Source hitech

12/07/2023

A DAY OF INFAMY: REMEMBERING THE ATTACK ON PEARL HARBOR

ON DECEMBER 7, 1941, THE WORLD CHANGED FOREVER WHEN THE JAPANESE LAUNCHED A SURPRISE ATTACK ON THE UNITED STATES NAVAL BASE AT PEARL HARBOUR IN HONOLULU, HAWAII. THIS DAY OF INFAMY, AS PRESIDENT FRANKLIN D. ROOSEVELT SO ELOQUENTLY DECLARED, PLUNGED THE UNITED STATES INTO WORLD WAR II AND FOREVER ALTERED THE COURSE OF HISTORY.

06/26/2023

https://sourcehitech.tech/nascar/

In the world of motorsports, NASCAR stands out as one of the most popular and thrilling racing competitions. While speed, skill, and strategy are integral to

07/19/2018

Microsoft Identity Manager (MIM)

Microsoft Identity Manager (MIM) 2016 builds on the identity and access management capabilities of FIM 2010 R2. Like its predecessor, MIM helps you manage the users, credentials, policies, and access within your organization. Additionally, MIM 2016 adds a hybrid experience, privileged access management capabilities, and support for new platforms.

In addition to existing identity management functionality included in FIM. MIM 2016 provides new features and enhancements such as:

Privileged Identity Management
New functionality in certificate management
Certificate Management REST API Reference
Support for multi-forest topologies.
A Windows app for virtual smartcard
Updated events and troubleshooting capabilities.
Self-service scenarios now include Account Unlock and Azure MFA (multifactor authentication) gate for Password Reset.
Hybrid experience
Microsoft Identity Manager 2016 works alongside Azure AD to give you control over your full environment. Hybrid reporting in Azure AD presents your cloud and on-premises data in one place. Also, the Self Service Password Reset portal supports Azure multi-factor authentication (MFA).

Privileged Identity Management
Privileged Identity Management controls and manages administrative access by providing temporary, task-based access to sensitive resources. This means you can give users only as much permission as necessary, which lowers the chances of a cyber attacker gaining full administrative access. In addition, Privileged Identity Management extracts and isolates administrative accounts from existing Active Directory forests.

MIM supports an on-premises Privileged Identity Management solution for managing Active Directory. To get started, Use Privileged Access Management.

Related topics
Microsoft Identity Manager is still closely related to its predecessor, Forefront Identity Manager. If you still use FIM, or want to refer to additional documentation, take a look at the FIM 2010 R2 Documentation Roadmap.
Topology considerations for deploying MIM This article introduces multiple deployment topologies that you may consider implementing.
Capacity planning guide You can use this guide, along with test environments, to understand the appropriate scope for your

07/19/2018

Microsoft Offers $100,000 Bounty for Finding Bugs in Its Identity Services

Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its "identity services."
Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk.
Since new security today depends on the collaborative communication of identities and identity data within, and across domains, digital identities of customers are usually the key to accessing services and interacting across the Internet.
Microsoft said the company has heavily invested in the "creation, implementation, and improvement of identity-related specifications" that encourage "strong authentication, secure sign-on, sessions, API security, and other critical infrastructure tasks."

Therefore, to further bolster its customers' security, the tech giant has launched an all-new, and independent bug bounty program.
Dubbed Microsoft Identity Bounty Program, the newly-launched bug bounty program covers Microsoft Account and Azure Active Directory identity solutions, as well as some implementations of the OpenID specifications.
The payouts for the new Microsoft Identity Bounty Program range from $500 to $100,000, depending upon the impact of security researchers and bug hunters find.

{{{{"If you are a security researcher and have discovered a security vulnerability in the Identity services, we appreciate your help in disclosing it to us privately and giving us an opportunity to fix it before publishing technical details," wrote Phillip Misner, Principal Security Group Manager.}}}}

{{{{"Submissions for standards protocol or implementation bounties need to be with a fully ratified identity standard in the scope of this bounty and have discovered a security vulnerability with the protocol implemented in our certified products, services, or libraries."}}}}

If you want to take part in the Microsoft Identity Bounty program, you'll need to offer high-quality submissions that reflect the research that you put into your finding, and share your knowledge and expertise with Microsoft developers and engineers, so they can quickly reproduce, understand, and fix the issue.

To be eligible for payouts from Microsoft, you will need to meet the following criteria:
Identify an original and previously unreported critical or important flaw that reproduces in Microsoft's Identity services listed within scope.
Identify an original and previously unreported flaw that results in the taking over of a Microsoft Account or Azure Active Directory Account.
Identify an original and previously unreported flaw in listed OpenID standards or with the protocol implemented in Microsoft's certified products, services, or libraries.
Submit against any version of Microsoft Authenticator application, but bounty awards will only be paid if the vulnerability reproduces against the latest, publicly available version.
Include a description of the issue you found and concise reproducibility steps that are easily understood. (This allows submissions to be processed quickly and supports the highest payment for the type of vulnerability being reported.)
Include the impact of the vulnerability.
Include an attack vector if not obvious.
Also, the vulnerability must impact one of the following login tools:
login.windows.net
login.microsoftonline.com
login.live.com
account.live.com
account.windowsazure.com
account.activedirectory.windowsazure.com
credential.activedirectory.windowsazure.com
portal.office.com
passwordreset.microsoftonline.com
Microsoft Authenticator for iOS and Android applications
Higher payouts are given to the researchers based on the quality of their report and the security impact of the vulnerability they found.
Lower amounts are typically given for vulnerabilities that require significant user interaction.

Source: The hackers news.

08/30/2016

Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week.
Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser.

So, if you’ve been using Opera’s Cloud Sync service, which allows users to synchronize their browser data and settings across multiple platforms, you may have hacked your passwords, login names, and other sensitive data.

