« Alternative Apps | Main | Bluetooth »

Wednesday, January 06, 2016

Internet Explorer Support Ends 12 Jan 2016

Should you still be using Microsoft Internet Explorer as your default browser you have less then one week to find a new one such as Firefox, Chrome or Opera.

Posted by Matthew Carrick at 9:08.47 PM EST | Permanent Link

| Categories: Best Practices, Internet Explorer, Mozilla Firefox, Opera

Saturday, April 12, 2014

Heartbleed woes

The Heartbleed programming bug has been (mostly) patched as of 07 April 2014. Now that the server end of the problem has been fixed it is up to you (the client) to examine the possibility that a number of sites may have exposed your passwords to evil doers.

A reasonably comprehensive list compiled by Mashable may be found here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. Check the list and change your passwords if required.

You may also want to take the time to change those passwords that you a) have not changed for over six months b) are duplicates of other sites since it is a very bad idea to use the same password on different sites c) are very weak (password1234 . . . hahahahahaha) or d) is composed of words or phrases found in dictionaries or books.

Posted by Matthew Carrick at 12:42.29 PM EDT | Permanent Link
Edited on: Saturday, April 12, 2014 1:16.37 PM EDT
Comment by Doug - Sunday 18th January 2015 03:43:44 PM

Hello Sir,

Did you get my email from yesterday?

Thanks

| Categories: Best Practices, Open Source, Privacy Issues, Security Alerts

Tuesday, March 04, 2014

Cellophane tape is your friend

When not using your webcam unplug it from your computer. You can also slap a small square of cellophane tape over the camera lense on your laptop. Use a physical cover to mask your smartphones camera lense.

Having the GCHQ spy on you is one thing, but ewwww.

Thursday, September 19, 2013

Internet Explorer Zero-day Exploit

Microsoft has released a "Fix-it" for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Posted by Matthew Carrick at 10:42.01 AM EDT | Permanent Link
Comment by Matthew - Thursday 19th September 2013 11:49:43 AM

NOTE: This fix is only for 32-bit Internet Exploder.

| Categories: Best Practices, Internet Explorer, Privacy Issues, Security Alerts

Saturday, May 11, 2013

Internet Explorer 8 Zero-day Exploit

Microsoft has released a "Fix-it" (because calling it a "patch" sounds icky?) for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Thursday, March 21, 2013

1234

An anonymous individual has taken the time to run a limited test to see how many devices (routers, printers, PC's, laptops, etc.) connected to the Internet are still set with their default password. The answer? Too many! The Abstract is here. So, always always change the default username and password for every device you own. It should be a minimum of eight characters that includes upper case, lower case and symbols. Finally, no matter how nice it is to use your cats name or your middle name . . . don't! No username or password should be related to you in any way as this makes cracking them far easier.

Posted by Matthew Carrick at 10:34.40 AM EDT | Permanent Link
Edited on: Thursday, March 21, 2013 11:27.08 AM EDT

| Categories: Best Practices, Headlines, Security Alerts

Saturday, February 02, 2013

Twitter Hack and Java

The recent hack of Twitter appears to have been accomplished via some Java exploit. The insecure nature of Java is well known and unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows. If you do require Java you need to uninstall the Java plugin for browsers. Check out 'ole Krebs on Security for the details.

If you keep Java set it to auto-update once a day. Handy, dandy screencaps illustrating the simple process are here.

Thursday, January 24, 2013

A hot CPU is an unhappy CPU

Every so often it is a good idea to crack open the case on your desktop computer and vacuum the accumulated debris from the motherboard. Always unplug the power cord first. Use of the crevis or brush attachment is highly recommended to lessen the chance of damage. A can of compressed air is also an excellent tool to remove crud from hard to access nooks and crannies.

A CPU that has become covered in a dust blanket will run much hotter than it was designed to and this could cause the CPU to fail. A dust covered fan unable to help cool down the CPU could also result in a fried CPU.

