Risen Consulting, LLC

Technology Consulting for your business

MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications

Written By: T C - Feb• 19•22

Malicious hackers are targeting Office 365 users with a spare of ‘MFA fatigue attacks’, bombarding victims with 2FA push notifications to trick them into authenticating their login attempts.

This is according to researchers from GoSecure, who have warned that there is an increase in attacks that are exploiting human behavior to gain access to devices.

Multi-factor authentication (MFA) fatigue is the name given to a technique used by adversaries to flood a user’s authentication app with push notifications in the hope they will accept and therefore enable an attacker to gain entry to an account or device.

read more…..

Posted in Uncategorized | Comments Off on MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications

Chinese state ‘likely’ linked to cyber spies targeting human rights workers

Written By: T C - Dec• 30•19

https://news.sky.com/story/chinese-state-likely-linked-to-cyber-spies-targeting-human-rights-workers-11897164

Posted in Uncategorized | Comments Off on Chinese state ‘likely’ linked to cyber spies targeting human rights workers

Explore a Google data center with Street View

Written By: T C - Oct• 20•12

Now THIS is a Data Center!

Posted in tech , , , , , , , | Comments Off on Explore a Google data center with Street View

Apple removes Java from all OS X Web browsers

Written By: T C - Oct• 20•12

Apple has further distanced itself from Oracle’s Java software framework with a Mac update released on Wednesday that removes a Java plugin from all Mac-compatible Web browsers.

Users who install the update will find a browser placeholder when they encounter Web-based content that requires Java, according to Sophos security researcher Paul Ducklin. "If you want to run Java applets in your browser on Mac OS X, you need to install the official Oracle Java runtime on the system to do that," another blogger on ghacks.net wrote. "Yes, that runs them in parallel with Apple’s version for Java. For users that need both, it means to take care of two versions of Java on the system from that moment on."

Wednesday’s update is the latest example of Apple distancing itself from Java. Apple stopped including pre-installed versions of Java in OS X and instead gives users the option to install the framework. More recently, Apple issued an update that turns off Java in the browser when users haven’t used it recently.

The move follows advice from a variety of sources, Ars included, that users who don’t regularly use Java should uninstall it from their systems. That will decrease the attack surface hackers target when looking for software vulnerabilities that allow them to install keyloggers and other malicious software on the computers they target. Ars recognizes this advice has proved controversial in the past, particularly to developers whose livelihoods depend on the wide availability of the Java platform, so readers are encouraged to think and decide for themselves.

Over the past five years or so, Java has emerged as one of the most widely exploited software packages. This is due to its wide availability on computers running Windows, OS X, and Linux and because of the ease hackers have in exploiting vulnerabilities. Calls to uninstall Java grew louder in August after word emerged that a critical Java vulnerability was under real-world attack. Within 24 hours of that discovery, attack code exploiting the vulnerability was added to BlackHole, a hack-by-numbers exploitation kit sold in underground forums. It took Oracle almost a week to fix the flaw, and even then, related critical bugs were discovered almost immediately.

via Apple removes Java from all OS X Web browsers | Ars Technica.

Posted in Uncategorized , , , , , , | Comments Off on Apple removes Java from all OS X Web browsers

Scan For Active WiFi Hotspots Easily Right From Mountain Lion [OS X Tips]

Written By: T C - Aug• 06•12

While traveling, it’s helpful to be able to find a strong WiFi signal, whether you need to check your email, review your latest notifications on Facebook, or actually get some work done. You can click the little WiFi rainbow icon in the menu bar obsessively, waiting for the “Searching for networks” message to end, of course, but it’s nice to have an app running that will just scan your environment and tell you what WiFi networks are available.

I used to do this with a third-party app, like MacStumbler or iStumbler. Not anymore, though, as there’s a built-in WiFi scanner right in Mac OS X Mountain Lion.

It’s rather buried, though, so you’ll want to take the following steps to get the app into your Dock, or your Launchpad. Click on the Finder icon in your dock, or Command-Tab over to the Finder. Press Command-Shift-G and type in the following file path: /System/Library/CoreServices/. Click the Go button and that folder will show up in your view. Scroll down to the Wi-Fi Diagnostics App, and then click and drag it to your Dock, or to your Launchpad icon for easy access later.

