How Apple and Amazon Security Flaws Led to My Epic Hacking

Posted on August 7, 2012 by msauers

“But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.”

Read the full article @ Wired.com

What "Free Public WiFi" Is and Why You Should Avoid It

Posted on October 22, 2010 by msauers

Ever notice that no matter where you go “Free Public WiFi” seems to be listed as an SSID that you can connect to? Well, lifehacker has a great article about just what that SSID is and why you should never connect to it.

lifehacker: What "Free Public WiFi" Is and Why You Should Avoid It

Safely Surfing the Public Wi-Fi

Posted on July 12, 2010 by msauers

The short version:

Turn off all Sharing
If you have VPN Access, use it !
Ensure you’re using SSL
Limit your connection time
Keep your device up to date

Read the long version on The Huffington Post.

Don’t reuse passwords!

Posted on February 4, 2010 by msauers

If you’re a Twitter user you may have noticed that this week you might have been forced to change your password. Why? Because so many people use the same password for multiple sites that Twitter was getting hacked as a result. Turns out that so nefarious people were setting up other sites that required users to create usernames and passwords specifically to collect those passwords and try using them on other sites! Please, please, please, do not use the same password on more than one site!

Use a password generator, store your passwords in some secure software or Web site, create a passphrase that you can modify on a site-by-site basis. I don’t care how you do it, just use a different password on different sites. Still going to be lazy about this? Then at least use a different password on the really important stuff like your bank account.

Cross-posted on the ITART blog, The Travelin’ Librarian, and the NLC blog.

Keep your passwords safe

Posted on July 14, 2009 by msauers

Speaking of using good passwords, they most definitely may not be as easy to remember as less secure passwords. How about trying some software to store your passwords. KeePass Password Safe is an open source and free program to do just that.

You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Features include:

Strong Security
Multiple User Keys
Portable and No Installation Required
Export To TXT, HTML, XML and CSV Files
Import From Many File Formats
Easy Database Transfer
Support of Password Groups
Time Fields and Entry Attachments
Auto-Type, Global Auto-Type Hot Key and Drag&Drop
Intuitive and Secure Clipboard Handling
Searching and Sorting
Multi-Language Support
Strong Random Password Generator
Plugin Architecture
Open Source!

Why you should be using WPA instead of WEP to secure your WiFi network

Posted on July 13, 2009 by msauers

We don’t get too technical on this blog all that often. However, I thought several of you would be interested in this one.

If you run a WiFi network that should be secured (i.e. a non-public network such as in your home) you may have heard that you shouldn’t secure it with WEP, but instead use the better WPA. (Let’s not worry about what those acronyms stand for now. If you really want to know I’m sure you can look them up.) If you haven’t heard this before, you have now.

Why, well basically, WEP can be cracked with a little skill and very little time. As this article from Lifehacker shows, all you need is a Wireless adapter, some free software, and the ability to type at the command line.

Don’t want to read the whole article, here’s a 7:44 video on how to do it.

So, check the security settings on your home router. If you’re using WEP to secure your connections, change it to WPA. You’ll infinitely more secure. (Oh, and be sure to pick a good password. A crap password won’t let you be as secure as you can be.)

Another way to keep your PC up-to-date

Posted on June 10, 2009 by msauers

Previously I’ve mentioned Secunia PSI, software that will scan your computer for insecure software. As important as that software is on all the computers I run, it doesn’t actually find everything. The key is the difference between “insecure” and “out-of-date”. In other words, you might have a program that has no known security vulnerabilities on your computer, but that doesn’t mean it’s the current version. To check for current versions try RadarSync.

Once downloaded and installed RadarSync quickly scans your system looking at the version numbers of your installed programs and hardware drivers. Those numbers will be run against it’s list of current versions. If there’s a newer version available you’ll be given the ability to directly download the new version. Once downloaded you’ll be able to install it directly with the option to first create a system restore point. (I recommend this should you be updating drivers.)

Now that I’ve run both Secunia PSI and Radar Sync, all of my home computers are completely up-to-date and secure. (As secure as any computer can be anyway.)

RadarSync does have a few additional features, such as “packaging” software downloads but that required registration and/or a fee so I’ll not get into them here.

Easily Create .htaccess Files Online

Posted on March 13, 2009 by msauers

Those that run Web servers know about .htaccess files. These files allow the Web master to control many things about individual directories in their site including setting the default file, pointing to a custom 404 page, redirects to alternative files, and, maybe most importantly, password protect a directory. Trouble is, these files aren’t always the easiest to write exactly correct. One wrong character and you’ve got unexpected results. Thanks to Michael K. Pate, for pointing me to the online .htaccessEditor. Just fill in the form with the setting you want to set and your .htaccess file will be written for you. Once done, just copy the code into the text editor of your choice and save it in the appropriate directory on your Web site. Very simple, very easy.

Google's Measurement Lab

Posted on February 11, 2009 by msauers

I’ve recently blogged about different ways to test your Internet connection and it seems that Google shares my interest in this topic currently. They’ve put together the Measurement Lab which collects various online resources for testing your connection. The ones I’ve mentioned here previously are included along with a few others. It looks like they’ll be adding more in the future so this is a site you may want to keep your eyes on.

Glasnost

Posted on January 30, 2009 by msauers

Yesterday I talked about Switzerland which is a command line tool for testing your ISP for interference and I’d wished there was a GUI version. Well, this morning I have for you Glasnost which is a Java Web-based tool to do just this. Just head on over to the site, and run the test. What could be easier?

ITART

The Information Technology & Access Round Table

Category Archives: security