Warning: A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware

 

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate.

The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the "manage versions" functionality offered by Google Drive that allows users to upload and manage different versions of a file, as well as in the way its interface provides a new version of the files to the users.

 

For more info, https://thehackernews.com/2020/08/google-drive-file-versions.html

Steps for a Good Vulnerability Program

Source: https://secureops.com/

 

Worst Passwords...Ever!

Inspired by the #worstpassword trend on twitter, this post will continue to focus on the very bad passwords that you or anyone you know should not even think of using for any account, unless you want it to be compromised.

 In a study conducted by SplashData to analyze the worst possible passwords out there, the following were the top worst 25:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

How many of you use any of these passwords?

What about passwords such as:
1. Date of birth
2. City of Birth
3. Child's Name
4. Maiden Name
5. School's Name
6. Username
7. Your name

Pls do yourself a favor and if you use any of these passwords, change them now....

For more guidelines about the best practices for passwords, visit my post http://norfect.blogspot.com/2011/10/your-password-101.html

Emails Emails..... What have you done?

You receive an email claiming to be from the administrator of hotmail, asking you for your password to ensure that your email will not be suspended, as their servers are full and they need to ensure that you are an active user. 

Another email is from your Bank and asking you to visit the link in the email to verify your username/password.

Another is like the above picture, a very extremely joyful Happy New Year email with a seemingly innocent link which you have to press. 

I can go on for ever now with examples of malicious emails, and I will definitely be detailing many more as I go along. My aim today is to BEG you NOT to believe whatever you read. PAAALLLLEEEAASSE!

Nowadays hackers are so lazy that they want everything given to them. They utilize the hotmail example to ask you for your username/password. I know how many people fall for that... Its more than a handful! 

The bank example is pretty advanced, and the best way to deal with it is never to believe the email, but directly type in the address of your online banking without pressing any link. That's because the bad guys can imitate your bank's site and get your access.... I don't think anyone wants THAT....

The final example shows the latest ways of getting viruses and malware into your pcs for future use... What it does is that it gives you a link to access, and probably even a Happy New Year card... In the background, a program is being installed. Whenever you access ANY link, do NOT, I repeat do NOT run/save any file that you are not expecting. If it is a virtual card, it will load in your browser, no extra files required.

Finally, if you feel its fishy (yucky!), just stay away from it... Trust me; its best for you.

Trust me, NOTHING is for free on the net.....

Don't we all want free money? A free gift? A green card to the US.... You name it....

Well the internet is NOT the right place to look for all of those. You know all those emails telling you about the dead relative you have, or the deceased dictator or your friend being stuck in London without a single pound??? Well those are all scams. Please do not respond to any of those emails.

All of the advertisements you see on websites yo visit, claiming that you have just won the green card, or that you will win 1,000,000$ (a la Austin Powers style)... That's a LIE!

When an application on facebook tells you that you can win facebook credits for free... that's a lie.

As a general rule, treat ANYTHING that offers free stuff on the net with suspicion. The most probable reason it was published is to either install types of viruses that could steal your passwords, or actually try and let you send the thieves your money... I don't think you wanna do that now do you?

Google is such a powerful tool, when in doubt, use it by searching the keywords in the advertisement or email or application name. You will definitely find some information about whether it is legitimate or not.

Your Password.... 101

So you want to choose a password, and you want to feel safe that no-one can guess it. Well start up by NOT choosing the following:

1. Your name/family name
2. Your phone number
3. Your date of birth
4. Any of your family members' names
5. Known passwords words such as "password"

You have to make sure that your password is at LEAST 8 (yes you saw that right!) EIGHT characters...

It MUST contain.....

1. At least ONE number
2. at least ONE capital letter
3. at least ONE special character such as "_", "@"....

Take into consideration that the more important the account you are trying to secure via the password, the more complex it should be, and PLEASE do NOT use the same password for your email and facebook accounts.... 

Finally, you can always check the strength of your password via specialized programs, such as:

https://www.microsoft.com/security/pc-security/password-checker.aspx

Welcome to this blog

So..... Finally I have decided to write a blog to share some basics and news about computer/information security...

Who isn't afraid of having their facebook account hacked, or their email taken by hackers???

I will try to write about the essentials..... If there is any new threat I will try to highlight it and advise on how it can be avoided.

If you have any questions, feel free to contact me on norfect [at] hotmail [dot] com

Enjoy!