Security

31 posts

Session Cookie Does Not Contain the “Secure” Attribute

Recently we scanned one of our web applications by two famous source code analysis tools: Qualy’s Web Application Scanning tool and HPE’s Fortify Static Code Analyzer, but the results are different. Qualy’s WAS picked up one XSS security vulnerability and two information disclosure warnings, but HPE’s Fortify didn’t find anything vulnerable. It would be interesting to find out why, but I am not gonna cover that today. Today I would like to talk about one […]

CCleaner not clean, distributed with malware

CCleaner is a popular and powerful PC tool that helps users to clean up their PCs by deleting temporary files, emptying recycle bins, deleting registry leftovers after program uninstall, etc. The free version is at the top of the popular software list on FileHippo.com. On September 13, 2017, Cisco’s Talos cybersecurity reported that CCleaner has been distributed with malware for almost one month, and the infected version is the 32-bit version of CCleaner 5.33 which […]

Google indexes HTTP site as HTTS, how to fix it?

A few months ago, I decided to switch my hosting provider from Arvixe to SmarterASP.net and after the switch I decided not to continue to use SSL for my site, so I terminated my SSL certificate. Within a week, I noticed that my page views have dropped tremendously, almost to single digit. After some investigation I noticed that Google still indexes my site as HTTPS instead of HTTP, even though I don’t have SSL certificate […]

Google pays users to do security checkup

To help celebrate Safer Internet Day 2016, for a limited time Google will pay users if they complete a Google account security checkup. Well, technically Google does not pay users with real money, but with 2GB of free Google drive storage permanently. So what is the catch? Well there is no catch. All you need is a quick and easy security checkup to make sure your Google account is in good shape, and it only takes about […]

Protect your router from being hacked

In the fast few days, you may have heard from some news source that some nice hacker(s) targeted unprotected routers with good intention. After hacking the router to gain access to user’s network, the hacker(s) installed some protective software that will look for spyware and remove it once found. The software can also install important updates on user’s computer and even force the user to update their computer so their computer will be up to […]

KB3087040 Windows Update fails with error 0x80004005 on Windows 10

If you are using Windows 10 and have tried to run Windows Update to keep your Windows system secure, then you might encounter this Windows Update error regarding a new KB3087040, which was released on September 21, 2005: It is very strange for such a high priority security fix, Microsoft didn’t seem to fully test it before rolling it out. By the time of writing this post, the issue with the automatic Windows Update still […]

Google proves password security questions are useless

Many companies, especially those financial institutions, ask users to answer some additional security questions, the intention is to provide one more layer of security defense to protect users’ information. For example, if a user forgot password, the system will ask the user to answer some of the security questions, if the questions are answered correctly, an email will be sent to the user with a password reset link in it. This is designed to prevent […]

New Google Chrome extension password alert protects user from phishing sites

Google released a new Chrome extension called Password Alert that will protect users from phishing websites that might try to steal user’s Google account passwords. According to Google official blog post, “Once you’ve installed it, Password Alert will show you a warning if you type your Google password into a site that isn’t a Google sign-in page.” The blog post didn’t go into details about how Password Alert works, but only mentioned that once Password […]

Google Drive unable to connect error caused by e-Rewards Notify application

If you are a e-Rewards member, you may have received an email at some point inviting you to install e-Rewards Notify desktop application. If you ever wonder it is OK to install it, then the short answer is “No, don’t install it”. The invitation email describes e-Rewards Notify as a desktop application which delivers survey invitations straight to your desktop, but if you read the detailed information about the application on e-Rewards web site, you […]

How to change Windows system settings when log in as standard user

One of the two simple tips I mentioned in my previous post is to always log in your Windows computer with a Standard User account and the benefits of doing this include: 1. No software can be installed without your permission because you will be prompted to enter the password of an account with administrator privilege before software is being installed. 2. No system setting can be changed without your permission because you need the password […]