Developed by AVG Innovation Labs, the glasses help protect your visual identity in the digital age.
Through a mixture of technology and specialist materials, privacy wearables such as invisibility glasses can make it difficult for cameras or other facial recognition technologies to get a clear view of your identity.
For more information on AVG’s Invisibility Glasses check out this blog post.
Most people have dozens of passwords, for dozens of online accounts. At times it can be tricky to remember them all, as best practice says they should all be slightly different.
If you’re one of these many people, Yahoo’s recent announcement may get you excited. Earlier in March, Yahoo revealed an innovative idea that would mean we never have to remember a password again.
The concept is very simple. By selecting to use one-time passwords in your account settings, the next time you login it will send a password to your phone that you can use to login in with via a SMS.
While this seems very convenient, is it secure?
Generally speaking, there are three types of authentication in use today
The Yahoo solution seems to be half way between the least secure option A and Option B.
Sending a password on demand to a device is a step in the right direction, but there may be other security risks involved when transmitting data over SMS and to a potentially unprotected device.
The phone may not have a passcode and could be infected with malware that reads the SMS. This could mean the email account and all the data inside gets compromised.
If you do want to enable one-time passwords, I would recommend you have both of these: a passcode and AVG AntiVirus for Android on the phone to keep yourself protected.
Using the mobile device to add another layer of security is a smart idea as most people have one. Most of us also use apps regularly and if you’re a Yahoo user then you probably have the Yahoo app.
I would change the delivery method of the password from SMS and instead deliver it, in an encrypted format, via their own app.
On top of this, the Yahoo app with this one-time passwords enabled should require the device to have PIN security.
This would mean that an attacker would need the ID, the phone and the PIN in order to access the account. The app could even go further and check for the presence of an Anti-Virus product to ensure that it’s being scanned regularly.
It could be that there are currently technical limitations with one-time passwords, and that in the future we’ll see a lot more secure and comprehensive process.
My top advice right now though is if you’re going to use this service then be sure to have a security app and a PIN on your phone so you can help ensure that the password is being sent to a secure device.
Follow me on Twitter @tonyatavg
The direct consequence is that suddenly when contacting domain.com and all its subdomains (www, mx, ftp, etc.), some other servers owned by the new owner (legal or attacker) answer.
This disruption in normal operation means a loss of reputation, loss of market share, loss of trust from your customers and last but not least, financial loss for your business.
Unaltered DNS records
Altered DNS records
As can be seen in the above illustration, from the moment in which the DNS records are altered, the company that owns domain.com will no longer control where the traffic goes. The new owner can set up his web server to serve www.domain.com and his email server to serve mx.domain.com. Yes, this means that he can receive all email traffic for that domain.
Owning a black-white list can have even more consequences: the new server can serve whatever fits its needs. Either block any request reporting back that the item should be blacklisted (valid web sites, emails, files, etc.) or allowing everything (marking as good any malicious website, email, file). Fortunately, in such services there are many other controls that make such a task pretty complex.
Yes, there are things which you can do to prevent an attacker from taking ownership of your domains.
Domain Lock or Registrar Lock is a status which can be set to a domain. When set, the following actions are prohibited by the registrar:
Renewal of the domain name is, however, still possible when this flag is set.
Unfortunately, not all registrars support this functionality. If you want more security, you should choose a registrar that supports this feature. This functionality usually doesn’t come for free, but the price is not very high (10$-50$/month) and it is worth paying, especially if you have a large website or company.
All registrars allow entering contact persons for various functions. For example, there are some contacts for changing the IP address or deleting the domain and some others for paying the subscription. Make sure you separate them. Also, make sure that you have a contact email address that is not hosted at the respective domain. Otherwise, if something happens to the domain, you can’t access your email anymore. Remember that all traffic goes to the new owner, including your emails.
If you use some free email servers like Gmail, Yahoo or others, make sure to activate two factor authentication for those accounts.
Set up a good password and make sure you don’t use the address hosted on the domain you try to protect as the recovery email address.
Make it harder for the attacker to get access to your account.
