Posts tagged: security
Coding Horror:
Passphrases are clearly more usable than traditional “secure” passwords. They are also highly likely to be more secure. Even naive worst-case passphrases like “this is my password” aren’t all that hackable, at least when compared to their single word equivalents, eg, “password”.
Yes, I’ve been advocating for pass-phrases ever since I’ve started using 1Password to manage all my credentials.
TorrentFreak:
The Pirate Bay is not only the most visited BitTorrent site on the Internet, but arguably the most censored too. Many ISPs have been ordered to block their customers’ access to the website, and recently Microsoft joined in on the action by stopping people sharing its location with others. Microsoft’s Windows Live Messenger (MSN) now refuses to pass on links to The Pirate Bay website, claiming they are unsafe.
I no longer use MSN.
Public Key Cryptography: Diffie-Hellman Key Exchange
(Source: youtube.com)
Yahoo News:
Train operator SBS Transit has revealed it is unable to rule out any causes, including sabotage, until investigations are completed on the twin faults that caused an almost 11-hour disruption in services on the North East Line (NEL) on Thursday.
That’s the first thing I thought when I saw pictures1 of snapped stainless steel support cables—sabotage.
If found to be true, it looks like there’s an even bigger problem at hand.
pictures seen in the evening news, not cited in the linked article. ↩
publichouse.sg:
We have lost faith in the system.
That’s how Mr Laurence Wong and Mr Paul Liew described their feelings about the way the police have handled the assault case which they were involved in.
Remember the US SEC’s indifference when a member of the public raised concerns over Madoff’s ponzi scheme for over 10 years?
Internet Systems Consortium:
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: “INSIST(! dns_rdataset_isassociated(sigrdataset))” Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.
This is code-red zero-day crisis, affecting all systems administrators that operate BIND.
Nik Cubrilovic:
This howto guide will take you through securing your Facebook account, enable settings for improved privacy, disabling features where your Facebook information can be shared with third-party sites, and finally setting up your browser for private sharing.
If you use Facebook, you’d better have read this article.
Nik Cubrilovic:
Dave Winer wrote a timely piece this morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a users intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see.
Every Facebook user should read this before they continue using Facebook.
According to a new quarterly report from McAfee, Android has now soared to the top as the most targeted platform for malware. In only three months time, Android has gone from third most attacked platform to the first. Another recent report from Lookout claimed a similar upward climb in Android malware infected apps.
Three cheers for AntiVirus vendors on the “open” Android platform. I wonder how battery life will become.
Early this morning word spread that there was a zero day exploit dubbed the “Apache Killer.” The exploit uses malformed Apache byte-range headers to crash the web server. The exploit is effective against the latest versions of Apache as well as versions back to v1.3. Apache announced that they would release a patch within 96 hours.
At CloudFlare, we were asked almost immediately by several users whether CloudFlare protected against this exploit. The answer this morning was no. We faithfully pass through byte-range headers to the origin server and therefore would pass through the attack. The promise of CloudFlare, however, is that as these sorts of incidents come to light we can apply patches to our network to protect our users. So that’s what we did. As of now, about half of our network has implemented protection that will stop the Apache Killer exploit.
That’s fast!
passwdqc is a password/passphrase strength checking and policy enforcement toolset, including an optional PAM module (pam_passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc).
Recently, there has been much talk about tools for generating user-friendly and secure passwords. Personally, I find most of the web-based offerings to be dismal. Thus far, I think pwqgen produces the best pass phrases. Give it a try and you might love it!
On this per head basis, only Singapore, which has been criticised by Human Rights Watch as an “authoritarian state”, asked for private data more frequently than Britain. Australia came third, with 345 requests, and France fourth, with 1,021.
The said report from Google can be accessed here. The data may be interesting to some of you.
This update disables AutoRun entries in AutoPlay, and displays only entries that are populated from CD and DVD drives.
After so many years, Microsoft has finally neutered one of the most annoying Virus-attack vectors—Thumbdrive autorun.inf.
Available on Windows Update and manual download.
When President Obama And Two-Thirds Of The World’s Leaders Gather In New York City, It Is Up To The U.S. Secret Service To Keep Them All Safe.
A very informative and good read!
