LSW

What the world looks like without net neutrality... - Jan. 2014 Net Neutrality Explained - Wall Street Journal Feb. 2015 Now this may be funny, they make some good points about the rules: Net Neutrality II: Last Week Tonight with John Oliver (HBO) - May 2017

This is a keynote speech sponsored by "New America" and makes some very good points. He goes into the history of why these rules were created. How ISPs blocked start-up companies like Facebook and google and the like because the ISP were working on their own services or were partnered with others who were creating services and so all competition was blocked. For those of you not in the US, this is still important, because you may have such issues in your countries or such laws to stop such actions. If we lose our rights, that could be used by your ISPs to argue for changes in other countries. Total Eclipse of the Net: The End of Net Neutrality? - New America

Cyber Warriors Fight USAF's Most Active, and Secret, War http://www.airforcemag.com/MagazineArchive/Pages/2018/January 2018/Cyber-Warriors-Fight-USAFs-Most-Active-and-Secret-War.aspx Again, as I have stated before in different places here, Cyber Security is a case of National Security. It is estimated that the US will be missing some 3.5 million jobs in cyber security by 2021 and in the meantime Pres. Trump suggests joining the Russians for cyber security. If you, family, or friends are looking to get into a new field, cyber security is a great place to go. Have kids join the military for cyber training and experience any big company will love to hire later. For those not in the US, every nation now has cyber security embedded into their military and every nation is going to need cyber security in the coming years.

Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests https://thehackernews.com/2017/12/dji-drone-china-spying.html This article falls into the area of IoT (Internet of Things) and how with so many things becoming connected to the internet we are losing control over what data is collected. For my point here you can drop China (although that is a concern) and concentrate on the larger picture. To you these UAVs (Un-manned Aerial Vehicles) are often little more than toys or just a hobby like RC Aircraft... but with today's technologies they can be used to pinpoint points of interest. Are any of you aware of a US Airstrike a few years ago on an ISIS headquarters? Some little putz with a smart phone took a photo of himself with his assault rifle and posted the photo online. That was picked up by intelligence and as he had not turned off tagging, the phone GPS tagged the photo and gave the US the HQ direct location and in less than 48 hours a airstrike hit it killing some high ranking commanders. In another (accidental) case years ago, a power station failed. The load must then be spread in the system causing other smaller stations to fail, their loads in turn exceeded the draw on larger nets and the cascade effect finally knocked out power grids in the upper east coast, as far west as Michigan and as far north as into Canada. Millions without power for days. Now just as an example, add these three stories together. I live near a small power center, I fly my UAV (Drones are military un-manned targets) and GPS is collected as well as the fact it is flying around a power station. A few others do the same and the adversary now knows where they are to within a few feet. They hack in, or physically break in, bring down the stations so the power defaults to other lines that then collapse and whole grids begin to fail. We can argue all day about the likelihood of this, but it is a very real threat, it is possible regardless of how unlikely you think it is. It is merely a precautionary tale. This is also not including the fact that these UAVs are collecting personal data on you. Always limit as much info going out about you as possible from any IoT, app or device.

Let us imagine I have gotten you riled up or just interested in Cyber Security, what now? Well I am preaching it and trying to convince you all that It is very important There is a major need for it There is big money in it But we at Killersites are simply here to help each other and the community. So here is how to help your community by helping teach Cyber Security: Announcing the Security Education Companion Security Education Companion by the Electronic Frontier Foundation (EFF) It is there to help you set up lessons and offers materials and tips. Air Force Association Cybercamps There are other ways as well like Air Force Association Cybercamps for kids. Even Canadians take part in CyberPatriot so I assume the camps can be in Canada too. Computer Clubs Many schools have computer clubs as well so track them down and offer to help the teacher in charge. If you think your starting to late or to old (your not), then at least try to recruit & train the next generation of cyber security specialists.

Ah! My friend Malarkey! He was a big help back when I was doing web design. Always had good articles and good ways of explaining things although this one I have never seen. He is always worth reading. Really look around his stuff folks, you will likely not regret it.

