I use Private Internet Access VPN (PIA) myself, but I receive no compensation for this endorsement. It comes highly recommended from Noah (“Ask Noah”) at Jupiter Broadcasting as well.

While VPN is generally not about hiding from law enforcement agencies (LEAs) like the FBI, it is useful to know that even if an undesirable character were to get access to your VPN provider, there would be nothing for them to find. These days, this usually means your very own ISP, unfortunately. It used to be that VPN was primarily for coffee shops, airports and other open networks, but since our lawmakers have abandoned their roles of protecting our rights, we need to protect ourselves more than ever.

When you protect yourself with a VPN, you expect to be truly secure and anonymous online. Many services claim that they keep no records, but it’s difficult to know who you can trust.

Over the years, Private Internet Access VPN has proven itself to be ethical and reliable. It provides rock-solid online protection, while also blocking ads and malware. You can currently get a three-year subscription for only $89.95 — that’s 64% off.

~ “Private Internet Access VPN Is So Private, Even the FBI Couldn’t Find Any Data

I’ve used Clonezilla to backup and restore many a hard drive, but what if I just want to mount it and pull off data? Turns out, there is no good way to do this. However, using Arch Linux, one can backup and mount disk images using ddrescue.

I recently had a Clonezilla image that I wanted to mount like a hard drive. Of course, this is easier said than done. I ran the parts through gzip and created an image file, but I still could not for the life of me mount it. What I didn’t know is that ddrescue is built into the Arch Linux install disk.
Continue reading “Backup and Mount Disk Images Using Ddrescue”

A new, very real and very widespread security vulnerability in all wifi 802.11 devices has been found. It is a notable issue because it is not a manufacturer flaw but a design flaw caused by the wifi spec (802.11) itself.

Called KRACK (Key Reinstallation AttaCKs), the problem might take time to patch because of the fracturing of various types of wifi devices. For instance, Android phones are at the mercy of the phone manufacturers and/or carriers as to when updates occur. Older routers might not even have a user-friendly update mechanism, but I’ve noticed some newer ones will actually automatically check but not necessarily automatically install. The good news, though, is that the security vulnerability in all wifi devices can be patched via software. No hardware changes are required.

Today is being called “Black Monday” in many information security circles. We have had a major Wi-Fi vulnerability announced that affects absolutely every device that supports Wi-Fi. The vulnerability allows attackers to decrypt WPA2 connections. A second vulnerability also emerged today, and we will cover that at the end of this post.

~ PSA: Severe Vulnerability in All Wi-Fi Devices

Sometimes, life happens, and you wind up with a forgotten password in Windows and have to break into the system. The below article was written for Windows l0, but the creation of an administrator account by copying some critical files about 1/3rd of the way down the page works in Windows 7 as well. All you need is a boot USB to enter Windows PE mode (or you can boot into Linux and do the same thing).

Thankfully, the process of recovering your password in Windows 10 is much the same as it has been in Windows 8 and above, albeit with a few slight tweaks. Here’s how you can recover both your Microsoft Live 10 login, as well as the credentials for any other users registered with the local machine.

~ How to Reset Your Forgotten Password in Windows 10

The short of it:

  1. Boot into Windows PE (or Linux).
  2. Navigate to the OS drive (mount it if in Linux and cd to where you mounted it).
  3. Change into the Windows\System32 directory.
  4. Rename Utilman.exe to Utileman.exe.bak.
  5. Copy cmd.exe to Utilman.exe.
  6. Reboot into Windows.
  7. When it comes to the login screen, click on the Accessibility button. This will open a command prompt.
  8. Create a new user. For example: net user John /add
  9. Add new user to local administrator group. For example: net localgroup Administrators John /add
  10. Reboot.
  11. Login as the new user. You now have free reign to enable the built-in Administrator account, or change passwords on local accounts.
  12. Don’t forget to copy the Utilman.exe.bak back to Utilman.exe and cleanup the temporary account.

Equifax has lost the keys to the kingdom in the latest security breach.

Today, it came out that “Equifax Says Cyberattack May Have Affected 143 Million Customers” in the latest Equifax security breach. While the number alone falls well short of some other recent hacks, the potential for damage makes it even more serious than both Yahoo! breaches combined. The Yahoo! breaches were serious enough because password resets usually take place via email, but at least that requires the data thieves to work harder to get more information. Since Equifax has all credit data, including Social Security numbers, it is a one-stop shop for hackers. It is sufficient information for identity thieves to present to creditors, lenders and other service providers, to include information that identifies a person as the legitimate account holder.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

While there is no evidence that “core … reporting databases” were breached, the potential exists, and, as a result, Equifax has set up a website Cybersecurity Incident & Important Consumer Information where you can put in your last name and last six of your SSN to check whether or not you qualify for free credit monitoring.

Sadly, that falls far flat from a real solution, because once the information is out there, it is out there, and it can impact someone years from now. It really is time that companies that are negligent with personal identifying data be legally liable for their lack of safeguards.

 

“Can you hear me now?” used to be at worst an annoying commercial. Now it could be a scam.

Everyone hates robocalls. However, they usually only take a bit of your time, not drain your wallet. However, there is now a scam going around that can co$t you big time! You answer the phone, and the “person” on the other end asks, “Can you hear me?” When you say, “Yes”, your voice is recorded and then used for all sorts of transactions you yourself never approved!

It’s a bad idea to ever use the word “yes” when talking to any telemarketer, but with the latest version of an old scam, saying “yes” can quite literally come…

~If A Telemarketer Or Robocall Asks “Can You Hear Me?” Just Hang Up; It’s A Scam – Consumerist

WordFence recently posted about a “highly effective Gmail phishing” campaign that has fooled or almost fooled several technically savvy people. It just goes to show that you can never allow yourself to become too complacent.

A new phishing technique that affects GMail and other services and how to protect yourself.>

~Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

Russia continues to be the bogeyman in Democratic distractions to blame anyone and everyone else for their failure to win the election. Now, the Washington Post is stirring up the pot again in “Secret CIA assessment says Russia was trying to help Trump win White House“. The truth is that the supposed story is a Russian DNC hack crock.

In another example of how far the Washington Post has lost its way (along with all the other so-called “news” media), it recently posted. True, at least they tried to “balance” the article with some dissenting voices sprinkled here and there, but the real fact is that very few “news” outlets have really investigated the truth of the matter in any kind of fact-based way. Continue reading “Russian DNC Hack Crock”