Friday, March 29, 2019

Home routers, for your network and for perimeter security, can be hacked; firmware is supposed to be updated regularly

Can home security systems be hacked?

Kim Zetter had looked in detail at the problem in 2014 in a Wired article.

One danger would be the possibility of generating false alarms, as well as intercepting an inadequately encrypted signal.  Another would simply be hacking the router controlling the system and interfering with the signaling.  Another is simply cutting a cable outside a house; a cellular wireless signal is much safer.  

Similar problems has been reported with routers that control cable television and Internet access, but those are often separate devices, connected to a home computer network.  A security router may be a separate device.
All of these devices have operating systems that can be programmed, usually with some sort of Unix or Linux-like kernel. 
Security experts have advised turning off and restarting routers and modems once a month, to make sure that firmware security updates get done (on restart); however most cable providers send scheduled firmware updates at scheduled times late at night.  There were cases of Russian hacks of home network routers in 2018.  But typically security devices are never supposed to be turned off, and are kept always on by high capacity batteries.

Saturday, March 09, 2019

Why "ji32k7au4a83" is a bad password

Here’s another password tip.  Beware of character strings that appear random in English or European languages but that make sense as a code for Asian languages, like Chinese. 
The Verge has a story about “ji32k7au4a83“ which translates to “my password”.

Note that there are thirteen dialects of Chinese which don’t communicate well with one another (China won’t admit this). 

Thursday, March 07, 2019

Google Chrome zero-day vulnerability patch update recommended now

Users are advised to update Google Chrome today to fix a zero-day vulnerability reported recently.

To update, look to see if the more (three vertical dots) button on the upper right has a rainbow color.

Of your computer is properly configured it should have updated automatically.

The security flaw could allow a hacker to read non-public files (like passwords stored) from your computer memory.

Monday, March 04, 2019

Some severe Wordpress plugin vulnerabilities have been fixed

Fremius has patched a “severe vulnerability” in a library used by developers for many Wordpress plugins, especially related to monetization and analytics.  This issue could have become more significant in a world with so much social and political polarization. I presume that WP 5.1 has the necessary code included.

WPTavern explains the patch here.

There is a further explanation from a Plugin security outfit, that believes hackers have already been placing vulnerabilities on sites using these plugins.  Persumably these would be detected by the Sitelock monthly application scan.

By the way, here is a critique, that seems constructive, of Sitelock. The service will charge extra fees to fix pages on which malware is found.

Picture: Daytrip to Barrett mountain (and Page Valley behind it) in Maryland, maybe the last snow of the year (no relation to article).