Tuesday, November 14, 2017
The New York Times has a long and detailed story of the breakdown of the work of the “Shadow Breakers” at the NSA, and how the tools of the group were taken and used to develop ransomware to target some consumers, especially less secure companies and hospitals last spring.
The booklet-length article by Scott Shane, Nicole Perlroth, and David E. Sanger appears here.
You wonder how safe any computer or website or company will be against an enemy that is determined and combative enough, to infiltrate the NSA through employees or contractors.
And EFF has made so much of the surveillance issue over the years.
Monday, November 13, 2017
Ramsay Taplin, Australia’s “Blog Tyrant” has come up with a detailed post on how Bloggers can convert their sites to https, link.
It’s important to remember that this applies only to specific domains, not to subsites of Blogger or Wordpress.
I wrote a detailed comment. Since the comment period is time-sensitive, I’ll reproduce my own comment here:
“How important is https for a page that does NOT require user logon or collect user info? That does NOT process funds, PII, etc.
I have four domains on BlueHost, which as of now will set up one as SSL (with an enhanced SiteLock passage). I did pick one of the addons (because it is possible to do transactions on it although i do them rarely in practice). In my case that is doaskdotellnotes.com (not the site I have shared most often). I am expecting BlueHost will change things so that all four can be https. Also, Google’s free Blogger will make all free domains https but does not with those that have their own domain names. That is because SSL is by main domain name (e.g. blogger.com int he case of Google). That also seems true of Automattic (example) https://jboushka.wordpress.com/ (there’s not much there — that’s a copy of some old stuff). It wo uld be helpful to know if Google, WordPress, BlueHost etc will do anything soon to make this “easier”.
You can navigate to my Blogger Profile. “Movie Reviews” “Book Reviews” and “Bill Boushka” all resolve to specific domain names and right now do not have https. The other thirteen are Blogger subdomains. They can be viewed with or without https. Some embedded videos from some news sources do not yet work when viewed in https.
Ramsay’s directions are very long and complicated, and I would wonder how many bloggers have the time to do this. The blogging business paradigm that he advocates generally works with niche blogs aimed at very specific audiences, and often go along with small businesses that actually would use email lists. This might be very hard for a lot of small businesses to do.
I suspect BlueHost and other providers will make this simpler in the future. Business persons should also consider hacker security protection like SiteLock.
Electronic Frontier Foundation has long urged all websites to go to https, even those that don’t require logon or do transactions or collect PII.I’ll come back to this in more detail in the near future (I don’t know how near) on my Wordpress news blog.
Saturday, November 11, 2017
Recently local television stations warned consumers about the dangers to home security posed indirectly by apps that encourage you to photograph your house keys so that duplicates can be made. Thieves have done this to go ahead and commit burglaries.
Wired has a typical story by Andy Greenberg from 2014, here. Some of the apps include KeyMe, KeysDuplicated and KeySave.
The reports don't way whether these apps would work with higher security locks like Medeco,
Thursday, November 09, 2017
School districts have come under attack from hackers, including ISIS-related, in a few different ways. They seem vulnerable because of particular service providers and particular platforms that they use.
Here’s a report from northern New Jersey.
There were also disturbing attacks, some of them threatening, in Iowa and in the Flathead area of Montana (Post story).
I didn’t encounter any of this when working as a substitute teacher in northern Virginia 2004-2007, but times have changed.
Tuesday, November 07, 2017
ABC News is reporting an epidemic of fake apps, particularly on Android smartphones, that can steal passwords to social media and bank accounts, even when the phones are not in use.
The ABC News story is here. WJLA has been carrying the story locally in the DC area, with a demonstration where several volunteers get hacked.
I do very little in the way of transactions on my own phones.
Tuesday, October 31, 2017
Here’s just a small report, on a rather transparent phishing attack.
It purports to come from “Support iCloud” and says that your Apple ID has been blocked. But it’s easy to tell it didn’t come from Apple.
Curiously, I signed onto iCloud in the normal way on my Windows 10 and the site asked some extra security questions.
There had been a week where I didn’t update the iPhoto cloud because I have new WiFi (from Cox) in the condo and I hadn’t connected the smartphone to it yet.
Tuesday, October 17, 2017
Rapid7 has reported a serious security flaw in wi-fi routers in homes and businesses that would appear when external enemies are in close proximity, such as in adjacent apartments, hotels, or public wi-fi connections.
Users should apply forthcoming Windows and Max fixes and firmware from router companies as soon as possible, Firmware usually gets updated be restarting a router once a week.