PayPal has been the talk of the town the last couple of weeks – at least in the SpamAssassin User’s Group. Hackers have been sending out fraudulent Emails. They pass SPF checks. They pass DKIM signing checks. In Email, the only headers you can really trust are your own and all of the Emails were […]
A Pathetic Defense of Julian Assange
Must’ve been a slow day at the Washington Post as reporter Daniel Larsen comes to the defense of Julian Assange. What a pathetic excuse of an article. You can read the senseless drivel here: https://www.washingtonpost.com/outlook/2022/06/18/espionage-act-dangerous/ Daniel Larsen writes, “Julian Assange’s leak of U.S. diplomatic cables certainly had nothing to do with the military”. That is […]
Damned if you do. Damned if you don’t.
Reporting Ransomware? If you don’t report it, you’re screwed. If you do report it, you’re still screwed. @MikePerryavatar Weird how Department of Homeland Security couldn’t secure the homeland from a myriad of attacks, to include hybridized warfare and cyber attacks. It’s as if the Patriot Act, and GWOT for that matter, were total bullshit and […]
ProtonMail? Not Worth an Electron!
People seem to automatically lump Security and Privacy into one single category. When it comes to Email, these are just spices added to the dish, like Salt and Pepper – too much is overbearing and too little is weak. So, I was just cruising around the web and came across this: Notes from ProtonMail’s meeting […]
Give it a REST: Serious WordPress Bugs
So, what do you know about the WordPress REST API? If you’re like me, the answer is “not much”. So it came out of the blue when a friend of mine contacted me last week about problems he was having with the REST API. The Issues 1) The URL https://www.example.com/wp-json/wp/v2/users can return information about ALL […]
Hardening the Apache Webserver
One thing that should be done for those hosting their own Apache Webservers is to remove any unneeded information from Apache Error responses: Apache/2.4.48 (Ubuntu) Server at example.com Port 443 In the standard setup for Apache, Apache reveals it’s version number as well as the underlying O/S that it is running on. Why make it […]
Numb to it all
Wow. It has certainly been quite the ride the last few years. From endless SPECTRE and MELTDOWN bugs in the AMD and Intel microprocessors, the out-of-control ransomware variants, to the incessant breaches and release of otherwise private information. This is a mess. So, before you do something stupid and idiotic, let me remind you, SECURITY […]
Secure Your Amazon S3 Buckets
We all have S3 Buckets, don’t we? Dark Reading has a good tutorial on how to secure your bucket, including access AND encryption: https://www.darkreading.com/edge/theedge/how-to-prevent-an-aws-cloud-bucket-data-leak–/b/d-id/1337093
It’s almost too easy
From Garth Algar in Wayne’s World. Still funny after all these years! “OK… First I’ll access the secret military spy satellite that’s in a geosynchronous orbit over the Midwest.” “Then, I’ll ID the limo by the vanity plate “MR. BIGGG” and get his approximate position.” “Then, I’ll reposition the transmitter dish on the remote truck […]
Tech Support Scams
So, in the first week in December, I got a call from a number listed as being from “Seattle, WA”. I was greeted by a gentleman with an East-Indian accent: Caller: “Hello. This is Samir from Microsoft Tech Support. I’m here to help you with your login problem.” Me: “I have no login problems.” Caller […]