Lessfeet » Security

Security Alert Ploy

Mark — Thu, 23 Dec 2010 04:26:12 +0000

Wow! That was quit cool. I was just doing some research for a presentation that I’m doing and ran across something which I’ve only dealt with its aftermath.

It is a variation of the anti-virus 2010 a fake anti-malware application that is actually a trap to get you to install a real trojan on your computer. This one said Windows Security Alert and looked very official. It is no wonder people are fulled by this. It really was quit exciting! Exciting for a geek I mean.

Secunia PSI

Mark — Fri, 19 Nov 2010 05:44:11 +0000

The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. The only way to avoid these attacks is to always keep your software up to date. Windows Update does this for your Windows operating system but what does it for the rest of your software. That what Secunia PSI does. It is an invaluable resource.

Get it now!

Security Essentials In Windows Updates

Mark — Sun, 14 Nov 2010 04:15:27 +0000

Microsoft’s very good security suite “Security Essentials” will now be offered in Windows Updates. This is a great step forward in making this very good and free antivirus available to everyone not just to the geeks how know where to find it. The application will only be offered in updates if there is non detected on your computer. So uninstall that Norton’s you haven’t payed for in years and go to Windows.There are so many computer out there with Norton or McAfee trail software that they let laps because they’re not thinking about it or can’t spare the cost of a subscription. Essential is a better, free and now convenient!

HTTPS Everywhere

Mark — Wed, 10 Nov 2010 00:31:37 +0000

In my previous post Firesheep I told you about a very easy hacker tool that enables the user to log in to password protected accounts of others user where the site is not using HTTPS correctly.

Today I found a tool that will provide some protection. HTTPS Everywhere is a Firefox extension that forces a site to use HTTPS if it is available. This can prove invaluable if we are going to continue to use open WiFi hotspots. Although it does not work in every case. The site may not use HTTPS.

HTTPS Everywhere is brought to us by the great people at the Electronic Frontier Foundation who is the leading civil liberties group defending your rights in the digital world.

Firesheep

Mark — Mon, 08 Nov 2010 18:24:27 +0000

Firesheep is a Firefox extension that monitors traffic on a network and records session information that is stored in a Web browser’s cookie. It was introduced last month at Toorcon (a hacker conference in San Diego CA” by Eric Butler of “codebutler” to demonstrate the danger of sites changing their sessions back and forth between secure and insecure.

Very simply Firesheep collects site login information so someone using it can login to those sites using the same credentials. What is so different about this tool is ease of use. You don’t have to be a skilled hacker. Any Joe of the street can use this to collect login information from coffee shop WIFI hotspots. You just manually install the add-on in Firefox(manually because it is not offered by Firefox as a official add-on), turn on the Firesheep sidebar and click “Start Capturing”. Now click on the icon of the site you want to login and your logged in to that persons account. It works with Amazon, Basecamp, bit.ly, eNom, Facebook, Foursquare, GitHub, Google, Hacker News, Harvest, The New York Times, Pivotal Tracker, Twitter, ToorCon, Evernote, Dropbox, Windows Live, Cisco, Slicehost, Gowalla, and Flickr. And coming soon is Yahoo!, eBay, LinkedIn, Digg, Reddit, Wikipedia, Blogger, GoDaddy, Posterous, Tumblr, Netflix, YouTube, Slashdot, MobileMe, PayPal, Salesforce, Craigslist, MySpace, Match, and AOL.

You may think this is a terrible thing and it is in the short term but in the long term it will make the internet much safer by forcing websites to be more security conscious.

Steve Gibson talks about Firesheep on Security Now.

Gina On Lastpass

Mark — Sat, 25 Sep 2010 08:40:19 +0000

Programmer extraordinaire and Lifehacker founder Gina Trapani and Leo Laporte talk about Lastpass the incredible cloud based password manger.

http://video.fastcompany.com/plugins/player.swf?v=a36aa96a78c7c&p=fc_social

You can see this and all of the “Work Smart“

You can find Gina and Leo on “This Week In Google” on the TWiT podcast network.

Create Secure Passwords

Mark — Sat, 17 Jul 2010 08:41:48 +0000

The longer your passwords are the harder they will be to crack. How long should they be and what sort of characters should you use? Steve Gibson on episode 256 of Security Now suggest ten characters. Both upper and lower case with numbers. This gives you 7.6×10 to the 17th power possible character combinations. You could also use twelve characters numbers and lower case alphabet (easier to type) to get a similar amount of randomness. Use Lastpass to generate and manage the passwords securely.

The Lastpast You’ll Ever Need

Mark — Tue, 13 Jul 2010 16:50:15 +0000

For the last six months I’ve been using Lastpass a password manager that is truely extraordinary. Lastpass is easy and safe. Lastpass is everywhere you are. It works on PCs, Macs, Linux and other operating system. It works with Internet Explorer, Safari, Firefox, Chrome and nearly any other web-browser. Adroid phones, iPhones iOS, Blackberry and many other smartphones are supported with apps included with the premium service, cost $12 per year.

Some of Lastpass features are…

Automatically fill forms! See Demo
Synchronizes across browsers!
Store secure notes. See Demo
Easily Import existing passwords form many different sources.
Secure password generator! See Demo
Access from anywhere on any platform.
Save to USB key for easy secure access anywhere.

There are so many features I can’t list them all in this post. The best thing to do is check out their website for a full description or listen to this excerpt from Security Now with security expert Steve Gibson. Steve tells you about the features and the its terrific security.

Most POP Not Secure

Mark — Wed, 07 Jul 2010 06:21:36 +0000

I’m not a kid but I try to keep up with all of the new technology. I am a huge advocate of Gmail and all of the Google apps. I belong to a computer users group. Those of you who have been to a computer users group knows it’s mostly seniors now. I’m 49 and one of the youngest members. Often when I’m proselytizing for Gmail one of the members will say “What about security and privacy?” I will tell them that Gmail with its 256bit AES plus SSL is more secure then what they’re using now, unencrypted POP mail. (Assuming a good pass word is being used.) Anyone on your network can retrieve messages when using POP over port 110.

Here’s Leo Laporte and Steve Gibson of Security Now to tell you more about it.

This is the tool that Leo and Steve were talking about. Ettercap

I posted this earlier but I had the wrong audio file attached.

Add Site To HTTPS Everywhere

Mark — Sat, 10 Apr 2010 20:28:19 +0000

If your using HTTPS Everywhere and you want to add a site that you want to always use HTTS you will have to create an XML file with some simple code in it and save it to the HTTPSEverywhereUserRules/ subdirectory in your Firefox profile directory. This sounds a lot harder then it is.

First open Notepad or a different text editor and paste this code in to it…

  
  

  

Replace the word “twitter.com” with you sites name. Be careful to keep everything else the same like the (\) in (?twitter\.com/). Everything the same except your sites url.

Save the file as “yoursite.xml” without quotes and you’ve made your first XML file.

Copy and paste this file into…

WINDOWS c://program files\Mozilla\Firefox\profiles\HTTPSEverywhereUserRules\. Open that folder and paste “yoursite.xml” in there and close the folder.Open Firefox and go to “Tools”, “Add-ons”, Https Everywhere Preferences. You should see your site listed there.

UBUNTU Go to your name (or Home). Click “Veiw” and “Show Hidden Files”. Open /.mozilla/firefox/p4pcam41/HTTPSEverywhereUserRules/. In in some earlier versions of Firefox it is in /.mozilla/firefox/profiles/HTTPSEverywhereUserRules/.