google


Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of http://sorinmustaca.com/, Google has detected that your site is currently running WordPress 4.7.0 or 4.7.1, an older version of WordPress. Outdated or unpatched software can be vulnerable to hacking and malware exploits that harm potential visitors to your site. Therefore, we suggest you update the software on your site as soon as possible. Following are one or more example URLs where we found pages that have outdated software. The list is not exhaustive. http://www.sorinmustaca.com/set-up-an-ad-filter-with-privoxy-on-raspberry-pi-for-free/ Recommended Actions: 1 Update to the latest release of WordPress Visit the WordPress site for instructions on how to download and install the latest release. WordPress Update…


How clever social engineering can overcome two-factor authentication… or not?

If you have a Google account you must have two-factor authentication enabled in order to prevent anyone to use your account by just having your username and password. If you don’t know how to do that, check my free eBook here. 2FA requires something that you know (username and password) and something that you have (smartphone) in order to allow access to your account.Unless somebody gets all of them, they simply can’t steal your account. Until now… Alex MacCaw has published screenshots from a new scam appeared that is targeting Google users who have two-factor authentication enabled (2FA). It works like this: You receive an SMS pretending to come from Google requesting you to reply via SMS immediately with the code you receive from the real Google. Or, if you were not convinced, there is even a better version available:   I will try to hack my own GMAIL account, just to see how hard it is.   This is how Google tries to help to get your password reset: Select option 1 2. Select a recovery email address to receive a code: 3. Click on “Verify your identity” above Whoa… I don’t remember the second one …  But the first one is definitely…


Self-driving car: security and liability

I read about Google’s vision of driverless cars. I like it, but I can’t stop to ask myself a few questions. Before that, Google’s driverless car just got its driver license 🙂 The NHTSA letter isn’t a ruling; it’s a clarification about how the agency will interpret the law in the future. You can read the full thing here (warning: It’s a mess), but the key part is below: As a foundational starting point for the interpretations below, NHTSA will interpret driver in the context of Google’s described motor vehicle design as referring to the SDS, and not to any of the vehicle occupants. We agree with Google its SDV will not have a driver in the traditional sense that vehicles have had drivers during the last more than one hundred years. The trend toward computer-driven vehicles began with such features as antilock brakes, electronic stability control, and air bags, continuing today with automatic emergency braking, forward crash warning, and lane departure warnings, and continuing on toward vehicles with Google’s SDV and potentially beyond. … If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the driver as whatever (as opposed to…



Quoted in ECommerceTimes: Gmail to Warn Users of Unencrypted Email

Gmail to Warn Users of Unencrypted Email Author: Richard Adhikari   Quotes: The warning “will help in cases where hackers try to perform DNS poisoning while trying to infect or phish users visiting well-established websites,” security consultant Sorin Mustaca said.   Going with TLS is not necessarily the answer because “many emails would not reach their destination if the destination servers don’t support TLS,” security consultant Mustaca told the E-Commerce Times. Emails continue to be delivered because of opportunistic encryption. “Servers first try to establish a TLS connection and, if they don’t succeed, they continue communicating on unencrypted connections,” he explained.


There are also nice parts in giving information to Google. The result is … impressive.

I am logged in in the Chrome browser with my Google account. I have my birthday correctly added there, and yes, it is today… 🙂   Result:  A Google start page personalized for me. I have to say that I am kind of … impressed. Of course it is easy to do it with such much information. But to have this idea implemented is a great thing.   Good job, Google. And thanks.  


No Image

Nest thermostat vulnerable because of “developer mode”

The Nest thermostat is a smart home automation device that aims to learn about your heating and cooling habits to help optimize your scheduling and power usage. Debuted in 2010, the smart NEST devices have been proved a huge success that Google spent $3.2B to acquire the whole company. However, the smartness of the thermostat also breeds security vulnerabilities, similar to all other smart consumer electronics. The severity of security breach has not been fully embraced due to the traditional assumption that thermostat cannot function more than a thermostat even though users are enjoying its smartness. Equipped with two ARM cores, in addition to WiFi and ZigBee chips, this is no ordinary thermostat. In the Blackhat presentation, the three researchers demonstrated how to fully control a Nest with a USB connection within seconds (plug in a USB for 15 seconds and walk away with a fully rooted Nest). This way, Google’s Nest thermostat, poster-child for its Internet of Things ambitions and data collector of your home habits, gives root access to anyone with a USB drive and a quarter-minute to spare. Read the full abstract of the paper here . While their attack needs physical access to the devices for “ten to 15…


No Image

Spam impersonating Google Support

I wrote already about spam impersonating various services just to make users click in order to visit a website. Most of the time, it is about online pharmacies. This time, it is Google’s Support impersonated, as if it would contact the user to restore damaged messages. I leave aside the fact the this is technically questionable. Same as last time, the links point to a .PL file (Perl script) which contains just a redirect to a Russian website. Last time it was bestpillgroup.ru, now it is curingpillsquality.ru. Not surprisingly, they point to the same IP address: 95.84.156.43 which seems to be inactive now. If you click on the links, you will see the WhoIs domain information. They are registered with the same admin-contact and are in different areas of the world.     We sent you a message. 6/16/2014 4 damaged messages was restored and re-sent to you. View messages We hope you found this message to be useful. However, if you’d rather not receive future e-mails of this sort, please opt-out here.                                   I can’t say anything right now about the end website because it is offline….


No Image

Enable two-factor authentication for the SSH on your Raspberry PI

I am a big fan of RPi and I allowed one of my RPis (I have 3) to be accessible from the Internet via SSH. But, I was stressed because somebody might do a DoS on my device with the intent to hack into it and this way would prevent me to access it. So, wanting to secure it, I researched a bit how to enable two-factor authentication for SSH. I don’t want expensive SMS services, actually I don’t want to pay anything at all. I found some great tutorials on the net, and here is my take on how to enable this great service via Google’s open-source Authenticator. Google provides the necessary software to integrate Google Authenticator’s (GA) time-based one-time password (TOTP) system. You can couple GA with an SSH server. After this, you’ll have to enter the code from your phone when you connect additional to the username and password. GA doesn’t connect to Google as far as I can see in the code https://code.google.com/p/google-authenticator/. You will have to use the PAM module which is available in Raspbian’s repository. The PAM module can add a two-factor authentication step to any PAM-enabled application. It supports: Per-user secret and status file…


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close