Archive for 'Security'
Presidential control of the private Internet
Posted on August 28, 2009, under General, Security, Web Dev/Tech.
Bill would give president emergency control of Internet | Politics and Law – CNET News.
“Translation: If your company is deemed “critical,” a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.”
Yikes.
New security risk in SSL implementations
More holes found in Web’s SSL security protocol.
It appears most modern browsers are susceptible to a simple man-in-the-middle attack on SSL certificates, meaning your encrypted browsing sessions can be intercepted.
The article lists Firefox 3.5 as the only modern browser not affected by the attack.
Watch out for increased Internet crime
Posted on January 15, 2009, under Current Events, Security.
I caught an interesting quote from the bottom of a Symantec news article:
Explaining why Symantec continues to invest heavily despite the recession, Bregman said that during economic downturns Internet crime rises, creating opportunities for security companies.
Probably time to re-think through how you are securing your company and personal data, and watching out for cons.
Apple pushes insecure web browser on computers
Posted on March 31, 2008, under Current Events, Security, Web Dev/Tech.
Apple pushes Safari on Windows via iTunes updater (posted 3/21)
Apple has started offering Windows users its Safari 3.1 Web browser through the same online updater it utilizes for iTunes and the QuickTime video player.
Not just offering, but pushing. As in you must manually un-check the install or ignore it, or Safari will be installed the next time you run the updater to bring your iTunes up to the next release.
MacBook Air hacked in security contest (posted 3/27)
A team of security researchers has won $10,000 for hacking a MacBook Air in two minutes using an undisclosed Safari vulnerability.
Bad decision, Apple. I don’t want that accidentally pushed out on my machines, or any of the family members I help support.
If you want to prevent this from happening on your machine when you run the Apple updater, make sure the Safari option is checked, and then in the top menu, select “Tools > Ignore selected updates”.
Hiding Wireless SSIDs
Myth vs Reality. Hi Jeff! 
10 things to know before you register a domain name
Posted on June 28, 2007, under Security, Web Dev/Tech.
Sometimes I get asked what is involved in registering a domain name, and is there anything to be careful of. I just ran across this site which does a good job of listing out most of the concerns to watch for when choosing an organization to register a domain name with:
10 things you MUST know before you register a domain name with anyone
Firefox Extensions Auto-Update Vulnerability
CyberNet News has the description for how someone can attack your Firefox browser using auto-updating extensions as the attack vector:
A new Firefox vulnerability has been discovered, and this time it is quite a doozy. It affects many different extensions including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, and PhishTank SiteChecker.
Windows Activation Virus Alert
Check out this post about a Windows Activation Virus. The virus spoofs the Windows Activation screens, and asks for credit card information to activate Windows. Pretty convincing screens.
Secunia Software Inspector
For the last year or so, I’ve used Secunia to keep track of the latest software vulnerabilities that have been discovered. Recently, they released a new, free web-based service called the Secunia Software Inspector. The tool will scan your computer for software that has reported vulnerabilities, and it alerts you of what to do to update your software or address the issue. I don’t know how comprehensive its software list is, but it seems to at least catch major browsers, plug-ins and e-mail clients.
On both my work and home computers, the scanner let me know of a vulnerability for the installed version of Apple QuickTime, as well as remnants of old, trouble-some Adobe Flash installs. I did end up having to go research how to remove old versions of Flash player on my own though. It’s helpful to note Adobe provides a global Flash uninstaller.
The Software Inspector is by no means a replacement for a good anti-virus package or firewall, but it is a nice free service to help keep your machine a little more clean and secure.
Trillian Basic 3 – Fake password security
For awhile now, I’ve used the Trillian Basic instant messaging client, since I have contacts on Yahoo, MSN/Live, and AIM. There have been times when entering the startup password for Trillian, I thought – “Ooops, I fat-fingered that”, only to have Trillian continue to log in. I would shrug and move on, thinking I must have typed it correctly. Yesterday, I was logging into Trillian, and knew that I fat-fingered the password – and Trillian logged in! No errors! Hrmm.. So I did a couple tests:
- I used a completely bogus password – Trillian started right up.
- I tried no password, and yep, Trillian logged right in, no problems.
So the password prompt in Trillian is useless for security as far as I am concerned. This makes me highly question my continued use of Trillian. Does anyone else notice this with their install of Trillian? I’m using Trillian Basic 3.1 (build 121). In the meantime, I’m thankful I have Trillian and its data saved in a TrueCrypt encrypted volume. That still retains some of the security I was assuming was there in the first place.