Wednesday, May 30, 2018

Get a Meltdown and Spectre Checkup Utility

logo

Easily examine and understand any Windows
system's hardware and software capability to
prevent Meltdown and Spectre attacks.

Get it here!
https://www.grc.com/inspectre.htm

screenshot


Friday, May 25, 2018

How to add a Cookie Notice to Blogger Sites for EU GDPR Compliance

European Union (EU) GDPR laws require you to give EU visitors information about cookies used on your blog. In many cases, these laws also require you to obtain consent.

Google now requires you to make a notification for your blogger.com site.
You are responsible for confirming this notice actually works for your blog, and that it displays. If you employ other cookies, for example by adding third party features, this notice may not work for you. If you include functionality from other providers there may be extra information collected from your users. 


  • Google has added the following code option to all bloggers sites. Why is this not a Widget?

    Change this notice, add a SCRIPT tag with 'cookieOptions = {...};' in the HEAD tag with values for any of msg, close, learn and link.

  • So Google has done the work and added a pop-up notice for your blogger website for countries that require it.
 
Here's an easy way to add cookie notification for blogger.com sites (forcing it for all countries).

1. Goto your Blogger Dashboard
2. Choose Layout
3. Add a Gadget






























4. Choose and Configure HTML/Javascript Widget
5. Goto https://cookieconsent.insites.com/download/ to personalize your cookie consent pop-up.

Under "Link to your own policy" use Googles privacy policy
https://support.google.com/blogger/answer/6253244































6. Copy Code and paste into Widget





































7. Remember to SAVE Arrangement, before you leave the page.

Thursday, May 24, 2018

How safe/secure is the new Microsoft Cloud Clipboard

The Windows Clipboard has long been a contentious security issue for Microsoft.
The current clipboard clip is stored in plain-text in memory which available to-be read by any app and this is by design for programability, but has been a bone of contention for a long time. Many third party apps have addressed this by actively cleaning-up the clipboard after a few seconds, and store it into their own secure encrypted queue. Third party apps and the community benefit of this Windows well documented open API, but you have to be aware of the issue, and who as time for the minutiae.
For most, it’s still mentally manageable since the legacy clipboard only stored 1 clip at a time. If you copy a password, just immediately copy nonsense afterwards and you are safe. You can monitor the current clip with Clipboard viewer (clipbrd.exe) from Window 7, and trivially still works in Windows 10. Note: Chrome will marks all zipped .exe files as Dangerous, and this is not, it's unadulterated.


With the new "Cloud Clipboard", is actually the Clipboard History Viewer by using the Windows+V keyboard combination. This will be available in the next major release Fall Update 2018, but you can Windows 10 Insider Preview Build 17666. 
According to 
Bleeping Computer, this clipboard history is stored in a plain-text file;

C:\Windows\SystemResources\TextInput\pris\TextInput.en-US.pri
This file is used to store the Cloud Clipboard history queue which represents a greater security risk. Since now you can attack a whole history of commands, and potential passwords.
The actually syncing of clipboard to cloud is using same mechanism as Microsoft Graph technology that powers the Timeline and subject to man-in-the-middle attacks which any HTTPS connection uses and also uses OAuth which can be subject to OAuth attacks. The Graph API sends messages as open text (JSON) via HTTPS as most systems do, and depends on SSL for it’s protection.
It’s recommended that set your Windows 10 Settings to select “Never automatically sync text that I copy” instead, you’ll have to manually choose what you want to copy to the cloud. To do so, open your Clipboard history with Windows+V, hover over an item in your clipboard history, and click the cloud-shaped “Sync to Other Devices” icon.




Lastly, according to Windows 10 Lock Screen Leaks Clipboard Contents post,
getting the current Windows 10 clip has been trivially hacked, but you have to be physically on the device to perform it.
The frighteningly simple hack goes as follows (but has been fixed recently):
1. Win+L: Lock workstation
2. Win+ENTER: Start Narrator
3. CapsLock+F1: Open Narrator Help
4. Ctrl+V: Profit!

Wednesday, May 23, 2018

How to Turn Off Tracking Data/Manage your personal data with Google

In light of recent privacy concerns Google has responded with a way to manage your personal information, and it's called Privacy Checkup.

