Author Archives: securitips

Preparing a Digital Will for Your Passwords | The LastPass Blog

x

 

At some point in your life, you will likely have assets and investments that you need to make arrangements for in the event of your passing. You may also have children, spouses or other loved ones who need to be looked after if something happens to you. And at some point, you may need to care for a spouse or close family member, or put their affairs in order after they pass on.

Nothing can spare us the heartache of these life events, but you can prevent unnecessary difficulties and stress by planning ahead. When preparing a will, many of us focus on our monetary and physical assets. But what about social media accounts? Or email addresses? Or the myriad of online accounts we use to manage our lives, every day?

Making a “digital will” that includes passwords and other important digital details will go a long way in helping those who need to settle your affairs, or in helping you if you need to settle the affairs of others.

 

Source: Preparing a Digital Will for Your Passwords | The LastPass Blog

Wireless mice leave billions at risk of computer hack: cyber security firm

By Ben Gruber San Francisco, CA (Reuters) – Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other’s computers. It turns out its pretty far – 180 meters – the length of a city block in San Francisco.  The pair work for Bastille, a startup cyber security company that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack.  Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.  “They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer.

Source: Wireless mice leave billions at risk of computer hack: cyber security firm

Popular Android games unmasked as phishing tools

ESET researchers have discovered a new, ingenious, yet very simple Facebook phishing scheme: playable Android games that, before they are started, ask users to enter their Facebook credentials.

The researchers found two such games on Google Play. Cowboy Adventure, which has been downloaded and installed by half a million to a million Android users, and the less popular Jump Chess (1,000 – 5,000 installs). Both apps were offered for free.

Source: Popular Android games unmasked as phishing tools

Windows 10 “WiFi Sense” automatically leaks your wifi password to strangers

Even if you personally disable WiFi Sense on your own computer, anyone else connecting to your network (example: non-technical friend) will leak your password to all of _their_ facebook friends.The only way to opt out of this “feature” is to change the name of your SSID to include _optout at the end — or force EVERY SINGLE PERSON connecting to your network to disable the feature on their PC before connecting.

There is no other way to opt out.

Source: WiFi Sense FAQ

Is it time to finally get rid of the password? – Quartz

Passwords have existed as a means of security for millennia. And for most of their history, they’ve worked as advertised. But now that society has transitioned to digital, a massive market for stolen data has sent security experts scrambling to put out fires, all the while pleading with their clients to make their passwords more secure.

There may be a way to keep passwords and the convenience they provide without requiring people to do significantly more work. It’s called multi-factor authentication and it makes passwords work better by authenticating something else in addition to the password. It could be device authentication, knowledge authentication or even biometric authentication.

Source: Is it time to finally get rid of the password? – Quartz

Own-Mailbox, the first 100% confidential Mailbox.

 

Own-Mailbox is a home-plugged personal email server, with strong privacy protection measures integrated at its core. It provides self-hosted email addresses, or connects with your existing email address. In both cases you can seamlessly send and receive encrypted emails from anywhere in the world, through Own-Mailbox webmail, Smartphone app, or through an external email software (Thunderbird, Outlook, …).

Own-mailbox, is very easy to set-up and use: as easy as a gmail account.

Own-mailbox automatically encrypts your emails with Gnu Privacy Guard, a strong encryption software, the same software as used by Edward Snowden.

Own-mailbox allows you to send and receive 100% confidential messages even with people who don’t use email encryption yet. For this purpose we introduce PLM, a new technique consisting in sending to your correspondent, a filtered and temporary HTTPS link, pointing to your private message hosted on your Own-Mailbox.

Source: Own-Mailbox, the first 100% confidential Mailbox.

This Online Anonymity Box Puts You a Mile Away From Your IP Address | WIRED

ProxyHam: It’s designed to use a radio connection to add a physical layer of obfuscation to an internet user’s location. It connects to Wi-Fi and relays a user’s Internet connection over a 900 megaherz radio connection to their faraway computer, with a range of between one and 2.5 miles depending on interference from the landscape and buildings. That means even if investigators fully trace the user’s internet connection, they’ll find only the ProxyHam box the person planted in a remote library, cafe, or other public place—and not their actual location.

Source: This Online Anonymity Box Puts You a Mile Away From Your IP Address | WIRED

Critical vulnerabilities in Adobe Flash Player

Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015.

Source: Adobe Security Bulletin

Even with a VPN, open Wi-Fi exposes users | Ars Technica

Those moments between Wi-Fi connect and VPN launch can give away a lot.

By now, any sentient IT person knows the perils of open Wi-Fi. Those free connections in cafes and hotels don’t encrypt network traffic, so others on the network can read your traffic and possibly hijack your sessions. But one of the main solutions to this problem has a hole in it that isn’t widely appreciated.

 

But there is a hole in this protection, and it happens at connect time. The VPN cannot connect until you connect to the Internet, but the VPN connection is not instantaneous. In many, perhaps most public Wi-Fi sites, your Wi-Fi hardware may connect automatically to the network, but you must open a browser to a “captive portal,” which comes from the local router, and attempt to gain access to the Internet beyond. You may have to manually accept a TOS (Terms of Service) agreement first.

In this period before your VPN takes over, what might be exposed depends on what software you run. Do you use a POP3 or IMAP e-mail client? If they check automatically, that traffic is out in the clear for all to see, including potentially the login credentials. Other programs, like instant messaging client, may try to log on.

 

Configuring firewall software on your PC to block non-VPN traffic isn’t all that easy. It varies across operating systems and products, and it may not even be possible in Windows 8.1. On Windows, here’s a summary of what you’d need to do:

  • Connect to the VPN of your choice using the normal procedure for that product.
  • In the Network and Sharing Center in Control Panel, make sure the VPN connection is set as a Public network, and the home or public Wi-Fi network is set as Home or Office (Home is better). (In Windows 8 and later this can be problematic unless the network connection is brand new, because Windows 8.x provides no user interface with which to change the location type—so the whole exercise may be impossible—unless you first delete and recreate all your network connections.)
  • Finally, in the Windows Firewall in Control Panel go to the Advanced Settings. Create a rule to block all programs from connecting on Public networks. Then create a rule to allow both the VPN program and the browser you want to use for the captive portal to be allowed to connect on Public networks. You will need to set these rules both for inbound and outbound connections.

Source: Even with a VPN, open Wi-Fi exposes users | Ars Technica

Encrypting Windows Hard Drives – Schneier on Security

“Encrypting your Windows hard drives is trivially easy; choosing which program to use is annoyingly difficult… Based on what I know about BitLocker, I think it’s perfectly fine for average Windows users to rely on, which is especially convenient considering it comes with many PCs. If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway. ”

Source: Encrypting Windows Hard Drives – Schneier on Security