Tag: security

A month without Adobe Flash

Tired of distractions zipping around on the screen, as well as the persistent zero-day security warnings (and related “emergency” updates), I removed Adobe Flash from my laptop one month ago today.

What have I missed?

An auto-playing video of some news media talking head?

An auto-playing video of some news media talking head?

Nope. They are the main reason the volume was always muted.

The random sidebar ad somebody paid for?

The random sidebar ad somebody paid for?

Pretty much ignored those regardless.


Von Beardly theatrics?

I would have missed that. But I don’t have to (at least not with Safari).

MG signing off (sans Flash, and without the remotest inclination to reinstall it either)

Apple’s services security goof

Apple‘s OS X operating system is, in this user’s opinion, a bastion of security. It all boils down to its UNIX roots, and it’s that fact, not the famed usability, that won me over. Considering that, you’d think Apple could apply some similar know-how to the fortitude of their services, but alas my iTunes account has been disabled. The situation could have been easily avoided too.

I’ve been receiving these notices intermittently for some time…

Apple security

(more…)

(Re)introducing Brian Krebs

I’ve been following the Washington Post’s Security Fix blog since the Spamroll days. Its author, Brian Krebs, was one of the most insightful internet security journalists around. He still is, only he isn’t working for WaPo anymore. Brian’s now doing his own thing, at Krebs on Security.

December 29th was the (re)start date, meaning you can still get caught up. And with internet privacy and security perpetually at the forefront of issues net-denizens face (even if they don’t know it until their identity is stolen), I suggest you do. Get caught up that is.

Krebs on Security…stuff the RSS feed in your reader before it’s too late.

MG signing off (to stay secure)

Practice diligence to avoid fear of the web

Eduardo Porter of the New York Times:

A few months ago, I nervously created my first Facebook page with the minimum necessary information to view pictures posted by old friends.

I returned to the page a few days later to discover that somehow it had found out both the name of my college and my graduation class, displaying them under my name. I have not returned since. In the back of my mind, I fear a 28-year-old hacker and a couple of Russians have gathered two more facts about me that I would rather they didn’t have. And it’s way too late to take my life offline.

There is no doubt that Facebook knows a lot about you. Me too, and I’ve only been on it a few weeks.

I’ve spent my time configuring my profile with an eye to keep my friends protected – plenty of lists with different access rights, for business and pleasure, and I’ve taken to ignoring most apps (with particular emphasis on polls and the like). While it is but simple diligence, I’m pretty sure it will do the trick just fine for “marketing threats.” But only time will tell. If you are still running around the web like a chicken with its head cut off, you might also want to bookmark this free educational resource from Verisign on how to stay safe on the web. There’s a hefty section on social networks within.

As for Facebook itself having all that data at its disposal, well that is the price you pay. But you never know when someone might cook up a solution for that too.

Stuff YOU might have missed if YOU have been fly fishing too much – 07/13/09

Technology

  • RSA’s Coviello: Cloud Computing Not Secure Enough [PC World] – Web 2.0 and widgets led to the cloud computing craze, so it’s no wonder security wasn’t part of the deal. Nonetheless, while RSA has a clear vested interest in pitching more secure web apps, I’m in complete agreement with Mr. Coviello. Only I don’t think RSA will be the sole innovator in the space.
  • Are You Helping Facebook Outrank You For Your Brand Name? [search engine land] – Get lots of attention over at a site you don’t control, and lose control of your brand in the process.
  • How to Ease Your Transition to Google Voice [LifeHacker] – The dial once, ring everywhere service formerly known as Grand Central is getting aggressive with invitations (even I got one), but I think Google really needs to add the ability to port numbers before it really takes off. PS: I heard Google is using the voicemail service to perfect it’s own text-to-speech services. Is that true?
  • Flickr adds direct-to-Twitter publishing [VentureBeat] – Now playing on Flickr, a way to automatically tweet your photos as you post them. This geek couldn’t figure out if the service would tweet all your photos or whether it could be done on a selective basis, but he couldn’t figure out how to link his Twitter account with his Flickr account either. Then he bailed on the idea altogether.
  • Finance

  • What’s North Dakota’s Secret? [Forbes] – North Dakota had twice the growth of the any other state in 2008, except Wyoming, which it still handily trounced. It presently has the lowest unemployment in the nation, and the 20th ranked GDP per capita. And a budget surplus. Huh?
  • U.S. Home Prices to Fall Through 2011’s First Quarter [Bloomberg] – Unemployment becomes the next leg in the foreclosure boom, and more than half of the major cities in the US are expected to see falling prices for the next two years.
  • The Rental Market Stinks Too [The Atlantic] – While some thought rising foreclosures would lead to rising rental prices as former homeowners mortgagees bailed, the opposite has happened in many places.
  • Mean Street: California IOUs and the Great American IOU Market [WSJ Deal Journal] – Banks won’t take them, and recipients have to eat. The SEC is coming to the rescue, declaring California’s funny money a municipal security and hoping a regulated market will arise for their trade. I wonder if anyone will be allowed to short them.
  • Fly Fishing

    Give yourself a break, will ya’?

