« RSS Applications | Main | Software Tools »

Saturday, April 12, 2014

Heartbleed woes

The Heartbleed programming bug has been (mostly) patched as of 07 April 2014. Now that the server end of the problem has been fixed it is up to you (the client) to examine the possibility that a number of sites may have exposed your passwords to evil doers.

A reasonably comprehensive list compiled by Mashable may be found here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. Check the list and change your passwords if required.

You may also want to take the time to change those passwords that you a) have not changed for over six months b) are duplicates of other sites since it is a very bad idea to use the same password on different sites c) are very weak (password1234 . . . hahahahahaha) or d) is composed of words or phrases found in dictionaries or books.

Posted by Matthew Carrick at 12:42.29 PM EDT | Permanent Link
Edited on: Saturday, April 12, 2014 1:16.37 PM EDT
Comment by Doug - Sunday 18th January 2015 03:43:44 PM

Hello Sir,

Did you get my email from yesterday?

Thanks

| Categories: Best Practices, Open Source, Privacy Issues, Security Alerts

Tuesday, March 04, 2014

Cellophane tape is your friend

When not using your webcam unplug it from your computer. You can also slap a small square of cellophane tape over the camera lense on your laptop. Use a physical cover to mask your smartphones camera lense.

Having the GCHQ spy on you is one thing, but ewwww.

Thursday, September 19, 2013

Internet Explorer Zero-day Exploit

Microsoft has released a "Fix-it" for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Posted by Matthew Carrick at 10:42.01 AM EDT | Permanent Link
Comment by Matthew - Thursday 19th September 2013 11:49:43 AM

NOTE: This fix is only for 32-bit Internet Exploder.

| Categories: Best Practices, Internet Explorer, Privacy Issues, Security Alerts

Thursday, September 05, 2013

Don't Believe Everything You Read

A good overview by Brian Krebs on why Java continues to be a serious security risk:

https://krebsonsecurity.com/2013/09/researchers-oracles-java-security-fails/ 

Posted by Matthew Carrick at 9:29.30 AM EDT | Permanent Link

| Categories: Java, Privacy Issues, Security Alerts

Saturday, May 11, 2013

Internet Explorer 8 Zero-day Exploit

Microsoft has released a "Fix-it" (because calling it a "patch" sounds icky?) for a zero-day flaw in its Internet Explorer 8 browser. This flaw is being addressed by Microsoft but until the next security updates are released this is your best bet to avoid being a victim.

Go here: http://support.microsoft.com/kb/2847140 and scroll down to the Fix-it ENABLE icon - click on this icon, download and then double-click the the .msi file to install.

Although no reboot or other actions need be taken after the Fix-it is installed you should also download the Fix-it DISABLE file (right beside the original icon) and save the file - it is possible that before the next security update Microsoft will stongly suggest you remove the original Fix-it and this DISABLE file will do that.

You could also simply bookmark the page and download the file when needed.

Whatever.

Thursday, March 21, 2013

1234

An anonymous individual has taken the time to run a limited test to see how many devices (routers, printers, PC's, laptops, etc.) connected to the Internet are still set with their default password. The answer? Too many! The Abstract is here. So, always always change the default username and password for every device you own. It should be a minimum of eight characters that includes upper case, lower case and symbols. Finally, no matter how nice it is to use your cats name or your middle name . . . don't! No username or password should be related to you in any way as this makes cracking them far easier.

Posted by Matthew Carrick at 10:34.40 AM EDT | Permanent Link
Edited on: Thursday, March 21, 2013 11:27.08 AM EDT

| Categories: Best Practices, Headlines, Security Alerts

Saturday, February 02, 2013

Twitter Hack and Java

The recent hack of Twitter appears to have been accomplished via some Java exploit. The insecure nature of Java is well known and unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows. If you do require Java you need to uninstall the Java plugin for browsers. Check out 'ole Krebs on Security for the details.

If you keep Java set it to auto-update once a day. Handy, dandy screencaps illustrating the simple process are here.

