Showing posts with label bluekeep. Show all posts
Showing posts with label bluekeep. Show all posts
Thursday, November 21, 2019
Backdoor Fixed?
Ddoor - cross platform backdoor using DNS txt records.
It's ok - it's a lightweight backdoor.
Google and Samsung fix android spying flaw.
So only the rest of the phones are vulnerable.
Microsoft denies bluekeep ransomware is theirs.
No, MS Teams and Bluekeep (RDP) are not responsible.
But publicly flog themselves over RDP.
GPS manipulation in Shanghai is probably NOT the Chinese military
Like IoT, GPS is one of those technologies that just begs for problems. If you're steering a ship or piloting a plane, you better have a reliable backup.. if there are problems, GPS will be the first thing to go.
NSA advisory addressing encrypted traffic inspection risks
Yeah, we think you just shouldn't encrypt anything... it's for the children...
No, seriously, read it.
Running linux commands with timeout
Speaking of linux, I was initially taken aback when I saw 'mpd'. Turns out it doesn't stand for Multiple Personality Disorder.
Tuesday, November 12, 2019
Blue Keeps Your Data
Fortunately, BlueKeep is difficult to implement, even though it's in the wild.
Patch yer damn machines already!
Encrypted emails on macOS found stored unencrypted.
Fortunately, Apple is going to fix the (Siri) bug.
in the meantime, there's a command to type in the terminal window.
The Texas Health Agency made names, addresses, Social Security numbers and treatment information of 6,617 people public. After the $1.6 million fine, they're Very Sorry (they got caught) and take your privacy seriously (because they got caught) and will do whatever is necessary to secure all data (so they won't get caught again).
In totally unrelated news, the taxpayers of Texas are on the hook for $1.6 million for the incompetence of Health and Human Services Commission.
Linux Corner
Using diff command to compare 2 files at the command line.
The ever-popular find command. Because there are so many bloody options, there will be a quiz at the end of the article.
Advanced PDF tricks. Sit, watermarks, and don't do that on my carpet.
The former mayor of Munich goes over how much Microsoft hates linux, especially after linux was adopted there. All the love for linux lately is total BS.
Basic troubleshooting with telnet and netcat
Tuesday, November 5, 2019
Firewalling Your Phone and Other Things
One android-related item: I've said it before, but you never realize how bad things are until you put a firewall on your phone. This might sound difficult, but hear me out...
Let's take our normal android phone.. you install a cool internet radio app like TuneIn radio. You fire the program up and listen to whatever stations you like. It became my #1 player.
Since my phone met its maker, I had to transfer everything to a new one (whatever you pay for insurance is worth it). LG, in addition to great phones, has a great transfer app. I found this out after I did everything manually on the new phone, because I only know how to do complicated things - I get nervous with anything easy. My original firewall was No Root Firewall, named because you don't have to root your phone to use it. I decided to give Netguard firewall a try.
With a firewall, when you fire up TuneIn Radio, you will get ill seeing where it goes. The firewall shows you every destination. You will see the obvious packets to the radio's domain. Then you'll see a shitload(technical term) of packets going all over the place. Spend any time looking them up and you'll see they're all advertising. So for each call for radio, there are 5 or more ad calls. One of the things about android that pisses me off is the apps are allowed to 'come alive' when they're not being used. TuneIn runs constantly, contacting ad domains. It has absolutely dominated my logs, moreso than goog calls.
Btw, you don't need goog. You don't need to put in a goog account. You don't have to allow goog outside the phone. Since all apps phone home, the firewall stops them. Many apps don't need any net access at all, yet demand it. If you install a puzzle app, there's no reason it needs access to your phone, camera, storage, and internet access. So stop it with a firewall. You also won't see ads on everything... it's a less automatic ad-blocker.
If you fail to update Win XP(!) and Win 7, you missed the first service pack for XP in forever. This is due to the Bluekeep vulnerability. If you haven't patched yet, stop being a willing idiot. And if you keep port 3389 (RDP) open to the internet, you're asking for it. And if you use an ancient, non-supported OS, you're asking for it.
Your system is next.
Check out fwbackup. It's a new, open source backup that's simple. I just ran my first backup and it went well. You can select the compression for speed or efficiency.
What happens when you're successfully spearphished?
Your bank account becomes $742k lighter, like the city of Ocala, Florida.
Let's take our normal android phone.. you install a cool internet radio app like TuneIn radio. You fire the program up and listen to whatever stations you like. It became my #1 player.
Since my phone met its maker, I had to transfer everything to a new one (whatever you pay for insurance is worth it). LG, in addition to great phones, has a great transfer app. I found this out after I did everything manually on the new phone, because I only know how to do complicated things - I get nervous with anything easy. My original firewall was No Root Firewall, named because you don't have to root your phone to use it. I decided to give Netguard firewall a try.
With a firewall, when you fire up TuneIn Radio, you will get ill seeing where it goes. The firewall shows you every destination. You will see the obvious packets to the radio's domain. Then you'll see a shitload(technical term) of packets going all over the place. Spend any time looking them up and you'll see they're all advertising. So for each call for radio, there are 5 or more ad calls. One of the things about android that pisses me off is the apps are allowed to 'come alive' when they're not being used. TuneIn runs constantly, contacting ad domains. It has absolutely dominated my logs, moreso than goog calls.
Btw, you don't need goog. You don't need to put in a goog account. You don't have to allow goog outside the phone. Since all apps phone home, the firewall stops them. Many apps don't need any net access at all, yet demand it. If you install a puzzle app, there's no reason it needs access to your phone, camera, storage, and internet access. So stop it with a firewall. You also won't see ads on everything... it's a less automatic ad-blocker.
If you fail to update Win XP(!) and Win 7, you missed the first service pack for XP in forever. This is due to the Bluekeep vulnerability. If you haven't patched yet, stop being a willing idiot. And if you keep port 3389 (RDP) open to the internet, you're asking for it. And if you use an ancient, non-supported OS, you're asking for it.
Your system is next.
Check out fwbackup. It's a new, open source backup that's simple. I just ran my first backup and it went well. You can select the compression for speed or efficiency.
What happens when you're successfully spearphished?
Your bank account becomes $742k lighter, like the city of Ocala, Florida.
Monday, November 4, 2019
Uptux - privilege escalation checks for linux
2 unpatched critical RCE flaws disclosed in rConfig
If you use Chrome browser on any OS, update it now.
The first Bluekeep attacks are here!
Not as nasty as reported, but you shoulda patched your systems a long time ago.
The Pentagon published AI ethical guidelines.
This is today's best, loudest, and longest laugh.
MS 365 helps improve orgs' security and compliance posture.
MS 365 now helps find and review insider security threats.
MS 365 babysits the IT department when the boss is out.
MS 365 makes pancakes.
How the FBI abused NSA mass surveillance data.
We're so much safer since 9-11.
Subscribe to:
Posts (Atom)