Jump to content
Killersites Community


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by LSW

  1. Pre-Installed Malware Found On 5 Million Popular Android Phones https://thehackernews.com/2018/03/android-botnet-malware.html
  2. Cyber Security is a branch of it's own and I have been studying it for over a year now. Not only do they not need to know everything, but it would leave them no time to actually build web sites. Security is mostly the realm of ISPs, servers and hosts, but it is not something that you can ignore simply because you are "Simply the web developer". If they get hacked and it suggests it is do to something you did not do or did wrong, not good for your business. So aside from making sure some simple rules are followed, it is a good idea to know that any Hosts you may suggest to a customer is trustworthy too. This is just 4 things web developers can do, I could suggest a lot more but that is more the hosts job. I am a former web developer and these are things I did not consider back then.
  3. Web Developers, much of my posting to date has covered protecting yourself. Lets talk about protecting your customer and their users. I cannot state this any stronger, Strong Passwords! If it takes little effort to break a password than the site you built can be hi-jacked to pass out malware. Database design, consider making it a tiered design. Sensitive data in a red zone, encrypted and password protected with strict access permissions. Less sensitive data in a Yellow zone that has lesser protection and more access and simple stuff in a green zone with just password protection and general permissions. If you use look-up tables that state that "2 = married with children", that is a look-up table and needs liuttle protection. But all sensitive data should be encrypted so that if adversaries do get to it... they can't read it. Be aware of SQL Injection attacks. If you allow data to be added to a website, make sure it is checked. If you allow basic comments with no security, an adversary could insert JavaScript into that comment that does really bad things. Malware Detection - Discovering Cross-Site Scripting Attacks Watering Hole Attacks. I think LastLine blog defined it rather well: "In a network watering hole attack, cybercriminals set traps in websites that their target victims are known to frequent. Often the booby-trapped websites are smaller, niche sites that tend to have limited security. These sites can include business partner sites or small websites that provide specific products, services, or information to the target company or industry. When visited, the compromised website infects the target end-users computer or device with keyloggers, ransomware, and other types of malware." The issue here is really about protecting web sites you build from being the water holes that infects your customers users. Network Security and Watering Hole Attacks As I come across tips for securing your web sites, I will expand this thread.
  4. FYI Yahoo Users

    Federal Judge: Yahoo Breach Victims Can Sue https://www.databreachtoday.com/federal-judge-yahoo-breach-victims-sue-a-10712
  5. Windows 10 'S Mode' Coming Soon - For Security and Performance https://thehackernews.com/2018/03/windows-10-s-mode.html
  6. Also good if you want to play with Linux and get used to it before switching, but Kali has lots of apps not normal on Linux distributions and used only for security work/hacking. Run 'Kali Linux' Natively On Windows 10 - Just Like That! https://thehackernews.com/2018/03/kali-linux-hacking-windows.html
  7. WordPress Update Breaks Automatic Update Feature - Apply Manual Update https://thehackernews.com/2018/02/wordpress-update.html
  8. Just an article that I thought some of you may find useful speeding up your wi-fi networks. 5 things that will slow your Wi-Fi network by NetworkWorls Magazine https://www.networkworld.com/article/3256026/lan-wan/5-things-that-will-slow-your-wi-fi-network.html
  9. If you do not understand why I think the repeal of Net Neutrality by the FCC is bad for us, or you simply do not understand what Net Neutrality is all about, Burger King will help you understand it while you wait on your whopper: Video from Twitter: https://twitter.com/BurgerKing/status/956166686054408192 You can see more on the subject here: The Issue of Net Neutrality
  10. Cybersecurity News

    Skype Microsoft Won't Patch a Severe Skype Vulnerability Anytime Soon [2/14/2018]
  11. Cybersecurity News

    Please bare with me as I figure out how best to handle the articles for easy viewing. As for now, I am closing this Topic in order to create replies that deal with each possible subject and will just edit that topic with new articles as I get them. If you have an article you feel should be added, just let me know.
  12. Microsoft Issues Security Patch Update for 14 New Critical Vulnerabilities https://thehackernews.com/2018/02/microsoft-patch-update.html
  13. Hello world!

    No, not at all. Found it funny considering yourself to old at 40 something. I think that age thing is a myth and a crutch used by older generations. Then again... what people see in social media is truly beyond me. Why would I care where you are or doing right now or what your food looks like. I am more interested in why you updating everyone that you are not home, come rob me? Maybe there is an age limit... anyone have a crutch I can borrow? Python really is easy, you would not be feeling so positive if it were Java most likely. But once you comprehend one language, you will note traits in all others. Stef is a good teacher. I learned Python back in 2000 and used to write code in my head speaking it to get my kid to sleep, worked like a charm... even I fell asleep during it! I like Python and keep nagging my boss to ditch Java for it.
  14. Hello world!

