Ed The Dev .com » Security

Security policy seen as an economic decision

Edward Delaporte — Thu, 22 Jul 2010 15:08:43 +0000

Courtesy of some research papers that Bruce Schneier found.

Facebook laughs at Privacy

Edward Delaporte — Tue, 08 Jun 2010 00:02:09 +0000

The Onion has published a great article about Facebook privacy. I laughed pretty hard when I read it.

LifeLock owner’s identity stolen 13 times

Edward Delaporte — Sun, 06 Jun 2010 00:00:40 +0000

LifeLock is an interesting service, but it actually doesn’t protect that well. I’ve seen a lot of articles on the subject, but the one I just linked has the best over-all summary of the trade-offs involved with trying to offer the kind of protection that LifeLock sells.

The new best way to make sure that your browser is safe.

Edward Delaporte — Fri, 21 May 2010 03:42:51 +0000

Browser plugins are rapidly becoming the most common way to get a computer virus infection.

Normally I lecture people about switching to Firefox, installing NoScript and checking at least monthly that Java and Adobe are up to date. The folks at Mozilla seem to be on a quest to save me from forever repeating those instructions, and I thank them kindly.

My instructions are now a bit simpler:

Switch to Firefox
Use this website to make sure that you are safe. https://www.mozilla.com/en-US/plugincheck/
Check back with the website weekly.

Facebook privacy issues

Edward Delaporte — Sat, 15 May 2010 07:03:01 +0000

The article is a little reactionary, but it does serve to highlight the things about Facebook that you should be concerned about.

Maybe it’s time to join me over at Google Buzz? All seven Google Buzz users are looking forward to your company.

Cory Doctrow on Phishing

Edward Delaporte — Wed, 12 May 2010 14:59:52 +0000

Cory Doctrow, author of Little Brother, wrote an excellent article about being taken by a phishing attack. Cory has a unique talent for making security concepts accessible.

Mozilla protects you from serious Java vulnerabilities

Edward Delaporte — Thu, 22 Apr 2010 12:22:23 +0000

If you think your internet browsing experience is safer just because you’re using Mozilla Firefox, (and you have it set to update itself automatically); then you’re absolutely correct: Secunia.com, I applaud Mozilla’s decision to fix what Sun/Oracle hasn’t been willing to fix.

Java’s standard behavior is to leave the vulnerable Java version installed in case a (possibly malicious) website asks for it. Mozilla is now turning off access to all but the latest installed version of Java. It’s a breakdown in cooperation between the two organizations, but I approve anyway because it will drastically reduce drive by download virus infection rates.

Update: My buddy Rob points out that the specific vulnerability that spurred Mozilla to this action has already been patched by Oracle/Sun: www.reuters.com/article/idUSTRE62N29T20100324 As this trend continues, it’s going to get harder to tell the online bad guys apart from legitimate businesses. Maybe the public will finally learn how to use the trust technologies that have been available for many years.

WPA on Ubuntu at Illinois

Edward Delaporte — Mon, 14 Dec 2009 03:55:56 +0000

Continuing with articles about connecting to the network at the University of Illinois from an Ubuntu computer, here’s a hint about connecting to the UiWpa2 / IllinoisNet Wireless: Ubuntu may not automatically choose a certificate authority for you; you may need to browse for a CA certificate.

Choose the Thawte Premium Server CA – it will work at Illinois (and quite a lot of other places, actually): /etc/ssl/certs/Thawte_Premium_Server_CA.pem

As usual, enter your NetId for your username, and you can use your Active Directory password.

If you’re still having trouble getting online, check out the CITES Homepage for more information on Illinois network resources.