BCC - Bernstein Computer Consultants

When you last did a presentation, did you take into account that some of your audience might be colour blind?

meganbernstein : I will develop industry specific digital business models for $50 on www.fiverr.com

Looking for mobile or web app solutions? Get in touch with digi-UX
www.digi-ux.com

fiverr.com For only $50, meganbernstein will develop industry specific digital business models. | I specialise in Digital Strategy Consultancy, Business Model Designand Platform Solutions focused on and digital transformation with industry specific platformsolutions for1. Hospitals needing patient applications...

Scan and Save!

Take advantage of our discount

http://www.bcc.co.za/Sophos/Sophos%20Home%20version.htm

bcc.co.za Leading anti-malware publishers, Sophos, have produced a sophisticated product, designed to protect your home computer from being infected by viruses, ransomware, phishing and other undesirable malware.

Geoffrey A. Fowler - Password managers have a security flaw. What to do about it

Password managers have a security flaw. What to do about it
By Geoffrey A. Fowler The Washington Post Published Feb. 20, 2019
A new study has identified security flaws in five of the most-popular password managers.
Now for some counterintuitive advice: I still think you should use a password manager. So do the ethical hackers with Independent Security Evaluators who came to me with news of the flaws - and other security pros I spoke to about the study, published Tuesday. You wouldn't stop using a seat belt because it couldn't protect you from every kind of vehicle accident. The same applies to password managers.
But the research, which finds password manager users are vulnerable to targeted malware attacks, does shine a light on ways to bolster our defenses. And it speaks to a bigger truth that gets lost in headlines about breaches and bugs: Online safety isn't about being unhackable, it's about not being the lowest-hanging fruit.
Password managers are programs that keep all your login details in an online safe-deposit box. They're critical tools for staying safe because the No. 1 most annoying thing about the internet - passwords - leads people to make the No. 1 security mistake - reusing passwords. Hackers know we do this, so they take passwords from one breached site and then try them on lots of others. Using a program to keep track of all your unique passwords takes some adjustment, but they're getting simpler and can make logging into things faster.
The question that's haunted these programs is: How is it possibly safe to put all your passwords in one basket? If someone steals it, you're hosed.
For accountability's sake, audits like the new one by ISE are important. It found the Windows 10 apps for 1Password, Dashlane, KeePass, LastPass and RoboForm left some passwords exposed in a computer's memory when the apps were in "locked" mode. To a hacker with access to the PC, passwords that should have been hidden were no more secure than a text file on your computer desktop. (The researchers only studied Windows apps, but say it may affect Apple Macs and mobile operating systems, too.)
1Password, LastPass and Roboform even exposed master passwords, used to unlock all your other passwords. "The 'lock' button on password managers is broken - some more severely than others," said lead researcher Adrian Bednarek.
The companies had a range of responses. LastPass and RoboForm told me they would issue updates this week. Dashlane said it had documented the issue for some time and been working on fixes, but it has higher-priority security concerns. KeePass and 1Password shrugged it off as a known limitation with Windows and an accepted risk.
Casey Ellis, the founder of Bugcrowd, a site for researchers to report vulnerabilities, told me companies have to weigh the risk of each discovered bug and figure out what to prioritize. "Password companies have some of the highest standards of security, and folks should be able to sleep pretty well at night knowing that these companies are taking concerns seriously," he said. "Vulnerabilities aren't mysterious - they're a product of the fact that people aren't perfect - and finding them is a good thing."
Why isn't this a pants-on-fire issue? Because at the moment, we're ahead of the threat. There's no evidence hackers are targeting the PCs of individual password manager users. The question is: How long will that last?
Yes, there is risk in storing all your passwords in one place with a password manager. But it's helpful to look at the risk like a hacker: There's no "safe" and "unsafe." There's "safer than," or "better than." Being 100 percent safe would require disconnecting from the Internet and moving to an undisclosed bunker.
Assuming the bunker isn't an option for you, your choices are: Reusing passwords or trusting a password manager.
The latter certainly wouldn't be safer if password manager companies were exposing millions of our passwords at once through breaches of their servers. The companies encrypt our secrets, and don't store our master passwords used to unlock the encryption. If their servers do get hacked, the data is gobbledygook without the master password only each individual user knows. (So choose a unique master password, never share it with anyone, and definitely don't forget it.)
The bug ISE found raises a different kind of risk: passwords exposed on the memory of individual users' PCs. Any exposure "puts users' secret records unnecessarily at risk," Bednarek wrote in his report. But this discovery is nowhere close to our worst-case scenario. To peer into your PC's memory, a hacker would likely either need to be sitting at your computer or trick you into installing malware that has control over your computer.
Hackers typically prefer mass attacks rather than going after individuals, unless it's an extremely high-value individual. For mass attacks, there's much lower hanging fruit ... such as all those people still reusing passwords.
The worry for Bednarek: As more people use password managers, malware makers might start targeting their PCs to steal passwords. Multiplied over millions of password manager users, a low risk to the individual could turn in a large number of exposed passwords. He says his goal is to "establish a reasonable minimum baseline which all password managers should comply with."
The companies said malware isn't just a risk to password manager users. A hacker with access to your computer might also make use of code such as a key logger that slurps up all your activity - at which point, using a password manager is not your only problem.
The companies and the researchers also disagree over how much they can do about the memory leak problem without fundamental changes to operating systems. Dashlane's CEO Emmanuel Schalit said local memory attacks are still a hypothetical concern. "It is more important for us to work on strengthening even further core components of our server infrastructure or cryptography, because this has a more material impact on our users' security," he said.
Both sides agree on one thing: Your personal devices are the weak link. It's a lot harder for a password manager - or any software - to protect your valuable data if the computer you're working on is compromised.
So make yourself not worth hacking by:
• Updating your software religiously: New versions contain very important security patches.
• Checking your computer for malware. I recommend Malwarebytes for Windows and MacOS.
• Being very careful about installing software that comes from places other than Microsoft, Apple and Google-managed app stores. Say no to Web browser extensions and pop-up messages.
• Not storing extremely valuable secrets such as bitcoin private keys in password managers. The other lesson from the new research is in how the password managers handled the problem. "They all are not created equal," said Bednarek. Dashlane and KeePass did the best job at protecting master passwords in the computer's memory. Dashlane remains my top-choice password manager for consumers, even though it's also the most expensive.
I also learned from how seriously they responded to ISE when Bednarek contacted them - and to me when I followed up. KeePass dismissed it as old news, and RoboForm had little to say. Dashlane put me on the phone with its CEO. 1Password's Chief Defender Against the Dark Arts sent me lengthy emails. LastPass had me speak with its top technical executive - but it also got Bednarek banned on Bugcrowd, the site for researchers to report flaws, because he disclosed the bug to me.
Troy Hunt, a security expert who runs the compromised-passwords database haveibeenpwned.com, says password managers ought to be as resilient as possible. "If the outcome of this is that impacted password managers further strengthen their security posture then that's a good thing," he said. "So long as it doesn't scare off their users."
Read more at http://www.jewishworldreview.com/0219/password_managers.php3 .99

