cloud9cybersecurity.wordpress.com
Open in
urlscan Pro
192.0.78.12
Public Scan
Submitted URL: https://www.cloud9cybersecurity.com/
Effective URL: https://cloud9cybersecurity.wordpress.com/
Submission: On July 12 via automatic, source certstream-suspicious — Scanned from CA
Effective URL: https://cloud9cybersecurity.wordpress.com/
Submission: On July 12 via automatic, source certstream-suspicious — Scanned from CA
Form analysis
4 forms found in the DOMPOST https://subscribe.wordpress.com
<form action="https://subscribe.wordpress.com" method="post" accept-charset="utf-8" data-blog="143788170" data-post_access_level="everybody" id="subscribe-blog">
<p>Enter your email address to follow this blog and receive notifications of new posts by email.</p>
<p id="subscribe-email">
<label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Email Address: </label>
<input type="email" name="email" style="width: 95%; padding: 1px 10px" placeholder="Email Address" value="" id="subscribe-field" required="">
</p>
<p id="subscribe-submit">
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="143788170">
<input type="hidden" name="source" value="https://cloud9cybersecurity.wordpress.com/">
<input type="hidden" name="sub-type" value="widget">
<input type="hidden" name="redirect_fragment" value="subscribe-blog">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="369559f137"> <button type="submit" class="wp-block-button__link"> Follow </button>
</p>
</form>
POST https://subscribe.wordpress.com
<form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;">
<div>
<input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address">
</div>
<input type="hidden" name="action" value="subscribe">
<input type="hidden" name="blog_id" value="143788170">
<input type="hidden" name="source" value="https://cloud9cybersecurity.wordpress.com/">
<input type="hidden" name="sub-type" value="actionbar-follow">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="369559f137">
<div class="actnbr-button-wrap">
<button type="submit" value="Sign me up"> Sign me up </button>
</div>
</form>
<form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
<textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email (Required)</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name (Required)</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>
POST
<form method="post">
<input type="submit" value="Close and accept" class="accept"> Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. <br> To find out more, including how to control cookies, see here: <a href="https://automattic.com/cookies/" rel="nofollow">
Cookie Policy </a>
</form>
Text Content
Skip to content CLOUD9 CYBER SECURITY Security Through Education™ Menu * Home * Contact HOW TO REPORT A CYBERSECURITY INCIDENT (EX: RANSOMWARE) IN US & CANADA Featured Even if you are the greatest cybersecurity expert on the planet, the chances are that at some point you will be hacked, ransomwared or otherwise compromised. In those cases the best case of action is to report the incident to the proper authorities, which usually deal with cybersecurity criminals. Now, some of you may think “what is the point, they will do nothing because my case is so small” and that might be close to the truth, but there is always value of providing data which, even if it doesn’t resolve your immediate case, might prove consequential for resolving related cases in the future. Both US and Canada have federal agencies which deal with cybersecurity breaches and which have reporting mechanisms online. One word of caution, if you have evidence of child molestation or human trafficking, immediately call your local police headquarters phone number and report, before even going online. US authorities offer two ways of reporting cybersecurity incidents online. You can report the incident directly to the FBI (Federal Bureau of Information) at https://ransomware.ic3.gov/default or you can report the incident to CISA (Cybersecurity and Infrastructure Agency) at https://www.cisa.gov/forms/report . The FBI reporting site looks like this: While the CISA reporting site looks like this: Canada also has an online form for reporting cybersecurity incidents which is connected to the RCMP (Royal Canadian Mounted Police) which performs the duties of local police in counties which cannot afford its own dedicated police service, but also performs the duties of a Canadian Federal Police, basically the equivalent of the US FBI. A cybersecurity incident in Canada can be reported at https://www.cyber.gc.ca/en/incident-management: One additional complication with reporting a cybersecurity incident in Canada is that you need to create a Governmant du Canada or GCKey account: This might dissuade many people from reporting a cybersecurity incident in Canada, and the Canadian