security

Digital Privacy at the U.S Border: A New How-To Guide from EFF

An update from the EFF on Digital Privacy at the U.S Border: A New How-To Guide from EFF - download the PDF.

PROTECTING THE DATA ON YOUR DEVICES  AND IN THE CLOUD
 
We have fewer rights at the U.S. border than in the interior. Still, we can all take action before, during, and after our border crossings to protect our digital privacy.  See more at the EFF site.

Tags: 

HP "Time Bomb" Locks Out 3rd Party Ink Cartridges

The Guardian Alex Hern
 
Hewlett-Packard printers have suddenly started rejecting ink cartridges produced or refilled by third parties, apparently due to a “ticking timebomb” left by the manufacturer in an update released in March 2016.
 
The printers, in the company’s OfficeJet, OfficeJet Pro and OfficeJet Pro X ranges, accepted refills made by third-parties and sold at a significantly lower price than the official ink made and sold by HP itself. But on 13 September, the printers began to reject those refills, with error messages including “cartridge problem”, “one or more cartridges are missing or damaged” and “older generation cartridge”.
 
Adding insult to injury, the printers themselves have not received a software update recently, suggesting that the last update, six months ago, had a delayed-action effect. In doing so, it prevented affected users from getting the word out about the lockdown and discouraging others in a similar situation from updating their own printers.  read more...
 
UPDATE  HP issued a non-apology and made it possible for users to back out the change by applying patched firmware to their printers.  See the HP Blog Post. "As a remedy for the small number of affected customers, we will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will post additional information here as it becomes available".  Emphasis is mine.

Tags: 

Daniel's Mac Security Guide

[[{"type":"media","view_mode":"media_large","fid":"385","attributes":{"alt":"","class":"media-image","style":"width: 400px; height: 226px;"}}]]

Last update March 11, 2016

Mac / OS/X Security Recomendations

  • Keep your software up to date.
    • Always update your Apple software from the Updates section of the Apple App Store.  Click the Apple icon on the top left of the display, select "About this Mac" and click on Software Update.  Never update by way of a link on a webpage or an email.
    • Update non-Apple software from within the application or from the company's web site.  Beware of ectra or bonus software downloads during updates.  Oracle's Java updates are notorious for installing unnecessary toolbars.  Less scrupulous companies are often the source of unwanted add-ons that can steal data or show unwanted ads.
  • Make Time Machine backups
    • Select the option to encrypt backups.
    • Keep at least two backups each at a different location and at least one disconnected.  See my article on The Dangers of Cloud Sync.
  • Install anti-virus software.
    • I use Sophos Home, a free AV program for Macs.  Sophos.com
    • Install anti-malware software
      • I use Malwarebytes from Malwarebytes.org.  
  • Set a login password for your Mac
  • Keep your Mac behind a good firewall.

Protecting Macs from Viruses and Malware

March 11, 2016

For many years, computer viruses and malware were mostly the concern of Windows users.  Mac users faced very few threats. This has been atributed to the Mac's sibgle digit market share and, some have argued, a more secure product.  One common misconception was that Macs were somehow imune from viruses and malware.  While the number of threats may pale in comparrisln to Windows, Macs are indeed suseptible to attack and more and more are appearing.  The time has come for Mac users to make secutity a priority.   

In the last few weeks, researchers have found the first Mac Ransomware malware in circulation.  Ransomware is software that encrypts the files on a computer making them unuseable to the owner.  The person controllling the malware then demnads a ransom to unencrypt the files.  In most cases, the victim has only 72 hours to pay or the ransom or the malware author threatens to eraswe the key that is needed to restore the files.  Regardless of the size of your business, the loss of data can be davastatiung.  

Add these new threats to hardware failures and theft and the need for a well thought out and executed computer protection plan is more important then ever.

You can find my Mac security recomendations here.

Tags: 

Rarely Patched Software Bugs in Home Routers Cripple Security

 
 
By JENNIFER VALENTINO-DEVRIES WSJ
Jan. 18, 2016 11:58 a.m. ET
 
In late 2014, a small Massachusetts software company got an ominous email: A computer-security researcher said a flaw in one of its programs put millions world-wide at risk of being hacked.
 
Engineers at the company, Allegro Software Development Corp., analyzed the flaw in the program, which can help users access the controls of home Internet routers. They quickly realized something strange: They had fixed this bug nearly 10 years earlier. But it lived on, even in new devices.  Read the article at WSJ

Tags: 

Bug Lets Hackers Into Nearly Any Android Phone Using Nothing But an MMS Text Message

Android logo

A major flaw in Android software allows an attacker to take complete control of a device by simply sending a specifically crafted media text  message.  The flaw was first reported by Zimperium zLabs VP of Platform Research and Exploitation, Joshua J. Drake - See more at: http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-androi...

To kitigate the threat until an Android device receives a patch, go to Hangouts, select the menu in the upper left and select Settings.  SElect the SMS settings, scroll down until you see "Auto retrieve SMS and UNCHECK that box.  

Tags: 

High Profile Cyber Attacks Open Door to More Surveillance

Recent cyber attacks against private companies such as Sony, Target and Home Depot have legislators proposing new cyber security legislation that would open the door to more government surveillance and less individual privacy while doing little to address cyber threats.  

Congress Should Say No to "Cybersecurity" Information Sharing Bills

Tags: 

Pages

Subscribe to RSS - security