Once you’ve done that, launch the Wi-Fi Diagnostics App and hit Command-N as soon as the app appears (ignore the window that shows up first for our purposes here). When you do so, the Network Utilities window will appear. Click on the Wi-Fi Scan button in the top center, and you’ll see a list of all available Wi-Fi networks in your immediate area.

Click in the lower right, where it says Scan and choose Active Scan. Now you can leave the app running, and walk your Macbook around to find the best signal for your needs. You can find the strongest signal area in your house or place of business this way, or just use it to find the strongest free Wi-Fi signal when travelling. Good stuff, really. To join the network, though, you’ll need to click the Airport menu bar icon as per usual and connect that way. Still, it’s helpful to have this kind of tool built right in to the Mac OS X Mountain Lion features, right?

via Scan For Active WiFi Hotspots Easily Right From Mountain Lion [OS X Tips] .

Posted in tech , , , , | Comments Off on Scan For Active WiFi Hotspots Easily Right From Mountain Lion [OS X Tips]

CyanogenMod 10 ported to the Google Nexus 7

Written By: T C - Jul• 28•12

The Google Nexus 7 may be the first tablet to ship with Google Android 4.1 preloaded. But that hasn’t stopped independent developers from building custom ROMs for the tablet. One of the first is an unofficial build of CyanogenMod 10 for the Nexus 7.

Like the tablet’s default software, it’s based on Android 4.1 Jelly Bean. But it also includes CyanogenMod enhancements including a a customizable lock screen, additional options for the power widget, and support for USB OTG — which means you can plug in a USB flash drive if you have an adapter cable.

CM10 is the first version of the popular CyanogenMod operating system to be based on Android 4.1, and the developers have only been working on the software for a few weeks.

There’s not an official build available for the Nexus 7 yet, but xda-developers form member winner00 compiled his own build based on CyangoenMod source.

If you’ve already rooted your Nexus 7 and installed ClockworkMod or TWRP custom recovery, you can download the latest version of winner00′s CM10 Kang from the xda-developers forum and flash it through your recovery app.

It’s probably a good idea to use your recovery tool to make a backup of your device first, in case anything goes wrong. While most things are working in the CM10 Kang, it is an experimental build so there’s always a chance you might want to go back to the default Android firmware.

via CyanogenMod 10 ported to the Google Nexus 7.

Posted in tech , , , , , , , , , | Comments Off on CyanogenMod 10 ported to the Google Nexus 7

How to change the Nexus 7 user interface to full tablet mode

Written By: T C - Jul• 28•12

The Google Nexus 7 tablet has a user interface that looks like a cross between the Google Android UI for smartphones and tablets. With Android 3.0 through Android 4.0, things were pretty clear-cut: If you had a phone, the notification area was at the top of the screen and you couldn’t rotate the home screen. On tablets, it was at the bottom and rotation was supported.

But Android 4.1 on the Nexus 7 includes a notification area at the top of the device, home, back, and recent apps buttons at the bottom, and a default home screen that doesn’t rotate. It’s a 7 inch tablet that works more like a phone — unless you apply a patch that makes it work like a 10 inch tablet.

Google still supports the same full tablet mode we saw in Android 4.0 and earlier, but only for tablets with larger displays. The new user interface we see on the Nexus 7 is designed specifically for 7 inch tablets.

When you run some apps you’ll see the two-pane view that you get with 10 inch tablets, but overall the user interface looks more like the one you’d expect for a phone. It’s not a bad way to do things — but if it’s now what you’re looking for, there are other options.

The operating system doesn’t actually know what size your screen is. It just knows how many pixels your screen can display, what the pixel density is, and what the cutoff is for showing the 7 or 10 inch versions of the Android interface. So there are a few ways to trick the Nexus 7 into thinking it should display the notification bar at the bottom.

If all you want is a home screen that can rotate, you can install any number of apps from the Play Store, including Nova Launcher, ADW Launcher, or Apex Launcher.

