Technology

$ cd ~meri > Technology

[PSA] Android users: 1M+ Google accounts have been breached (Gooligan).

2016.11.30

Today is not a good day for security, it seems.

In addition to the Firefox 0-day exploit, it seems that Android users need to keep a close eye on the apps they’re downloading, particularly from third-party app stores. You can check out the detailed article from Check Point on the topic. The article contains two items in particular that you may find helpful:

  • Scroll down to Appendix A at the bottom of the aforementioned Check Point article. This is a list of “fake” apps that are known to be infected with Gooligan.
  • Check Point has put together a quick tool that allows users to check and see if their accounts have been infected with Gooligan. To use the tool, go to https://gooligan.checkpoint.com/ and enter the email address(es) associated with your Android device(s). Hopefully, you’ll get a pop-up informing you that your account has not been breached.

It’s sad to say, but the dose of paranoia one needs to stay safe on the net these days is no longer creeping upwards. Rather, it is growing in leaps and bounds. As are the number of internet-connected things we all have in our homes, each of which should be viewed with at least some degree of concern.1

In truth, if it is connected — or can connect — to the Internet (and maybe even if it can’t), it should be a security concern. Every time a home gets smarter, it most likely also gets less secure. It seems almost inevitable that someday soon, the sheer number of insecure devices is going to result in some sort of … something. I’m not sure what, but it’s not going to be good.

Stay alert! Trust no one! Keep your laser handy!

Security

, , ,

[PSA] If you’re using Firefox, particularly on Windows, stop doing that.

2016.11.30

Sad (Red) Panda needs to be put in quarantine for a while.

Firefox (versions 41 – 50, which includes Tor Web Browser (Firefox 45 ESR)) currently has a 0-day exploit. This means there is a remotely-accessible and exploitable security concern with the application for which there is currently no fix, and the internet at large is actively taking advantage of the situation. This will undoubtedly be fixed, but until it is, you should switch browsers.

You can learn more about the situation from Wordfence (which is where I originally learned of it), Ars Technica, The Register, and any number of other web sites. Just, you know, use a non-Firefox browser when you start poking around looking for information.

Security, Technology

, , , ,

Ask the [Domain Registration] Hive Mind: Which registrar do you use?

2016.02.05

ask the hive mind

TL;DR:

I have a cunning plan, and it involves registering a new domain name. My registrar of choice apparently lost ICANN accreditation a while back, so I’m registrar shopping. What registrar do you recommend (or use yourself) these days? And if you have the time, I’d love to know what makes them your choice.

(more…)

Ask the HiveMind, Shopping, Technology

, , ,

My web server is being wooed by a cult.

2015.12.30

I was making some changes on a web server that necessitated restarting the process, which I did. As per normal, I went and tailed the logs to make sure everything was coming back up all hunky dory.

Now, you all know me. I accept a wide variety of events as being normal.

This… this was not normal. (more…)

I Have No Response to That, Internet

, , , , ,

PSA: glibc buffer overflow (nss_hostname_digits_dots)

2015.01.27

[covert-ops] bullhorn

Via https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Update ALL THE THINGS! Again. Once, you know, a patch is available.

Annoyances, PSA, Technology

,

Ask the HiveMind: *NIX geek edition (covert-ops section headers)

2015.01.26

[covert-ops] question mark (forest)Really, really long-time readers of this site may recall its first incarnation. It was very geeky, with a *NIX motif running through it. (You can view an Internet Wayback Machine snapshot of it here.) I am attempting to recreate this feel with the newly-returned covert-ops.org site, and I need your help.

Clearly, some of the headings that I had before simply won’t work these days. I mean, who has a QuickCam any more? But, there are other sections I would like to add, and sometimes, the appropriate geeky header doesn’t immediately jump to mind, or I have too many ideas that seem equally valid. This is where you come in. (more…)

Design, Geek, HiveMind, Site, Technology

Ask the Hivemind: Pinterest for text-only sites.

2014.12.28

question mark forestI’ve decided that I want to start using Pinterest for bookmarkers (though I’m willing to be dissuaded). Mostly, I’m tired of having some of my bookmarks available to me in (Google-synced) Chrome browser and some available to me in (iCloud-synced) Safari. (And, of course, this only gets more annoying when I move to other computers / mobile devices.) I’d like to have one place that I can go to for all my bookmarking needs. (I admit that I’m no longer sure why I quit using delicious. Didn’t they have some big going away / taken over / aliens invading scare a while back? Is that no longer an issue?) (more…)

Annoyances, HiveMind, Technology, Web Sites

How did they know?

2014.12.13

I was doing some research on Dropbox, and a warning came up that some of my files aren’t being synced because of bad characters in the file names. I clicked on the link to start the “Incompatible files and folders” tool. Once it got started, this status message popped up:

20141213-dropbox_pands

Think my secret identity is getting too well known?

Amusements, Technology

LazyWeb: Group calendaring / project management & collaboration solutions.

2014.12.10

I’m looking for a solution (or set of solutions) for a small business. I need things in two realms: group project management (notes, files, timelines, tasks), group calendaring.  (more…)

Lazyweb, Technology

Ask the HiveMind: Google+ API horror stories?

2014.11.24

Have any of y’all ever gone through the process to get a Google+ API key? Any pointers, or is it pretty straightforward? (A girl can hope, right?)

And, what did you do with it? How easy / hard was it to use? How sorts of ritual sacrifices did you have to make?

Basically, I’m looking to hear about any experiences with the whole process, if you’re interested in sharing.

HiveMind, Technology