Component cards (video, audio, etc.) may also fail should they become too hot. A computer's power supply, which typically has its own fan, can also fail. In this case it is not unheard of that combustion may occur.

If you own a laptop or tablet you should get into a regular habit of clearing out the debris with the afore mentioned can of compressed air. Even your smartphone would appreciate a quick blast of air to clear the gunk from its vents, ports, speakers, etc..

Posted by Matthew Carrick at 11:31.54 AM EST | Permanent Link
Edited on: Wednesday, October 16, 2013 11:31.51 PM EDT

| Categories: Best Practices

Wednesday, November 14, 2012

Windows Updates Available

It's time to run Windows Update (assuming you don't do it automagically) to take care of a bunch of security holes that could, of course, allow evil-doers to run evil-doer type exploits on your system. Remember to restart your computer when asked - not later. Later is too late. Later is unacceptable as you would still be vulnerable to the very problems the Windows Updates are meant to address!

Posted by Matthew Carrick at 5:28.16 PM EST | Permanent Link
Edited on: Wednesday, November 14, 2012 5:47.40 PM EST

| Categories: Best Practices, Security Alerts

Wednesday, September 19, 2012

Critical Internet Explorer Hole

Those still using Internet Explorer as their browser of choice are well advised to use an alternative such as Firefox, Chrome or Opera to avoid being a victim of the latest security problem. According to several sources a Microsoft FixIt patch will be issued ASAP to solve the issue - at that time you can apply the patch and go back to using Internet Exploder. An exhaustive exploration of the problem (and a partial fix) can be viewed at https://krebsonsecurity.com.

Posted by Matthew Carrick at 9:30.20 AM EDT | Permanent Link
Comment by Matthew - Wednesday 19th September 2012 08:44:13 PM

Damn, that was quick! Visit http://support.microsoft.com/kb/2757760 to apply the FixIt.
Comment by Byte me - Saturday 03rd November 2012 06:10:02 PM

I never met a hole I didn't think was critical.

| Categories: Alternative Apps, Best Practices, Google Chrome, Java, Mozilla Firefox, Opera, Security Alerts

Wednesday, June 13, 2012

Microsoft FixIt Released

Hot on the heels of the June 12th 'Patch Tuesday' Microsoft has released one of its FixIt tools. This addresses a flaw in Internet Explorer that could allow attackers to take control of users systems after they simply visit a specially authored Web page. These FixIt tools are released before official patches are available and help to protect users between each 'Patch Tuesday'.

Visit http://support.microsoft.com/kb/2719615 and click on the Icon entitled 'Enable'. If the Fixit causes some strange behavior in your system them navigate back to the page and click the Icon entitled 'Disable'.

Posted by Matthew Carrick at 9:59.34 AM EDT | Permanent Link

| Categories: Best Practices, Internet Explorer, Security Alerts

Saturday, March 17, 2012

Just for Russ ;)

Avast! anti-virus has dropped iYogi as its software support. Numerous instances of shady dealings with Avast! customers being told that their systems were compromised in order to sell pointless upgrades have come to light.

So, the next time you receive strange pop-ups or voice calls relating to even trusted software vendors take a second to run a search to see if it might be bull-cookies. Or, contact you favorite tech wizard and see if they have any inside info that may help you avoid the evil-doers.

Got it Russ?

Posted by Matthew Carrick at 8:50.21 AM EDT | Permanent Link

| Categories: Best Practices, Privacy Issues

Thursday, September 08, 2011

You're all a bunch of thieving crooks.

A report from the Business Software Alliance (BSA) appears to show that most people have illegal or pirated software on their PC's. A Google news search gives you a good overview.

Tsk-tsk-tsk - you people should be ashamed.

Be aware that you will eventually be plagued with a piece of software containing a virus, spyware, malware, trojan or some other evil bit.