jewishworldreview.com    

How to Spot and Avoid Credit Card Skimmers

pcmag.com Criminals can easily capture your credit and debit card information with small devices called skimmers and their even more insidious cousins, shimmers. Don't fall victim to these sneaky attacks!

Microsoft Engineer Installs Google Chrome Mid-Presentation After Edge Kept Crashing - Buscar con Google

google.co.za

www.whereisroadster.com

whereisroadster.com

NASA Is Finally Removing This Creepy And Broken Robot Astronaut From The ISS

It's not only your PC that needs to be fixed.

But then NASA never asked BCC for support! 😁😁😁😁

sciencealert.com The International Space Station is a science facility, so it's no surprise that experiments occasionally fail.

From tomorrow, Google Chrome will block crud ads. Here's how it'll work

theregister.co.uk Consider it a wakeup call for websites – it's time to end the scourge of awful banners

Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery

So, even if you have been a ‘good boy’ and paid your ransom, your ransomer may not get paid!

theregister.co.uk Of course this does nothing for victims' encrypted files

Acronis Ransomware Protection free

Do you want FREE protection from Ransomware and other viruses?

These two products offer such protection.

Acronis long been known as a leader in backup software, is now offering this free behaviour monitoring tool which can be used in conjunction with your anti-virus software

https://www.acronis.com/en-eu/personal/free-data-protection/

Immediately stops ransomware attacks
If a process is caught trying to encrypt your files or inject malicious code into your system, Acronis stops it before any damage is done. You’re instantly notified that something suspicious was found. Then you can either block the activity or allow it to continue.

Now, how about a full version top of the line anti-virus tool?

Simple. Effective. Free.
Sophos Home protects every Mac and PC in your home from malware, viruses, ransomware, and inappropriate and malicious websites. It uses the same award-winning technology that IT professionals trust to protect their businesses. Best of all, you can manage security settings for the whole family—whether they’re down the hall or across the world.
Visit https://home.sophos.com/

acronis.com

Intel Meltdown patches pulled with little explanation

searchsecurity.techtarget.com

Today in bullsh*t AI PR: Computers learn to read as well as humans (no)

Is a search engine Artificial Intelligence? I don't think so.

theregister.co.uk Nice tech, but shame on Microsoft, Alibaba's spinners

Brit transport pundit Christian Wolmar on why the driverless car is on a 'road to nowhere'

Are driverless cars really viable?

theregister.co.uk A multi-billion dollar hype built on gullibility, says railway man

BCC - Bernstein Computer Consultants

Who's Apples worst enemy?

