Tagged: security Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:59 am on October 16, 2017 Permalink | Reply
    Tags: , KRACK, security   

    Exploit makes all Wi-Fi vulnerable. Is it time to panic? 

    Exploit makes all Wi-Fi vulnerable. Is it time to panic?

    A leading security expert recently discovered an exploit in the algorithm that keeps most Wi-Fi devices secure. The exploit, named KRACK, allows a bad actor to hijack your Wi-Fi and tunnel in to any of your Wi-Fi enabled devices. This means that your private information could be compromised or any sort of malware could be injected into your devices. Here’s all the guts of how the exploit works.

    This makes any Wi-Fi enabled device vulnerable. That means it can effect phones, tablets, PCs, whether they run Windows, Android, iOS, MacOS and even Linux. So what can you do? Unfortunately, mostly wait. This exploit is so new that most distributors have not pushed any updates yet to fix the exploit. That’s not even taking into consideration that a lot of distributors, especially router manufacturers, never even update the firmware of their devices. The same goes for a lot of Android phone manufacturers too. You can use a virtual private network (VPN) to be more secure, however, they can be costly and some VPN providers can be shady themselves. For PCs and laptops you can go back to using your ethernet cables.

    If any good news can come from this exploit it’s that someone has to be within distance of your Wi-Fi source to be able to launch an attack. So if you’re at home, someone would have to be in range of your home router to try to hijack your signal. Businesses will be more vulnerable as a hacker will have better access to try to hijack that signal. Hopefully, manufacturers, distributors and providers will realize just how massive this vulnerability is and will issue patches as soon as possible. If you have additional questions and concerns you can go to krackattacks.com.

     
  • Geebo 9:06 am on September 26, 2017 Permalink | Reply
    Tags: cryptocurrency, security   

    Websites may be using your computer to mine for cryptocurrency 

    Websites may be using your computer to mine for cryptocurrency

    Advertising and the internet have a contentious relationship to say the least. While advertising is where the majority of content creators make their money, there are many drawbacks to taking in advertiser money. Many advertising programs, like Google’s Adsense, seem to have arbitrary policies that see some creators penalized while others do not for providing similar content. Not to mention that one only need to look at YouTube’s recent adverting restrictions that users have referred to the as the ‘Adpocalypse’ to see advertisement money can disappear at a moment’s notice. With those dollars disappearing, a number of content creators have turned to cryptocurrency mining.

    It was discovered recently that a number of websites owned by television network CBS, had code injected into their websites that ‘borrowed’ processing power from viewers’ computers in order to help mine concurrency for someone. In this instance, it was reported to be the cryptocurrency Moreno. It’s viewed as a more private alternative to the more popular Bitcoin. While the injection of code into CBS’ websites may have been perpetrated by a bad actor, that hasn’t stopped some websites from using such code on unsuspecting users. Mining cryptocurrencies requires massive amounts of computing power, so it should come as no surprise that some less than legitimate websites have begun using this tactic.

    Not all hope is lost though. There are ways to protect your computer from having its computing power leeched for the benefit of someone else. Many of the popular browsers have extensions that will block mining code. A number of the most used ad blockers already block the coin code and a search for coin blocker should turn up a few more.

     
  • Geebo 8:55 am on August 31, 2017 Permalink | Reply
    Tags: Onliner, security, spam   

    Time to change your password again after massive spam list discovered 

    Time to change your password again after massive spam list discovered

    Cybersecurity experts have discovered a record-breaking spam operation which has compromised a number of email accounts. This spam attack, dubbed Onliner, has harvested over 700 million email addresses. A great number of these email accounts had their passwords divulged as well. Even the operator of Have I Been Pwned, whose website can tell you if your email has been exposed, had his email address listed in this latest leak.

    Speaking of HIBP, it is recommended that you go to their site to see if your email has been harvested in this leak or any previous leak or hack. The only information you have to submit is your email address. HIBP is considered a trusted site in tech circles so you won’t be exposing any sensitive information to them. If your email address is on their list for the Onliner leak, change your email password immediately.

    Thankfully, the only thing the email addresses seem to have been used for, was for sending spam to other email accounts. So far there have been no reports of the email accounts being used for anything nefarious like identity theft or financial chicanery.