Try using open source software or look into searching for well written applications whose cost is rarely above $50.00 and generally provide years of free updates. Sweet.

Posted by Matthew Carrick at 2:24.16 PM EDT | Permanent Link
Comment by The Penguin - Saturday 26th November 2011 12:44:35 PM

Thieving crooks? Thieving crooks?! THIEVING CROOKS?!?!?!

| Categories: Adware/Spyware, Alternative Apps, Best Practices, Headlines, Openoffice.org, Open Source, Privacy Issues, Security Alerts, Viruses-Trojans-Worms

You're all a bunch of thieving crooks.

A report from the Business Software Alliance (BSA) appears to show that most people have illegal or pirated on their PC's. A Google news search gives you a good overview.

Tsk-tsk-tsk - you people should be ashamed.

Be aware that you will eventually be plagued with a piece of software containing a virus, spyware, malware, trojan or some...

Sunday, September 04, 2011

What's on Your PC?

Do you know what software is on your PC? A woman in Vancouver now knows. A software application meant to allow a PC to be tracked via its IP address was also taking pics via its built-in webcam. This at the same time she was ingaging in, ahem, risque conduct with a 'special friend' if-you-get-my-drift. The Mothercorps has the story here.

Posted by Matthew Carrick at 12:52.12 PM EDT | Permanent Link

| Categories: Best Practices, Privacy Issues, Security Alerts

What's on Your PC?

Do you know what software is on your PC? A woman in Vancouver now knows. A software application meant to allow a PC to be tracked via its IP address was also taking pics via its built-in webcam. This at the same time she was ingaging in, ahem, risque conduct with a 'special friend' if-you-get-my-drift. The Mothercorps has the story here.

Posted by at 12:52.12 PM EDT | Permanent Link

| Categories: Best Practices, Privacy Issues, Security Alerts

Sunday, June 19, 2011

Different Passwords for Each Site

LulzSec hacker collective has likely compromised various sites (Facebook, PayPal, Xbox Live, Twitter, etc.) where they harvested user login info.

Folks still using identical credentials for multiple sites may find all of them compromised.

Posted by Matthew Carrick at 9:52.02 PM EDT | Permanent Link
Edited on: Tuesday, June 21, 2011 10:36.23 AM EDT
Comment by Matthew - Tuesday 21st June 2011 10:40:41 AM

Check for your cracked credentials at: http://dazzlepod.com/lulzsec/ So, at least use strong passwords (eight characters minimum including upper and lower case letters, symbols, numbers and never any word that can be found in a dictionary) even if your username is the same (and good luck with that).

But, never ever use the same username and password on more than one site.

| Categories: Best Practices, Privacy Issues

Wednesday, March 16, 2011

Internet Explorer 9 Filters ActiveX

Microsoft's Internet Explorer 9 (IE9) allow for filtering of ActiveX controls. This should allow for much greater security from devious scripts. All you Windows XP users are out of luck as IE9 will not run on this Operating System (OS). Use Firefox, Opera or Chrome browsers for maximum security under Windows XP. If you run Windows 7 or (gasp) Windows Vista you can and should use IE9.

Tuesday, February 15, 2011

Unusual Usernames Best?

It seems unusual usernames used on multiple sites hurt rather than help you stay less tracked on the Internet than you are now. The report from MIT (here) seems to indicate that by mining data scammers can more easily assign names to the data which helps them build a profile of you. The worse consequence of this would be for folks who use the same password for multiple sites. Think about it. To quote the article:
"What's important is that people pick different passwords for different Internet sites, and that knowledge of their password for one site does not provide any useful clues toward deducing their passwords on other sites."
So, jkuhytg56, who uses the same password of 1234 on 32 sites, is in deep, deep trouble.
Posted by Matthew Carrick at 12:34.48 AM EST | Permanent Link

| Categories: Best Practices

Thursday, December 23, 2010

IE Exploit for Xmas!

