There is a new encryption ransomware exploit hiding inside a spoofed copy of the popular Chinese game “King of Glory.” Right now, this malware is affecting users in China, but it is a matter of time before another cyber-criminal group modifies it for English speaking victims.
This game is available on international gaming forums, and is being spread when gamers download a copy to ...
Continue Reading →
Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT). Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point. If only the people who are designing these devices, ...
Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals. The likelihood is that this has already happened to you, and if not, it will happen eventually. And if it has happened, it will probably happen again. Why is this?
Even if you never click on a phishing email, and ...
Continue Reading →
Passwords are not dead – not yet. But they are on life support. They are no longer enough to truly secure anything on their own.
I just read an sobering, eye-popping article on NetMux that discussed easy ways to crack passwords that are longer than 12 characters.
What makes this so disheartening for me is that I have been telling everyone to increase their password length ...
Continue Reading →
On Wednesday we took a broader look at the web browser. Today we are going take a deeper look at the Opera web browser, because they are doing some interesting things with privacy, security, and functionality.
As I mentioned towards the end of Wednesday’s post, I am having concerns with my deep relationship with Google. Google for me has been like a really great girlfriend who anticipated my every need, and has now become just ...
Continue Reading →
On May 25 2018, new regulations will go into effect in the European Union called the General Data Protection Regulation (GDPR). If you are doing business in Europe, this will affect your business. If your website collects personal information and other data from European site visitors or customers, this will affect your business.
The Europeans take personal privacy, especially online privacy, much more ...
Continue Reading →
Crypto-ransomware continues to be one of the most popular money making exploits for cyber criminals. The reason for this is simple; its works, and the return on investment is quite high. According to a recent article in Naked Security, the score will reach $1 billion in 2017.
A poll by the IBM company found that nearly 50% of the businesses polled had been hit by ransomware, and of those 70% paid ...
Continue Reading →
The House Judiciary Committee’s Encryption Working Group has released a report that comes out in favor of strong encryption, and opposed to the daft notion of creating encryption “backdoors” for law enforcement and government to use. As we have expressed in this blog previously, the concept that the secret backdoor keys could somehow be kept securely, when nothing else seems to be able to be kept secret, is the main fatal ...
SHA-1 or Secure Hashing Algorithm 1 was developed in 1993 by the National Security Agency (NSA). It has been used to provide both hashing functions and digital signatures that validate that a certain document, web site, or other resource is genuine, original, and unchanged.
SHA-1 is used in common services such as SSL (secure websites) and TLS (secure email). There has been discussion about the low security of SHA-1 going back to 2005. ...
Continue Reading →
The answer to this question is complicated, but not impossible to understand. The first thing to know is that most passwords are not cracked by guessing, or trying thousands of possibilities one at a time on a typical login screen. Most systems will lock the account after a certain small number of failed attempts, like 5 or 6. This makes the kind of password ...