TeamViewer: Talk about partly or fully handing over your keys to the kingdom publicly and please upgrade from XP

Last month or year, December 2017 and this month January 2018 I was away on holiday driving from England to Europe and back again. I am always on the lookup for poor physical and cyber security. At a top German tourist sight, I spotted this and couldn’t resist taking a photo.

In a very public place was a large screen running XP with a TeamViewer window open. TeamViewer is a very well known remote control product and it authenticates usually with a unique ID + password or numerical PIN. If I was malicious I could have downloaded the TeamViewer app, entered the nine-digit ID and if I was lucky the screen would display the PIN or password. If not a simple call to the tourist office could provide it – social engineering.

Read more ...

20 new website security tips just added to the Security Guide

See: https://www.datasecurityexpert.co.uk/it-security-guide/the-guide/websites.html.

How the Daily Express accidentally DDoS’ed a small Limerick based design agency (again!*)

This is a follow up from “DNS is the backbone of the internet, get it wrong and it can cause serious problems - just look at the Daily Express website”. On Tuesday this week I visited the Daily Express by typing in it’s address manually not using a search engine. A search engine would take you to www.express.co.uk but enter it manually and you go to http://express.co.uk.

As covered last time the www A record sends you to www.express.co.uk and the @ A record sends you to http://express.co.uk. On entering http://express.co.uk on Tuesday I ended up at www.bluechief.ie. Both Blue Chief and the newspaper use Dublin. AWS for their hosting. I tweeted to Blue Chief and The Daily Express, and emailed The Daily Express on the same day of discovering the issue.

Read more ...