I am posting this as I feel it is an important issue. You may not have heard of it or simply not really know what it is about. Briefly, the Net Neutrality rules state that High-speed Internet is a utility that all Americans have equal right too. My Internet has to be the same speed as yours. If this is removed, it will mean, for example, that my ISP could charge services for speed. You may watch Netflix at high-speed because they paid for it and Hulu did not so it keeps buffering and snagging etc. Another form of this is poor people get slow speed internet (remember that from the 80's?) while rich people can afford high-speed Internet. The claim is that it will make new jobs, but how often is that the fact? The truth is the ISP and others stand to make lots of money serving the richer and the poorer will get a poorer internet experience. This is coming to a vote soon. Trump wants it gone and it is an Obama legacy. Whether it is to wipe away another Obama legacy, or to increase the wealth of his big business buddies or if Trump really believes it will make new jobs, I do not believe it to be a win for the people and most people do not seem to believe so either. The Internet is now a human right and all should have equal access to it in my opinion. I cannot support ending Net Neutrality anymore than I could support censorship like the Great Firewall of China. If you are an American, read these and do your own investigation and then if you agree, sign a petition or call/write your congressional and house representatives and let them know you do not agree. The vote is before the Holidays. Burger King explains Net Neutrality The New Net Neutrality Rules (From 2016) What Net Neutrality Rules Say I'm on the FCC. Please stop us from killing net neutrality A Lump of Coal in the Internet’s Stocking: FCC Poised to Gut Net Neutrality Rules Most Americans Support the Net Neutrality Rules that Trump’s FCC Wants to Kill Investigate it yourself and make an informed decision as to if you think it will benefit the people. Just please do it soon.

Just a heads up to HP owners. This is one of those situations where this is not really a security issue, but it is a privacy issue if you are sensitive about your privacy or control over YOUR PC. First the article: HP Silently Installs Telemetry Bloatware On Your PC - Here's How to Remove It https://thehackernews.com/2017/11/hp-computers-telemetry-data.html Now some of you may quite legitimately ask what the big deal is. There are a few points here, none of which may have any meaning if you don't worry about your privacy or have different views on what makes up your idea of your privacy. For those people who do have an issue with this, here are some reasons why: Telemetry: Telemetry can mean different things depending on who collects it, NASA space shot telemetry is a different thing in many ways. For us, this is data about your machine. This can clearly be useful for HP, telling them as an example that "XX many HP users still use Vista", "XX% of HP machines with this patch level have over a 47% more chance of crashing when this and that software are installed". This is all good info, no arguments. Privacy Part 1: One issue is "What are they collecting and how does it ID me?" Normally this is not PII data of course, SSN, DOB etc., but it is still a form of Fingerprint. A fingerprint if of no use on its own, It would mean nothing to Wyatt Earp in the 1800s, but today and together with data bases it is a crime solving tool. Your PC fingerprint can be used to identify it by the way it is set up, what is on it, and various IDs like your IP address will tell them where it is, the MAC address will tell them exactly what Manufacturer made a part. this is some of what identifies my PC right now from your device you are reading this on. Alone the MAC address can lead someone to the serial number of the PC, that is connected to a payment for that PC which leads to me and the IP gives my general area of Alaska. It is like cop shows where they place random details in the trash together to get an idea of who the suspect is and what they are likely to do by profiling them. Privacy Part 2: Another issue aside from not knowing what data they are collecting, is the fact that they are doing so without our consent. Aside from legality and public domain legal arguments, just set all that aside... answer these questions and ask yourself if you feel the same about HP collecting data without your knowledge? If you see some (clearly not homeless or starving) person going through your trash, would you be upset? If I asked your permission to go through your trash, would you likely say yes or no (aside to thinking I am weird)? MY PC!: This is my PC, I decide what software goes on it and when it runs. HP intentionally put there software on "my" machine and they decided when it would run and what it collects, all without asking me! Again, imagine looking out your window and seeing guys in Ford branded clothing, opening up your Ford vehicle with some sort of "command key" and installing something... and then getting is a car and driving away, not saying a word to you. MY PC/Changed Result: Now take the above, but your neighbor sees it. You get into your car, get on the highway, give it the gas and... your car will not go above 55. You think something is wrong and you go home and your neighbor tells you what they saw. You open the hood and find a throttle installed without your knowledge or permission? Alaska would not be so bad as we are a 55 mph state, but Michigan is 65 mph last I looked and that would suck! Now this example is not quite the same because HP is not intentionally slowing your PC as it seems to have done according to some people in the article, but the result is the same. Gamers pay big bucks for fast PCs, I pay big bucks for fast internet, and now an app I did not want or even know about is slowing my machine down. If you read may older posting s on web design and accessibility you will find a common thread, "Let the user choose what they want". The best example of this is building a website that plays music automatically. Can my connection handle the extra load? Is it costing more money in fees? Is it music I even like? Is it now playing over top of the music I was listing to already? Can I even hear it? Maybe my speakers are off? In the end this is not a security update, or a patch, or anything that even helps the owner? No, it only helps HP and they placed on PCs without the users knowledge or consent and it slowed many down. It should have been announced, and it should have been voluntary, and it should be easily and quickly deletable if it effects the machine. That is why it is a big deal for many people and yet it may not bother others. Never force things on the users, let us use free will.

