General

Sumup: CPU hardware vulnerable to side-channel attacks (Meltdown, Spectre and more)

If you’re confused by the avalanche of early reports, denials, and conflicting statements about the massive security issues announced in the last days, don’t worry — you’re far from the only one. Here’s what you need to know about Meltdown and Spectre, the two huge bugs that affect practically every computer and device out there. Source of the article: Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?   What are these flaws? Short answer: Bugs at a fundamental level that allow critical information stored deep inside computer systems to be exposed.      …

Read More

Results of the experiment “HTTPS and HSTS for ITSecurityNews.info”

I wrote 4 months ago (Aug 14) about the switch to HTTPS per default on the new site ITSecurityNews.info. A week ago I wrote about the experiment of enhancing the headers of the website to show full compatibility with HSTS. Experiment started: HTTPS for ITSecurityNews.info Moving to HSTS   Now it is too early to say what impact the HSTS has over the traffic, but we can have a look on the traffic for HTTPS. Here is the shape:   The red vertical line is the point when I switched to HTTPS. There is a 10% increase in September, but…


Moving to HSTS

HTTP Strict Transport Security (HSTS)  is a policy mechanism that allows a web server to enforce the use of TLS in a compliant User Agent (UA), such as a web browser. HSTS allows for a more effective implementation of TLS by ensuring all communication takes place over a secure transport layer on the client side. Most notably HSTS mitigates variants of man in the middle (MiTM) attacks where TLS can be stripped out of communications with a server, leaving a user vulnerable to further risk. HSTS has been a highly anticipated and a much needed solution to the problems of HTTP being the default protocol…


How to browse the web really anonymously

I’ve seen a lot of articles on the web about how to browse the web while keeping your privacy. By that I mean, nobody knows who you are, what you are browsing, no history kept, no temporary files remaining on the machine. Most of the articles on the web are created to make advertising to some VPN products. What is the solution? I think that the only solution is to use Tor, more specifically, the Tor Browser. The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody…


Dropbox phishing: someone is interested in your corporate files

I wrote before about the Target Malware. Now I can also write about Phishing. Here is one for Dropbox:     What is wrong with this email ? the contact me by extracting the user part in the email address (smustaca) The “Verify your email” goes directly to a phishing website. The text is rather unusual, as Dropbox will never send anything like this. Dropbox adds some personalized links at the end of the emails. Emails from Dropbox come from “Dropboxmail.com” and not from “dropbox.com”     Why would anyone phish Dropbox? In order to get your files!   Why…


Colorful spams are back!

Yeeesss, the Spam/Trash folder is no longer so boring! Finally, the spammers are now using all the features of the email clients and have made the subjects to look much nicer. Do you know how they do that? They add UTF8 characters in the subject and then they encode the entire string using Quoted-Printable encoding: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?q?=F0=9F=91=B6_Free_Trial_of_Diapers_from_The_Honest_Company_?= =?utf-8?b?8J+Rtg==?= This is the output:   Another example: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?b?8J+YqCBXaWZlIFdhbGtlZCBJbiAtIE9PUHMhISEhISDwn5io?=


How to get rid of disturbing and traumatizing “children” films on YouTube

If you have children, then you must allow them from time to time to watch some children films on Youtube. They must have missed some episodes of their favorite series and you definitely can find them there. In any language you want. Just search for “Caillou”, “Barbie”, “Batman” , “Elsa” , “Spiderman” or anything alike and you will get something. There is a huge market for “children’s” YouTube content. But, what happens when the results are not for children?   How do you filter them? You can’t… So, what do you do ? You ban them from using the tablet…


Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of…


Romanians Abroad: Sorin Mustaca on www.TheGoldenRomania.com

Sorin Mustaca in Entrepreneur IT Professional RO – Constanta GER – Tettnang Sorin is one of the many IT professionals Romania has produced in recent years. He is unique however since he had the courage to partially differentiate from his employer and start his own business somewhere in Germany. He realized his vast expertise can help any company learn about the importance of IT security and in the same time can offer a better future for his two children in one of the healthiest environment in the world.   Read more here: http://thegoldenromania.com/Romanians-Abroad?post=sorin-mustaca


Why most, if not all, “New Generation” endpoint security product are not self-sustained?

Fire Eye, Sentinel One, Crowdstrike, HackerOne, Cylance, Cyphort, Trustlook, Venafi, Clavister, Invincea,  Code42,  just to name a few,  are so called NG Cybersecurity startups. NG comes from “New Generation” or “Next Generation”… (Yeah, just like in StarTrek. 🙂 )   What exactly are these “NG” products and services? There is no single definition that fits them all. Here are the common features: All of them have a cloud backend. Some install an agent on each machine, some install an appliance that acts as a sniffer in the network. Some others must be installed on the default gateway where they take…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close