Government would be advised to simplify the process in accords to the US Government if it wants to have a realistic reporting of the number of incidents. The GC key and Government of Canada logins require extensive verification, including entering bank accounts credential from major financial institutions (while online banking affiliates like Simplii or Tangerine are not accepted). In both cases, after you enter the details of the cybersecurity incident, even if you don’t receive an acknowledgement, you may rest assured that your information has been entered in the global database and might help with solving future major breaches and crimes. cloud9cybersecurity Cyber Security Leave a comment October 24, 2023 2 Minutes GIGABYTE MOTHERBOARD BACKDOOR FIASCO If you follow Cyber Security news you’ve definitely seen the articles about Gigabyte’s Motherboards having a “backdoor” – basically an automated update process that runs in the background, unknown to the user, which contacts Gigabytes web site to check for firmware updates and downloads them and installs them without any prompting, passwords or user authentication. Very useful, some might think? Customer-friendly, right? Well, this was probably the argument within Gigabyte when this was implemented. Someone within Gigabyte decided to take the “Customer Obsession” paradigm to its extreme conclusion and implement this atrocious functionality which opened up over 400 models of motherboards to every hacker in the world, no matter how incompetent, since Gigabyte just did the actual hacking for them. All hackers needed to do is just replace their own payload within the firmware update and – voila! The wet dream of every hacker – smuggling an executable program behind OS defenses – has been given out on a silver platter. The company that discovered the backdoor, Eclypsium, published an extensive blog post on what the backdoor does and where it was discovered (from 200 initially to 400+ models right now) and also have prepared a free PowerShell script (no admin privileges required) that will check if your motherboard is one of the compromised ones (https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/). The news was picked up by many outlets, but also, as it is common, the newsworthiness passed in about 3 days for most, and they just moved to the next hot issue of the day. The article in Wired is very extensive and explains all the different moving parts (https://www.wired.com/story/gigabyte-motherboard-firmware-backdoor/). Their title says “Millions of Motherboards” have been compromised, but with the models with backdoor rising up to over 400 under additional scrutiny, we probably went from single digit to double digit millions. So what is the gist of the problem? Even under cursory analysis, two distinct factors, ever-present in the tech industry, become obvious. The first is this fad that has taken the tech world over the last few years of “Customer Obsession”. It would be as if the doctor was asking the patient what treatment they should be prescribed for their illness. There is a great article in the Harvard Business Review from 2010 “Stop Trying to Delight Your Customers” (https://hbr.org/2010/07/stop-trying-to-delight-your-customers) . The authors are not against proper Customer Service, but they are definitely against vendors and vendor managers bending over backwards to satisfy every customers’ whim. The authors show data that extreme customer satisfaction does not directly correlate with retention, nor with increased revenue. Quite the opposite – customer are turned off by vendors who are “Trying too Hard”. It seems that, in this case, Gigabyte folks did not read the HBR article, and decided to make the firmware update “invisible and seamless” to the customer without any interaction required. That might sound positive, however it opens the Pandora’s Box that by far outweighs any marginal customer satisfaction increase. Basically these folks did a horrible damage to the customers’ security posture, by opening a channel within their firmware for any hacker to attach a malicious payload, without any security checks or even a password required. The second obvious reason is that many tech companies out there do not take cyber security risk seriously. We see this over and over in IoT and other fields (see previous articles) where gaping cyber security holes are left open for months, and even years, before they get fixed, since the vendor doesn’t consider them a priority. This attitude, which pushes the cyber responsibility from the manufacturer to the end-user, is quite common and very dangerous and damaging. The hackers (especially state-sponsored ones) are rubbing their hands in glee to such approaches. Of course, every company wants to maximize their profits and customer