Are they attacking that?

Topic

New Reply

ISSUE 21.44 • 2024-10-28 ON SECURITY By Susan Bradley When you use technology, one challenge is determining whether a vulnerability is actually being
[See the full post at: Are they attacking that?]

Susan Bradley Patch Lady/Prudent patcher

11 users thanked author for this post.

Nibbled To Death By Ducks, abbodi86, gstrader, fisher75, DLivesInTexas, rizzquery, Casey S, lmacri, rc primak, TechTango, Alex5723

Reply | Quote

Replies

What makes social media so addictive are the “engagement algorithms” they use. If more people were aware of the existence of these algorithms, and knew a bit about how they function, we could all be safer online and offline.

Three levels of explanation:

Simple overview. 

More detailed explanation. 

Research-level insights.

 

 

-- rc primak

4 users thanked author for this post.

Lars220, Chris B, rizzquery, SueW

Reply | Quote

I agree completely with rc Primac’s post.

If you want to see an illustration of how it works and why the algorithms are so corrosive, have a look at the Netflix film The Social Dilemma. It is quite frightening.

Chris
Win 10 Pro x64 Group A

1 user thanked author for this post.

rc primak

Reply | Quote

As always, great content from Ms. Bradley. But, about Perplexity I see a problem. I installed the app on my Windows 11 Pro 23H2 desktop. In order to use it I have no choice but to disable my VPN, and this is an issue someone at Ask Woody Plus might want to investigate. I DO NOT have to disable my VPN (Mullvad) in order to get into my bank (a really big bank) or my investment company (a really big investment company). But in order to enter these sites, I must shut down Mullvad: Perplexity, King Soopers (Kroger in Colorado), Safeway (Albertsons in Colorado), plus others.
What is the point of requiring a user to shut down a VPN thereby diminishing his/her level of personal security, in order to get into a secure site? Star Trek’s Commander Spock would be outraged by such a requirement as it is MOST illogical.

Reply | Quote

It’s not the VPN, per se, that’s the problem. It’s the IP address they (sometimes) issue. VPN’s purpose is to hide your location. This is good for you, but is is also good for those who spam, hack, and perform other nefarious tasks on the Internet. So, as a defense, the IP addresses that are misused are accumulated in databases that are used to protect (reject connections to) websites.

The IP address your VPN is using today is clean, but may not always be so, as the IP issued is random each time you log in.
Find your current IP address here, click on the magnifying glass to the right of the searchbox at the top right. Copy the IP address.
To check whether it is clean, or has been used for spam and abuse, paste the IP into the searchbox here, and press Enter.
It may be an eyeopener.

6 users thanked author for this post.

Steve, rc primak, Lars220, windbg, Myst, DLivesInTexas

Reply | Quote

Ms Bradley, Thanks for your always great posts. You recommend not storing passwords in browsers. My understanding that Firefox stores passwords in a very secure manner. Plus unlike other browsers, a master password is possible. If a very strong master password is used then even if the PC is stolen, the passwords are safe.

I only use my one PC for surfing and 2FA wherever possible, not my phone. Am I wrong in thinking I am secure?

Reply | Quote

Hey Susan,

“One update on the list of known exploited vulnerabilities is quite old. CVE-2024-30088, reported in June 2024, must be patched and installed no later than November 5, 2024.”

What is the significance of that date?

And, as always, Thank you!

 

Reply | Quote

US government requires federal agencies to patch within three weeks of each flaw being added to the Known Exploited Vulnerabilities Catalog.

1 user thanked author for this post.

rc primak

Reply | Quote

When I see an online security magazine toot the alarm horn, I’ve learned to distinguish between:

1. A in-the-wild digital buzz saw that is actively being exploited
2. A vulnerability that needs to be patched,
3. A socially engineered phishing attack
4. A vulnerability that first needs direct, personal access to your machine
5. A vulnerability that MIGHT affect you in some nebulous future reality.

..and believe me, some of these publications really turn up the tub-thumping ‘way out of proportion to the actual threat. Why? Hey, it’s eyeballs! More eyeballs, more ad views, more $$$$! Look, look,look, so we can raise our ad rates!

Read all the article, use common sense, and follow Susan’s suggestions.

As for passwords, I choose a very weird language plus symbols, and then write mine down in a weird  non-Latin script used by an obscure sect of monks, then  hide the book in the basement in a closet behind the sign that says, “Beware The Leopard”.

OK, I’m pulling your leg a bit, but about which part?

Thanks for the great article Susan.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Susan enjoyed reading this post Thank You
A Q. pls, Edge under Browser Essentials there is a VPN that you
can turn on, Can you give me your opinion on this VPN. Tks in Advance Paul.

Reply | Quote

Use the Microsoft Edge Secure Network to protect your browsing – Microsoft Support

It’s in preview mode right now but I’ll let you know.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

rc primak

Reply | Quote