Category Archives: Internet Security

T!m3 f0r n3w P4ssw0rd rul3s!

August 11, 2017Internet Security, Tech NewsDavid Slivken

I’m sure most people have had the experience of needing to change a password frequently for security reasons, but do you really know why?

The origin of this practice can be traced back to a password primer written by a man named Bill Burr in 2003 when he was a manager at the National Institute of Standards and Technology (NIST). He’s the reason I’ve sometimes had passwords based on whatever was in my line of sight at the time of the change (like Stapl3r2015!) and sometimes had password themes like colors+date (like Red!20160310, Blue!20160608, Yellow!20160906). Continue reading →

Announcing #HackTor

July 23, 2017Internet of Things, Internet Security, Open SourceDavid Slivken

Generally finding bugs is a problem, unless you can get paid for doing it! This week, The Tor Project announced a new bounty program for folks who can find bugs in Tor and Tor Browser. Earn up to $4,000 per bug depending on the severity.

Details are available at HackerOne, so sign up for an account and start trying to break stuff!

How to get 100 points on SSL Labs

July 12, 2017Internet Security, Tips & TricksVlad Bondarenko

Hi All,

A bit about how to get 100 points in all 4 test from SSL Labs.

First:
You need to create RSA 4096 bits key for certificate. Not 2048, but 4096.

Continue reading →

Fake WordPress API Malware Alert

May 17, 2017Data Privacy, Internet Security, WordPressDavid Slivken

Although WannaCry, the massive worldwide ransomeware attack, is the biggest story these days when it comes to cyber crime, it’s definitely not the only issue causing problems for sites right now.

Last week, website security leader Sucuri identified code that appears to be WordPress API related, but is actually sending active cookie data to attackers. This is most problematic when the active user is a site admin because it gives someone the opportunity to create a new admin user which can be then used to do considerable damage to a site and/or gain access to user data.

Continue reading →

Goodbye, Internet Privacy Rules

March 31, 2017Data Privacy, Internet Security, Internet Service Providers, Tech NewsDavid Slivken

It’s no surprise that we’re very interested in how our current administration is impacting topics like Net Neutrality and Internet Privacy. When Ajit Pai was appointed to be FCC chairman a couple months ago, we encouraged everyone to stay informed and keep an eye out for new issues. Well, this week the House voted to undo rules which prevented Internet Service Providers (ISPs) from selling user data to the highest bidder, just the latest roll back of protections that had been put in place by former President Obama. Although President Trump has not yet signed the roll back into effect, the White House has suggested that he will and the implications for Internet privacy concerns are pretty significant. (Update – As expected, President Trump did sign the bill in question on April 3rd, 2017, to repeal online privacy protections established under the previous administration.)

Continue reading →

Delivering security in 2017

March 22, 2017Back-end, Data Privacy, Internet SecurityNestor Fedyk

Delivering secure and reliable services has been a top priority for developers since day one. Applying the best, most reliable technologies has always been the key to securing a client’s data and traffic. But, due to multiple vulnerabilities found in some core products used to encrypt data and traffic, security practices need to be revisited.

Continue reading →

WordPress Security Breach

February 13, 2017Internet Security, WordPressDavid Slivken

We’re seeing reports this morning that a massive security breach associated with WordPress 4.7.0 and 4.7.1 has apparently led to the defacement of up to 1.9 million pages across almost 40,000 domains.

Upgrading to version 4.7.2 should fix the issue and WordPress urges anyone who hasn’t already updated to do so immediately. WordPress actually announced the security issue in a blog post at the beginning of February, but apparently there are still many sites that either weren’t aware or didn’t realize how serious the issue really is.

If you or anyone you know is running a WordPress site, please make sure it is updated to 4.7.2 as quickly as possible.

The Return of Lavabit

January 24, 2017Data Privacy, Email, Internet Security, Open Source, Tech NewsDavid Slivken

This past Friday, when most of the world was watching (or actively not-watching) the events in Washington, D.C., the formerly shuttered, Snowden-affiliated webmail service Lavabit announced it was re-launching with a new generation of email privacy and security.

If you’re unfamiliar with the history, here’s the gist: Lavabit formed in 2004, in part because of privacy concerns around email. They launched as an email service with significant protection and encryption capabilities and served a relatively small group of folk for almost a decade.

Continue reading →

Day of Reckoning for the IoT?

November 28, 2016Internet of Things, Internet Security, Tech NewsMatthew Davis

In the wake of the October 21st cyberattack on Dyn – an event that caused websites including Amazon and Netflix to go offline for hours – there has been a real rise in fear as to the ramifications of the Internet of Things. The Dyn attack was accomplished with malicious code that got into innumerable “smart” devices, from webcams to baby monitors, bombarding Dyn with requests and bringing its services to a halt – thereby crashing popular websites and services. But what if the goal had been to shutdown a power plant? Or to sever vital emergency communication lines? Or to bring down an airplane?

Continue reading →

Android Full-Disk Encryption is Weak

July 2, 2016Android, App Development, Hardware, Internet Security, iOS, Java, MobileDan Boyle

Android devices running on Qualcomm chips are at serious risk of being cracked. Apparently unlike iOS devices, Android devices store full-disk encryption keys in software, software that can be cracked – easily.

Continue reading →