Jump to content
Killersites Forums

LSW

Moderators
  • Posts

    1,625
  • Joined

  • Last visited

  • Days Won

    28

Everything posted by LSW

  1. SCOTUS Says Net Neutrality Won’t Get Its Day in Court https://www.meritalk.com/articles/scotus-says-net-neutrality-wont-get-its-day-in-court/
  2. Smart Assistants (Alexa, Siri, Cortana etc.) I decided to make this their own section though they can easily belong to Internet of Things (IoT). The more you connect to the internet the more chance of being hacked. At least run two networks, one for IoT like TVs, and these smart speakers etc., and a separate one for your computers. It is also a privacy question Amazon Don't Buy Anyone an Echo [11/15/2018] Your Worst Alexa Nightmares Are Coming True [11/15/2018] Amazon Echo That Records Kids Draws Concern From U.S. Lawmakers [11/15/2018] Yes, Your Amazon Echo Is an Ad Machine [11/15/2018] Amazon Confirms Alexa Heard a Couple's Background Conversation as a Command to Record Them [11/15/2018]
  3. LSW

    Current Threats

    Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html
  4. 63 New Flaws (Including 0-Days) Windows Users Need to Patch Now https://thehackernews.com/2018/11/microsoft-patch-tuesday-updates.html
  5. Python is becoming the world’s most popular coding language https://www.economist.com/graphic-detail/2018/07/26/python-is-becoming-the-worlds-most-popular-coding-language ... ... ... Interesting comparison for sure. This link comes from Nathan House of StationX who brought it up in his blog who goes on to explain the use of Python in the hacking community: The World’s Most Popular Coding Language? Reasons to Get to Grips with Python… https://www.stationx.net/the-worlds-most-popular-coding-language-reasons-to-get-to-grips-with-python/
  6. Why Do All Websites Look the Same? https://medium.com/s/story/on-the-visual-weariness-of-the-web-8af1c969ce73
  7. Google launches reCAPTCHA v3 that detects bad traffic without user interaction https://www.zdnet.com/article/google-launches-recaptcha-v3-that-detects-bad-traffic-without-user-interaction/
  8. LSW

    What Is Seo?

    Don't we have all the buzz words down on that last one. Locking the thread. it IS 5 YEARS old, I think it has been answered often enough.
  9. Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON https://thehackernews.com/2018/10/windows-defender-antivirus-sandbox.html
  10. From Computerphile on Youtube: Password Cracking How to Choose a Password From Seeker on Youtube: Building Digital Labyrinths To Hide Your Password How Hackers Really Crack Your Passwords
  11. I plan to add future posts to this as I come across anything worthwhile. As computers grow faster the ability to crack passwords improves. If you are still using 8 character passwords, it can be cracked in minutes. Add to that the eventual use of quantum computers by governments and one day maybe all of us... ANY password will be cracked in minutes. A computer can compare pre-listed common hashes at about 350 Billion a second. Also stay away from dictionary words. There are two primary attack types: Brute force: The attacker will just run his computer through combinations (a, ab, abc, abc1, abc2, etc.), literally using brute force of computing power to try every possible comination and for a average computer 8 characters is childs play. Dictionary attack: This is running through common words and includes modifying them (horse, Horse, h0rse, H0rse, H0r$3, etc.). Again, a really easy way to attack. So here are a few suggestions from me: The longer the password, the better. You really should be using 12 characters at a minimum and I would suggest more like 14 - 18/20. Use a password manager so you need not remember them all and can use randomly generated gibberish. Move away from Passwords and use Passphrases. Lyrics, Poem lines, Quotes, etc. These can be complete with spaces and you need not have special characters or numbers. It would also be more easily remembered than "C9bgTkYhd9dr". You can type them without dealing with special characters that can be a pain on a mobile device and you have really long lengths. Stay away from dates, those can be guessed like wedding date, kids birthdays etc. Stay away from pets or their names, breeds, etc. Stay away from children's information. Stay away from favorite things like authors, bands, hobbies as these may be guessed as well. Maybe use other uncommon languages, I have used Potawattomee, Tklinget, Gaelic. You need not even know the language, use a dictionary and see how your favorite animal is called in Gaelic "Winter Horse" in Gaelic will not be quickly broken, there are at least 4 forms of Gaelic, so I have to break not only what you like, but Irish, Scottish, Nova Scotian gaelic or Whales? And the name may include weird character groupings and special characters. If you remember what it was in English you can just look it up to remind yourself again. Never ever repeat passwords for other sites. Make each unique. Never give it out... to anyone. Hope you decide to get more secure and get some ideas from what I post here in the future. LSW
  12. Vermont’s Net Neutrality Law Spurs Lawsuits https://www.meritalk.com/articles/vermonts-net-neutrality-law-spurs-lawsuits/
  13. LSW

