Wednesday, November 29, 2017

MacOS High Sierra Root Exploit

Turkish software developer Lemi Orhan Ergin has discovered a very serious flaw in the latest macOS, High Sierra that allows anyone with local (and/or possibly, remote) access to the machine to log in as the “root” user without supplying a password. Until Apple patches this flaw you must change the root account’s password NOW. Open up a Terminal (in the Spotlight search box just type “terminal”) and type “sudo passwd root”.

Note that disabling the root account does not fix the problem because the exploit actually causes the account to be re-enabled.

Posted by Matthew Carrick at 10:30.20 AM EST | Permanent Link

| Categories: All Things Mac, Best Practices, Security Alerts

Sunday, July 23, 2017

GhostCtrl Malware Targets Android Users

According to SC Media, quoting Trend Micro, GhostCtrl Malware Targets can "steal an "extensive" range of information including data related to call logs, SMS records, contacts, phone numbers, SIM serial numbers, usernames, locations, Android OS versions, Wi-Fi and Bluetooth, cameras, browsers, searches, service processes, activity information, and more.

Before you download any Android Apps make sure you check the Permissions, If the list of permissions is far to broad or intrusive you should probably think twice before installing it. Checking the ratings is also a fine idea. If too many folks have had problems with the App perhaps you should avoid the potential harm to you device.

Posted by Matthew Carrick at 10:18.47 AM EDT | Permanent Link
Edited on: Sunday, July 23, 2017 10:54.06 AM EDT

| Categories: Android, Malware

Thursday, September 15, 2016

Windows 7 or Windows 10?

Are you still using Windows 7 or did the oddly confusing upgrade console trick you into installing Windows 10?

Perhaps you willingly upgraded from Windows 7? Are you happy with your choice?

Let us know in the comments.

Posted by Matthew Carrick at 10:48.41 AM EDT | Permanent Link

| Categories: Query

Saturday, April 12, 2014

Heartbleed woes

The Heartbleed programming bug has been (mostly) patched as of 07 April 2014. Now that the server end of the problem has been fixed it is up to you (the client) to examine the possibility that a number of sites may have exposed your passwords to evil doers.

A reasonably comprehensive list compiled by Mashable may be found here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. Check the list and change your passwords if required.

You may also want to take the time to change those passwords that you a) have not changed for over six months b) are duplicates of other sites since it is a very bad idea to use the same password on different sites c) are very weak (password1234 . . . hahahahahaha) or d) is composed of words or phrases found in dictionaries or books.

Posted by Matthew Carrick at 12:42.29 PM EDT | Permanent Link
Edited on: Saturday, April 12, 2014 1:16.37 PM EDT
Comment by Doug - Sunday 18th January 2015 03:43:44 PM

Hello Sir,

Did you get my email from yesterday?

Thanks

| Categories: Best Practices, Open Source, Privacy Issues, Security Alerts

Tuesday, March 04, 2014

Cellophane tape is your friend

When not using your webcam unplug it from your computer. You can also slap a small square of cellophane tape over the camera lense on your laptop. Use a physical cover to mask your smartphones camera lense.

Having the GCHQ spy on you is one thing, but ewwww.

Monday, January 27, 2014

Must have Google Chrome Extension

It appears that certain Extensions for the Google Chrome browser have been bought by evil type hoodlams who have used the trusted Extension to foist adware, malware and tracking codes. on users.

This is a bad thing.

Using Google Chrome, go to the Chrome Web Store and install the (free) Extension Shield for Chrome.

This will offer a measure of protection for Chrome until the issue is addressed in a future version.

Posted by Matthew Carrick at 12:20.19 PM EST | Permanent Link

| Categories: Adware/Spyware, Google Chrome, Malware