    Oui! Who are you suggesting is old here!? I will have you note young whipper-snapper that I am in my 50s and entering Cybersecurity by golly! 40s, ha! Many here may consider me an @$$, but none think of me as an old @$$... at least I don't think so. Seriously though, I don't think Stephan was Python when we met, he was a serious Java type. I think he is older than you, or at least close. Andrea will kill me if I suggest she is anything older than 29, then there was Limey, not sure where he disappeared, retired military, then got into IT. Actually I think you may fit in near the average age here. Not that many teens, I would say that back in the 90s and early 2000s our average age was 30s. So welcome to the forum and mind you don't trip over my walker young man.
  15. Super Beginner

    Good to hear. This forum was opened for beginners, not experts. Most of the regulars here like Andrea got their start building web sites by coming here. I am one of the few who actually learned this in a school, but even then I have picked up many tricks here and actually taught myself stuff while helping others. So never apologize for dumb questions, we all started out there and asked our own fair share. This is what Killersites was started for. Cheers!
  16. Your Windows Security Updates Might Stop!? https://www.stationx.net/windows-security-updates-might-stop/ The the Excel sheet he links to to see if your AV is covered or not.
  17. Top web browsers 2018: Microsoft's IE and Edge shed share as Chrome gains https://www.computerworld.com/article/3199425/web-browsers/top-web-browsers-2018-microsofts-ie-and-edge-shed-share-as-chrome-gains.html
  18. Oh, OK. That taxes me out then. Good luck with it.
  19. Although I consider Pi a Trump stooge for his actions destroying Net Neutrality, nice to see he is none simply a "Yes Man." He is at least picking the right side of this fight in my opinion. Of course this does not Verizon in any way like the Net Neutrality decision. FCC Head and Wireless Lobby Oppose U.S. Bid to Build a 5G Network https://www.bloomberg.com/news/articles/2018-01-29/u-s-is-said-to-consider-building-5g-network-amid-china-concerns
  20. Cybersecurity News

    Lenovo Vulnerabilities Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner [1/29/2018]
  21. Nearly 2000 WordPress Websites Infected with a Keylogger https://thehackernews.com/2018/01/wordpress-keylogger.html I hope none of you are using other peoples computers to make money for yourself. It is unethical and you deserve what you get in the end.
  22. You might want to pass this to any soldiers you know regardless of the country. Internet of Things (IoT) people, the Internet and your friends do not need to know where you are and what your are doing. Fitness apps, GPS geo-logging on photos you take, it all gives out info bad guys do not need to know. US soldiers are revealing sensitive and dangerous information by jogging https://www.adn.com/nation-world/2018/01/28/us-soldiers-are-revealing-sensitive-and-dangerous-information-by-jogging/
  23. Career paths for Python on Linux?

    I think it is a good call. I really liked Python and I have been dealing a bit with Debian and Kali and like them well enough, just takes getting used to when you have always worked with Windows. Helps that the GUIs have improved since the first time I opened one.
  24. Oh, I thought you were down on it, but hadn't dropped the idea yet. My bad.
  25. I have touched on this before friends, this is an important issue, there is a tremendous shortage of qualified cybersecurity professionals out there. Do you own look-up on Google and Co., the Air Force and the Air Force Association consider it a matter of National Security! This is just one article, so find your own. The US here, but really whatever nation you are from is likely to be facing the same shortage worldwide, needs people, especially school age kids to be looking at cybersecurity jobs for their future. As the article points out as well, EVERY IT job is now a cybersecurity job. You built an app you have to consider security. You build a website, you have to think security, because especially those of you doing freelance work, your customers are likely not doing it, breaches happen to other people. I used to do Freelance work... so many companies and software now build web sites for people cheaper than we can. Seriously consider making the move into cybersecurity, the jobs are out there, abundant, and international. And if you are not interested, talk to your kids or youth that you know. Show them programs like CyberPatriot. Especially girls, there are few to many in this career path. Hackers are not going away, more Nation-States are developing Cyber-attacks against their enemies. You know someone considering the Military? Every branch has cyber specialist fields now, from front-line troops needing protection for their communications to the premiere Cyber Warriors of the US Air Force protecting UAVs (drones), military communications and space born satellites. Not to mention NSA, CIA and other alphabet agencies from other countries. The field is wide open to those of you willing to give it a shot. Governments Look to Innovation to Solve the Shortage of Cybersecurity Professionals https://www.meritalk.com/articles/governments-look-to-innovation-to-solve-the-shortage-of-cybersecurity-professionals