"For users, continue to be extremely careful with information you share. Even big companies like Amazon can’t keep it safe."Good advice for anyone would be to do a "security checkup" on all of your online accounts. Perhaps now is a good time to use that two-factor authentication that's available on most sites. And don't forget, Safer Internet Day is February 9, 2016!
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
January 27, 2016
Is there any #security online?
The horror stories just seem to keep coming: large companies getting their customer data hacked; tax refunds hijacked; credit cards compromised. This article tells an interesting story about one person's experience with a well known online retailer and their customer service.
December 17, 2015
Are Credit Cards with a Chip Safer?
The new chip card readers are starting to show up in retails stores now. The assumption is that the credit card users are being better protected. But, how true is that?
July 02, 2014
Microsoft Backpedals
In the aftermath of the NSA scandal, several large IT companies are trying to minimize the consumer backlash, so it seems. In this article about Microsoft's latest attempts to tighten security, they ramp up encryption of popular services.
As quoted from this blog: "Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day." Signs of Microsoft addressing customer issues, perhaps?
Even back in December, 2013 Microsoft began the damage control on the official TechNet blog - "Many of our customers have serious concerns about government surveillance of the Internet. We share their concerns."
Is this Microsoft "doing the right thing" or damage control?
Helps if I could spell "backpedals" correctly too!
As quoted from this blog: "Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day." Signs of Microsoft addressing customer issues, perhaps?
Even back in December, 2013 Microsoft began the damage control on the official TechNet blog - "Many of our customers have serious concerns about government surveillance of the Internet. We share their concerns."
Is this Microsoft "doing the right thing" or damage control?
Helps if I could spell "backpedals" correctly too!
February 19, 2014
Malware, Local File Insertion and PHP
Getting back into some web development once again. I've been playing around with some simple CMS applications for blogging, etc. On one new site, I installed Pixie, which seems to be a nice solution (plus I just like trying out things that are of British origin).
On the new micro server, I installed tinyCMS to try it out. Getting it setup and working properly can be a topic of another post, but I was doing a little research on the security of the application. Seems it does have some documented vulnerabilities, along with WordPress and the TinyMCE editor.
In the course of looking at this, I came across this post that suggested some things to help make the PHP more secure. Specifically by disabling these functions in the php.ini:
disable_functions = create_function,gzinflate,eval,base64_decode
Good reading and never hurts to a least try to keep the sites a little more secure.
On the new micro server, I installed tinyCMS to try it out. Getting it setup and working properly can be a topic of another post, but I was doing a little research on the security of the application. Seems it does have some documented vulnerabilities, along with WordPress and the TinyMCE editor.
In the course of looking at this, I came across this post that suggested some things to help make the PHP more secure. Specifically by disabling these functions in the php.ini:
disable_functions = create_function,gzinflate,eval,base64_decode
Good reading and never hurts to a least try to keep the sites a little more secure.
January 27, 2014
Logwatch and fail2ban
Things are running along pretty smoothly on the Ubuntu server over on Amazon AWS. Doing some research on server admin and security, saw a post on installing Logwatch to more easily scan the logs daily. Of course, no surprise to see lots of attempts at compromising the server.
Decided to do something about it and found this article (geared more to Debian Wheezy, but still applies to Ubuntu): Install and Config Fail2Ban
I particularly liked the information about apache-badbots and apache-myadmin, both of which would help block a lot of the traffic seen in the logs.
Also saw lots of entries in the logs with w00tw00t.at.blackhats.romanian.anti-sec:)
So looked up a post on this blog that discusses using fail2ban specifically to block it.
Fun stuff!
Decided to do something about it and found this article (geared more to Debian Wheezy, but still applies to Ubuntu): Install and Config Fail2Ban
I particularly liked the information about apache-badbots and apache-myadmin, both of which would help block a lot of the traffic seen in the logs.
Also saw lots of entries in the logs with w00tw00t.at.blackhats.romanian.anti-sec:)
So looked up a post on this blog that discusses using fail2ban specifically to block it.
Fun stuff!
April 04, 2007
Happiness is having a browser that doesn't suck
Oh, it's been a long and unhappy story, these browser wars. Everyone knows that Internet Explorer has lots of serious problems. Here's a collection of happy stories about people that have switched to a better way to browse the Internet: Browse Happy
Oh, it's been a long and unhappy story, these browser wars. Everyone knows that Internet Explorer has lots of serious problems. Here's a collection of happy stories about people that have switched to a better way to browse the Internet: Browse Happy
February 08, 2007
Secure QuickTime for Windows?
As announced on this blog by Secunia, if you download QuickTime for Windows, you don't get the most secure version: http://secunia.com/blog/7/
However, there is a procedure for getting the security update on a Windows machine, it's just a little more complicated: http://docs.info.apple.com/article.html?artnum=304989
Of course, if you're using a Mac, you get the patched and secure version. Plus, the OS X Software Update would have also updated your QuickTime automatically (if you have it set to do so).
As announced on this blog by Secunia, if you download QuickTime for Windows, you don't get the most secure version: http://secunia.com/blog/7/
However, there is a procedure for getting the security update on a Windows machine, it's just a little more complicated: http://docs.info.apple.com/article.html?artnum=304989
Of course, if you're using a Mac, you get the patched and secure version. Plus, the OS X Software Update would have also updated your QuickTime automatically (if you have it set to do so).
January 05, 2007
Beware that Spyware Remover
Add to the list of "rogue" spyware remover programs: SpyWare Wizard
While visiting my parents over Christmas, I was told the story about how their Internet Explorer home page had been hijacked by a pr0n page (nothing new there, old trick). The new twist was that a popup window would encourage the user to buy "SpyWare Wizard" to remove the problem, which my parents did. Long story short and $49 later, their computer is infested with malware/spyware and Windows got completely corrupted. *sigh*
After spending an afternoon reinstalling Windows, I think their computer is back to normal (maybe).
Add to the list of "rogue" spyware remover programs: SpyWare Wizard
While visiting my parents over Christmas, I was told the story about how their Internet Explorer home page had been hijacked by a pr0n page (nothing new there, old trick). The new twist was that a popup window would encourage the user to buy "SpyWare Wizard" to remove the problem, which my parents did. Long story short and $49 later, their computer is infested with malware/spyware and Windows got completely corrupted. *sigh*
After spending an afternoon reinstalling Windows, I think their computer is back to normal (maybe).
Subscribe to:
Posts (Atom)