OK, then just try the ../, that takes you out of the folder you are in and the page should be in the next folder up. So lets say folder 1 has GoodWork.html and inside folder 1 is folder 2 with page 2 folder 1/GoodWork.html folder 1/ folder 2/page2.html <li><a href=“../GoodWork.html”>Home</a></li> The ../ Takes me away from page 2 out of folder 2 into folder 1 to enter GoodWork.html. Does that make any sense to you?

I have mentioned this before and must do so again so that you understand what we are speaking about when discussing Security vs. Privacy. Also let me state that I often come across a bit judgmental, that is not my intention here. Win 10 is a very solid and well secured OS, but not good for those looking for privacy and anonymity. Privacy vs. Security At a quick glance you will think that they are more or less the same, and that would be the case if we were speaking of material privacy. If your Laptop is secure than your Private photos remain private. But in cyber security we are speaking of privacy as a concept, not a thing. In this case it breaks down like this: Security: This generally speaks to your machine, hardware and software. It deals with Trojans, worms, viruses, adware, malware, ransomware, as well as system vulnerabilities like un-patched or old software, old anti-virus signatures. Keeping permissions tight, keeping access blocked, etc. Privacy: In this case we are talking about you rather than your things. Privacy is about protecting your data, not giving out your SSN, not posting embarrassing photos, not letting other know what you are doing. It is about the information and actions and beliefs that make up you. The basis of all cyber security considerations is which of these two things is most important to you? It is not about choosing one or the other, they are very much entwined, but you will always have to choose between which one weights more in your worries. That decision will often form your choices. If you are a political dissident, if you have a secure PC, but you announce your name online you will be arrested and jailed and any adversary with your hardware will eventually crack it. If you protect your identity online, the government will not who to arrest and not get your machine. So, Privacy is more important, though you would protect your PC too. Windows 10 – Go for it or hold off? So, we come back to Windows and my question above: What do you care more about? If you go out and get a new PC, it will likely have Win 10. The question is then, do I simply accept IU am forced to have Win 10? Do I wait until the next generation of Windows? Or do I simply purchase or change my OS to another type, Like Linux? Here is a break down for you and why the question is so important. I will go Positive first as I am not trying to influence you as it is a personal choice, you just need to understand what is at stake. Security Win 10 is getting some praise by the traditionally anti-Microsoft security experts. 10 is proving to be a major change for Microsoft, it is solid and far more secure than any other Windows in history. Remember that Windows has always been “Dumbed Down” for the users. They want it ridiculously easy to use so you’re the user do not have to think, just point and click. This however has resulted in decisions that, although making your life easier, also made the system massively insecure. Granted, it was also conceived in a time period where nobody saw a real need for security. Here are just a couple reasons I can think of off the top of my head why Windows has finally become more secure. Security and ease of use rarely go hand in hand. Virtualization-based security: Greatest thing to hit Windows since they started using Windows. Most of you know what virtualization is. You install a Virtual Machine and then you can run any type of Operating System (OS) on that machine. So, you boot into Windows, open your VM and you can run a Linux computer on your Windows machine as an example. Win 10 uses a version of this to run much of it’s security virtually, so even if a hacker gets into your admin account, that does not give them the needed permissions to change many major settings. This is a major change for Microsoft and something the security field has been preaching for years. Virtualization is one of the keys to security keeping different parts of the system separate from each other. You can imagine it as a virtual sandbox. Defender Application Guard for Edge: This is another example of Virtualization. Cyber security is a technical field mostly and I try to keep from getting to deep in the technical stuff with you as most of you may want to be safer but now follow the technical stuff. Basically, Application Guard decides if the web site you visit can be trusted. If it is Edge shows it as usual, if not, you still see it as usual, but the web site is shown in a virtual browser and anything bad it includes is unable to infect your browser or the machine. Here is a Happy & Bubbly video on how it works for users. Device Guard: Virtualization again shows its power with this tool. It uses the “Zero Trust Model” where everything is considered untrustworthy. You then “Whitelist” apps you trust or know