WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

 

 

With the many data breeches and most recently the 2.9billions records leaked from the National Public Data Breach its safe to assume your information is public. Safeguarding your personal information is more crucial than ever. With cyber threats evolving and becoming increasingly sophisticated, adopting these three simple security measures can make a significant difference in protecting your online identity. One of the most effective strategies is to avoid reusing passwords across multiple accounts.  Similarly, enabling two-factor authentication (2FA) adds an essential layer of security, making unauthorized access far more challenging. Furthermore, freezing your credit reports can prevent identity thieves from opening new accounts in your name, offering you peace of mind and control over your financial information. By integrating these practices into your online security routine, you can substantially reduce the risk of identity theft and enhance your overall protection in the interconnected world we live in.

 

  1. Don't Reuse Passwords:

    • Explanation: Using the same password across multiple accounts poses a significant security risk. If one account is compromised, all other accounts with the same password become vulnerable. Cybercriminals often try to exploit this common practice to gain unauthorized access to various online services. By using unique and complex passwords for each account, you minimize the potential impact of a security breach.
      • Security Breaches: If one of the websites where you use your password experiences a security breach, hackers can obtain your password. If you reuse that password on multiple sites, hackers can easily access all those accounts, putting your sensitive information at risk.

      • Compromised Accounts: Reusing passwords increases the likelihood of multiple accounts being compromised. Once hackers gain access to one account, they can attempt to access other accounts using the same credentials, potentially causing widespread damage.

      • Data Privacy: Different websites have different levels of security measures in place to protect your password. If you reuse passwords across multiple sites, you're essentially entrusting your sensitive information to the security practices of the least secure website.

      • Identity Theft: Reusing passwords makes it easier for cybercriminals to steal your identity. They can impersonate you on various platforms, access your personal information, and even engage in fraudulent activities using your credentials.

      • Financial Loss: With access to multiple accounts, hackers can exploit your financial information, make unauthorized transactions, or steal your funds. Reusing passwords amplifies the risk of financial loss across various platforms.

      • Reputation Damage: If hackers gain access to your accounts and use them to spread malicious content or engage in inappropriate behavior, it can tarnish your reputation, both personally and professionally.

      • Lack of Control: Reusing passwords means you have less control over your online security. You're essentially relying on the security measures of other websites to protect your accounts, rather than taking proactive steps to safeguard your information.

      • Difficulty in Recovery: If multiple accounts are compromised due to password reuse, the process of recovering them can be complex and time-consuming. It may involve contacting customer support, providing proof of identity, and resetting passwords for each affected account.

      • Ease of Guessing: If a hacker discovers one of your passwords, they may try it across other accounts, especially if they notice a pattern of password reuse. Using unique passwords for each account makes it more difficult for hackers to guess or crack your credentials.

      • Best Practice: Following security best practices, such as using unique passwords for each account, is essential for protecting your digital identity and maintaining online security in today's interconnected world.

  2. Enable Two-Factor Authentication (2FA) on Accounts:

    • Explanation: Two-factor authentication adds an extra layer of security by requiring users to provide a second form of identification in addition to their password. This could be a temporary code sent to your mobile device, a biometric scan, or a hardware token. Even if someone manages to obtain your password, they would still need the second factor to access your account. Enabling 2FA significantly reduces the risk of unauthorized access and enhances the overall security of your accounts.
      • Enhanced Security: 2FA adds an extra layer of security beyond just a username and password, requiring a second form of authentication such as a code sent to your phone or generated by an authentication app. This makes it significantly harder for attackers to gain unauthorized access to your accounts, even if they have your password.

      • Protection Against Password Theft: Even if your password is compromised through means such as phishing attacks or data breaches, 2FA can prevent unauthorized access because the attacker would also need access to your second factor of authentication (e.g., your phone).

      • Reduced Risk of Account Takeover: Account takeover (ATO) is a common cyber threat where attackers gain unauthorized access to user accounts. Enabling 2FA significantly reduces the risk of ATO because even if attackers obtain your password, they would still need the second factor to access your account.

      • Compliance Requirements: Some organizations, particularly in regulated industries such as finance and healthcare, may require users to enable 2FA as part of compliance measures to enhance security and protect sensitive information.

      • Prevention of Identity Theft: By adding an extra layer of authentication, 2FA helps prevent identity theft by ensuring that only authorized users can access your accounts, reducing the likelihood of fraudulent activities.

      • Peace of Mind: Knowing that your accounts are protected with an additional layer of security can provide peace of mind, especially considering the increasing prevalence of cyber threats and data breaches.

      • Support from Major Platforms: Many popular online services and platforms offer 2FA as an option, making it easy to implement and integrate into your security practices. This includes social media platforms, email services, online banking, and more.

