Items tagged with: Vulnerabilities

Below is

A list of Microsoft servers

we should consider blocking through our firewall.

I cannot explain exactly how to do this for everybody as each setup is different and I cannot know which Microsoft services or functions you may want, nor guarantee they will continue to work. It’s worth trying a small number at a time, noting down each server address before you block it and checking if services you want to work, still do.
  • Remember, if you actually want to continue updates you need to monitor how your system behaves after blocking each server address.
One way to block MS servers in W10 is through

Web Protection -> Web Filtering -> Policies -> Default content filter action

Under Websites -> Block Theses Websites

Lastly, import as many of the list below as required, by trial and error.

Below is a useful link to a thread on the SOPHOS... show more
Here’s a

List of windows spy patches

I’ve collected in my research from a range of sources. They are not all here but there are enough to consider for removal.

Certain #updates are very tough to eradicate – like the infamous ‘Black Hole patch’ KB976902, which needs seriously forensic registry-based hacking to get rid of. It’s too complex to explain here, but look it up if you’re determined. Most of the others are simple to uninstall with no ill effects on the system.


Due to its sensitive nature, this list will only be pinned for one week, after which it will only be available to my supporters on request.


kb2505438 suspicious





kb2670838 suspicious



kb2876229 = Skype... show more
Windows 10 is not the only data thief

As I’ve mentioned, Microsoft’s Customer Experience Improvement Program should be turned off for all #laptops and #desktops – even in #Windows 10. If we don’t do this we are giving #MS permission to collect a wide range of our #user #data, including #USB data, #systems data, hard drive data, #email,... show more
How to stop W10’s forced updates

Patch Tuesday (search #microsoftpatchtuesday ) comes round every month and occasionally messes up #PCs worldwide. The links below explain how to turn them off. This way we can wait to see if the latest #patch has caused any carnage before deciding to reject or accept it. #Tech #news sites, #forums, or other online users, usually discuss the latest patches at great length so we can judge if #updates are safe or not.

Remember, updates are still very important... show more

DOD Just Beginning to Grapple with Scale of Weapon Systems Vulnerabilities

In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected.…
Article word count: 136

HN Discussion: https://news.ycombinator.com/item?id=18177617
Posted by molecule (karma: 7902)
Post stats: Points: 138 - Comments: 47 - 2018-10-09T16:55:53Z

\#HackerNews #beginning #dod #grapple #just #... show more

Report: NSA Still Plagued by Cyber Security Vulnerabilities

#cyber #edwardsnowden #nsa #oannewsroom #plagued #report #security #still #vulnerabilities
posted by pod_feeder
Report: NSA Still Plagued by Cyber Security Vulnerabilities

The Cybersecurity Hub is South Africa’s National Computer Security Incident Response Team (CSIRT) for reporting Phishing, Malware, Vulnerabilities, etc

The Cybersecurity Hub is South Africa’s National Computer Security Incident Response Team (CSIRT) and strives to make Cyberspace an environment where all residents of South Africa can safely communicate, socialise, and transact in confidence. It achieves this by working with stakeholders from government, the private sector, civil society and the public with a view to identifying and countering cybersecurity threats.

The Cybersecurity Hub enhances interaction, consultations and promotes a coordinated approach regarding engagements with the private sector and civil society. As a key point of contact for cybersecurity matters, it coordinates cybersecurity response activities and facilitates information and technology sharing.

The Cybersecurity Hub also provides information that creates awareness on cybersecurity as well as information that encourages South African citizens and organisations to be sec... show more

The Tapplock IoT padlock has multiple security vulnerabilities

Remember last week’s $99 IoT padlock that anyone could unlock in 2 seconds? Turns out you don’t even need that long!

HN Discussion: https://news.ycombinator.com/item?id=17344383
Posted by ptx (karma: 809)
Post stats: Points: 109 - Comments: 76 - 2018-06-19T07:07:59Z

\#HackerNews #has #iot #multiple #padlock #s... show more

A new set of vulnerabilities affecting users of PGP and S/MIME

HN link: https://news.ycombinator.com/item?id=17063109
Posted by rdhyee (karma: 322)
Post stats: Points: 140 - Comments: 35 - 2018-05-14T06:11:05Z

\#HackerNews #affecting #and #mime #new #pgp #set #users #vulnerabilities
HackerNewsBot debug: Calculated post rank: 105 - Loop: 50 - Rank min: 100 - Author rank: 92
The #NSA wants its #SimonAndSpeck #IoT algorithms to be a global standard, but no one trusts them after past #badbehavior sneaking #vulnerabilities into public #standards. https://www.bitdefender.com/box/blog/iot-news/nsa-wants-algorithms-global-iot-standard-theyre-simply-not-trusted/#new_tab


Obscure E-Mail Vulnerability

This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so bruce.schneier@gmail.com is the same as bruceschneier@gmail.com is the same as b.r.u.c.e.schneier@gmail.com. (Note: I do not own any of those email addresses -- if they're even valid.) Netflix doesn't ignore dots, so those are all unique e-mail addresses and can each be used to register an account. This difference can be exploited.

I was almost fooled into perpetually paying for Eve's Netflix access, and only paused because I didn't recognize the declined card. More generally, the phishing scam here is:

- Hammer the Netflix signup form until you find a gmail.com address which is "already registered". Let's say you find the victim jameshfisher.
- Create a Netflix account with address james.hfisher.
- Sign up for free trial with a thr
... show more
newer older