2nd, 2023

HTTPS Everywhere?

While not a required third party download any longer, you should forcibly enable this feature in all your web browsers to make sure you are not accidently on a non secure webpage. HTTPS Everywhere is a browser extension developed by the Electronic Frontier Foundation (EFF) that enhances your online security and privacy by automatically redirecting your connections to websites from insecure HTTP to secure HTTPS. Let's dive into the details of how HTTPS Everywhere works at the packet level: HTTP and HTTPS Overview: HTTP (Hypertext Transfer Protocol): It is the standard protocol used for communication between a web client (usually a web browser) and a web server. HTTP is plain text, meaning the data exchanged between the client and server is not encrypted. This makes it vulnerable to eavesdropping, tampering, and man-in-the-middle attacks. HTTPS (Hypertext Transfer Protocol Secure): It is the secure version of HTTP. HTTPS encrypts the data exchanged between the client and server using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, ensuring confidentiality, integrity, and authenticity of the communication. How HTTPS Everywhere Works: HTTPS Everywhere is a browser extension available for popular browsers like Mozilla Firefox, Google Chrome, and Opera. When installed, the extension works in the background to enforce the use of HTTPS connections whenever possible Rulesets and Rewrite Requests: HTTPS Everywhere maintains a large list of "rulesets" or "rewrite rules." Each ruleset corresponds to a specific website or web service. For example, there might be a ruleset for "example.com," which tells the extension that whenever the browser attempts to connect to "http://example.com," it should automatically rewrite the request to "https://example.com" The Connection Process: When you enter a URL into your browser's address bar (e.g., "http://example.com"), the browser initiates a connection to the web server hosting "example.com"  

HTTP Request Packet: The browser sends an HTTP request packet to the web server. This packet includes information like the method (GET, POST, etc.), the URL, headers, and other metadata required for the server to understand the client's request HTTPS Everywhere Intervention: Before the HTTP request packet leaves your browser, HTTPS Everywhere intercepts it The extension checks if the URL matches any of the rulesets it has in its database If a matching ruleset is found (e.g., "http://example.com" matches "example.com" ruleset), the extension rewrites the URL in the request packet to use HTTPS instead of HTTP (e.g., "https://example.com") HTTP to HTTPS Redirect: The rewritten request packet now contains the HTTPS version of the URL The browser sends this modified request packet to the web server Server Response: The web server receives the HTTPS request packet and processes it as usual The server responds with an HTTPS response packet, containing the requested webpage or data Secure Data Transfer: The HTTPS response packet is encrypted using SSL/TLS protocols, ensuring the secure transmission of data between the server and the browser Browser Rendering: The browser receives the encrypted HTTPS response packet and decrypts it The decrypted data is then rendered and displayed to the user on the web page


14th, 2023

Apple - DirectX 12 Support

Apple announced that it will be adding support for DirectX 12 to its macOS operating system. This is a major development for the Mac gaming community, as it will allow them to play a wider range of games that are currently only available on Windows. DirectX 12 is a graphics API developed by Microsoft that allows game developers to create more visually stunning and immersive games. It offers a number of features that can improve performance, such as asynchronous compute and multithreaded rendering. Apple's decision to add support for DirectX 12 is a sign that it is serious about gaming on the Mac. The company has been investing heavily in its own graphics technology, Metal, but it has also recognized that there are a number of popular games that are only available on Windows. By adding support for DirectX 12, Apple is making it easier for developers to port their games to macOS, which will ultimately benefit Mac gamers.

