Latest Information Security Posts

Mr.M 62 Future Programmers

Hi DW.

Well I'm very much interested in the data protection and also giving the best privacy to the public where we protect your passwords. I've seen something that Firefox had introduced to their browsers with also their Apps. This is called LockWise which is a tool to sync your passwords with your other devices.

Now as we are in the 4IR I personally think that such information shouldn't be shared purely with other devices because what will happen when you are not in front of those devices?

Worst of them all we all know that browsers don't encrypts the passwords so this to me opens a very huge security loophole because a person with access to let say your computer can see and copy your passwords as the browsers saves the actual passwords.

With that in mind check BRIWPED on YouTube see the demonstration on this live. I think as we are in the 4IR the only person should know the actual password is the owner only. I don't see a reason why would we still submit the actual password over the internet whereas we can only use the encryption systems like BRIWPED to ensure that only the salts is sent and on the server the encryption MD5 or encrypted RSA1 or any encryption is used so that even on the server there will be no actual user password is received but rather the MD5, RSA1 or any other.

This will make it more harder to hack provided that ...

I think what's next on this issue or on this kind of hack, I think they will change or advance from sim swop to hacking the actual phones without our knowledge.

Take a look at this, on your mobile you download an App then on the installation process it ask you to grant it permissions to all the technologies it will need or use that also including reading your SMSs, your phone book contacts, and sometimes even your location.

Now to me that's a very dangerous acts just like how WhatsApp does when you installing it, you login, then it sends you an SMS with the OTP, but as soon as that SMS reaches your system tray it reads it and get the code. So for a hacking App I think it can also do the same when they are spying on you for your banking details because as we are in the 4IR we have seen even banks push people to bank digital mostly their mobile Apps.

Now to me that look like the next big hit we should be prepared of as it is coming and it will hit very badly because I'm not yet sure if its possible to get the message on system tray then instantly remove it so it doesn't notify or ring the notification but if that's possible then people might really lose money and don't get notifications on their Apps because these Apps would get it first then remove it so not to ...

rproffitt commented: "Get that person an upvote." In reference to the Shareit comment. That's banned on some forums. +15

CNET reports at https://www.cnet.com/how-to/sim-swap-fraud-what-it-is-why-you-should-care-and-how-to-protect-yourself/
on January 19, 2020 about this rather awful exploit.

At first glance, it seems somewhat harmless. But when you consider that most of us have our phone numbers linked to our bank, email and social media accounts, you quickly begin to see how easy it would be for someone with access to your phone number can take over your entire online presence.

There's more at the linked articles but if you tie your banking, bitcoin, email and get this, Two Factor Authentication to your phone, you would be a a world of hurt.

That's one of my be take aways is that SMS 2FA is fundamentally broken by the SIM SWAP EXPLOIT.

I've been hearing with this even here in RSA, people are complaining with this, I just wonder how they do it because it seems as if the victim is totally not aware of such.

rproffitt commented: Victims become aware when the losses happen. The SimSwap issue has changed my mind about using my smart phone for more than phone and games. +15

I like this post, plz more

If you are using the windows defender you no need to worry for virus as we know it provides the same protection as other antivirus softwares but if you go for any other paid antivirus software you will get some extra features like internet security, clear cache etc .The only difference is that it provides you full package in one software.

So you think Minority Report is the future or marketing?

Reverend Jim commented: My arms are tired just thinking of it. +14

Businesses all over the world are trying to figure out how to make the most of their digital marketing campaigns. The rise of influencer marketing is quite significant, and many celebrities that charge hundreds of thousands of dollars per Instagram post. However, many companies are already interested in figuring out how to use augmented reality (AR) for their future marketing and advertising campaigns. While augmented reality might not be as prevalent as some have predicted, there are still powerful corporations interested in utilizing it to their advantage.

Of course, this doesn’t mean that consumers will start purchasing products and/or services simply because they enjoyed an augmented reality commercial or advertisement of some kind. Augmented reality offers some incredible use cases in the digital marketing space, regardless of whether it’s “trendy” or not. Here are some ways that augmented reality will revolutionize the digital marketing space shortly.

An Interactive Customer Experience

One of the most incredible aspects of augmented reality is that it lets customers “try out” the product without actually purchasing it. One of the most well-known examples of using AR as a marketing tool is the fact that Ikea allows customers to actually see what products would look like in their home. Ikea - for those who don’t know - is a European multinational group that sells billions of dollars worth of furniture annually.

In fact, Ikea rolled out an app in 2017 that allows users to see what different furniture would look like in their home, thanks ...

I don't see how you can avoid any possibility of trouble. You could reveal more or decide not to write Jeffrey Epstein didn't kill himself or "Free Hong Kong." Now that I've written this you can too?

Thanks for your answer.

If you live in fear over all this, why would you create such a site?

Actually I was not aware of that I might be hold responsible for hackers' activity/data leakage on my website when I first decided to make a website, now still I want to create a website but want to be sure that it will not put me in trouble.

Let's cover a few items.

  1. Passwords. If you store passwords in the old bad way of plain text then you deserve the grief and trouble. This area is well discussed and there is no longer any excuse to leak passwords.
  2. URLs. Since you don't control what's on other sites and this may vary by country you are not liable UNLESS you are a site about illegal activities which is on its own a quagmire since what is legal here may be illegal in another country.
  3. If you live in fear over all this, why would you create such a site?

I am thinking about making a website on a VPS. I've read on internet that if someone hacks my website and puts a malware into links or if he steals personal information(including passwords), not only hacker but the owner of the website is responsible too and a lawsuit may be opened against him/them and may pay big fines.

