Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Hardhead

Pages: [1] 2 3
1
Members Corkboard / Welcome Max
« on: February 04, 2017, 06:43:02 am »
Welcome Max to CoU!
Enjoy your stay here.  :)

Regards,
The Calendar of Updates Team

2
Posting Practice / Test
« on: August 23, 2016, 06:03:59 am »
Testing

3
Quote
Two anonymous researchers, who identified themselves as “my123” and “Slipstream”, recently exposed a serious design flaw in Windows’ Secure Boot that allows people to open locked devices with a golden key. The researchers claim their published findings prove encryption backdoors can be exploited, and that the golden key demands by governments and investigators endangers the security of all users.

Microsoft lists the following Windows versions as affected: Windows 8.1 (32-bit and 64-bit), Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10 and Windows 10 build 1511 (both 32-bit and 64-bit), and Windows Server 2012 and Windows Server 2012 Server Core Installation.

https://blog.vipreantivirus.com/important-news/major-flaw-found-windows-secure-boot/

4
Updates Talk / Use caution when updating to Windows 10 Anniversary Update
« on: August 15, 2016, 04:21:54 am »

5
Updates Talk / Vipre 2017
« on: August 09, 2016, 11:30:15 pm »
Also I forgot to add that yearly program updates are free too once you buy lifetime license at HSN.

6
This topic has been moved to [Updates Talk].

[https://calendarofupdates.org/index.php?topic=530.0]

7
Posting Practice / Test
« on: August 09, 2016, 04:57:21 am »
Testing link here.

8
Best Security Practices / Windows 10 "Protect Your Privacy and Data By Denying Microsoft Access"
« on: August 07, 2016, 07:16:19 am »
Windows 10 is an operating system that exists both on your PC and in Microsoft’s cloud — which means that a lot of your information ends up being stored and analyzed in the cloud. To protect your privacy and data, you can deny Microsoft access to much of what you view and create.

First, go to Settings and click on Privacy. There, you’ll find no less than 13 screens. Read everything carefully and disable anything that bothers you.

Next, consider deactivating Cortana. Although this voice-driven assistant is one of the niftiest features in the OS, it is a highly invasive product that tracks and records every word you type or say out loud.

Third, don’t allow Microsoft to personalize ads for you. To reduce Microsoft gathering information for advertisers to bombard you with ‘messages,’ go to this Microsoft webpage  set “Personalized ads in this browser” and “Personalized ads wherever I use my Microsoft account” to off.

9
Best Security Practices / Avoiding Social Engineering and Phishing Attacks
« on: August 07, 2016, 06:59:11 am »
What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

https://www.us-cert.gov/ncas/tips/ST04-014

10
Quote
Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker.

First reported at the RSA Conference in March, Skycure discovered a theoretical attack that involves the exploitation of two benign Android features that can be used together take complete control over a victim’s phone. Now researchers say they have figured a way to exploit more versions of the Android OS. Previously Skycure said 66 percent of Android devices were vulnerable to the attack. On Tuesday, Skycure reported the number is 95.4 percent or 1.34 billion devices.

https://threatpost.com/scope-of-gaping-android-security-hole-grows/118161/

11
Security & Technology News / Smart Phones Hacked Through Hidden Voice Commands
« on: August 07, 2016, 06:53:12 am »
Quote
A group of researchers from Georgetown University and UC Berkeley have demonstrated how voice commands hidden in YouTube videos can be used by malicious attackers to compromise smartphones.

https://www.helpnetsecurity.com/2016/07/11/hacking-smartphones-voice-commands/

12
Updates Talk / Cleaner Builds
« on: July 28, 2016, 04:32:39 am »
Not sure why but in builds link the slim version shows up but redirects to standard version download.

13
Release Date
05/31/2016


http://kb.netgear.com/app/answers/detail/a_id/30731

NETGEAR is aware of an Arlo WiFi default password vulnerability that generates an easily identifiable code that can allow hackers to log into the Arlo base station and capture traffic and images. The vulnerability can occur in the following circumstances:
•When a user performs a factory reset, causing the base station to generate an easily identifiable default passphrase.
•When a user removes the base station from their account using any of the Arlo user interfaces, the website or mobile apps.


 This vulnerability affects Arlo Wire-Free base stations that run firmware version 1.7.3_5005 or older. To check your firmware version, log in to your Arlo account and click Settings > About.

 NETGEAR plans to release firmware version 1.7.5_6178 by mid-June that will generate a secure unique default passphrase. When the firmware becomes available, Arlo Wire-Free base stations that are online will receive firmware updates automatically.

 After the firmware release, NETGEAR strongly recommends that you complete these steps to address the vulnerability:
1.Ensure that your Arlo Wire-Free base station software is upgraded to firmware v1.7.5_6178.
2.Perform a factory reset to the base station.
Important: You must perform a factory reset correctly for the security update to take effect.
 To reset the base station, visit https://community.netgear.com/t5/Arlo-Knowledge-Base/How-can-I-reset-my-Arlo-base-station-to-the-default-values/ta-p/1057976.
3.Add the base station back to the account if it was removed.
 To add the base station to the account, visit the Make Sure Your Base Station Has Not Been Deactivated and the Add Your Base Station Back to Your System portions of this site: https://community.netgear.com/t5/Arlo-Knowledge-Base/My-camera-will-not-sync-with-the-base-station/ta-p/995.
4.Re-sync the Arlo cameras that were removed from the account.
 To resync the cameras, visit the Sync your Cameras with the Base Station portion of this site: https://community.netgear.com/t5/Arlo-Knowledge-Base/How-do-I-set-up-and-sync-my-Arlo-Wire-Free-cameras/ta-p/987.

Note: If the recommended steps are not completed as described, the potential for the Arlo WiFi default password vulnerability will remain and hackers might be able to log in to the Arlo base station and capture traffic and images. NETGEAR is not responsible for any consequences that could have been avoided by upgrading the firmware as stated in this notification.

 

NETGEAR will update this KB article as more information becomes available.

If you have any security concerns, you can reach us at .

Note this is a link to all products below:

http://www.arlo.com/en-us/products/kit/


14
Vulnerability Report & Security Research / NetGear Web GUI Password Recovery and Exposure Security Vulnerability
« on: June 30, 2016, 01:38:43 am »

Release Date:
05/09/2016



http://kb.netgear.com/app/answers/detail/a_id/30632

Models and Firmware versions listed below:

Router Model and Firmware Version:
•R8500 v1.0.2.58_1.0.58
•R8000 v1.0.3.4_1.1.2
•R7900 v1.0.1.4_10.0.12
•R7300 v1.0.0.36_1.0.8
•R7000 v1.0.5.62_1.1.87
•R6900 v1.0.0.4_1.0.10
•R6700 v1.0.0.26_10.0.26
•R6400 v1.0.1.6_1.0.4
•R6300v2 v1.0.4.2_10.0.74
•AC1450 v1.0.0.34_10.0.16
•R6300 v1.0.2.78_1.0.58
•R6250 v1.0.4.2_10.1.10
•R6200v2 v1.0.3.8_10.1.6
•R6200 v1.0.1.56_1.0.43
•WNDR4500v2 v1.0.0.60_1.0.38
•WNDR4500 v1.0.1.44_1.0.73
•WNDR4000 v1.0.2.4_9.1.86
•WNDR3700v3 v1.0.0.40_1.0.32
•WNDR3400v3 v1.0.1.4_1.0.52
•WNDR3400v2 v1.0.0.48_1.0.75
•WNR3500Lv2 v1.2.0.34_40.0.75
•WNR1000v3 v1.0.2.68_60.0.93

 

Cable Gateway Model and Firmware Version:
•C6300 v2.01.14

 

DSL Gateway Model and Firmware Version:
•D6300 v1.0.0.96
•D6300B v1.0.0.40
•D6400 v1.0.0.44
•D6220 v1.0.0.12
•DGN2200v4 v1.0.0.66
•DGN2200Bv4 v1.0.0.68
•VEGN2610 v1.0.0.36
•V6510 v1.0.0.20


NETGEAR strongly recommends that you follow these two steps to remediate the vulnerability:
1.Manually enable the password recovery feature on your device.
 For more information, visit http://kb.netgear.com/app/answers/detail/a_id/20027/~/configuring-router-administrative-password-recovery.
2.Ensure that remote management is disabled.
 Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/.

The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.

NETGEAR is working on a firmware fix and will email the download information to all registered users when the firmware becomes available. To register your product, visit https://my.netgear.com/register/.

NETGEAR will update this KB article as more information becomes available.





15
Members Corkboard / Happy Fathers Day
« on: June 20, 2016, 05:47:29 am »
Hoping all Dad's had a great Father's Day.  :)

Yes I'm posting a little later but better late than no post at all.

Enjoy all Dads!!!  :)

Pages: [1] 2 3