Gmail just made it easier for the coffee shop set and security-conscious types to always connect through https://. Gmail Mobile app users should note this glitch before doing so. [via]
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Gmail Offers Always-Secure Option
AVG Free Anti-Virus 2008 Released, Much Improved
Popular freeware anti-virus application AVG Free recently updated to AVG Free 2008. Aside from a general interface overhaul and faster performance, the updated anti-virus scanner has added several new features with a focus on web security.
Secure Your Home Wi-Fi Network
Tech site Ars Technica runs down the basics of securing your home wireless network with the most secure and up-to-date methods. The main takeaway is that when you enable encryption on your wireless router, use WPA encryption instead of WEP, because it's better and stronger.
Unlike WEP, WPA uses a 48-bit initialization vector and a 128-bit encryption key. More importantly, however, WPA uses what's called the Temporary Key Integrity Protocol (TKIP). Whereas WEP recycles the same key for encrypting all the packets flowing across the network, WPA's TKIP changes the encryption key every single time a packet is transmitted. This, combined with the use of longer keys, prevents a hacker from compromising a router simply by passively observing a large enough set of packet transmissions.
Ars lists common home network hardware—from an Xbox 360 to a Wii to an iPhone—and the various protocols they support. Luckily, most do speak WPA.
The ABCs of securing your wireless network [Ars Technica]
Check Your Email Account for Impostors
If you've ever had suspicions that someone may be reading your email but you've never seen proof, weblog MakeUseOf details how to set up an "electronic tripwire" in your email account to keep you aware of email break-ins. The trick uses a web utility called OneStatFree to track file requests, and depends on the email snoop reading this email. Since OneStatFree will let you know if anyone tries downloading the file (and will log the time, IP address, and approximate location of the snoop), you'll know the snoop was there even if the he tries covering his tracks by marking the message as unread.
Are you Sure your Email isn't being Hacked? [MakeUseOf]
Set Up and Control Your Anonymous Browsing with Vidalia
Vidalia, a free, open-source, cross-platform application, makes setting up and configuring Web Proxy Tool TOR a snap, allowing you to surf the internet anonymously with a turn on/turn off utility. VIdalia sets up your system and helps you connect to, and monitor, Tor relays around the world, even letting you see the route your browsing is taking at the moment. You can also monitor bandwith usage and set up your own Tor relay if you want to contribute, but Vidalia's main appeal is the bundling of software and configuration tools that make Tor easy enough for anyone to use. Vidalia is a free download for Windows, Mac, and Linux systems.
Vidalia [via Lifehacker]
Beware of this GMail Security Vulnerability.
Gmail users might want to check your filters to ensure your account hasn't been hacked like this designer's. Google has fixed the vulnerability, but if you were exposed before the fix the filter could still exist in your Gmail account.
a major security flaw in firefox2
Mozilla's Firefox 2.0 has long been considered a safer Web browser than Microsoft's Internet Explorer, but a new flaw in the Firefox Password Manager, which lets users store usernames and passwords for trusted Web sites, could let hackers steal their login data.
The problem, known as a reverse cross-site request, or RCSR, appears on blogs, message boards, or group forums that let users add comments with embedded HTML code.
On sites that allow users to enter code, a hacker can embed a form that tricks the user's browser into sending its username and password information to the hacker's computer. Because the form is embedded on a trusted Web site, the browser's built-in antiphishing protection, which is designed to alert users to fraudulent Web sites, does not detect the problem.
Even worse, hackers can make the deceptive form invisible, meaning users can transmit their private data without even knowing it.
Bug #360493
Mozilla has acknowledged the problem and named it bug #360493. Microsoft has also admitted that RCSR attacks can affect Internet Explorer, but most reports indicate that Firefox is the more likely target because of the way it stores usernames and passwords.
Neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid RCSR attacks simply by disabling their browsers' autosave features for usernames and passwords. In Firefox, the feature is found in the "Options" window under the "Tools" menu.
Mozilla has indicated that it plans a fix in Firefox version 2.0.0.1 or 2.0.0.2.
Fool the Keyloggers !
You are uberGeek...and you knew this trick...didn't you ? Anyway, Private university Carnegie Mellon has written up an interesting [read...OLD and OBVIOUS] method for keeping your passwords safe from keyloggers at public computers.
Read the PDF.
Read the PDF.
Subscribe to:
Comments (Atom)