I discovered a while ago that my LG smart phone can be used fairly easily to make a surreptitious video of a meeting simply by turning on the video camera and slipping the phone into a shirt pocket. The camera lens clears the edge of the pocket nicely, and there is no indication, at least on my phone, the the camera is rolling. This is a great way to keep a record that ...
Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going. This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences. I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference. Here are some highlights and ...
Maybe you like the idea of two-factor authentication, but the Google Authenticator smartphone app seems too cumbersome. Or maybe you are not a smartphone owner, because you don’t like the idea of a phone that can track your location to within a few feet, and keeps sharing all your personal data with the apps on your phone. So you own a flip phone ...
Google Authenticator is my favorite go-to app for setting up two-factor authentication. But what if you want to remove an account from Google Authenticator?
I set up two-factor authentication for Facebook and the Authenticator app did not work. So I tried again, and ended up with two accounts on the Authenticator list, neither of which worked. This pushed other working accounts down far enough ...
Continue Reading →Hardening and securing WordPress websites is one of my specialties. We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence. I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured. Security appeared to be strong, but I wanted more.
I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...
Continue Reading →We have all received a fake tech support call from someone claiming to be a Microsoft employee. Now there is a new twist on the scam involving a fake screen pop-up and tech support fakers who claim to be from your Internet service provider. Google has an extensive collection of fake tech support pop-ups, these are all fake. Take a look.
We have reported on this issue several times in this blog. Like here and here and ...
Continue Reading →
One of the easiest ways for an intruder to learn about you is through a compromised email account. And since most email is transmitted in the clear or in plain text, it is a simple thing for a bad actor to read intercepted email traffic. Encrypting your email makes it harder for criminals, competitors, law enforcement, and government spy agencies to read your email messages.
You can set up secure email yourself ...
Continue Reading →
I very rarely will publish a news item or statistics, because we focus on discussing vulnerabilities, exploits, and countermeasures and leave the cyber news to others. This report is important enough I had to share it.
On June 14th the Internet Crime Complaint Center of the FBI reported loss numbers for businesses that succumbed to the “Business Email Compromise” scam. This scam works when an attacker is able to get ...
Continue Reading →
The Apple OSX platform has long held the cache of being invulnerable to attack. Cyber-criminals have be crafting more exploits to target Macs, iPhones, and iPads, especially since 2012. The reason for this, as explored in a recent article on SiliconBeat, is that Apple users tend to have more disposable income. If you willingly pay more to have “the best” or ...
Research shows that over 90% of network breaches happen when an employee falls prey to a phishing email, clicking on the offered link or opening a file attachment, becoming infected with a remote access Trojan, and creating an entry point for the attacker. If only we could get people to stop falling for phishing emails!
This is really not such a hard thing to do. ...
Continue Reading →