Edward Snowden Wins EPIC "Champion of Freedom" Award
- Details
- Created on Friday, 06 June 2014 12:16
Edward Snowden received a prestigious CHAMPION OF FREEDOM REWARD at EPIC. Bruce Schneier had the honor of presenting the award at the EPIC dinner... continue reading
Vodafone reveals existence of secret wires that allow state surveillance
- Details
- Created on Friday, 06 June 2014 12:05
Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.
The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.
Cryptowall Infecting Systems via Advertisements
- Details
- Created on Friday, 06 June 2014 11:36
A new and dangerous variant of the original CRYPTOLOCKER (which brought an estimated $23 million to the bad actors) is on the loose. This malicious software is infecting machines through advertisements found on major sites such as Facebook, Disney, The Guardian and many others. The software gains final entry to a system via UNPATCHED software such as Flash, Internet Explorer, Java or Silverlight. Once infected, your most commonly used documents become encrypted/useless until you pay a ransom....get the full story here.
As part of our Systems Management Program, we automatically patch 3rd party software, this being only one layer in our multiple layer approach to managing systems and network security. With Cryptowall exploiting unpatched software, this is yet another reminder of the importance of updating/patching your software and having a reliable backup solution in place.
HTTPS Why no Padlock? Mixed Content Warnings
- Details
- Created on Friday, 06 June 2014 10:25
Ever visit a website and receive a popup "ONLY SECURE CONTENT IS DISPLAYED" or a broken padlock next to the URL of the site? This occurs when visiting a site using SSL (usually defined by the HTTPS in the beginning of the URL) and not all of the content on the site/page is being delivered through SSL. Unfortunately this is common place and usually a result of negligence on the site owners end, however it has also been noted that when a users browser/system is "infected", the malicious software will inject advertisements into the websites being viewed also resulting in a MIXED CONTENT WARNING. In any case, this breaks the SSL connection between you and the website, defeating the purpose of using SSL to begin with. Should you ever receive these warnings while visiting a financial website or your email providers "webmail", DO NOT PROCEED! Most if not all banking sites will never deliver content via HTTP but strictly HTTPS. It is advised to check your system for malware. A non HTTPS connection means that everything between you and the website is being sent in the clear, including passwords/usernames, personal information, etc.
A recent article posted at Qualys Security Labs suggests this "problem" being the easiest way to break SSL.
Are you a site owner trying to fix this? The first step is to determine exactly which content is being delivered via HTTP rather than HTTPS. A very useful site for showing non https links being loaded can be found here. Simply enter your sites URL and all the links on that page will be displayed. This will narrow down exactly which link(s) are causing the problem. If you require assistance, please contact us.
We believe ALL internet websites should implement SSL. The E.F.F (Electronic Frontier Foundation) started an HTTPS campaign back in 2011. By implementing SSL (regardless if your collecting personal information on your site or not), you are helping to protect users privacy and freedom. Begin by purchasing an SSL certificate. We can assist in converting your current site over to FULL TIME SSL
Other useful tools:
- SSL Server Test Webserver SSL implementation tests.
- Verify an SSL certificate "fingerprint". Great research performed by Steve Gibson. In many corporate settings, it is common for ALL traffic to be monitored for security purpose. However in some settings such as a free wifi hotspot, your home/ISP, etc., this is malicious and dangerous. Use this tool to detect if your SSL traffic is being monitored.
Business's Requesting and Storing Your Information
- Details
- Created on Monday, 02 June 2014 08:57
It seems everywhere you go to purchase something whether online or onsite, there is a request for your personal information. While some information such as your payment details are obviously required (unless paying cash), much of the requested information is not. Many business's use this information to keep you informed of store sales etc. While it is nice to stay "informed" on any potential money savings, much of the information requested has nothing to do with keeping you informed. Data is big business, the more accurate data a business has, the more it is worth. It is surprising that most people give this information up without question, all under the guise that you will save money. Do you get a lot of junk mail? How about email spam? You can blame your willingness to provide your information without question.
Many small business's are venturing into email campaigns etc, with no intention of spamming you or "selling" your information, they simply want to better their bottom line. Many larger business's have ventured into data brokering, buying and selling your information. It is one thing to simply provide an email address, but your phone number, your physical address, your full name?
With all of the data breaches or "hacks" occurring (large company breaches), one must question small business's. Many small business's do not have a dedicated IT team or professional, but instead a DIY (do it yourself type) which opens the door for all kinds of problems. Of course many small business's do not have a budget to dedicate towards their IT infrastructure, they have gone this long, why start. One example of a small local business we dealt with fell victim to a "virus" which gave the perpetuator unfettered access to confidential customer information. This small business has been in business for many years with a lot of confidential customer information
Is TRUECRYPT Really Dead?