What does this mean for Mac gamers? DirectX 12 support to macOS is a major boon for Mac gamers. It will allow them to play a wider range of games that are currently only available on Windows. This includes some of the most popular games on the market, such as Grand Theft Auto V, The Witcher 3, and Red Dead Redemption 2. In addition to a wider range of games, DirectX 12 support will also lead to improved performance for existing games. This is because DirectX 12 offers a number of features that can improve performance, such as asynchronous compute and multithreaded rendering. What does this mean for developers? The addition of DirectX 12 support to macOS is also a major boon for developers. It will make it easier for them to port their games to macOS, which will open up a new market for their products. DirectX 12 offers a number of features that can improve the performance of games on macOS. This will make it more attractive for developers to create games specifically for the Mac platform. Watch the WWDC2023


4th, 2023

Large Scale Leaks

Raidfourms.com Data Leak (After domain under seizure of US government): In May 2023, exposed a massive amount of user data, including usernames, email addresses, hashed passwords, and private messages. The leaked data contained information from both forum users and administrators, raising concerns about the potential compromise of sensitive information and the potential for targeted attacks against individuals involved in cybercriminal activities. This data breach serves as a stark reminder of the importance of robust security measures, both for users who engage in online forums and for the platform operators themselves, in order to protect personal information and prevent unauthorized access to sensitive data. Facebook's Data Leak: In April 2022, Facebook, the social media giant, experienced a massive data leak that impacted over 533 million users worldwide. The breach involved a vulnerability that allowed malicious actors to access users' personal information, including phone numbers, email addresses, and birthdates. The leaked data could potentially be used for identity theft, phishing attacks, and other forms of cybercrime. Microsoft's Exchange Server Vulnerabilities: In early 2021, Microsoft's Exchange Server, a widely used email and calendar software, fell victim to a series of zero-day vulnerabilities. These vulnerabilities allowed hackers to gain unauthorized access to email accounts and compromise sensitive data. The breach affected thousands of organizations worldwide, including government agencies and corporations. It highlighted the importance of promptly patching software vulnerabilities and strengthening cybersecurity practices. 

SolarWinds Supply Chain Attack: In December 2020, a highly sophisticated supply chain attack targeting SolarWinds, an IT management software company, sent shockwaves through the cybersecurity landscape. Hackers infiltrated SolarWinds' software build system, injecting a malicious code into software updates. As a result, numerous government agencies and corporations unknowingly downloaded compromised updates, granting attackers access to their networks. This incident exposed significant vulnerabilities in supply chain security and raised concerns about the potential for widespread and undetectable cyber espionage. Ubiquiti Networks' Data Breach: In January 2021, Ubiquiti Networks, a major provider of networking equipment and Internet of Things (IoT) devices, disclosed a significant data breach. The breach impacted the company's customer portal, exposing users' names, email addresses, and encrypted passwords. While Ubiquiti initially downplayed the incident, subsequent evidence suggested that the breach was more extensive than initially reported. The incident served as a reminder of the importance of transparent communication and prompt disclosure in the aftermath of a data breach. Clubhouse Data Exposure: In February 2021, Clubhouse, a popular audio-based social networking app, faced scrutiny after it was discovered that user data was exposed on a third-party website. While the app's developers denied any breach or compromise, user IDs, names, profile photos, and other information were found to be accessible. This incident highlighted the importance of safeguarding user data, even for emerging platforms, and prompted discussions about the risks associated with sharing personal information on social media.


21st, 2023

Enthusiastic Mobile Security

Today I am going to pass along some good information to protect certain mobile devices, this software list allows you to lab environments to protect your mobile data. The use of applications such as Sentry or Wasted allows for better control over mobile devices, as well as faster and more effective data removal in case of threat. Invizble Pro offers advanced tools for securing internet traffic, which can be particularly useful in situations where the government suspects individuals of illegal activities. Haven turns any Android phone into a motion, sound, vibration, and light detector that detects unauthorized persons and alerts you to a potential "Evil Maid" attacks, each hyperlink will take you to a good walkthrough on how to configure each application on your device.


Sentry A minimalist application that allows you to protect your Android phone Wasted A simple panickit type application that allows you to remotely wipe your device. All you need to do is send an SMS with a specially generated code from another device, and the app will destroy all data. Invizble Pro This app contains everything you need for securing your mobile device. Haven This app is mainly designed for people who need a simple way to protect their devices from Evil Maid attacks, such as in hotels or other places with limited trust. 


