[TTT] PSA – All FossHub downloads are COMPROMISED – Includes Audacity and Classic Shell

I just wanted to send this out to all my followers because not only do I use Classic Shell but I am sure that many of you do.

DO NOT UPDATE from FossHub at all.

Earlier today their site was compromised by “CultOfRazer“.  Download the software DIRECTLY from the authors website. They replaced all the installers to just simply overwrite your MBR when you install the program. After you restart you will get the errors that are in the slideshow below.

Infected file from FossHub

 

If you need to fix your MBR after this please see the guide below. All the details can be found in this Reddit thread: https://www.reddit.com/r/pcmasterrace/comments/4vw21h/massive_psa_do_not_download_classic_shell_read/

Repair Master Boot Record MBR (Source)

The process is almost same for Windows 10 / 8 / 7. First and foremost you need a Windows 8 or Windows 7 installation DVD. Without that, it will be hard to proceed.  Please don’t ask where you can download it since we are not at liberty to discuss the sources, where we can find the installation DVD.

Step 1:

Press F8 while booting the system to go into the Windows Recovery Menu. Unlike other version Windows 8’s recovery menu has the Metro UI style.

Step 2:

Click on Troubleshoot.

Repair-Master-Boot-Record-3

 

Step 3:

Click on Advanced options to get into Automatic Repair menu.

3_thumb1_thumb

 

Step 4:

We need to use the Bootrec.exe tool. Click on command prompt and type in the following commands, one after the other:

image_thumb20

  • bootrec /RebuildBcd
  • bootrec /fixMbr
  • bootrec /fixboot
  • Exit

Now go ahead and reboot your system. In some cases you may need to run some additional commands.

image_thumb21

 

  • bootsect /nt60 SYS or bootsect /nt60 ALL

It’s wise to backup MBR or create a System Recovery Disk so that in case something like this happens you don’t have to run for the Windows Recovery Disk. To create a system recovery drive in Windows 8, follow these steps:

  • Press Win + R and type in RecoveryDrive.exe

image_thumb22

  • Click Next
  • Once you insert the USB drive it will start creating the Recovery for you’re USB drive.

TeamViewer Confirms That “Significant” Amount of User Accounts Were Breached

I posted last week that there was a suspected breach with TeamViewer. They have confirmed it. Please see the ArsTechnica article below, however they are still blaming the users.

Source: http://arstechnica.com/security/2016/06/teamviewer-says-theres-no-evidence-of-2fa-bypass-in-mass-account-hack/

Excerpt:

On Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was “significant,” but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.

FULL ARTICLE

MAJOR Security Breach – TeamViewer Has Been Hacked

A friend of mine sent me the below info from a Reddit post online. There are many other sources reporting that there is a major breach happening.

The Register: http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/
TripWire: http://www.tripwire.com/state-of-security/featured/teamviewer-hack-pc-hijack/

This issue is not getting enough attention, please spread it.

Users are reporting breaches, and thousands of dollars have been stolen with the client, all over /r/teamviewer and at their support Twitter account. TV is blaming users with reusing passwords, yet users with 2FA and unique very long generated passwords were hacked.

Some also suggest that their DNS servers were hijacked and the clients believed the fake server, being the method of the attack.

One of the main problems are that they are not taking responsibility: (quoted from /u/rich-uk )

Teamviewer is being used as a vector of attack. This has happened on other sites where they had no critical information and within 48 hours everyone’s logged in sessions were logged out, an email went round saying you had to click the link in the email (to verify ownership) and set up two factor auth as they knew they were being targeted. Teamviewer must know they are being targeted, and the stakes are high as the software allows complete access to a trusted machine – it’s basically a master key – and there hasn’t been a single response with teeth from teamviewer.

Update: TV still denies a breach even with this thread linked.

