Subscribe: Security News at A.P.Lawrence
http://aplawrence.com/rss/Security.rss
Preview: Security News at A.P.Lawrence

Security News at A.P.Lawrence



Security feed at aplawrence.com: Thousands of articles, reviews, consultants listings, skills tests, opinion, how-to's for Unix, Linux and Mac OS X, networking, web site maintenance and more..



Published: 2017-02-17T10:37:54+00:00

 



Hacking the new more secure credit cards by Anthony Lawrence
Security ;

In 2011, a bunch of the new "chip and pin" credit cards were stolen. The thieves physically modified the cards circuitry to accept any pin as valid, thereby letting them rack up almost $700,000 in fraudulent transactions.

Don't panic, because this particular hack method has already been blocked. But do think about how this was done: it was micro surgery on the cards innards. That's scary, because this particular modification was (relatively) simple and unsophisticated. What might the next one be?

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Logitech Circle Camera by Anthony Lawrence
Reviews,Security ;

This is an inexpensive ($199.00) "security" web cam for your home. I put that in quotes because it's soething that might function as that, but really is more suited to remote monitoring. However, because it records and stores 24 hours worth of video that you can review, you could possibly catch someone walking toward the camera before they picked it up and stole it.

That clip would be available to you from an iPhone or iPad app and clips can captured and emailed or posted to social media like Facebook.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Why should I trust The Cloud? by Anthony Lawrence
Forum,Security ;

Anonymous asks:

Why should I trust The Cloud? There is no cloud, it's just a computer that's located somewhere else!

Well, technically that "just a computer" part may not be true. For example, if you are using a service like Gmail or Office 365, it's not just one computer that provides the service. Your data is mirrored to other computers and they might be located on the other side of the world from each other. That's true for many web sites, too, even very small ones.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





I fell for a Microsoft phone scam. What should I do now? by Anthony Lawrence
Forum,Security ;

Anonymous asks:

I fell for a Microsoft phone scam. I let them access my computer, but didn't pay any money. What should I do now?

Do you feel lucky?

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





With security software, the cure can be worse than the disease by Anthony Lawrence
Malware,Security ;

So a recent Google blog post talked about some really bad things they found in Kaspersky Antivirus. Apparently having that software on your machine actually makes you vulnerable to drive by exploits - that is, your system can be p0wned just be visiting a website or getting an email - and not even reading it!

What's truly amazing about this is that some of the attack vectors are simple buffer overflow attacks. There's nothing new about buffer overflows; they are caused by sloppy code and the software industry has a long, tragic history of repeating that particular sloppiness again and again. It's beyond astonishing that a respected A/V vendor like Kaspersky would repeat these mistakes in their own code!

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Are you kidding me, Apple? by Anthony Lawrence
IOS,Security ;

So Apple has a stringent app review process? Really?

Then how do they explain corrupted apps getting through just because they were created by a bogus version of Xcode? Where's the "stringent review" in that process? There isn't any, and Apple wan't even the one to catch the apps - that was third parties who noticed the bad apps and reported them. Apple had no clue.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





How can I open eml files with Outlook? by Anthony Lawrence
Forum,Security ;

Anonymous asks:

How can I open eml files with Outlook?

You used to be able to double click on an eml file and have it open in Outlook. Microsoft changed this behaviour in Win 7 and now wants Windows Live Mail to open .eml files. However, many die hard Outlook users don't have Live Mail installed, so it doesn't work.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Is is safe to visit my bank if I'm using unsecured wifi? by Anthony Lawrence
Forum,Security ;

Anonymous asks:

Is is safe to visit my bank or other secure sites like Gmail if I'm using unsecured wifi?

All else being equal, that's every bit as safe as it is when using a secure network. There are some gotcha's in there, but those apply no matter where you are, secure network or not.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Take Control of Security for Mac Users by Anthony Lawrence
Books,Reviews,Security ;

Most Mac users don't worry much about security. That's foolish. Take Control of Security for Mac Users explains why and details what you should do to avoid becoming a victim.

