HOW TO DISABLE THE SEND YOUR SEARCH HISTORY FEATURE IN MICROSOFT EDGE

Microsoft Edge can silently send search queries, demographics, and other data to Microsoft servers. Moreover, not only search data in Bing, but also search data in Google, DuckDuckGo, 
StartPage and other search engines.  

Typically, Edge warns the user about this literally in plain text. 

Or rather, a separate notice that states that the user now has the opportunity to help Microsoft improve its products and services, and that for this purpose it will collect his (the user’s) search data, but as if anonymously, that is, they “will never will be associated with the data of the user himself or his computer." The option that the user allows the company to collect this data is present in the open part of the Edge settings (in the “Optional diagnostic data” subsection) and is active by default. Simply put, if you use Microsoft Edge, you are already helping, and volunteering at that. 

WHERE TO CHECK AND HOW TO DISABLE THE FUNCTION OF SENDING YOUR SEARCH HISTORY IN MICROSOFT EDGE 

Taking into account the fact that in the mentioned notification there is a button that redirects to the browser settings, but you can only get to the main Settings page, we do the following: open Edge and continue: or copy the address into the search bar 

edge://settings/privacy#searchServiceImprovement 

and press Enter (at this address the subsection we need “Optional diagnostic data” should open automatically); 

 or open “Settings” Edge (3 buttons in the upper right corner of the screen > “Settings”), go to the “Privacy” section. search and services" and simply scroll down the screen to the Optional diagnostic data subsection: Turn off the option Send us optional diagnostic data about your browser usage, websites visited, and crash reports to help us improve Microsoft products ; and restart the browser. 

 WHAT DATA DOES EDGE SEND TO MICROSOFT? 

In response to this question, we can only quote an excerpt from the explanation, which was published on the official Edge Support page: We collect and use data from your searches in Microsoft Edge. We use your search results to make everyone's online experience more convenient, relevant and useful. We collect data from your online searches, including from sites that Microsoft does not own or control. The data collected may include your search query, the search results displayed, and your interaction with those search results, such as what links you click on. We may also collect demographic information. Of course, there is a strong suspicion that this is not all. But Microsoft support, as we see, clearly identified four elements: search queries, searching results, search interaction data (including links you click) and your demographics. And the company needs this information “To improve your experience in Microsoft Edge, Microsoft Bing, Microsoft News and other Microsoft services.”

Now even a light bulb can steal your Wi-Fi password.

Recently, vulnerabilities were discovered in TP-Link Tapo L530E smart bulbs and the TP-Link Tapo application. These vulnerabilities can pave the way for any malicious actor to access Wi-Fi credentials.

The vulnerabilities are related to unreliable authentication and a lack of random elements in symmetric encryption.

With the help of these vulnerabilities, a malicious actor can obtain the Wi-Fi credentials of the victim's network and control all devices connected to that network.

Until the vulnerabilities are fixed, I recommend not using these light bulbs and their associated application. 

Source: AntiHaker Blog  

Professional level of protection, even when the services you use could be breached. ( Golden Rule )

 Hey there,

I couldn't help but notice that Twitter has been in the spotlight once again due to a security breach. This time, around 235 million users' email addresses, phone numbers, and Twitter handles were exposed. This situation got me thinking about the steps you should take to protect your anonymity online, especially when the services you use could potentially be compromised. 

The golden rule to remember is: if you want to stay anonymous online, don't provide enough information to a single service that could jeopardize your anonymity should a breach occur. That means, don't give out a phone number or email address that can be traced back to you. If a service requires a phone number to set up your account, opt for an online service that provides a temporary, disposable number. Once your account is set up, ensure you establish real 2FA (like a security key or TOTP), and remember to generate and save recovery codes. After doing this, you can remove the phone number.

When it comes to your email address, create a new one and use it exclusively for signing up for the service. Never send any emails from it and don't give it out to anyone. By following these steps, a single service breach won't compromise your anonymity.

However, if staying anonymous is very important to you, then these measures might not be sufficient. Below are some additional steps you can take to ensure your online security:

1. Don't use the same anonymous email account for multiple services. Instead, create a separate email account for each service. This way, breaches at multiple services won't allow anyone to correlate your identities across them.

2. Avoid configuring the email account to forward emails to your real address. Doing this could link your anonymous email account to your real address if the email service provider is breached.

3. Avoid logging into the temporary phone number service or the anonymous email account from an IP address that can be traced back to you. Use a reputable VPN with privacy guarantees, so that the IP address your logins come from is shared by many other people and can't be traced back to you. 

4. Be careful when logging in to the temporary phone number service or the anonymous email account over a public wifi network, as it could potentially compromise your anonymity.

5. Try to only log into the service you're trying to remain anonymous on from public wifi.

Use an ad/tracker blocker in your browser on your computer and phone. uBlock  and Blokada are good choices.

Remember, protecting your identity is crucial in this digital age. Stay safe online!

Best,

Alex

Comprehensive Security Policy

 

A comprehensive security policy is a structured document that outlines an organization's approach to safeguarding its assets, information, and resources. It serves as a strategic framework that defines the principles, guidelines, and procedures necessary to establish and maintain a secure environment. The goal of a security policy is to protect against unauthorized access, data breaches, and other potential risks, while also promoting a culture of security awareness within the organization.

Components of a Comprehensive Security Policy:

1. Introduction:

   • Provide an overview of the security policy, its purpose, and the importance of adhering to security guidelines.

2. Scope:

   • Clearly define the scope of the security policy, specifying the systems, networks, data, and personnel it covers.