Wednesday, November 14, 2012

Windows Updates Available

It's time to run Windows Update (assuming you don't do it automagically) to take care of a bunch of security holes that could, of course, allow evil-doers to run evil-doer type exploits on your system. Remember to restart your computer when asked - not later. Later is too late. Later is unacceptable as you would still be vulnerable to the very problems the Windows Updates are meant to address!

Posted by Matthew Carrick at 5:28.16 PM EST | Permanent Link
Edited on: Wednesday, November 14, 2012 5:47.40 PM EST

| Categories: Best Practices, Security Alerts

Wednesday, September 19, 2012

Critical Internet Explorer Hole

Those still using Internet Explorer as their browser of choice are well advised to use an alternative such as Firefox, Chrome or Opera to avoid being a victim of the latest security problem. According to several sources a Microsoft FixIt patch will be issued ASAP to solve the issue - at that time you can apply the patch and go back to using Internet Exploder. An exhaustive exploration of the problem (and a partial fix) can be viewed at https://krebsonsecurity.com.

Posted by Matthew Carrick at 9:30.20 AM EDT | Permanent Link
Comment by Matthew - Wednesday 19th September 2012 08:44:13 PM

Damn, that was quick! Visit http://support.microsoft.com/kb/2757760 to apply the FixIt.
Comment by Byte me - Saturday 03rd November 2012 06:10:02 PM

I never met a hole I didn't think was critical.

| Categories: Alternative Apps, Best Practices, Google Chrome, Java, Mozilla Firefox, Opera, Security Alerts

Saturday, September 01, 2012

Critical Java Update

Poor Oracle has again released an update for Java that stops a zero-day attack that threatened all Operating Sytems. Users with exploitable versions of Java could have malware installed on their systems by merely browsing to a cracked or evil Web site.

Unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows.

If you need Java then make sure you set it to auto-update at least once a week (the default is once a month . . . as if . . . ) or, better yet, once a day. Click the Java icon in the Settings, click the update tab and finally the advanced button to make the change.

Handy, dandy screencaps illustrating the process are here.

Posted by Matthew Carrick at 8:44.20 AM EDT | Permanent Link
Comment by Matthew - Saturday 01st September 2012 09:50:58 AM

If you still require Java on your system you should disable its integration with any and all browsers you use regardless of your Operating System. Here is How to Unplug Java from the Browser
Comment by better than ketchup - Thursday 27th September 2012 09:02:08 PM

How 'bout I unplug Java from my life?

cheese burger
Comment by Matthew - Friday 28th September 2012 05:59:55 PM

Recent studies seem to confirm one or two cups of Java a day is beneficial. Good day, Sir.

| Categories: Java, Privacy Issues, Security Alerts

Sunday, July 08, 2012

Last Chance DNSChanger Hotel

Come Monday, July 9, 2012, thousands of both Mac and Windows PC users will find their machines will be unable to connect to the Internet. The FBI plans to shut down the Internet servers set up as a temporary safety net to keep infected computers online for the past eight months since a piece of Malware called DNSChanger has been making the rounds.

If you practice safe computing you are probably unaffected. If you use Internet Explorer, don't know what a Firewall is, regularly download pirated software, use Peer-to-peer software to exchange illegal files, rarely if ever update your Operating System files, etc. then . . . umm . . . good luck!

To check your system for the DNSChanger Malware go here: http://www.dns-ok.ca/

If you're tagged as a victim go here: http://www.publicsafety.gc.ca/prg/em/ccirc/2011/in11-002-eng.aspx and follow the suggested ideas to clean your system.

Posted by Matthew Carrick at 9:26.59 AM EDT | Permanent Link

| Categories: Malware, Privacy Issues, Security Alerts

Wednesday, June 13, 2012

Microsoft FixIt Released

Hot on the heels of the June 12th 'Patch Tuesday' Microsoft has released one of its FixIt tools. This addresses a flaw in Internet Explorer that could allow attackers to take control of users systems after they simply visit a specially authored Web page. These FixIt tools are released before official patches are available and help to protect users between each 'Patch Tuesday'.

