LSW
-
Posts
1,625 -
Joined
-
Last visited
-
Days Won
28
Content Type
Profiles
Forums
Events
Downloads
Gallery
Store
Posts posted by LSW
-
-
This journalist got it in his head to do everything he can to avoid using any top 5 hardware, software or service for 1 month. Learn why and how it went for him.
Cybersecurity includes privacy as well. The top 5 industry leaders are that way mostly by questionable actions, tracking, selling your data, forcing you to use their services and many more dirty little tricks. We help millionaires and their corporations get richer while giving up our privacy for convenience.
So, article 1 is why he decided to do this and article 2 what he did and the final results he found. 2 is definitely and interesting read, but it is LONG. You may choose to scroll through to just sections you are interested in. So I ask you, do you think you could give up the top 5 services etc.?
1. Why I'm Quitting Google, Amazon, Microsoft, Facebook, and Apple for a Month
QuoteStarting today, I am going to stop using any of the services offered by the so-called “Big Five” tech companies—Google, Amazon, Microsoft, Facebook, and Apple—for the next four weeks in order to better understand the real cost of total convenience. That means no more Android phone, Gmail, Google Maps, WhatsApp, Instagram, YouTube, two-day Prime delivery, computers running Windows, Facebook posts, or any of the myriad other services offered by the five giants of Silicon Valley.It’s a cold turkey detox from the tech that runs the world.2. How I Quit Apple, Microsoft, Google, Facebook, and Amazon
https://motherboard.vice.com/en_us/article/ev3qw7/how-to-quit-apple-microsoft-google-facebook-amazon
QuoteA reflection on my month without Apple, Microsoft, Google, Facebook, and Amazon, plus a how-to guide if you want to quit the biggest companies in tech.
-
California proposes a plan to tax text messages
https://www.cnn.com/2018/12/12/tech/california-text-tax/index.html
QuoteSan Francisco (CNN Business)California regulators want to tax text messages to increase funds for programs that bring connectivity to underserved residents.A new surcharge proposed by the California Public Utilities Commission (CPUC) wouldn't be a per-text tax, but a monthly fee based on a cellular bill that includes any fees for text-message services. Most carriers offer a flat fee option for texting, and already charge a similar fee for other services included in the bill — such as phone calls. The exact structure of the charge would vary from carrier to carrier. -
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
https://thehackernews.com/2018/12/microsoft-patch-updates.html
QuoteMicrosoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity.One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being actively exploited in the wild by multiple hacking groups, including FruityArmor and SandCat APTs. -
Adobe's Year-End Update Patches 87 Flaws in Acrobat Software
https://thehackernews.com/2018/12/adobe-acrobat-update.html
QuoteAdobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products.Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of which 39 are rated as critical and 48 important in severity. -
phpMyAdmin Releases Critical Software Update — Patch Your Sites Now!
https://thehackernews.com/2018/12/phpmyadmin-security-update.html
QuoteDevelopers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers.The phpMyAdmin project last Sunday gave an early heads-up about the latest security update through its blog, probably the first time, as an experiment to find if pre-announcements can help website admins, hosting providers and package managers better prepare for the security release. -
Google Accelerates Google+ Shutdown After New Bug Discovered
https://threatpost.com/google-accelerates-google-shutdown-after-new-bug-discovered/139764/
QuoteThe consumer version of Google+ will now be shut down in April instead of August after a bug was found that impacts at least 50 million users.The discovery of a new API bug in Google+ has led Google to hasten the shuttering of its consumer version of the social-networking platform, the tech giant said Monday.Google was already in the process of shutting down Google+ after a different API software bug in the platform, disclosed in October, left the company embroiled in a privacy scandal. However, the discovery of this newer bug – which impacts a whopping 52.5 million users – has now led the tech company to move up the timetable for discontinuing its platform. -
Google Patches 11 Critical RCE Android Vulnerabilities
https://threatpost.com/google-patches-11-critical-rce-android-vulnerabilities/139612/
QuoteRemote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin.The flaws are part of a total of 53 unique bugs patched by the Android security team, with a total number of 11 critical bugs – six of which are RCE flaws tied to the operating system’s Media Framework and System components.According to Google, there are no reports that any of the unique bugs have been exploited or abused in the wild. Patches apply to Google’s Pixel and Nexus devices along with flagship Android phones from Samsung, LG, HTC and others. Over-the-air updates will be sent to Google handsets, and update schedules for other device manufacturers and mobile carriers will vary, according to the bulletin. -
Apple Releases Multiple Security Updates
https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Multiple-Security-Updates
This covers the gamut of devices so be sure to keep your eyes open for any updates to Apple devices you own or use. If you follow the article links is some cases it will be patches for administrators etc., but be aware of patches/updates to your personal devices and services.
