LSW

Great news for Skype users, Skype will now use end-to-end encryption. So what is End-to-end encryption? Imagine this silly example: Stef and I offer a service. Stef has a long string and two cans. I stand by a long way away with your friend, and you walk up to Stef and say you want to tell your friend a secret. Stef holds the can and you tell him what to say. You trust Stef not to tell your secret. Your friend is with me and I hear your secret, as can I and you trust me not to tell. Darling Andrea wanders up to the string passing her ad listens but cannot here anything. That is normal encryption. from Stef and tell your friend. Whoever hosts the service has access to the un-encrypted data and you must trust them. In my example, Stef gives you a chart of letters and corresponding numbers. The chart we give you simply says the letter A = 1, B = 2, C = 3, D = 4, E = 5, etc. You decide with your friend to shift all letters by 5, so a 5 means "A". We do not know if you shifted your letters by 1 or by 17. You tell Stef your encrypted message that makes no sense to him. Andrea still cannot hear it and I tell your friend the encrypted message I do not understand which you figure out using my copy of Stef's chart. Silly I know, but I hope it worked. Basically End-to-End encryption means that when your skype software encrypts your secret before sending it to the skype server, the encrypted server sends the encrypted data to your counterpart who's skype software un-encrypts it for them. Skype never has access to your messages, even if forced by authorities, that cannot give it up as they have no access to the message as it is always encrypted and they do not have the key to reading the encrypted text or audio. Before, Skype had access to your conversations, but no one else (Andrea). Now not even Skype knows what you are saying/writing and you have more privacy. That is always good. By the way, Andrea is a doll and would never spy on you, I just needed a badguy and she came to mind (sorry luv). Skype Finally Adds End-to-End Encryption for Private Conversations https://thehackernews.com/2018/01/skype-encrypted-calls.html

I have touched on this before friends, this is an important issue, there is a tremendous shortage of qualified cybersecurity professionals out there. Do you own look-up on Google and Co., the Air Force and the Air Force Association consider it a matter of National Security! This is just one article, so find your own. The US here, but really whatever nation you are from is likely to be facing the same shortage worldwide, needs people, especially school age kids to be looking at cybersecurity jobs for their future. As the article points out as well, EVERY IT job is now a cybersecurity job. You built an app you have to consider security. You build a website, you have to think security, because especially those of you doing freelance work, your customers are likely not doing it, breaches happen to other people. I used to do Freelance work... so many companies and software now build web sites for people cheaper than we can. Seriously consider making the move into cybersecurity, the jobs are out there, abundant, and international. And if you are not interested, talk to your kids or youth that you know. Show them programs like CyberPatriot. Especially girls, there are few to many in this career path. Hackers are not going away, more Nation-States are developing Cyber-attacks against their enemies. You know someone considering the Military? Every branch has cyber specialist fields now, from front-line troops needing protection for their communications to the premiere Cyber Warriors of the US Air Force protecting UAVs (drones), military communications and space born satellites. Not to mention NSA, CIA and other alphabet agencies from other countries. The field is wide open to those of you willing to give it a shot. Governments Look to Innovation to Solve the Shortage of Cybersecurity Professionals https://www.meritalk.com/articles/governments-look-to-innovation-to-solve-the-shortage-of-cybersecurity-professionals

Have fun... all I really do now is read cybersecurity articles to keep abreast and watch for vulnerabilities in our servers and machines. It is not quite as romantic as it sounds. Cheers luv!

Critical Unpatched Flaws Disclosed In Western Digital 'My Cloud' Storage Devices https://thehackernews.com/2018/01/western-digital-mycloud.html

In the future you might try renaming them before deleting the files. If nothing breaks you can then delete them. Sorry for the delay, I was on vacation (at home) for 12 days and refused to touch a computer. You will want to check if you are using any of these plug-ins: Three More WordPress Plugins Found Hiding a Backdoor [1/4/2018] Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites [12/20/2017] WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack Another idea luv, would be to check if your credentials for the wordpress site come up as being compromised. If not listed here, you are still rather secure: Have I been pwned? https://haveibeenpwned.com/

Critical Flaw Reported In phpMyAdmin Lets Attackers Damage Databases https://thehackernews.com/2018/01/phpmyadmin-hack.html

Huge Flaws Affect Nearly Every Modern Device; Patch Could Hit CPU Performance https://thehackernews.com/2018/01/intel-kernel-vulnerability.html

Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger https://thehackernews.com/2017/12/cryptocurrency-hack-facebook.html

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites https://thehackernews.com/2017/12/wordpress-security-plugin.html

Made in Germany...

