Archive for 'Security'
Free FamilyShield filtering from OpenDNS
Posted on July 11, 2010, under Security, Web Dev/Tech.
I have been using the OpenDNS domain filtering in my house for over a year, and have been very happy with the service. They have made it even easier to use for households looking to protect kids, by rolling out FamilyShield filtering. Without even needing to sign up for an account, you can use their service for free to block the following categories of web sites:
- Pornography
- Phishing
- Malware
- Proxy and anonymizer (for the “street smart” kiddos)
You can easily set up the service by following the walk-through instructions on configuring your router or computer’s DNS servers.
Web Browsers – Trackable without cookies
Posted on May 18, 2010, under Security, Web Dev/Tech.
Interesting proof of concept by the Electronic Frontier Foundation to show how the fingerprint of your web browser makes you trackable, even without the use of cookies:
Presidential control of the private Internet
Posted on August 28, 2009, under General, Security, Web Dev/Tech.
Bill would give president emergency control of Internet | Politics and Law – CNET News.
“Translation: If your company is deemed “critical,” a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.”
Yikes.
New security risk in SSL implementations
More holes found in Web’s SSL security protocol.
It appears most modern browsers are susceptible to a simple man-in-the-middle attack on SSL certificates, meaning your encrypted browsing sessions can be intercepted.
The article lists Firefox 3.5 as the only modern browser not affected by the attack.
Watch out for increased Internet crime
Posted on January 15, 2009, under Current Events, Security.
I caught an interesting quote from the bottom of a Symantec news article:
Explaining why Symantec continues to invest heavily despite the recession, Bregman said that during economic downturns Internet crime rises, creating opportunities for security companies.
Probably time to re-think through how you are securing your company and personal data, and watching out for cons.
Apple pushes insecure web browser on computers
Posted on March 31, 2008, under Current Events, Security, Web Dev/Tech.
Apple pushes Safari on Windows via iTunes updater (posted 3/21)
Apple has started offering Windows users its Safari 3.1 Web browser through the same online updater it utilizes for iTunes and the QuickTime video player.
Not just offering, but pushing. As in you must manually un-check the install or ignore it, or Safari will be installed the next time you run the updater to bring your iTunes up to the next release.
MacBook Air hacked in security contest (posted 3/27)
A team of security researchers has won $10,000 for hacking a MacBook Air in two minutes using an undisclosed Safari vulnerability.
Bad decision, Apple. I don’t want that accidentally pushed out on my machines, or any of the family members I help support.
If you want to prevent this from happening on your machine when you run the Apple updater, make sure the Safari option is checked, and then in the top menu, select “Tools > Ignore selected updates”.
Hiding Wireless SSIDs
Myth vs Reality. Hi Jeff! 
10 things to know before you register a domain name
Posted on June 28, 2007, under Security, Web Dev/Tech.
Sometimes I get asked what is involved in registering a domain name, and is there anything to be careful of. I just ran across this site which does a good job of listing out most of the concerns to watch for when choosing an organization to register a domain name with:
10 things you MUST know before you register a domain name with anyone
Firefox Extensions Auto-Update Vulnerability
CyberNet News has the description for how someone can attack your Firefox browser using auto-updating extensions as the attack vector:
A new Firefox vulnerability has been discovered, and this time it is quite a doozy. It affects many different extensions including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, and PhishTank SiteChecker.
Windows Activation Virus Alert
Check out this post about a Windows Activation Virus. The virus spoofs the Windows Activation screens, and asks for credit card information to activate Windows. Pretty convincing screens.
