Jump to content
Killersites Community

LSW

Moderators
  • Content Count

    1,535
  • Joined

  • Last visited

  • Days Won

    23

Everything posted by LSW

  1. LSW

    Cybersecurity Articles

    Data Breach Collection Contains 773 Million Unique Emails https://www.databreachtoday.com/blogs/data-breach-collection-contains-773-million-unique-emails-p-2713
  2. LSW

    Cybersecurity Articles

    As with the news I will be organizing articles by topic so the thread will be locked. This is more articles about security and less "News" per say.
  3. LSW

    Cybersecurity Articles

    Your Garage Opener Is More Secure Than Industrial Remotes https://www.databreachtoday.com/your-garage-opener-more-secure-than-industrial-remotes-a-11950
  4. LSW

    Current Threats

    5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws Bluehost, Dreamhost, HostGator, OVH, and iPage https://thehackernews.com/2019/01/web-hosting-server-security.html
  5. LSW

    Current Threats

    The following threads will be updated info on current threats to you. For now you must scroll down to find the newest until we find a better way.
  6. Reminder: Microsoft to end support for Windows 7 in 1-year from today https://thehackernews.com/2019/01/microsoft-windows-7-support.html
  7. LSW

    Cybersecurity Articles

    Police Can't Force You To Unlock Your Phone Using Face or Fingerprint Scan https://thehackernews.com/2019/01/phone-fingerprint-unlock.html [Let me add a few words here: Although I trust the site, they are not legal experts. This is one ruling in California. It is a fact that you cannot be forced to open your phone if secured with the less secure password/code. Nothing that is in your head. You can up until this point be forced to open your phone if you use the more secure physical methods like finger prints. This has been confirmed by many legal scholars. So outside of California, it may still be an issue. Lastly, I am currently training in cyber forensics and it has included the requirements for a search warrant, as we find evidence used in courts. Search warrants must be very specific about what they expect to find. Note I have bolded above how the judge found that the warrant was not limited to a person or device. They cannot have me open your phone because I happen to be in the room with you or your device. That said, this is an important call made by this judge and I applaud it. I do not use fingerprint or facial recognition as I can be forced to open my phone, I use the less secure options so that I cannot be forced to open it.]
  8. LSW

    Current Threats

    Hackers are spreading Islamic State propaganda by hijacking dormant Twitter accounts https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
  9. LSW

    How Secure are our Passwords

    The Top 100 Worst Passwords of 2018 https://www.teamsid.com/100-worst-passwords/
  10. I plan to add future posts to this as I come across anything worthwhile. As computers grow faster the ability to crack passwords improves. If you are still using 8 character passwords, it can be cracked in minutes. Add to that the eventual use of quantum computers by governments and one day maybe all of us... ANY password will be cracked in minutes. A computer can compare pre-listed common hashes at about 350 Billion a second. Also stay away from dictionary words. There are two primary attack types: Brute force: The attacker will just run his computer through combinations (a, ab, abc, abc1, abc2, etc.), literally using brute force of computing power to try every possible comination and for a average computer 8 characters is childs play. Dictionary attack: This is running through common words and includes modifying them (horse, Horse, h0rse, H0rse, H0r$3, etc.). Again, a really easy way to attack. So here are a few suggestions from me: The longer the password, the better. You really should be using 12 characters at a minimum and I would suggest more like 14 - 18/20. Use a password manager so you need not remember them all and can use randomly generated gibberish. Move away from Passwords and use Passphrases. Lyrics, Poem lines, Quotes, etc. These can be complete with spaces and you need not have special characters or numbers. It would also be more easily remembered than "C9bgTkYhd9dr". You can type them without dealing with special characters that can be a pain on a mobile device and you have really long lengths. Stay away from dates, those can be guessed like wedding date, kids birthdays etc. Stay away from pets or their names, breeds, etc. Stay away from children's information. Stay away from favorite things like authors, bands, hobbies as these may be guessed as well. Maybe use other uncommon languages, I have used Potawattomee, Tklinget, Gaelic. You need not even know the language, use a dictionary and see how your favorite animal is called in Gaelic "Winter Horse" in Gaelic will not be quickly broken, there are at least 4 forms of Gaelic, so I have to break not only what you like, but Irish, Scottish, Nova Scotian gaelic or Whales? And the name may include weird character groupings and special characters. If you remember what it was in English you can just look it up to remind yourself again. Never ever repeat passwords for other sites. Make each unique. Never give it out... to anyone. Hope you decide to get more secure and get some ideas from what I post here in the future. LSW
  11. LSW

