One of the pracctical functions in Firefox is the option to save passwords. This also has a backward function, in that you can find out what your saved password is. To do so, simply go to the login-page in question. Then right-click the site and select View Page Info. Go to the Security-tab and find the button View saved passwords. Then click the button View passwords to see all saved passwords.
Now, as I’m sure I’m not the only paranoid browser around, here’s how to set a master password to protect your saved passwords:
- Go to Tools -> Options
- Go to the Security-tab
- From here you can set a master password by checking the checkbox Use a master password
At this year’s DefCon, a security problem inherent to the default settings in GMail was unveiled. The problem is that, by default, GMail does not use encrypted sessions.
This can be a problem if you use public computers, because the session key might be retrievable. With the session key in hand, access is apparently simple enough to gain.
Luckily, this is simply corrected. Here’s how:
- Log in to GMail
- Go to “settings”
- In the General tab, find the “Browser connection” setting
- Set it like so:
|
Posted by
razumny |
Categories:
gmail | Tagged:
gmail,
https,
Security,
settings |
Windows XP is Microsoft’s longest living operating system to date. Released in October 2001, it succeeded the total failure that was Windows Millennium Edition, and has, in turn, been succeeded by Windows Vista. Service Pack 3 is, as implied by the name, the third major upgrade package – Service Pack – released for Windows XP. Unlike SP2, SP3 contains no changes that are directly experienced by the end-user. SP3 was released for download on May 6th, 2008.
SP3 contains all updates released since SP2, and a few new ones. The big thing about SP3 is added back-end functionality, functionality that takes place “behind the scenes” as it were. Some of the functionality in SP3 is previously released, but as optional updates, not as part of a major upgrade. The rest is new, released first with SP3. No functionality stemming from Windows Vista is included, and which includes Internet Explorer 7, although updates to both Internet Explorer 6 and Internet Explorer 7 are included.
Previously released functionality:
- MMC 3.0 – unified and simplified system for system management
- MSXML6 – improved reliability, security and conformance with XML 1.0
- Microsoft Windows Installer 3.1 v2
- BITS 2.5 – Background Intelligent Transfer Service
- IPSec Simple Policy Update – Simplifies creation and maintenance of IPSec filters
- DIMS – Digital Identity Management Service
- PNRP 2.1 – Peer Name Resolution Protocol
- RDP 6.1 – Improved remote desktop protocol
- WPA2 – Improved Wi-Fi security
Functionality new to SP3:
- “Black Hole” router detection turned on by default
- NAP – Network Access Protection
- CredSSP Security Service Provider (Available, but turned OFF by default)
- Descriptive Security Options UI
- Enhanced security for Administrator and Service policy entries
- Microsoft Cryptographic Module
The focus has clearly been firmly fixed with regard to addressing security issues.
For more in-depth information on SP3, go here to download an overview of the update, as well as details on deployment.
I’ve been using computers more or less actively for about 10 years now. My first encounter with a computer was a hulking 386, which I never really got the hang of. Since then, I’ve encountered computers in many different ways, but the first time I can remember getting a “So that’s what it’s all about” feeling, was back in the summer of 1996. Using Word (!) I constructed my very first website.
Ever since, the web has been a mainstay of mine. I’ve had an email adress since then, and I’ve used it for such things as keeping in touch with friends, maintaining several websites and blogs, applying for jobs, finding an apartment, and so on. The list is nearly endless.
About six or so years ago, I started fiddling around seriously with computers, and one of the first things I realized was that I had already experienced three webbrowsers (Internet Explorer, Opera and Netscape), and settled on a preferred browser (Internet Explorer). I also started to question why I had settled on this one, and so began my quest to find a different browser.
I had some sort of very faint notion that there must be something better than what I had, but I didn’t know what. Not, that is, until I found Mozilla Firefox. Since then, I have challenged my opinion on Firefox repeatedly, but it still sticks out as the best I’ve found so far.