"""""""Opera confirmed its server breach on Friday, saying the "attack was quickly blocked" but that it "believe some data, including some of [their] sync users’ passwords and account information, such as login names, may have been compromised.""""""""

Opera has around 350 Million users across its range products, but around 1.7 Million users using its Sync service had both their synchronized passwords as well as their authentication passwords leaked in the hack.
Since the company has already reset passwords of all of its registered Opera Sync users and emailed them with details, you need not worry about your account.

"""""""""""""""Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution," Opera Software explained in a blog post."""""""""""""""""""

Additionally, the company has also informed all Opera Sync users about the security breach and recommended them to change passwords for their Opera Sync accounts as soon as possible. You can obtain a new password for Opera sync using the password resetting page.

The complete details about the intrusion and extent of the breach are yet unknown.
Opera Software encouraged users to reset passwords for any third party websites they may have synced with its service.
However, if you are the one using the same password for multiple sites, you are also advised to change your passwords for those sites manually.
Since we’ve repeatedly seen folks reusing passwords across multiple services with recent high-profile account hacking, you are advised to use a good password manager always to keep a strong, unique password for your online accounts.
We have listed some best password managers that would help you understand the importance of password managers and choose a suitable one according to your requirement.

08/09/2016

How Your Computer Monitor Could Be Hacked To Spy On You.

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked.
You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen.
Although changing pixels is really hard and complicated, a team of security researchers at this year’s DEF CON says that it is not impossible.
Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images.
How to Hack Computer Monitors?
According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display.
The duo said they discovered the hack by reverse-engineering a Dell U2410 monitor, though it was not an easy process, as it took over two years.
In the process, the pair found out that Dell had not implemented any security measures with regard to the process to update the display controller’s firmware, which allowed for this hack.
This means that anyone with malicious intent and access to the monitor’s USB or HDMI port would be able to hijack monitor — which involves injecting malicious firmware with the help of a drive-by attack — as well as manipulate the on-screen pixels.
The researchers developed a working exploit, saying "We can now hack the monitor and you shouldn’t have blind trust in those pixels coming out of your monitor."
How Dangerous could the Monitor Hack possibly be?
Changing a single button could cause a huge amount of damage to the nation. The team gave an example by changing the status-alert light on the control interface of a power plant from Green to Red, which could trick someone into shutting down the power plant.
During their presentation, Cui and Kataria were also able to inject a photo onto a display and add a secure lock icon to the address field of a Web browser.
In one example, the team even demonstrated the ability to change PayPal balance from $0 to $1,000,000,000.
So, hackers do not require to infect your computer with a ransomware infection. If they can hack your monitor, they can manipulate the pixels to display a ransomware message permanently on your screen, demanding payment to remove the message.
This could be a new strain of computer-based Ransoming.
What's even Worse?
The hacker could log the pixels generated by the monitor and effectively spy on the target users.
The pair warns that this issue does not limit to just Dell monitors, but also potentially affects one Billion monitors all over the world, given that all of the most common brands have vulnerable processors.
However, there's a downside to this attack.
This type of attack is pretty easy to detect, as the image on a screen does not load nearly as fast as it would have before being infected.
So it's possibly not the most efficient way to manipulate things quickly on the computers of victims, who are sitting in front of their computers all the time.
But what about industrial control systems monitors, whose displays are mostly static?
Well, if hackers target industrial control console, the attack might be a lot harder to detect. So, stop trusting your monitors, peeps!

those who are interested in code.

visit
https://github.com/redballoonshenanigans/monitordarkly

05/08/2016

"Wellness isn't about
deprivation and it's not
about
perfection. It is about
pointing yourself in the
direction of
growth, training yourself
to get comfortable with
your highest
potential, and then
taking small steps to
support that shift.
It's about showing up
for yourself, day by day,
and then one
day finding that you've
undergone a
transformation."

01/22/2016

Google to Speed Up Chrome for Fast Internet Browsing

Google is planning to make Chrome faster in order to provide its users fast Internet browsing experience.
Thanks to a new, open-source data and web compression algorithm for the Internet called
Brotli, which Google announced last year to boost its web page performance.
With Brotli, Google will speed up Chrome and users could get a significant performance boost in coming months.

Google introduced Brotli last September and claimed that the new algorithm is a "whole new data format" that could reduce file sizes by up to 26 percent higher than Zopfli , the company's three-year-old web compression technology.
Net result – Fast Internet Browsing
In a post on Google+ on Tuesday, web performance engineer at Google Ilya Grigorik
announced that the new algorithm is coming to Chrome soon, which will change the way files are compressed, improving loading speeds by a quarter.
Besides faster loading speeds, Brotli also have additional benefits for smartphone users, which includes:
Lower data transfer fees
Reduced battery use
Brotli is currently in beta testing mode, with a current status " intent to ship ", however, it is likely to be rolled out with the next stable release of Chrome.
Advantages of Brotli

Advantages of Brotli
Brotli outperforms gzip for typical web assets (e.g. css, html, js) by 17–25%.
Brotli -11 density compared to gzip -9:
html (multi-language corpus): 25% savings
js (alexa top 10k): 17% savings
minified js (alexa top 10k): 17% savings
css (alexa top 10k): 20% savings
Chrome to Speed Up Web Page Performance Over HTTPS
At present, Brotli is restricted to HTTPS connections, and if you are curious to see Brotli in action, you can activate the feature in
Chrome Canary , which is Google's browser for testing new features.
Thereby, you can carry out internet speed test with the help of various website performance testing tools to know what difference Brotli makes to your Internet browsing experience.
So, Get Ready to Speed Up Chrome and make your web page performance faster.