StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts in IT Security

“The fastest, safer way to get things done on the web.” is their blurb. My video clearly shows its not secure. A known phishing site and both IE and Edge allow you to it. Both Chrome and Firefox warn you it’s a known phishing site.

https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/

If you get your 2-step verification via text message it is possible, as this flaws shows, that others can redirect your calls and text messages to their phone instead. Meaning they’ll get your 2-step verification code.

Google Drive for Desktop Flaws


Putting this out there anyway, whether anyone will see this post is another thing. This is a tiny site 🙂

The number one flaw of Google Drive for Desktops when using G Suite (so in a business environment) is the lack of auditing. It states this on their support page.

https://support.google.com/a/answer/4579696?hl=en

  • Downloads from the following sources are not logged:
    Google Drive for Mac/PC sync client downloads

This essentially means someone in your organisation can upload loads of documents to their Google drive making sure they keep them as Office documents or other types (just not G Suite file types). They then install Google Drive for Desktop on their personal PC/Mac and connect their work account. This will then sync all their files to their personal desktop with no auditing. They can then copy all these files from their Drive share to elsewhere on their PC/Mac. They’ve now stolen lots of your data with no audit trace.

If you natively just use G Suites docs, this becomes harder for them to do, because they first need to download all the documents from a browser which automatically will convert them to Office. This means if they then try to open the Office docs, they can. If they leave them as G Suite documents they won’t be able to view them. This is because they will open in a browser and they will need to login with their work account to view them.

Worst still, if the person has left and their account disable. When they disconnect their work account on their personal PC/Mac, it doesn’t then wipe the files already sync to their Google Drive folder on the desktop. It keeps them available for them to actively copy or read.

I see that as a large flaw but then I’m no security expert, I just have an interest in it.

One of the most useful vids on this I’ve found.

Great guide on breaking out of applications.  More reason to lock that remote remote machine down.  Easier said than done as sometimes locking down stuff stops other things working.

 

http://www.pentestpartners.com/blog/breaking-out-of-citrix-and-other-restricted-desktop-environments/#modifyingicafiles

Running Word 2010 and run the macro

For the macro type

Shell “cmd /k cmd.exe”

Run the macro.

You now have a cmd box where you could potentially go elsewhere.

Obviously person has to have logged on successfully at least once.

In XP search in reg for cachedlogonscount

Normally at

HKLM\Software\microsoft\Windows NT\currentversion\winlogon

Normally shows the user.  Change

cachedlogonscount

to anything above 0

Maybe other references in that section that prevent it but need to compare with a working machine to find the entry blocking the cache.

Quality, quality site.

http://www.securitytube.net

Even better is these FREE download videos

http://www.securitytube.net/downloads

And a new certificate course. Considering the amount of info it’s cheap. And life time access to any updates for the life of Security Tube

http://www.securitytube.net/video/2256

And Vivek Ramachandran has a new book out

http://www.amazon.co.uk/BackTrack-Wireless-Penetration-Testing-Beginner%2527s/dp/1849515581/ref=sr_1_1?ie=UTF8&qid=1317159343&sr=8-1

(At some point I’ll update the images so they appear again – 19 4 2016)

Oddly some proxies block the small thumb nail images (Attempting to remove some words as think they are causing the work proxy to block the images)

Anyone innocent in the images can blame the fuck that attempted to rip me off.

All images recovered from the E71 I bought off some fool off Ebay, because the idiot didn’t secure wipe the Mirco SD card (R-Studio was used to recover the data. I’ve recommended it before). Arrived with a cracked screen and he/she refused to give a refund. Claimed I did it or if it was Royal Mail I should take it up with them. No, it’s up to HIM to claim it off Royal Mail.

Ebay ID of the fool is darrenscott1991

Can you get any hairier!?

Mobile numbers recovered

07598580xxx
07885291xxx
07835406xxx

I could print the whole number but have chosen not to.

So seems free WordPress Themes may not be safe.

http://www.blogher.com/frame.php?url=http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/

http://wpmu.org/when-is-a-free-wordpress-theme-really-free-some-thoughts-and-some-places-to-find-them/