Archive for the ‘Security’ Category

Show all wireless profiles & their security passwords on the Windows PC

May 20, 2017

Show all wireless profiles on the PC
At the command prompt, type:
netsh wlan show profiles

Show a security key
At the command prompt, type:
netsh wlan show profile name=“ProfileName” key=clear

 

Find & Show Wi-Fi Network Passwords from the Command Line in Mac OS X

Open Spotlight (Cmd+Space) and type terminal to open the Terminal window  or

Open the Terminal app from /Applications/Utilities/, then use the following command syntax to find and display the password for a specific wireless network:
security find-generic-password -ga “SSID” | grep “password:”

Customer Guidance for WannaCrypt attacks

May 15, 2017

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Further resources:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

SCDF’s “I Am Safe” e-learning programme

December 13, 2016

This is a 15-minute e-learning programme that will equip residents with skills and knowledge on what to do if you were caught in a fire, and how to administer improvised first aid skills. I encourage all of you to sign up for SCDF’s hands-on learning programmes that will equip you with more advanced lifesaving skillsets. Such lifesaving skills will be of great benefit during any emergency situation, as you will be able to help those in need prior to the arrival of the SCDF officers. – Mr Amrin Amin, Parliamentary Secretary for Home Affairs

Malware Gooligan breaches more than 1 million Google accounts on Android OS

December 2, 2016

Here’s the list of infected apps and more information about the Gooligan malware.

Am I affected?
Go to this URL to check if your Google account has been breached by entering the e-mail address associated to your Android OS device.

Currently, the only option for breached users is to flash the operating system on their infected device. Check Point recommends unfortunate users to seek out a certified technician to do a clean OS installation on the phone, and to change Google account passwords after the flashing process.

Source: Check Point (blog), BGR

iOS 9.3.5 to fix a critical security vulnerability

September 1, 2016

Apple last week (25 Aug 2016) released a patch for three bugs that could allow hackers to remotely jailbreak iPhones and steal messages, call information, emails, logs, and more—a dangerous threat for enterprises with sensitive data.

If you value your privacy, and you should, it would be a good idea to move to the iOS 9.3.5 update right now.

How to update the iOS Version (iPhones & iPads)

Open the Settings → General → Software Update → Download and Install

Top 10 Privacy Risks

April 23, 2016

Top 10 Privacy Risks (OWASP)
P1 Web Application Vulnerabilities
P2 Operator-sided Data Leakage
P3 Insufficient Data Breach Response
P4 Insufficient Deletion of personal data
P5 Non-transparent Policies, Terms and Conditions
P6 Collection of data not required for the primary purpose
P7 Sharing of data with third party
P8 Outdated personal data
P9 Missing or Insufficient Session Expiration
P10 Insecure Data Transfer

Top 10 Privacy Risks Countermeasures v1.0 (PDF)
Top 10 Privacy Risks Presentation (PPTX)

Enforcement and breach details

April 23, 2016

Enforcement and breach details, ST 23/04/2016

K BOX ENTERTAINMENT GROUP

The karaoke chain received the heaviest fine of $50,000 and was directed to appoint a data protection officer, a must-have under the law. The enforcement was for a data breach involving 317,000 customers, resulting in their names, contact numbers and home addresses being posted on file-sharing website pastebin.com in September 2014.

Lax security measures caused the breach. For instance, access to its computers was protected by weak passwords comprising only one letter of the alphabet.

FINANTECH HOLDING

K Box’s IT vendor was fined $10,000 for failing to update K Box’s systems with the latest, most secure software and for lax security procedures. For instance, the system administrator’s account password was simply “admin”.

(more…)

StageFright – How to Protect Yourself from it

July 28, 2015

Experts Found a Unicorn in the Heart of Android

Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.

These issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices.
Android and derivative devices after and including version 2.2 are vulnerable.

Disable MMS Auto-Retrieve to Prevent Attacks

Since the exploit works by sending an MMS that is automatically downloaded by your phone, the only way to prevent this attack is to set your phone to not automatically download MMS messages. The drawback here is that you’ll have to tap future MMS messages to download them manually, but it’s a small price to pay for security.

How to Protect Your Android Device From StageFright Exploit

Tell Your Friends: How to Protect Yourself from Android’s Biggest Security Flaw in Years

Check If Your Wi-Fi Network Router Is Hacked

March 31, 2015

Router Checker from F-Secure, a Web based tool that will quickly scan your router to see if the DNS requests being sent from your device are routed exactly as they should be or are those requests being sent off to some third party. No app to download, no plugins to install.

 

Is that your name, address, phone number in the dump?

March 16, 2015

Is that your name, address, phone number in the dump?
Grace Chng, The Straits Times, Sunday, Mar 15, 2015

{Extract}

What reporter found in trash bins.

The Sunday Times went to a number of high-rise office buildings in Raffles Place on a weekday afternoon, and found it easy to gain access to garbage bins which were kept in unlocked enclosures.

In the trash were many clean, printed documents and e-mail, including the following:

– A law firm’s business expansion plan, with personal details of lawyers it hoped to get on board, including their photographs, educational background and work history.

Under the Personal Data Protection Act, this is potential infringement because photos, names and professional information were disposed of improperly.

(more…)