If you have multiple domains, it would be better to host them at different registrars. If one goes down, you can at least use the other ones.
The post Secure your DNS to avoid losing business – Part 3 appeared first on Avira Blog.
CentOS Errata and Bugfix Advisory 2015:0748 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0748.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6028eb7fd61883f440b98464a64e4ea9046b940fb71ca21910403d76d1ec1f9a amanda-2.6.1p2-9.el6_6.i686.rpm 2c557073b814d230142f85675e1c78ba67fec4183e992cccff4162b93c966eee amanda-client-2.6.1p2-9.el6_6.i686.rpm e5570b2e80028795ed5f268dcb34a3b5022e7465fe47c66895b68e36a8af0ef7 amanda-devel-2.6.1p2-9.el6_6.i686.rpm 8a5e03ecf50c24896af164da8b36d5bf78b04691b2f85ba6a85a04d6f22f5d47 amanda-server-2.6.1p2-9.el6_6.i686.rpm x86_64: 6028eb7fd61883f440b98464a64e4ea9046b940fb71ca21910403d76d1ec1f9a amanda-2.6.1p2-9.el6_6.i686.rpm d19eaa701f1fe55b3c0033f8f4414df1dbe8c5ae8ee32506bf5ac3e5af9003f3 amanda-2.6.1p2-9.el6_6.x86_64.rpm 86e3197db4736f91e94fdf0f08680ca033702a20f782a56749c4075c6cd48689 amanda-client-2.6.1p2-9.el6_6.x86_64.rpm e5570b2e80028795ed5f268dcb34a3b5022e7465fe47c66895b68e36a8af0ef7 amanda-devel-2.6.1p2-9.el6_6.i686.rpm 68795396230ee7a605494eee4d313c7e801cbd4f633f8c94857c876876be6323 amanda-devel-2.6.1p2-9.el6_6.x86_64.rpm f20dfaf4ef7d20e3047b6ce595bfa79322480b361579a165c49d6449e11fd9fb amanda-server-2.6.1p2-9.el6_6.x86_64.rpm Source: f90d2d6f8ae8b0b8acd9be349b67bb3f94dc898aa353a263c4306ff261de333f amanda-2.6.1p2-9.el6_6.src.rpm
The voting system used by the Eurovision Song Contest was briefly forced offline after a suspected cyberattack caused an “extreme” surge in activity,.
The post Hackers hijack song contest with Eurovision voting app attack appeared first on We Live Security.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : openssl Date : March 27, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in openssl: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavio
Protecting children online is one of parents’ biggest concerns. But have we stopped to think that is not only our computers at home that need protection? Kids also use computers at school.
In order to protect them, schools must have a centralized management solution that manages security and protects all their computers. This solution should be applied not only in schools but in study centers and colleges also.
It is also becomes a great help facilitating students access to new technological tools and teachers to increase their teaching quality.
The post How can we protect schools? appeared first on MediaCenter Panda Security.
Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit
for processing SVG images, would load XML external entities by
default. If a user or automated system were tricked into opening a
specially crafted SVG file, an attacker could possibly obtain access
to arbitrary files or cause resource consumption.
WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities
CentOS Errata and Security Advisory 2015:0729 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0729.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 216f2cf3534c6a8f8e1be41f68d5f5259b03bfacdbaeaa7b325db24b44c04888 setroubleshoot-2.0.5-7.el5_11.noarch.rpm 04bc3a794631aec3b87d0c433f4d06169cc289293d1a070747d808c57bc98f7e setroubleshoot-server-2.0.5-7.el5_11.noarch.rpm x86_64: 216f2cf3534c6a8f8e1be41f68d5f5259b03bfacdbaeaa7b325db24b44c04888 setroubleshoot-2.0.5-7.el5_11.noarch.rpm 04bc3a794631aec3b87d0c433f4d06169cc289293d1a070747d808c57bc98f7e setroubleshoot-server-2.0.5-7.el5_11.noarch.rpm Source: 5ded827483a0f9bb0b7cd24a9d99974f036945c4041afd440aa9721c0b9215e7 setroubleshoot-2.0.5-7.el5_11.src.rpm
