I use Private Internet Access VPN (PIA) myself, but I receive no compensation for this endorsement. It comes highly recommended from Noah (“Ask Noah”) at Jupiter Broadcasting as well.

While VPN is generally not about hiding from law enforcement agencies (LEAs) like the FBI, it is useful to know that even if an undesirable character were to get access to your VPN provider, there would be nothing for them to find. These days, this usually means your very own ISP, unfortunately. It used to be that VPN was primarily for coffee shops, airports and other open networks, but since our lawmakers have abandoned their roles of protecting our rights, we need to protect ourselves more than ever.

When you protect yourself with a VPN, you expect to be truly secure and anonymous online. Many services claim that they keep no records, but it’s difficult to know who you can trust.

Over the years, Private Internet Access VPN has proven itself to be ethical and reliable. It provides rock-solid online protection, while also blocking ads and malware. You can currently get a three-year subscription for only $89.95 — that’s 64% off.

~ “Private Internet Access VPN Is So Private, Even the FBI Couldn’t Find Any Data

A new, very real and very widespread security vulnerability in all wifi 802.11 devices has been found. It is a notable issue because it is not a manufacturer flaw but a design flaw caused by the wifi spec (802.11) itself.

Called KRACK (Key Reinstallation AttaCKs), the problem might take time to patch because of the fracturing of various types of wifi devices. For instance, Android phones are at the mercy of the phone manufacturers and/or carriers as to when updates occur. Older routers might not even have a user-friendly update mechanism, but I’ve noticed some newer ones will actually automatically check but not necessarily automatically install. The good news, though, is that the security vulnerability in all wifi devices can be patched via software. No hardware changes are required.

Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability also emerged today, and we will cover that at the end of this post.

~ PSA: Severe Vulnerability in All Wi-Fi Devices

Equifax has lost the keys to the kingdom in the latest security breach.

Today, it came out that “Equifax Says Cyberattack May Have Affected 143 Million Customers” in the latest Equifax security breach. While the number alone falls well short of some other recent hacks, the potential for damage makes it even more serious than both Yahoo! breaches combined. The Yahoo! breaches were serious enough because password resets usually take place via email, but at least that requires the data thieves to work harder to get more information. Since Equifax has all credit data, including Social Security numbers, it is a one-stop shop for hackers. It is sufficient information for identity thieves to present to creditors, lenders and other service providers, to include information that identifies a person as the legitimate account holder.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

While there is no evidence that “core … reporting databases” were breached, the potential exists, and, as a result, Equifax has set up a website Cybersecurity Incident & Important Consumer Information where you can put in your last name and last six of your SSN to check whether or not you qualify for free credit monitoring.

Sadly, that falls far flat from a real solution, because once the information is out there, it is out there, and it can impact someone years from now. It really is time that companies that are negligent with personal identifying data be legally liable for their lack of safeguards.

 

“Can you hear me now?” used to be at worst an annoying commercial. Now it could be a scam.

Everyone hates robocalls. However, they usually only take a bit of your time, not drain your wallet. However, there is now a scam going around that can co$t you big time! You answer the phone, and the “person” on the other end asks, “Can you hear me?” When you say, “Yes”, your voice is recorded and then used for all sorts of transactions you yourself never approved!

It’s a bad idea to ever use the word “yes” when talking to any telemarketer, but with the latest version of an old scam, saying “yes” can quite literally come…

~If A Telemarketer Or Robocall Asks “Can You Hear Me?” Just Hang Up; It’s A Scam – Consumerist

WordFence recently posted about a “highly effective Gmail phishing” campaign that has fooled or almost fooled several technically savvy people. It just goes to show that you can never allow yourself to become too complacent.

A new phishing technique that affects GMail and other services and how to protect yourself.>

~Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

Tim Berners-Lee on the Internet as a human right
Tim Berners-Lee on the Internet as a human right

I heard about the UK’s “Snooper Law” just the other day on Jupiter Broadcasting, and the most surprising part is that it “sailed through” parliament. Where is the uproaor?

Older But Geeky has a write-up on it in “UK Officially Gives Up Any Pretense That It Is Not George Orwell’s Nightmare Come True”.

Apparently, spying on all of your activities has become a priority for many “freedom loving” nations and forget about any notion of privacy. Do you still believe you live in a democracy?

“This snoopers charter has no place in a modern democracy – it undermines our fundamental rights online. The bulk collection of everyone’s internet browsing data is disproportionate, creates a security nightmare for the ISPs who must store the data – and rides roughshod over our right to privacy. Meanwhile, the bulk hacking powers in the Bill risk making the internet less safe for everyone.”

~ Sir Tim Berners-Lee, as quoted by the BBC News in “‘Snoopers law creates security nightmare’

Ironically, I recently had to do just this. I had to reset WordPress admin password on a backup copy of an archived website, for which I had long forgotten the password. Since it was not a live site but only a local copy (i.e., running on localhost), I could not do the email reset. However, the stored password is hashed, so how is this supposed to work?

Fortunately, WPBeginner filled in the missing pieces on doing a password reset on a WordPress site running only on localhost:

Do you want to reset WordPress admin password on localhost? In this tutorial we will show you how to easily reset WordPress admin password on localhost.

Source: How to Reset WordPress Admin Password on Localhost

Some scary stuff that affects all versions of Windows since at least XP!

This week there has been a lot of news about a flaw in Windows that could be used by web sites to easily gain access to a visitor’s Windows login name and password. This article explains how this flaw works and how you can prevent it.

Source: Understanding the Windows Credential Leak Flaw and How to Prevent It

From The Joy of Tech
From The Joy of Tech

In a very unsurprising article, Older But Geeky recently posted that “Users Turning Off Critical Updates To Avoid Windows 10”. This is what I’ve predicted all along. It is the logical reaction to heavy-handed tactics used by Microsoft to make users move to Windows 10, even if they and/or their computers are not ready for it. People are willing to take the risk in turning off Windows updates just to not get beat over the head with Windows 10.
Continue reading “Turning Off Windows Updates: Windows 10 Gets No Love”