Archive for the ‘You are the last mile’ Category


Firefox 3.6 Offers Built in Plugin Detection and Updating

January 24, 2010

Spread Firefox Affiliate ButtonFrom Mozilla is mo-better dept: Of the many incremental improvements that v3.6 offers over v3.5, my favorite is the built in plugin detection that works on a per page basis.

Considering that out-of-date, easily exploited plugins are one way to lose control of your computer (and the valuable information that you store on it), this is a nice touch, and an easy way to keep everything important up to date.

For minimalists and control freaks like me, there’s an even easier way that’s been available for a while now: run Mozilla’s online Plugin Check service as your start page – that way you know which of your plugins are enabled and their status before you venture out into the big bad web.  And it even works with older versions of Firefox in case you’re not able to upgrade.


Upside to Google’s Adventures in China?

January 20, 2010

Automagic SSL for Gmail?From the silver-lining dept and Slashdot: Here’s one possible outcome of Google’s recent spate of problems with the Chinese government: They’ve now decided to make HTTPS the default transport option for their Gmail service.

While this move didn’t get as much attention as all the other “big issue” stories, it is a minor victory of sorts for NGOs and activists whose activities might attract the attention of the Chinese government.  By making secure transmission the default, non-tech-savvy users no longer have to go through this to protect their communications.


Neither "God" Nor "Password" Shall Ye Use: Most Common Hotmail Passwords Revealed

October 8, 2009

From Wired and the dept-of-deja-vu-dept: A researcher who examined 10,000 Hotmail, MSN and passwords that were recently exposed online has published an analysis of the list and found that “123456? was the most commonly used password, appearing 64 times.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.

That’s right, only 6% used mixed alpha-numerics, and this isn’t the first time that it’s been documented just how dunderheaded some people can be when it comes to doing the Right Thing™.

Great Zeus on high, how hard can it be to come up with a decent password? Not too hard, I dare say…


Keystroke Loggers Are Back – This Time in Real Time

August 24, 2009

From Slashdot, the New York Times and the what’s-olde-is-new-dept: The NY Times has a story… on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. Real-time keyloggers were first discovered in the wild last year, but the …Times article should bring new attention to the threat.

So now that the Bad Guys™ are hoovering up your validation credentials in real-time (not “real” real-time, but faster than before), they’ve managed to break one particular implementation of a Two-Factor Authentication scheme.

Not bad, but the real threat is quite a bit less esoteric: continuous reporting of keystrokes gives miscreants a larger window of time to operate in.  The dangers presented by keystroke loggers could be largely mitigated by using some not-so-common sense: Keeping your computer clean and healthy and maybe even switching to a minority · operating system (while keeping your newly developed good habits) means that you’ve just eliminated a large majority of your security threats.

So you think getting people to “do the right thing” by their computers and data is impossible?  It wasn’t too long ago that people weren’t washing their hands before eating or preparing food, nor were they covering their mouths when they sneezed.

Good computer hygiene practices can be learned.  And understood.


From April Fools to April's Close: Conficker's History in 150 Words or Less

April 30, 2009

From the that’s-quite-a-joke-you-got-there-dept: 60 Minutes said that “The Internet is infected“.  Meanwhile, Conficker was getting quite a bit of press in other venues too.  Towards the end of May, Univision interviewed me about the danger it represented.  Many [Windows] computer users waited for the impending doom and then…

nothing happened. And many had a good laugh.

Except that something important did happen, and quietly too: Conficker began calling home and morphing into something else.  And an interesting homemade diagnostic eyechart was published.  And discussed.

The important thing to remember is that people were warned and had ample opportunity to mitigate their risk – As far back as January 2009, 1 in 3 Windows PCs were still vulnerable to Conficker, a full 80 days after a patch was published by Microsoft.  That means the patch was issued in October of 2008.

Talk about a slow motion train wreck that could have easily been avoided.

Of course, if you’re running Linux or OS X, you probably snickered, felt superior and/or laughed up your sleeve, because you ducked this one.  This time.


Out of the Office: Simple Electronic Security and Practical Data Protection Workshops

February 3, 2009

Knowledge is powerFrom the what-you-don’t-know-can-hurt-you department: I’ve recently returned from presenting my third successful “Simple Electronic Security and Practical Data Protection (SES & PDP) workshop in as many months: two abroad, and one here in Washington D.C.

Truly effective privacy protection and security strategies require more than “silver bullet” software, they require an understanding of the ecosystem in which they’re deployed and implemented.

That’s where these workshops come in: by helping you to understand how the different parts of the privacy and security food chain interact, you’re more likely to protect what’s valuable to you, in addition to feeling empowered and in control of your digital life.

Knowledge is power, and I love sharing it.  Drop me a line here for more information.

2009.03.16: I’ve just conducted two more workshops in the last month and have now decided to offer them as a short, free introductory seminar, and as a paid, hands-on workshop.   Go here to see how I can help you and your organization protect yourselves.


Most PCs Run Outdated, Exploitable Software

December 11, 2008

From Hardly anyone runs a PC without known holes that hackers can exploit, a Danish security company reports. Of those who run the company’s free security-scanning tool, nearly half have more than 11 out-of-date programs.

Secunia Software’s Personal Software Inspector (PSI) checks programs installed on a user’s computer to see if the latest, patched version is installed. More than 98 percent of users had at least one program that wasn’t the latest version, the company found in a study of 20,000 users of its software.

Notice that the headline says “Most PCs...” I’ve always been a software minimalist and an advocate of preventative security.  You know, the smug “an ounce of prevention is worth a pound of cure” kind of guy.  That’s why I depend upon a pair of hardened Linux boxes for about 75% of my work on the VaultletSuite 2 Go, and on my OS X PowerBook for another 15% of my daily information gathering routine. For those of you out there keeping stats, that only leaves about 10% of my day for compatibility testing on other operating systems.

Even though I only use Windows XP and Vista exclusively in virtual machines (hosted on Linux) to test the VaultletSuite 2 Go, I’m still quite serious about keeping those disposable virtual installations squeaky clean.  After all, life is short, and my clients expect my software to work everywhere; they also count on me to have an informed opinion as to how to keep them and their Windows PCs safe and secure.

So I decided to take the challenge and see just how up-to-date my two minimalist virtual Windows installations were.  Good news: I scored 100% up to date on my Vista installation, and only had 1 out of date vulnerable component installed on my XP partition: the Flash ActiveX plugin for Internet Explorer.

Now, I ask you: if I am fastidious (bordering upon obsessive) about never using Internet Explorer for anything other than viewing VaultletSoft’s web pages and testing VaultletSuite applets, does that unpatched vulnerability really count?  In practical terms, no.  But just the same, I promptly enabled ActiveX, updated the Flash plugin, and then re-disabled ActiveX in Internet Explorer.  Upon finishing that 3 minute task, I re-ran the PSI and received my expected 100% up to date gold star.

That’s squeaky clean.

And another free, easy to use tool to help you keep your computing house in order too.


Get every new post delivered to your Inbox.