14th, 2023

Why is it Important to Zero Trust in 2023

In today's world, cybersecurity has become a top priority for businesses, governments, and individuals alike. Cyber threats have become more sophisticated, and traditional cybersecurity approaches that rely on perimeter-based defenses are no longer enough to protect against these threats. The Zero Trust cybersecurity model is a security framework that assumes no user, device, or application can be trusted by default and emphasizes continuous verification and authorization of users and devices attempting to access a network. This includes authentication methods such as multi-factor authentication, biometric authentication, and behavioral analytics to ensure that only authorized users and devices are granted access. The Zero Trust model involves dividing a network into smaller segments and restricting access to specific segments based on user roles and permissions. This ensures that even if an attacker gains access to one segment of the network, they cannot access other parts of the network or data which can involve implementing security controls such as encryption, firewalls, and anti-virus software to protect devices and applications from cyber threats. It also involves continuous monitoring of device and application behavior to detect anomalies and potential threats.  

 The Zero Trust model provides a higher level of security than traditional cybersecurity approaches by continuously verifying and authorizing access requests and monitoring user and device behavior for potential threats. The Zero Trust model reduces the risk of cyber attacks by limiting access to specific network segments and sensitive data. This reduces the attack surface for cyber attackers and makes it more difficult for them to gain access to critical data and systems, and also helps organizations comply with industry-specific regulations and standards such as HIPAA, PCI DSS, and GDPR by implementing robust security controls. The Zero Trust model provides a flexible security framework that can adapt to the evolving threat landscape and changing business needs and can be cost-effective in the long run by reducing the risk of cyber attacks and minimizing the potential financial and reputational damage caused by data breaches. The Zero Trust cybersecurity model is not without limitations implementing the Zero Trust model can be complex and challenging, requiring significant expertise and resources. The Zero Trust model can potentially lead to a negative user experience if security controls are too restrictive, leading to slow access times and increased frustration for users. Despite the robust security controls, human error can still be a significant risk in the Zero Trust model. For example, employees may inadvertently disclose sensitive information or fall prey to phishing attacks.


7th, 2023

Monthly Web Based Attacks Towards the United States

The United States is a major target for web based attacks. In 2022, there were an estimated 625 million web based attacks against US businesses and individuals. These attacks can have a significant impact on businesses, costing them money, time, and productivity. They can also have a negative impact on individuals, exposing them to identity theft, financial loss, and emotional distress. Phishing attacks: These attacks involve sending fraudulent emails or text messages that appear to be from a legitimate source. The goal is to trick the recipient into clicking on a malicious link or providing personal information. Malware attacks: These attacks involve installing malicious software on a victim's computer or device. This software can then be used to steal data, control the device, or launch other attacks. DDoS attacks: These attacks involve flooding a website or server with so much traffic that it becomes unavailable. SQL injection attacks: These attacks exploit vulnerabilities in web applications to steal data from databases. Cross-site scripting (XSS) attacks: These attacks inject malicious code into a web page that is then executed by the victim's browser. This code can be used to steal cookies, session tokens, or other sensitive information. There are a number of things that businesses and individuals can do to protect themselves from web based attacks. Some of the most important steps include:  

Use strong passwords and keep them safe. Be careful about what links you click on. Keep your software up to date. Use a firewall and antivirus software. Be aware of the latest scams and threats. Back up your data regularly. By taking these steps, businesses and individuals can help to protect themselves from the growing threat of web based attacks. In addition to the steps listed above, there are a number of other things that businesses and individuals can do to protect themselves from web based attacks. These include: Educate employees about the risks of web based attacks. Implement security policies and procedures. Monitor your network for suspicious activity and have a plan in place in case of an attack.