Who's Apples worst enemy?

news.softpedia.com

Facebook bug could have exposed your phone number to marketers

nakedsecurity.sophos.com Self-service ad-targeting tools could have squeezed users’ phone numbers from their email addresses… verrrrry sloooowly.

Apple throttles iPhones with dying batteries

mybroadband.co.za iPhone users have begun racing to courthouses, infuriated by an Apple Inc. software update that slowed down the operation of their smartphones.

SpaceX Just Launched a Completely Recycled Spacecraft For The First Time in History

Impressive!!!

sciencealert.com Today is a monumental day in SpaceX's history. For the first time ever, the spaceflight company flew a mission using mostly refurbished technology.

Hackers' delight: Mobile bank app security flaw could have smacked millions

How safe is your bank's app?

theregister.co.uk Certificate pinning unpicked

Client's server hit by Ransomware on Thursday night.

Rebuilt the machine from the daily backup which had run that evening and saved to external drive.

Client's company will be functional on Monday morning.

It pays to run regular backups!

Interview: Walking a mile in former Mythbuster Jamie Hyneman's electric shoes

newatlas.com Former Mythbuster Jamie Hyneman has concocted a prototype that sounds like something you’d see in an ACME catalog: electric shoes. Ahead of a crowdfunding campaign for the project, New Atlas spoke to Hyneman about how and why you’d mechanize shoes, and just what you might use them for.

Mars 2020 Rover will carry a record number of eyes

Wow!! How things have changed!

newatlas.com When NASA's Mars 2020 mission sets down on the Red Planet in three years, it will have a record number of cameras aboard. The unmanned, nuclear-powered rover will carry 23 cameras that will have higher resolution more 3D capability, and larger bandwidth than any previous Mars explorer.

Windows 10 Fall Creators Update phased rollout approach

blogs.windows.com Earlier this week we began a targeted rollout of the Windows 10 Fall Creators Update and I shared with you how to get it. Today, I’d like to share more details on how we will roll out this feature …

Dell forgot to renew PC data recovery domain, so a squatter bought it • The Register Forums

Let's outsource our clients recovery data to the cloud, after all, what can go wrong?

forums.theregister.co.uk Dell forgot to re-register a domain name that many PCs it has sold use to do fresh installs of their operating systems. The act of omission was spotted by a third-party who stands accused of using it to spread malware. The domain in question is www.dellbackupandrecoverycloudstorage.com, which offers...

Einstein's Theory of Happiness Just Sold For US$1 Million at Auction

sciencealert.com He is known as one of the great minds in 20th-century science. But this week, Albert Einstein is making headlines for his advice on how to live a happy life - and a tip that paid off.

Windows 10 update. I've had some cases where the restore point was not enabled after doing an update, so if you make use of Windows Restore Point, then check to see that it is still enabled. Note: You won't retain any restore points created prior to the Update.

So, if you are a Windows 10 user and have a capped connection, keep an eye on your Internet bandwidth usage. This update can use from 3.5 GB up to 5 GB, depending on your installation.

Also note that if your Internet seems to be running slowly, it may also be due to this update, either because your computer(s) are downloading it, or because other in your area are downloading and stressing the network.

True or false? Interesting anyway.

forums.mercedesclub.org.uk In a recent interview the MD of Daimler Benz (Mercedes Benz) said their competitors are no longer other car companies but Tesla (obvious), Google,...

The world’s oldest scientific satellite is still in orbit

bbc.com Nearly 60 years ago, the US Navy launched Vanguard-1 as a response to the Soviet Sputnik. Six decades on, it’s still circling our planet.

If you have a capped connection, diarize : Windows 10 Fall Creators Update to the world on October 17th

I can use over 3.5 GB!

Can a robot pass a university entrance exam?

Don't memorize. Understand!

ted.com Meet Todai Robot, an AI project that performed in the top 20 percent of students on the entrance exam for the University of Tokyo -- without actually understanding a thing. While it's not matriculating anytime soon, Todai Robot's success raises alarming questions for the future of human education. H...

The world's first multi-user hologram table is here, on sale in 2018

newatlas.com Australian company Euclideon has built a working prototype of what it calls the world's first true multi-user hologram table. Up to four people can walk around a holographic image and interact with it wearing only a pair of glasses - a far cry from bulky AR headgear. It's set to go on sale in 2018.