But if you want to use the full tablet UI, you’ll need to root your Nexus 7 and make some changes.

Option 1: Change your LCD Density

This is the easiest way to enable the tablet UI (for now). Once you’ve rooted your tablet, just install an app such as ROM Toolbox that allows you to change your LCD density. You can find that option in the build.prop Tweaks section of ROM Toolbox.

The default setting for the Nexus 7 is 213. But if you change it to something between 160 and 170, the tablet should automatically display the full Android user interface.

Unfortunately there’s a down side to this method. The Nexus 7 has a 1280 x 800 pixel display. Normally that just means text, images, and other content will look less pixelated on the tablet than on a Kindle Fire or another 7 inch tablet with a 1024 x 600 pixel screen. But if you change the LCD density, text, images, and other content will look smaller on the Nexus 7 as well.

Basically what you’re trying to do is cram all the content that would normally be displayed on a 10 inch screen onto a 7 inch screen. If you have great eyesight or like holding tablets very close to your face, this might be a good thing. If not, you might be interested in the second option.

Option 2: True Tablet UI Patch

A group of folks at the xda-developers forum found a setting in the Android 4.1 code called ShortSizeDP. Basically this tells the operating system whether to use the phone, 7 inch tablet, or larger tablet user interface depending on your screen resolution and LCD density.

If you change the ShortSizeDP, you can get the full tablet user interface without making all the text and graphics smaller.

So they’ve posted a True Tablet UI Patch that lets you do that.

It’s still a work in progress and only works if you’re running a deodexed version of Android 4.1 on your Nexus 7. Eventually the plan is to release a version that makes it easy to switch between full tablet and 7 inch tablet modes, so if that’s what you’re looking for you might want to keep your eye on the xda-developers forum thread and wait.

For now, just make sure to use ClockworkMod Recovery or TWRP to backup your device before applying the patch — that way you can always restore from the backup if you’re not happy with the results.
via How to change the Nexus 7 user interface to full tablet mode.

Posted in tech , , , , , , , | Comments Off on How to change the Nexus 7 user interface to full tablet mode

US judge dismisses Apple patents lawsuit against Motorola

Written By: T C - Jun• 23•12

A U.S. federal judge Friday ruled that Apple cannot seek an injunction against Motorola Mobility in its smartphone patents lawsuit, tossing out the case "with prejudice," meaning that neither side can refile, although the ruling could be appealed.Judge Richard Posner of U.S. District Court for the Northern District of Illinois had previously ruled that testimony of various expert witnesses was inadmissable and earlier this month tentatively concluded that the case would have to be dismissed. He canceled the trial date, but agreed to a request from Apple for a hearing where both sides could make their case for damages claims. His 38-page ruling issued Friday evening made it clear that he wasnt moved by the arguments he heard."It would be ridiculous to dismiss a suit for failure to prove damages and allow the plaintiff to refile the suit so that he could have a second chance to prove damages," Posner wrote, adding that he was therefore dismissing the suit with prejudice…..read more…

via US judge dismisses Apple patents lawsuit against Motorola.

Posted in tech , , , , | Comments Off on US judge dismisses Apple patents lawsuit against Motorola

