Posts tagged security
Hey, check out this cool new movie … oh, that’s no movie its an Advertisement for an ESET Smart Security 5, which includes ESET Nod32 Antivirus.
Contrary to what many people think, McAfee and Norton do not provide the best antivirus (AV) protection for your computer.
Also, if you don’t have the bucks for an Antivirus and you are looking for a temporary alternative (because you DO want to have paid AV, right?) look into Microsoft Security Essentials.
OTHER AV VIDEOS
Compare the competition (ok, this really isn’t the way to compare, right? still its good for a laugh):
Got better YouTube links for Norton or McAfee?
Originally posted from one of my other blogs, George’s Wonder Blog on August, 5, 2008 – and little has really changed in that Facebook is not for the faint of heart. You need to be careful.
MySpace, Facebook, and Twitter attacked by social engineering – fake flash downloads
I’ve recently read about ‘Web worm’ attacks aimed at Facebook and MySpace; and just today I read about social engineering attacks (ploys, tricks) against Twitter. ZDNet’s Ryan Naraine posted Adobe: Beware of fake Flash downloads just today, and Adobe’s David Lenoe posted Verifying Installers on Adobe’s Product Security Incident Response Team blog yesterday. Here’s the skinny from Adobe’s blog, color & formatting added by myself for emphasis:
If you search the terms “top social media networks” your likely to get lots of lists of the top 10 social networks, and Facebook is almost always going to be in the first five. Even so, Facebook is not without its list of detractors and dissatisfied customers waiting for Facebook to “get it right”. They change things around on a pretty regular basis, even a Dec. 6, 2010 ABC News video is touts “Facebook Facelift: Rolling Out Another Makeover”. Online tech sites like ZDNet have guides on locking down your Facebook account!
Well, to be honest I can’t hack your Wi-Fi, but a Minnesota man was jailed for 18 years for hacking his neighbor’s Wi-Fi and “impersonating” him online. The ARS Technica article WiFi-hacking neighbor from hell gets 18 years in prison reports that the 46 year old computer technician downloaded WiFi hacking software and cracked his neighbor’s WEP encrypted password.
This blogspot post about WEP vs WPA vs WPA2 shows at the top how long it takes to break a password using BRUTE FORCE [WIKIPEDIA: brute force password attack] against WEP, WPA and WAP2 encryption. The long and short of the article is that if you have a choice between the 3, you should choose WPA2 for the best security.
LastPass (www.lastpass.com) announced via Twitter (LastPass Twitter feed) that their servers are overloaded, so you may have trouble logging in to the service, and their Security Notification (read Security Notification) tells you how to access your passwords in the mean time.
For now here are what I feel are the most important parts of their Security Notification – how to stay safe while they are working and access your logins:
1. OVERLOADED – DON’T CHANGE PASSWORDS YET
We’re overloaded handling support and the sheer load of password changes is slowing us down. We’ve implemented a way for you to verify your email and then not be immediately forced to change your password for that IP, access from any other IP would bring you back to email verification. You can now wait a few days if you know you’ll be on the same IP without loss of security, and due to this overloading we think that’s prudent to wait.
We’re asking if you’re not being asked to change your password then hold off — we’re protecting everyone.
2. ACCESS YOUR LOGINS NOW – OFFLINE
You can access your data via LastPass in offline mode (pull the cable out of the wall then login) or by downloading LastPass Pocket : https://lastpass.com/misc_download.php (choose your OS)
A note about the LastPass Pocket link, you may have to click the “full list of downloads for your platform” link to download LastPass Pocket.
Gmail has beefed up account security a little recently, possibly in part due to the recent China hacking and phishing attacks and intrusions. Now, detecting suspicious account activity has gotten a little simpler.
You may remember Gmail’s 2008 Remote Sign Out and Info post where they announced the then new remote sign out and info feature which allowed you to see from what IP, and at what time your past several logins occurred in your Gmail account. You can access the Activity on This Account info window when logged into Gmail by scrolling to the bottom and clicking the Details link you can see in the screenshot below.
Now, if Gmail notices logins from different locations and figures you aren’t likely to have accessed your account from those locations, you will see a notice when you login next.
For example, you aren’t likely to be able to access your account from Canada and Mexico within 15 minutes of one another.
Now, if it looks like something unusual is going on with your account, we’ll also alert you by posting a warning message saying, “Warning: We believe your account was last accessed from…” along with the geographic region that we can best associate with the access.
- Google’s Pavni Diwanji, Engineering Director
The Activity on This Account info window has been changed to reflect new information now available to you as a result of this latest security change. Here’s what it looks like now.
Now you can more easily detect if your account has been accessed without your permission or knowledge more easily. If you think your account has been compromised you should change your password, and it won’t hurt to check your Google Account settings to make sure that your secondary email address has not been changed – or in the case you don’t have one making sure that one has not been added. I’d guess that in the future it will only get easier to determine if someone has been tampering with your Gmail account.
Today, 3/22/2010, Google stopped censoring Chinese search results as a result of continued hacking/phishing attacks and intrusions against Google and other companies as also noted in their earlier post from January, 2010 – A New Approach to China.
The search engine & web applications giant has redirected visits at Google.cn (Google China) to Google.hk (Google Hong Kong). Google has tried it the Chinese government’s way, now they are taking their new approach. Google says:
So earlier today we stopped censoring our search services—Google Search, Google News, and Google Images—on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong.
- A new approach to China: an update (Google Blog)
Concerning the increased traffic at Google Hong Kong, Google says:
Due to the increased load on our Hong Kong servers and the complicated nature of these changes, users may see some slowdown in service or find some products temporarily inaccessible as we switch everything over.
- A new approach to China: an update (Google Blog)
The Gmail blog today posted another security-related article as part of National Cyber Security Awareness Month. Of the 5 security tips in their Gmail account security tips the only one that causes me any pause is tip 3, Enable “Always use HTTPS.” Any of my friends would tell you that I’m a “Google Freak” and this blog will backs that up pretty well.
Here’s my issue with the Enable “Always use HTTPS” feature, just take a trip to Gmail Help’s “Enabling the HTTPS setting” and read the yellow warning box at top. Call me spoiled, but I don’t want any problems with Gmail Notifier (patch available here), Gmail for Mobile application (if you have a new enough version a workaround is posted here, at the cost of speed), or my Google Toolbar (a minor issue you can read about here).
With that one exception I heartily recommend the security tips, and in case you missed the link, you should read Gmail account security tips for all 5 tips!
MORE GMAIL RESOURCES