    Patch Tuesday Updates (Windows)

    Microsoft Patch Tuesday — January 2019 Security Updates Released https://thehackernews.com/2019/01/windows-security-updates.html
  12. For those of you who have never noticed, the second Tuesday of the month is so called "Patch Tuesday" where Microsoft pushes out it's patches and updates. I will be posting notifications here as a reminder when there are important ones released. Remember that one of the base ways to protect yourself from malware and hackers is to keep all your software and Operating System (OS) up to date.
  13. LSW

    Two basic CSS Mistakes

    Between Newbies posting here lately and spammers claiming to work for big companies but with absolutely shoddy code, it came to me the most common problems with people using CSS. Right off let me say that for newbies this should not be embarrassing, I suffered this problem as well when I started. Beginners basically beginners are hesitant to use CSS, so they commonly try to work with it bit by bit. Wrong approach - just do it. This is usually seen when someone uses CSS just to effect fonts. Another form is tables with CSS. Yes you can do so but it defeats the purpose. Take this to heart, don?t go half way, just jump in. Thinking it is HTML: Forget what you learned about HTML, this in not HTML it is CSS, another language. All to often you see beginners writing CSS like it is HTML. Just replacing the Font tag with a class name on every paragraph or such. The idea is to use external style sheets. Every page is linked to this sheet, make a change to this sheet and every page reflects the change. By using styles inside of the tags, you add wasted code and have to make changes on every element on every page. If you merely define the paragraph tag than every paragraph will have that style, no need to ever ad class or ID's Do not mix, it just makes things confusing for everyone. I see many spamers with HTML attributes, inline styles in tags next to these with Block styles in the header and even a link to an external style sheet. These are god awful monsters to control. I am Webmaster of a site that is like that, the simplest changes will almost always break the site. Beware and avoid such sites and those who build them. If you have any CSS, put it all in external style sheets and most any HTML attributes can and should be done in the CSS as well. Remember this is not HTML you are dealing with, do not just replace HTML attributes with styles in the code. If you are going to use CSS it will only bring and advantage if you learn to write CSS as CSS and not as a HTML attribute replacement. Classes: Beginners always write classes, then you will see a dozen paragraphs with identical class names. Again this is due to this HTML style of writing we learned first and how we had to write fonts into everything. CSS is not that way. With CSS you can and should use ID's. Why? Well ID's for CSS can also be used as reference points for scripts and internal links, you need not name extra elements. Also for instance you name the upper element with an ID This way you can use a default style for paragraphs, but say that paragraphs in you content are shown differently than paragraphs in a footer. By using classes, you are creating far more work for yourself. Simply create a default and then redefine any elements by adding it to a ID description. In this way define links found in one ID element to look different from links in another ID element. Now this may seem a bit hard to follow, but keep it in mind. CSS is about minimize code. Ask yourself if you can not make things easier and smaller. A class can be used as often as you wish. An ID can be used only once per page. So use ID's as often as possible, then when you go to use a class, ask yourself if it is really something you need. Ask yourself if you need to use it multiple times or if it is not easier just to say, anything in a element with this name should look this way. Why repeat 5 classes in 5 paragraphs when you can say that a paragraph in a element called ?content? should look this way, whether 5 or 25 paragraphs. So in short as a review: Do not a use CSS inline styles as a replacement for Font tags. Use external style sheets, do not mix HTML attributes, inline styles, block styles (styles in the head tags) and external style sheets. Just use external style sheets for all CSS and HTML attributes. Do not use Classes for everything. Use ID's whenever possible. It is possible to create web sites with few if any classes at all. Define elements with a ID preamble to it so that those styles only go active when the defined element is in a specifically named ID. Feel free to view my styles and source code. Once you take these tips to heart, you will discover that CSS is much easier to understand then you believed. Darkshadow-designs & DSD CSS
  14. LSW

    Current Threats

    Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader https://thehackernews.com/2019/01/adobe-reader-vulnerabilities.html
  15. LSW

