charisstoma

Prompt - magic gone wrong?

Sat, 16 May 2020 08:07:59 GMT

Did it used to be a monitor?
Oh the IT Dept is going to have a fit about this.

For some of us computer tech is magic. There are spells you have to learn. useful example: ctrl/alt/delete

comments

Computers

Sun, 08 Mar 2020 06:26:53 GMT

comments

The Long Wait

Fri, 11 Oct 2019 23:08:35 GMT

comments

How to Update Google Chrome 2018

Thu, 07 Mar 2019 18:37:26 GMT

This is more recent:
The fix is included in Chrome 72.0.3626.121 for Android and desktop platforms.
https://www.androidpolice.com/2019/03/06/update-your-browser-right-now-google-releases-fix-for-zero-day-exploit-in-chrome/

And then there's...
https://www.welivesecurity.com/2019/03/07/latest-chrome-update-plugs-zero-day-hole/

Google has revealed that the update for Google Chrome,
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
, rolled out late last week, addressed a security hole that attackers were already exploiting in the wild.

“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the company noted in an update on Tuesday after initially releasing the advisory last Friday. Also on Tuesday, a tweet by leading Chrome security engineer Justin Schuh added urgency to the issue: “[Like], seriously, update your Chrome installs… like right this minute”.

The vulnerability that affects the browser in Windows, Mac, and Linux was reported by Clement Lecigne of Google’s Threat Analysis Group on February 27.

The security hole is a “use-after-free” memory corruption bug in the browser’s FileReader API, a browser component intended to enable web apps to read locally stored files. That said, exploitation of the vulnerability can result in more damage than the API’s name might imply. As revealed by a note by the Center for Internet Security (CIS), attackers may ultimately be able to remotely execute arbitrary code on the targeted system:

“Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” reads the note. The zero-day can be triggered when a user is lured to a specially crafted web page.

In light of all that, users are advised to update to Chrome version 72.0.3626.121 if they haven’t done so already. Arguably the easiest way to check if an update is pending is to type chrome://settings/help into the browser’s address bar and, if your browser is indeed out of date, follow the prompts.

comments

DNS not responding

Thu, 18 Oct 2018 22:51:56 GMT

Yes, yes... I know I won't be able to watch this if I've no internet.
But I can transcribe it later on another computer.

comments

This is available to the public

Fri, 16 Mar 2018 02:01:02 GMT

https://www.us-cert.gov/ncas/alerts/TA18-074A

Alert (TA18-074A)
Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors Original release date: March 15, 2018

Systems Affected
Domain Controllers
File Servers
Email Servers

Overview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

For a downloadable copy of IOC packages and associated files, see: Go to the original link above.

Description
Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. [1] (link is external)

This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”( Read more... )

comments

Ah security

Thu, 08 Mar 2018 14:34:39 GMT

Stolen from one of those places that takes money, who is one of those 'asking for a friend' and helps keep me safe or pays me back. They've treated me well.

You’ve probably seen this phrase a bunch over the past few years: “Your password must contain one letter, one number, one symbol, a never-ending math equation and your DNA.”

The key to more secure passwords — and more memorable ones — is to focus on length rather than complexity. Push out your password past 12 to 15 characters to outsmart cybercriminals who use automated programs to cycle through passwords. The longer the password, the harder it will be for them to crack the code.

But make it easy by using a line from a favorite song or a quote from a movie. You can create a sentence about your family that will make you smile every time you use it.

“Attackers have automated programs that combine dictionary words until they find the right pattern,”
So mix in a number or a punctuation mark. “The key is to put it in a nonobvious place,” he says. “A period at the end of a sentence? Probably not a good idea. But a period between the first and second words is much better.”

Four More Sanity-Saving Tips for Passwords That Are Hard to Hack

1. Don’t count on special characters to save you. You can throw a few hash marks or an exclamation point onto the end of a short password, but it’s still a short password, and that makes it easy to crack. Bottom line: A short but complex password isn’t as safe as a long one.

2. There’s safety in variety. Don’t use the same password for all your accounts unless you want that jerk who broke into your Facebook to have access to your bank account, too.

3. Set up a password safe. Free software programs such as Password Safe (Windows only) let users store all their passwords inside a single encrypted site protected by a master security code.

4. Two factors are better than one. For an extra layer of protection, use two-factor authentication if it’s available, which requires a code in addition to a password to access your accounts. A mobile app like VIP Access or Google Authenticator generates a unique code every 30 seconds. You have to enter the code when you log in to an account, so even if a crook has your password, he can’t access your account without the code.

comments

When The Things Go Wrong

Tue, 16 May 2017 18:56:36 GMT

Title: When Things Go Wrong
Author: charisstoma
Word count: 526
And yes all this did happen.

Two weeks ago the circulation system had gone down. That meant no books checked out except via the downloaded circulation program, named Remote Destiny. Yeah it was remote… far from reality remote and destiny …. Aaden rolled his eyes.

Yesterday the powers that be had responded to the ransomware attacks that were going on globally and pushed through the patch to fix it. That patch gave you 15 minutes to save your work while it was downloading and then click, it restarted your computer.
Why was there a restart button under the download progress bar if it automatically restarted right after the download finished? Aaden sighed in remembrance because of course that was when teachers started sending students to the Library to return and check out books. Books that could have neither done to them, because the configure part of the download was as long and more aggravating than the tension of the download itself. Still if it did the trick … Please, please let it do the trick of protecting his computer.

So at the end of the day, of the awful day of configuration, when the computer techs showed up and worse went into the closet to see where they were going to replace the computer hub, he knew that it was indeed the advent of the apocalypse. Okay maybe only the end of the school year’s approach. If ever there was going to be a time of things going wrong it seemed to always be at the time before the long summer vacation. Heaven forbid that the system come down and be fixed during the Summer Break when they could fix things without interfering with his Library’s circulation.

It Is the apocalypse.
Aaden looked at his circulation computer. They were supposed to have had it all done by 11:00 the night before. He had a computer that luckily had a tower. The other monitors were computer stations hooked into a server way away at another building. There was no internet access. The stations were boat anchors for all the good they could do.

Aaden sighed, there wasn’t much else he could do. If he wanted to call someone to report a problem or contact a teacher to tell her that one of the Chromebook that was out to be fixed had been returned he couldn’t. Someone had thought it a great idea to have the computers and the phones linked on the same internet system. When one went down so did the other. You couldn’t use your personal mobile phone to call the office or any room in the building. The phone you were calling was not available… beep, beep, beep.

Technology was a curse. An evil curse that suckered you into needing it, and then it didn’t work. Someone needed to work on a foolproof spell to magically ensure that the technology continued to do what it was designed to do. And as soon as the phone/internet came back he’d research that magical business person. They Had Better Exist.

On the other side of the world, Gervais felt a foreboding tingling. Someone was going to try to make him do the impossible.

Part 2 "http://charisstoma.livejournal.com/1289081.html"

comments