where they came from. Traditional security counts on having a signature of “Bad” software, so new threats are not recognized as threats. This way everything is considered a threat until proven otherwise, so new threats do not get through. All software must be signed, from Microsoft, the developer, or now you can vouch for software you trust. Using virtualization keeps any malware that reaches the system from running code that will write or change code to the Kernel of the OS programming. Device Guard will also work hand in hand with AppLocker which is in Windows since Vista and can be used to limit permissions to applications. How Windows Defender Device Guard features help protect against threats NOTE: Currently Device Guard only works on High-end editions like Enterprise, Business and maybe Education editions. It does require some hardware etc. that supports the technologies used. Many producers have signed on to support this technology, but they have not shipped such machines, so at this time the average Home edition user will not be able to take advantage of this tool. High-end computers may be able to if they run high-end editions. There are more things making Win 10 the most secure operating system form windows yet, these are just a few real worthwhile mentions. You can see more at: What's new in Windows 10. Privacy This is a completely different matter. As mentioned above, ease of use & security rarely works well together, nor does ease of use and privacy. Here I look at it from both a security point of view and generationally. I am an old guy, so I come from a different world and cannot understand all this linking of stuff. A Phone and a camera are two different things, so why combine them, which was my opinion with the iPhone 1 announcement. Along those lines, why would I go on Facebook and post a selfie of me and my dinner while telling everyone following me what I am eating and at what restaurant at this moment. Who cares? And why would I want to follow anyone anyways? But the millennials and later, it is simply the way things are and what you do. Win 10 is made in the image of Millennials, or at least what Microsoft thinks they want (rather than need). The result is, we get things like the required addition of a Microsoft controlled email to use the OS fully. More and more Microsoft in creeping into our private lives. Win 10 is riddled with Apps that identify you, they track you, they call home and let MS know where you are, what you like, and much more data about you which MS then uses to target you for advertising and among other uses, makes a profit off you. This is why you must decide what is more important, a secure OS or an OS that phones home without your knowledge and permission to tell businessmen everything about you just so you can use Skype with fewer clicks. That is the reason it all depends on you, if you want security and do not care about secret communications between your machine and MS, you just want easy access to all your social tools, then Win 10 will work for you. If your privacy is important and you don’t like this idea of MS possibly spying on you, then go with another OS or wait and see if we privacy advocates can force MS to back off and respect our privacy in the next OS. Here are some privacy examples for you: Synchronization is the default. Everything synchronizes with Microsoft to include, web sites you visit, passwords, personal data, browser history, hotspots, software settings etc. Do you trust MS with your user IDs and passwords? Do you visit sites that maybe you do not want others, especially strangers to know you visit? Each instance of Win 10 gets a unique Advertising ID to customize advertising you receive to your interests. They do not do this to be nice, advertisers pay them good money to target you with their advertising based on what you surf to or for. Cortana Data Collection, seriously, was your life so difficult before Cortana? To serve you it must learn about you. To work and meet your requests Cortana (and Siri etc.) collect data such as device location, information & location history, your contacts, voice input, search history, calendar details, content & communication history from messages and app, key strokes, debit & credit card details, movies you watch and music you listen too, as well as info about your device to name a few. When you agree to use Win 10 you are agreeing with sharing your data with Microsoft and how they will track you. Read their privacy statements and service agreements. You have some great services to gain, but it will cost your privacy, so be sure it is worth it for you. https://www.microsoft.com/en-gb/servicesagreement/default.aspx https://privacy.microsoft.com/en-us/privacystatement/ So, decide if you want an Easy to use/Semi-secure/Gadget driven link to your online life or if you are more worried about Security AND Privacy. Many of you do are not much worried about your privacy and that is fine if it works for you and you can feel more secure with Windows 10 than you should feel with whatever Windows you use today. If however your privacy is important to you, stay away from Win 10 as long as possible and seriously consider Linux or even Mac.

