Between an industry-wide push to encrypt all web traffic and the newfound popularity of secure chat apps, it’s been a boom time for online privacy. Virtual private networks, which shield your web traffic from prying eyes, have rightly garnered more attention as well.
BETWEEN AN INDUSTRY-WIDE push to encrypt all web traffic and the newfound popularity of secure chat apps, it’s been a boom time for online privacy. Virtual private networks, which shield your web traffic from prying eyes, have rightly garnered more attention as well. But before you use a VPN to hide your online shopping from the IT department at your company—or help protect yourself from state surveillance—know that not all mobile VPNs are created equal. In fact, some are actively harmful.
“These days, many people know what a VPN is and what they can do with one,” says Kevin Du, a computer security researcher at Syracuse University and IEEE senior member. “Not many people know what a bad or flawed VPN can do to their devices, because they don’t know how VPN works.”
VPNs have been around for years, as have their attending trust issues. But while previously VPN enthusiasts were mostly a core base of desktop users, the mobile boom and app store accessibility has created an explosion in mobile VPN offerings. And while some are genuinely looking to offer security and privacy services, plenty do more harm than good.
In a recent in-depth analysis of 283 mobile VPNs on the Google Play Store from Australia’s Commonwealth Scientific and Industrial Research Organization, researchers found significant privacy and security limitations in a majority of the services. Eighteen percent of the mobile VPNs tested created private network “tunnels” for traffic to move through, but didn’t encrypt them at all, exposing user traffic to eavesdropping or man-in-the-middle attacks. Put another way, almost a fifth of the apps in the sample didn’t offer the level of security that’s basically the entire point of VPNs.
Read the rest at wired.com
Originally published on PrintMag . Data is now recognized as one of the founding pillars of our economy, and the notion that the world grows exponentially richer in data every day is already yesterday’s news. Big Data doesn’t belong to a distant dystopian future; it’s a commodity and an intrinsic and iconic feature of our present - like dollars, concrete, automobiles and Helvetica.
Data is now recognized as one of the founding pillars of our economy, and the notion that the world grows exponentially richer in data every day is already yesterday’s news.
We are ready to question the impersonality of a merely technical approach to data, and to begin designing ways to connect numbers to what they really stand for: knowledge, behaviors, people.
Big Data doesn’t belong to a distant dystopian future; it’s a commodity and an intrinsic and iconic feature of our present — like dollars, concrete, automobiles and Helvetica. The ways we relate to data are evolving more rapidly than we realize, and our minds and bodies are naturally adapting to this new hybrid reality built of both physical and informational structures. And visual design — with its power to instantly reach out to places in our subconscious without the mediation of language, and with its inherent ability to convey large amounts of structured and unstructured information across cultures — is going to be even more central to this silent but inevitable revolution
Complexity is an inherent feature of our existence — the world is rich in information that can be combined in endless ways. Creating new points of view or uncovering something new typically cannot happen at a mere glance; this process of revelation often needs and requires an in-depth investigation of the context.
Changing your WordPress table prefix is risky to implement and it does absolutely nothing to enhance your site security.
What if I told you that a great way to prevent burglaries is to turn off all the lights in your home? That way a burglar would be able to gain entry, but they would not be able to see where your stuff is and so they couldn’t steal it.
When you change your table prefix in WordPress you usually use a WordPress security plugin to do the job. Unfortunately the security plugin needs to execute as the change is taking place. That means that during execution, half your tables have one prefix, and the other half have another prefix. If execution stops for any reason you are left with a broken website that you need to restore from backups.
You’d tell me that the burglar would either bring a flashlight or turn on the lights themselves.
It’s exactly the same concept when it comes to renaming your WordPress database table prefix. Once an attacker can access your database using SQL injection, they are inside your home. If you rename your database tables using a unique prefix, you’ve turned out the lights in your home.
