Warning: Your WiFi Is Likely Compromised

Is your wifi network on KRACK? This "attack works against all modern protected Wi-Fi networks."

If you use wifi in any way, here are six things to note:

  • KRACK is an extended security and privacy vulnerability revealed just today. It’s unlikely your wifi is secure yet.
  • This is a vary capable bug, so don’t underestimate the seriousness of this matter.
  • “The attack works against all modern protected Wi-Fi networks.”
  • “It appears almost any device that uses Wi-Fi is affected.”
  • You “may want to be wary of using Wi-Fi at all until patches are widely rolled out.”
  • “It’s more urgent for general users to patch their personal devices, whether phones, PCs or any smart device, be they watches, TVs or even cars.”

KRACK: beware the wifi hack/bug

Some measures to take while you wait for updates to your wifi network

Read it all

Look What I Learned on Twitter

I don’t use Twitter much, except when my WordPress blogs auto-post Tweets at the time I publish a new piece.

But half an hour ago or so, I Googled Key Bank because of site issues they seem to be having. And the search result I clicked was someone’s Twitter comment.

From there I eventually ended up on my own Twitter account…and saw this: Read it all

The Web, Your Secrets, Your Number

Far too many people just don’t care about online privacy. Maybe you’re one of them. And maybe I don’t care if I spit into the wind on this subject. Again.

Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.


The Journal examined the 50 most popular U.S. websites, which account for about 40% of the Web pages viewed by Americans. (The Journal also tested its own site, WSJ.com.) It then analyzed the tracking files and programs these sites downloaded onto a test computer.

As a group, the top 50 sites placed 3,180 tracking files in total on the Journal’s test computer. Nearly a third of these were innocuous, deployed to remember the password to a favorite site or tally most-popular articles.

But over two-thirds—2,224—were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold.

The top venue for such technology, the Journal found, was….

I was surprised.

Maybe you won’t be.



The top venue for such technology, the Journal found, was IAC/InterActive Corp.’s Dictionary.com. A visit to the online dictionary site resulted in 234 files or programs being downloaded onto the Journal’s test computer, 223 of which were from companies that track Web users.

It’s a long article, but I highly recommend it to you: The Web’s New Gold Mine: Your Secrets

ZeuS: Do You Know This Security Issue?

I read a bit about the ZeuS malware this earlier this morning. Here’s one quote…but I don’t know who said it:

“The average corporation or consumer doesn’t know
there’s an issue there.”

Whoever it was said it, said this also:

“You can have all that stuff current
and you’re still not safe.”

I don’t know if that applies to part of my Internet security fortress: Malwarebytes ‘ Anti-Malware.

If you use computers and the Internet, I suppose you really should ready this: Online Business Banking? Be Afraid. Be Very Afraid.

If you don’t use computers and the Internet…. 😯

Smart Meter: A New Spy?

PGE Smart Meter

Portland General Electric let us know we’ll be getting one of these before too long.

I was looking forward to it. I think I still am (because it sure seems like our monthly electric bills are high). But this article greatly dampens my forward look, so to speak:

Computer-security researchers say new “smart” meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

At the very least, the vulnerabilities open the door for attackers to jack up strangers’ power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else’s power on and off.

The attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them. Or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc. The firm was hired by three utilities to study their smart meters’ resistance to attack.


Unlike traditional electric meters that merely record power use — and then must be read in person once a month by a meter reader — smart meters measure consumption in real time. By being networked to computers in electric utilities, the new meters can signal people or their appliances to take certain actions, such as reducing power usage when electricity prices spike.

But the very interactivity that makes smart meters so attractive also makes them vulnerable to hackers, because each meter essentially is a computer connected to a vast network.


But many security researchers say the technology is being deployed without enough security probing.

If hackers can get that far, what’s to keep them from hacking into my computers even when they’re off-line? (You know, entering my machines through the power plug instead of the phone jack.)

And what’s to keep governments from conspiring with manufacturers (or secret agents at manufacturing plants) to put “bugs” in electrical devices? The idea of my toaster or my bedside clock or my phone answering machine eavesdropping and tattling on me is not a pleasant thought. Maybe it’s time to come up with a not-so-new lifestyle mantra: Go Amish!

OK, so now I’ve given the kooks more material. Sorry. 🙄

Well, you can read the full article here: New ‘smart’ meters for electrical utilities have security holes

Blog Attack

Somebody (from Saudi Arabia, apparently) attacked this blog this morning.

First, someone succeeded in breaching my login. Once in there, he changed my login password as well as the email associated with my account. That was at 11:29.

Then he launched four SQL Injection Attacks at 11:31, 11:33, 11:34, and 11:43. Thankfully, those were detected and blocked by my firewall, which also identified the attacker’s IP as

Thankfully, I tried to log in shortly thereafter.

When I couldn’t do so because my password wasn’t valid, my cranial alarm bells went from dormant to frenzied in a NanoSomethingOrOther.

I went straight to my SQL database, changed the email address on my account back to what it should be, then changed the password. I was done with that by 11:53.

I’ve been unable to detect any other damage done to this blog. But this person could have changed posts, comments, and pictures. So I’m warning you: there may be bad content somewhere here.

If you come across evidence of such tampering, please let me know right away.


And may God bless the attacker. Amen.

Facebook, Google, Carbonite?

Do you store personal data there?

Well, I saw the link to this over at Drudge:

The attack also highlights the inability of the private sector — including industries that would be expected to employ the most sophisticated cyber defenses — to protect itself.

“The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats,” Yoran said. “The things that we — industry — have been doing for the past 20 years are ineffective with attacks like this. That’s the story.”

Source: More than 75,000 computer systems hacked in one of largest cyber attacks, security firm says

This story reinforces my disinclination to trust online personal data storage. So I don’t use it. Not even the free gigs provided by my ISP. Not even the space on the two servers I use to run my various sites.

Call me paranoid. Call me safe(r). 😉

Above all, love God!