- Details
- Created on Wednesday, 28 May 2014 23:40
The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website www.truecrypt.org has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt.
Worth noting:
- A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
- With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
- The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
- The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
- A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.
At this time, it is advised not to download or use the latest version found at truecrypt.org. It is also advised not yet to migrate away from any existing instance you may be running. Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.
More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow
More Articles...
- Apple iPhone iPad iPod Ransomware - Device Locked Messsage?
- Continue to get updates for Windows XP?
- WordPress Vulnerability Contributes to DDOS Attacks
- Are Text Messages Deleted Forever?
- Stolen Coca-Cola laptops contained personal data
- To Protect and Infect - Jacob Appelbaum Discussion
- NSA Spyware Gives Backdoor Access to iPhones 100% Success Rate
- The NSA hacking unit - TAO. Intercept laptops to install malware, monitor "do you want to send to microsoft" logs....
- Snowden's OPEN LETTER and Privacy Concerns
- Public WiFi Hotspots - The Risks
- WordPress - Why it is important to update/patch on a regular basis
- Law Enforcement using Malware to SPY via Webcam
- 90,000 Patients Data Compromised
- Are SMART TV's Watching You?
- Police Agency hit with CRYPTOLOCKER virus
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Citrix Releases Security Updates for Hypervisor
Citrix Releases Security Updates for Hypervisor
Original release date: June 24, 2022Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review Citrix Security[…]
Created on: Jun 24, 2022 | 07:49 am
Jun 24, 2022 | 07:49 am -
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Original release date: June 23, 2022 CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to[…]
Created on: Jun 23, 2022 | 11:00 am
Jun 23, 2022 | 11:00 am -
CISA Releases Cloud Security Technical Reference Architecture
CISA Releases Cloud Security Technical Reference Architecture
Original release date: June 23, 2022CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal[…]
Created on: Jun 23, 2022 | 06:00 am
Jun 23, 2022 | 06:00 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: June 22, 2022Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome[…]
Created on: Jun 22, 2022 | 08:00 am
Jun 22, 2022 | 08:00 am -
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
Original release date: June 22, 2022 | Last revised: June 23, 2022CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into[…]
Created on: Jun 22, 2022 | 07:00 am
Jun 22, 2022 | 07:00 am -
Keeping PowerShell: Measures to Use and Embrace
Keeping PowerShell: Measures to Use and Embrace
Original release date: June 22, 2022Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed[…]
Created on: Jun 22, 2022 | 06:00 am
Jun 22, 2022 | 06:00 am -
CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
Original release date: June 16, 2022CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including[…]
Created on: Jun 16, 2022 | 09:00 am
Jun 16, 2022 | 09:00 am -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: June 16, 2022Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the[…]
Created on: Jun 16, 2022 | 08:00 am
Jun 16, 2022 | 08:00 am -
Adobe Releases Security Updates for Multiple Products
Adobe Releases Security Updates for Multiple Products
Original release date: June 14, 2022Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe[…]
Created on: Jun 14, 2022 | 17:41 pm
Jun 14, 2022 | 17:41 pm -
SAP Releases June 2022 Security Updates
SAP Releases June 2022 Security Updates
Original release date: June 14, 2022SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review SAP Security Patch[…]
Created on: Jun 14, 2022 | 16:19 pm
Jun 14, 2022 | 16:19 pm
Posted Articles
-
Former Facebook exec says social media is ripping apart society
-
Great read on Security Annoyance
-
Imperfect Forward Secrecy
-
True Crypt
-
Latest variants of "ransomware"
-
Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
-
Thunderstrike Mac Attack Achieves Persistence
-
Microsoft OneDrive - Encryption Keys Uploaded?
-
We Should All Jump to the ‘Erasable Internet’
-
The Best Thing We Can Do About the Sony Attack Calm Down
-
Attackers Can Read Your Private SMS and Listen to Phone Calls
-
Critical Flaw Hits Millions of Home Routers
-
Chrome devs hatch plan to mark all HTTP traffic insecure
-
Quantum Encryption Makes Credit Cards Fraud-Proof
-
We believe ALL internet websites should implement SSL
-
Reset the NET, start with DELETING YOUR FACEBOOK
-
Edward Snowden Wins EPIC "Champion of Freedom" Award
-
Vodafone reveals existence of secret wires that allow state surveillance
-
Cryptowall Infecting Systems via Advertisements
-
HTTPS Why no Padlock? Mixed Content Warnings
-
Is TRUECRYPT Really Dead?
-
Apple iPhone iPad iPod Ransomware - Device Locked Messsage?
-
Continue to get updates for Windows XP?
