“But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.”
Ever notice that no matter where you go “Free Public WiFi” seems to be listed as an SSID that you can connect to? Well, lifehacker has a great article about just what that SSID is and why you should never connect to it.
If you’re a Twitter user you may have noticed that this week you might have been forced to change your password. Why? Because so many people use the same password for multiple sites that Twitter was getting hacked as a result. Turns out that so nefarious people were setting up other sites that required users to create usernames and passwords specifically to collect those passwords and try using them on other sites! Please, please, please, do not use the same password on more than one site!
Use a password generator, store your passwords in some secure software or Web site, create a passphrase that you can modify on a site-by-site basis. I don’t care how you do it, just use a different password on different sites. Still going to be lazy about this? Then at least use a different password on the really important stuff like your bank account.
Speaking of using good passwords, they most definitely may not be as easy to remember as less secure passwords. How about trying some software to store your passwords. KeePass Password Safe is an open source and free program to do just that.
You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
We don’t get too technical on this blog all that often. However, I thought several of you would be interested in this one.
If you run a WiFi network that should be secured (i.e. a non-public network such as in your home) you may have heard that you shouldn’t secure it with WEP, but instead use the better WPA. (Let’s not worry about what those acronyms stand for now. If you really want to know I’m sure you can look them up.) If you haven’t heard this before, you have now.
Why, well basically, WEP can be cracked with a little skill and very little time. As this article from Lifehacker shows, all you need is a Wireless adapter, some free software, and the ability to type at the command line.
Don’t want to read the whole article, here’s a 7:44 video on how to do it.
So, check the security settings on your home router. If you’re using WEP to secure your connections, change it to WPA. You’ll infinitely more secure. (Oh, and be sure to pick a good password. A crap password won’t let you be as secure as you can be.)
Previously I’ve mentioned Secunia PSI, software that will scan your computer for insecure software. As important as that software is on all the computers I run, it doesn’t actually find everything. The key is the difference between “insecure” and “out-of-date”. In other words, you might have a program that has no known security vulnerabilities on your computer, but that doesn’t mean it’s the current version. To check for current versions try RadarSync.
Once downloaded and installed RadarSync quickly scans your system looking at the version numbers of your installed programs and hardware drivers. Those numbers will be run against it’s list of current versions. If there’s a newer version available you’ll be given the ability to directly download the new version. Once downloaded you’ll be able to install it directly with the option to first create a system restore point. (I recommend this should you be updating drivers.)
Now that I’ve run both Secunia PSI and Radar Sync, all of my home computers are completely up-to-date and secure. (As secure as any computer can be anyway.)
RadarSync does have a few additional features, such as “packaging” software downloads but that required registration and/or a fee so I’ll not get into them here.
Those that run Web servers know about .htaccess files. These files allow the Web master to control many things about individual directories in their site including setting the default file, pointing to a custom 404 page, redirects to alternative files, and, maybe most importantly, password protect a directory. Trouble is, these files aren’t always the easiest to write exactly correct. One wrong character and you’ve got unexpected results. Thanks to Michael K. Pate, for pointing me to the online .htaccessEditor. Just fill in the form with the setting you want to set and your .htaccess file will be written for you. Once done, just copy the code into the text editor of your choice and save it in the appropriate directory on your Web site. Very simple, very easy.
I’ve recently blogged about different ways to test your Internet connection and it seems that Google shares my interest in this topic currently. They’ve put together the Measurement Lab which collects various online resources for testing your connection. The ones I’ve mentioned here previously are included along with a few others. It looks like they’ll be adding more in the future so this is a site you may want to keep your eyes on.
Yesterday I talked about Switzerland which is a command line tool for testing your ISP for interference and I’d wished there was a GUI version. Well, this morning I have for you Glasnost which is a Java Web-based tool to do just this. Just head on over to the site, and run the test. What could be easier?