files. Anyone who stumbled upon this database also would have been able to browse the WhatsApp and Facebook messages uploaded from mobile devices equipped with mSpy. That means that someone could have spied on an indeterminate number of kids, besides others under mSpy surveillance, given that some parents install mSpy in order to keep track of their children. One of the testimonials from mSpy’s site: Why did I decide to use mSpy? Simple, I am not gonna sit and wait for something to happen. I read about Amanda Todd and other kids. Seriously, my son’s safety costs way more than $30. Unfortunately, when you collect this type of private information, you get a situation that’s the opposite of keeping kids safe. You instead entrust a company with your child’s details, stored as they are in a database that’s a plum target for scumbags such as trolls, stalkers or child predators. The last thing in the world that any parent would want is for such people to have access to their children’s social media messages or account details, let alone be able to track their whereabouts and eavesdrop on their conversations. But that, unfortunately, is the risk you run when you install spyware: you run the risk that anybody in the wide web can spy on your lover or child. Shah said he was ignored when he tried to report the breach to mSpy. Krebs had better luck: after he contacted the company on 30 August, he got this reply from mSpy’s chief security officer, who identified himself only as “Andrew”: We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure. All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. Thanks to you we have prevented this possible breach and from what we could discover the data you are talking about could be some amount of customers’ emails and possibly some other data. However, we could only find that there were only a few points of access and activity with the data. Krebs notes that some of those “points of access” are his and Shah’s. They were both able to see their own activity on the site in real-time via the exposed database. The first time that someone tore a hole in mSpy and published its database on the dark web was in 2015. At the time, for more than a week, mSpy denied the breach, in spite of customers confirming that their information was involved. It finally acknowledged to the BBC that yes, the breach had occurred. It blamed blackmailers and said it was doubling up on security. Yet Krebs reports that more than two weeks after news of that first breach broke, the company still hadn’t disabled links to “countless” screenshots on its servers that were lifted from mobile devices running mSpy. Would you really trust this company enough to put its software on your loved ones’ phones? No, neither would we. To protect against someone doing it to you, make sure to secure your phone with a passcode that you don’t share with anyone: it can help to prevent spyware like this from sneaking onto your phone. Read our 10 tips for securing your smartphone for more advice on protecting your mobile data. Source: Sophos

It's a decent build but you could do better for less with an AMD instead of Intel. An OEM is fine but you won't be able to use it on a different computer if this one fails. It is tied to the original hardware that it is activated on.

It's fine to order the phone as long as you port your number when you are ready to activate the new phone.