Visit http://support.microsoft.com/kb/2719615 and click on the Icon entitled 'Enable'. If the Fixit causes some strange behavior in your system them navigate back to the page and click the Icon entitled 'Disable'.

Posted by Matthew Carrick at 9:59.34 AM EDT | Permanent Link

| Categories: Best Practices, Internet Explorer, Security Alerts

Wednesday, June 06, 2012

Linkedin Passwords Compromised

It seems a problem with Linkedin has caused a whole bunch of passwords to now reside in the hands of bad people. It is imperative that you sign in to your Linkedin account and change the password. That is all.

Posted by Matthew Carrick at 8:13.12 PM EDT | Permanent Link
Comment by Joe M Fellow - Thursday 27th September 2012 09:05:13 PM

The only thing I get from Linkdin is contact with a bunch of people I don't want to meet.
Comment by Matthew - Friday 28th September 2012 06:02:28 PM

Perhaps if your spelling was more accurate you would feel different. Your obedient servant, etc.
Comment by \" - Sunday 21st October 2012 04:38:44 PM

You mean, I would feel like meeting them? On Link-din?
Comment by Betty Wont - Friday 02nd November 2012 07:45:19 PM

Maybe upgrading the spelling will make him more amenable to meeting these Lincked-ihn geeks (read: habitu├ęs).
Comment by Ralph Bastard - Friday 02nd November 2012 07:52:18 PM

That's the thing about these sites: You spend a couple days on them,and suddenly you forget that your world of connections is only to other website diddlers like yourself and isn't worth a good goddamn to real service consumers. But, the interface is fun to play with and provides the impression that something is happening.. .

| Categories: Privacy Issues, Security Alerts

Friday, March 30, 2012

Adobe Flash Critical Update

Adobe has released yet another update that addresses several issues in its Flash software. If you watch cats falling from tables on YouTube then you use Flash. Most major browsers (Internet Explorer, Firefox, Chrome, Opera, etc.) are vulnerable.

On the plus side of this update is the introduction, for the first time and l-o-n-g overdue, of an auto-update feature.

According to some users the added Servicer (Adobe Flash Player Update Service) and associated Windows Scheduler is not exactly ready for prime time so be prepared. Manual updates or such programs as Secunia PSI may, at least for now, be the safer but more tediious way to update 'ole Flash.

To check which version of Flash currently resides on your system visit: http://www.adobe.com/products/flash/about/.

Updates are available from the Adobe Flash Player Download Center here: http://get.adobe.com/flashplayer/.

Posted by Matthew Carrick at 12:46.12 PM EDT | Permanent Link

| Categories: Adobe, Security Alerts

Thursday, September 08, 2011

You're all a bunch of thieving crooks.

A report from the Business Software Alliance (BSA) appears to show that most people have illegal or pirated software on their PC's. A Google news search gives you a good overview.

Tsk-tsk-tsk - you people should be ashamed.

Be aware that you will eventually be plagued with a piece of software containing a virus, spyware, malware, trojan or some other evil bit.

Try using open source software or look into searching for well written applications whose cost is rarely above $50.00 and generally provide years of free updates. Sweet.

Posted by Matthew Carrick at 2:24.16 PM EDT | Permanent Link
Comment by The Penguin - Saturday 26th November 2011 12:44:35 PM

Thieving crooks? Thieving crooks?! THIEVING CROOKS?!?!?!

| Categories: Adware/Spyware, Alternative Apps, Best Practices, Headlines, Openoffice.org, Open Source, Privacy Issues, Security Alerts, Viruses-Trojans-Worms

You're all a bunch of thieving crooks.

A report from the Business Software Alliance (BSA) appears to show that most people have illegal or pirated on their PC's. A Google news search gives you a good overview.

Tsk-tsk-tsk - you people should be ashamed.

Be aware that you will eventually be plagued with a piece of software containing a virus, spyware, malware, trojan or some...

Sunday, September 04, 2011

What's on Your PC?

