Password Strength Tester
You are invited to a maggyPie fundraiser - virtual event on: Wednesday, July 21st @ 1:00 P.M. ESTTopics of discussion will include:
Our goal is to raise $30,000! If the goal is met, maggyPie will turn from red to green on the official website!
✎ Chirp back
Hope everyone had a great 4th of July!Continue to be safe, as we continue to honor our veterans and loved ones.
The days of the old school metal keys are over with for lodging. Most places have adapted to those little handy electronic plastic keycards sometime in the very early 21st century.So, what information is stored on those cards exactly? This question contains much controversy in itself. Technically, they could get by with just encoding the room # and the length of stay. They already have your personal information stored in a database, and don't need to put any of that information on the card itself. However, as this probably doesn't suprise you, some places were found storing all kinds of customer data, even data that was stored in their database, such as: Credit card number
Length of stay
As you can see, remember the #1 rule "never trust user input". Shred your cards after checkout, never hand them back in. There is no extra charge to keep them.
Although you do need to memorize it, you don't need the CVV code to actually be on the back of your debit/credit card.Just scratch it off!If you leave your CVV on the back of your card, your information becomes susceptible to theft as someone can write down the information, or better yet, take a picture with their phone.Although there is always a possibility of information theft without the CVV number, it greatly reduces the attack vector that the thief can use, since many websites require the CVV. Without it, many merchants will not honor the card.P.S. If you're worried that someone has your CVV, report the card stolen and get a new one!
Always use EMV (chip) transactions
Whether you're a business or customer, always use the EMV chip authentication for transactions. Many merchants still have failed to become EMV compliant and have not upgraded their POS to EMV technology. This is a huge liability and can spell trouble for your business. If you see any signs that say "our chip reader is down, or please use magnetic stripe", stay FAR FAR away from this business.EMV uses cryptographic authentication and a series of other complex "handshakes" to determine authentication, whereas magnetic stripe readers don't have those security measures.
While waiting in line to pay for fuel (and other goods), there was someone in front of me who's debit card wasn't working - kept saying: "Debit Card Chip Malfunction". It kept on giving him the error, even after cleaning it with a cloth and re-attempting multiple times to use the chip. After 3 times, it usually defaults to use the magnetic stripe reader.Under no circumstances should we be using the magnetic stripe reader for any transactions. Sometimes our cards do not work because they are dirty, and/or have normal "wear and tear". If you feel this is a the case, you should replace your card as soon as possible.
When you send anything and/or receive via Signal (text, emojis, images/pics, videos) is encrypted. When your data is encrypted, only the intended specified recipient(s) can see the data.
Even better, Signal does not store any data, which means it can't be leaked out - purposefully or accidentally.
I'm successful. My time machine worked! We're back in 1991! Oh wait, no, it's 2021, 30 years later and...That is a FAX machine though. Wildly insecure, outdated, and let's not forget to mention, bulky. The thing takes up half the room for cryin' out loud.
One portion is connected to the network, the other is connected to the phone line. No encryption, and no security. By tapping into a phone line (which anyone can get the FAX number for an organization), the attacker now has access to the network. Still want to use the FAX?
You're dreading your next assignment; it's a 5-page research paper on your topic of interest. You fire up Grammarly and begin to write your rough draft into Grammarly editor because you want to sound smart, right?
Well, since the program itself isn't very big at all - which means the database where it pulls information from is online - in the cloud! If you've ever used the plagiarism checker, it reads everything that was ever 'submitted' to it and compares it against what you have. Well, all of that data has to be stored somewhere. Be mindful of what you type in there - especially ideas from rough drafts.
Multi-factor authentication is using more than one distinct authenticator. For example, to log in to your e-mail, you may use just a password. Better yet, use a password and set up text message verification - where you have to enter the code as well. This type of setup provides additional security and makes intrusion a bit more difficult, as the attacker needs to know both the password and gain access to the code.
1.) Something you know - such as a password or PIN. Don't make it easy to guess.
2.) Something you have - such as a token, which generate a secret code or PIN. Digital certificates can also be used.
3.) Something you are - biometrics, such as a fingerprint or retina scan.
Using more than 1 type of authentication can make it more difficult for hackers to gain entry!
In the realm of IOT (Internet-of-things), our mouses work faster than our brains. It's true. We want to click (or tap) on everything - all the time!
Don't click on links unless you're certain what they are, as they can be set to trick the user. For example, take this link - maggyPie.com/ - seems like it points to maggyPie, right? WRONG.