A few links:

Alternatives:

  • LogMeIn– Now non-free, and had a bad reputation since “Microsoft Support” phone scammers used it. Trials available.
  • Chrome Remote Desktop– You may be not able to control remotely if the user is not logged in (for unattended access).
  • RealVNC– Free only for non-commercial use.
  • TightVNC– Free for any use, open source.
  • UltraVNC– [AdBlock blocking] uvnc.com is their site, ultravnc.com seems to be redirecting to RealVNC – domain squatting?
  • Remote Desktop Connection – Built-in, only for Windows, third party clients available.
  • GotoMyPC– Paid with trial.
  • ScreenConnect– Paid with trial.
  • Bomgar– Paid, seems to be more aimed at enterprise users.
  • Other remote desktop software on Wikipedia

Source: Reddit

Dr. Crimmy’s EJuice “Lab” – Questionable Cleanliness and Other Information

Another update. Someone found the floor plan from the realtor who manages the building that Dr. Crimmy’s is in and they have a BATHROOM in their “clean room”. Mmmmm poop particles. They are in Suite 1 and you can verify that from the video and their address.

You can also see from the listing that the back of the building is the same from the “lab” photos below. You’re busted Dr. Crimmy’s.

Property Listing: http://www.brenthoffman.com/listings/l0240.html
PDF of Listing: http://www.brenthoffman.com/pdf/ThompsonBridge2100Info.pdf
PDF Mirror: https://www.timothyhoogland.com/dl/ThompsonBridge2100Info.pdf

Dr. Crimmy's Suite Floor Plan

Update from “Matty Ice” who was the one who posted the photos. He even linked to my post. Thanks!

–Original Post Start–
Today on the Chicago Vape Nation page someone shared some photos that an ex-employee posted from their “lab”. You can see the flavorings, VG, PG, bottles, mailing boxes, and even their labels in these photos (posted below). They were initially claiming that they were NOT their photos but then released a video on Facebook (Source: Kevin Lynch (Owner of Crimmy’s) ). I have also attached the video to this post and a screenshot in case they pull it down.

Crimmys Lab Video From 09/23/2015

Facebook Screenshot Admitting to the Lab Photos
Facebook Screenshot Admitting to the Lab Photos

In the photos, you can see that it is a disgusting environment that they were making ejuice in. I myself started out making it in my kitchen on sterilized tables and used standard safety precautions for myself and the ejuice. This this is just deplorable. They have said on their FB video that this was their old location and this is no longer used.

I tried to join their Facebook group, but they are banning any new people that are trying to find out more information in order to keep things quiet. This is VERY concerning as they are clearly trying to cover something up. Even if they have a new “lab” like they are claiming my guess is that due to how tired this guy in the video looks (from cleaning the “lab” all night), the fact that he looks like he has no idea how to wear the safety gear, and they never enter any of the rooms where juice is made makes me question the legitimacy of this all.

That all being said, I will never recommend Dr. Crimmys to anyone and never purchase it again. I will stick with vendors that actually make liquid in sanitary environments whether that be at their homes using common sense or in a lab. If they were OK with the previous conditions of the place it makes you wonder how bad they will let the new one get.

This post is staying up as they are currently trying to get all the photos removed from other places. I will NOT remove these as the truth needs to be heard.

Dr. Crimmy’s “Lab” Photos (Source: Reddit)

Reddit Repost – I am a tax attorney, here are my answers to the most common questions about the taxation of bitcoins : Bitcoin

I found this on Reddit and people were asking for someone to put this on one page for people to read easier. The source and credit go to dblcross121. Source of the text is at the end. Enjoy! 


Introduction


I’ve noticed a significant amount of uncertainty around here about the taxation of bitcoins. In effort to provide some guidance , I’ve compiled some of the most common questions I’ve seen and tried to provide straight-forward, easy to understand answers. I am a tax attorney, but there is so much uncertainty surrounding bitcoins that I expect some people to disagree with one or more of my conclusions. If you have a contradictory opinion, please share it. We would all benefit from an educated discussion of this issue.

Keep in mind this post is intended for a layman audience. If you are a tax professional or want a detailed examination of this topic, you find this post lacking. Please don’t nit pick this post with technicalities or narrow exceptions, I purposely excluded such nuances for the sake of readability.

I should note that this post does not address aggressive tax planning strategies. Such strategies are a lot of fun to discuss, but they do not belong in this type of post. If you are interested in such strategies, perhaps we can make a follow-up post on another day.Continue reading