October 27, 2010

It Took 'em A Couple of Days

But Computerworld finally published a story touting the same fix for Firesheep that I suggested when I first heard the story.

How to Protect Against Firesheep Attacks

The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.


They link a couple of services from the article.  In addition there is hotspotvpn.com, witopia, and surfbouncer.  Each of which will provide vpn services to keep your free and open browsing safe. 

They also talk about the https-everywhere plugin for Firefox.  That is useful, but only works with FF and it breaks some sites. 

So there ya go.  Browse safely.

Guess I should add that I use a mifi so already pay through the nose to browse safely. heh.

Posted by: Teresa in WebTech at 03:45 PM | Comments (2) | Add Comment
Post contains 149 words, total size 1 kb.

October 26, 2010

The Quest for Better Battery Life

A while back I upgraded my ipod touch (2nd gen) to the new iOS4. I knew it wouldn't multitask, but I wanted the folders for my apps.

It turned out to be a not so great idea. The "update" slowed the app use on the device considerably. They fixed that glitch with a patch in the 4.1 update. However, that still left battery life.

As long as I leave wifi off I get really great battery life. The original OS had very decent battery life no matter how it was being used. Then came the upgrade... wow! Huge impact! Battery life sucked pond water with wifi on - even with the device in the same room with the router (meaning it wasn't a distance issue). 

Today I found this article:

Low iPod Touch battery life may be in the router

The main culprit they suspected was the firmware on my wireless router. Their suggested fix? Update the firmware.


Soooo I checked my router and of course there was a firmware upgrade available.  I have applied it.  I have turned on the wifi on my ipod. I will report the results.  I'm hoping for some good things to come of this.  We'll see.

Posted by: Teresa in WebTech at 05:25 PM | Comments (2) | Add Comment
Post contains 208 words, total size 1 kb.

October 25, 2010

How to Hijack Accounts In One Easy Add-on

Oh for crap sake.  You know in my previous post how I was talking a little bit about https...

Things have just taken a turn for the worse as far as your browsing history goes.   Via Instapundit who links to a Help Net Security post we find that all it takes to grab your twitter/facebook sessions (among other things) is a simple firefox extension and an open network.

Firesheep

After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.

As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:

Double-click on someone, and you're instantly logged in as them.


There are screenshots at the Firesheep link to help you figure it out much quicker.  Then you too can hijack all kinds of accounts.  Fun times!

In the meantime.  If you are at a Starbucks or other location using free, open, wifi.  You may want to seriously consider investing in Hotspot VPN to keep your sessions encrypted. You would need one for any device you use to access the net via an open network - phone, computer, ipad.   This would totally negate the Firesheep plugin no matter where you browse. 

Please note, this is a network problem at the moment not a "phone problem".  For those using something like a G3 connection through your carrier, you should be fine.  If you have your phone set to grab the nearest wifi hotspot so you can save "data charges" on your phone connection - this would be a huge concern for you.   It seems from my twitter/fb streams that many people use phones to message these services. 

This can also be a "wired" network problem (depending on how the network is set up). Most likely this would be a work thing, but schools could also have this problem say if a dorm is wired, it's likely the entire dorm would be on the same network segment.

While twitter and fb are the big news for this tool - you may want to remember this will grab sessions for Amazon, google, and other services that encrypt only the login.  Somewhere (maybe on Firesheep itself) there is a list of sites it recognizes and tries to hijack.

Lovely.

Happy surfing.

Posted by: Teresa in WebTech at 02:24 PM | Comments (4) | Add Comment
Post contains 399 words, total size 3 kb.

Pushing the Creepy Meter

Just in time for Halloween, we have an article detailing the past year of creepy pronouncements from Eric Schmidt, CEO of Google. 

Why does Schmidt keep saying these things?  There could be any number of reasons, but one thing that happens over time, people stop listening.  It's difficult to always be on guard.  Especially when the company in question provides you with all kinds of services that make your life "easier".   People think... well, Schmidt's a flake, but gmail works, my Android phone works, my Chrome browser works, and together it makes it easy to sync up everything. 