Your ./ should be ../ if you are leaving the folder to that page. You should always use the full URL on every link. it is safer that way. <li><a href=“http://www.whatever.com/folder/GoodWork.html”>Home</a></li>

Facebook terms and conditions: why you don't own your online life http://www.telegraph.co.uk/technology/social-media/9780565/Facebook-terms-and-conditions-why-you-dont-own-your-online-life.html NOTE: The title is a bit misleading as the article is about many social media and not just Facebook.

The Bot is not on your system, you can simply be infected with any one of dozens of virus', or malware. Those then "Call Home" to a control server. When the person in control sends out instructions it is passed from the control server to the malware which takes over your computer and carries out the instructions. Your computer, along with thousands or millions more "Zombie" machines like yours are what makes up the "Bot". The Bot is not on your machine, your machine is a part of the Bot. Now we do say take over your machine, but we are not talking about watching windows change without you doing anything, in most cases you can be on the machine working and not even know someone else is using it as well. You could be surfing Killersites and malware is contacting websites in the background without your knowing it. There are many ways to protect yourself, but their is no surefire way, no 100% security. Anti-virus is still good to have and kept up to date, just remember that AV works with known signatures of known malware etc., it will not stop new stuff that is not known yet. So along with AV you need a good firewall. Firewalls can be a pain with their pop-up windows and take patience to learn what is OK and what is not. But once you have your firewall tweaked to what you use, it will stop anything from leaving your network that you do no approve of. It will help stop that malware from calling out to it's control server. Put you must simply accept some pop-ups as the cost of security. You will also break some things, so find out what wants to leave your network, ID it, and allow things until what was broken is OK. It gets irritating, but blocking everything, and then allowing what needs to get out is better than everything getting out. There are also some good add-ons if you use Firefox. A simple one is "NoScript". NoScript will block everything from running on your browser. Once again, you accept it takes time to tweak it to your needs. Block everything, each site you go to, allow the base site like Killersites.com. If something is still broken go in and temporarily allow each script at a time to see if it fixes the site. When one does, allow it permanently until the site works fine and leave all other scripts etc. blocked. If you use Chrome, it is already fairly secure as it uses a sandbox technique to keep things from running. It is just crap if you like your privacy. Also use other tools like MalwareBytes to scan your PC along with your AV. You can also use online scanners occasionally as some malware attacks the AV first. Just keep in mind: Trust nothing, no open permissions Let nothing leave your network without your approval so malware can't simply call home AV is good but far from full-proof, use multiple tools to check your system Keep all your applications and your operating system patched and up-to-date

Here is another example, by getting into your PC they can add you to a BotNet. The botnets can then be used to attack other sites in DDOS attacks or as in this example, use your PC to fake visits to advertising and make themselves money. Video Ad Fraud Botnet Bags Up to $1.3 Million Daily https://www.databreachtoday.com/video-ad-fraud-botnet-bags-up-to-13-million-daily-a-10470

I am not happy with the Bookmarking, seems very awkward now.

I have been testing it with Mozilla's own tester, every test it runs quite a bit slower than Maxthon 5 and still slower than Chrome, although they claim differently. I am on Windows 7 at work. So it is possible work settings effect it and I know you are on Mac usually. So far no one has replied with their own tests on my post. I tested it again Monday with the same result. Maxthon had 67 actions in a minute, Chrome 52 I think and Quantum was still in the high 30's. Firefox Quantum review in Web Design News forum. One important note again folks, if you update to FF 57 (Quantum), it is a major update and one of those changes is that some of your extensions earlier marked with the yellow "Legacy" tag, have moved into their own section away from the usual place your find your apps. So if you check apps and some are missing, they just moved.

