Last week we talked about the impossibility of keeping secrets over the long term, the liberation of secret information by groups or individuals who just wanted the secrets exposed. A close cousin, conceptually, is privacy. At this point, there is no privacy anymore, not really.
Time was when your life was largely unknown, and privacy was an easy thing to have. But this is ...
Continue Reading →Hacker movies are one of my favorite genres, and have been for a long time. Go figure. One of my favorites from the “olden days” is the 1992 movie “Sneakers.” In this movie Robert Redford and his merry band of cybersecurity testers are tasked with the recovery of a mysterious “black box” which basically can solve for any type of encryption that was in use at that time. At one point in the movie the blind hacker discovers ...
Continue Reading →
EMV or “chip and PIN” cards have a much higher level of security built right into the card, and have been in common use in Europe for over a decade. For some reason (too expensive to implement? Really?) the United States has continued to use the horribly insecure magnetic stripe credit card, which is why exploits like the Target Christmas card breach are even possible.
On October 1st, the United States will FINALLY ...
Continue Reading →On Monday we looked at the origins of TOR, and on Wednesday we looked at how TOR works. Today we tackle some of the vulnerabilities that have been discovered about TOR.
So just how did the FBI beat the anonymity of TOR? The story is a complicated one, and has not been fully revealed by the FBI. Although in the ...
Continue Reading →This is the second of a three-part series of articles about TOR. On Monday we took a look at the surprising origins of the TOR network. Today we will be taking a look at how TOR works.
To use TOR, a person just needs to go to The TOR Project , and download an install the TOR web browser. Then it makes sense to read the TOR warning document. The rules include:
TOR or The Onion Router is one of the greatest anonymizer services available on the Internet, and allows anyone to use the Internet without revealing their source IP address, and through that, their location. Yet as recently as last November, when the FBI took down the Silk Road server and arrested its operator , and Interpol followed up with the seizure of 400 Dark Web marketplace sites and the arrest ...
Just a quick note to my WordPress pals – the latest update, WordPress 4.2.3, has an import fix for a cross site scripting (XSS) vulnerability that leaves your site vulnerable to attack. According to Sophos:
Continue Reading →“The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted
I recently accepted the position of Secretary in the Twins Cities chapter of the International Information Systems Security Certification Consortium (ISC)2-TC, and in order to send me the passwords for certain online chapter assets, it was requested that I sigh up for the password management product, LastPass. I have written previously about LastPass, KeePass, and RoboForm as recently as June ...
If you are using the paid version of AVG Internet Security as your endpoint security solution, you will see a pop-up over the next week that will take you to a page providing instructions for upgrading your AVG to remain compatible with the new Windows 10 operating system. Evidently it is important to be upgraded to AVG Internet Security 2015.
Since ...
Continue Reading →So you bought yourself a new computer. It has everything, a touch screen, built in WiFi and Bluetooth, anything you could want. And a whole bunch of stuff you didn’t want, in the form of pre-installed software programs, trial-ware, and other bloat-ware and crap-ware that causes an unrelenting stream of pop-ups asking you to purchase and activate these mostly worthless programs.
