▼
Thursday, July 31, 2014
Microsoft EMET 5.0
If you want to improve Windows security, and you are a power user, you should be using EMET. Now allows blocking of plugins per application, aka no calls to java via Word.
Jimmy John's Sandwich may have suffered data breach
A breach may have occurred. If you used your credit card at JJ's recently, you might want to call your card company to make sure all is well.
BadUSB's debut at Blackhat
A new vulnerability will allow USB devices to impersonate other USB devices such as keyboards or networking cards, allowing covert/malicious attacks.
CIA did monitor the Senate
"The head of the Central Intelligence Agency has apologized to leaders of the Senate Intelligence Committee after determining that his officers improperly accessed computers that were supposed to be available only to committee investigators"
Internet.Org’s App With Free Access
Facebook and Google "free" to 3rd world phones, but not twitter.
Tuesday, July 29, 2014
Android Fake ID Vulnerability
"Researchers named the flaw "Fake ID" because it allows malicious applications to pass fake credentials to Android OS, which fails to properly verify the application's cryptographic signature."
OKCupid's Social Experimentations
"Guess what, everybody: If you use the Internet, you’re the subject of hundreds of experiments at any given time, on every site," site co-founder Christian Rudder wrote before unveiling three so-called experiments that he had recently conducted unbeknownst to the general public."
Sunday, July 27, 2014
Thursday, July 24, 2014
New "Mayhem" *nix malware attacks Linux and FreeBSD
Sophisticated new malware turns servers into bots. Make sure you patch your unix-like boxes.
Resistive Random Access Memory (RRAM)
Doesn't require continuous power for storage, easier to stack allowing greater densities.
Apple responds to "Back Doors" in IOS
They says it's for diagnostic purposes. Original forensic expert responds to their claims.
Wednesday, July 23, 2014
MailPoet vulnerability endangers Wordpress, Joomla
the vulnerability in MailPoet, a WordPress plugin with more than 1.7 million downloads, allows attackers to upload any file of their choice to vulnerable servers
Dropbox on privacy of stored data
" Dropbox told The INQUIRER that users concerned about privacy should add their own encryption. The firm warned however that if users do, not all of the service's features will work"
Gizmo to protect your car from hackers
$150 dollars, some skill required. Hopefully car makers will increase security in their products.
Tuesday, July 22, 2014
Credit card loss at Goodwill
Customers may have had their info stolen. https://krebsonsecurity.com/2014/07/banks-card-breach-at-goodwill-industries/
Monday, July 21, 2014
Sunday, July 20, 2014
Friday, July 18, 2014
Chrome 37 on Windows, better font rendering.
That’s because the Chrome 37 Beta now supports Microsoft’s DirectWrite API, a technology that improves the way fonts look on modern screens.
Indexeus, the new "hacker" search engine...
Who are Indexeus’s target customers? Denizens of hackforums[dot]net, a huge forum that is overrun by novice teenage hackers (a.k.a “script kiddies”) from around the world who are selling and buying a broad variety of services designed to help attack, track or otherwise harass people online.
Thursday, July 17, 2014
MIT's "FastPass" routing scheme
"Fastpass arbiter with just eight cores can be used to manage a network transmitting 2.2 terabits of data per second, according to the researchers"
Apple patent application for "behavior based security"
"different users use their phones differently, and based on that, Apple’s patent describes a system in which the phone will be able to detect when someone else who is not the owner is using the device"
Make sure to pay your registrar, Sony's DNS problems
Sony forgot to pay the yearly fee for the domain that holds their DNS servers.
Bing, Google and the right to be forgotten
Users of Google and Bing can ask to have their information excluded from search results. How do they guarantee the identity of the requester?
Wednesday, July 16, 2014
Tuesday, July 15, 2014
US House approves ban on Internet access taxes
No state, federal, or local taxes on Internet access.
USA: "All ur data belong to us"
"In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border."
Microsoft, "Use weak passwords for non-important sites."
It's too difficult for the average person to have strong passwords for all sites.
Google's Project Zero to fight "evil" on the Internet
A new team to improve "security" on the Internet.
Oracle releases patches
Critical fixes for Java and other products. Update Java or get rid of it if you can.
Sunday, July 13, 2014
Windows Start Menu returns
Leaked builds of the latest beta of the next version of Windows show the Start Menu is back.
Friday, July 11, 2014
AVG "Secure" Toolbar introduces vulnerability
If you install AVG antivirus you will be prompted to install the AVG Toolbar, uncheck the box.
Microsoft's new "vision"
"Sharpening its “devices and services” strategy to focus on “productivity and platforms.”
Wednesday, July 9, 2014
Tuesday, July 8, 2014
Android "Factory Reset" doesn't securely delete phone's contents.
If you are getting rid of your phone, a factory reset won't prevent someone from "undeleting" your files. Make sure to use something that securely deletes files.
Adobe Patches Flash Player
All users should upgrade. Chrome automatically patches it's copy of Flash. Windows 8 provides Flash patches for Internet Explorer.
Monday, July 7, 2014
Police dogs finding hard drives
Looking for child pornography, police dogs can be trained to find electronic storage.
Charge your devices before flight.
"Dead" electronics no longer allowed on flights. Officials need to be able to see they are working.
Wednesday, July 2, 2014
Symantec says Dragonfly hackers attacking critical infrastructure networks
Electrical grids, power plants, and oil pipelines are ongoing targets.
Microsoft improves Outlook.com security
Improvements to encryption on inbound and outbound emails. OneDrive and Outlook now using Perfect Forward Secrecy.
Tuesday, July 1, 2014
Microsoft's No-IP DNS Flub
Microsoft was granted control of the dynamic DNS provider No-IP's domain in order to take down some malicious botnets. Their solution didn't handle the volume of DNS requests, and now many users are w/o DNS service for their NO-IP domain.