Sometimes, the best tech problems aren't the super-specific, why-is-this-doing-that-thing-and-now-smoking-help kinds of questions. Recently, a reader sent in a fairly generic question that's applicable to everyone, because it concerns our favourite topic: passwords.
Tagged With security
Programmer Brannon Dorsey wrote up a fascinating and fairly technical piece about the perils of DNS rebinding the other day. It's worth a read if you have even the slightest interest in how web browsers work to prevent one site — a scammy site, let's say — from sending a request to another site — your bank — and draining your accounts or manipulating your credentials (without the site's explicit permission).
Almost every service you use on the web that involves a username and password is in some ways collecting information about you. In some cases, that info might just be your email and a few identifying data points like your age or gender. In others, (*cough* Facebook) you're handing over information about your likes and dislikes, who your friends are, and even where you go during the day.
You might know what a virtual private network (VPN) is, but the odds of you actually using one are low. You really should be using a VPN -- ultimately, you may end up seeing it as just as vital as your internet connection. We'll tell you why, explain how to choose a VPN provider and list five that are worth considering.
We often forget that routers are very complex machines that run software designed to manage a massive array of functions - software that can carry vulnerabilities. Throw in the fact many people don't know how to secure their network or router and you have a ticking time-bomb that bad guys are waiting to detonate. What can you do defuse this potentially explosive situation?
Last week, we reported on an attack, that's been attributed to Russian malware distributors, that attacks a number of home routers and can be potentially used in large attacks or to steal data from you. Law enforcement has taken down the botnet that used the hack, called VPNFilter, but the risk isn't completely gone.
Most of the security narrative of the last decade has been based around a single theme - the "threat of the day". A new vulnerability is discovered or a new attack is launched and combatting that becomes the focus in the media and, therefore, in boardrooms and the c-suite. How do we get away from that? I spoke to Symantec's CTO, Hugh Thompson about that a CeBIT Sydney recently.
Even though Australian companies don't have to comply with the General Data Protection Regulation (GDPR) when it comes into effect on Friday, that doesn't make it irrelevant. But compliance with the GDPR, our own National Data Breach (NBD) notification laws and updated privacy laws being introduced in New Zealand is not enough to ensure your systems and users are safe in today's threat landscape.
If you've been using PGP — short for Pretty Good Privacy — to send and receive encrypted emails, it might be time to switch to a different service to maintain the privacy of your communications. A brand-new vulnerability, hilariously called EFAIL, can reveal the contents of your emails (even older emails, in certain cases) in plaintext. Goodbye, secrecy.
Cisco has released a bunch of security advisories with three of them rated at the company's highest level of criticality. Those three vulnerabilities, relating to Cisco Digital Network Architecture (DNA) Center, include a backdoor account and two static username and password combinations that could allow someone to bypass the authentication system for Cisco Digital Network Architecture (DNA) Center.
It's been clear for a while now that the old signature and heuristics systems used to detect malware have been woefully inadequate for preventing and detecting online threats. That's resulted in a lot of effort being made to use big data and analytics to prevent and detect attacks. But that effort has primarily been at the enterprise level. Norton Core is a new product that will available in Australia soon that brings intelligence and automation to the home.
Lots of discussions about complex topics start with the premise that there are two types of people. That's where Symantec's Chief Technology Officer Hugh Thompson began his discussion on the challenges facing the security industry. He began his entertaining security keynote at this year's CeBIT event in Sydney telling the story of a bird that flew into a commercial aircraft as the plane was being loaded by ground staff. It was trapped in the passenger cabin, only becoming known when the trans-Atlantic flight was in the air. The reactions to the story are indicative, he said, about differing attitudes to security risks.