Jump to content
Killersites Community

LSW

Moderators
  • Content count

    1,325
  • Joined

  • Last visited

  • Days Won

    5

LSW last won the day on November 17

LSW had the most liked content!

Community Reputation

13 Excellent

About LSW

  • Rank
    Cybersecurity Advocate

Profile Information

  • Gender
    Male
  • Location
    Alaska
  • Interests
    Native American Culture, Cybersecurity & avoiding computers because they are evil.

Recent Profile Visitors

35,729 profile views
  1. I have been testing it with Mozilla's own tester, every test it runs quite a bit slower than Maxthon 5 and still slower than Chrome, although they claim differently. I am on Windows 7 at work. So it is possible work settings effect it and I know you are on Mac usually. So far no one has replied with their own tests on my post. I tested it again Monday with the same result. Maxthon had 67 actions in a minute, Chrome 52 I think and Quantum was still in the high 30's. Firefox Quantum review in Web Design News forum. One important note again folks, if you update to FF 57 (Quantum), it is a major update and one of those changes is that some of your extensions earlier marked with the yellow "Legacy" tag, have moved into their own section away from the usual place your find your apps. So if you check apps and some are missing, they just moved.
  2. Web Designer is rather just the default standardized accepted term. Personally I always preferred "Web Developer". Web Designer was traditionally a matter of "Look & Feel" and structure. Put these days, and back 10 years, it began including some programming, now more programming, Content Management systems, multi-platform, sometimes Logos and branding, administration, even data base work in some cases. Lastly, my two soapbox areas, web accessibility and cyber security. We owe it to our customers to ensure all their customers and their own data etc. is both safe from attack and accessible to those with any number of disabilities. Web design was back when a designer designed a web site and passed it to a coder to "Make it so Number One". But for freelancers and now most big organizations that is not the case, the name just hung around like Internet Explorer. Web Developer is a better term I think, we are developing it from scratch.
  3. Google Collects Android Location Data Even When Location Service Is Disabled https://thehackernews.com/2017/11/android-location-tracking.html I am highlighting this article on the grounds that is raises a few points and if you use the iPhone you should not ignore it. This is an issue with every mobile device, not just Android. It is how phones work and why they use triangulation in police shows on TV. That is how the system works. Your device connects to the nearest and most powerful tower in the area. As you move from Grid A, the signal gets weaker and the device searches for the next closest tower, that may be Grid B. So you can be easily tracked by looking at what towers your phone connects to and a path will then show, it will show where you are or where you spend time etc. Law Enforcement uses this technique all the time. This particular article is about Google collecting that data (which they claim they are ending by the end of the year). This more about them collecting the data and what they do with it. Remember that Google is a for profit organization. Services is how they make their profit and they consider selling your data as part of that service to their advertisers. That is why a lot of the advertisements you see are what your interested in. Google Chrome is also the most popular browser and makes your life so easy signing on to things because they are collecting your data or data on you and selling it. You are not their customers, your are their commodity and advertisers etc. are their customers. So if you use iPhone, OnePlus, Android or Windows phones... You can be and will be tracked, that if how your phone works, so don't think this is "Just an Android issue". As an Android user, I cringe at this article, but I accept that that is the way it is and is no different than when I used an early iPhone. One last question: What does your service provider do with that data? AT&T, Verizon, T-Mobile and co. It is there towers you are connecting to, do you know what they do with that data from those towers?
  4. Firefox Quantum

    No, Fresh install of Quantom after deleting all profiles and firefox stuff and it is still slower than Maxthon 5 and Chrome. Anyone having a different outcome?
  5. Current Threats

    Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html
  6. Current Threats

    17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html
  7. Firefox Quantum

    OK, Update. I did install "It" and it is really just the next version of firefox, not a seperate browser as I had understood. So when you update from FF 56 to FF 57, you will have Quantum. There are some new things right off the bat: Book marks and Pocket are not in the address bar If you are missing add-ons, there is now a seperate page for "Legacy Add-ons" where you will find them, it is just an addition on the add-ons page. If you red the announcement I posted, there is a link to a speed test from Mozilla: https://mozilla.github.io/arewefastyet-speedometer/2.0/ In my testing, in all three tests I ran. Maxthon 5 Cloud Browser was the fastest, followed by Chrome and then Firefox Quantum. That said, as it is an upgrade there may be legacy crap slowing it down. I may just remove firefox and reinstall quantum and run the tests again.
  8. Firefox Quantum