     
  • Geebo 9:02 am on August 9, 2017 Permalink | Reply
    Tags: Bill Burr, , security   

    Man who invented P@$$w0rd guidelines regrets it 

    Man who invented P@$$w0rd guidelines regrets it

    Anyone who has held a job that required a computer in the past decade and a half has been subjected to the tedious practice of having to change their password every 30 to 90 days. Then that password has to have an uppercase letter, a number, a symbol, an Egyptian hieroglyph, some ancient Sanskrit, your DNA sequence and that unpronounceable icon Prince used to use as his name. This came about thanks to one man. That man was Bill Burr, a former manager at the National Institute of Standards and Technology. He came up with these guidelines in 2003 in order to better protect government systems. These procedures spread out into the corporate world where they became gospel. Now the man behind the guidelines says not only does he regret these guidelines, but they are no longer effective.

    Now it’s believed shorter passwords with these restrictions are easier to crack than longer passwords that are simple phrases. For example, a password along the lines of “safecommunityclassifieds” is harder to crack than “G33b0c0m”. (BTW, neither of those are used by Geebo.) The problem is a lot of employers and online services require you to use the restrictive password guidelines from 14 years ago, however, you can still use your personal passphrase with just a modicum of alteration to fit those requirements.

    The other problem is the frequency in which some places require you to change your password. In a number of cases, users will alter their previous password by one digit or letter. If one of your old passwords were to be discovered and used one of these one character changes, it would be an easy matter to determine your current password.

    So again, it’s now recommend you use a passphrase to use as your password and you should only change it if there has been some kind of security breach. You can check the security of passwords at this website.

     
  • Geebo 11:31 am on February 28, 2017 Permalink | Reply
    Tags: cloudpets, , , security   

    Cloud connected child’s toy leads to personal data breach 

    Cloud connected child's toy leads to personal data breach

    As seen on TV toy CloudPets is actually a pretty clever concept. By using a smart phone app a traveling parent or a relative that lives far away can leave a voice message to a child on one of the stuffed animals.

    Except there’s that one inherent problem that affects any device connected to the cloud, there’s a chance that personal data stored there could be compromised. CloudPets seems to be having that problem currently as reports say that an insecure database led to third-parties accessing the personal information of many of their users. This information includes names and dates of birth. This is made doubly disturbing considering that a lot of this information belongs to children, not to mention that their voice messages could possibly have been stolen as well. Some reports even state that it’s possible to send unauthorized messages to the devices if someone so desired.

    As with any device that’s connected to the cloud you have to assume a certain amount of risk that the data could be stolen, but when it comes to your children you should double that amount and take proper steps to try and keep that information secure such as using strong passcodes. Or you may want to consider not sharing your child’s personal information at all with a company that advertises on basic cable commercials.

     
  • Geebo 10:57 am on February 16, 2017 Permalink | Reply
    Tags: , security, ,   

    Yahoo reveals that hack was worse than previously thought 

    Yahoo reveals that hack was worse than previously thought

    It seems that getting any kind of vital information out of tech dinosaur Yahoo is like pulling teeth, from a rabid badger. It was made public recently that Yahoo’s infamous hack that compromised 500 million accounts was worse than just stolen passwords. Now Yahoo is revealing that some of the accounts were compromised using a forged cookie.

    A cookie is a piece of code that allows your browser to remember such information as your username for certain sites and in some cases your password. This means that someone with a forged cookie doesn’t even need your password to access your account. Yahoo claims that the hack was carried out by a state actor which means a government sponsored attack.

    This comes at a time where Verizon is still trying to negotiate a price to purchase Yahoo. Verizon just recently requested a $300 million price cut on the pending acquisition. Then again, if it wasn’t for this acquisition we may have never heard about these hacks at all.

    If anyone is still using any Yahoo services that deal with any kind of personal information you may want to think of deleting your account. While any online service can fall victim to a large-scale hack of this nature, Yahoo seems to be inordinately porous when it comes to user security.

     
  • Geebo 2:49 pm on January 27, 2017 Permalink | Reply
    Tags: , , security   

    Facebook offers new level of security 

    Facebook offers new level of security

    Recently, Facebook rolled out a new security feature designed to keep your account out of the hands of hackers and identity thieves. You can now purchase a USB key that will only allow someone with the key to access your account. This is a lot more secure than the regular two factor authentication as SMS messages can be intercepted.