Do you know what software is on your PC? A woman in Vancouver now knows. A software application meant to allow a PC to be tracked via its IP address was also taking pics via its built-in webcam. This at the same time she was ingaging in, ahem, risque conduct with a 'special friend' if-you-get-my-drift. The Mothercorps has the story here.

Posted by Matthew Carrick at 12:52.12 PM EDT | Permanent Link

| Categories: Best Practices, Privacy Issues, Security Alerts

What's on Your PC?

Do you know what software is on your PC? A woman in Vancouver now knows. A software application meant to allow a PC to be tracked via its IP address was also taking pics via its built-in webcam. This at the same time she was ingaging in, ahem, risque conduct with a 'special friend' if-you-get-my-drift. The Mothercorps has the story here.

Posted by at 12:52.12 PM EDT | Permanent Link

| Categories: Best Practices, Privacy Issues, Security Alerts

Wednesday, April 20, 2011

iPhone Tracker Revealed

A story from the Guardian reveals Apple keeps a file on the iPhone and iPad that contains the latitude and longitude of the phone's recorded positions coupled with a time stamp. When synchronised with the owners computer this file is copied over resulting in two copies. The file data can be accessed with mimimal effort by anyone with possession of the device(s). You can access this file with this handy application called IphoneTracker. The only saving grace is that the file is apparently not uploaded to Apple. Stay tuned for the fallout from this.

Posted by Matthew Carrick at 11:39.27 AM EDT | Permanent Link
Edited on: Wednesday, April 20, 2011 11:48.09 AM EDT
Comment by Matthew - Saturday 23rd April 2011 04:48:26 AM

Google's Android phones also track you but only for the last 50 locations or 100 locations when using WiFi. It is also more difficult to access the file as you would need to 'root' the phone first. Still, unencrypted files do not make for secure phones.

| Categories: All Things Mac, Physical Security, Privacy Issues, Security Alerts

Monday, January 31, 2011

Critical Windows Flaw Targets IE

A security flaw in Windows MHTML (MIME Encapsulation of Aggregate HTML) protocol handler that is used by Windows applications to render ceertain document types can allow evil-doers to take control of a users Internet Explorer sessions.

Bill has a fix here: http://support.microsoft.com/kb/2501696 . Click the icon located about halfway down the page under Enable To lock down MHTML and follow the instructions.

Thursday, December 23, 2010

IE Exploit for Xmas!

Microsoft's Internet Explorer is the target of a new zero day attack.
Best Practice? If you're using IE, stop.
If you must use IE then perhaps Sandbox it with Sandboxie.
Why not try Firefox (with the awesome No-Script Add-on) or Opera instead?
Safer, Better and hip . . . like the kids say.
Posted by Matthew Carrick at 10:26.44 PM EST | Permanent Link
Comment by Matthew - Wednesday 05th January 2011 08:29:54 PM

Bill has posted a 'Fix it' for this annoyance here: http://support.microsoft.com/kb/2490606

| Categories: Adware/Spyware, Best Practices, Internet Explorer, Mozilla Firefox, Opera, Privacy Issues, Security Alerts, Viruses-Trojans-Worms

Thursday, November 18, 2010

Adobe Software Patches

Adobe has released a critical update that patches at least two security holes in its PDF Reader and Acrobat software. Hopefully these patches will be the last before the new 'Sandboxed' version appears. The newest version is 9.4.1. - update to this version by clicking 'Help', then 'Check for Updates'.

Posted by Matthew Carrick at 10:58.09 AM EST | Permanent Link

| Categories: Adobe, Security Alerts

Monday, November 08, 2010

Firefox BlackSheep: Anti-Networking Sniffing Tool

Not too long ago a Firefox extension called Firesheep designed to (according to the writeup at Lifehacker.com) ". . . sniff out weak security and/or hijack web site credentials on open Wi-Fi networks." was released. While useful for legitimate tasks it also gave crackers a tool that could allow them obvious access to PC's at your local coffee shop.

Now BlackSheep, an anti-Firesheep tool has been released. It is designed to alert you whenever Firesheep is active on your local network.