    Adieu.

    Running a secure web server on your Leopard-powered Mac

    This is not something most of you would want to do, but I’m in the midst of a project that requires SSL for testing purposes. My MacBook Pro serves as a primary communications center, research tool, and as the access interface to the blog blather you’re reading right now. Plus, it’s one hell of a development platform too. SSL is a big part of building secure web services, so I’m putting this forth just in case.

    Quick note: this is a fairly detailed process, so take a firm hold of the wheel and be prepared for a lengthy ride. You are going to need your terminal and su access. You will be generating encryption keys and certificates, and editing Apache conf files, after the jump.

    (more…)

    Who’s got the spam: MySpace or Facebook?

    And what about the app providers themselves

    Kristen Nicole asked: “When Did Facebook Get More Spammy than MySpace?” It’s all the buzz since the BBC reported that a widget third-party application can be used to gather personal data on its users – Facebook security.

    Why there is an expectation that social network abuse wouldn’t grow inline with network expansion itself I cannot answer. Maybe it’s the morass of privacy settings available to the user – kind of like a security blanket even if you don’t have the time or the inclination to work through them all. Could it be the consistent public relations byline coming out of the organizations themselves? Or maybe it’s the constant buzz from the blogosphere and media. Personally, I expected the spam.

    Nonetheless, I’m first to point fingers at the buzz. Quick and dirty searches for the two kings, associated with the word “spam,” produced the following results:

    Not really much of a winner here. While even my own search results show Facebook in the lead, 10 hits to 2 hits, those figures are statistically insignificant. As is, I believe, the concept of spammers doing measurable damage inside the networks.

    What I’d be more concerned about is this…

    Facebook (and I’m sure MySpace) has the resources to put the kibosh on these issues (and Facebook is already claiming they pay careful attention to potential problems, although some of effort is aligned with natural attrition). But what about the application providers themselves?

    The prevalent business model for the apps seems to be new media targeted marketing (i.e. internet advertising) – the apps/providers are collecting data…right? How good is their security? And how long before malcreants start mugging them instead of chasing their tails inside the fortresses?

    Why Bruce Schneier Having An Open Wi-Fi Network Is No Good Reason For You To

    Bruce Schneier, cryptography king, keeps his home network open. And despite what Tim Lee wrote in support of the idea, please don’t listen.

    The justification is that the risk of someone using your network for illegal means is very low, while the risk of you getting hacked at the local coffee shop is potentially higher. Hence, worry about your machine, not your home connection.

    I say BLAH! This piss poor argument ignores two significant points:

    1) There is little or no benefit to you from opening your network; and

    2) It takes minimal effort to secure your network with a password.

    The risks may be low, but meanwhile you have nothing to gain. Meanwhile, the effort necessary to provide that little extra layer of protection likely outweighs the cost of that single long tail incident – one that could potential cause you tons of legal hassles.

    If you are hell bent on providing web access to home visitors, I’ll take for granted that you trust them. Give them the key, like I do. Or if you’re wearing a tinfoil hat as you hand them their coffee, ask them to allow you to type it in yourself.

    UPDATE: Being open can cause hassles (unless you don’t consider having your computer confiscated by less than technology savvy law enforcement officers a hassle).

    Black Hats on OpenID

    Just a couple of points on OpenID security – may be redundant to those who have already thought through this stuff.

    Facebook Search Code Leaked

    More security problems for Facebook. Add it to this previous post and roundup – it almost seems a pattern is emerging. First you open up, and everyone raves. Then you start putting out fires. Nevertheless, I truly hope Facebook gets these problems ironed out.

    Meanwhile, the Facebook fanboys are so quiet you can hear crickets chirping. scratch that

    UPDATE: Google has now removed the Blogspot blog that was displaying the stolen code (probably for the same reason I refused to link to it). You can probably assume it is not in the search index either, and if Google is on a nice-kick, they’ll hopefully remove other site pages showing the code as well.