LSW
-
Posts
1,625 -
Joined
-
Last visited
-
Days Won
28
Content Type
Profiles
Forums
Events
Downloads
Gallery
Store
Posts posted by LSW
-
-
Many of you may know or have at least seen advertisements for YubiKey, this is a physical USB key you insert into your PC or keyboard and allows you to open private accounts. It is a form of Universal 2 Factor Authorization (U2F) or 2FA (drop the Universal).
If you use Google's app and when you sign into email you put in a code it gives you, that is software based 2 factor authorization. It simply means two things must match you before you get into accounts so just knowing you password is not enough. It can also be an SMS to your phone, or an application asking on your mobile device if it is you trying to get in.
YubiKey and now Tutan Key from Google are simply the same thing using hardware. You must insert this key for example and use your password to reach accounts. The Military uses this in some places, corporations and federal governemnt. It may be a chip in an id card.
Google is now going to be releasing Titan as a cheaper alternative to YubiKey, the likely leader in the industry and do so for only $20-$30.
Titan Security Keys - Google launches its own USB-based FIDO U2F Keys
https://thehackernews.com/2018/07/google-titan-security-key-fido.html
QuoteThese hardware-based security keys are thought to be more efficient at preventing phishing, man-in-the-middle (MITM) and other types of account-takeover attacks than 2FA via SMS, as even if your credentials are compromised, account login is impossible without that physical key.
Earlier this week Google revealed that its 85,000 employees have been using physical security keys internally for months and since then none of them have fallen victim to phishing attacks.
Compared with the traditional authentication protocols (SMS messages), Universal 2nd Factor Authentication (U2F) is extremely difficult to compromise that aims to simplify, fasten and secure two-factor authentication process.
A physical security key adds an extra layer of authentication to an account on top of your password, and users can quickly log into their accounts securely just by inserting the USB security key and pressing a button. -
From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'
https://thehackernews.com/2018/07/google-chrome-not-secure.html
QuoteStarting today with the release of Chrome 68, Google Chrome prominently marks all non-HTTPS websites as 'Not Secure' in its years-long effort to make the web a more secure place for Internet users.
So if you are still running an insecure HTTP (Hypertext Transfer Protocol) website, many of your visitors might already be greeted with a 'Not Secure' message on their Google Chrome browser warning them that they can't trust your website to be secure.
By displaying 'Not Secure,' Google Chrome means that your connection is not secure because there is no SSL Certificate to encrypt your connection between your computer and the website's server.
So, anything sent over a non-HTTPS connection is in plain text, like your password or payment card information, allowing attackers to snoop or tamper with your data.The non-https connection has been considered dangerous particularly for web pages that transfer sensitive information—like login pages and payment forms—as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card details as they travel across the network.NOTE: There are browser plugins that will force only HTTPS connections where possible by default. Good safety tool to add.
-
New Bluetooth Hack Affects Millions of Devices from Major Vendors
https://thehackernews.com/2018/07/bluetooth-hack-vulnerability.html
QuoteYet another bluetooth hacking technique has been uncovered.
A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.
The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software drivers from some major vendors including Apple, Broadcom, Intel, and Qualcomm, while the implication of the bug on Google, Android and Linux are still unknown.The security vulnerability is related to two Bluetooth features—Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software, and BR/EDR implementations of Secure Simple Pairing in device firmware.
-
We have a new employee with a two year old. For some reason he had to pick her up from daycare and bring her to the office. He brought her books along:
- JavaScript for Babies
- HTML for Babies
- CSS for Babies
Every professional should have these on their desk to prove you are advancing your training and have references if your Boss asks!
-
1
-
Google launches 'Data Transfer Project' to make it easier to switch services
https://thehackernews.com/2018/07/google-data-transfer-project.html
QuoteA lot of new online services are cropping up every day, making our life a lot easier.
But it is always harder for users to switch to another product or service, which they think is better because the process usually involves downloading everything from one service and then re-uploading it all again to another.
Thanks to GDPR—stands for General Data Protection Regulation, a legal regulation by European Union that sets guidelines for the collection and processing of users' personal information by companies—many online services have started providing tools that allow their users to download their data in just one click.
But that doesn't completely simplify and streamline the process of securely transferring your data around services.
To make this easier for users, four big tech companies—Google, Facebook, Microsoft, and Twitter—have teamed up to launch a new open-source, service-to-service data portability platform, called the Data Transfer Project. -
Adobe Releases Security Patch Updates For 112 Vulnerabilities
https://thehackernews.com/2018/07/adobe-patch-update-july.html
QuoteAdobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited.
The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader.