If you frequent establishments where you use Wi-Fi you might consider using this Firefox extension. The download page is here: http://www.zscaler.com/blacksheep.html

You should also look into grabbing the HTTPS Everywhere Firefox extension which encrypts your entire session not just the login portion.

Friday, October 29, 2010

Adobe Flash, Reader and Acrobat Security Advisory

Adobe products are again opening up exploitable holes in Operating Systems of all types.
The news is here: http://www.adobe.com/support/security/advisories/apsa10-05.html

Instead of Adobe Reader try the alternative application, FoxitReader.
Posted by Matthew Carrick at 12:29.04 AM EDT | Permanent Link

| Categories: Adobe, Alternative Apps, Security Alerts

Monday, October 18, 2010

Facebook coughing up UID's

The online platform for farming, organized crime and poker . . . known in these here parts as Facebook, again finds itself on the wrong end of user privacy. It appears certain online apps (Farmville, etc) have been providing info that could allow evil-doers to reveal names, phone numbers, email addresses, photos and other personal bits.

I use Facebook but never play any games and check the privacy settings religiously to try and stay ahead of the inevitable security breach.

An excellent write up is here: http://mashable.com/2010/10/18/facebook-apps-leak-user-info/

Posted by Matthew Carrick at 9:21.41 PM EDT | Permanent Link

| Categories: Online Apps, Privacy Issues, Security Alerts

Java Security Hole

Microsoft's Malware Protection Center Blog is reporting a huge surge in Java exploits. From the end of 2009 until now the number of exploits has gone from roughly 100,000 to 6,000,000!

So, if you have Java on your machine (Mac, Linux or Windows) then make damn sure it's patched.*

Remember, the default patching schedule only checks the Mothership for updates on the 14th of every month and this is way too long to wait. Change it to daily. Have it occur immediately after you back up your data.

If you use Windows you should install as a service Secunia PSI which will automagically check for a wide range of patches.

*If possible, remove Java if it is not required by another application. Java is, for most users, in the background and you may never know it's running unless you have seen the splash screen. If you remove Java and some application breaks it will probably very politely suggest you need to install Java. In this case, well, you need Java so simply make sure it's patched as you do any other application.

Posted by Matthew Carrick at 8:59.32 PM EDT | Permanent Link
Edited on: Saturday, September 01, 2012 9:27.01 AM EDT

| Categories: Java, Security Alerts

Monday, July 05, 2010

Critical Microsoft Fixit

Bill has announced that an unpatched critical security hole in Windows XP operating systems is a genuine threat. A temporary patch using Microsoft Fix it is available here - after the .msi file downloads double-click it and the install is self-explanatory. Users who apply this patch will not need to uninstall it before applying the official patch when it becomes available towards the middle of July.

Thursday, May 06, 2010

Critical Opera flaw - patch NOW!

If you use Opera and do not automagically update your installation you a) should ;) and b) need to manually update NOW to fix a gigantic security hole. After the update you better be running version 10.53 to be safe.

Safe!  

Check for Updates  

Checking for Updates  

You are using the latest version  

Posted by Matthew Carrick at 11:42.47 AM EDT | Permanent Link
Edited on: Saturday, May 22, 2010 8:01.07 PM EDT

| Categories: Alternative Apps, Opera, Security Alerts

WiFi network finder - now with password cracker!

If you use a router and are still using WEP encryption then please read this.

I'll wait.

Ok.

Connect to your router and ensure you are using WPA or better yet, WPA2.

Monday, April 26, 2010

Palm Pre Security Hole

The recent Palm Pre OS has been found to have a major, glaring security gap because, since the browser is embedded into the OS, it's naturally vulnerable to various exploits (Javascript being the obvious one) making it a large target for evil-doers. A fix better come sooner rather than later to save the brand for the forseeable future. What were they thinking?

Posted by Matthew Carrick at 11:29.02 PM EDT | Permanent Link

| Categories: Mobile, Online Apps, Privacy Issues, Security Alerts