Posts Tagged ‘Security’
Firefox 3 requires secure updates from extensions
I've been using the latest trunk (nightly) version of the Firefox 3 browser for some time now. But it wasn't until recently that I discovered, that it had disabled two of my extensions:
- CoLT
- TinyUrl Creator
The reason was that the extensions didn't provide secure updates, probably to avoid fraud. I checked addons.mozilla.org and noticed, that the entire addons site has changed to a https:// protocol.
I Googled the two plugins and found that they are available from the addons site:
And now they work like a charm. So remember: If you are currently using any extensions for Firefox that uses a regular http:// connection for updating, and you plan on updating to Firefox 3, you should check to see if you can download/install them from a secure location, such as addons.mozilla.org.
Just a tip :-)
Related postsTags: Browsers, Extensions, Firefox, Mozilla, Security, Software
In the rear view mirror: Code injection at Danish news site
On Friday one of the most heavily trafficked news sites here in Denmark, ekstrabladet.dk (where I'm employed) offered its visitor a nasty little treat: A back door on their PC, installed on the computer using some sort of code injection in one of the advertising banners.
The problem has been solved now, with the help of a Danish security firm, and the evil banner, who was sold by a 3rd part of some kind, is no more.
After the incident, the editor wrote an article describing how to check the computer and see, if it had been infected.
The culprit banner has been used on a number of Danish news sites.
This once again shows how important it is to make sure, that someone has some sort of control over the banners, since Danish online news site børsen.dk (according to Danish blogger Dorte Toft) had the same problem earlier this year.
Related postsTags: banners, code injection, dorte toft, ekstrabladet.dk, Security
Oh, how nice: Another PayPal scam
Just got an email from PayPal (allegedly) saying that my account will be closed, unless I click a link in the email to active my account.
This email has scam written all over it. First of all, I doubt that PayPal would ever send out an email like that. Second, the email wasn't even send to me but "mactipper@gmail.com".
Anyhow, here's the text from the email:
PayPal
Information Regarding Your account:
Dear PayPal Member!
Attention! Your PayPal account has been violated!
Someone with ip address 49.225.126.87 tried to access your personal account!
Please click the link below and enter your account information to confirm that you are not currently away.
You have 3 days to confirm account information or your account will be locked.
Click here to activate your account
Thank you for using PayPal!
The PayPal Team
Usually you can spot these scams from the bad grammar. This one's is in the better half but still:
You have 3 days to confirm account information or your account will be locked.
Normally you'd write "your" between "confirm" and "account information".
Soooooo, long story short: Don't click the link, if you get an email like that :-)
Related postsTags: E-mail, Email, PayPal, Scams, Security
Did you know that snooping other people's open WiFi is illegal?
I'm not completely into the regulations here in Denmark on it, but in US of A it's apparently illegal to use someone else's open (as in 'not secured') wireless internet connection.
How’d you like to get arrested for stealing Wi-Fi? As odd as that sounds, it happens. One perfect example of this came out of St. Petersburg Florida in July of 2005. A man was arrested on charges of “unauthorized access to a computer network,” which is a third-degree felony.
Read more:
CyberNet News: "Helpful Tip: Is it Illegal to Use Someone Else’s WiFi?"
Tags: Internet, Security, WiFi, Wireless
Cracking Windows using a bootable Vista DVD
MSBlog has an interesting, and incredibly disturbing, blog post about how much you can do with a Vista bootable DVD.
All a person has to do is to boot a computer into the recovery mode using the command prompt, which doesn't require user name or password. This means, that the cracker can get full access to the hard drive.
Here you have full access to this computer, not only as an administrator but also as a system account user. After this you can insert usb-memory and copy any non-encrypted file from this computer to usb-memory and steal information without leaving any marks to the system or event viewer logs.
Also, you could for example copy SAM-file (contains names and passwords of local users) from c:\windows\system32\config to usb-memory and start cracking computer’s user password at remote computer.
A cracker can:
- copy files from hard disk to USB, floppy or network server
- create / modify / delete files and folders
- use most of the MS-DOS like commands
- use this method in Vista, XP, 200x
As a means of protection Patrick S from MSBlog advices you to the following:
- setup bios boot order so that booting from other media than hard disk is not possible
- setup startup password from your bios (mainly in home computers)
- use hard disk encryption software, if possible (such as bit locker)
- encrypt files and folders using EFS, if mechanisms above are not possible
Tags: Microsoft, Security, Software, Windows
Are you a stupid computer user? Find out here
Via Digg I found a site with a test consisting of 21 questions to determine if you are a "stupid" computer user.
But the site is down right now, so here's the list copied from the Digg page.
My favorite is number 11 :D — although number 7 is somewhat hilarious…Go Clint!
- Do you proclaim, out loud, your three year old knows more about computers than you do?
- Are you still looking for the “Any Key”?
- Do you really think you win something for being the 421,232th visitor?
- Is your only solution to call the family “computer geek”?
- Do you call the thing above the 8 a snowflake?
- Is Netscape 4.7 your default browser?
- Do you believe that the Firefox people are talking about is the 1982 movie about a really cool jet?
- Do the blinking ads compel you to click?
- Are your passwords on a sticky note on your monitor?
- Do you ignore those messages that tell your anti-virus subscription has expired?
- Is your home network’s name “linksys”?
- Do you not believe in a firewall?
- Have you paid for any Geek Squad services?
- Do you anxiously open every attachment in your email?
- When someone is explaining something technical, do you dismiss it as “computer talk”?
- Do you think you can get a free iPod for filling out your zip code?
- Do you believe the IT people have magical powers?
- Do you have a collection of AOL discs?
- Have you hit your monitor when your computer gave an error?
- Do you still the think the Internet is a fad?
- When someone asks what’s wrong with your computer, do you respond with, “It’s running slow”?
Tags: Security
Suggestion: Secure login at Bloglines
I use Bloglines — a lot.
But whenever I'm on a wireless network, that isn't secured or encrypted I refuse to sign in to services that doesn't have a secure login (with https:// in the address bar), since everything transmitted unencrypted via a wireless network may be visible to anyone else on the network.
This means, that I can't sign in to Bloglines as much as I want — especially when I'm currently without internet at home. The result: 7461 unread items.
The login for Gmail is secure, so why not Bloglines?
Update 1
Check Paul Querna's comment below :-)
Tags: Internet, Mobile, Security, Web applications
FBI losing laptops
At CNet Declan McCullagh has a post on how FBI has lost 160 laptops and 160 weapons the last 44 months — one of the laptops contained »names, addresses, and telephone numbers of FBI personnel«.
Also note that most of the laptops apparently were simply lost, not stolen. Comforting.
Related postsTags: Security