    Current Threats

    Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info https://thehackernews.com/2018/10/tumblr-account-hacking.html If you used tumblr, this would be a good time to change your password to a strong passphrase. LSW
  14. Really there is no need for a separate CSS for mobile devices. Just make all your CSS use flexible sizing using %. This way it will downsize to fit the screen whether it be cell phone, tablet, monitor or TV. This is a basic of accessible web design for all users and not just mobile users.
  15. LSW

    Current Threats

    Tens of Millions of U.S. Voter Records for Sale https://www.bleepingcomputer.com/news/security/tens-of-millions-of-us-voter-records-for-sale/
  16. To go along with this month's M$ patches, Adobe has released some as well. Adobe Releases Security Patch Updates for 11 Vulnerabilities https://thehackernews.com/2018/10/adobe-security-updates.html
  17. Microsoft October Patch Tuesday Fixes 12 Critical Vulnerabilities https://thehackernews.com/2018/10/microsoft-windows-update.html
  18. Adobe News Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader [1/4/2019] Adobe Releases Security Patch Updates for 11 Vulnerabilities [10/10/2018] Adobe is Finally Killing FLASH — At the End of 2020! Flash You should really block Flash on your browsers, it is a serious vulnerability for you. New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs [12/6/2018] Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit [6/8/2018] (Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild [1/2/2018] Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
  19. LSW

    Current Threats

    From Now On, Only Default Android Apps Can Access Call Log and SMS Data https://thehackernews.com/2018/10/android-app-privacy.html Maybe a little late, but good call!
  20. LSW

    Current Threats

    Google Forced to Reveal Exposure of Private Data https://www.databreachtoday.com/google-forced-to-reveal-exposure-private-data-a-11587
  21. LSW

    Current Threats

    Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users' Data https://thehackernews.com/2018/10/google-plus-shutdown.html
  22. How to Start a Career in Cybersecurity: All You Need to Know https://thehackernews.com/2018/10/cybersecurity-jobs-salary.html
  23. Mine is more a hybrid 5 finger hunt and peck, first two fingers of each hand and one thumb. I typed alright in high school, then 25 years in Germany doing the German keyboard and then back to 12 years on an English keyboard. I learned typing in English, but I learned coding in German. So typing emails I am faster, but typing in code, I still find myself going for the German keys on US keyboards so much more hunt and peck. I have a good speed for a modified two finger typer. Have you ever heard this joke?: A boy stands in the study door watching his father peck away on a laptop. He then finds his mother in the kitchen typing away like a storm with all 10 fingers. He grunts and his mom looks up and asks him what he is grunting about. "I thought you were good at typing. But dad is better, he only needs two fingers." Cheers!
  24. SSO is almost everywhere, and once embedded it is as hard to dig out as a tick. It is a battle I have been fighting the last year, those in charge want things easy for the employees and the employees don't want to have to remember lots of passwords. I get it. But I get paid to worry, and what I see is an attacker breaking the SSO password and now having access to all the applications our employees use, many of which have access to both personal Personally Identifiable Information (Pii) as well as Health information. So the issue is really simple, the user need only remember one password and the attacker need only break one password to have the keys to the kingdom. Social logins are the same way. SSO is simply easier for you isn't it? But now Facebook has lost 50 mil. tokens that can be used to get into those users other sites. They can now breach your twitter account, facebook account, Google account and what else? If I can now get in your Google account, I can reset things, I can change your telephone number to mine, have your second authorization come to my phone. Ask yourself, is my mobile phone number available on my accounts? Ever heard of SIM Switching? I can call a mobile phone host, create an account and say "I want to come to you, please switch my telephone number" and usually with little to no checking of authorization they will activate your number in my new phone, now I can get access to any account attached with that phone number, I can even empty your bank account. So what is more important to you? Your security or your ability to quickly switch between facebook and twitter etc. without logging in again? Experts' View: Avoid Social Networks' Single Sign-On https://www.databreachtoday.com/blogs/experts-view-avoid-social-networks-single-sign-on-p-2670
×
×
  • Create New...