    If you are not aware, Mozilla has released a new browser called Quantum on the 15th or 16th of Nov. 2017. I was not online yesterday, so just saw it today. Anyone use it yet, any thoughts, etc. anyone would like to share. I just downloaded it at work but nhot sure when I will get to work on it. Firefox Quantum
  9. Cybersecurity News

    OnePlus Vulnerabilities Another Shady App Found Pre-Installed on OnePlus Phones that Collects System Logs [11/16/2017] OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader [11/14/2017] OnePlus Secretly Collects Way More Data Than It Should - Here’s How to Disable It [11/14/2017]
  10. "Cybersecurity" It is under the Miscellaneus catagory. I also moved this post into the open forum as a better fit than announcements.
  11. Web Developers, much of my posting to date has covered protecting yourself. Lets talk about protecting your customer and their users. I cannot state this any stronger, Strong Passwords! If it takes little effort to break a password than the site you built can be hi-jacked to pass out malware. Database design, consider making it a tiered design. Sensitive data in a red zone, encrypted and password protected with strict access permissions. Less sensitive data in a Yellow zone that has lesser protection and more access and simple stuff in a green zone with just password protection and general permissions. If you use look-up tables that state that "2 = married with children", that is a look-up table and needs liuttle protection. But all sensitive data should be encrypted so that if adversaries do get to it... they can't read it. Be aware of SQL Injection attacks. If you allow data to be added to a website, make sure it is checked. If you allow basic comments with no security, an adversary could insert JavaScript into that comment that does really bad things. Malware Detection - Discovering Cross-Site Scripting Attacks Watering Hole Attacks. I think LastLine blog defined it rather well: "In a network watering hole attack, cybercriminals set traps in websites that their target victims are known to frequent. Often the booby-trapped websites are smaller, niche sites that tend to have limited security. These sites can include business partner sites or small websites that provide specific products, services, or information to the target company or industry. When visited, the compromised website infects the target end-users computer or device with keyloggers, ransomware, and other types of malware." The issue here is really about protecting web sites you build from being the water holes that infects your customers users. Network Security and Watering Hole Attacks As I come across tips for securing your web sites, I will expand this thread.
  12. Here we have a hardware trust issue: Built-in Keylogger Found in MantisTek GK2 Keyboards - Sends Data to China, now one can see how counts of key presses may be of interest to a manufacturer, but you ae not being told that data about your usage is being collected. I could be modified to log all that you type to get passwords. But every language has its most common characters so we know those are pressed alot, we know what keys gamers use as well so those get alot of hits. So considering that is there really a reason to log key strokes? This person uses these keys more than average so they are likely a gamer so we will sell that data to a game company for them to advertise to. Do you see the issue here? Any data about you can be monatanized so someone else makes a profit off your data but you.
  13. Cybersecurity News

