I will start out by admitting that I hate Domain Privacy. But I just read a story in Naked Security on February 9th that is causing me to reevaluate my opinion. It turns out that the new White House press secretary, Sean Spicer, has a personal website at www.seanspicer.com. The website has been turned into a private site, but the WHOIS record ...
I read an interesting article on Naked Security the other day about how Hamas had used Facebook and social engineering tactics to trick Israeli soldiers into installing surveillance malware. The malware allowed Hamas to track the soldiers using the phone’s GPS, and to turn on the microphone and video to actually listen in and and watch their targets. Hamas undoubtedly picked up the ...
As a regular reader of this blog, you are probably using a long, unique, 20 character password with two-factor authentication, and a password manager to keep it all straight. But let’s say that you fall for a phishing scam, and give away the password to your email account. The attacker can now use your email account to request password reset emails from your other online accounts, and you have yourself one ...
Facebook has added USB key security to it’s two-factor authentication options. Previously, Facebook users could add the additional security of two-factor authentication to their account by using the Facebook app to receive a six digit one-time passcode, or by having the code sent to their smart phone via SMS text message. Facebook now supports the open-source Universal 2 Factor (U2F) standard established by the FIDO Alliance, such as the Yubikey from ...
Wow. Microsoft discovered some last minute issues with February’s Patch Tuesday update, and cancelled them. You can read about it on TechNet. They will be reissued at a later date, after suitable repairs are made.
As a user who had occasionally found myself on the wrong end of an update that caused my computer to misbehave, all I can say is “Thank you Microsoft.”
Continue Reading →
One of these URLs will open your Gmail account. The other will take you to a replica phishing landing page to steal your Gmail password. Can you tell which is which?
If you chose the first one as fake, and the second one as genuine, you ...
Continue Reading →
Crypto-ransomware continues to be one of the most popular money making exploits for cyber criminals. The reason for this is simple; its works, and the return on investment is quite high. According to a recent article in Naked Security, the score will reach $1 billion in 2017.
A poll by the IBM company found that nearly 50% of the businesses polled had been hit by ransomware, and of those 70% ...
Continue Reading →
If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. This is a security bug that could allow a remote attacker to access your router. This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.
Vulnerabilities such as this ...
Continue Reading →
The United States recently accused the Russian government of trying to influence US elections last November, and has expelled 35 Russian diplomatic officials and closed two Russian diplomatic facilities, one in New York City, and the other in Maryland, near Washington DC.
The Russians are denying any direct involvement, of course, and are laying the blame on Russian cyber-criminal groups. But we have ...
Continue Reading →
On Monday we attacked the utility of current password policies and standards. Today we will offer up an array of improvements.
To be truly effective from a security perspective, password policies need to be designed to withstand both online and offline password cracking methods. We discussed offline methods in our post last month, so we will not do more than recap them ...
Continue Reading →