Certain SSL Certificates Might Be Vulnerable To Hacking

0

Software is created by humans, and humans aren’t perfect.

It’s still up in the air as to whether this truly pans out as a legitimate vulnerability. Komodo says XYZ, and Verisign/Symantec says VWX.

It’s not all gloom and doom. People just need to be aware of the websites they are using and if that site is using the certificate type that is vulnerable. If it has that certificate, send a message to the webmasters of the site and to the maker of the certificate asking them to kindly fix it – FAST. And don’t use the site that is affected.

Not all sites are going to be affected mind you. Not all SSL certificates are created equally.

Remember, it’s “your” privacy that’s at risk.

Peer Into the Minds of Anonymous Online Posters

0

Boston.com contacted some people who frequently comment on their website to talk about anonymity. They share their thoughts and experiences and you get a good idea of the background of these people. They are normal people.

Boston.com tried contacting the trolls etc. but none of them would talk.

This is what stood out for me and justifies why anonymity is important…

… while preserving some measure of anonymity, so that, say, a closeted gay student would still feel comfortable posting a comment about the climate at his high school.

I don’t agree with the registration system where you have to provide a “real name” and “real address”, as these can easily be faked.

I don’t have to carry identification when I walk the street do I?

Have You Ever Lost Your ‘Work’ Laptop? Did It Have Important Data On It?

0

Businesses big and small should consider running desktops on virtualized servers for employees that frequently travel.

One benefit of having a virtualized desktop, is that all important company data is stored in your environment and not on the laptop that the employee carries around.

That way, if the employee loses the laptop, they only lose the hardware, and no customer lists, addresses, phone number, social insurance numbers, credit card information etc. etc.

Anonymity and The Gulf of Mexico Oil Spill Disaster

0

Quick summary if you haven’t already heard: Leroy Sticks (which is also a pseudonym) created a parody/fake Twitter account, BPGlobalPR, that mocks BP and the way they are handling their response to the oil spill disaster. The account has proven to be a BIG success.

As of Day 52 of the oil spill, @BPGlobalPR currently has 155,000+ followers and appears on 4200+ Twitter lists. As of Day 55, the verified corporate account @BP_America has but a paltry 15,000 followers. Here is a sample of what @BPGlobalPR has to say:

Investing a lot of time & money into cleaning up our image, but the beaches are next on the to-do list for sure. #bpcares

Tar balls in Florida? BP’s very own paid “reporters” aren’t so sure they exist. Stay informed people! http://ow.ly/1Xs9C

This is what @BP_America is saying

Cleanup crews work around the clock, despite heat. More than 27,000 people & 5,500 boats involved. I appreciate their dedication. ^Tony

Lately, there has been a lot of talk about anonymity and how its going the way of the dinosaurs due to the increasing popularity of social networking. Situations like the oil spill tend to make me think otherwise and make me realize just how beneficial anonymity can be for everyone.

Admittedly, anonymity is a grey area, as it can be used for right or wrong reasons. However in certain circumstances, it can have positive effects, even in the face of negative situations.

In this case, behind the anonymity of @BPGlobalPR, is 160,000 followers who have real identities, who aren’t anonymous. Many of these people are angry that this disaster has resulted in the loss of innocent lives, lost jobs and an extremely polluted environment. In turn, these followers are spreading the same messages to their own audience.

In retrospect, I don’t think ‘Leroy Sticks’ would have been nearly as successful in getting the attention that he does had he used a real name and real picture. While the content would have been the same, it probably wouldn’t have been as successful compared to what parody and anonymity can achieve.

The anonymity of BPGlobalPR let’s people judge only the content it delivers on Twitter. What is important is what’s being said, and not who is saying it.

How Do You Manage Your Online Reputation?

0

The article goes on to discuss the results of a survey conducted by the Pew Internet & American Life Project regarding reputation management and social media. One conclusion that was drawn was that 18-29 year olds were the least likely group to trust social networking sites.

On one hand, I understand the need to manage one’s own reputation online. People must protect themselves from people that feel the need to discriminate or gossip, have loose lips or become judgemental about things that don’t concern them.

On the other, I find it disappointing that people have to resort to censoring themselves and monitor everything they do, just to ‘fit in’, wherever it might be. It sounds a lot like high school, but I think it’s actually the other way around: high school is a lot like life.

At the end of the day, I do believe that if pictures, blogs or personal information are freely accessible on the Internet, it’s fair game for any one to view it.

That is why people must protect themselves.

This is what I suggest:

  1. Google yourself to see what content “your name” is associated with.
  2. Continually monitor your name by creating ‘Google Alerts’ that are sent via email or RSS
  3. Create an extra account on Facebook for professional (work) use only, separating if from your personal life.
  4. Get your name as a domain name. If you have a common name, you may be mixed up with someone else. Get it before someone else does.
  5. Check your friend’s social networking photo albums to see if they have any photos of you that could be considered ‘inappropriate’ (your friends may not have strict privacy settings)
  6. Review your privacy settings on all social networking sites and lock them down if necessary. Remember to test it out to see what it looks like.
  7. Think about what you want to say before posting it as a comment on social networking sites, discussion forums or news articles. Could your comments be used against you in the future?

I enjoyed this quote from the article…

Stefanie Juell, a 28-year-old in Westchester County, N.Y., has become increasingly aware of this. So she recently opened an extra Facebook account after her supervisor and people she’d met through work started to friend her on her personal account.

“You don’t exactly want to reject your supervisor,” she says. “Nor do you want him or her to see everything that your friends write on your wall or the pictures that people tag of you.”