retention, but pandering to every customer whim is actually detrimental to this goal. Customers are much better off when they are educated and directed to the approach that is right for their specific situation. cloud9cybersecurity Cyber News, Cyber Security Leave a comment July 4, 2023February 20, 2024 3 Minutes HOW TO CONFIGURE MICROSOFT EDGE TO DELETE ALL BROWSING INFORMATION Microsoft Edge is the replacement for the aging Internet Explorer and is based on the libraries that are the foundation for Google Chrome. Although the base is the same, at the top level Edge has plenty of differences with Chrome. One of these is the Privacy and Security section which looks different and contains a set of different options that we’re going to cover in this article. To start with go to the three-dot menu in the top right and open “Settings”. In the Settings menu on the left choose “Privacy, search and services”. The first option, “Tracking prevention” is fine with the “Balanced” setting, a the “Strict” setting will break many sites. We’re going to tighten up the security in the subsequent options. In “Clear browsing data” turn no the option to clear every time you close a browser. It will require a bit more typing on your behalf, but your private data will not be cached on the hard drive. Also you can periodically go to “Clear browsing data now” and select to clear everything since the beginning of time. Under “Privacy” it is always good to send “Do Not Track” even though sites do not have to obey it. The next option is fine to have on since you should never have any payment methods saved in your browser anyway. For diagnostic data and advertising personalization you should always have the options turned off, since it is another way by which you can be identified online and exposed to identity theft risks. Under the “Security” sub-section it is best to have all options turned on since they each offer a little bit more protection. It is usually okay to use a DNS from your ISP, however if you find yourself at the receiving end of DNS spoofing and attacks then it might be prudent to invest in a secure DNS provider. The cookies and site permissions are on a separate tab in the Microsoft Edge Settings. Here you should visit regularly and delete all cookies that came through in the “Manage and delete cookies and site data” option. For the rest of the (many) options on the page it is best to have then either on “Ask” or “Blocked” just to be on the safe side, although the individual circumstances will determine the specific combination. Setting the above options should get you well on the way to a more secure online browsing experience. cloud9cybersecurity Cyber Security Leave a comment March 17, 2023 2 Minutes HOW TO CONFIGURE GOOGLE CHROME TO DELETE ALL BROWSING INFORMATION Google Chrome has similar extensive privacy and security controls like Mozilla Firefox, though there are a few differences and twists. As with Firefox, first we select “Settings” from the “three dots” menu. Here we want to go into “Privacy and Security” sub-menu on the left. There is a safety check here that you can perform on a regular basis, but we are going to concentrate on the balance of the options. In “Clear browsing data” you should select the “Advanced” tab and check all the boxes. From the “Time range” dropdown, select “All time”. Then click on “Clear data” and your browser will be rid of all this trackable data. With the settings we’re going to set next, there will be less data here to clear. You can enter the privacy guide next, but that is for your entire Google account, as Google has tightly integrated it in the Chrome browser. The next option controls the cookies. Here you want to block third party cookies. Blocking all cookies will definitely break many sites, and it is not needed since in the next option we are going to choose all cookies and site data to be deleted when we close the Chrome browser. The “Do not track” is always a good option to set, although by now we know that it is a voluntary action by the web sites. And finally, don’t preload pages. You will lose a bit of speed, but will avoid having cached data on your hard drive that can be used to track you. Next is the “Security” page. Standard Protection is fine, because the enhanced version requires your data to be sent to Google, which is a big no no. Never allow your data to be sent to anyone, unless it is absolutely unavoidable. The next option below is also about sending data, so no to that too. And the breached passwords is something you want to know, even more so since it is all encrypted. In the Advance section you want to always use secure connections (you will get an option to proceed even if the site is not HTTPS). Use secure DNS, for your ISP if available, but the public ones offered in