-
WordPress Vulnerability Contributes to DDOS Attacks
-
Stolen Coca-Cola laptops contained personal data
-
To Protect and Infect - Jacob Appelbaum Discussion
-
NSA Spyware Gives Backdoor Access to iPhones 100% Success Rate
-
The NSA hacking unit - TAO. Intercept laptops to install malware, monitor "do you want to send to microsoft" logs....
-
Snowden's OPEN LETTER and Privacy Concerns
-
Public WiFi Hotspots - The Risks
-
WordPress - Why it is important to update/patch on a regular basis
-
Law Enforcement using Malware to SPY via Webcam
-
90,000 Patients Data Compromised
-
Are SMART TV's Watching You?
-
Police Agency hit with CRYPTOLOCKER virus
-
NSA Infected 50000 Systems with MALWARE
-
Google: We're bombarded by gov't requests on user data
-
New Internet Bug Bounty holds companies accountable, protects hackers
-
NSA Monitors Google, Yahoo, Microsoft's Data Centers
-
Mac OS X Mavericks REVIEW
-
Experian Sold Consumer Credit Information to ID Theft Service
-
Apple is misleading people on iMessage security
-
Microsoft Remote Desktop for Tablets RELEASED
-
CryptoLocker Ransomware
-
Adobe Servers Breached - 3 million users data stolen, source code stolen
-
Private email service fights court order demanding SSL keys then shutsdown.
-
Your "Social" connections are gathered and put together by NSA
-
We thought TOR became more popular..
-
Can We Trust IPSEC?
-
NSA and Encryption
-
Feds Are Suspects in New Malware That Attacks Tor Anonymity
-
StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance
-
Government requests for private SSL keys
-
ACLU warns of mass tracking through license plate scanners
-
Microsoft and NSA. Encryption provided by Microsoft useless.
-
Encryption, Capitalism, and the Law
-
U.S. Emergency Alert System open to false messages
-
Attack on South Korean targets part of a larger cyber-espionage campaign
-
Top Five IT Security Cyber Threats
-
Malware Infections Are Usually From "Legitimate" Websites
-
Fake Job Postings Displayed on Infected Computers
-
Car theives found using handheld fobs to hack automatic car locks
-
90% of passwords can be cracked in seconds
-
Report: U.S. Power Utilities Infected by Malware from USB Drives
-
Most advanced espionage platforms ever discovered
-
The pitfalls of advertising such ridiculous beliefs
-
Free Antivirus v. Commercial Antivirus
-
Hacking-as-a-service offers access to business systems via Remote Desktop (RDP)
-
‘It won’t happen to us’ is SMB’s attitude toward security
-
Creating strong passwords is easier than you think
-
One million Facebook users' names and email addresses: $5
-
Unprotected backdoor into industrial control systems
-
Government official advises users to use a false name online
-
Researchers Find Android Apps Leaking Personal Data
-
Sony faces setback as hackers release PlayStation 3 decryption keys
-
US considers preemptive action to prevent 'Cyber Pearl Harbor'
-
Barnes & Noble admits PIN pads were tampered with
-
Major ISPs rolling out Copyright Alert System
-
HSBC is Latest Target in Cyber Attack Spree
-
US Bank hit with DDOS
-
Most data breaches come from within
-
What is an SSL certificate? Why do I need one?
-
Godaddy Outage - Corrupt Router Tables
-
Indivudual sold access to hijacked PCs
-
Government to warn business about the cyber threat
-
BitTorrent Users Monitored
-
Researchers find critical vulnerability in Java 7 patch hours after release The new vulnerability allows a complete Java Virtual Machine sandbox escape in Java 7 Update 7, researchers from Security Explorations say
-
Another case of Apple knows best..
-
Wolfram Alpha Facebook Tool Reveals How Many Of Your Friends Are Single (And More News You Can Use)
-
Investigating FinSpy: when surveillance spyware gets in the wrong hands
-
Java Zero Day Flaw Under Attack
-
Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
-
Shamoon malware cripples Windows PCs to cover tracks
-
At least 83 million accounts on Facebook are fakes...do you blame anyone?
-
Apple upgrade provides anti-virus protection
-
Verizon no longer allowed to block tethering apps
-
Dropbox confirms it was hacked, offers users help
-
80 Percent of Facebook Ad Clicks Came From Bots, Firm Says
-
All your speech belongs to Apple
-
Skype makes chats and user data more available to police
-
Attention Office 2003/2007/2010 Users
-
Pentagon to monitor news media for national security leaks
-
Social Network Password Mining
-
Facebook Spam Campaign Infects Users
-
99% of attacks can be stopped by PATCHING
-
Judge orders Twitter to hand over user data
-
Dotcom search warrants ruled illegal
-
Mobile Device Malware Detection
-
Sonic.net Privay Matters to this ISP in Northern California
-
Personal data broker SPOKEO gets fined for selling your data.