With these settings you can manage what info you keep private, and what data is saved to your account to improve your Google experience.


Pop this URL into your browser
https://myaccount.google.com/privacycheckup

The process will take about 5 mins, and I recommend you turn off all tracking. 

The following tracking areas are available; 
  1. Web & App Activity
  2. Location History
  3. Device Information
  4. Voice & Audio Activity
  5. YouTube Search History
  6. YouTube Watch History
  7. Manage what you share on YouTube
  8. Likes and subscriptions
  9. Your YouTube activity feed
  10. Video privacy
  11. Control what others see about you : Shared endorsements
  12. Make ads more relevant to you



Tuesday, May 22, 2018

How to clean Chrome Malware/Adware/Rogue/Hacked Extensions


Antivirus company ESET has built Google Chrome Cleanup, a built-in tool now available in Chrome. It's a security tool that scans Chrome and alerts users to potential threats. The tool scans current Chrome instance and notifies users when it finds potentially unwanted or malicious software to be removed.

More info at https://www.eset.com/int/google-chrome-cleanup/

How to check for Chrome Malware

1) To perform a manual scan using the Chrome Cleanup Tool, open the Chrome browser, type 


chrome://settings/cleanup 

in the browser's address bar, and press Enter to go to Chrome's "Clean up computer" page.




2) Next  clicking on the Find button. Note this process can take up to 1hr to complete. 

3) If Malware is found, you get a return page as such and click REMOVE to delete.





Saturday, May 19, 2018

Apple Iphone Personal Data Tracking Metadata Fields

ZDNet's Zack Whittaker asked Apple to give me all the data it collected on me since I bought my first iPhone — in 2010.

Here's the Apple Personal Data (Metadata) Fields that is tracked.

Tuesday, May 15, 2018

How to fix Open PGP Hack now

https://EFAIL.de/  is the source and dedicate site that describes the now well know vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. 

These apps are affected; 
  1. Thunderbird with Enigmail
  2. Apple Mail with GPGTools
  3. Outlook with Gpg4win
The intermediate fix is; 
  1. Disable HTML rendering. The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc. Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking EFAIL. Note that there are other possible backchannels in email clients which are not related to HTML but these are more difficult to exploit.
  2. No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.




Tuesday, May 1, 2018

Wikipedia Windows 10 Release Information Page a Powershell Script

Copy and paste into Powershell ISE and run. Updated May 30, 2018.


# WikiWinReleaseInfo.ps1 
# Purpose : Open Wikipedia Info Page for your Window 10 Release
# Author : Metadataconsulting.ca
# Last Updated : May 30, 2018

Write-Host "Your running" (Get-WmiObject Win32_OperatingSystem).Caption

If ([System.Environment]::OSVersion.Version.Major -ge 10) {
 
    $releaseID = (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId

    If ($releaseID -eq 1709) {
    [System.Diagnostics.Process]::Start("https://en.wikipedia.org/wiki/Windows_10_version_history#Version_1709_(Fall_Creators_Update)")
    }
    elseif ($releaseID -eq 1511) {
    [System.Diagnostics.Process]::Start("https://en.wikipedia.org/wiki/Windows_10_version_history#Version_1511_(November_Update)")
    }
    elseif ($releaseID -eq 1607) {
    [System.Diagnostics.Process]::Start("https://en.wikipedia.org/wiki/Windows_10_version_history#Version_1607_(Anniversary_Update)")
    }
    elseif ($releaseID -eq 1703) {
    [System.Diagnostics.Process]::Start("https://en.wikipedia.org/wiki/Windows_10_version_history#Version_1703_(Creators_Update)")
    }
    elseif ($releaseID -eq 1803) {
    [System.Diagnostics.Process]::Start("https://en.wikipedia.org/wiki/Windows_10_version_history#Version_1803_(April_2018_Update)")
    }
    else {
    [System.Diagnostics.Process]::Start("https://en.wikipedia.org/wiki/Windows_10_version_history#Version_$releaseID")
    }

} else {

    Write-Host "This script is for Windows 10 only."   

}