I have two main arguments for Firefox, they are security and usability. Security, not because it is necessarily a more secure browser (as has been shown, it too has its share of problems), but because I believe there’s an innate level of security to not having you webbrowser built into the OS Kernel. As for usabiity, I realise Opera was way before Firefox with tabbed browsing, but I still don’t find Opera the user friendly browser I do Firefox.
Another thing is of course that knowing my way around Firefox, I can use it on whichever OS I wish. When I use Kubuntu, I don’t use Konqueror, I use Firefox. When I use Mac, I don’t use Safari (which isn’t half as much an integral part of the operating system as MSIE or Konqueror), I use Firefox.
Microsoft Internet Explorer was a decent webbrowser, oh about ten years ago. They then stopped developing it, while other software-manufacturers kept developing theirs. Among the prominent webbrowsers today are Mozilla Firefox (Windows, Mac, Linux), Opera (Windows, Mac, Linux), Safari (Mac OS and Windows), Internet Explorer (Windows Only), and Konqueror (Linux only). I prefer Firefox, for a range of reasons, the first being the fact that it is Open Source, and constantly being developed. Another is the fact that it is not an integral part of the OS. Should I tire of it, or wish to remove it for some reason (although I cannot now imagine how that would happen), I can remove it, and all trace of it with a minimum of moves.
Yet another argument is its adaptability and options for customization. It comes with a bare minimum of options, but you can easily add extentions that make your life easier. Mine shows the IP-adress of the site I am visiting, the hebrew date, and has a GUI-button that I can click to disconnect it from the web.
If you want to switch, or think you might like to try it out, please do. Find Firefox here, or Opera here.
It annoys me that there are still developers out there that don’t write for all browsers, and only test their sites in MSIE. I feel this practice is exclusivist and elitist, and I hate it. If I can avoid using these sites, I do. I also inform the webmaster that this is so, and should they remedy the situation, I’d like to be notified. The problem is that MSIE, like many others (Firefox included, though to a lesser degree) has inherent non-compliance issues. This is a problem because many sites don’t work properly (if at all) in other browsers.
The point, in the end, is not about what you choose, but that you do choose. Only through making conscious, informed decisions can we better our days as users of these electronic gadgets many of us love so dearly. Good luck, and good night.
Note on the links in this article: All links to Firefox are rerouted through a program called SpreadFirefox.com. Should you wish to download Firefox, you will be rerouted directly to the download site, and my account with SpreadFirefox.com gets one download added. I do not earn money from this, only recognition. The links to Opera lead directly to the website of Opera Software. Whichever you choose, I think it is important to make a choice.
|
Posted by
razumny |
Categories:
Firefox,
Internet Explorer,
Op-Ed,
Opera | Tagged:
Browsers,
choice,
cross-platform,
Kongregate,
Opera,
Safari,
Security,
usability |
Why?
A man in his twenties, let’s call him Bill, gets on a bus in Oslo. He carries with him a portable computer, complete with a wireless network adapter. The computer is running Windows XP Professional, and has an app installed called NetStumbler. The man is bored, and decides to have some fun…
Bill turns the computer on and starts NetStumbler. After a short distance, he has found in excess of two hundred wireless networks, half of which are unsecured. The man unboards the bus, and selects one which is unsecured called “Linksys”. He decides to punish the owner a little, you simply don’t leave your wireless network with default settings, onw do you?
He logs onto the network, and using Google, it is the work of a minute or two to learn that the config-page of the router is located at the IP-adress 192.168.0.1, and the default user name and password are both admin. He logs on, and finds another computer connected to the router. He shuts the computer out, and starts working his mischief.
Bill starts out turning off broadcasting of the SSID, and changes the SSID, following which he sets WPA-security. He then changes the admin-password of the router, logs off, and gets on the next bus. The entire process, from logging on to the config-page until he logged back off, took him less than two minutes.
How?
The above scenario is not unthinkable. In spite of it mostly being mindplay, I have myself seen close to fifty available wireless networks, many of which are not only unsecured, but also sport default values for everything. So, what does the scenario teach us?
