Tags Posts tagged with "security"

security

223
A password is not very useful if someone can simply crack it by guessing or by looking over your shoulder.

Passwords are your first line of defence against any internet threat. Sadly very few people recognise this fact.  Though the passwords are not the perfect security solution, if you put in some more effort they can provide a great security boost to your online and offline systems.

In any case, a password is not very useful if someone can simply crack it by guessing or by looking over your shoulder. So, here are some security tips that can be kept in mind while compiling a high security password.

  • You can use a password manager to create a password: A good password manager can create strong and unique password for any and all of your accounts. This means that if one of your passwords is leaked in a data breach any person with a harmful intent would still have to struggle with other online services and subscriptions. The best password managers are those which sync across desktop and mobile. You could even remember just one key, rather than having to memorize more than dozens of long and complicated passwords.
  • Choose a longer password: In the case of passwords’ security, length matters more than the complexity of the combination. Once you have extended it to 12-15 character range, it will become way harder for a hacker to guess or crack it solely on the basis of brute force. And try to use some special characters rather than using the name of your favourite band.
  • You can keep the special characters apart: You have to keep in mind not to bunch together special characters like !,@,#,$,% etc. This is exactly what people do and this means that this is what the potential threats are looking for. To make the guesswork extra tricky you have to space them apart.
  • Don’t change the passwords too regularly: This is a tricky one. But keep in mind that the less often you change your password, the less likely you are to forget it. You may even fall into a pattern, like changing only a number at the end each time you update your password. This only makes it easier to crack the password.
  • Single purpose passwords only: At the very least you need to make sure that you don’t use the same passwords across different online services and accounts. If you do this then a retailer breach that you have no control over could cost you your most confidential banking password.
  • Never to trust your browser with passwords: A convenient shortcut that everyone falls into habit of using is to let your browser remember them for you. You must have seen the option yourself. I can even bet that you use it on at least one site. Don’t use it anymore. The option for the browser to remember the passwords is really convenient, but the taxing of security is very high. If you really need a free and easy option, go with a good and respectable password manager instead of trusting everything to your browser.
  • Enable OTP protection wherever it is possible: In these days of ever increasing online security threats, not even a password is enough to safeguard your privacy. Many of the services like, commercial banks, Google, etc. offer another layer of protection. This protection can come in the form of a numeric code that is sent to your phone via SMS. This is more than enough for most people. Just keep in mind that this is also not completely foolproof.

 

-Archit

 

 

1016
This newly disclosed vulnerability can cause instability and even system crashes.

On Monday, November 20, Intel released an advisory for security listing latest vulnerabilities in Management Engine of its Intel remote administration feature. It also includes bugs in the remote server management tool. Intel has found the vulnerabilities after going through a security audit. It has very recently published a ‘Detection Tool for Windows and Linux administrators’ so that they can check their systems and find out if they’re exposed.

The Management Engine is a subsystem that acts independently of the microprocessor on Intel chipsets. This ME allows users to control their devices remotely for any and all types of functions, from downloading updates to troubleshooting their device. Since this engine has extensive access and control over the main system, flaws in it can give the attackers a powerful breach to exploit. Some security advisors have even called it an unnecessary security hazard.

As with previous bugs, almost all of the recently issued Intel chips are impacted. This has affected servers, PCs, and many other devices. For resolving the issue, Intel has provided updates to manufacturers, but the customers will need to wait for their hardware companies to roll out the fixes.

This newly disclosed vulnerability can cause instability and even system crashes. They can also be used to impersonate the Engine, the Server Platform Services, and Execution Engine in order to erode security verifications. If exploited, this vulnerability can operate your system separately from the main device, which means that many engines wouldn’t even recognise an attack on the system. Even now, the full impact of this vulnerability isn’t clear, because of the little amount of information that Intel has released.

A ray of sunshine in the otherwise looming dark clouds is that most of the vulnerabilities require a local access to exploit. This means that someone has to have their hands on such a device to breach through the security.

 

-Archit

 

155

The flagrant incident of assault of a young women journalist including an other woman at the ITO metro station last Tuesday, being third in a row in a week’s time has shaken the confidence of the women metro commuters of Delhi.

Such an outrageous incident of a young journalist’s assault at a metro station just less than fifty metres away from the police headquarter definitely puts a strong question mark on the claims of women’s security in the capital and its metro stations.

If a woman in the heart of the city surrounded by police headquarter and newspapers’ offices of repute is not safe at 9.30 PM and that too a journalist, who showed exemplary courage to bravely counter the assault attempts and lodge an FIR despite being alone, having to wait for one hour just imagine what would be the fate of those shy and insecure women who daily face such assaults and stalkers but fail to report matters of constant harrasments due to the apprehension of repraisals of these goondaas or the tardy action taken procedures of the authorities concerned.

Hats off to this courageous journalist who not only fought with the criminal valiantly but also acrimoniouly chased him making him badly frieghtened who was later on caught after two days of police’s serious investigation, procuring the CCTV footage and enquiring from hundreds of nearby vendors and strangers.

