This is not a new story, and I decided not to write about it when this “sale” of pilfered NSA hacking tools was offered last August by a group identified as the Shadow Brokers. But this story has taken an amusing turn, so I have included it in a Tuesday post.
The stolen trove of NSA goodies was originally offered as a winner ...
Continue Reading →
When I am doing a cybersecurity presentation, someone is bound to ask about the Dark Web. What is it, exactly, and how does someone get there? The how part we discussed on Friday. Linux Tails is a great tool for accessing and browsing the Dark Web, should you be so inclined. Before we delve into the Dark Web, let’s talk about the different parts of the web.
When you lose your login credentials to an online account, it can be devastating. Depending on what was compromised and what was lost, you may have an expensive and time-consuming task on your hands. So the bad guys took your user ID and password, or some other personal information. Was it worth it? There is an active resale market for this information, and ...
Hardening and securing WordPress websites is one of my specialties. We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence. I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured. Security appeared to be strong, but I wanted more.
I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...
Continue Reading →
If I can get your user name and password, I can easily break into and use your computer and network resources just as if I were you. Bruce Schneier wrote an article recently that discussed this issue. Many of the largest exploits are started with stolen credentials, the user name and password that we all use to access our computer, network, and ...
Computer breaches can happen many ways, but the two most common are stolen credentials, and phishing emails. Credentials, your user name and password, sometimes are stolen from a web server breach, and then sold online on the criminal marketplaces. Or sometimes you are tricked into giving them up on clever fake websites. Phishing is one way that credentials are stolen. The links in phishing emails often will direct the unwary user to the fake web page with the helpful web ...
Continue Reading →The cyber-criminal underground has found a real moneymaker in the various forms of encryption based ransomware schemes. These exploits turn all your readable work product, your documents, pictures, music and video files, into a collection of encrypted gibberish, and then kindly offers to sell you the decryption key. I recently saw an infographic from Symantec on the Bromium blog that illustrated the problem perfectly.
One of the very worst breaches that can happen to you is for an attacker to be able to access your email account. If someone else can access your email, and read the messages you send and receive, and access your contact list and calendar, then they can learn many personal details about you that would make it easier to steal your identity, access other web accounts using the password reset ...
A recent rule by the Supreme Court has given the FBI authority to hack your computer if it is inadvertently part of a criminal botnet. Recent changes to a procedural rule known as Rule 41 allows the FBI to obtain a search warrant to use “network investigative techniques” or NIT (or more commonly called hacking) to search computers engaged in criminal activity anywhere in the world. This includes innocent computer ...
You took the red pill, and now you want to see how deep the rabbit hole goes. You spend a lot of time on computers, and use them for things that your friends think are odd. You are on your third Raspberry Pi project. You are running Linux on at least one computer. Now you want to learn the light and dark arts ...