- iCloud for Windows 7.9
- Safari 12.0.2
- iTunes 12.9.2 for Windows
- macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
- tvOS 12.1.1
- iOS 12.1.1
-
Do we have any members down under? I believe we used to. Well Australia has me on the fence this week. One one side they made what I consider a bad call, and have weakened Australians rights to privacy to support fear mongering (Assistance and Access Bill 2018) by making it easier for law enforcement and government to crack your encryption and access private user data.
On the other they have decided that e-voting is a bad call and have turned it down. I think it is easier to manipulate voting per computer than is is paper ballots shipped in armored cars like we used to do back in the day.
So here are some links on the subjects, you can find your own if you wish, there is a lot on this new Assistance and Access Bill 2018.
E-voting:
Pencil manufacturers rejoice: Oz government doesn't like e-voting
https://www.theregister.co.uk/2018/12/06/evoting_off_australias_agenda/
QuoteAn Australian parliamentary committee has nixed the idea of internet voting for federal elections Down Under, for now.The Joint Standing Committee on Electoral Matters has delivered its report into the 2016 federal election, and in it, the body decided that there are plenty of ways technology can help elections – but ditching the country's pencil-and-paper ballots isn't one of them.The committee said technology “is not sufficiently mature for an election to be conducted through a full scale electronic voting process.”“Despite public enthusiasm for electronic voting, there are a number of serious problems with regard to electronic voting – particularly in relation to cost, security and verification of results”, the committee reported.Assistance and Access Bill 2018:
Australia now has encryption-busting laws as Labor capitulates
https://www.zdnet.com/article/australia-now-has-encryption-busting-laws-as-labor-capitulates/
QuoteLabor has backed down completely on its opposition to the Assistance and Access Bill, and in the process has been totally outfoxed by a government that can barely control the floor of Parliament.After proposing a number of amendments to the Bill, which Labor party members widely called out as being inappropriate in the House of Representatives on Thursday morning, the Labor Party has dropped its proposals, allowing the Bill to pass through Parliament before the summer break.Australia Passes Encryption-Busting Law
https://www.databreachtoday.com/australia-passes-encryption-busting-law-a-11812
QuoteAustralia's Parliament on Thursday night passed sweeping new laws enabling it to compel technology companies to break their own encryption.Although the government argued the laws are needed to combat criminal activity and terrorism, civil liberties organizations and technology companies, including Apple, had lobbied against the legislation, called the Assistance and Access Bill 2018, contending it would result in weaker software products for legitimate users.Critics worried that software vendors would be forced to put "backdoors," or secret access methods, into their products, which could be discovered and exploited by cybercriminals or nation-states.Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know
https://thehackernews.com/2018/12/australia-anti-encryption-bill.html
QuoteAustralia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications.The Australian government argues the new legislation is important for national security and an essential tool to help law enforcement and security agencies fight serious offenses such as crime, terrorist attacks, drug trafficking, smuggling, and sexual exploitation of children.Since the bill had support from both major parties (the Coalition and Labor), the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019.Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time
https://www.theregister.co.uk/2018/12/07/australias_crypto_legislation/
QuoteCongratulations, Australia: somehow after chaotic scenes in parliament, the government last night managed to secure after-the-bell passage of its encryption-busting eavesdropping legislation.The super-spying law, which will force websites and communications services Down Under to build in secret wiretapping capabilities for terror and crime investigators, looked in serious trouble for most of the day, with the opposition Australian Labor Party and the Greens picking over more than 150 proposed amendments to the rules.That, combined with a separate row over border protection legislation, made it look like parliament simply wouldn't have the time to pass the snoopers' law, something that drew an angry rant from Aussie Prime Minister Scott Morrison.He unloaded on opposition leader Bill Shorten on both issues, saying: “This is about Australia's safety, and Bill Shorten is a clear and present threat to Australia's safety.” -
Microsoft Putting Edge on Chromium Will Fundamentally Change the Web
QuoteAfter more than 20 years of fighting for relevance on the web, Microsoft is planning to scrap the underlying architecture of its internet browser in favor of Chromium.That alone is monumental, and the internet responded with both jubilation and hesitance as you’d expect: Internet Explorer’s legacy is finally dead!But, we just learned the full picture, with Microsoft announcing the move on GitHub Thursday, and it's even bigger than we could have possibly dreamed of. Not only will Edge use Chromium as its rendering engine, but Microsoft is actively investing in developing the open-source engine further, to best optimize it for every device it touches.A rendering engine is the software your browser uses to display web pages. Different rendering engines have different quirks and features, maintained by their own parent companies, with the largest in use today owned by Mozilla, Google, Microsoft, and Apple. -
Microsoft building Chrome-based browser to replace Edge on Windows 10
https://thehackernews.com/2018/12/edge-browser-anaheim-chromium.html