You may want to take care though...

Last week there was a quasi-notable news story about Google collecting a bit more on their "Street view" drive-bys than simple routes and pictures.  This particular bit of data collection happened last May.

It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place.


It was any data being transferred at the time of the drive-by.  That means any usernames, passwords sent off in the clear (not encrypted) along with emails, web pages, and just about anything else.  Were you donating money to a political candidate via an unencrypted web page?  Oh yeah, Google street view could pick that up too. 

Google continues to push the envelope of privacy invasion.  It's a reminder to us all.  Whenever you are logging into a page, sending email out, or sending other personal information via the internet, please check for the

https

in the url.  If you don't see the "s" you are sending out in clear text.  Anyone can see it from Google to the neighbor down the street to the kid sitting at a coffee table next to you at Starbucks. 

Scary stuff.

I think I'd rather deal with Jason and Chucky

Posted by: Teresa in WebTech at 12:19 PM | Comments (4) | Add Comment
Post contains 343 words, total size 3 kb.

October 21, 2010

Quit Messing With My System!

As if there haven't been enough problems with work systems lately, now I'm being annoyed by Windows Updates! 

I got a notice this morning telling me there were updates ready to install. 

Okay, fine, let me get it installed.  I go to start up the install and find it's an update for Windows Security Essentials.  That's Microsoft's security suite.   I was given the option of downloading everything or downloading updates to Live programs that I already have.

I asked it to only update what I have... nothing else.  Like that works. 

I always display the update as it is proceeding which is something Microsoft has decided to hide unless you tell it not to. So I'm watching the install when I see it adding in 2011 Messenger! 

What?

I specifically removed Messenger from my system.  I don't use it, I don't like "online chatting" I don't need it.  Now it wants to put it back?  BAH!

I stopped the download and tried to have a look at what was going on.  Just then another "important update" popped into my update box. This one for the Windows Office cloud crap. 

I don't use Microsoft's online storage - I won't be using it.  But now they are pushing an "update" for it?  More like pushing the service onto my desktop and making me then uninstall it. 

This is just as annoying as the Adobe/McAfee product push.

If I want a piece of software on my system, I will put it there!  I don't want someone else putting crap on my system after I have it all cleaned up and running the way I want.  It's irritating and wastes my time.  So to Microsoft... STOP IT!

Posted by: Teresa in WebTech at 01:30 PM | Comments (7) | Add Comment
Post contains 288 words, total size 2 kb.

October 05, 2010

Are Your Patches Up to Date?

A couple of items from today.

First if you still use Adobe Reader or Acrobat, they just released a set of patches today to fix some huge gaping security holes. So patch up please.

Next is a browser scam.

Fake browser warnings dupe users into downloading 'scareware'

Rather than simply warn users that the page they're about to visit may be dangerous -- as do the legitimate alerts -- the sham versions also include a prominent message that suggests downloading a browser security update.

In reality, no browser offers its users security updates from its anti-malware warning screen.

Emphasis above is mine.  With Windows IE your browser updates come with patch updates through Microsoft.  With FireFox it will tell you when you either close or open the browser that an update is ready.  I am assuming the same can be said of Chrome although I don't use that one.  If you get a warning to update your browser from visiting a web page it is fake.

These things are like bedbugs.  Ick.

Windows PCs that have been kept up-to-date with bug patches will be immune from the exploit kit, however.


So patch your system and keep the bugs out!

Posted by: Teresa in WebTech at 09:00 PM | Comments (5) | Add Comment
Post contains 205 words, total size 2 kb.

<< Page 1 of 1 >>
48kb generated in CPU 0.03, elapsed 0.0546 seconds.
72 queries taking 0.0314 seconds, 250 records returned.
Powered by Minx 1.1.6c-pink.