Security Updates Skype for Business (Lync) Client – June 2017

Patch Tuesday

During patch Tuesday Microsoft released two security patches for Skype for Business and one for Lync 2013.

Security update for Skype for Business 2016

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow
remote code execution if a user opens a specially crafted Office file.
To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0283.

Note To apply this security update, you must have the release version of
Skype for Business 2016 installed on the computer.

(download KB3203382)

Security update for Skype for Business 2015 (Lync 2013)

Summary

This security update resolves vulnerabilities in Microsoft Office that could allow
remote code execution if a user opens a specially crafted Office file.
To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-0283.

Note To apply this security update, you must have the release version of
Skype for Business 2015 (Lync 2013) installed on the computer.

Block the Blue Coat Intermediate CA from Windows

Symantec has gotten in hot water for issuing rogue certificates (source). While Symantec has agreed to certificate transparency, Blue Coat systems is a known operator of MITM services they sell to enterprises, nation-states and governments, and this certificate would allow Blue Coat to issue arbitrary MITM certificates.

OSX instruction can be find over here (By Filippo Valsorda)

Click on Continue Reading for the full instructions

Continue Reading

Privacy and Anonymity

Privacy

Privacy is an increasingly rare commodity these days. To find out what kind of information is there about you do a search for yourself on Pipl.com, you might be surprised at the number of companies that claim to have information about you and your relatives.

That’s because your personal information, including your email address, phone number and daily activities on Social Networks and apps, are worth a lot of money to legitimate businesses, your new employer, government and bad guys (read hackers).

The bad guys just want to steal from you and sell it on the DarkNet. Legitimate Companies want to know as much about you as possible, so they can sell you more products and services or serve you ads that are highly relevant to your preferences. And your possible new employer might get the wrong impression of you.

So i’m going to talk about a few steps that helps you, to protect your information.

There are a couple ways to secure your own privacy without having a lot of tools installed or the need of know how.

  • Information you Share
  • Email address
  • Fake Identity
  • Browsing anonymously
Continue Reading

Force HTTPS On Your WordPress Site

I’m running my wordpress site for quite some time now.. My site is HTTPS enabled and signed with a certificate. HTTP was also possible in the past for reaching my site. In this guide i’m going to point all of the pages (including the administrative) to force HTTPS.

To simplify this, the guide will build into the following 3 parts:

  1. Force SSL for administrator pages (including the login page)
  2. Secure all normal pages with HTTPS
  3. Change .htaccess to redirect all HTTP to HTTPS

When all of this is completed you should have a WordPress site completely running secure with HTTPS.

This guide assumes that you have already bought a valid Certificate

Continue Reading

OpenVPN in Kali Linux

This how to describes how to configure Kali to use a openVPN for securing your traffic.

Why should u use VPN?

Here’s my top 5 why you want to use a VPN service.

  1. VPN provides Privacy and hides your own External IP address.
  2. Use any network (public or private or free (hotspot WiFi) with encryption.
  3. Login to your home or Work network from anywhere with confidence of encrypted traffic.
  4. Bypass censorship and content monitoring  by goverments.
  5. Browse and bypass Firewall and censorship policy from Anywhere!

As you can see from the list above, VPN not necessarily hides everything. Search engines  like google, bing and yahoo can still recognizes you based on your cookies or account sign-in. So make sure you use tools like Bleachbit (clear browsing data etc) and enable plugins in your browser for tracking and ads (privacy badger, uBlock Origin).

In the example below i’m using IPVanish VPN service, there are lot’s more VPN services. If you really want to be sure of logging, security and availability you can use the comparison chart (click here).

Continue Reading