QuoteIt is no secret how miserably Microsoft's 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements.According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based web browser, dubbed project codename "Anaheim" internally, that will replace Edge on Windows 10 operating system as its new default browser, a journalist at WindowsCentral learned.Though there is no mention of Project Anaheim on the Microsoft website as of now (except Anaheim Convention Center at California), many speculate that the new built-in browser could appear in the 19H1 development cycle of Microsoft's Insider Preview program.According to the report, the new browser will be powered by Blink rendering engine used by Chromium, one that also powers Google's Chrome browser, instead of Microsoft's own EdgeHTML engine.Chromium is an open-source Web browser project started by Google that is popular among web browser developers and also powers Vivaldi and Opera browsers. -
To begin with you should have a look at this article to understand what kind of data is being processed and that even if it does not use you name it can be traced to you. Once you understand the issue/threat, the follow up article used for the title will show you how to help protect yourself with the primary phone types. They do state that the article is based on the US, but do not make the mistake of thinking that whatever country you live in, you are safe.:
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret
https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html
QuoteThe millions of dots on the map trace highways, side streets and bike trails — each one following the path of an anonymous cellphone user.One path tracks someone from a home outside Newark to a nearby Planned Parenthood, remaining there for more than an hour. Another represents a person who travels with the mayor of New York during the day and returns to Long Island at night.Yet another leaves a house in upstate New York at 7 a.m. and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher. Her smartphone goes with her.An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times. While Ms. Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.How to Stop Apps From Tracking Your Location
https://www.nytimes.com/2018/12/10/technology/prevent-location-data-sharing.html
QuoteAt least 75 companies receive people’s precise location data from hundreds of apps whose users enable location services for benefits such as weather alerts, The New York Times found. The companies use, store or sell the information to help advertisers, investment firms and others.You can head off much of the tracking on your own device by spending a few minutes changing settings. The information below applies primarily to people in the United States. -
Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know
https://thehackernews.com/2018/12/australia-anti-encryption-bill.html
QuoteAustralia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications.
The Australian government argues the new legislation is important for national security and an essential tool to help law enforcement and security agencies fight serious offenses such as crime, terrorist attacks, drug trafficking, smuggling, and sexual exploitation of children.
Since the bill had support from both major parties (the Coalition and Labor), the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019.
Although the new legislation does not properly clarify specifics around the potential power that the Assistance and Access Bill could give Australian government and law enforcement agencies over citizen's digital privacy, it contains new provisions for companies to provide three levels of "assistance" in accessing encrypted data, as explained below: -
I wonder if PewDiePie knows who he is because this will not help his cause any...
-
1
-
-
This whole fighting for YouTube ratings seems rather silly to me (I know, some make money), but I am old school. But this also shows the dangers of everything being on the Internet and why you should separate your network into one for your PC's and one for everything else.
Someone Hacked 50,000 Printers to Promote PewDiePie YouTube Channel
https://thehackernews.com/2018/11/pewdiepie-printer-hack.html
QuoteThis may sound crazy, but it’s true!
The war for "most-subscribed Youtube channel" crown between T-Series and PewDiePie just took an interesting turn after a hacker yesterday hijacked more than 50,000 internet-connected printers worldwide to print out flyers asking everyone to subscribe to PewDiePie YouTube channel.
PewDiePie, whose real name is Felix Kjellberg, is a famous YouTuber from Sweden known for his game commentary and pranks and has had the most subscribers on YouTube since 2013.
However, the channel owned by Bollywood record label T-Series has been catching up in recent months, and now both are hovering around 72.5 million YouTube subscribers.
From this fear that PewDiePie won't remain the number one most-subscribed YouTuber in the world, an anonymous hacker (probably his die-hard fan) with the Twitter username "TheHackerGiraffe" came up with a hackish idea.
TheHackerGiraffe scanned the Internet to find the list of vulnerable printers with port 9100 open using Shodan, a search engine for internet-connected devices and exploited them to spew out a message -
As You Read This, It's Cyber Monday. How To Avoid The Top 10 Security Threats
https://blog.knowbe4.com/as-you-read-this-its-cyber-monday.-how-to-avoid-the-top-10-security-threats
QuoteInfoSecBuzz asked a number of security experts for their advice on the top security threats and how to avoid them. These are specialists from Alienvault, Cylance, Cybereason, F5 Networks, Kaspersky, Tripwire, and more.
Quite a few warned against the same things, so here is a quick summary of the Top 10 security threats for users and Top 5 for IT pros, with a link to the full article at the end.
-
Here's Why Account Authentication Shouldn't Use SMS
https://www.databreachtoday.com/heres-account-authentication-shouldnt-use-sms-a-11708
QuoteA database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.
The database, which wasn't protected by a password, contained 26 million text messages, some of which were two-step verification codes and password reset links, TechCrunch reports. When it was found, the database was still recording texts in near real-time, offering a huge resource for potential attackers.