the second radio button are also reliable and safe. Fore the four options at the bottom – it is best to have nothing in each of them, if you can avoid it, but use your best judgment otherwise (assumption that you know what are you doing here). In the Site Settings menu first you will see the recent sites you visited where you gave permissions. Then you have the section which manages permissions for various resources. As always, the best is not to give permission to anything or anyone (Zero Trust!), however, use your best judgment if you must give out something. The Content sections shows your current settings, and it should be fine based on the restrictions we applied above, but feel free to change stuff around here if you want to restrict access even further, at a cost of some sites not working. There you go! Now you have a much more secure and private Google Chrome! cloud9cybersecurity Uncategorized Leave a comment February 9, 2023 2 Minutes HOW TO CONFIGURE MOZILLA FIREFOX TO DELETE ALL BROWSING INFORMATION So far, we’ve seen how to install various plugins and add-ons to make your web browsing private and secure. However, how about the information that is already collected by your web browser and sitting in your browser’s cache folders? This information can be extracted by malicious actors and used against you, hence it is best if it doesn’t exist. Although, most modern browsers can be configured to delete such info on exit, it is still best practice to do regular checks and delete anything left over manually. Mozilla Firefox is probably the most secure major web browser out there, even though the corporate giants behind the other major browsers already took most of its market share. The situation is not unlikely what happened to Netscape in the late nineties; although a superior browser to Microsoft’s Internet Explorer, once MS IE started coming as a part of the default Windows installation – Netscape imploded. First go to the Settings menu by pressing on the three dots at the top right of the browser window. Then click on the “Privacy & Security” in the menu on the left. You can leave the global privacy setting to “Standard” as the “Strict” option breaks a lot of sites. We’re going to change the settings below, so even if the cookies are not initially blocked – they are all erased upon closing the browser session. Scrolling down the menu select “Always” for “Do Not Track”, although this not ensure compliance, at least you’ve done your part. For “Cookies and Site Data” select Delete on Close, but also click on the “Clear Data” and “Manage Data” buttons to double check if something got through. If it did – delete everything selecting the timeframe option from the very beginning. Although it is convenient for the browser to save your logins, passwords, use master password or have a single sign-on – all of these option can compromise your data and security in certain circumstances, thus the safest thing is to turn everything off and delete everything that sneaked through occasionally. Further, you don’t want any auto-fill for the forms. It might save you time, but it also makes that information available to any malicious actor. Yes, of course, the information is hashed/encrypted, but the best case is when the information doesn’t exist at all. Zero Trust Security. For history you either want to prevent any from being stored or use a custom setting where you can control each option separately, including clearing history when Firefox closes. Of course, you don’t want your address bar to suggest anything to you since that means it keeps information on you – so un-check all the check boxes. For the permissions of your locations and various devices – you want everything off. Once in a while you need to allow some app permissions (like microphone and camera for Zoom meetings), but it is best practice to come back here as soon as your meeting is over and remove all the permissions manually. You can check all the “Settings” buttons here from time to time to verify if some app has managed to sneak in permissions, and manually remove them all. Block pop ups and forbid web sites to install add-ons should be self-explanatory. Remember – Zero Trust! The Firefox collection of data for testing might look innocuous (and Mozilla foundation is more trustworthy than the Big Tech conglomerates) , but still, in keeping with Zero Trust – probably best to turn everything off. Finally, in the last section, you want to check all options to block, check, warn and query. Also, HTTPS-only mode is a good way to raise your security online, and don’t worry, if there is not HTTPS version of the size, Firefox will ask you whether you want to load the SSL-less version. There you go! Now you have a much more secure Mozilla Firefox browser! cloud9cybersecurity