I've been getting a phish from "American Express" sent through SendGrid about once a week for the last month. I've reported them all to [email protected] and [email protected] but nobody appears motivated to stop them.
57 posts • joined 2 Aug 2018
To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it
Real-time tragedy: Dumb deletion leaves librarian red-faced and fails to nix teenage kicks on the school network
It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
Wake me up before you go Go: Devs say they'll learn Google-backed lang next. Plus: Perl pays best, Java still in demand
Re: one would think
Microsoft already owns the Lindows trademark.
In 2001 the founder of mp3.com released a Linux distribution names Lindows OS.
Microsoft sued them in 2002 and in a 2004 settlement MS gave them $20 Million, they transferred the Lindows trademark to Microsoft, and changed their name to Linspire.
Step away from that Windows 7 machine, order UK cyber-cops: It's not safe for managing your cash digitally
Re: Upgrade from Windows 7
Unless you surf to such malicious sites as the BBC, The New York Times Online, The London Stock Exchange, Spotify and The Atlantic. All of which have in the past served up malware in the ads they display to their viewers. Just because it's a reputable company doesn't mean that crooks haven't found a way to inject malware into their site.
H0LiCOW: Cosmoboffins still have no idea why universe seems to be expanding more rapidly than expected
Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc
As much as I would like that, I doubt it, as a prerequisite of these attacks is for the attacker to already have their code running on the victims computer. In the case of consumer devices it's already game-over at that point. The only place these attacks are really a concern is situations such as cloud computing where you share the hardware with untrusted third parties, or perhaps DRM where the untrusted party is the owner of the hardware.
Latitude 9510 lappy has a speakerphone so you can tell the conference call all about your 30-hour battery
There are several things that may limit a system to 2TB. MBR formatting has a 2TB limit and certain SCSI commands have a 2TB limit. So if the system doesn't support UEFI booting to a GPT partition with a 64bit OS or it doesn't support LBA64 then it might have this limit. Or they might not want to list all the caveats or deal with the increased support load and its simpler and cheaper to just say they don't support it.
Managing the Linux kernel at AWS: 'A large team of security experts' dealing with fallout from Spectre, Meltdown flaws
Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much
Re: not going to work
It's known as MITM or MiddleBox TLS interception/inspection. Doing it without raising a warning/error on the client requires that either you get your own certificate installed as a root CA on the client, or you are able to obtain, via theft or coercion, a signing key from one of the several hundred CAs your browser already trusts.
One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark
The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network
Re: "Naturally, all user data is wiped with this option"
But windows explorer still doesn't know how to properly deal with the folder mounted partitions. If you have a 1GB D: and have a 1TB partition mounted on D:\Data\, using explorer to try to copy a > 1GB file from elsewhere to D:\Data\ fails with a insufficient disk space error.
This summer's hottest sequels: BlueKeep II, III, IV and V – the latest wormable RDP holes in Microsoft Windows
Re: Even to this day...
RE: ghost systems
A few months back we had an AWS instance that experienced some hardware failure, was given the commands to shut down, and then restarted so aws brought it up on different hardware. But the old zombie instance kept running for a couple weeks with us having no way to access it, but it continued to send notices and warnings that took a while to track down as there was no trace of them on the supposed source machine.
Re: Not just IoShit
I discovered the same problem in an open-source intrusion detection system distribution a year or two back as well. Every installation from the ISO they provided would include the same SSH private key. I notified the author and in less then a day they had a new ISO posted with a modified installer that generated a new key during installation.
Google's reCAPTCHA favors – you guessed it – Google: Duh, only a bot would refuse to sign into the Chocolate Factory
If Uncle Sam could quit using insecure .zip files to swap info across the 'net, that would be great, says Silicon Ron Wyden
Re: Sensitive documents - with NIST?
NIST stands for National Institute of Standards and Technology and they develop Federal Information Processing Standards that all federal agencies must follow. Among others, their Special Publication (SP) 800 series present information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. SP 800 publications are developed to address and support the security and privacy needs of U.S. Federal Government information and information systems.
32 bit VMs
One thing I used 32 bit linux for was lightweight single purpose VMs, if you are using < 4GB RAM then a 32 bit system uses a lot less resources. A number of years ago I ran some tests, I configured 2 identical bare bones Ubuntu server VMs running Apache, one 32 bit and one 64 bit. The 32bit system used 170MB RAM while the 64bit system used 270MB. So in this case the 64bit system used over 50% more ram just to accomplish the same job and I could run quite a few more 32bit VMs on the same host.
Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry
Re: XP What? Where?
I believe the TeamViewer host maintains an outgoing connection to the TeamViewer servers to facilitate connections from behind a NAT router. So, unless there are additional considerations, you should be able to use a strict firewall that denies all connections coming from the internet and just allow connections initiated by the XP machine.
Apparently Americans are not part of "it's open for anyone to use"
Tried to access it from the US and got
The request could not be satisfied.
The Amazon CloudFront distribution is configured to block access from your country.
Generated by cloudfront (CloudFront)
Request ID: VHAppfdRXhGS1TMFQ4-fnV21guIgWpEAhd8mfgddxw==
Re: Unpaid advertisement
No, on the upsell, for tax filings at least. They do make you create an account on their main site where they make their money by offering you various credit cards and other such offers you may qualify for. They handle a large number of additional forms. The only problem I ran into with them was they wouldn't let me directly apply my refund to my 2019 estimated taxes (I'm self-employed, so have to pay quarterly). So I used CreditKarma to fill out all my tax forms, then exported them to pdf, then went to www.freefilefillableforms.com and copied the numbers into the forms on that site and electronically filed them from there. CreditKarma also does free state filing as well, but since I didn't file through them I just copied the numbers from their forms into my state's web filing portal.
Q&A: Crypto-guru Bruce Schneier on teaching tech to lawmakers, plus privacy failures – and a call to techies to act
WannaCry-hero Hutchins' trial date set, Microsoft readies Google's Spectre V2 fix for Windows 10, Coinhive axed, and more
Re: Not correct
Quoting the Oracle announcement : "Once a Java SE version reaches “End of Public Updates”, any further updates will be available only to Customers and accessible through My Oracle Support and via corporate auto update where applicable" ... "Oracle will continue to provide Public Updates and auto updates of Java SE 8, until at least the end of December 2020 for Personal Users, and January 2019 for Commercial Users." ... "Java SE 8 Commercial User End of Public Updates - January 2019"
compared to the article's "Amazon will distribute security updates to Corretto 8 at no cost until at least June, 2023"