I have developed some expertise around the area of WordPress security. One of my clients has a WordPress site under development, and recently the web designer changed the name of the login URL from https://clientsite.com/wp-admin to https://clientsite.com/A9u3ycGH37. Basically, the wp-admin page name had been replaced with random characters. I found out when I tried to log in using the usual URL. I wondered ...
Thank God this hasn’t happened here in the United States (yet). It is not for lack of trying by US law enforcement agencies, though. What am I talking about? Australia recently passed the controversial and totally STUPID anti-encryption law called Telecommunication & Other Legislation Amendment (Assistance & Access) Act of 2018 (TOLA).
TOLA is supposed ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Information on trends in technology for drones, security robots, artificial intelligence, security smart homes, and securing IoT.
The landmark decision asserts the same 4th and 5th amendment legal protection for biometrics that we’re given for passcodes.
US-Cert recently released the following warning to businesses, governmental units, and other organizations who contract their computer support to computer support companies that are known as Managed Service Providers or MSPs. An MSP provides support principally by using remote monitoring, remote access, and remote control software products. They install a monitoring tool called an “agent,” and a command and control device on ...
This article is an amusing collision between our last two topics – the problems with two-factor and multi-factor authentication and our four-part story on Google’s data mining habits. Google has developed and released their Titan MFA security key as a more secure way to implement multi-factor authentication that can’t be attacked through phishing and man-in-the-middle exploits. So if you can ...
A quick Saturday digest of cybersecurity news articles from other sources.Here are a couple of tiny, portable security devices that provide hardware firewall, VPN, and TOR capability. Check them out.
10/25/2018 09:15 PM EDT Original release date: October 25, 2018
The Federal Trade Commission (FTC) ...
Continue Reading →
If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form. This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.
I have been an advocate for password managers. They are part of the solution to ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.
From the About Damn Time Dept.
Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users). Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users. Sometimes we allow ...
A quick Saturday digest of cybersecurity news articles from other sources.08/10/2018 08:25 AM EDT
Original release date: August 10, 2018
As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in touch with family and friends, there are risks associated with using them. However, ...
Continue Reading →