Main

Wednesday, November 29, 2017

MacOS High Sierra Root Exploit

Turkish software developer Lemi Orhan Ergin has discovered a very serious flaw in the latest macOS, High Sierra that allows anyone with local (and/or possibly, remote) access to the machine to log in as the “root” user without supplying a password. Until Apple patches this flaw you must change the root account’s password NOW. Open up a Terminal (in the Spotlight search box just type “terminal”) and type “sudo passwd root”.

Note that disabling the root account does not fix the problem because the exploit actually causes the account to be re-enabled.

Posted by Matthew Carrick at 10:30.20 AM EST | Permanent Link
| Categories: All Things Mac, Best Practices, Security Alerts

Sunday, July 23, 2017

GhostCtrl Malware Targets Android Users

According to SC Media, quoting Trend Micro, GhostCtrl Malware Targets can "steal an "extensive" range of information including data related to call logs, SMS records, contacts, phone numbers, SIM serial numbers, usernames, locations, Android OS versions, Wi-Fi and Bluetooth, cameras, browsers, searches, service processes, activity information, and more.

Before you download any Android Apps make sure you check the Permissions, If the list of permissions is far to broad or intrusive you should probably think twice before installing it. Checking the ratings is also a fine idea. If too many folks have had problems with the App perhaps you should avoid the potential harm to you device.

Posted by Matthew Carrick at 10:18.47 AM EDT | Permanent Link
Edited on: Sunday, July 23, 2017 10:54.06 AM EDT
| Categories: Android, Malware

Thursday, September 15, 2016

Windows 7 or Windows 10?

Are you still using Windows 7 or did the oddly confusing upgrade console trick you into installing Windows 10?

Perhaps you willingly upgraded from Windows 7? Are you happy with your choice?

Let us know in the comments.

Posted by Matthew Carrick at 10:48.41 AM EDT | Permanent Link
| Categories: Query

Saturday, April 12, 2014

Heartbleed woes

The Heartbleed programming bug has been (mostly) patched as of 07 April 2014. Now that the server end of the problem has been fixed it is up to you (the client) to examine the possibility that a number of sites may have exposed your passwords to evil doers.

A reasonably comprehensive list compiled by Mashable may be found here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. Check the list and change your passwords if required.

You may also want to take the time to change those passwords that you a) have not changed for over six months b) are duplicates of other sites since it is a very bad idea to use the same password on different sites c) are very weak (password1234 . . . hahahahahaha) or d) is composed of words or phrases found in dictionaries or books.

Posted by Matthew Carrick at 12:42.29 PM EDT | Permanent Link
Edited on: Saturday, April 12, 2014 1:16.37 PM EDT
| Categories: Best Practices, Open Source, Privacy Issues, Security Alerts

Tuesday, March 04, 2014

Cellophane tape is your friend

When not using your webcam unplug it from your computer. You can also slap a small square of cellophane tape over the camera lense on your laptop. Use a physical cover to mask your smartphones camera lense.

Having the GCHQ spy on you is one thing, but ewwww.

Monday, January 27, 2014

Must have Google Chrome Extension

It appears that certain Extensions for the Google Chrome browser have been bought by evil type hoodlams who have used the trusted Extension to foist adware, malware and tracking codes. on users.

This is a bad thing.

Using Google Chrome, go to the Chrome Web Store and install the (free) Extension Shield for Chrome.

This will offer a measure of protection for Chrome until the issue is addressed in a future version.

Posted by Matthew Carrick at 12:20.19 PM EST | Permanent Link
| Categories: Adware/Spyware, Google Chrome, Malware

Thursday, September 19, 2013

Internet Explorer Zero-day Exploit

Microsoft has released a "Fix-it" for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Thursday, September 05, 2013

Don't Believe Everything You Read

A good overview by Brian Krebs on why Java continues to be a serious security risk:

https://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/ 

Posted by Matthew Carrick at 9:29.30 AM EDT | Permanent Link
| Categories: Java, Privacy Issues, Security Alerts

Wednesday, June 26, 2013

IFTTT -> Twitter

IFTTT is wonderful idea. It stands for: IF THIS THEN THAT. So, IF I post an RSS feed THEN THAT (in this case, Twitter) will tweet the feed. Cool!

Posted by Matthew Carrick at 2:01.04 PM EDT | Permanent Link
Edited on: Wednesday, June 26, 2013 10:29.09 PM EDT
| Categories: Alternative Apps, Online Apps, Open Source

Saturday, May 11, 2013

Internet Explorer 8 Zero-day Exploit

Microsoft has released a "Fix-it" (because calling it a "patch" sounds icky?) for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Archives

Archive Index
Categories
Adobe
Adware/Spyware
All Things Mac
Alternative Apps
Android
Best Practices
Bluetooth
Cloud Computing
Concepts
Eudora Email
Firefox Extensions
Google Chrome
Hardware Innovations
Hardware Recalls
Headlines
Instant Messaging
Internet Explorer
Java
Mac Safari Browser
Malware
Mobile
Mozilla Firefox
Mozilla Thunderbird
Online Apps
Openoffice.org
Open Source
Opera
Penelope Email
Physical Security
Privacy Issues
Query
RSS Applications
Security Alerts
Software Tools
Technology
TPDBP
Viruses-Trojans-Worms