-
Top Tactics for Researching IoT Technology Security This Holiday Season
QuoteAs the research lead for IoT technology at Rapid7, I am often asked what consumers should do to protect themselves when purchasing and using IoT technology—particularly as the holiday shopping season kicks off on Black Friday.This is a very difficult question to answer, as vetting technology often requires highly technical knowledge and an in-depth understanding of security topics and vulnerabilities. However, in our increasingly technical world, it’s becoming critical to become exposed to these concepts so you can better understand these issues and make more informed decisions.To start, I recommend adding security to the list of things to investigate as you start to research products for the latest and greatest features. The following are some tactics you can use to determine the security of IoT products and environments: -
Instagram Accidentally Exposed Some Users' Passwords In Plaintext
https://thehackernews.com/2018/11/instagram-password-hack.html
QuoteInstagram has recently patched a security issue in its website that might have accidentally exposed some of its users' passwords in plain text.
The company recently started notifying affected users of a security bug that resides in a newly offered feature called "Download Your Data" that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.
To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data.
However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook's servers due to a security bug that was discovered by the Instagram internal team.
Be smart, if there is a chance yours could have been compromised, change it! Be sure you never use that password for anything else again. If hackers have it, they will keep it and they will try it on all common popular web sites and banks etc. - LSW
-
1
-
-
Cheers mate! Nice to know someone is reading these.
-
1
-
-
GAO: FCC Could Do More for Broadband Expansion on Tribal Lands
https://www.meritalk.com/articles/gao-fcc-could-do-more-for-broadband-expansion-on-tribal-lands/
QuoteIn a report released Wednesday, the Government Accountability Office (GAO) found that the Federal Communications Commission (FCC) could do more to expand broadband access on tribal lands. The GAO offered three recommendations to the FCC, which the agency agreed with.
Currently, there is a significant discrepancy between broadband access on tribal lands and elsewhere in the United States. According to GAO’s 2018 estimates, 35 percent of Americans living on tribal lands do not have access to broadband services–compared to 8 percent of Americans overall.
-
Gibson Research offers a online test for your passwords. Type in something, your passwords or something close to them and check to see just how long it will take to be cracked:
Gibson Research Corporation: https://www.grc.com/haystack.htm
u@4azE2s : From professional hackers to Nation states - 1.12 min. to 18.64 hours
A long passphrase is more memorable and takes longer to crack than a complicated password.
World of Tanks: A game I like and could remember easily. A Nation state with lots of PC power - 3.31 thousand centuries to guess until it found it.
-
1
-
-
The Real Rules for Strong Computer Passwords Go Against Everything You've Been Told
QuoteEverybody knows the rules to writing a password: you have to use upper and lowercase letters, a number or two, and preferably a symbol, if you want to be really secure. That rule came from a man named Bill Burr, and in 2017, he took it all back. That's not the way to make a secure password, he says. In fact, it's led most of us to make our passwords even easier to crack.
Unfortunately, in 2003, there wasn't much data on what made a strong password — he was left to rely on a white paper written in the '80s. "Much of what I did I now regret," Burr told the Wall Street Journal.
Here's the problem: Passwords written with numbers and symbols are hard to remember, so people make them shorter in order to keep them memorable. But when it comes to password security, length is more important than complexity. According to InfoSec Institute, a 16-character password made up of just numbers is just as difficult to crack as an eight-character password that uses any possible characters, even though the former uses a character set of 10 (0–9) and the latter uses a set of 94.
-
1
-
-
This is really nice news!
New APIs Suggest WPA3 Wi-Fi Security Support Coming Soon to Windows 10
https://thehackernews.com/2018/11/windows-10-wpa3-wifi-security.html
QuoteWindows 10 users don't have to wait much longer for the support of latest WPA3 Wi-Fi security standard, a new blog post from Microsoft apparently revealed.
The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to hack WiFi password.
WPA3 was officially launched earlier this year, but the new WiFi security standard won't arrive overnight. Most device manufacturers could take months to get their new routers and networking devices certified by the Wi-Fi Alliance to support WPA3.
Media - On Cybersecurity
in Cybersecurity
Posted
IoT is Internet of Things meaning all the crap that goes online that is not a computer, to state it simply. It includes security cameras as well. This video was made by a fellow who was startled top hear a voice from his security system, a voice belonging to a Canadian claiming to be a Whitehat Hacker. The gentleman is naturally shocked.
Note: The hacker claims to be a whitehat hacker, meaning he has no malicious intentions, But what he has done here is illegal and he did it without permission to at best he is a greyhat hacker. Whitehat hackers do there thing with the permissions of the target. That said, he does make a good point to the owner and declares he has no bad intentions.
http://digg.com/video/canadian-hacker-nest