      • Ease of Use: While adding an extra step to the login process, 2FA is relatively easy to set up and use. Once configured, it typically only requires a few seconds to enter the additional authentication code, providing a significant security benefit for minimal inconvenience.

      • Adoption of Advanced Authentication Methods: Beyond traditional SMS-based 2FA, many platforms support more secure authentication methods such as authenticator apps (e.g., Google Authenticator, Authy) or hardware tokens (e.g., YubiKey), further enhancing security.

      • Protection Across Multiple Devices: With 2FA, even if you access your accounts from multiple devices, each device can be set up to require the second factor of authentication, ensuring consistent security across all your devices.

        Overall, enabling 2FA is a crucial step in safeguarding your online accounts and personal information against unauthorized access and cyber threats.

  1. Freeze Credit Reporting Accounts:
  • Explanation: Freezing your credit reports prevents unauthorized individuals from opening new financial accounts or lines of credit in your name. When your credit is frozen, potential creditors can't access your credit report, making it challenging for identity thieves to apply for credit using your personal information. This is a proactive measure to protect your financial identity and prevent fraud. If you need to apply for new credit, you can temporarily lift the freeze using a unique PIN provided by the credit reporting agency.
    • Preventing Identity Theft: Freezing your credit makes it extremely difficult for identity thieves to open new accounts or lines of credit in your name. Since lenders typically check your credit report before approving new credit applications, a frozen credit report prevents unauthorized individuals from opening accounts using your identity.

    • Enhancing Security After a Data Breach: If your personal information has been compromised in a data breach (e.g., from a hacked website or company), freezing your credit can prevent cybercriminals from exploiting that data to open fraudulent accounts or loans in your name.

    • Protecting Against Unauthorized Inquiries: Freezing your credit prevents unauthorized parties from accessing your credit report, which can help prevent unauthorized credit inquiries. This can be particularly useful if you're not actively seeking new credit and want to minimize the risk of unauthorized activity.

    • Peace of Mind: Knowing that your credit accounts are frozen adds an extra layer of security and peace of mind. You can feel more confident that your financial information is protected, even if your personal data is compromised through a data breach or other means.

    • Control Over Access to Your Credit Report: When you freeze your credit, you have control over who can access your credit report. You can temporarily lift the freeze when you need to apply for new credit, then re-freeze it afterward, giving you greater control over who can view your credit information.

    • No Impact on Existing Accounts: Freezing your credit does not affect your existing credit accounts or credit score. You can continue to use your existing credit cards and loans as usual. The freeze only applies to new credit applications.

    • Cost-Effective Security Measure: In many cases, freezing your credit is a relatively inexpensive security measure. Depending on where you live, there may be nominal fees associated with placing or lifting a freeze, but the protection it provides can outweigh these costs.

    • Alternative to Credit Monitoring: While credit monitoring services can alert you to suspicious activity on your credit report, freezing your credit provides a more proactive and comprehensive form of protection. It prevents unauthorized access to your credit report altogether, rather than simply monitoring for potential fraud.

    • Legal Protection: In some jurisdictions, freezing your credit may provide legal protections in the event of identity theft or unauthorized credit activity. Check the laws in your area to understand the specific protections available to you.

    • Flexibility: You have the flexibility to freeze and unfreeze your credit at any time, allowing you to tailor your security measures to your individual needs and circumstances.

By incorporating these practices into your online habits, you can significantly reduce the risk of identity theft and enhance the security of your personal information. Additionally, staying informed about cybersecurity best practices and regularly updating your passwords further strengthens your defense against potential threats.

 

Recently I have been re-reading Smugglers Cove and just finished the section that talks about online resources. So whether you're a seasoned tiki enthusiast or just beginning your journey, the internet is brimming with resources to help you explore this fascinating subculture. Here's a roundup of some of the best online resources to get you started.

 

1. Tiki Central

  • Website: tikicentral.com
  • Overview: A vibrant online community dedicated to tiki culture. It features forums where enthusiasts share ideas, recipes, DIY projects, and discuss tiki bars and events.

2. The Atomic Grog

  • Website: atomicgrog.com
  • Overview: A blog focusing on tiki cocktails, bar reviews, and news related to tiki culture. It also includes detailed recipes for classic and modern tiki drinks.

3. Tiki Drink Books

4. Instagram and Pinterest

  • Search Tags: Use tags like #tiki, #tikidrinks, #tikibar, and #tikiculture to find inspiration and connect with other tiki enthusiasts.

5. YouTube Channels

  • Example: The Educated Barfly and How to Drink regularly feature tiki cocktail recipes and techniques.
  • Overview: These channels offer video tutorials on how to make tiki drinks, often with historical context and modern twists.

