You know to avoid sketchy sites, and always double-check your URLs. You like to think that going to a legitimate business website is going to be pretty safe, malware-wise. But alas, even the most legitimate site is vulnerable to security flaws… and a whole wave of them have recently been hijacked to try to extort money from you.
Here’s some depressing news for your morning: even if you set up your home network yourself and followed all of the best practices for doing so, it’s probably got some big fat vulnerabilities in it.
Computer manufacturer Lenovo rightly caught heat far and wide from every corner of the internet this week after security researchers discovered a massive security flaw that shipped pre-installed as advertising software. Lenovo should never have put the intrusive software on their computers in the first place, but there is some good news today, as the company is now sharing a list of what computers were affected, and how owners of their machines can remove this junk crap from their systems.
It’s not uncommon for a new PC to come with some pre-installed crap on it you don’t want. From proprietary hard drive management tools to antivirus trials, software bundling is sadly common. But the junk shipping on new Lenovo laptops goes one troublesome step further: the bloatware present on several models is not only annoying, but dangerous, with a vulnerability that could let someone easily access users’ private, nominally secure data.
We’re not sure why a company would bother with offering a password feature on their customer accounts if they disable them without warning 3 months later as a matter of policy, but that’s how Southern California Gas Company rolls. Does it really matter, you ask? It might if you’re a victim of domestic violence.
We’re not IT experts or anything, but when Chase writes that “all your account information is protected by 128-bit encryption to maintain the privacy and confidentiality of your data,” shouldn’t that mean a little lock icon on the browser window, and an https address? Update: Not necessarily, according to our commenters, although the lack of an https login screen does pose other security risks.