3. Objectives:

   • Outline the overarching goals and objectives of the security policy, such as protecting sensitive information, ensuring business continuity, and maintaining the integrity of systems.

4. Roles and Responsibilities:

   • Clearly define the roles and responsibilities of individuals and departments involved in implementing and enforcing security measures. This may include IT staff, administrators, and end-users.

5. Access Control:

   • Define access control measures, including user authentication, authorization levels, and the principle of least privilege. Specify procedures for granting and revoking access.

6. Data Protection:

   • Establish guidelines for the protection of sensitive data, including encryption standards, data classification, and secure data handling practices.

7. Network Security:

   • Address measures to secure the organization's network infrastructure, including firewalls, intrusion detection/prevention systems, and secure configurations.

8. Endpoint Security:

   • Provide guidelines for securing endpoint devices, such as computers, laptops, and mobile devices. This may include antivirus software, endpoint detection, and response (EDR) tools.

9. Incident Response and Reporting:

   • Define the procedures for detecting, responding to, and reporting security incidents. Outline the roles and responsibilities during incident response.

10. Security Awareness and Training:

    • Emphasize the importance of security awareness among employees. Establish a framework for ongoing security training and education.

11. Physical Security:

    • Address physical security measures, such as access controls, surveillance, and protection of physical assets, including servers and networking equipment.

12. Business Continuity and Disaster Recovery:

    • Outline measures to ensure business continuity in the event of disruptions. Define disaster recovery plans and procedures for restoring critical systems and data.

13. Third-Party Security:

    • Specify security requirements for third-party vendors and partners. Ensure that external entities adhere to security standards compatible with the organization's policies.

14. Regulatory Compliance:

    • Ensure that the security policy aligns with relevant industry regulations and compliance standards applicable to the organization.

15. Policy Enforcement and Review:

    • Detail the mechanisms for enforcing the security policy, conducting regular reviews, and updating the policy to adapt to evolving threats and technologies.

Importance of a Comprehensive Security Policy:

1. Risk Mitigation:

   • Identifies and addresses potential security risks, reducing the likelihood of security incidents.

2. Regulatory Compliance:

   • Helps the organization comply with industry regulations and legal requirements.

3. User Awareness:

   • Educates employees on security best practices, fostering a culture of security awareness.

4. Incident Response:

   • Provides a structured approach to incident response, minimizing the impact of security breaches.

5. Consistency:

   • Establishes consistent security measures across the organization, reducing vulnerabilities.

6. Business Continuity:

   • Ensures that the organization can maintain essential functions in the face of disruptions or disasters.

7. Continuous Improvement:

   • Allows for regular reviews and updates to adapt to emerging security threats and technologies.

In summary, a comprehensive security policy is a vital document that guides an organization in establishing and maintaining a robust security posture. It serves as a blueprint for protecting assets, data, and infrastructure while fostering a secure business environment.

Article created with IA help ( GPT)

Internet Security Threats and Tactics for Protection

Firewalls: 

Common Internet Security Threats:

1. Malware:

   • Threat: Malicious software (malware) includes viruses, worms, Trojans, and ransomware, designed to harm or exploit systems.
   • Protection: Use reputable antivirus software, keep it updated, and avoid downloading files from untrusted sources.

2. Phishing Attacks:

   • Threat: Deceptive attempts to obtain sensitive information by masquerading as a trustworthy entity.
   • Protection: Be cautious with email links, verify website URLs, and use email filters. Educate yourself and your team about recognizing phishing attempts.

3. Password Attacks:

   • Threat: Brute force attacks, password guessing, and credential theft compromise user accounts.
   • Protection: Enforce strong, unique passwords. Implement multi-factor authentication (MFA) for an additional layer of security.

4. Man-in-the-Middle Attacks:

   • Threat: Intercepting communication between two parties without their knowledge.
   • Protection: Use secure communication channels (HTTPS), employ VPNs for remote access, and regularly update software to patch vulnerabilities.

5. Denial-of-Service (DoS) Attacks:

   • Threat: Overwhelming a system or network with traffic, causing it to become inaccessible.
   • Protection: Implement firewalls, use intrusion detection/prevention systems, and employ DoS protection services.

6. Unpatched Software Vulnerabilities:

   • Threat: Exploitation of security flaws in outdated software.
   • Protection: Regularly update operating systems and applications. Enable automatic updates when possible.

7. Insider Threats:

   • Threat: Malicious or unintentional actions by employees or individuals within an organization.
   • Protection: Implement user access controls, conduct regular security training, and monitor user activities.

Tactics for Internet Security Protection:

1. Firewalls:

   • Employ firewalls to monitor and control incoming and outgoing network traffic, acting as a barrier between a trusted internal network and untrusted external networks.

2. Encryption:

   • Use encryption protocols like SSL/TLS to secure data in transit. Encrypt sensitive files and communications to prevent unauthorized access.

3. Regular Backups:

   • Regularly back up critical data to mitigate the impact of ransomware attacks. Store backups in a secure, separate location.

4. Security Awareness Training:

   • Educate users about internet security best practices, including recognizing phishing attempts, creating strong passwords, and avoiding suspicious downloads.

5. Multi-Factor Authentication (MFA):

   • Implement MFA to add an extra layer of security, requiring users to provide multiple forms of identification for access.

6. Patch and Update Systems:

   • Keep operating systems, software, and applications up-to-date to patch vulnerabilities and protect against exploits.

7. Incident Response Plan:

   • Develop and regularly test an incident response plan to efficiently address and mitigate security incidents when they occur.

In the dynamic landscape of internet security, staying vigilant and proactive is key. Regularly assess and update your security measures to adapt to evolving threats, and foster a culture of security awareness among all users.