Uncategorized Leave a comment February 4, 2023 3 Minutes THE “I HAVE NOTHING TO HIDE” ARGUMENT IS FALSE IN PRIVACY AND CYBER-SECURITY Q: Let’s use some secure web browser like TOR for all the web browsing needs? A: Nah, we have nothing to hide. Q: Let’s use an end-to-end encryption for all our instant messages? A: Nah, we have nothing to hide. How many times have the above scenarios happened? The argument that if one has nothing to hide then one does not need to protect one’s privacy is as old as humanity, and has often been used to decrease the overall privacy in a society and even mark those persons seeking more privacy as somehow subversive. The argument itself is false in the sense that it doesn’t contribute to continuing the conversation, but puts an artificial stop. There are at least two aspects to consider: 1. Your personal information being accessed is not OK, even if you have nothing to hide 2. Everyone has something to hide, even if they don’t know it (yet) If we consider the first aspects, all of us have personal information like a social security number, credit card numbers, phone numbers, bank accounts, passwords, etc. Although none of these items are something one would necessarily hide, it would still cause quite a bit of trouble if any and all of these bits of information were to be compromised and exposed to the public. There are plenty of web sites that through cookies and other contraptions collect information about you, rooted around your IP or email address, and prepare a “product profile” of you, as a consumer and as a set of behaviours, which can then be sold to third parties for further exploitation. There are entire companies built around productizing people and monetizing that resulting information. Secure browsers that obfuscate your real IP address and do not keep any history or cookies, like TOR, can prevent productization to a large extent, and so can using a trustworthy VPN provider. The second aspect has to do with the fact that wherever our physical bodies are in time and space, we are subject to a myriad of obscure, overlapping, contradicting jurisdictions, each with its own potential for irreversible damage. Harvey Silvergate in his book “Three Felonies a Day: How the Feds Target the Innocent” (https://isbnsearch.org/isbn/9781594032554) claims exactly what the title says, that every US citizen averages about 3 federal felonies per day without even knowing it. This has to do much with obsolete laws that are not enforced anymore, but having them on the books means they could be enforced selectively. When punishment can be exercised selectively and arbitrarily, the result is a society living in a permanent state of fear – not a desirable outcome in most cases. Edward Snowden has compared privacy to free speech (https://news.arizona.edu/story/edward-snowden-compares-privacy-freedom-speech), stating that “Saying you don’t care about privacy because you have nothing to hide is like saying you don’t care about free speech because you have nothing to say.” In an article from 2011, Daniel Solove has written a very colourful defence (https://www.chronicle.com/article/why-privacy-matters-even-if-you-have-nothing-to-hide/) of privacy and private things, even when you don’t really have anything “relevant” to hide. There is even a web site “Privacy Tools” (https://www.privacytools.io/), which has been in existence for over a decade and which has the mission to carry updated privacy tools for surfing the web for users with multiple different needs. Hence, even if one has nothing relevant to hide, there are still private things that nobody should really have access to. Privacy is a Human Right. cloud9cybersecurity Cyber Security Leave a comment December 28, 2021 2 Minutes HOW TO DE-FANG RUSSIAN RANSOMWARE :) http://www.cloud9cybersecurity.com/ So, let’s take a hypothetical situation. You wake up one morning, and turn on your BigRig custom-built tower (32 cores/64 threads) for rendering in BlackMagic DaVinci Resolve Studio and you are greeted with the following modal window: Since you (probably can read Russian you realize that some kind of upload has failed. You do a search on PasteBin.com and find (https://www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it) that it is a Hacker Paradise. You add 2 and 2 and realize that a RansomWare Trojan tried to upload your data to PasteBin.Com, before it encrypts all your hard drives and asks for mucho dineros (in bitcoin) for the pleasure of downloading your data back. The one thing hackers did not account for was that video rendering rigs usually have enormous amounts of RAID 0 disk space, 30TB+ of RAW 4K footage, which takes a very, very long time to upload to pastebin.com. Of course, your next step is to install every single Anti-Virus software out there (since