I don't agree with all of the advice in this book. Particularly I don't like the suggestion to use a password manager. It's interesting that the author points out how dangerous it is to use Keychain for passwords (because it unlocks on login) but doesn't notice that hacking a password manager again gives access to everything else! Aside from that, everything else is worth at least considering.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Another router security flaw - netUSB by Anthony Lawrence
Security ;

Sigh - another security vulnerability by way of our routers. This one is idiotic for two reasons. One, it's a good old fashioned buffer overflow. A buffer overflow still allowed in 2015? It boggles the imagination.

More interesting is the purpose of the netUSB code. It's running on certain routers and its sole purpose is to allow storage attached to the router to be more easily accessed than it would be if attached to a machine behind the router. That's idiotic. A firewall router is supposed to help protect things, not expose them!

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Canary is a good idea at a ridiculous price by Anthony Lawrence
Security ;

The idea of a honeypot to trap and identify intruders isn't new, but this Canary box is using the concept as a sentinel: any sign of access plainly means that the network has been breached. The Canary is simply a warning: someone is up to no good.

Good idea. But the price is something else: $5,000 for a "start pack" that consists of "two Canaries, a dedicated console, and two annual licenses for alerts, support and maintenance.".

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Google helps you with privacy now and after you are gone by Anthony Lawrence
Security ;

Google has recently announced My Account, which is a page where you can control much of what happens when you interact with Google - even if you don't have a Google Account. You can tell Google that certain types of advertising are of no interest to you - for example, I killed off sports and several other categories. There's a privacy checkup that quickly shows you everything related to Google accounts. There's a lot more - it will take you some time to go through it all, but it is time well spent.

I enabled automatic email response if I haven't logged in for three months. That can be set as long as 18 months if you wish.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





The Moose Linux Router Worm is more like Bullwinkle, honestly by Anthony Lawrence
LinuxConnect,Security ;

I've been seeing frightening headlines about a new threat to Linux based routers. "Moose - the router worm with an appetite for social networks", "Dissecting the Linux/Moose malware", "Moose worm targeting Linux-based routers and systems" and more. Bar the door and get out the rifles, boys: we are under attack!

There's even an imposing list of "affected vendors": 3Com, Alcatel-Lucent, Allied Telesis, Avaya, Belkin, Brocade, Buffalo, Celerity, Cisco, D-link, Enterasys, Hewlett-Packard, Huawei, Linksys, Mikrotik, Netgear, Meridian, Nortel, SpeedStream, Thomson, TP-Link, Zhone, ZyXEL and more. Forget the rifles, we need cannons!

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Why use a VPN instead of opening ports? by Anthony Lawrence
Forum,Networking,Security ;

Anonymous asks:

I need to access my security cameras from home. My camera guys says we need to forward ports on the firewall, but my firewall guy says I should use the VPN instead. Who is right?

Well, there's nothing wrong with what the camera dude said: you can forward specific ports to internal IP addresses. Most firewalls allow that although they may refer to it in different ways. You might find it under "Gaming" on some firewalls, "Port Forwarding" on others, "DNAT (Destination NAT)", "Translation" - but whatever it's called, the concept is that the packets get sent to the specified internal machine. That's a very common way to gain access to internal devices like cameras.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.





Google Password Alert - barn doors and horses by Anthony Lawrence
Google,Security ;

I use two factor authentication everywhere I can. For those of you who don't know what that is, it means that your password by itself is not enough: after logging in, you are asked to enter a code that typically has been sent as text or by a phone call. Facebook uses a "code generator" app installed on your smart phone, but the concept is the same.

Two factor authentication is about as safe as we can do right now. I'd never say "impossible", but hacking that today would be very difficult. However, some people - too many people, unfortunately - simply will not use it. Maybe they can't - no phone, perhaps? Or maybe they find the extra security annoying, which really is a silly excuse, but people do foolish things and that's that.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.