Information Security Forum Topics

Guardian newspaper columnist [Dawn Foster](https://twitter.com/DawnHFoster) posted images on Twitter this weekend showing how she was able to login to the official Conservative party conference app as Boris Johnson, until recently the UK Foreign Secretary. Not only was there no password required to login to the app, all that was required was an email address, but once in all the details of user registration were accessible. So, in the case of Alexander Boris de Pfeffel Johnson (yes, that is his real name) that meant contact details such as his mobile phone number. It also meant that the logged in user could …

I've been writing about various security risks in the health sector for many years now. Usually my articles cover patient privacy, data protection and health provider network insecurity issues. Occasionally, they spill over into darker territory where the cyber risk morphs into a very real one as far as the health of the patient is concerned. Take my story at SC Magazine a couple of years ago which reported how researchers at Rapid7 had uncovered vulnerabilities in an insulin pump that had the potential to change the dosage supplied. Sure, the actual risk of exploit was low given that an …

A survey of attendees at Infosecurity Europe earlier this month showed 70 percent in favour of the dictionary definition (in this case the Cambridge Dictionary) of a hacker being amended. The amendment in question being to remove 'illegality' from the definition. The current definition of a hacker is "a person who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems". So what do you reckon, DaniWebbers? Is it time that hacker was reclaimed entirely (rather than relying upon black and white labels) and if so what word should replace it as …

I think the community in general will benefit from this discussion. I have an IT horror story I would like to tell everybody about. Additionally I have discovered some solutions to some IT problems, which may have been faced by others in the community. A few years ago I started going to college, and got wholluped by a gang of social engineers in the omaha/bellevue area. Unbenounced to me they were actually preforming skits on me in order to preform black mail attacks at a later date. Now you may believe that if you aren't doing anything wrong you should …

In case you missed it Google has a serious problem with Symantec SSL certificates and is removing their Greenbar status in Chrome as well as rolling out "not trusted" notices for sites using mis-issued certs by Symantec. https://techcrunch.com/2017/03/27/google-is-fighting-with-symantec-over-encrypting-the-internet/ In response to the problems Namecheap is offering free replacement of the certificates - you get whatever time is left on your Symantec SSL certificate on a Comodo SSL for free. https://www.namecheap.com/security/symantec-ssl-certificate-free-replacement.aspx

HELP!! I have a windows server 2012 r2 . I can still use my server until i fell asleep and now woke up, And can't log in to my administrator account. I didn't change password at all, i use the same password and i'd make sure that it is correct. But still not working. Only i can access the guest account. I research and tried some tutorials but not working. I don't have installation CD and my physical back is already affected by AMNESIA file, can't copy because it needs admin rights. I found out that all of my files …

Hi. I'm concerned an ex has installed spy software on my computer (and maybe iPhone, but that's for another thread). I've spent days reading about it and I'm not really any closer to figuring out if this is the case, and if so how to uninstall it. Any help would be much appreciated!

Last year, CryptoLocker ransomware [hit the headlines](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/470427/cryptolocker-250k-infections-in-100-days-nets-300000-or-does-it) after infecting hundreds of thousands of computers and encrypting the data, and backups of that data to any connected device, with the promise of decryption on payment of a fee. This kind of IT extortion is profitable for the bad guys as it targets the people who are least likely to be in a position to do anything but pay; the people who are most likely to get infected are the same folk who are least likely to have an offsite backup or know how to get help with such a problem. This …