Another issue arising lately with Win 10 it the installation of software without user knowledge or consent. So keep an eye out for things you did not install. Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords https://thehackernews.com/2017/12/windows-10-password-manager.html

Here is a new one finally, the Air Force Association who runs the Youth Cyber Patriot competition program is releasing a children's book for Cyber Security, "Sarah the Cyber Hero!" These days your really cannot start to early to teach kids to be safe online. http://www.uscyberpatriot.org/special-initiatives/cyber-education-literature-series

Deprecation of SHA-1 and moving to SHA-2 Sha-256 is part of the Sha-2 family.

4K is another name for Ultra High Resolution. It is short for 400,000 pixels, although it is not quite that high, but close. https://www.cnet.com/news/what-is-4k/ What it is is sweet! my TV is 4k. I don't like laptops now because I have two monitors at work. But what I also do there is break up my work with virtual desktops. There are many out there but I use Dexpot which is a free one. My primary work is on desktop 1, my private email is on desktop 6 and batch processes I run are on desktop 2. so depending on what I want to do I just switch from one desktop top another.

Here are a couple of videos that may explain it and how it can effect you, better than I have. Here's What You Need To Know About Net Neutrality - Screen Junkies News What is net neutrality and how could it affect you? - BBC News

Well, as I feared, it is official. Net Neutrality has been repealed in the US. ISPs are now free to play Netflix fast and Hulu slow if one pays more. They can block new technologies from wide usage if they feel they or a partner is working on another competing technology. They can block you from accessing any sites they may not agree with so no more planned Parenthood info if the ISP is owned by Pro-life businessmen or maybe or pro-drugwar ISPs can block web access to marijuana shops in states where it is legal. Of course you can always vote with your wallet, drop your ISP and access a new one you trust or offers what you want... if you are lucky. But those of you in Rural areas may not have another choice. Our Internet access came down to two companies, so we went with the one that we did not hate, but the one we hated bought the smaller one so now they are the only choice in town and they can now control what I have access too. If you think it is not a big deal, remember there was a time when Facebook was a startup and we had no neutrality law and a certain major player ISP banned Facebook from their services as it was competing with some idea of their own. Facebook may never have come into existence without the neutrality laws. So what new technology or service will we never have now because of the whims of big business? But more than a few groups are swearing the fight is not over yet.

For those of you using DirtectTV, there is a risk that could allow attackers access to your system and network. Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices https://thehackernews.com/2017/12/directv-wvb-hack.html I have not discussed this issue yet as it can be a tad complicated for those who have never dealt with your routers yourselves. It may be a good idea to talk to someone in "The Know" or discuss it with your ISP support team. The real issue here is IoT (Internet of Things), all the gadgets that are being developed to use the internet. The folks who create your OS generally think about security. The folks who develop your router think about security. But does the developer of all this IoT crap think about security? Did the software developer for you internet connected coffee machine, pace maker, iBarbecue thing think about security? Likely not... so time and time again researchers and bad actors have found ways to bypass the best security people thought they had by hacking a unprotected IoT device. This is another example how hackers can get into your network through your Smart TV. For those of you who like a challenge, find a way to limit your IoT things contact to your network. It needs access to the Internet, but no other devices, it needs no access to your computers or tablets and phones. This way if compromised, the attacker can't do much of anything. Another way is to replace your Router's firmware with an opensource software with something like DD-WRT. Routers can do much more for security if you understand them, but their firmware is "Simplistic" for the average user. By getting more control with other software you can create two networks, your main network and a locked down network for just IoT devices with no contact to your personal devices.

Let me toss this out: Sha1 is outdated and easy to crack. You should use Sha-256 at a minimum for user protection.