Microsoft's Internet Explorer is the target of a new zero day attack.
Best Practice? If you're using IE, stop.
If you must use IE then perhaps Sandbox it with Sandboxie.
Why not try Firefox (with the awesome No-Script Add-on) or Opera instead?
Safer, Better and hip . . . like the kids say.
Posted by Matthew Carrick at 10:26.44 PM EST | Permanent Link
Comment by Matthew - Wednesday 05th January 2011 08:29:54 PM

Bill has posted a 'Fix it' for this annoyance here: http://support.microsoft.com/kb/2490606

| Categories: Adware/Spyware, Best Practices, Internet Explorer, Mozilla Firefox, Opera, Privacy Issues, Security Alerts, Viruses-Trojans-Worms

Monday, November 08, 2010

Firefox BlackSheep: Anti-Networking Sniffing Tool

Not too long ago a Firefox extension called Firesheep designed to (according to the writeup at Lifehacker.com) ". . . sniff out weak security and/or hijack web site credentials on open Wi-Fi networks." was released. While useful for legitimate tasks it also gave crackers a tool that could allow them obvious access to PC's at your local coffee shop.

Now BlackSheep, an anti-Firesheep tool has been released. It is designed to alert you whenever Firesheep is active on your local network.

If you frequent establishments where you use Wi-Fi you might consider using this Firefox extension. The download page is here: http://www.zscaler.com/blacksheep.html

You should also look into grabbing the HTTPS Everywhere Firefox extension which encrypts your entire session not just the login portion.

Monday, July 05, 2010

Critical Microsoft Fixit

Bill has announced that an unpatched critical security hole in Windows XP operating systems is a genuine threat. A temporary patch using Microsoft Fix it is available here - after the .msi file downloads double-click it and the install is self-explanatory. Users who apply this patch will not need to uninstall it before applying the official patch when it becomes available towards the middle of July.

Sunday, June 27, 2010

Restart Later?

Using Windows XP means having to restart the OS on a regular basis for many reasons. Many times you may be in the midst of something and choose to restart later. Rebooting your PC is also forced upon you at times and again it always seems to happen when you are knee-deep into something that causing you to reboot later - much later.

When you install software applications under Windows XP the installer (such as InstallShield) will frequently suggest you close all other programs before continuing the install. Oh, sure. As if.

Best practice sez: Restart, reboot and close all other programs before continuing the install and your XP box will be better behaved. There is much less chance of software or hardware conflicts if you plan ahead to avoid doing anything later.

Restart, reboot and close when asked.

Posted by Matthew Carrick at 10:11.56 AM EDT | Permanent Link

| Categories: Best Practices

Tuesday, March 02, 2010

Internet Explorer F1 Key Flaw

If you use any of the last several versions of Internet Explorer you are advised to not press the F1 key if prompted by any web site. A flaw has been discovered that could open up your Windows machine (except Vista, way to go Bill!) to evil-doers. The Microsoft Security Advisory (981169) is here: http://www.microsoft.com/technet/security/advisory/981169.mspx

The quote from Microsoft below:

Successful exploitation of this vulnerability requires that users assist the exploit by pressing the F1 key on their keyboard. Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.

Consequently, malicious Web sites may attempt to persuade users into pressing the F1 key. Such a Web site could invoke an endless loop of dialog boxes that tell the user to press the F1 key to end the loop, or offer information such as pricing information or help to be revealed through the F1 key.

Users are advised to avoid pressing F1 presented by Web pages or other Internet content. If a dialog box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to terminate the Internet Explorer process.

Posted by Matthew Carrick at 1:37.10 PM EST | Permanent Link

| Categories: Best Practices, Internet Explorer, Security Alerts

Friday, February 12, 2010

Adobe Flash Security Upgrade

Adobe has released an out-of-sequence update of its Flash Player that fixes two critical security holes in its Web browser plugin.

The latest version is now version 10.0.45.2. Visit here to check your version.

