...unusual combination? I've got the recipe. Sit down at our bar and let's talk.

Welcome! I'm Jon Fedor and this is InCyber Regular, edition five. I talk about cyber security issues and awareness for smaller enterprises and the cyber-curious.

In today's edition: One big thing, two little things. More browser privacy information following from last week, Microsoft Exchange hiccuped loudly in public (and belched), plus who knew that OT security could taste so good?

If you haven't already read last week's Regular edition on web browser security. Uh. Do it.

Web browser privacy

We're all being tracked all the time. You know that. But sheesh, can't a guy get some peace? Apparently not. Facebook and Google and a bunch of other minions can't keep their grubby paws off your browser and identity.

I hyped a tool last week from the Electronic Frontier Foundation that will tell you if and how you're being tracked. It's called, Cover Your Tracks.

Cover Your Tracks makes important web browser privacy recommendations based on what it finds. It actually breaks down your browser fingerprint in dirty detail.

For instance, Cover You Tracks details out how many pieces of identifying information it finds in each category AND statistically how many browsers have X type of information.

I tested it on a Google Chrome browser out of curiosity.

Okay, great; my browser has a fingerprint. Here some of the elements of a fingerprint:

1. My user agent (IP address connection) has headers which tell the server information about the exact piece of hardware I'm using to browse the internet. Not private.
2. Browser plugins you're using.
3. Timezone
4. Screen size and color depth and system font(s).
5. Cookies enabled.
6. Other technical elements like supercookies, canvas fingerprint hashes, WebGL hashes, etc.

WTH

You may be thinking: Incognito mode is the fix. Not true.

Actually, EFF says that incognito browser on Google Chrome doesn't even work.

There are a few options, though!

If you're on Windows 10: Honestly, just use Edge. Launch it, upgrade it to the latest version, and let it rip. Edge has pretty solid privacy options.

Plus you can easily set the level of tracking prevention you want using the instructions in the link above.

If you're on MacOS and don't want to install Firefox: Just use Safari. Apple actually did a ton of work around a year ago to drastically reduce and negate browser fingerprinting inside of Safari. They put a ton of effort into reducing what they call, cross-site tracking to enhance web browser privacy.

This article from The Verge goes into some great detail.

Etc

Making strides towards greater web browser privacy isn't rocket surgery. Follow some easy steps:

1. Don't use Google Chrome.
2. If you do, switch browsers.
3. Disable cookies and delete your browser caches files etc regularly.
4. Use the In Private browsing tab in Safari, Firefox, or Edge whenever possible.
5. And stay vigilant.

Microsoft Exchange had some problems

From The Hacker News:

"According to independent cybersecurity journalist Brian Krebs, at least 30,000 entities across the U.S. — mainly small businesses, towns, cities, and local governments — have been compromised by an "unusually aggressive" Chinese group that has set its sights on stealing emails from victim organizations by exploiting previously undisclosed flaws in Exchange Server."

Microsoft hopped on this faster than Pablo Escobar trying to launder cocaine cash:

"Aside from rolling out fixes, Microsoft has published new alternative mitigation guidance to help Exchange customers who need more time to patch their deployments, in addition to pushing out a new update for the Microsoft Safety Scanner (MSERT) tool to detect web shells and releasing a script for checking HAFNIUM indicators of compromise."

This is an on-going incident. More news to follow, I'm sure. In the mean time, thank Kevin Beaumont for this gem:

It's ok, though - despite all the wreckage and carnage, at least Microsoft had the stones to own the breach instead of blaming an intern.

The taste of SCADA security

Industrial security never tasted so good thanks to this tremendous cocktail book from SCADAfence.

Here's a great for-instance:

Thanks!

If you enjoyed this or learned something or want to rake me over the coals, feel free to forward this email. Or pass along the link to sign up for InCyber Regular.

If you didn't enjoy this, let me know how I can make this weekly resource better. And I will.

Have a good'un, Good Lookin'.