Read this and you will see why it is a bad idea. I get it, passwords are hard to remember when you have lots of them or you change them a lot. But the disturbing thing here is that of this 1.4 Billion passwords, many are still active as the authors discovered. Also, remember to check periodically if your passwords etc. have been stolen and posted online: https://haveibeenpwned.com/ Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online https://thehackernews.com/2017/12/data-breach-password-list.html

I almost always listen to music, and music of all sorts. European Goth mostly, but bagpipes as well and sometimes Native American or Celtic. It has little to do with what I am doing either, more my mood. If I am angry then a lot of Linkin Park, if mellow then classical or Native. If my cubicle mate next door is being obnoxiously loud then we get into Bagpipes or death metal... something loud to drown him out. In the end it depends on the person, some can do anything with any type of music. Some like Stef says depends on what they are doing. Some other folks may need silence. I simply don't like all the background noise and conversations around me so music of any sorts drowns it out so I can concentrate. Silence makes it hard for me to concentrate as I get bored, that is the ADHD coming through.

Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability https://thehackernews.com/2017/12/windows-update-malware-protection.html

If anyone at Killersites builds Android mobile apps or knows someone who does, take note of vulnerabilities is the development tools. https://thehackernews.com/2017/12/android-development-tools.html

I have decided to make the Data Breaches section it's own post as it is getting rather long and it shows just how insecure your data is from even some of the best known companies. Do not give up info to anyone who really does not need it. Just these headlines as of 12/6/2017 show over 273 Million people's data has been compromised. Health Data Breach Tally Shows Mistakes That Lead to Trouble: As of Sept. 25th 2018 there have been 263 data breaches (USA) effecting 7.3 Mil. customers data in 2018 to date. Data Breaches 2019 Capital One Data Breach Affects 106 Million Customers; Hacker Arrested [8/2/2019] LAPD Data Breach Exposes Personal Info of Roughly 2.5K Officers [8/2/2019] Bulgarian Authorities Arrest Suspect in Massive Data Breach [7/18/2019] Hacker Stole Data of Over 70% Bulgarian Citizens from Tax Agency Servers [7/18/2019] Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants [5/31/2019] Flipboard Database Hacked — Users' Account Information Exposed [5/29/2019] Popular Online Tutoring Marketplace 'Wyzant' Suffers Data Breach [5/8/2019] Unprotected Database Exposes Personal Info of 80 Million American Households [5/1/2019] Rep. Thompson Seeks Answers From FEMA Over Data Mishap [4/9/2019] Georgia Tech Data Breach Exposes 1.3 Million Users' Personal Data [4/4/2019] Millions of Facebook Records Found Unsecured on AWS [4/4/2019] 540 Million Facebook User Records Found On Unprotected Amazon Servers [4/4/2019] Breach of 'Verifications.io' Exposes 763 Million Records [3/12/2019] Wendy’s to pay $50M in data breach settlement [2/26/2019] Almost Half A Million Delhi Citizens' Personal Data Exposed Online [2/25/2019] Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale [2/15/2018] Hack Attack Breaches Australian Parliament Network [2/8/2019] 14k HIV+ records leaked, Singapore says sorry [2/7/2019] Airbus Hacked: Aircraft Giant Discloses Data Breach [1/31/2019] Yahoo's Proposed Data Breach Lawsuit Settlement: Rejected [1/30/2019] iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret [1/30/2019] Unprotected Government Server Exposes Years of FBI Investigations [1/17/2019] Over 202 Million Chinese Job Seekers' Details Exposed On the Internet [1/10/2019] 2018 Marriott Mega-Breach: Victim Count Drops to 383 Million [1/8/2019] Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted [1/8/2019] Town of Salem Data Breach Exposes 7.6 Million Gamers' Accounts [1/7/2019] Hackers Intercepted EU Diplomatic Cables for 3 Years [12/19/2018] Mayday! NASA Warns Employees of Personal Information Breach [12/19/2018] Bloom is off the rose: Canadian 1-800-FLOWERS operation discloses four-year breach [12/18/2018] Marriott: Breach Victims Won't Be Forced Into Arbitration [12/12/2018] Quora Gets Hacked – 100 Million Users Data Stolen [12/4/2018] Marriott's Mega-Breach: Many Concerns, But Few Answers [12/3/2018] 500 Million Marriott Guest Records Stolen in Starwood Data Breach [11/30/2018] US Postal Service Left 60 Million Users Data Exposed For Over a Year [11/27/2018] Dell