Rants, Raves, and Rhetoric v4

Category: Cybersecurity

  • WordPress security for beginners

    The Jetpack (a plug-in) blog has a pretty good WordPress Security for Beginners post which talks about what you need to do to keep your blog safe. The TL;DR: choose a good host keep software updated (WP, plug-ins, themes) use secure credentials off-site backups protect against brute force attacks scan for malware monitor for downtime remove […]

  • MFA on a smartphone

    Multi-factor authentication (MFA; aka Two-factor authentication aka 2FA) makes access to things more secure. However, how to do it from the same smartphone seems to be an afterthought. First, if someone has the smartphone which is used to generate the code, receive the text, answers the phone call, or confirms the access, then is MFA […]

  • 15 days of fame

    Looks like the storm of visitors to this blog looking for information on that fake video circulating Facebook is over. Most of the searches were for the hostname of the server which I happened to mention in the post. Which, I guess put me to the top of the search results. One individual found me […]

  • Fb Messenger virus

    Got a message from a coworker that suggested I was in a video. Naturally, I am supposed to click on it, but it felt wrong. A quick Duck Duck Go search revealed it to be a virus. If you think a virus was installed on your device, then my advice is to find a trusted […]

  • Friend Request Hoax

    A legitimate message expressing concern about your impersonation account would: Ask if you created another account. Provide the address to the new account so you can go to the profile, click the three dots on the cover photo, select Report, and follow the instructions for impersonation. Instead, the hot hoax right now says: Hi….I actually […]

  • Carrier Phish

    Got a phone call from my own cell phone to itself. That was pretty interesting the first time, but I declined the call because I was certainly not calling myself. A day later, I got another call. This one I answered. It was an interesting call informing me my account with the cellphone carrier was […]

  • USB Drives to Move Election Malware

    From “Can Georgia’s electronic voting machines be trusted?“: Though voting machines aren’t directly connected to the internet, witnesses testified last week that USB drives are used to transfer election data from internet-connected computers to election servers. So, computers that are connected to the Internet are used to move data to the election servers. Malware can […]

  • How wide was the Equifax data breach?

    143 million US consumers were caught up in the data breach. I keep seeing it portrayed as 44% of the US population. But, the US population includes children. Initially, it seemed to me the better metric was 11 million more than all of 2016 IRS tax filers. The problems with this latter comparison? Lots of […]

  • Overuse of SSNs

    The overuse of the Social Security Number bothers me. Healthcare providers use the SSN. They all want it, so they all have it in their files and databases. Given the push to move records to electronic form, they all have it recorded in databases. This makes them tempting targets for fraudsters. They have to use […]

  • DOJ, Dreamhost, and DisruptJ20

    The government has no interest in records relating to the 1.3 million IP addresses that are mentioned in DreamHost’s numerous press releases and opposition brief. Basically, the Department of Justice served Dreamhost this warrant asking for the code backing the web site, the HTTP request and error logs, logs about backend connections to upload files to the […]