Its crazy how its been over 45 years since IBM created this infamous slide and yet major companies are still like "nahhh just let the computer make the serious management decisions, it'll be just fine":

That Cloudflare Bug - This probably affects you

So some of you may have already heard that a service called Cloudflare has had a bug in which your passwords have been leaked. I’m going to quickly try to sum up what’s going on and the risk to you all.

What’s Cloudflare?

Cloudflare is a service that, to simplify, hosts backup copies of websites for faster access by you, the user (it’s a caching service). Cloudflare is used by millions upon millions of websites (over 4 million at least).

This includes, but is not limited to, Discord, Authy, Patreon, Uber and Newgrounds, to give a quick sample.

What’s happened?

Between February 13th and February 18th, a bug was present in the Cloudflare system which caused random pieces of information to be leaked to the outside world (for the techies, it was a buffer overflow error).

This random information could be anything, be it a random snippet of text, a password, credit card details, a photo you were saving. Anything.

As such, in theory, any account on a service using Cloudflare is technically compromised.

Do I panic? Is X site using Cloudflare?

No panic is required. To start with, the bug was discovered by a Google researcher, and while the impact to those whose data has leaked is potentially severe, the leaked data forms 0.00003% of all data transmitted using the service, and this data doesn’t even necessarily contain passwords and the like. There is currently no evidence this bug was found by a malicious party prior to being fixed, and it has been fixed.

For a list of sites using Cloudflare, check here.

Okay so what do I do?

For sites that contain payment information, absolutely rotate your passwords. That means you, Patreon users. Do it now.

For other sites, your own discretion is required. Most affected sites don’t feel this is a big enough issue to force a password reset, but it would be best to rotate your passwords if possible. Don’t feel like you need to go hunting down every site you’ve ever used, as the data leak will only have affected you if you were using a Cloudflare system between Feb 13 and Feb 18th, but for the services you actively use, a password reset would be prudent if nothing else.

If you use a single password across multiple services however, you’re in a different boat and should take this as a warning. Go change your passwords now, use unique passwords across services, and use something like LastPass or Keepass.

Go into STEM they said... it'll be fun they said...

In the light of recent ray-ban hacks and suspicious messages flying around I decided to give yall some tips on security

Have I been pwned?

Check if your password or any other data leaked from any site you registered at - at this cool site (my old email from my years as a growing teenager who registered on suspicious sites had been in around 8 leaks and is continuously attacked lmao)

2-factor authentication

Really peeps it’s essential in the current world. It can be a code sent to your phone/email which you have to provide while logging, or clicking ‘confirm’ on a special app on your phone. It adds an additional layer of security, so for example even if someone did breach your password, they will run into this second wall. Imagine you’re sitting there and suddenly you get a notification to confirm your login when you did nothing - that’s an instant alert that something is wrong, plus the attacker won’t log in unless you confirm.

And if you think that it sounds cumbersome and annoying to have this additional step every time you want to log in - most sites or apps can remember your trusted devices, so you do it once and then don’t need to bother until you want to log in on a different device. So really you can even forget that you have this set, while the layer of security is silently backing you up right there.

Don’t reuse your passwords!! 

One leak from a weak site and someone can get access to all of your accounts, even those secure and important ones.

Use strong passwords 

By which I don’t mean Someword123! to have an upper letter, number, and a symbol xd There are literally lists of the most common passwords and when someone wants to iterate through accounts the easiest way is to just run a program which goes through these, and there is a high chance that it gets inside :) Check out rainbow tables if you’re curious. Tbh the best passwords don’t even need to have symbols, the most important thing is that they’re LONG (e.g. 16 characters) so the time it gets to brute-force it is too long.

Password managers

It’s hard to remember different passwords when you have many accounts - use passwords managers! They are secure apps or platforms in which you can save your passwords and other data. Here is a list of some examples to consider.

They’re really cool and convenient, for example when you have a LastPass plugin in your browser it detects the login and password boxes and can automatically fill them for you. But what I want to point out by this is not just that it’s convenient because you don’t need to fill them yourself - every password remembers the site it was saved for. 

One of the common attacks is forging an identical site and scraping the data you provide on it. It’s sometimes really hard to notice that the site you’re logging in or providing your card details is fake. One way to notice it is a slight change in url, e.g. the name should have 1 letter ‘i’ but you notice it has 2, or the domain is wrong, or the site doesn’t have a valid SSL certificate. Well, password managers can help in such cases. When you go to a site and your pass manager says that you don’t have any passwords saved for this site - get suspicious and maybe open the site through the link saved in the pass manager.