6. Online Tiki Shops

  • Example: Tiki Farm and
  • Overview: These shops offer tiki mugs, decor, and other tiki-themed items, perfect for setting up your own tiki bar.

7. Reddit

  • Subreddit: r/Tiki
  • Overview: A community of tiki enthusiasts sharing photos, recipes, and tips. It’s a great place to ask questions and share your own creations.

8. Exotic Tiki Island Podcast

  • Website: exotictikiisland.com
  • Overview: A podcast that immerses listeners in the sounds and stories of tiki culture, featuring music, interviews, and tiki history.

9. Beachbum Berry's Tiki Resources

  • Website: beachbumberry.com
  • Overview: Jeff "Beachbum" Berry is a renowned tiki historian and cocktail expert. His site offers a wealth of knowledge on tiki drinks, history, and his books, such as Beachbum Berry’s Sippin’ Safari.

10. Tiki Magazine

  • Website: tikimagazine.com
  • Overview: A magazine dedicated to tiki culture, covering art, events, music, and tiki bars. It's a great resource for staying updated on the latest in the tiki scene.

11. Tiki-Tastic YouTube Channels

  • Example: Tiki with Ray
  • Overview: This channel offers a mix of tiki bar reviews, interviews with tiki experts, and tutorials on creating tiki decor and cocktails.

12. Facebook Groups

13. Tiki Oasis

  • Website: tikioasis.com
  • Overview: Tiki Oasis is the largest and longest-running tiki event in the world, featuring a mix of music, art, culture, and tiki enthusiasts. Their website provides event information, photos, and resources.

14. Tiki Cocktail Apps

  • Example: Total Tiki by Beachbum Berry
  • Overview: An app that provides recipes from Beachbum Berry's extensive collection of tiki drinks. It's perfect for anyone looking to mix up authentic tiki cocktails at home.

 

Whether you're looking to craft the perfect tiki cocktail, discover the history behind this vibrant subculture, or connect with a community of enthusiasts, these online resources offer everything you need. So, grab your favorite tiki mug, mix up a classic drink, and start exploring the rich world of tiki culture today!

ChatGPT

 

 


This will be short and sweet, if you have privileges to boot your PC into safe mode you can follow the following steps to delete the affected update.


Crowd Strike Workaround Steps:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment

  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

  3. Locate the file matching “C-00000291*.sys”, and delete it.

  4. Boot the host normally.

 

 

 

**Disclamer: This is only a guide please work with Microsoft and or Palo Alto Networks if you have any concerns. **

 

GlobalProtect VPN can be deployed in different connection configurations. One of the most secure is the always-connected model. When 'always on' is configured, the GlobalProtect agent will force all traffic over the VPN tunnel, even when a user is not logged in. This ensures that all traffic from the device is inspected by a firewall and allows desktop support staff to manage the device. One downfall is that it complicates communications with MDM solutions.

 

MDM software runs all the time, even when users are not logged in. What this means is the software needs to be allowed to access MDM resources 24x7. In GlobalProtect, this is accomplished with a mechanism called pre-login security policies. Pre-login policies are security policies that allow devices authenticated with a machine certificate to connect to generally a more restricted set of resources. Once a user authenticates the VPN connection, it is promoted to a known-user state and corporate firewall policies are applied to the traffic.

 

What I want to focus on in this write-up is the pre-login security policies that allow Intune software to communicate with its required Microsoft cloud resources.


1. The first thing that needs to happen is to determine which endpoints the Intune client will need to communicate with. This can be accomplished by running a PowerShell command on an endpoint, which will output the endpoints you will need to configure in your firewall. Here is a link to the Microsoft documentation for running the PowerShell commands. https://tinyurl.com/MS-Intune-Doc

 

2. Once you receive the endpoints, you will need to create a custom URL category and two address object groups.

 

    a. The URL category you need to create is for the *.manage.microsoft.com domain. Because this is a wildcard URL, you cannot create an FQDN object and will need to create a second security policy just for this.

 

 

    b. You will need to create an Intune-FQDN address object group and add the FQDNs that were part of the above PowerShell output.

 


    c. Lastly, you will need to create an Intune-Network address object group and add the network address objects that where generated in the above PowerShell output.

 


3. Configure security policies to utilize the address and URL categories you created above.

 

    a. The first security policy you need to configure is one that leverages your custom URL category. You will also want to leverage the applicable App-IDs.


    b.  The second policy will use the same App-IDs but will restrict the destination to the two address objects you created earlier.

 


   

    c. One thing I want to highlight is that in the user category, you see pre-login defined as the user. This is important as it ensures that certificate-authenticated devices can leverage these policies even though the users are not logged in.

 

Once these policies are configured, you will see Intune devices connect to your Intune console, and you will be able to utilize the core Intune services.