Windows Defender apparently missed the trojan) and feverishly run all of them at the same time. However, ransomware trojans are notoriously difficult to remove and disinfect. Of course, you should terminate the internet connection right away, but there is an easy way to de-fang ransomware that use pastebin.com (or any other site, for that matter) and it is called Windows HOSTS file. The HOSTS file might be a remainder from the good old days when Mr. Gates tried to copy all the best features of UNIX into DOS/Windows, but it is still incredibly useful for blocking any web site that you find questionable. The simple method is called “localhost loop” and can be used for any site out there. The HOSTS file can be found at: You need to start Notepad (the single best app Microsoft ever created in Admin mode, in order to be able to edit this system file. Notepad has its initial input intake set for *.txt files, so just change it to “All Files”. UNIX files generally do not use extensions. What you need to add to the file are two lines that create ‘localhost loop” for pastebin.com and any other site you might find an online safety-hazard. Save the HOSTS file, close Notepad, and then re-open it again, to double-check if your modifications have been saved. After you verified the new data is conserved, you need to restart your PC. When the OS comes back up, if you type the Pastebin.com URL into any web browser you might have, the following should come up: That means no ransomware that uses pastebin.com (and might still be lurking on your computer) will be able to upload anything, and will probably crash internally. Ransomware coders are below average, and they probably would never be able to procure a real Software Engineering job. Now, with your local ransomware parasite neutered, you are free to take your time removing every last trace of the accursed vermin http://www.cloud9cybersecurity.com/ cloud9cybersecurity Cyber Security Leave a comment November 26, 2021November 26, 2021 2 Minutes PEGASUS SPYWARE AND HOW TO CHECK IF YOU’VE BEEN PWNED By now (almost) everyone has heard of the Pegasus Spyware by the Israeli company NSO Group, and its ability to infect iOS and Android devices without user interaction. Although the Haaretz investigation uncovered that the software has been sold to multiple Gulf states and other international actors, 99.99% of people out there do not have to worry about this spyware. Banner from iMazing web site For those who would rather verify than trust, a new piece of software has appeared that works both on Windows and macOS, which claims to be able to positively verify if your phone has been infected with Pegasus. Cnet explains the procedure in detail in an August 21 article: https://www.cnet.com/tech/mobile/check-if-your-iphone-ipad-is-infected-with-pegasus-spyware-with-this-free-tool/ . No technical knowledge is required to run the software beyond knowing how to use the command line on windows (or mac). The makers of the software have an extensive article on their web site explaining Pegasus detection: https://imazing.com/blog/detecting-pegasus-spyware-with-imazing . The software has a free trial (enough to check if you are infected), and can be downloaded for both Windows and macOS at: https://imazing.com/download . Even if the chances are low, better to be safe than sorry. cloud9cybersecurity Cyber News, Cyber Security Leave a comment September 3, 2021 1 Minute INVISIBLE EMAIL TRACKING SPY PIXELS AND HOW TO DEFEND AGAINST THEM Invisible spy pixels have been in use ever since the appearance, and subsequent wide adoption, of HTML email. The spy pixels are usually 1×1 transparent images which are embedded somewhere in the email message, but cannot be detected by the user. The pixel can tell the sender whether and when the email has been opened and read, and allows the sender to see which individual email recipients have opened the email. The justifications for using the tracking spy pixels are many, but mostly center around the desire of marketers to collect more granular data about their target audience, while privacy advocates point out that an email address usually gives away more about the owner than an IP address, for example. The use of pixel tracking is not illegal in most countries, even though there are privacy concerns. Even though the spy pixels are used by hackers and/or ransomers, they are also used by legitimate companies running their marketing campaigns. The Scottsman says “Some of the largest brands in the world use email pixels to monitor a person’s activity” (https://www.scotsman.com/lifestyle/spy-pixels-how-protect-your-privacy-and-see-when-email-tracking-pixels-are-watching-your-inbox-3138925). Since usually the location, device type and the email client used are reported back through the