So what’s the first thing an attacker does? They do this:
The output of this query is:
The above query simply asks the database what WordPress table prefix is being used for the postmeta table. It turns on the lights.
Any bot, attack script or manual attack, using a tool like sqlmap, will always run a query like the above before assuming any default table prefix.
Changing your WordPress table prefix for security reasons does not make a SQL injection attack “slightly harder” for attackers. They simply run the above query before assuming your tables have a default prefix.
This entry was posted in WordPress Security on December 28, 2016 by mark 1 Reply There is an idea that was popularized a few years ago that if you change WordPress table prefix in your database, it helps protect your WordPress website from attackers.
Last week, WordPress security firm WordFence revealed it detected over 1.65 million brute-force attacks originating from an ISP in Ukraine that generated more malicious traffic than GoDaddy, OVH, and Rostelecom, put together. A week later, after news of WordFence’s findings came to light, Ukrainian users have tracked down the ISP to a company called SKS-Lugan in the city of Alchevs’k, in an area controlled by pro-Russian forces in eastern Ukraine. All clues point to the fact that the ISP’s owners are using the chaos created by the Ukrainian civil war to host cyber-crime operations on their servers. Some of the criminal activities the ISP hosts, besides servers for launching brute-force attacks, include command-and-control servers for the Locky ransomware, [email, comment, and forum] spam botnets, illegal streaming sites, DDoS stressers, carding sites, several banking trojans (Vawtrack, Tinba), and infostealers (Pony, Neurevt).
More details have surfaced regarding a recent wave of brute-force attacks (dictionary attacks to be more accurate) that have targeted WordPress sites over the past few weeks.
Update: We posted a follow-up to this post on Monday December 19th which goes into more detail about the Ukraine IP block where these attacks originate from and we discuss possible Russia involvement. At Wordfence we constantly monitor the WordPress attack landscape in real-time.
“Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche.
Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials). Victims’ compromised systems may also have been used to conduct other malicious activity, such as launching denial-of-service (DoS) attacks or distributing malware variants to other victims’ computers.
In addition, Avalanche infrastructure was used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise.
A system infected with Avalanche-associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware had the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may have allowed criminals unauthorized remote access to the infected computer. Infected systems could have been used to conduct distributed denial-of-service (DDoS) attacks.
- December 1, 2016: Initial release
Cyber criminals utilized Avalanche botnet infrastructure to host and distribute a variety of malware variants to victims, including the targeting of over 40 major financial institutions. Victims may have had their sensitive personal information stolen (e.g., user account credentials).
Today’s modern home and office printers are predominately based on one of two popular technologies, Laser or Inkjet. While manufacturers of printers will play up the assumption that the cost printers evolve around the machine, the true cost of printers is not in the printers, but in the supplies. With either technology, the cost of the ink and toners, are usually one half the cost of the printer or more. But if you stop to consider, it’s difficult to come to the conclusion that more than half the cost to manufacture a printer would be the printer cartridge. Especially considering that more and more of the cartridges you buy as the printer gets older, including ones sold as OEM, will be remanufactured empties that get recycled. Yes, even original equipment manufacturers remanufacture and resell the cartridges. The only difference is that OEM’s don’t discount or distinguish between first run and remanufactured cartridges.
The profit model for modern printers is based on this same basic idea, they give away the printer at an extremely low margin or even at a loss but make up for it in years of ink and toner sales. But you can’t really blame the manufacturers. When the average consumer shops, they generally just look at the initial, “out-the-door” price. Just give it some thought. If you were shopping for a new laser printer and you saw two competing models with comparable features from comparably reputable brands, if one were selling for 1150 and the other were 1350, you would probably buy the 1150 model all things being equal. But they would not be equal, because the replacement cartridges for the cheaper model would be 180 and the cartridges for the other would be 130.
Assuming you went through a cartridge a month, after a year, you would have spent a third more on the cheaper printer.
Read the rest here..
Be the first to know about our latest deals, product launches, and exclusive promotions.