Resets All Customers' Passwords After Potential Security Breach Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach Amazon Snafu Exposed Customers' Names and Email Addresses [11/27/2018] HSBC Bank Alerts US Customers to Data Breach [11/8/2018] Connecticut City Pays Ransom After Crypto-Locking Attack [10/23/2018] Obamacare System Breach Affects 75,000 [10/23/2018] Pentagon Travel Provider Data Breach Counts 30,000 Victims [10/16/2018] Aetna Hit With More Penalties for Two Breaches [10/16/2018] Heathrow Airport Fined £120,000 for Lost USB Storage Drive [10/10/2018] Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data [10/10/2018] Google Forced to Reveal Exposure of Private Data [10/10/2018] United nations accidentally exposed passwords and sensitive information to the whole internet [10/2/2018] Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw [10/1/2018] Facebook Hacked — 10 Important Updates You Need To Know About [10/1/2018] SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users [9/26/2018] Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer [9/20/2018] UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm [9/20/2018] Perth Mint Says 3,200 Customers Affected By Data Breach [9/19/2018] Yahoo's Mega-Breaches: Altaba Moves to Settle Lawsuits [9/19/2018] British Airways Hacked – 380,000 Payment Cards Compromised [9/7/2018] Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected [8/30/2018] T-Mobile Hacked — 2 Million Customers' Personal Data Stolen [8/24/2018] Another Fitness App Exposes Users' Data [6/6/2018] MyHeritage Says Over 92 Million User Accounts Have Been Compromised [6/6/2018] Bell Canada data breach: Up to 100,000 customers affected [1/29/2018] Nearly Half of the Norway Population Exposed in HealthCare Data Breach [1/22/2018] OnePlus confirms up to 40,000 customers affected by Credit Card Breach [1/22/2018] OnePlus Site’s Payment System Reportedly Hacked to Steal Credit Card Details [1/16/2018] Forever 21 Confirms Security Breach Exposed Customer Credit Card Details [1/4/2018] Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers [12/22/2017] Insider Allegedly Steals Mental Health Data of 28,000 Patients (San Antonio, Texas) [12/7/2017] Uber Paid 20-Year-Old Florida Hacker $100,000 to Keep Data Breach Secret [12/7/2017] Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users (virtual keyboard app, AI.type) [12/6/2017] Stanford University server exposes data of 10,000 staffers [12/6/2017] PayPal Subsidiary Data Breach Hits Up to 1.6 Million Customers [12/4/2017] NOTE: This was the TIO Platform and not PayPal, PayPal just owns them since July 2017. They claim it does not effect PayPal customers. Uber's British Breach Tally: 2.7 Million Victims [11/30/2017] Imgur Warns: Old Breach Compromised 1.7 Million Accounts [11/28/2017] Did Uber Break Breach Notification Minimum-Speed Limits? [11/28/2017] Uber Concealed Breach of 57 Million Accounts for a Year [11/22/2017] Forever 21 Warns Shoppers of Payment Card Breach at Some Stores [11/16/2017] Malaysia Stung by Massive Data Breach Affecting Millions [11/3/2017] How Top Companies Accidentally Leaking Terabytes of Sensitive Data Online WebSites Found Collecting Data from Online Forms Even Before You Click Submit US Defense Contractor left Sensitive Files on Amazon Server Without Password Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server Passwords For 540,000 Car Tracking Devices Leaked Online Amazon's Whole Foods Market Suffers Credit Card Breach In Some Stores Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach Blood Test Results Exposed in Cloud Repository This is getting too stupid, so I am giving Equifax their own list Equifax New York AG Settlement Requires Equifax, Others to Beef Up Data Security [12/19/2018] Equifax Breach 'Entirely Preventable,' House Report Finds [12/17/2018] Congratulations: You Get 'Free' Identity Theft Monitoring [12/13/2018] Why Was Equifax So Stupid About Passwords? [9/26/2018] UK Regulator Fines Equifax £500,000 Over 2017 Data Breach [9/20/2018] Postmortem: Multiple Failures Behind the Equifax Breach [9/17/2018] Equifax Hack Exposes Personal Info of 143 Million US Consumers Equifax Data Breach: Steps You should Take to Protect Yourself Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach Equifax: 15.2 Million UK Records Exposed Equifax, TransUnion Websites Served Up Adware, Malware

Here is a Good look at why non-US killersites members should be paying attention. This reviews Net-Neutrality from a Canadian view, not the US vote of the FCC, but in general, the whole general subject faced by Canadians. Threat To Net Neutrality Hits Canada In a New Form