In this 2nd example, I've even made it so if you hover your mouse over it claims to go to maggyPie, but it is still a threat. maggyPie.com
* Depending upon your device, you 'may' be able to TAP AND HOLD the link, and then the true link may show up. If the true link does show up, you should then be able to TAP anywhere else on the screen to cancel opening the link. But, this isn't always feasible. Bottom line, don't click the links unless its from a known and trusted source. *
You're out at a cafe, and you want internet. So, you look for the hotspot labeled 'cafe' and connect. No big deal, right? WRONG.
You've just connected to an evil twin hotspot, which is NOT the one you intended to. An evil twin hotspot is one that looks exactly or almost identical to the legit one. It will have a similar, official-sounding name.
Wait, which one did I connect to again?!
There are many reasons why you should never log into a public WI-FI, but one single important reason comes to mind.
Man-in-the-middle attack: Remember the game Monkey-in-the-middle? Well, it's sort of like that, where sometimes the man in the middle tries to catch the ball between 2 other players throwing it back and forth. Similar to data and packet theft, each time you connect or browse the internet, there's constant traffic. There's so much traffic, it would look silly trying to read it all. Sometimes in the game, the guy in the middle will touch the ball and deflect it. This is called tainting the data; it's been tampered with. You still have access to your data (and whatnot), but it could have been modified.
I remember back in the day, car salesman used to advertise "has a CD player in it" and everyone shouts "Oooo-la-la!" "Oh yaay!" But the reality is that that was a standard at the time; there was nothing extra about it at the time. It was to be expected; I already expected the CD player. So, save your little speech. And unfortunately, free WI-FI is a 'standard' for public places, and people are falling for it. Something like that should not only NOT be advertised, but you should deduct points off for that.
What is everyone doing on their computer at Mickey D's anyway? They're playing monkey-in-the-middle.
While it may convenient to share media accounts, avoid doing so at all costs. Security should override convenience. When users share any type of media account, it allows any and all users who use that service to purchase unauthorized subscriptions and media. Furthermore, everyone that uses the account can see what is being watched.
Having separate user accounts has clear distinct advantages, such as:
1.) Maintaining user privacy and data privacy - only YOU see what YOU are watching
2.) Can help avoid targeting spear phishing and phishing attempts
3.) Maintain parental/child controls
4.) Allowing the ability to perform audits and view event logs based on user accounts or a specific time
There are many other advantages, feel free to comment below!
They should be notifying us in the event of a data breach...
Yep, you read that right. Another 500 million LinkedIn accounts were leaked. This includes FULL names, e-mail addresses, phone numbers, and gender information.
Data scrapers are available (freeware or software) to scrape and copy data from websites, or even the databases if they arent secured.
Claims have been made that the information is being sold on hacker forums and on the dark web.
AI is on the rise
This will allow the security team to prioritize in other areas, freeing some of their time I suppose.
Automation = less prone to human error!
London at its finest!
The World's leading AI can respond to cyber threats in real-time. With human-like intuition, it has capabilities to self-learn. The more exposure, the smarter it gets. It is flexible in many platforms - think of it like an MMA fighter, not limited to one style.
DDoS, Dos, and other bot attack attempts are simply too fast for a person to respond to; Autonomous response removes heavy lifting from the security team and fights back!
I saw a post the other day, it had her medical ID number right on the card...
COVID scammers are on the rise. Don't click on any links or texts from anyone regarding COVID testing.
Unless you specifically signed up for the shot at a particular location, don't respond to any messages.
If you are asked to purchase the shot to get on a list, it's a SCAM.
Under no circumstances should you give out any sensitive information (such as SSN or credit card) just to sign up for the shot.
Under no circumstances should you post your test results ANYWHERE.
Proud to be COVID free? - Keep it to yourself! Your card may contain sensitive information such as name, address, phone, e-mail, SSN, location or your medical ID. Scammers thrive off of this and can make you a target to steal any of information or worse yet, gain access to your medical information.
Use the copyright symbol also!
I use the copyright symbol ©
Also password phrases are common now, instead of a word use a passphrase
Instead of using the regular letter "a" for a password, trying using â. This will be much harder for anyone to guess - especially computers. Some dictionary attacks may even have trouble with it!
Lately, thieves have been targeting social media accounts, sending messages to victim while posing as a close friend (or even an employee of the government). The impersonator claims the individual is eligible for government grants (such as COVID-19, disability, etc.) and urges them to call a phone number to collect the funds.
Upon calling, the victim is asked to pay a "processing fee" (using some form of bank or verification) to receive the "grant money". No legit company will EVER ask ANYONE to pay an "upfront fee" or "administrative fee". As you may have guessed, victims of this scam not only do not receive any funds/grants, but have their money stolen from their account(s).
1. No search records are created. Ever! Thus, nothing can be traced back to you. No ip addresses, no date & time stamps, no logs, etc...