Web Designer is rather just the default standardized accepted term. Personally I always preferred "Web Developer". Web Designer was traditionally a matter of "Look & Feel" and structure. Put these days, and back 10 years, it began including some programming, now more programming, Content Management systems, multi-platform, sometimes Logos and branding, administration, even data base work in some cases. Lastly, my two soapbox areas, web accessibility and cyber security. We owe it to our customers to ensure all their customers and their own data etc. is both safe from attack and accessible to those with any number of disabilities. Web design was back when a designer designed a web site and passed it to a coder to "Make it so Number One". But for freelancers and now most big organizations that is not the case, the name just hung around like Internet Explorer. Web Developer is a better term I think, we are developing it from scratch.

Google Collects Android Location Data Even When Location Service Is Disabled https://thehackernews.com/2017/11/android-location-tracking.html I am highlighting this article on the grounds that is raises a few points and if you use the iPhone you should not ignore it. This is an issue with every mobile device, not just Android. It is how phones work and why they use triangulation in police shows on TV. That is how the system works. Your device connects to the nearest and most powerful tower in the area. As you move from Grid A, the signal gets weaker and the device searches for the next closest tower, that may be Grid B. So you can be easily tracked by looking at what towers your phone connects to and a path will then show, it will show where you are or where you spend time etc. Law Enforcement uses this technique all the time. This particular article is about Google collecting that data (which they claim they are ending by the end of the year). This more about them collecting the data and what they do with it. Remember that Google is a for profit organization. Services is how they make their profit and they consider selling your data as part of that service to their advertisers. That is why a lot of the advertisements you see are what your interested in. Google Chrome is also the most popular browser and makes your life so easy signing on to things because they are collecting your data or data on you and selling it. You are not their customers, your are their commodity and advertisers etc. are their customers. So if you use iPhone, OnePlus, Android or Windows phones... You can be and will be tracked, that if how your phone works, so don't think this is "Just an Android issue". As an Android user, I cringe at this article, but I accept that that is the way it is and is no different than when I used an early iPhone. One last question: What does your service provider do with that data? AT&T, Verizon, T-Mobile and co. It is there towers you are connecting to, do you know what they do with that data from those towers?

No, Fresh install of Quantom after deleting all profiles and firefox stuff and it is still slower than Maxthon 5 and Chrome. Anyone having a different outcome?

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html

OK, Update. I did install "It" and it is really just the next version of firefox, not a seperate browser as I had understood. So when you update from FF 56 to FF 57, you will have Quantum. There are some new things right off the bat: Book marks and Pocket are not in the address bar If you are missing add-ons, there is now a seperate page for "Legacy Add-ons" where you will find them, it is just an addition on the add-ons page. If you red the announcement I posted, there is a link to a speed test from Mozilla: https://mozilla.github.io/arewefastyet-speedometer/2.0/ In my testing, in all three tests I ran. Maxthon 5 Cloud Browser was the fastest, followed by Chrome and then Firefox Quantum. That said, as it is an upgrade there may be legacy crap slowing it down. I may just remove firefox and reinstall quantum and run the tests again.

If you are not aware, Mozilla has released a new browser called Quantum on the 15th or 16th of Nov. 2017. I was not online yesterday, so just saw it today. Anyone use it yet, any thoughts, etc. anyone would like to share. I just downloaded it at work but nhot sure when I will get to work on it. Firefox Quantum

OnePlus News OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader [6/11/2018] OnePlus confirms up to 40,000 customers affected by Credit Card Breach [1/22/2018] OnePlus Site’s Payment System Reportedly Hacked to Steal Credit Card Details [1/16/2018] Vulnerabilities Another Shady App Found Pre-Installed on OnePlus Phones that Collects System Logs [11/16/2017] OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader [11/14/2017] OnePlus Secretly Collects Way More Data Than It Should - Here’s How to Disable It [11/14/2017]

"Cybersecurity" It is under the Miscellaneus catagory. I also moved this post into the open forum as a better fit than announcements.