spy pixel method, some people have decided to protect their privacy against such intrusions. The easiest way to protect one’s email against spy pixels is to use a text client like PINE or PMail, or some modern variant. It is old school, but it works, and this was the reason why spy pixels were unknown before the mid 90’s and advent of HTML email. Another way to protect oneself is to simulate a text email client by turning the images off by default in Outlook, GMail, Apple Mail, etc. This way no images will be displayed, which will disable the tracking pixel. The email client usually displays placeholders for where the images used to be in the email, thus the user can still preview individual images by clicking on them and loading them separately. Finally, if the text-only method is too much for you, there are a bunch of tools out there, some free, some for money, which install as extensions to browsers and email clients. These add-ons keep track of multiple tracking campaigns by different actors and actively identify and block emails with spy pixels. Some of these add-ons are UglyEmail, Trocker, and MailTracker. cloud9cybersecurity Cyber Security Leave a comment August 15, 2021August 15, 2021 2 Minutes TWO MORE ESSENTIAL WEB BROWSER PLUGINS In a previous post (https://cloud9cybersecurity.wordpress.com/2018/07/), the three essential web browser plugins were discussed: HTTPS Everywhere, NoScript and uBlock Origin. These should be the first thing one installs whenever a new browser (Firefox – the only browser not backed by a multinational conglomerate) is installed. Although these three plugins remain the gold standard for security, two more have since made themselves indispensable as well. Privacy Badger Another amazing and essential plugin from our friends at the Electronic Frontier Foundation (EFF also makes the “Always HTTPS” browser). Privacy Badger monitors sites as you browser the web and blocks sites that track you across multiple sites, especially ones that ignore the “Do Not Track” setting in the browser. Privacy Badger works with Chrome, Firefox, Edge and Opera, so there is plenty of choice and the plugin only blocks third-party tracking. In future updates Privacy Badger should help block Browser Fingerprinting. Cookie AutoDelete This is a catch-all plugin that doesn’t analyze sites’ behavior, but will delete all cookies in a session and maybe catch what little other plugins have missed. Cookie AutoDelete will remove all the cookies when a tab is closed, domain has changed or the browser exited. Of course, whitelists are supported, as well as “graylists”, and it shows you a cookie counter for each web site you visit. The extension works with Firefox, Chrome and Edge. Simple and effective. Bonus: Fakespot, find out which Amazon reviews are fake This plugin is more specialized (works on Amazon, eBay and a few others), and is related strictly to online shopping, which is also a part of cyber security. Fakespot would have probably remained a niche plugin if it wasn’t for Amazon’s request to Apple to remove it from the App Store (which Apple obliged). After people were outraged by such a move, suddenly everyone knew about Fakespot and uses it. The idea is simple: we all know that many (most?) Amazon reviews are fake/bought, especially for the highly desirable products, why not make a web browser plugin that through some analytics (magic!) will identify and remove the fake ones. This is what FakeSpot does and gives you a new cumulative review score for the item at hand. Amazon claims that FakeSpot is often incorrect and misleads customers. Most customer might just not mind another tool to help them spend their money better. cloud9cybersecurity Uncategorized Leave a comment July 26, 2021July 26, 2021 2 Minutes POSTS NAVIGATION Older posts Older posts ARTICLES * October 2023 * July 2023 * March 2023 * February 2023 * December 2021 * November 2021 * September 2021 * August 2021 * July 2021 * July 2020 * October 2019 * July 2019 * February 2019 * January 2019 * December 2018 * September 2018 * August 2018 * July 2018 * June 2018 * May 2018 * March 2018 FOLLOW BLOG VIA EMAIL Enter your email address to follow this blog and receive notifications of new posts by email. Email Address: Follow BLOG STATS * 1,653 hits Create a website or blog at WordPress.com * Subscribe Subscribed * Cloud9 Cyber Security Sign me up * Already have a WordPress.com account? Log in now. * * Cloud9 Cyber Security * Customize * Subscribe Subscribed * Sign up * Log in * Report this content * View site in Reader * Manage subscriptions * Collapse this bar Loading Comments... Write a Comment... Email (Required) Name (Required) Website Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. To find out more, including how to control cookies, see here: Cookie Policy