CCleaner is a clean-your-computer app beloved of people who own inexplicably slow PCs. If you installed recent editions of it, you were installing malware. But the company behind it hasn't gone rogue, reports Reuters. Hackers compromised their systems.
A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.
Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.
“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.
The infected version is 5.33, and you likely have it if you installed the Windows version of CCleaner between August 15 and September 13. That's 2.3 million installs, admits Avast.
Read the rest
CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.
"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.
"Users of CCleaner Cloud version 1.07.3191 have received an automatic update.
This simulation, called The Evolution of Trust starts with a variation of the prisoners' dilemma. You can choose to put a coin into a slot. Another person has the same choice on a different machine. You can't communicate with the other person. The only thing you know is this: if the other person put a coin in their slot, you will receive 3 coins. And if you put a coin in your slot, the other person will get 3 coins. What's the best strategy?
Trust is falling. Why? And how can we fix it?
My interactive guide to the game theory of trust is now OUT!
— Nicky Case (@ncasenmare) July 25, 2017
Case 1: other person inserts coin. If you put a coin in the slot, you will have a net gain of 2 coins. If you don't put a coin in the slot you will gain 3 coins. So the best thing to do is not put a coin in the slot.
Case 2: other person doesn't insert coin. If you put a coin in the slot, you will have a net loss of 1 coin. If you don't put a coin in the slot you lose nothing. So the best thing to do is not put a coin in the slot.
In either case, it's to your advantage not to put a coin in the slot. But what happens when you play several rounds of the game with the same person? Are there better strategies? Read the rest
The Anonymous activists behind "OpKKK" -- which infiltrated and unmasked Klan members, including many in US military and police departments -- began by creating thin-but-plausible fake identities on Facebook that signalled support for "Blue Lives Matter." By friending other accounts that indicated support for Blue Lives Matter, they found themselves being auto-suggested friendships with KKK members. Read the rest