Also, remember that you will have to install the upgrade seperately for each browser you use so if you're like me well, Internet Explorer, Firefox, Opera and Chrome all need patching!

Posted by Matthew Carrick at 4:40.12 AM EST | Permanent Link
Edited on: Thursday, October 28, 2010 11:59.36 PM EDT

| Categories: Adobe, Best Practices, Security Alerts

Thursday, February 11, 2010

If you can read this . . .

. . . then your Windows machine hasn't had a BSoD lately I'll guess. It appears one of the updates from Bill has caused mischief

If you have not updated recently you may wish to do a custom update after deselecting KB977165. If you have downloaded the updates but not installed them, again, you may wish to do a custom update after deselecting KB977165. If you have installed it and everything is fine but you are still wary and want it gone then simply go to the Control Panel - Add or Remove Programs (ensure Show updates is checked) - click the Remove button for KB977165.

Best practice is to download but not install for a couple of days. If there is a problem let the rest of the Interpipe sort it out, eh?

Krebs on Security has a (probable) fix here.

Posted by Matthew Carrick at 11:16.12 AM EST | Permanent Link

| Categories: Best Practices

Monday, January 18, 2010

Government warnings about IE

When goverments warn about the dangers of using Internet Explorer you can be sure it's time to seek out a alternative application - a safer surfer.

There is, in no particular order, Firefox, Opera and Chrome as well as other browsers.

Do yourself and others a favour by not using Internet Explorer. It's a security hole.

Why, it's like the Adobe Reader of browsers ;)

Go here for links to two of the afore mentioned browsers or you can search for other browser options.

Posted by Matthew Carrick at 11:53.41 PM EST | Permanent Link

| Categories: Alternative Apps, Best Practices

Friday, November 06, 2009

Firefox Update

Y'all better check yer Firefox to see that you are running version 3.5.5 - if you aren't then run a manual upgrade (Help - Check for Upgrades). You might also set Firefox to automagically download and install upgrades:

Firefox Options for Updating

Posted by Matthew Carrick at 5:03.54 AM EST | Permanent Link

| Categories: Best Practices, Mozilla Firefox, Security Alerts

Sunday, October 18, 2009

Facebook Hacking

A new applications on Facebook, "City Fire Department," has been compromised by hackers. The application had been modified to deliver an iframe which can bring content from one Web site to another. This iframe tries to exploit vulnerabilities to download a fake antivirus program called Antivirus Pro 2010.

A few of the other hacked or bogus applications are:

  • MyGirlySpace
  • Ferrarifone
  • Mashpro
  • Mynameis
  • Pass-it-on
  • Fillinthe
  • Aquariumlif

Ok, here is the deal - When you find a wonderful new application on Facebook do a quick search on Google or bing to determine if anyone has had any problem with it. You can also wait, yes wait, for a day or two until enough newbies have started using it to provoke any disasters - if all is well after this then you might . . . might try it. Just make sure your Facebook preferences are locked down for maximum security. Or just don't use any of these silly applications until Facebook gets a grip and uses some mechanism to confirm these applications aren't a giant security hole!

Posted by Matthew Carrick at 11:40.55 AM EDT | Permanent Link

| Categories: Best Practices, Security Alerts, Viruses-Trojans-Worms

Firefox Plugs Microsoft Security Hole

If you use Firefox (and you should, imho) you have probably already seen a pop-up alert informing you that it is blocking Microsoft`s .NET Framework Assistant and Windows Presentation Foundation add-ons that were stealthily installed by Microsoft earlier this year.

This hole was supposed to have been fixed earlier by having users edit the Windows registry - but this idea stunk because editing the registry is potentially dangerous. Microsoft later released a simple point and click removal tool - except this left behind the Windows Presentation Foundation plug-in which is what was just killed by Mozilla.

So, the confusion up to now has been addressed by both Mozilla and Microsoft to remove both nasty bits. Whew!