google

Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of…


How clever social engineering can overcome two-factor authentication… or not?

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to do that, check my free eBook here. 2FA requires something that you know (username and password) and something that you have (smartphone) in order to allow access to your account.Unless somebody gets all of them, they simply can’t steal your account. Until now… Alex MacCaw has published screenshots from a new scam appeared that is targeting Google users who have two-factor authentication enabled (2FA). It works like this:…


Self-driving car: security and liability

I read about Google’s vision of driverless cars. I like it, but I can’t stop to ask myself a few questions. Before that, Google’s driverless car just got its driver license 🙂 The NHTSA letter isn’t a ruling; it’s a clarification about how the agency will interpret the law in the future. You can read the full thing here (warning: It’s a mess), but the key part is below: As a foundational starting point for the interpretations below, NHTSA will interpret driver in the context of Google’s described motor vehicle design as referring to the SDS, and not to any…



Quoted in ECommerceTimes: Gmail to Warn Users of Unencrypted Email

Gmail to Warn Users of Unencrypted Email Author: Richard Adhikari   Quotes: The warning “will help in cases where hackers try to perform DNS poisoning while trying to infect or phish users visiting well-established websites,” security consultant Sorin Mustaca said.   Going with TLS is not necessarily the answer because “many emails would not reach their destination if the destination servers don’t support TLS,” security consultant Mustaca told the E-Commerce Times. Emails continue to be delivered because of opportunistic encryption. “Servers first try to establish a TLS connection and, if they don’t succeed, they continue communicating on unencrypted connections,” he explained.


There are also nice parts in giving information to Google. The result is … impressive.

I am logged in in the Chrome browser with my Google account. I have my birthday correctly added there, and yes, it is today… 🙂   Result:  A Google start page personalized for me. I have to say that I am kind of … impressed. Of course it is easy to do it with such much information. But to have this idea implemented is a great thing.   Good job, Google. And thanks.  


No Picture

Nest thermostat vulnerable because of “developer mode”

The Nest thermostat is a smart home automation device that aims to learn about your heating and cooling habits to help optimize your scheduling and power usage. Debuted in 2010, the smart NEST devices have been proved a huge success that Google spent $3.2B to acquire the whole company. However, the smartness of the thermostat also breeds security vulnerabilities, similar to all other smart consumer electronics. The severity of security breach has not been fully embraced due to the traditional assumption that thermostat cannot function more than a thermostat even though users are enjoying its smartness. Equipped with two ARM…


No Picture

Spam impersonating Google Support

I wrote already about spam impersonating various services just to make users click in order to visit a website. Most of the time, it is about online pharmacies. This time, it is Google’s Support impersonated, as if it would contact the user to restore damaged messages. I leave aside the fact the this is technically questionable. Same as last time, the links point to a .PL file (Perl script) which contains just a redirect to a Russian website. Last time it was bestpillgroup.ru, now it is curingpillsquality.ru. Not surprisingly, they point to the same IP address: 95.84.156.43 which seems to be inactive now….


No Picture

Enable two-factor authentication for the SSH on your Raspberry PI

I am a big fan of RPi and I allowed one of my RPis (I have 3) to be accessible from the Internet via SSH. But, I was stressed because somebody might do a DoS on my device with the intent to hack into it and this way would prevent me to access it. So, wanting to secure it, I researched a bit how to enable two-factor authentication for SSH. I don’t want expensive SMS services, actually I don’t want to pay anything at all. I found some great tutorials on the net, and here is my take on how…



By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close