The culprit who was a local tea seller is now in 14 day police custody under the relevant sections of the law. The Delhi Commision of Women has taken a suo.motto cognisance of this serious matter and have issued notices to the DMRC to submit it the detailed report about such shameless incidents of women assaults and harrasment till date.

Sounds shocking and anguishing that a station like ITO dosen’t have police petrol in the nearby vicinity as well a inside the station to check the antecedents of such anti social elements frequenting in and out at times in inebriated condition with a bad intent to molest women and young girls.

Delhi metro despite having CCTV cameras all over fails to monitor such serious act of a women’s molestation and no policemen or the para military trooper comes to her rescue, sounds unusual and definitely reflects on the poor vigilantism inside the stations where women seem to be vulnerable.

Metro ferries 25 to 30 lakh passengers daily to different parts of the capital and the NCR and is considered to be the lifeline of the Delhites but unfortunately over the past two years, while its fares have been increased manifold, putting extra burden on the squeezed pockets of its commuters it has been felt and visualized that incidents of pick pockets, mollestations, eve teasing are on the rise.

May be the reporting pattern by women complainants is not very encouraging due to different compelling reasons and circumstances. There have been incidents when male commuters enter from the women compartment ruthlessly and stand in close proximity which is higly objectionable and uncalled for.

Even in general compartment some youngsters try to deliberately rub shoulders with girls and women and on objecting either say sorry pretending to be gentlemen or retaliate. This is because there is dearth of police petrolling inside trains and in the station premises.

In order to check and counter such dubious elements the security apparatus including those manning the CCTV part should be made more alert, attentive and answerable and petrolling increased manifold.

If the metro authorities have the guts to increase the fares of its commuters manifold, twice in just past six months, despite repeated opposition and criticism by the general public and the Delhi government it should also exhibit and ensure its performance on security front and well as looking after the convenience of its valued commuters.

Today, you go in any metro station, except few, in majority of the stations one or two token counters function and the queue of the token seekers in long and unending but the staff seems to be least bothered for the convenience of its valued commuters.

Majority of the pedestrian escalaters are out of order. This is so because the Delhi metro has never valued its commuters’ inconvenience as it perhaps thinks that it’s the cimpulsion of the Delhites to travel by it, despite all odds.

The CMD of the DMRC is urged upon to take serious note of all these lapses on the part of the metro and ensure the fullest safety and security of its commuters, particularly the most vulnerable women community using its services. WHAT DO YOU SAY FRIENDS?

SUNIL NEGI

606
Running your own site which is WordPress based is a considerably hectic job. It is time-consuming to ensure that WordPress and its 3rd-party plugins always remain up-to-date and are working properly to fend off any attacks.

Millions of websites that are running WordPress are being strongly advised to update to the latest version of the highly popular content management system as quickly as possible, after a serious security breach was uncovered recently on 1st November, 2017.

Anthony Ferrara discovered this flaw in WordPress, and said, it was a significant SQL-Injection vulnerability that was fixed in WordPress 4.8.3. And if the users haven’t t updated their version of WordPress they are strongly advised to do so, as soon as possible.

It is ironic that, the last month release of WordPress 4.8.2 was actually intended to protect it against the very same vulnerability, but according to Anthony Ferrera, it actually resulted in breaking a lot of websites and didn’t succeed in fixing the root issue.

Ferrera said that he had informed the WordPress team of this problem straight after the release of version 4.8.2, but he was effectively ignored by the security team for several weeks.

According to Anthony Ferrera, this newly-released 4.8.3 security update indeed thankfully mitigates the problem, but in his recent blog post about his interactions with the WordPress’s security team, he said that, any security report should be treated as quickly as possible. He said that, it sometimes means that every second counts and sometimes doesn’t, but the tech support needs to show attention. They need to show that they have read what’s submitted in a report.

Anyone who needs to download the latest version of WordPress (4.83) can get it from the WordPress website, or they can just go to Dashboard / Updates on their admin consoles and simply choose “Update now”.

Some of the WordPress installations support automatic background update, this means that they should have already updated themselves to the latest version of the WordPress.

Automatic updates are usually not for everyone, and many site admins who work inside organisations are wary of updating new versions of software on their web servers. This is because they want a chance to test if the update will introduce any new problems or not.

The truth is that there are many websites out there, which are still running older and vulnerable versions of WordPress. This may or may not be the only breach that could be exploited.

Running your own site which is WordPress based is a considerably hectic job. It is time-consuming to ensure that WordPress and its 3rd-party plugins always remain up-to-date and are working properly to fend off any attacks.

The chances of having your own site being hit by hackers can be reduced if you put a web application firewall in place. This firewall will attempt to filter and block any malicious web traffic before it has a chance to exploit any weaknesses in the system.

It is worth mentioning that websites which are running self-hosted versions of WordPress from wordpress.org are very different from the millions of blogs which are run on wordpress.com. WordPress.com is run by Automattic and it manages the installation of WordPress for you, and also looks after security on your behalf.

Even when there are some limitations on what the website owners can do, they can always be sure that they are fully updated and are running the latest version released by WordPress.

 

-Archit