2. No ads - it's totally clean, and no ads are targeting your user behavior.
3. It's quick & efficient.They've even got an app too, so you can use it on your Smartphone.
I love duck duck go
What's the harm in having this thing - I mean this thing is here to help me, right? Anytime I have a question or need assistance, I can just say 'Hey Alexa, I need help with such and such.'
It's supposed to only record when addressed as 'Hey Alexa', or 'Alexa'. Another note of concern is that it records for an unknown period after, which most people forget about.
Additionally, records of 'personal moments' were revealed after words similar to 'Hey Alexa' were triggered. The 'Smart device' is not foolproof, and false positives can trigger such as "I like this Tesla", or "I'll help test ya", or "Give me extra". These are just simple & basic examples, there are many more!
Imagine laying with your significant other, and say, hey 'I'm going to take a fiesta', and all of a sudden Alexa starts recording.
Staff members are supposed to review random recordings for 'Quality Control', but were caught sharing the audio in chat rooms.
At the very least, you could be the new laughing stock for all of Amazon employees, or yet much worse: your data, and information could be leaked to the deep web – which can lead to much bigger issues.
Not surprisingly, Amazon denies all of this.
Goodbye Alexa and say hello forward-thinking with maggyPie.
I sent mine back
Even to have it in the house is dangerous!
Data emanation is the emission of data, and it's constant. You can't see it, hear it, or feel it. Like ultraviolet waves, we can't see them - therefore we have no clue where they are at any given moment. Credit card data is held on the chip and/or magnetic stripe, and that data can be stolen with the proper equipment and/or software.
RFID protector sleeves enclose your credit cards in a material that interrupts the path of radio waves. This is similar to a [mini] Faraday cage, as it will block all electromagnetic fields and disrupts communication between the attackers scanner & your debit/credit cards.
A growing number of robocalls (junk calls and text messages) are coming from scammers that are operating outside of the U.S. through VOIP (Voice Over Internet Protocol) - meaning they aren't going to bother paying attention to the Do Not Call Registry!
Things you should do: 1.) NEVER say 'Yes'
this can be used to authenticate permission down the road for future scams.
2.) Never say your name. Again, this could be used to verify your identy to allow them to perform a future scam!
I'd like to take a moment to reflect on our troops and those who have fallen before us, so that we may enjoy the freedom that we have today. Thank you!
As reports have shown, there have been a steady increase in positive testing of COVID-19 from January to May.
Also, there are many incidents and cases that don't get reported, so the current numbers may not reflect the true status.
With the reopening of many businesses to stimulate the economy, many people will forget about basic hygiene and return to their old ways - and unfortunately take a 'out of sight, out of mind' approach. This could cause the virus to spread like wildfire.
Reject the EARN IT Act (s. 3398) which threatens free speech, encryption, privacy, and the nation cybersecurity.
The EARN IT Act aims to combat child exploitation (online) by withholding crucial internet speech/liability protections from services unless they follow an arbitrary list of "best practices" proposed by a small committee with implicit bias.
The broad powers granted therein could require that internet services scan all private content for exploitative material, effectively circumventing the 4th amendment. This is a massive threat to privacy — particularly to encryption since security would need to be completely undermined to comply. This would severely weaken our national security & has been rejected by security experts.
Signal is recommended by the United States military. It is routinely used by senators and their staff. American allies in the EU Commission are Signal users too. End-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide.
Solutions are being discussed to help prevent the spread of the coronavirus by allowing us to keep a safe distance (at least 6 feet) from one another. This solution comes at a cost; by monitoring our location data to allow health experts to track our movements, and in turn, hopefully the virus in real-time.
Nothing new, but always good to beware!
This is a poor attempt to reduce administrative overhead; the less people they see, they less they have to listen to, the less they have to meet in person, the less relationships they have to maintain.
It's as if the interviewer doesn't want anything to do with you. It's seem as though they already made the decision for you. Thanks, but no thanks! Would you want to work for a company like that? Run far away!
Barbaric practices like this aren't anything new, so don't think they are reinventing the wheel. Furthermore, this gives them a good chance to discriminate against you (based on any number of factors) before you even meet anyone in the company.
One of the biggest offenders: Huntington bank
An unknown number of customer information was accessed through a T‑Mobile employee email account after a malicious attack via a 3rd party email vendor.
Information that was exposed: Customer names, addresses, SSNs, financial account information, government ID#s, phone #s, billing and account information, as well as rate plans and features.
Cold water can kill just as much bacteria on your hands as warmer water, research suggests. Many of us have a misinterpretation that we must use scalding hot water to clean our hands – this is simply not true.
Additionally, you only need a tiny amount of soap and about 10 seconds of running water, and put some elbow grease into it. A majority of germs are actually rinsed off your hands from the running water, further research states.
This is really interesting