Tag Archive: exploit

[PSA] Android users: 1M+ Google accounts have been breached (Gooligan).

Today is not a good day for security, it seems.

In addition to the Firefox 0-day exploit, it seems that Android users need to keep a close eye on the apps they’re downloading, particularly from third-party app stores. You can check out the detailed article from Check Point on the topic. The article contains two items in particular that you may find helpful:

  • Scroll down to Appendix A at the bottom of the aforementioned Check Point article. This is a list of “fake” apps that are known to be infected with Gooligan.
  • Check Point has put together a quick tool that allows users to check and see if their accounts have been infected with Gooligan. To use the tool, go to https://gooligan.checkpoint.com/ and enter the email address(es) associated with your Android device(s). Hopefully, you’ll get a pop-up informing you that your account has not been breached.

It’s sad to say, but the dose of paranoia one needs to stay safe on the net these days is no longer creeping upwards. Rather, it is growing in leaps and bounds. As are the number of internet-connected things we all have in our homes, each of which should be viewed with at least some degree of concern.1

In truth, if it is connected — or can connect — to the Internet (and maybe even if it can’t), it should be a security concern. Every time a home gets smarter, it most likely also gets less secure. It seems almost inevitable that someday soon, the sheer number of insecure devices is going to result in some sort of … something. I’m not sure what, but it’s not going to be good.

Stay alert! Trust no one! Keep your laser handy!

[PSA] If you’re using Firefox, particularly on Windows, stop doing that.

Sad (Red) Panda needs to be put in quarantine for a while.

Firefox (versions 41 – 50, which includes Tor Web Browser (Firefox 45 ESR)) currently has a 0-day exploit. This means there is a remotely-accessible and exploitable security concern with the application for which there is currently no fix, and the internet at large is actively taking advantage of the situation. This will undoubtedly be fixed, but until it is, you should switch browsers.

You can learn more about the situation from Wordfence (which is where I originally learned of it), Ars Technica, The Register, and any number of other web sites. Just, you know, use a non-Firefox browser when you start poking around looking for information.