None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. -
Patch Tuesday came again, time to update your PC:
Microsoft Releases Patch Updates for 53 Vulnerabilities In Its Software
https://thehackernews.com/2018/07/microsoft-security-patch-update.html
QuoteMicrosoft today released security patch updates for 53 vulnerabilities, affecting Windows, Internet Explorer (IE), Edge, ChakraCore, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services, and Adobe Flash Player.
Out of 53 vulnerabilities, 17 are rated critical, 34 important, one moderate and one as low in severity.This month there is no critical vulnerability patched in Microsoft Windows operating system and surprisingly, none of the flaw patched by the tech giant this month is listed as publicly known or under active attack.
-
Daniel - This question was from 2009. My guess it is no longer an issue or the person know this stuff by now.
-
Can't help with courses, but look for "Photoshop Down & Dirty Tricks" books. Excellent resource.
-
Hi, good to have you. More the merrier.
Cheers!
-
Mozilla and 1Password Integrate 'Have I Been Pwned' Feature
https://www.databreachtoday.com/mozilla-1password-integrate-have-i-been-pwned-feature-a-11136?
QuoteWhile awareness of data breaches outside the technology community may be rising, many people still have no idea if their email addresses or passwords have ever been compromised.
Cue this long-term problem: Anyone who's unaware that their data may have been stolen may keep using the same password over and over again. They may also reuse it across different sites, thus putting their personal information and accounts at risk. And websites - even innocent ones - may find themselves left having to help clean up the mess when fraudsters wielding stolen or dumped username and password combinations begin trying to use them across hundreds or thousands of sites to see where they might work.
To help, Troy Hunt, an Australian security expert, created a free service called Have I Been Pwned that lets users see if their email address has appeared in a breach. Subscribers get notified directly - via email - if that email address appears in a new breach. Hunt's service has proved to be popular, with even some governments now getting on board.Now, new integrations with Mozilla's Firefox browser and the password management application 1Password, announced Tuesday, will expand the free service's reach. -
Supreme Court Rules on Mobile Location Data: Get a Warrant
https://www.databreachtoday.com/supreme-court-rules-on-mobile-location-data-get-warrant-a-11135
QuoteThe U.S. Supreme Court on Friday ruled that data generated by mobile devices - including mobile phones - that can be used to track individuals is protected by the Fourth Amendment, which guards against unreasonable search and seizure.
"When the government tracks the location of a cell phone, it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone's user," Chief Justice John Roberts, who authored the majority opinion in the case, wrote in the Friday decision.
Justice Samuel Alito, who wrote one of four dissenting opinions, however, worried that the ruling "guarantees a blizzard of litigation while threatening many legitimate and valuable investigative practices upon which law enforcement has rightfully come to rely."
-
What is a Big Mac? Is that like the Denali Mac we have here?
<?start='useless_culture_lesson'>
Seriously, our McDonalds does not carry Big Macs, just Denali Macs, as in the Mountain and state park.
</end>
-
For those of us still using Windows 7 or Office 2013, you should know that End-of-Life for these products is 2020 (Jan. 2020 for Win 7). That means after that date there will no longer be updates and patches released for them.
However this month is of course the end of the Fiscal Year, so to re-allocate assets, Windows will be pulling out of support roles in things like forums next month. Help is still available as long as the programs/OS are still live, you will just have to get help from other users in places like forums.
Microsoft walks away from Windows 7, Office 2013 support forums
Quote"Effective July 2018, the Microsoft Community forums listed below will shift support scope and Microsoft staff will no longer provide technical support there," the identical messages stated. "There will be no proactive reviews, monitoring, answering or answer marking of questions."
Along with Windows 7, the other products covered by the mandate include Windows 8.1 and Windows 8.1 RT, Office 2010 and Office 2013, the Security Essentials antivirus program and the early Surface and Surface Pro 2-in-1 devices.
In some of the messages, Microsoft asserted that the stoppage impacts "products that reached end of support," even though software such as Windows 7 and 8.1 have years left before they're officially retired.The discussion forums, which are under umbrella site dubbed "Microsoft Community" located at the URL answers.microsoft.com, primarily consist of peer-to-peer questions and questions. But Microsoft employees do post in the threads, providing clarifications, solutions to problems, and in some cases, mea culpas for screw-ups.
-
Microsoft seems to have learned it's lesson after the slap in the face changes they hit us with a few years back with the new ribbon and all. This time rather than all changes being thrown into one surprise box new office tool, they will be phasing them in through Office 3016 and Office 365. I do not see anything to complain about right off this time, and part of the change will be an "Upcoming Changes Button" so you can see what to expect next. They are doing it much smarter and the changes for the most part seem to have mostly reason and not just change for change's sake.
The article discusses the changes, but the video shows them. I am including the YouTube link from the article so you can go straight to it.
