Author Archives: securitips

FBI — Incidents of Ransomware on the Rise

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

FBI offers tips to protect yourself and your organization from this growing threat.

Source: FBI — Incidents of Ransomware on the Rise

Man jailed for failing to decrypt hard drives – BBC News

A man is held in prison for seven months after failing to decrypt two hard drives that investigators suspect contain indecent images of children.

A court order says the man will remain jailed “until such time that he fully complies” with an order to unlock the password-protected devices.

The US man, who has not been charged with possessing illegal images, is appealing against his detention.

Source: Man jailed for failing to decrypt hard drives – BBC News

Preparing a Digital Will for Your Passwords | The LastPass Blog

x

 

At some point in your life, you will likely have assets and investments that you need to make arrangements for in the event of your passing. You may also have children, spouses or other loved ones who need to be looked after if something happens to you. And at some point, you may need to care for a spouse or close family member, or put their affairs in order after they pass on.

Nothing can spare us the heartache of these life events, but you can prevent unnecessary difficulties and stress by planning ahead. When preparing a will, many of us focus on our monetary and physical assets. But what about social media accounts? Or email addresses? Or the myriad of online accounts we use to manage our lives, every day?

Making a “digital will” that includes passwords and other important digital details will go a long way in helping those who need to settle your affairs, or in helping you if you need to settle the affairs of others.

 

Source: Preparing a Digital Will for Your Passwords | The LastPass Blog

Wireless mice leave billions at risk of computer hack: cyber security firm

By Ben Gruber San Francisco, CA (Reuters) – Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other’s computers. It turns out its pretty far – 180 meters – the length of a city block in San Francisco.  The pair work for Bastille, a startup cyber security company that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack.  Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.  “They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer.

Source: Wireless mice leave billions at risk of computer hack: cyber security firm

Popular Android games unmasked as phishing tools

ESET researchers have discovered a new, ingenious, yet very simple Facebook phishing scheme: playable Android games that, before they are started, ask users to enter their Facebook credentials.

The researchers found two such games on Google Play. Cowboy Adventure, which has been downloaded and installed by half a million to a million Android users, and the less popular Jump Chess (1,000 – 5,000 installs). Both apps were offered for free.

Source: Popular Android games unmasked as phishing tools

Windows 10 “WiFi Sense” automatically leaks your wifi password to strangers

Even if you personally disable WiFi Sense on your own computer, anyone else connecting to your network (example: non-technical friend) will leak your password to all of _their_ facebook friends.The only way to opt out of this “feature” is to change the name of your SSID to include _optout at the end — or force EVERY SINGLE PERSON connecting to your network to disable the feature on their PC before connecting.

There is no other way to opt out.

Source: WiFi Sense FAQ

Is it time to finally get rid of the password? – Quartz

Passwords have existed as a means of security for millennia. And for most of their history, they’ve worked as advertised. But now that society has transitioned to digital, a massive market for stolen data has sent security experts scrambling to put out fires, all the while pleading with their clients to make their passwords more secure.

There may be a way to keep passwords and the convenience they provide without requiring people to do significantly more work. It’s called multi-factor authentication and it makes passwords work better by authenticating something else in addition to the password. It could be device authentication, knowledge authentication or even biometric authentication.

Source: Is it time to finally get rid of the password? – Quartz

Own-Mailbox, the first 100% confidential Mailbox.

 

Own-Mailbox is a home-plugged personal email server, with strong privacy protection measures integrated at its core. It provides self-hosted email addresses, or connects with your existing email address. In both cases you can seamlessly send and receive encrypted emails from anywhere in the world, through Own-Mailbox webmail, Smartphone app, or through an external email software (Thunderbird, Outlook, …).

Own-mailbox, is very easy to set-up and use: as easy as a gmail account.

Own-mailbox automatically encrypts your emails with Gnu Privacy Guard, a strong encryption software, the same software as used by Edward Snowden.

Own-mailbox allows you to send and receive 100% confidential messages even with people who don’t use email encryption yet. For this purpose we introduce PLM, a new technique consisting in sending to your correspondent, a filtered and temporary HTTPS link, pointing to your private message hosted on your Own-Mailbox.

Source: Own-Mailbox, the first 100% confidential Mailbox.

This Online Anonymity Box Puts You a Mile Away From Your IP Address | WIRED

ProxyHam: It’s designed to use a radio connection to add a physical layer of obfuscation to an internet user’s location. It connects to Wi-Fi and relays a user’s Internet connection over a 900 megaherz radio connection to their faraway computer, with a range of between one and 2.5 miles depending on interference from the landscape and buildings. That means even if investigators fully trace the user’s internet connection, they’ll find only the ProxyHam box the person planted in a remote library, cafe, or other public place—and not their actual location.

Source: This Online Anonymity Box Puts You a Mile Away From Your IP Address | WIRED

Critical vulnerabilities in Adobe Flash Player

Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015.

Source: Adobe Security Bulletin