    TOR Project What's New The Tor Project to Beef Up Privacy with Next-Generation of Onion Services [11/6/2017] Vulnerabilities Warning: Critical Tor Browser Vulnerability Leaks Users’ Real IP Address - Update Now [11/6/2017]
  14. We get a lot of questions about learning, but part of getting a job is also experience. Volunteering is not just a way to get experience but also built up a body of work and employers do tend to like people who volunteer. So how can I get experience? What are you thinking with volunteering? 1. Teaching: This will depend on your experience and area. In Germany I helped Youth Club staff build good web sites. Here in Juneau I did a seminar for local businesses. Here at Killersites I have learned things or made “mental connections” as I have tried to teach or help many of you with your issues. Often when helping others you realize other ways of doing things that you never considered before, you learn things answering other’s questions. Maybe teach a local high school computer club good web design. 2. Free web work: Like many others I did web work for some non-profit sites. I did the work for free, so they got a cheap web site and I had a web site to show besides my own and a professional reference for my application. Look around at charities, churches, and other non-profit entities online or your area. 3. Volunteering: Naturally any place you volunteer will aid you. I will stick with IT work here though. Even if it is not web design, you have more computer experience than most average folks to you can be of great help just doing basic IT stuff. You will also learn new skills and experience other IT areas you like more. I started in web design, then went to programming and am now my divisions cyber security person. So, do not fear volunteering for “other” IT work. A. Red Cross/Crescent – The Red Cross works differently is different countries, so I can only speak to the American Red Cross (ARC), but my guess is that the Canadian Red Cross, Deutsches Rotes Kreuz e.V., etc. will have the same needs, just other terms. i. Disaster Services Technology (DST): The ARC is going digital more each year, many of the tools they use are online. Every time ARC volunteers deploy to a disaster, some of the first ones in are DST, and there are never enough DST volunteers. So, as long as volunteers are in the field at disasters, so are their technical support. Computers: There is a sub-team that handles passing out, setting up, managing and maintaining and collecting computers. Also support for the apps used. Networking: A sub-team that specifically deals with networking, connectivity, and Servers. Big disasters like this fall will have field servers deployed, many communications may be down, so we set up satellite internet connections. We use wired and WiFi connections, routers, switches and set up printers. Communications: This sub-team passes out and supports smart phones, tablets, handheld and mobile radios, radio base stations, antennas etc. Customer support: This is basically the help desk folks who help the users. [NOTE: these are the four official jobs in DST, but the disaster decides the actual build. You may find yourself doing multiple jobs if the disaster is not as big or there are not enough volunteers. DST from hurricane Harvey is still in the field from all over the country, and it is usually a two week deployment, so they constantly need people, so there may not be enough. I am the only DST member for all of SE Alaska] ii. IT End User Services (IT EUS) – Another ARC group to consider for those times between disasters. This is really just the IT shop for the ARC broken into regions. I am currently going through the process. As an EUS volunteer I will be dealing with maintenance and troubleshooting of ARC computers in my area, helping other volunteer and staff with their computer problems, running updates etc. Again, I am the only EUS person for SE Alaska, the nearest are almost 6 miles away in Anchorage. iii. There are many other volunteer jobs for logistics, shelter workers etc. with any of the Red Cross/Crescents as well both day to day and disaster situations. B. CyberPatriot – CyberPatriot is a national youth cyber education program run each year by the Air Force Association (AFA) and partners. The AFA sees the lack of cyber security trained people on the US workforce to be a National Security Issue. They want to get more youth interested in STEM and computer jobs and increase the number of women in the IT sector. You can volunteer as an assistant coach for teams in your area, or you can contact schools or organizations in the area to coach your own teams. This competition is not just for the geeks, it is built for people, teens or coaches with no idea about computers and or cyber security to be able to comete as the whole idea is to get kids not interested in computers to reconsider. It is a two-part program. i. The education part entails teaching youth to use the internet in a safe manner. They support schools or others running cyber safety summer camps and such activities. ii. Part two is the CyberPatriot Cyber Defense Competition where teams from across the US (I think Canada too) made up of teenagers, compete nationally for the best score finding vulnerabilities and securing a server system. Teams can be from schools, military organizations like JROTC or Civil Air Patrol Cadets for instance and other groups like boy scouts. They are even pushing for all-female teams. C. Civil Air Patrol – Quite wide spread down south, CAP is a civilian corporation owned by the US Air Force. Its task is the primary Search & Rescue agency in the US. Primarily for missing aircraft, but also hikers, boaters, etc. They are all volunteers and always need pilots, air crews, ground search personnel and those to run the search. Among other squadron jobs, there is an official job for IT personnel. So, check your local CAP squadrons, volunteer and maybe be their IT shop or if they have Cadets, offer to coach a Cadet CyberPatriot team. D. National Collegiate Cyber Defense Championship – I have not dealt with this group, but it is a college version of CyberPatriot more or less, just for college students. If you live in a college town this may be another possible point to help out. This is just a partial list based on what I generally have had experience with. Anyone else have suggestions, even from their own countries, go ahead and add it. Just remember that when you volunteer you help your community and yourself. You can gain much broader experience that can only help you get jobs or pad your university application. Getting into cyber type stuff will give you a deeper grasp of computers and servers and help ensure your future web design customers have secure web sites.
×