Other cool features are auto-generation of passwords (so you don’t need to come up with anything and get a secure generated password), or sharing passwords through this manager which is much more secure than e.g. sending it via email or some chat if you need to.

Some things to be wary of

don’t click on links you’re not certain about (you can download a virus)

don’t open attachments 

especially the ones that end up with .exe (it’s short for executable which means that it’s literally a program. Did you expect a pdf but notice it’s named something.pdf.exe? DON’T CLICK ON THAT)

but also files like ms word or zip (more on that). So don’t open attachments you didn’t expect, and especially don’t turn on macros in them (i.e. the editing mode)

look for forged sites - generally what I described in password managers

your bank never casually asks about your password or ID, so if you get a call/message/email like that, don’t just trust that

there are so many scams like furr durr I hacked your computer and recorded you on your camera but you’ll never find the virus because iT uSeS a DrIvEr give me bitcoins. Lol. Ignore that. Or emails from “widows” who just want to magnanimously offer you money, or amazing business partnership offers, or huge sums of money inherited from someone who died without relatives but has the same surname like you. Or ohno you paid a few cents too little for this package, click on this link and pay for it so we can deliver it. Seriously, it’s so stupid, and yet somehow people get ripped off from that

I know most of these are obvious to most people but somehow it still works, so don’t be one of the unlucky victims.

Se cliccate su questo link sarete sorpresi nello scoprire quanto siete nudi qui su internet e quante cose si sanno di voi. Vi sarà rivelato (in inglese) dove siete (con un'approssimazione di una cinquantina di chilometri), che dispositivo e che browser usate, che sistema operativo avete installato, quale è il livello di carica della vostra batteria, qual è il vostro provider e la vostra velocità di download, a quali social network siete loggati…

Insomma, è probabile che dei terzi sappiano più cose della vostra navigazione in internet di quanto voi stessi sappiate e immaginiate.

Awesome!

Also, sounds like a way for them to seriously press for LetsEncrypt (which considering that more and more webhosts are enabling 1-click LetsEncrypt installs, is fucking Amazing)

I hate Cloudflare.

I didn’t care so much about it before, but now a lot of websites have turned on its automatic captcha thing that blocks the page from loading until it's done and it makes me so mad!!!!

THIS IS SO FUCKING ANNOYING!!!! ESPECIALLY ON SLOW CONNECTIONS!!!!

I click on the checkbox and it loads for a while, but then nothing happens!!! The checkbox will just go back to being unchecked, and I have to check it over and over again just to fucking access the site!!!!

So now when I go to a site and Cloudflare tries to block me, I'll just exit and go to a different site. I'll only stay if I really really want to read that content and if it can only be found on this specific site. But if I had options, I'm not staying.

Internet privacy pt-2: Using a proxy

A part two!

Yes. In the last conversion, we discussed about VPNs which are extremely useful and helpful for browsing privately. This time I want to tell you about proxies; an alternative.

So what is exactly a proxy?

A proxy is a server which replaces your IP with its own IP.

Ohh... So do you know any proxies which are free?

Yeah... there are lots of free proxies on the internet but most of them are frauds and may exploit your system instead of protecting it.

Here are some great proxies which can help you protect your system:

Tor: The free proxy you can trust.

Myprivateproxy: Best paid dedicated proxy network.

Two factor authentication adds an extra layer of security to your online accounts by requiring secondary information to verify your identity. Because privacy matters.

WordPress Hosting like a stable, secure & optimized.

Buy now: https://bit.ly/3iPSgir

Nmap Tutorial - Basic Commands & Tutorial PDF - With almost a decade under it's belt, NMap has grown into an indispensable utility for ethical hackers, pentesters & network pros alike. This NMap tutorial provides a brief background, install instructions & a walk-through of its most crucial functions. #nmap #security #development #webdevelopment - Nmap Tutorial - Basic Commands & Tutorial PDF - Haeck Design

4 Quick and Effective ways to Improve Website Security

"OS Command Injection is a type of cyberattack where an attacker injects malicious commands into the operating system through vulnerabilities in software or applications. These commands are executed directly by the system, allowing the attacker to access sensitive data or take complete control of the device. The simple case refers to elementary scenarios in which basic exploit techniques are used."