    However, there are drawbacks to using this method of security. The first is that it only applies to using Facebook on your PC, a mobile version of this method has yet to be implemented. The second problem is that it will only work with the Chrome and Opera browsers, so if you’re a Firefox or Explorer user, you’re out of luck. Lastly, if you lose the key you’ll be locked out of your Facebook account.

    Unless you use Facebook for business purposes or are some kind of public figure you can probably get away with just the regular two factor authentication with no problem. However if your livelihood revolves around your Facebook, the security key may not be such a bad idea.

     
  • Geebo 10:24 am on January 18, 2017 Permalink | Reply
    Tags: , , security   

    New phishing attack targets GMail 

    New phishing attack targets GMail

    For those of you who may not know, phishing is a type of scheme where an entity casts a wide net to a number of users in order to obtain the personal information of a few random victims. It’s like fishing but with a ‘ph’ because the internet likes to misspell things.

    A new phishing attack has appeared throughout a number of GMail accounts. If you use Google’s free webmail service the phishing email appears to be from someone on your contact list. That probably means that their account has probably been compromised. The fake email will have an attachment included in the email and when you click the attachment a new tab or window will pop up asking you to reenter your GMail login info. However, the new tab or window does not take you to GMail but rather takes you to a webpage designed to look like GMail, but in actuality is a fake page waiting to steal your login info as soon as you enter it.

    Some of the tips to avoid phishing attacks include not clicking on random attachments from strangers and in some cases from your friends. If it’s an unsolicited attachment there’s a pretty good chance it could be part of a phishing attack. Also, when logging in to your account check the URL, or web address, in your browser’s address bar. If it doesn’t belong to the service you’re logging into you could be compromising your info.

     
  • Geebo 1:07 pm on December 8, 2016 Permalink | Reply
    Tags: car theft, , grand theft auto, security,   

    New device could make anyone a car thief 

    New device could make anyone a car thief

    Before cars became mostly electronic and computerized it took a skilled thief to steal or break into a locked car. Only a select few had the talent to be able to pick the lock or use a slim jim to gain access to the inside of a car without breaking the window. Then if they wanted to steal the car, in most case they had a tool that would pull off the ignition and they’d be able to start the car with a screwdriver. Now, the more electronic a car becomes the more points of failure it has when it comes to auto theft.

    If you have a car that either opens the car or can be started remotely there’s a pretty big chance that it could be stolen by just about anybody. Investigative reports have determined that there is a device used among thieves that relies heavily on your cars wireless remote features. For example if you lock your car using the wireless key fob that came with it, this new device can clone the wireless frequency your car uses then replicate it to gain access to your car’s doors and ignition.

    So outside of buying a car that predates these electronics what can you do to protect your car from being stolen this way? While many of these cars use sophisticated electronics many of them still use old-fashioned keys. Rely more on the physical keys themselves when locking or unlocking the car and the criminals have a less of a chance of cloning your signal.

    The odds that this device will be used around your car are slim but it’s better to be prepared than to have to deal with an insurance company over stolen car.

     
  • Geebo 9:51 am on October 10, 2016 Permalink | Reply
    Tags: Kim Kardashian, , security,   

    What Kim Kardashian can teach you about social media security 

    What Kim Kardashian can teach you about social media security

    One of the bigger entertainment stories last week was the armed robbery of reality TV presence Kim Kardashian. She was said to have been robbed of $10 million in jewelry while in her Paris hotel room. Some reports have alleged that the perpetrators may have used her ubiquitous presence on social media to plan the heist. The truth is that you don’t have to be famous to have your social media betray you like that.

    Apps like Twitter and Instagram are constantly trying to get you to post your location. If you’re out in public and away from home this can present a number of problems for your real world security. Mashable, has a great blog post about how to disable your location in several apps. Another safety issue is with check in apps that announce where you may be such as a restaurant or concert. Instead of checking in as soon as you get there you may want to wait until after you leave before checking in.

    The biggest security flaw that has come back to bite social media mavens is being on vacation. It’s become common place to announce your vacation plans on social media before documenting the entire trip. This has the potential to let one of your followers know that you may not be home for a while which has led to burglaries in the past.

    Instead of documenting every moment of your life on social media as it happens, maybe put some time aside at the end of the day to do more of a ‘day in review’ type of update. Your safety and security is not worth a handful of likes and emojis.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel