Jump to content

Cybersecurity Articles


LSW

Recommended Posts

Security Issues

 

Passwords

Selling Cybersecurity

 

Who would want to hack me?

 

Politics & Cyber

  • The Perfect Weapon: How Russian Cyberpower Invaded the U.S. (Why would they hack us?)
    Quote

     ...the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

Link to comment
Share on other sites

  • 1 year later...

Police Can't Force You To Unlock Your Phone Using Face or Fingerprint Scan

https://thehackernews.com/2019/01/phone-fingerprint-unlock.html

Quote
Can feds force you to unlock your iPhone or Android phone?
 
..."NO"
 
A Northern California judge has ruled that federal authorities can't force you to unlock your smartphone using your fingerprints or other biometric features such as facial recognition—even with a warrant.
 
The ruling came in the case of two unspecified suspects allegedly using Facebook Messenger to threaten a man with the release of an "embarrassing video" to the public if he did not hand over money.
 
The federal authorities requested a search warrant for an Oakland residence, seeking to seize multiple devices connected to the suspects and then compel anybody on the premises at the time of their visit to unlock the devices using fingerprint, facial or iris recognition.
 
However, Magistrate Judge Kandis Westmore of the U.S. District Court for the Northern District of California turned down the request, ruling the request was "overbroad and neither limited to a particular person nor device."

[Let me add a few words here:

  1. Although I trust the site, they are not legal experts. This is one ruling in California.
  2. It is a fact that you cannot be forced to open your phone if secured with the less secure password/code. Nothing that is in your head. You can up until this point be forced to open your phone if you use the more secure physical methods like finger prints. This has been confirmed by many legal scholars. So outside of California, it may still be an issue.
  3. Lastly, I am currently training in cyber forensics and it has included the requirements for a search warrant, as we find evidence used in courts. Search warrants must be very specific about what they expect to find. Note I have bolded above how the judge found that the warrant was not limited to a person or device. They cannot have me open your phone because I happen to be in the room with you or your device.

That said, this is an important call made by this judge and I applaud it. I do not use fingerprint or facial recognition as I can be forced to open my phone, I use the less secure options so that I cannot be forced to open it.]

 

Link to comment
Share on other sites

Your Garage Opener Is More Secure Than Industrial Remotes

https://www.databreachtoday.com/your-garage-opener-more-secure-than-industrial-remotes-a-11950

Quote

 

Radio-frequency controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, making the devices prime targets for attacks that could shut down operations and possibly hurt workers, Trend Micro says in new report.
 
RF controllers, which are critical for safety, often use proprietary communication protocols that haven't kept pace with security threats. An attacker could spend less than $2,000 to build a battery-powered, coin-sized device that can take over an industrial device, Trend Micro claims.
 
The results from such an attack could be unavailable equipment, financial losses, and at worst, human injuries. The affected vendors include Saga, Juuko, Gain Electronic Co. Ltd., Telecrane, and Hetronic, Trend Micro reports.

 

 

Link to comment
Share on other sites

Data Breach Collection Contains 773 Million Unique Emails

https://www.databreachtoday.com/blogs/data-breach-collection-contains-773-million-unique-emails-p-2713

Quote

 

On Thursday, Australian information security expert Troy Hunt warned that a collection of email address and passwords combinations that's currently in circulation contains 2.7 billion rows.
 
He says the massive collection of breached data, called "Collection #1," appears to have been compiled from a hodgepodge of sources, and contains 773 million unique email addresses.
 
"It's made up of many different individual data breaches from literally thousands of different sources," Hunt writes in a blog post.
 
Hunt runs the free Have I Been Pwned service, which enables users to register their email address and receive an alert anytime the email shows up in a data dump that Hunt loads into the service. He says that of the 2.2 million email addresses that users have registered with Have I Been Pwned, about 768,000 of them appear in the Collection #1 breach, and thus his service is sending out that many notifications to affected users.

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Google Created Faster Storage Encryption for All Low-End Devices

https://thehackernews.com/2019/02/fast-adiantum-file-encryption.html

Quote

 

Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently.
 
Encryption has already become an integral part of our everyday digital activities.
 
However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster.
 
Since data security concerns have recently become very important, not using encryption is no more a wise tradeoff, and at the same time, using a secure but slow device on which apps take much longer to launch is also not a great idea.

 

 

 

Link to comment
Share on other sites

  • 2 weeks later...

How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link

https://thehackernews.com/2019/02/hack-facebook-account-password.html

Quote

 

It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction.
 
A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into clicking on a link.

 

 

 

 

Link to comment
Share on other sites

  • 1 month later...

AV-Test compares 19 Antivirus Tools: Windows Defender Reaches Maximum Detection Score

https://blog.knowbe4.com/av-test-compares-19-antivirus-tools-windows-defender-reaches-maximum-detection-score

Quote

 

The German AV-Test lab compared 19 antivirus products, including the free Windows Defender which comes with the Win10 OS. Defender reached the max detection score, which was better than a slew of commercial products. As we all know, AV home and commercial products use the same engines but enterprise tools come with a management layer.
 
The upshot of this test: Ultimately, 3 packages score the maximum 18 points: F-Secure, McAfee, and Symantec. Windows Defender gets 17, and does better than 8 other commercial packages.
 
AV-Test said: "During January and February 2019 we continuously evaluated 19 home user products using settings as provided by the vendor. We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Now you can use your Android phone as a physical two-factor authentication key

https://www.techspot.com/news/79607-now-you-can-use-android-phone-physical-two.html

Quote

 

What just happened? Google is allowing Android devices to be used as physical authentication keys. This will drastically improve the security when logging into Google applications and prevent phishing attacks. It also means that users don't have to buy a third-party physical token.
 
Good news for the security conscious among us. Google announced that any phone running Android 7.0 Nougat or higher can be used as a physical two-factor authentication (2FA) key. Before, physical authentication keys were limited to dongles like Yubikey or Google's own Titan Security Key. Note that this only works when logging into Google apps in Chrome browsers on Windows 10, macOS, and ChromeOS. Your computer must also support Bluetooth.

 

 

Link to comment
Share on other sites

  • 3 weeks later...

Android Q: New Security Features Unveiled…

https://www.stationx.net/android-q-new-security-features-unveiled/  

Quote

 

So far, headline changes in the revamped OS include Bubbles - an app notification feature that promises to make multitasking easier, native screen recording, a new sharing shortcut function, along with support for folding phones.
 
Beyond the usual incremental interface tweaks, Android Q also promises some useful security and privacy enhancements. Here’s a closer look at what we can expect – and at what’s behind the changes…

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...