Comcast suspends 250GB data cap—for now

Written By: T C - May• 17•12

Cable giant Comcast, one of the largest Internet providers in the US, today announced a suspension of its 250GB/month data cap policy while it looks for better alternatives.The two new approaches it has in mind dont differ radically from the current setup, but they do improve it modestly by increasing data limits for all users. Comcast will trial the scenarios in two different markets this year to be named later, and it will not enforce the cap at all for customers not in a test market. Comcast draws a distinction between “enforcing” the 250GB data cap and "contacting the very small number of excessive users about their usage"—which will continue.Here are the two proposed approaches to limiting monthly data use:Customers of Comcasts least-expensive Internet plans Internet Essentials, Economy, and Performance would receive 300GB of data per month. Those who subscribe to faster plans would get “increasing data allotments for each successive tier of high-speed service." Anyone who still exceeds the limit could purchase more data—$10 for 50GB.All Comcast customers would get 300GB data caps and could purchase extra data for $10 per 50GB.The first approach, obviously preferable to bandwidth-hungry users, could give users significant data cap boosts after four years at the older 250GB limit. The second approach simply provides 20 percent more data to everyone—divided across the four years the 250GB cap has been in place, this is extremely modest, though its still unlikely to cause problems for all but the heaviest users.Comcast says the changes arent being spurred by an increase in customers bumping up against the current limit. "We are not doing this because all of a sudden we have large numbers of customers who are approaching the 250GB cap," Comcast VP David Cohen said on a phone call with journalists today.Weve been asking companies like Comcast and AT&T for years why, if data caps arent about choking off nascent competition from Internet video, the caps havent increased as core bandwidth costs have fallen. Clearly, the issue has become a concern to Comcast, which says on its corporate blog today that it has "never had any intention to limit the lawful use of the Internet or restrict our customers ability to view online video.” And the company goes out of its way to say that it has “consistently treated all video carried over the public Internet the same whether it comes from our sites or anywhere else on the public Internet."But the whole notion of the "public Internet" has caused problems of its own for Comcast, which insists that traffic it carries internally over a separate IP network doesnt count as the "public Internet." Thats why it can offer Comcast video streams to the Xbox 360 without having them count against a users data cap, even though Netflix video streamed to the same console would.That move, announced a few weeks ago, sparked renewed criticism of both "data caps" and the approach to "managed services" that treats IP packets on the same wire differently from one another. While Comcast has been working on the new data cap plans for six months, the company notes that "in recent weeks, some of the conversation around our new product introductions focused on our data usage threshold rather than on the exciting opportunities we are offering our customers."Cohen also made clear that the data caps discussion preceded the recent controversy. "Theres been a little bit of noise recently with the launch of our Xfinity application on Xbox," he said, "but this has been part of an ongoing discussion at this company for several years and intensive analysis over the past six months."The new plans thus try to remove the sting from arguments about data caps and video competition by showing that Comcast doesnt fear its users accessing online video—even hundreds of gigabytes of it per month. Comcast is willing to increase their limits to prove it.

via Ars Technica.

Posted in tech , , , , , | Comments Off on Comcast suspends 250GB data cap—for now

Forget Apple: Oracle to bring Java security fixes directly to Mac users

Written By: T C - May• 05•12

Oracle released Java SE 7 Update 4 this week, which finally gives Mac owners the means to receive critical Java security patches at the same time they’re available for users of Windows and Linux operating systems. The new release means that OS X should be receiving regular Java updates directly from the source—helping to prevent attacks like the recent Flashback infection—as well as a fully supported Java development environment.

Before this week, Apple built and released a version of Java for OS X on its own, and often lagged weeks or months behind Oracle in pushing out updates that patched serious security holes. However, Apple deprecated its own Java Virtual Machine (JVM) and other tools in 2010. Though the company committed to maintaining Java for Leopard and Snow Leopard, it warned that "developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X."

Former Apple CEO Steve Jobs explained the reasoning behind the change in an e-mail to a concerned Java developer in late 2010. "Sun (now Oracle) supplies Java for all other platforms," Jobs reportedly wrote. "They have their own release schedules, which are almost always different than ours, so the Java we ship is always a version behind. This may not be the best way to do it."

In other words, Oracle was responsible for Java development on Windows, Linux, and other platforms, and would be going forward for OS X as well.

However, updates for Java on the Mac continued to lag behind other platforms. This lag is largely responsible for the recent Flashback trojan infection which created a botnet of more than half a million Macs. Though Oracle had long since patched the hole that was exploited for the attack, the patch hadn’t made its way into versions for Snow Leopard or Lion.

Beginning in the latest update to Java SE 7, however, Oracle has made OS X (from Lion forward) a fully supported platform for both Java deployment—including a Java Platform 1.7 compliant JVM—and Java development. Update 4 includes a full OS X version of the Java Development Kit (JDK) and JavaFX 2.1.

via arstechnica.

Posted in tech , , , , , | Comments Off on Forget Apple: Oracle to bring Java security fixes directly to Mac users
123>>