Ever notice that no matter where you go “Free Public WiFi” seems to be listed as an SSID that you can connect to? Well, lifehacker has a great article about just what that SSID is and why you should never connect to it.
lifehacker: What "Free Public WiFi" Is and Why You Should Avoid It
The short version:
Read the long version on The Huffington Post.
If you’re a Twitter user you may have noticed that this week you might have been forced to change your password. Why? Because so many people use the same password for multiple sites that Twitter was getting hacked as a result. Turns out that so nefarious people were setting up other sites that required users to create usernames and passwords specifically to collect those passwords and try using them on other sites! Please, please, please, do not use the same password on more than one site!
Use a password generator, store your passwords in some secure software or Web site, create a passphrase that you can modify on a site-by-site basis. I don’t care how you do it, just use a different password on different sites. Still going to be lazy about this? Then at least use a different password on the really important stuff like your bank account.
Cross-posted on the ITART blog, The Travelin’ Librarian, and the NLC blog.
Speaking of using good passwords, they most definitely may not be as easy to remember as less secure passwords. How about trying some software to store your passwords. KeePass Password Safe is an open source and free program to do just that.
You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
Features include:
Strong Security
Multiple User Keys
Portable and No Installation Required
Export To TXT, HTML, XML and CSV Files
Easy Database Transfer
Support of Password Groups
Time Fields and Entry Attachments
Auto-Type, Global Auto-Type Hot Key and Drag&Drop
Intuitive and Secure Clipboard Handling
Searching and Sorting
Multi-Language Support
Strong Random Password Generator
Plugin Architecture
Open Source!
We don’t get too technical on this blog all that often. However, I thought several of you would be interested in this one.
If you run a WiFi network that should be secured (i.e. a non-public network such as in your home) you may have heard that you shouldn’t secure it with WEP, but instead use the better WPA. (Let’s not worry about what those acronyms stand for now. If you really want to know I’m sure you can look them up.) If you haven’t heard this before, you have now.
Why, well basically, WEP can be cracked with a little skill and very little time. As this article from Lifehacker shows, all you need is a Wireless adapter, some free software, and the ability to type at the command line.
Don’t want to read the whole article, here’s a 7:44 video on how to do it.
So, check the security settings on your home router. If you’re using WEP to secure your connections, change it to WPA. You’ll infinitely more secure. (Oh, and be sure to pick a good password. A crap password won’t let you be as secure as you can be.)
Previously I’ve mentioned Secunia PSI, software that will scan your computer for insecure software. As important as that software is on all the computers I run, it doesn’t actually find everything. The key is the difference between “insecure” and “out-of-date”. In other words, you might have a program that has no known security vulnerabilities on your computer, but that doesn’t mean it’s the current version. To check for current versions try RadarSync.
Once downloaded and installed RadarSync quickly scans your system looking at the version numbers of your installed programs and hardware drivers. Those numbers will be run against it’s list of current versions. If there’s a newer version available you’ll be given the ability to directly download the new version. Once downloaded you’ll be able to install it directly with the option to first create a system restore point. (I recommend this should you be updating drivers.)
Now that I’ve run both Secunia PSI and Radar Sync, all of my home computers are completely up-to-date and secure. (As secure as any computer can be anyway.)
RadarSync does have a few additional features, such as “packaging” software downloads but that required registration and/or a fee so I’ll not get into them here.
Those that run Web servers know about .htaccess files. These files allow the Web master to control many things about individual directories in their site including setting the default file, pointing to a custom 404 page, redirects to alternative files, and, maybe most importantly, password protect a directory. Trouble is, these files aren’t always the easiest to write exactly correct. One wrong character and you’ve got unexpected results. Thanks to Michael K. Pate, for pointing me to the online .htaccessEditor. Just fill in the form with the setting you want to set and your .htaccess file will be written for you. Once done, just copy the code into the text editor of your choice and save it in the appropriate directory on your Web site. Very simple, very easy.
I’ve recently blogged about different ways to test your Internet connection and it seems that Google shares my interest in this topic currently. They’ve put together the Measurement Lab which collects various online resources for testing your connection. The ones I’ve mentioned here previously are included along with a few others. It looks like they’ll be adding more in the future so this is a site you may want to keep your eyes on.
Yesterday I talked about Switzerland which is a command line tool for testing your ISP for interference and I’d wished there was a GUI version. Well, this morning I have for you Glasnost which is a Java Web-based tool to do just this. Just head on over to the site, and run the test. What could be easier?
In this case Switzerland isn’t a country, it’s a software tool designed by the EFF to help you figure out if your ISP is throttling your bandwidth.
Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren’t for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.
Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.
At this point Switzerland is only a command-line tool so if you’re not comfortable with C:\> then you might not want to delve into this one right now and wait for a GUI.
Oh, and bonus points if you find the source of the quote I used for the title of this post.
