Wyze cam cloud exposure or breach?
Report alleges massive Wyze data breach, but many questions remain https://www.slashgear.com/report-alleges-massive-wyze-data-breach-but-many-questions-remain-26604513/
December 2019
Fortinet GeoFiltering
Fortinet makes a nice Firewall; it uses ASIC chips to offload much of it’s CPU intensive work, making the firewall responsive, high-throuput without drastically increasing the cost. Fortinet 60e $1380 800Mbps thruput vs Sonicwall tz300 $960 340Mbps thruput (lower with dpi on) My objective is to filter large chunks of the internet that are not …
Chrome Password Audit
https://passwords.google.com will show you what passwords you have saved in Chrome browser and let you do a password checkup that compares your passwords to the list found in recent password breach databases like haveibeenpwnd.com Chrome v79 will automatically compare your password to this database and warn you if you are choosing a weak or publically …
OPNsense but better
SunnyValley makes extended functionality plugin for OPNsense. Their goal is to make this usable for all opensource firewalls (read pfsense soon) There is a free version. Upgrade to OPNSense v20 BEFORE installing SunnyValley. My OPNSense runs on a 16Gb CF card and I suspect it ran out of space while trying to upgrade from v19 …
The case to limit share permissions
I have been recommending to limit share permissions to all of my clients. Recently client wanted to allow access to a business partner via TsWeb. Because they wanted to view files they had Explorer published to them. I added them to Domain Guests (not Domain Users) but It immediately became apparent that Share security was …
Pushover Documentation
Pushover is a messaging system that is easy for programmers and manufacturers to implement but not so easy to setup and manage, mostly due to the lack of documentation. Pushover does not require an executeable to send messages, set a few variables and an HTTP post will successfully send a message. I use the powershell …
Remove Windows10 Bloat
This is a link to a powershell script that will remove an entire list of programs that come pre-installed in Windows 10 but you likely never use. (Candy Crush?) https://windowsreport.com/powershell-remove-windows-10-default-apps/
Hardening test
Just testing a post after the following option in Sucuri Security, settings, hardening Block PHP Files in WP-CONTENT Directory Block PHP Files in WP-INCLUDES Directory
HP SSD failure and FW patch
Some HP SSD drives have 100% failure at 32768 hours of operation, caused by a firmware bug prior to HPD8. There is a firmware update to fix this but it can only be applied BEFORE the failure. So a raid array that has the drives started all at the same time will all fail at …
WordPress Security
WordPress is a popular target for hackers because it has a large install base. Plug-ins make it flexable but there is no guarantee that code writen by 3rd parties is secure. Had an incident where a WordPress site was undergoing a directory traversal attack. The site had WordFence security plug-in installed and got some decent …