Archive for the 'Security' Category

How secure is your Wi-Fi?

Photo credit: jpbader

You’ve probably heard that Starbucks is now giving its card holders 2 hours [daily] of free wi-fi access in over 70,000 stores across the US. If you want more info, take a look at their FAQ’s.

But, before you rush out and start surfing the Web at your local coffee spot, you might want to think about how secure your laptop is.

In case you don’t know, it is really easy for someone to see – and record – what you’re doing online. All it takes is a packet sniffing program. Packet sniffing is comparable to a wire-tap; the only difference is that it’s done on computer networks instead of telephone lines.

But, before you get all paranoid, don’t forget that even though people can watch what you are doing while you’re enjoying that triple shot latte, it’s more than likely that no one cares.

However, if you do want to protect your data, one simple method is to create a virtual private network, or VPN. Basically all a VPN does is encrypt the information sent over the Internet, both incoming and outgoing, and stops others from viewing your private information.

A free product called Hotspot Shield is available (for PC’s and Mac’s) if you want to give it a shot.

May the force be with you.

Tech Talk Radio and RSA 2008

I’ve had a busy, but great time this week learning about the latest security threats at RSA 2008 for Tech Talk Radio.

I also had a chance to speak with some of the industry’s brightest stars about information security; what’s happening right now, and what we should be concerned about. These will be broadcast on Tech Talk over the next few weeks.

For those that don’t know, RSA is the largest information security conference worldwide.

The letters RSA stand for the first letter of the surnames of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who, in 1977, first described the RSA algorithm at MIT. In cryptography, RSA is an algorithm for public-key cryptography.

I wanted to say a huge thanks to everyone that gave me some of their time.

If you’re interested in hearing what they have to say, consider subscribing to the Tech Talk Radio newsletter, which will give you a heads up just before the interviews go to air.

Security Smackdown

Ed Adams, President and CEO Security Innovation, talks about the Security Smackdown at RSA; and why it’s tricky for developers to keep up with the ever changing vulnerabilities facing information security.

John Carmichael walks us through DOS/DDOS attacks, SQL injection attacks, and Cross Site Scripting (XSS) attacks. If you don’t know what they are, John explains in English, then tells you how to protect your self.

We also have the full Security Smackdown Grand Finale, with the industry’s top minds pacing off and answering questions on the hottest topics. The Grand Finale panel includes Mary Ann Davidson, CSO, Oracle; Charles Kolodgy, senior security analyst for IDC, and John Stewart, CSO, CISCO.

The bad guys are getting older and more malicious while hackers are starting younger

Patrik Runald, security response manager for F-Secure, talks about the vulnerabilities facing consumers today. He gives us some great examples of what the bad guys have been doing, including explanations of DDOS and zombie networks, malware on Macs, and how QuickTime spreads malware.

We also get to hear about last January’s exploit that freezes up Apple’s iPhone; once installed the app displays the word “shoes” and when removed, it removes all files from the directory. It was created by an 11 year old in Poland.

How to use an iPod to hack into a computer

Larry Detar, vice president of EC Council Global Services, gives us a demonstration on how to hack into a computer using an iPod; simple really it turns out. The EC Council provides training in ethical hacking and so you can defend your own network; the course is for everyone, from the receptionist to the C-Suite.

New Generation Hackers and their social media tactics

Christopher Boyd, Director of Malware Research for FaceTime, talks about how social media is being used by the new generation of malware creators, and gives examples of breaches to MySpace, FaceBook, and Google’s Orkut -worth a listen.

Subscribe to Chris’ blog, Vital Security to stay up to date.

Hardcore data security

BenHur Castro, senior director for Seagate’s Consumer Solutions Division, tells us why the Maxtor BlackArmor is better than the rest. Bottom line: It’s an encrypted portable hard drive that uses government grade AES encryption at the hardware level. If you’ve been worried about losing your data, this is the product you need; $149 for 160GB.

Monitor up to three PCs in your house or small business

Amy Barzdukas, senior director Windows Live OneCare, talks about OneCare, an inexpensive solution ($49) that steps up the security already offered in Microsoft’s operating systems. The product offers more than just security, it allows automatic printer sharing, file backups, virus scanning, and monitoring of activity on all PCs hooked up to the OneCare product (up to three PCs per subscription) – pretty neat if you’ve got little people.

Securing GMail

Lid pointed me to an article by Mark Pilgrim, the author of GreaseMonkey Hacks for Firefox, about forcing Firefox to use https, so that you know that your email is secure from any person of ill intent who wants to read your email by monitoring the data being exchange between your machine and Google.

It got me thinking that although this is technically pretty cool in that you can load scripts which can redirect http://mail.google.com to https://mail.google.com automatically, this does raise the possibility of another script being loaded, unbeknowist to you, which changes say https://www.wellsfargo.com to say https://www.weiisforgo.com (they look more similar within the address field of both IE and Firefox with 2 pixels of black being the difference between ‘l’ and ‘i’) and then getting your login details.

difference between l and i

Now Google allows you to access your mail via https, but you need to initiate this by going to https://mail.google.com instead of http://mail.google.com, so if you bookmark the https version, they you are good to go in either Firefox or IE.

It would be nice if Google allowed you to force access via https as one of the gmail account preferences, so if you mistakenly access your mail via http it will warn you.

I didn’t try Yahoo, but Microsoft don’t allow https access to hotmail, or at least provide the hassle free option that Google does, maybe if you throw $’s Microsoft’s way.

Note to Google, why can’t http://www.google.com/mail/help/images/mvideo_thumb.jpg be accessed via https so that IE does not complain about secure and non-secure items being on the same page when you logout (yes you can set “Display mixed content” to prevent this).  Logging in does the same, but I can’t quite figure out the item being referenced via http.  If only Google didn’t obfuscate their pages, then we could easily look, um steal :-) [ happy 25th smiley].

Save yourself the heartache – delete sad e-mails quick

Over the past few days, I’ve received over one dozen e-mails from friends and family, asking me to add my name to a list of people fighting against the miscarriage of justice in the Jamie Bulger case of 1993.

The e-mail is entitled “Remember February 1993”

What blows me away is that within the e-mail it clearly states:

“The Love-Bug virus took less than 72 hours to reach the world, I hope this one does as well”

Do any of the people who sign their name to this know what the Love-Bug virus was, or what it did?

Please, do not send me e-mails to sign or forward on, or send me chain letters where something horrible will happen to me or my family if I choose not to reply.

And if you do, please do not be offended when I delete them without replying.

Yes, the Jamie Bulger case is horrid, yes I feel for his parents (I am a parent – how could I not?).

And this is the point:

The BEST way to spread a virus (interestingly, the method is similar to link baiting) is to make it so emotive, that people are compelled to respond.

Here’s a shocker – viruses, worms, bugs, and all sorts of ugly critters are sent to you more often than not by friends.  Not intentionally, just without consideration or knowledge.

If it is a chain letter, request to sign a petition, an offer of money for a service—like Billy Gates offering $10 for each referral you give him—it is more than likely something that will cause you grief for a long time.

Don’t do it.