spraci.info

Search

Items tagged with: Vulnerabilities

Below is

A list of Microsoft servers


we should consider blocking through our firewall.

I cannot explain exactly how to do this for everybody as each setup is different and I cannot know which Microsoft services or functions you may want, nor guarantee they will continue to work. It’s worth trying a small number at a time, noting down each server address before you block it and checking if services you want to work, still do.
  • Remember, if you actually want to continue updates you need to monitor how your system behaves after blocking each server address.
One way to block MS servers in W10 is through

Web Protection -> Web Filtering -> Policies -> Default content filter action

Under Websites -> Block Theses Websites

Lastly, import as many of the list below as required, by trial and error.

Below is a useful link to a thread on the SOPHOS... show more
 
Here’s a

List of windows spy patches


I’ve collected in my research from a range of sources. They are not all here but there are enough to consider for removal.

Certain #updates are very tough to eradicate – like the infamous ‘Black Hole patch’ KB976902, which needs seriously forensic registry-based hacking to get rid of. It’s too complex to explain here, but look it up if you’re determined. Most of the others are simple to uninstall with no ill effects on the system.

DO NOT CARRY OUT ANY ACTION WITHOUT BACKING UP THE SYSTEM AND THE REGISTRY, PREFERABLY ON AN EXTERNAL DRIVE.


Due to its sensitive nature, this list will only be pinned for one week, after which it will only be available to my supporters on request.

SPY PATCHES

kb2505438 suspicious

kb2506928

kb2574819

kb2592687

kb2660075

kb2670838 suspicious

kb2726535

kb2830477

kb2876229 = Skype... show more
 
Windows 10 is not the only data thief

As I’ve mentioned, Microsoft’s Customer Experience Improvement Program should be turned off for all #laptops and #desktops – even in #Windows 10. If we don’t do this we are giving #MS permission to collect a wide range of our #user #data, including #USB data, #systems data, hard drive data, #email,... show more
 
How to stop W10’s forced updates

Patch Tuesday (search #microsoftpatchtuesday ) comes round every month and occasionally messes up #PCs worldwide. The links below explain how to turn them off. This way we can wait to see if the latest #patch has caused any carnage before deciding to reject or accept it. #Tech #news sites, #forums, or other online users, usually discuss the latest patches at great length so we can judge if #updates are safe or not.

Remember, updates are still very important... show more
 

DOD Just Beginning to Grapple with Scale of Weapon Systems Vulnerabilities


In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.…
Article word count: 136

HN Discussion: https://news.ycombinator.com/item?id=18177617
Posted by molecule (karma: 7902)
Post stats: Points: 138 - Comments: 47 - 2018-10-09T16:55:53Z

\#HackerNews #beginning #dod #grapple #just #... show more
 

Report: NSA Still Plagued by Cyber Security Vulnerabilities





#cyber #edwardsnowden #nsa #oannewsroom #plagued #report #security #still #vulnerabilities
posted by pod_feeder
Report: NSA Still Plagued by Cyber Security Vulnerabilities
 

The Cybersecurity Hub is South Africa’s National Computer Security Incident Response Team (CSIRT) for reporting Phishing, Malware, Vulnerabilities, etc


The Cybersecurity Hub is South Africa’s National Computer Security Incident Response Team (CSIRT) and strives to make Cyberspace an environment where all residents of South Africa can safely communicate, socialise, and transact in confidence. It achieves this by working with stakeholders from government, the private sector, civil society and the public with a view to identifying and countering cybersecurity threats.

The Cybersecurity Hub enhances interaction, consultations and promotes a coordinated approach regarding engagements with the private sector and civil society. As a key point of contact for cybersecurity matters, it coordinates cybersecurity response activities and facilitates information and technology sharing.

The Cybersecurity Hub also provides information that creates awareness on cybersecurity as well as information that encourages South African citizens and organisations to be sec... show more
 

The Tapplock IoT padlock has multiple security vulnerabilities


Remember last week’s $99 IoT padlock that anyone could unlock in 2 seconds? Turns out you don’t even need that long!

HN Discussion: https://news.ycombinator.com/item?id=17344383
Posted by ptx (karma: 809)
Post stats: Points: 109 - Comments: 76 - 2018-06-19T07:07:59Z

\#HackerNews #has #iot #multiple #padlock #s... show more
 

A new set of vulnerabilities affecting users of PGP and S/MIME


HN link: https://news.ycombinator.com/item?id=17063109
Posted by rdhyee (karma: 322)
Post stats: Points: 140 - Comments: 35 - 2018-05-14T06:11:05Z

\#HackerNews #affecting #and #mime #new #pgp #set #users #vulnerabilities
HackerNewsBot debug: Calculated post rank: 105 - Loop: 50 - Rank min: 100 - Author rank: 92
 
The #NSA wants its #SimonAndSpeck #IoT algorithms to be a global standard, but no one trusts them after past #badbehavior sneaking #vulnerabilities into public #standards. https://www.bitdefender.com/box/blog/iot-news/nsa-wants-algorithms-global-iot-standard-theyre-simply-not-trusted/#new_tab

 
Image/photo

Obscure E-Mail Vulnerability

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and can each be used to register an account. This difference can be exploited.

I was almost fooled into perpetually paying for Eve's Netflix access, and only paused because I didn't recognize the declined card. More generally, the phishing scam here is:

- Hammer the Netflix signup form until you find a gmail.com address which is "already registered". Let's say you find the victim jameshfisher.
- Create a Netflix account with address james.hfisher.
- Sign up for free trial with a thr
... show more
 
newer older