YouTube: Updates to the Microsoft Office user experience
BusinessInsider.com: Microsoft Office is getting a redesign — check out the biggest changes in the apps
-
Above I mention Cortana as a security concern in Windows 10.
This is another example: Cortana Software Could Help Anyone Unlock Your Windows 10 Computer
-
April & May 2018 Patch Tuesdays both pushed out over 30 important security patches out.
June 2018 patches include only 11 critical updates, but those 11 are just as important and should be updated immediately.
https://thehackernews.com/2018/06/microsoft-june-security-patch.html
QuoteMicrosoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity.
Only one of these vulnerabilities, a remote code execution flaw (CVE-2018-8267) in the scripting engine, is listed as being publicly known at the time of release. However, none of the flaws are listed as under active attack....
Microsoft has also addressed an important vulnerability in its Cortana Smart Assistant that could allow anyone to unlock your Windows computer. You can head on to this article to learn how the bug can be used to retrieve confidential information from a locked system and even run malicious code.
-
For those of you who have never noticed, the second Tuesday of the month is so called "Patch Tuesday" where Microsoft pushes out it's patches and updates. I will be posting notifications here as a reminder when there are important ones released. Remember that one of the base ways to protect yourself from malware and hackers is to keep all your software and Operating System (OS) up to date.
-
For the Tech-Types:
U.S. Builds World's Fastest Supercomputer - Summit
https://thehackernews.com/2018/06/summit-fastest-supercomputer.html
QuoteThough China still has more supercomputers on the Top 500 list, the USA takes the crown of "world's fastest supercomputer" from China after IBM and the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) unveiled "Summit."
Summit is claimed to be more than twice as powerful as the current world leader with a peak performance of a whopping 200,000 trillion calculations per second—that's as fast as each 7.6 billion people of this planet doing 26.3 million calculations per second on a calculator.Until now the world's most powerful supercomputer was China's Sunway TaihuLight with the processing power of 93 petaflops (93,000 trillion calculations per second). -
Facebook bug changed 14 million users’ default privacy settings to public
https://thehackernews.com/2018/06/facebook-privacy-setting.html
QuoteFacebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug.
Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece of content that you share on Facebook you own, you have complete control over who sees it and how you share it," but the news came out to be another failure of the company to keep the information of millions of users private.Facebook typically allows users to select the audiences who can see their posts, and that privacy setting remains the default until the user itself manually updates it.
However, the social media giant revealed Thursday that it recently found a bug that automatically updated the default audience setting for 14 million users' Facebook posts to "Public," even if they had intended to share them just with their friends, or a smaller group of people only."We recently discovered a technical error between May 18 and 27 that automatically suggested a public audience when you were creating posts," Facebook's 'Please Review Your Posts' alert sent to affected users reads. "We apologize for this mistake."
According to Facebook chief privacy officer Erin Egan, the bug was live for a period of 4 days between May 18 and May 22, which was caused while the company was testing a new feature.
Egan said the Facebook team fixed the bug within 4 days on May 22 and changed the default audience setting back to what it was previously set by the affected users. So, the posts you shared with your friends after May 22 would not be affected. -
Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit
https://thehackernews.com/2018/06/flash-player-zero-day-exploit.html
QuoteIf you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it.
Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attacks against Windows users.Independently discovered last week by several security firms—including ICEBRG, Qihoo 360 and Tencent—the Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet."The hackers carefully constructed an Office document that remotely loaded Flash vulnerability. When the document was opened, all the exploit code and malicious payload were delivered through remote servers," Qihoo 360 published vulnerability analysis in a blog post.
The stack-based buffer overflow vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 29.0.0.171 and earlier versions on Windows, MacOS, and Linux, as well as Adobe Flash Player for Google Chrome, and can be exploited to achieve arbitrary code execution on targeted systems. -
Hi Brian, good to have you.
I did delete your link as we do not allow them for new members until we can be reasonably sure they did not join just to spam us.
Ensure your link is in your profile and anyone with time to have a look can go there to get it. Once you have posted more questions and subjects, we will allow active links. That said, good call adding the space, helps avoid spam bots going to your site.
This is nothing personal, just a policy and we are glad to have you here.
LSW
-
Update Google Chrome Immediately to Patch a High Severity Vulnerability
https://thehackernews.com/2018/06/google-chrome-csp.html
QuoteYou must update your Google Chrome now.
Security researcher Michał Bentkowski discovered and reported a high severity vulnerability in Google Chrome in late May, affecting the web browsing software for all major operating systems including Windows, Mac, and Linux.
Without revealing any technical detail about the vulnerability, the Chrome security team described the issue as incorrect handling of CSP header (CVE-2018-6148) in a blog post published today. -
Drupal Users need to update now.
in Cybersecurity
Posted
Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers - Patch Now
https://thehackernews.com/2018/08/symfony-drupal-hack.html