If you know something of routers, you’ll know that the first thing you’ll try when unable to contact the router, is either connect directly to it with a cable (which wouldn’t help you in the above scenario, as the admin-password has been changed), or simply push the reset-button, located on the back of the router. In the case detailed above, the problem will be solved, and for the owner in question, who hasn’t bothered to set up the router, the default settings will be restored.
The next piece of knowledge we can glean from this, is that by doing two simple things, the security of your router will be heightened by large degrees. By changing the SSID (the name the router presents to the outside world), and changing the admin-password, much has been achieved. If you want to go a step above and beyond this, I’d recommend turn off broadcasting the SSID, and setting some sort of security, either WEP or WPA2. These simple steps will prevent trespassers to connect to the network, and secure the network even more
I’ll not tell you what will work best for you, but I personally feel that if the SSID does not identify you is better than a SSID that does. If your name is John Smith, I think that it is better to call the network HomeLAN than calling it JohnLAN or SmithLAN.
Another thing I’ll tell you is that it is better to use a randomly generated WEP-code, instead of one that can be logically disseminated. A quick Google-search for “random WEP code generator” will provide you with many useful pages, for example this one, whereas a search for “WPA2 code generator” will, among others, turn out this one.
Securing wireless networks is very important, so much so that even Microsoft has created a guide to help users set up their wireless networks.
|
Posted by
razumny |
Categories:
Uncategorized | Tagged:
Security,
SSID,
WEP,
WLAN,
WPA2 |
Fighting and defending against computer viruses is one of the largest challenges facing businesses and individuals in the IT world of today. To guard against this, most people have anti-virus software installed on their computers. However, even though you have anti-virus software installed, how can you be certain that the policy-files are the ones your anti-virus supplier has supplied? What is done by the different developers to secure the transfer of these files? What sort of knowledge and access would be needed to hack through the protection?
I’ve asked these questions to a few of the leaders in anti-virus software development. Only two answered my questions; here’s what they said:
Norman
Norwegian security solutions developer Norman, whose security suite was recently crowned the winner in a Norwegian test of anti-virus solutions, could tell us that they have been using more or less the same method since the fall of 1999. Their method entails distributing all their software files as ZIP-archives that have been signed and encrypted by a proprietary algorithm. Once downloaded to the client computer by their program Norman Internet Update (NIU), whereupon NIU proceeds to decrypt the downloaded files.
In order to hijack the transfer, three key elements are needed:
1. Knowledge of, and/or access to the utility used to encrypt and sign the files
2. Ability to spoof the NIU-client in order to make it download the files from a different site
3. One would also need to hack the protocol used between the NIU-client and the update servers, a protocol encrypted with a separate, proprietary algorithm.
Norman has seen many attempts to hack the method since it was employed, none of which have succeeded
Sophos
The British anti-virus developer Sophos, that develops security solutions for businesses, tells us they use a different method. They use a secured end-to-end SSL v3.1 2048 bit encrypted tunnel, using a Corba based management methodology. Within the tunnel (which uses pre-verified certificates distributed via the installer) a 512bit key-pair is agreed between server and each client for layered complexity.
To hijack the transfer, the following would have to be done: First off, the attacker would need a copy of the certificates shared during installation (denying regular users local administrator access would simply and quickly make this a lot more difficult for an attacker). Secondly, the attacker would need to gain access to the VPN-tunnel (2048 bit), or crack said tunnel if they don’t have the certificate. On top of this, the attacker would need a copy of each of the pre shared keys for each computer, and work out the Sophos-specific implementation to crack the keys assigned to the computer. The entire process would need to be repeated for each computer, as every computer has a different key.
Conclusion
In spite of significant advances in the field of computer security solutions, there are still many threats out there, and time has shown, and will most likely continue to show, that there is no such thing as absolute certainty. Because of this, it is imperative that developers of security solutions not only worry about their own end and the computers belonging to their customers, but that they also worry about, and take steps to ensure, the transfers and updates of policies. In spite of limited responses to my inquiries, the answers I have received bear witness that these are problems that are taken very seriously indeed, and the steps taken thus far seem to have been effective.
2008 STFU && RTFM