Youtube Video

@dafyre said in WD My Cloud Backdoor:

@danp said in WD My Cloud Backdoor:

Just read elsewhere that this was resolved back in November with a fireware upgrade. Need to determine how to check if my device is vulnerable.

Resolved, or did they just change the username, lol.

Just like Lenovo, that'd be a little scary.

@brianlittlejohn said in The Myth of Security is Layers:

I have 8 blinky boxes people have to hack into to get to my stuff.

Oh yeah? Well, I have... I have...

Yeah, I got nothing.

@jaredbusch said in Securing Fedora with rkhunter.:

@tim_g said in Securing Fedora with rkhunter.:

@travisdh1 Does it self-update definitions and such?

His instructions say to run an update as part of dnf-automatic.

Though he specified the wrong location for the conf file.

Not sure if that is a full update or what.

Doh! Fixing.

@travisdh1 said in Securing NextCloud:

@zachary715 said in Securing NextCloud:

@travisdh1 said in Securing NextCloud:

I forgot before: You can also login to the admin interface and looking at the settings page. It'll give you a list of performance and security optimizations with links to instructions on how to make the changes.

Yeah that's where this all started. It only states that I need to...

Modify/enable the HSTS header to at least 15552000 seconds PHP OPcache not properly configured and to make changes to the php.ini.

From that though, I got to the hardening and security guide and started to go even deeper down the rabbit hole.

I know you're doing this to learn, so this probably isn't needed at the moment. @scottalanmiller's guide to installing NextCloud with Salt has all the settings correct already according to that settings page.

Nice. Good going @scottalanmiller.

@dustinb3403 said in Copperhead OS - A Security and Privacy Focused Android OS:

Is Java at all included in this OS? If so you're boned.

Sure, but not as bad as running Google services and getting targeted ads all the time. If you want to be 100% safe, you have to unplug completely.

@stacksofplates said in Some macOS Updates Cause Foot Bug to Resurface After Patching:

I'm assuming this was supposed to be root but, not foot bug.

LOL hahha

Patch is here:
https://support.apple.com/en-gb/HT208315

@dashrender said in HP Possible pulling a Lenovo with Stealthy spyware?:

@scottalanmiller said in HP Possible pulling a Lenovo with Stealthy spyware?:

@momurda said in HP Possible pulling a Lenovo with Stealthy spyware?:

I don't trust hardware manufacturers to write good software. I trust them to make good hardware.

That, too.

This really doesn't compute to me. If you have bad drivers, how can you expect your hardware to perform well?

How often do you have vendors making their own drivers? Sometimes, but not all that often.

@storageninja said in To Cable, or Not to Cable:

@dbeato said in To Cable, or Not to Cable:

The only thing I would not run over wifi is VoIP phones, not because of security but stability on the network.

I've been doing this all week (and I'm in India) without issues....

Yes, I know we have discussed this.

@tim_g said in Quad9 DNS Malicious Domain Blocking Service:

I stopped testing Quad9 on my computer. I've been having some weird issues with GitLab errors on the website. As soon as I plugged in Google's DNS, it worked.

But then again, a refresh or two got it working again while I was still using Quad9.

I'll update later to report if any issue like that returns now that I'm using Google on my computer.

Nope, was not Quad9 related.

I think it's some kind of timeout I never noticed before or GitLab is having issues.

I just like apples, what can I say?

Nowadays they wouldn't get away on this. Maybe Troy Hunt will say something 😛

Tags added.