I wrote about Firesheep awhile back. Predictably, a countermeasure has appeared called Blacksheep.
If you’re concerned about using open Wi-Fi networks because of Firesheep, the highly popular new hacking tool, you should check out BlackSheep, a Firefox add-on that makes surfing on open networks safe once again.
Here are a list of articles about password security that resulted from some recent research I was conducting.
The Firesheep Firefox plugin makes it easy to hijack someone’s social network connections. For example, Facebook authenticates the client using cookies. If someone logs on using a public WiFi connection, the cookies are sniffable. Firesheep uses Wincap to capture the authentication information which allows you to hijack the connection.
Protect yourself by forcing the authentication through TLS or stop logging into Facebook using public networks.
According to the 2010/2011 Kroll Annual Global Fraud Report, many companies do not recognise the risks associated with bribery.
“Companies are unprepared for regulation: Increased regulation through the Foreign Corrupt Practices Act (FCPA) and the introduction of the UK’s new Bribery Act has created new challenges for companies. According to the survey, nearly two-thirds (63%) of businesses with operations in the US or UK believe the laws do not apply to them or are unsure. As a result, many are unprepared to deal with the regulatory risks: less than one-half (47%) are confident that they have the controls in place to prevent bribery at all levels of the operation, compared with 42% who say they have assessed the risks and put in place the necessary monitoring and reporting procedures.”
Theft of information and electronic data at global companies has overtaken physical theft for the first time according to the latest edition of the 2010/2011 Kroll Annual Global Fraud Report .
Two articles on the Brand Killer Robots blog drew my attention. Not because the data offered anything new, but that Stephen Ryan was able to create a bot to clearly show that insiders, employees, and former employees are the most likely to launch cyber attacks.
Raps BOT : Predicts Insider Cyber Terrorism Threat HIGH
Raps Bot : Sniper Attack Methods – Number 1 Cyber Terrorism Threat
There are four common ways to transfer large files:
1. Middle-man approach
2. Direct file sharing
3. FTP
4. Multi user document repository
Most file transfer services use the middle-man approach. They require you to upload it first onto their server and then the recipient downloads it. Depending upon your security requirements, these may be very dangerous as you are uploading important data onto someone else’s server without understanding exactly how they treat my data. Furthermore, the server may not be secure from even the most inept hacker. These services usually limit file size to 2GB and they suffer from reliability problems due to dropped connections. Continue reading ‘Secure File Transfers’
This is part of a series of articles about using Web-based services to get through your work day no matter where you are working — in an office, on a back road in your car, or in an airport.
The current web infrastructure includes cloud computing which has started to change how we work and how we use the Internet.
IDC Research predicts that by 2013, 1.2 billion people (that’s about one-third of the existing global working population) will form the world’s mobile workforce.
You may have a smart phone or a Blackberry and many email addresses, but you still need one Web-accessible portal to manage your email. With a little patience and thought, you can make Google a safe haven for all your email even if you normally access it elsewhere.
We all know about Google as a search engine. We all know about Gmail. However, I am amazed at how many people fail to use Gmail, Google Calendar, Google Reader, and the other features available from a Google account.
Let’s start with creating a Google and Gmail account and look at what it can do for you. This is the best place to start becoming a Web-Worker. This may seem simplistic to some and rocket science to others. Continue reading ‘On Becoming a Web Worker — Gmail’
This Message Will Self-Destruct offers the ability to send an encrypted email-like message to another person either with or without a password. As a reassurance that your message is secure, it’s never stored with TMWSD. The optional password salts the encryption key for even more security.
Once you have entered your message and clicked on SAVE THIS MESSAGE, you will be given a URL to pass on to the recipient. When the intended recipient reads your message (with or without the password you may have given them) the encrypted message is deleted forever. If you lose the password your message is also lost!
Google introduced encrypted search which gives the user the option to use SSL (Secure Socket Layer) to prevent packet sniffing which in turn could reveal user’s searches on the site. The encrypted search service moved to https://encrypted.google.com.
Only Google web search is available over SSL. Other search products like Google Images and Google Maps are not currently available over SSL.
The U.S. Federal Trade Commission has begun contacting copy machine makers, resellers and office-supply stores about privacy concerns over the thousands of images that can potentially be stored on the machines’ hard drives…
Copy machines, a security risk?
Copiers are computers and they need to be purged of data before disposal.
Thou shalt not be afraid for the terror by night; nor for the arrow that flieth by day; Nor for the pestilence that walketh in darkness; nor for the destruction that wasteth at noonday. (Psa 91:6)
I don’t think they were talking about Communication Security (COMSEC) when they wrote that Psalm, but good COMSEC helps avoid terrors that come in the night.
Zfone appears to be the lowest cost solution for robust VOIP encryption that you control.
Calls made over Skype are encrypted by 256-bit long Skype encryption keys are a length that at least in theory, would take a literal eternity to crack. But you don’t have control over the encryption, Skype does.
To avoid an electronic trail, hard copy letters that are distributed via snail mail in a circular rotation might work– these are known as circular letters. Each letter is given a number, and each addenda that is added is given a letter. Subsequent letters can reference the content of earlier ones, for example, “as mentioned in Letter 2-A”, etc., etc..
This can be modified to include an emailed file that is encrypted and the message sending it digitally signed by each person. Using nearly anonymous email accounts accessed through TOR would make this very secure.
I guess we all now need to build a Faraday Room instead of a Safe Room or Bomb Shelter — EMP Attack Would Decimate America and The Great Storm: Solar Tempest of 1859 Revealed. Damn, I thought I was going to get a week-end off this year.
When a Windows PC, in its default configuration, is unable to find any wi-fi access point, it actively seeks one out. In doing this it broadcasts signals trying to connect with any network to which it has previously connected. It will cycle through all of the network identities (names) it has previously used. All of this is sent in the clear and can be captured by anyone with a simple wireless tool running in “sniffing mode” nearby. All of the network names it connected with are disclosed over a few minutes. Coupled with an online resource such as WiGLE, this information can be used to establish a profile of the PC owner – where he lives, works, eats, drinks coffee, his gym, his favorite no-tell motel, and more. Any network that PC has connected to using wi-fi is an open book.