If you have had a very old Ubuntu/Linux server that you had recently noted does not receive security updates (without paid subscription), you may have certainly looked in to the pros/cons of creating an entirely new server of a newer Ubuntu, vs Ubuntu upgrade process. There may be more advantages than you think, to start an entirely new droplet:
Continue reading “DigitalOcean performance – and reasons to get set on a newer region!”Recent phone system hack called “worst telecom hack in our nation’s history”
Days ago, senator Warner reported on the major intrusion on American phone networks. In recent months, the group Salt Typhoon was found to have compromised various systems, including those involved with major political figures.
Continue reading “Recent phone system hack called “worst telecom hack in our nation’s history””Recent Research Paper Notes Security Issues of ChatGPT and Other Language Models
In early March a paper was published with details of a potential vulnerability that can spread across getAI systems. For example, a mailing assistant service could be set to send out something spammy.
Continue reading “Recent Research Paper Notes Security Issues of ChatGPT and Other Language Models”Learning from previous mistakes – pulling historical vulnerability information from various plugins
If you keep a watch on software security newsletters or blogs like the Wordfence blog, you’ll know there are a good number of new detected defects and vulnerabilities on a regular basis, even on well known plugins and software. It’s worth looking into the details of how this happens especially if you work on PHP software from time to time. Thankfully there are public records which let you compare to look at how these are fixed:
Continue reading “Learning from previous mistakes – pulling historical vulnerability information from various plugins”de Bruijn sequence, security, and the surprising reason your phone requires pressing enter on the lock screen
de Bruijn sequences (also known as Ouroborean rings in Professor Stewart’s Cabinet of Mathematical Curiosities, p. 44) are an interesting topic that have a surprising connection to moving across a square, and the security of most phone unlock screens. These sequences make a compact listing of all the possible values, in a repeating (cyclical) string of values.
Continue reading “de Bruijn sequence, security, and the surprising reason your phone requires pressing enter on the lock screen”TigerVPN with a Non-broken Open-source App
If you got set up on the TigerVPN years back you may have noticed that their Android app no longer works. It’s an often-reported issue. Ironically, the not-officially-supported setup documented here does still work. A similar quick setup can get you set up quickly on Android:
Continue reading “TigerVPN with a Non-broken Open-source App”Chrome 93 brings a different way of thinking
If you are using Chrome 93, you may have noticed recently the “Your connection is always secure unless Chrome tells you otherwise” in the location bar. This raises an interesting question – should the system be telling you that any site that you visit is secure? Should we be trusting Chrome in this regard?
Continue reading “Chrome 93 brings a different way of thinking”Setting private user home directory on Ubuntu
Recently it was announced that Ubuntu 21.04 will have private home directories. This would affect new users and new installs, but you can easily change this on your computer (or any Linux/unix computer) after checking your current setting…
Continue reading “Setting private user home directory on Ubuntu”Analyzing a Zoom(link) hack:
Once in awhile a service may get compromised script or item in it – in a recent case, a Zoom link will actually take you to some random site as part of some sort of adware campaign??? However a closer look shows it is very important to test your links on email or sites:
The link I saw recently actually had a very odd looking script – script in a production service is generally minified sometimes, but won’t be oddly obfuscated or base64-encoded. The suspicious part of this script starts out in the <body> with an odd looking launchBase64:
Continue reading “Analyzing a Zoom(link) hack:”Easy VPN with DigitalOcean and ShadowSocks
If you are often in a cafe or library with shared internet, it’s best to go through a VPN so any unencrypted traffic isn’t detected by any local hackers – while there are many vpn packages, it is easy enough to make your own and connect to it with shadowsocks. This can give you good performance even on a $5/mo digitalocean server!*
Continue reading “Easy VPN with DigitalOcean and ShadowSocks”