    Current Threats

    Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie https://thehackernews.com/2019/01/chromecast-pewdiepie-hack.html
  16. Microsoft Issues Emergency Patch For Under-Attack IE Zero Day https://thehackernews.com/2018/12/internet-explorer-zero-day.html
  17. Microsoft building Chrome-based browser to replace Edge on Windows 10 https://thehackernews.com/2018/12/edge-browser-anaheim-chromium.html
  18. LSW

    Current Threats

    PHP Version 5 End of Life: Millions of Websites are About to Become Vulnerable https://www.riskiq.com/blog/external-threat-management/php-version-5-end-of-life/
  19. LSW

    Media - On Cybersecurity

    IoT is Internet of Things meaning all the crap that goes online that is not a computer, to state it simply. It includes security cameras as well. This video was made by a fellow who was startled top hear a voice from his security system, a voice belonging to a Canadian claiming to be a Whitehat Hacker. The gentleman is naturally shocked. Note: The hacker claims to be a whitehat hacker, meaning he has no malicious intentions, But what he has done here is illegal and he did it without permission to at best he is a greyhat hacker. Whitehat hackers do there thing with the permissions of the target. That said, he does make a good point to the owner and declares he has no bad intentions. http://digg.com/video/canadian-hacker-nest
  20. Here I will be listing videos I come across on the subject of securit. There is now way to denote new one so you need to just keep coming back, I will add the dates as of all new ones: CIS / MS-ISAC (Center for Internet Security & Multi-State Information Sharing and Analysis Center) Sex, Lies and Mobile Devices: The Seedy Underworld of Mobile [in]security (58 min.) - You will be surprised and I hope disturbed by what all your "Devices" (some of those being devices you did not even know about) and what they are collecting about you and selling for their profit and you have no way to stop it anymore even if you know about it, and many times you will not! Assorted Media Blueborne - Android Take Over Demo (1:43) - This is a demo showing how in less than 2 min., using the BlueBorne attack, a pretend "Hacker" gets into a cell phone without the owners knowledge and activates the camera to watch her. The phone is an Android, put this attack is a Bluetooth vulnerability that affects ANY bluetooth device. It could also be your microphone or apps you use. does your phone sit where it can view your screen or your private activities? Does you Laptop sit open or is there a web cam on your PC and are these in your bedroom? Are sensitive files saved in a simple folder or are they at least in an encrypted container? [10/25/2017] Trape (10:33) - Trape is a so called people tracker. This video shows how to use it. Now this is a hacker tool, but I want you to understand how easy it is for you to be manipulated. I need but set this up and send you a link which you click and I have you. I can mess with you, I can get data about you. I can see all your social accounts id I want to stalk you. I just have to be creative and you have to be lazy just once. This tool creates the fake pages that look just like the originals. NOTE: The fake address for the victims is an IP address first, then the google address to fake you out. Remeber the top domain is always the first. [11/9/2017]
  21. This journalist got it in his head to do everything he can to avoid using any top 5 hardware, software or service for 1 month. Learn why and how it went for him. Cybersecurity includes privacy as well. The top 5 industry leaders are that way mostly by questionable actions, tracking, selling your data, forcing you to use their services and many more dirty little tricks. We help millionaires and their corporations get richer while giving up our privacy for convenience. So, article 1 is why he decided to do this and article 2 what he did and the final results he found. 2 is definitely and interesting read, but it is LONG. You may choose to scroll through to just sections you are interested in. So I ask you, do you think you could give up the top 5 services etc.? 1. Why I'm Quitting Google, Amazon, Microsoft, Facebook, and Apple for a Month https://motherboard.vice.com/en_us/article/mbxndq/one-month-without-big-five-microsoft-google-facebook-apple-amazon 2. How I Quit Apple, Microsoft, Google, Facebook, and Amazon https://motherboard.vice.com/en_us/article/ev3qw7/how-to-quit-apple-microsoft-google-facebook-amazon
  22. California proposes a plan to tax text messages https://www.cnn.com/2018/12/12/tech/california-text-tax/index.html
  23. LSW

    Patch Tuesday Updates (Windows)

    Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack https://thehackernews.com/2018/12/microsoft-patch-updates.html
  24. Adobe's Year-End Update Patches 87 Flaws in Acrobat Software https://thehackernews.com/2018/12/adobe-acrobat-update.html
  25. phpMyAdmin Releases Critical Software Update — Patch Your Sites Now! https://thehackernews.com/2018/12/phpmyadmin-security-update.html
×