Imagine your are watching your favorite tv show and start chatting about sensitive subjects. Those things could be leaked through your TV according Samsung’s warning about users of their smart TVs. Thats right, the TV that suppose to be providing entertainment is also listening for commands … BUT ALWAYS LISTENING. And anything said could be sent to a third party (whose identity isn’t public) for evaluation. What about our cleared citizens? Are they suppose to be not be permitted smart TVs at home (no smart TVs in the white house)? What if you have sex or if there is a legal alteration near the TV. Can that be used in court or end up on the web? These are questions we all should be asking regarding our privacy rights with this technology. BTW this isn’t the first time voice activated technology has been used. Think about gaming systems, mobile devices, alarms, etc.
The people at RiskIQ posted a interesting article covering the Anthem breach. The original post can be found HERE. 80 Million Personal Records Compromised!!!!! WOW
It should come as no surprise that another major data breach is in the headlines. Anthem, the nation’s second largest insurance provider, may have had as many as 80 million personal records compromised. There are several factors that make this breach notable. Primarily, it is the first major health insurance breach of its scale. The largest breach prior was the loss of over 4 million records by CHS. Continue reading
Matt Agorist wrote on my buddy’s blog drchaos.com about how to beat Red-Light and Speeding Cameras. Since I live in DC aka the capital of camera traps, I found this to be extremely useful. The original post can be found HERE.
Last year I received a letter in the mail from the Washington D.C DMV claiming I was speeding. As you can see it was one of those Photo-Enforced Speeding Tickets and they had multiple pictures of my CAR. I knew better to just submit and pay a fine like the majority of people do in this country, unfortunately. I am in the habit of not taking “plea deals”, and I am always in the habit of fighting my tickets and NOT pre-paying them so I don’t have to go to court – like many folks do. I just about always record my interactions with the police, whether it’s a traffic stop or not, that way it keeps the entire situation objective, transparent and I can hold the public servant accountable if he/ she violates my rights. Continue reading
The people at 27001 Academy created a interesting infographic on Data Breaches seen in 2014. The original posting can be found HERE. This post will cover statics found during their research and the infographic.
Here are some stats:
- 2014 has seen an increase of over 27.5% in data breaches in the U.S.
- Total incidents in 2014: 783
- Total incidents in 2013: 614
- 2014 vs. 2013: 27.5% increase
Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading
China takes censorship seriously and has been enforcing programs to control various forms of online content. The most widely known example of this is China’s program to block websites they deem inappropriate known as the Great Firewall or “The Golden Sheild Project” (learn more HERE). Some examples of popular western websites blocked are Facebook, Google, Twitter and Youtube.
You can test if a website is blocked in China by going to http://www.greatfirewallofchina.org/ . The next screenshot shows Facebook is blocked however my website is permitted (as of now … who knows after this post). Continue reading
Hack Insight Press published one of my blog posting in their February issue that focuses on the WiFi Pineapple. My original post can be found HERE. The magazine article can be found HERE. In summary, this article talks about how to use the Wifi Pineapple Mark V by Hak5 to perform a phishing attack attack.
A description of the what the February Issue contains is shown below. Continue reading
Nick Biasini, Earl Carter, Alex Chiu and Jaeson Schultz from the cisco security research team posted about the real impact of the recent announced ghost vulnerability found by Qualys. It seems to not be as scary as the market is advertising. The original post can be found HERE.
On Tuesday January 27, 2015, security researchers from Qualys published information concerning a 0-day vulnerability in the GNU C library. The vulnerability, known as “GHOST” (a.k.a. CVE-2015-0235), is a buffer overflow in the __nss_hostname_digits_dots() function. As a proof-of-concept, Qualys has detailed a remote exploit for the Exim mail server that bypasses all existing protections, and results in arbitrary command execution. Qualys intends to release the exploit as a Metasploit module. Continue reading