If this is true then I really don't understand how so many people create websites and taking this risk.There may be no lawyer in this forum but I am asking to other people too, to webdevelopers(or people who want to be a webdeveloper) or people who have a website if they know about the laws/policies related to this and how they take the risk.

It appears you do this lock in code. Examples are out there so here's the google that notes how to lock items.
https://www.google.com/search?q=How+to+lock+Access+2010+record+after+it+has+been+saved

dave.wright Newbie Poster

I looking to create a database form for people to create receipts to issue to customers but I need to be able to lock the record so that it can't be edited once it has been printed and saved. How can I do this?

My only complaint with WD is the time it takes to scan a folder in Explorer. How may times does WD have to scan my downloads folder before it is happy with the results? It would be nice if I didn't have to wait for 30-60 seconds to see my files with nothing to watch but a slowly advancing green progress bar. It doesn't do this every time but I have yet to determine what causes WD to decide a new scan is needed.

We changed to WD in 2015 and no infections so far. Now this doesn't work for a few that torrent apps and disable WD so if you have someone that pushes their luck then they will have issues no matter which antivirus system they use.

The last couple of reviews I read had Windows Defender (WD) rated as near the top with very little difference between WD and the top rated. I've been using WD exclusively on my computers and those of family members. We haven't had a single infection in three years or more.

I have a question for those who are looking for bugs and vulnerabilities for money. How are you looking for customers? Is it freelance or a permanent job or a hobby? I found one blockchain project that offers to find vulnerabilities for money. I will post the text of their proposal, if the administration does not mind:

In order to improve the security of the program code, we announce the beginning of bug-hunting.
Anyone who finds a new critical bug (vulnerability) will get 100 000
TERA.
Bug should be reported confidentially to progr76@gmail.com or telegram @progr76
TERA Foundation: https://terafoundation.org

What do you think of this?

I'm using Windows Defender as full antivirus and Malwarebytes (Free version)

So far. I've never had viruses malware on my computers. I started doing this 2016-2017.

Are paid antivirus products not worth it now?

Back then i used to use Bitdefender and it was pretty good. It had a pretty good GUI and many other protection features.

Dani 1,932

In the advanced options have you selected "install new versions automatically"?

Well now it's too late to tell, but I suspect it was turned off on the remote PC and turned on on the local PC. That would be the only thing I could think of that would cause them to have versions "out of sync" with each other.

However, I don't remember navigating the settings since I never really used TeamViewer all that much to begin with. I wonder if it's possible that it was installed unchecked by default in Windows but checked by default in macOS.

In the advanced options have you selected "install new versions automatically"?

I'm using the free version so that means little support other than the forum. The only real problem I've had is with the VPN. My two sons (one here, one in Cambridge, UK) like to game occasionally and this requires a VPN. Local son has a laptop (old) and a desktop (new) and would rather play on the desktop but for some reason we can't get the two systems to talk through the teamViewer VPN. It does work, however, on his laptop. I'm thinking that when UK son gets home this Christmas I'll make sure that each of them is behind a separate router (I have my spare one from the lake) and see if I can figure out the problem.

Dani 1,932

I recently got burned by this as well.

It sounds like a major flaw considering that the product is specificially designed to be a remote access tool.

I think the term "hacker/hack" has been watered down to the point where it has returned to its original meaning. It was originally what you stated, then it became associated with the black-hats. Now it is so over used it has lost its negative connotation. Life hack? Seriously? What's wrong with the words "advice" or "tip"?

I recently got burned by this as well. Unlike you, the remote computer was only four houses down the road (father-in-law). I agree. It's a serious flaw. I do have another system I occasionally remote into (Cambridge, UK) but at least that one is not unattended and can be upgraded by the person at the other end as needed.

Dani 1,932 The Queen of DaniWeb

Living in California, I periodically need to log into my computer that's back in my home in New York. Not that often, typically just a couple times a year.

But today, when attempting to connect, I got an error message saying, "The remote TeamViewer is running an old version which is out of date. Therefore, you cannot connect ot this Version anymore."

Soooo, firstly, why is TeamViewer not backwards compatible?! Secondly, I haven't updated TeamViewer on my local computer either anytime recently, so both local and remote computers should be running versions of TeamViewer that were released roughly at the same time. Thirdly, why does TeamViewer not provide a way to remotely upgrade?!

#Frustrated.

Dani 1,932

I certainly don't associate the word hacker with anything illegal or nefarious. To me, a hacker is someone who doesn't just follow the manual but is an out-of-the-box thinker who is capable of using things (could be technologies, products, etc.) in non-traditional, creative ways to his or her benefit. In the realm of computer hacking, it's simply being creative to get into functionality not designed to be easily accessible, or designed to be accessible at all, to the end-user. You can hack your registry, for heaven's sake. MacGyver was a hacker. There's even a TV show called Hack My Life which is a how-to series about various life hacks. My mom watches the show, which airs on the same network as Impractical Jokers and COPS, meaning their target audience are non-technical baby boomers. If that doesn't mean the word has made it mainstream, I don't know what does.

I second pty on this. I'm describing it exactly the same way !

Hacker may refer to someone with technical skills. It has ability to gain unauthorized access to systems in order to commit crimes.

rproffitt commented: If I have technical skills, I would be suspected of committing crimes. What a way to look at things today. Then again scientists. -3

A programmer is a person who uses PC, organizing or different abilities to defeat a specialized issue. The term programmer may allude to anybody with specialized aptitudes, yet it regularly alludes to an individual who uses their capacities to increase unapproved access to frameworks or systems so as to carry out violations.

Reverend Jim commented: This is wrong on so many levels. -3

Interesting read.

Thanks for Sharing.!