George Ou has a good post on Banks cheating their way to meet web security guidelines. Many of the observations that he notes come from the Between the Lines column here and are SPOT ON. The biggest I see is related to “multifactor authentication”….
Category: Computers
-
Security Tip a day for August
SANS has an answer to last months browser vulnerability a day blog… for August they’ll present a security tip a day. So, if you haven’t visited the handlers diary, this may be a good time to “tune in”. The first one has to do with strong passwords (I think they decided they may as well get that out of the way up front….)
-
Another McAfee security product flaw
Sans has info on a security flaw affect several McAfee security products. It could allow remote code execution. The 2007 versions of the products are not affected and a patch is expected soon. For your information, here are the affected products: McAfee Internet Security Suite 2006, McAfee Wireless Home Network Security, McAfee Personal Firewall Plus, McAfee VirusScan, McAfee Privacy Service, McAfee SpamKiller, McAfee AntiSpyware.
You may note that antivirus software is increasingly being scrutinized as a means to remotely exploit systems. Be watching for the patch to come from McAfee.
-
WordPress 2.0.4 Update
It has been a few days now, but I noticed that WordPress 2.0.4 has now been released and is highly recommended due to the fixing of a few security issues. They also list a number of bugfixes as well. So, if you’re running a site based on wordpress it’s time to update. It’s really a fairly painless process. I do recall upgrading ONE site to 2.0.3 and it was quite painFUL…. things went quite wrong and I had to restore the database from a backup. BUT… I’ve now upgraded 5 or so installs to 2.0.4 without a hitch. (One was a 2.0.3 install and the others were (I believe) 2.0.2).
-
Fun way to mess with wireless freeloaders….
Some people spend a lot of time finding ways to block the freeloaders from their wireless internet. Others find fun ways to mess with them…. They start off by settup up dhcpd.conf to carve out two subnets a “good” one with known mac addresses and an untrusted…. then the fun begins with some proxy side image manipulation. Either upside down images, blurry images, etc. I wonder why you don’t just take it a step further…. block images entirely and replace with a jpg of your choice. IF you have a very BUSY accesspoint with freeloaders – maybe you could even sell an ad…. or do a captive portal for the untrusted crowd that redirects through a page that says…. “Uploading personal data…. Please wait…. Credit Card info transfered…. browsing history transfered….. email history transfered…. My Documents in progress…” Of course, it would be actually doing this…
-
Mandriva 2007 beta 1 is out
Here is a link to the info page. It sounds as though there are several images available. Mandriva 2007 Beta 1 has Gnome and KDE centric 586 and x86_64 versions of cd images for download as well as an all in one (well – both architectures in one) DVD and cd set (6 disc cd set). They’re interested in people testing it out and reporting bugs. Not all new features are enabled and it is BETA so use it at your own risk.
-
Bleeding Snort caution
For those of you that aren’t aware…. Bleeding Snort is a collection of “bleeding edge” snort signatures. Snort is an intrusion detection framework. This note is by way of SARC that the bleedingsnort.org domain is now no longer under their control. bleedingsnort.com is and continues to be their official domain. Unfortunately it appears as though the .org address may now be used as a host for malware. (It’s at least currently serving up ads to leech off the mistaken traffic.) SOOOO…. bottom line – bleedingsnort.com is the official site for the Bleeding Edge Snort project. More details here.
-
Fun with Voice Recognition
Lately, I’ve tried to make use of my phone’s voice command system for calls. I’ve had a couple long drives and used a headset and tried to do something that works better without the headset…. “Name Dial”…. “please say the number” (sigh…) “1234567” “did you say 3225467?” “NO” “did you say 3225468?” “NO!” 5 miles later….. for the 5th time…. “Name dial”…. “please say the name” (finally…) It reminded me quite well of using what was a demonstration program from Microsoft that would type as you dictate. Ah, fabulous, science fiction meets reality. I tested and, it was, PAINFUL to use. “Now is the time…. no delete word no…. don’t type that.. no you stupid. NO stop. delete… not oh….” Well, it’s reassuring to see that Microsoft has problems with using Voice Dictation too. The video is hosted at Google videos and is a “demonstration” of voice recognition technology.
-
Google news – infinite storage????
Well after a bit of a roundup of some of the security news items the last week, it’s time to sum up the Google front…. Googling Google tells us that Infinite storage is on the horizon…. they cite a translator that has done work for google. He has been asked to translate “The result?… from today we are starting our infinite storage plan” Now, they surmise that this could be related to the “platypus” project which has been known as gdrive which appears to be an online file synchronization/backup solution. It could be and would certainly be interesting. However, it could be a gmail upgrade for that matter.
-
Firefox 1.5.0.5 out and be cautious with extensions…
Well, let’s start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool – look for reviews and third party information before installing it. That much said…. never install an extension that comes attached as an unexpected email…. Apparently, just that has been happening a password stealing trojan has been showing up as an email attachment that appears to be a firefox extension. OK – quick review – what’s the weakest link in computer security (grab mirror and look….) Now… Mozilla has also released some security updates for Firefox….