-
Android Malware | Another Case of Spyware on your Phone!
-
The Importance of complex passwords.. LinkedIn Passwords already cracked.
-
6.5 million LinkedIn passwords reportedly leaked online
-
Will Facebook be around in 10 years?
-
Latest STATE Sponsored Malware "FLAME" Bigger than Stuxnet? US Cyberwarfare!
-
US Sponsored Cyberwarfare...Governement admits it was behind STUXNET
-
How to jailbreak using Absinthe 2.0 on iOS 5.1.1 devices
-
What does Siri know about you?
-
Google plugs 13 security holes -3rd party updates
-
The FBI’s New Unit Can Spy on Skype and Wireless Communications
-
Windows 8 to Let Parents Get Weekly Reports About Kids' Activity
-
Is Facebook a FAD?
-
Serious vulnerability found in older versions of Photoshop/Flash/Illustrator
-
Twitter hack breaches thousands of accounts
-
Using Filevault?? Password in plain text...
-
FBI asking for even easier ways to monitor internet users
-
Adobe ships emergency fix for critical Flash Player exploit
-
Over 300,000 Systems May Lose Internet Access in July
-
US Government takedown of MEGAUPLOAD not legal?
-
Windows XP will die in 2014
-
Over 181,000 patient records and 25,000 SSNs stolen
-
600,000 Macs Infected??
-
Java - Most Popular Attack Vector for Windows and Mac
-
Cracking iPhone and Android Security Codes (Pins)....in seconds!
-
Infected Word files spreading malware on MACS
-
Exploiting Remote Desktop Code Leaked...Are you using RDP?
-
Get Ready to Add a “Y” at The End of The Internet Service Provider Acronym (ISPY)
-
Experts sound worm alarm for critical Windows bug
-
Obama administration invoking privacy concerns to block FOIA requests
-
Group retaliates against Panda Security for comments about arrests
-
Do away with Antivirus?
-
The Global Intelligence Files
-
Revealed: US plans to charge Assange
-
"Password1" - most common password...why passwords matter?
-
FBI: Cyber attacks may soon be top threat to USA
-
Updated Firefox browser extension detects fraudulent SSL certificates
-
Prison website breached, Infraguard website breached.
-
Porn Website Data Breach Exposes Usernames, Emails
-
Symantec's pcAnywhere Woes May Be Worse Than We Thought
-
Iran developing Cyber Army
-
Social Media Users: Infection Inevitable
-
Food and beverage industry has unsavory history of data breaches
-
Another Mac Virus - Flashback trojan variant
-
"Anonymous" Takes Down CIA Web Site
-
Got remote access? Lock it down
-
Ransom talks with Symantec (pcAnywhere code) conducted by law enforcement fail, code posted.
-
Law firm that defended Marine still smarting from Anonymous attack
-
Apple iMessage bug allows others to spy on your conversations
-
FBI wants massive data-mining capability for social media
-
Symantec: Source code stolen, users should disable pcAnywhere
-
Pacific Northwest train signals disrupted by hacker, says TSA
-
FBI issues a new warning about the Zeus variant called Gameover
-
Zeus Bot blamed for theft of Salem County funds
-
People not aware their participating in DDOS attacks
-
Security warning for online traders
-
Popular file-sharing website Megaupload shut down
-
Small firms must heed online security, too
-
UAE Central Bank hit by hackers
-
Microsoft to distribute botnet intelligence to governments, industry
-
Wikipedia taking site offline in PIPA and SOPA protest
-
Israeli, Saudi Hacker Battle Escalates
-
New slow-motion DoS attack
-
Pastebin shut down twice in a week by DDoS attacks
-
Ramnit worm switches focus from financial to Facebook, steals 45K logins
-
Wikileaks Spy Files Target Forensic Companies
-
Most users have not installed security software on their smartphones, survey finds
-
Japan’s cyber defense weapon: a virus
-
US-CERT warns about security flaw affecting millions of wireless routers
-
More Stratfor Data Released
-
Stratfor Says Hackers Only Nabbed Credit Card Information
-
New Tools Bypass Wireless Router Security
-
Hackers to exploit vulnerable infrastructure in 2012, McAfee warns
-
Personal information on 90 million Chinese online subscribers hacked
-
No rogue certificates were issued by Comodohacker, says GlobalSign
-
A Dispute Over Who Owns a Twitter Account Goes to Court
-
Reasons to Migrate Off Windows XP
-
The Carrier IQ Saga
-
Use of the Black Hole exploit kit and Java exploits is growing
-
Microsoft software bug linked to "Duqu" virus
-
Products of Facebook
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |