Leigh

So You Think You’re Secure…?

The UK government GetSafeOnline website offers free advice and tells its users, “so now you really can stay safe with everything you do online.” Buy a Windows-based computer and the likelihood is it will arrive with pre-installed anti-virus software, often McAfee (part of Intel, which produces the processor chips most usually found on Windows computers). … Read more

Apple Alert! The Walled Garden is Breached

Well, it finally happened. Long touted as an alternative both more secure and more entertaining than Android, Apple’s infamously locked-down marketplace has finally suffered a major breach. How did this happen, who is affected, and how much should we be panicking? Xcode — Ghosted The breach centers around Apple’s integrated development environment (IDE), known as … Read more

After The Breaches: The Even Worse News About The Chinese Hacks

For the past year, newspaper headlines have screamed about major data breaches at big retailers (Target), huge health insurers (Anthem), and big government (the United States’ Internal Revenue Service, also the massive breach of employee records at the Office of Personnel Management, OPM). Note:  there may be more press coverage of hacks in the United … Read more

Hijacking Safari 4 Top Sites with Phish Bombs

It is extremely important to keep your software updated, particularly your web browser.  By way of example, consider older versions of the Safari Browser. One of the features of Safari is the “Top Sites” function, which stores a user’s favorite and most visited web sites.  Prior to version 4.0.3 though, the “Top Sites” function was … Read more

Hacking CSRF Tokens using CSS History Hack

Cross-site scripting, or XSS, is a well-known cybersecurity risk that allows malicious users to take control of, and exploit a user’s system. Another security risk is Cross-Site Request Forgery (CSRF, or “sea surf”).  This risk allows someone to execute functions within a user’s authenticated session, thus the “forgery” portion of the name. These two risks … Read more

Pwning Opera Unite with Inferno’s Eleven

One of the Opera Internet browser’s older functions, which has now been phased out, was Opera Unite.  Opera Unite allowed a browser to act as both a client and a server, allowing a user to receive web content and present web content, using the same browser. Although this feature was popular because it was easy … Read more

Cyber Threat Alert – “Masque Attack” Affects iOS Devices

One of the most recent vulnerabilities facing cyber systems today is called the Masque Attack. This vulnerability, which affects Apple iOS systems, was identified by the United States Computer Emergency Response Team (CERT), which is part of the U.S. Department of Homeland Security. CERT released a formal alert for the Masque Attack vulnerability on November … Read more