As a site note, Googling yourself use to be referred to as ‘ego surfing’. CNN also reported about the same Pew Internet report but it wasn’t as extensive as the Toronto Star article that I posted.

Is Anonymity Going The Way of the Dinosaur?

0

Is anonymity going the way of the dinosaur, with the rise in popularity of social networking sites like Facebook and Twitter?

From the Youtube comments:

The point of anonymity: to fight back in a world where people get offended and expect the world to conform accordingly.

Christopher Poole talks about the good and bad of anonymity and how it has affected 4chan.

Anonymity has been a part of the Internet for a very long time. It’s becoming a more prominent issue as the Internet becomes a part of our every day lives.

I believe anonymity has every right to live and stay alive on the Internet. We walk the streets without the requirement of having identification papers on our bodies, so why should it be the same online? We might as well have identification papers on us at all times if anonymity on the Internet is abolished.

If there is no anonymity, then that means everything you do or so, will be tied to your name forever. People may forget, but the Internet won’t, because there will be a permanent digital archive of everything we do and it can all be read about like it happened yesterday.

AT&T Responsible for iPad E-Mail Address Leak, Not Apple

0

I’m noticing some confusion about who is responsible for the iPad e-mail address leak in various news articles that are writing about the incident.

  • AT&T is responsible and their servers leaked the information
  • As per the article from the BBC, only iPads using the AT&T service is affected. (This is not a world wide issue)

The vulnerability only involved iPad users who had signed up for AT&T’s 3G wireless service, and users of the iPad outside the US are believed to be unaffected. The breach involved a feature of AT&T’s website, which would prompt users when they tried to log in to their AT&T accounts through their iPad.

On digg.com, a related article is titled ‘Apples Worst Security Breach: 114,000 iPad Owners Exposed’, with a Warning: The content in this article may be inaccurate. Surprisingly, Gawker is still running with the same title and hasn’t changed it yet (as of June 10 2010 15:00PM EST). As a side note, Gawker owns Gizmodo, who was responsible for the leak on the new iPhone.

The only data that was ‘exposed’ was a large quantity of e-mail addresses of notable politicians, celebrities and military personal, and nothing else. (Passwords, credit card numbers, social security info etc. was NOT EXPOSED)

It’s little stories like these that chip away at the perception that a company is not secure. This happened to Microsoft. I’m defending Apple in this case, because I believe in giving credit where credit is due, and in this case, it’s an AT&T technical problem not an Apple technical problem. Unfortunately the perception that has been created is that it’s an Apple security problem.

Sure, it could potentially expose people to social engineering/phishing attacks, but these people’s addresses are already out there in log files on many mail servers on the Internet, not to mention everytime someone forwards a message an address is going to be ‘exposed’.

Keep calm and carry on.

There Is Always A Price To Pay When You Put Yourself On The Internet

0

Money lending companies are looking up customers seeking loans on Facebook, Twitter etc. to check their status updates and see if there are any indications of risk to lending that person money. i.e. Facebook status: still job hunting

“If I go on Facebook or Twitter and see information that doesn’t match, it could indicate something is wrong,” said Rob Garcia, senior director of product strategy at Lending Club, a peer-to-peer lending network based in Redwood City, Calif.

My opinion is, if the information is available on the Internet, it is fair game, unfortunate as that may sound.

This is probably the best quote from this article…

“There is no such thing as a free Facebook account,” he said. “You don’t pay to use it, but you give up privacy in exchange for using its service. The way Facebook makes its money is by selling its user’s information.”

People choose to post whatever they feel like at that moment in time on the Internet. You just never know, how that information may be used against you later on.

Google Employees Can Use Only MAC or Linux, not Windows

0

While it’s nothing new that another company is moving away from using Windows operating system software internally, Google is certainly the most popular of them all.

Google is finally big enough and powerful enough to stand up to Microsoft and say “enough is enough”.

From the sounds of it, Google is probably very close to releasing a consumer operating system designed to compete with Windows.

There is even a Wikipedia article devoted to Linux adoption, where they list many other businesses, educational facilities and governments that have already made the switch.

Google even prefers MAC OS X over Windows, even if it is sworn enemies with Apple, in some respects. “The enemy of my enemy is my friend”.

Here are some of my random thoughts about the situation:

  • Linux and MAC OS X will be new targets for those who create malware as their popularity increases. One of my previous posts on tumblr discusses spyware infecting MAC OS X.
  • The operating system is not the sole defense mechanism in a computer network, there MUST be other components like firewalls, anti-virus, up to date browsers etc.
  • Microsoft has long been the whipping post when it comes to security related incidents. IT administrators and hackers haven’t forgotten about the “I Love You” and “Melissa” viruses. Microsoft was the only mainstream choice available in terms of operating systems when Internet use increased in popularity. (approx. 1996 to 2003) It was natural that Microsoft became the big target.
  • Microsoft had to learn how to build security into their software development processes, only after building many of its earlier products. They’ve since standardized on a Security Development Lifecycle Process for developing secure products.
  • Lots of Apple and Google products have roots in open-source software, many of which were developed with security built-in, from the ground up, and not as an after thought.
  • Education/Training about security, both for users and software developers, is a key factor to maintaining safe computing environments and developing secure products.
  • Nothing is impenetrable. It’s only a matter of time and resources before a software exploit for any piece of software is discovered. Humans create software, and humans aren’t perfect.

Microsoft released a response about the security of Windows. Throughout the blog post, there are links to various articles that support its argument that it is a secure product, though Google isn’t directly mentioned, there was a link to the Financial Times article.

I actually found the comment section to be quite entertaining as it provided many different thoughts and perspectives to the issue. I recommend reading that as well!

“Free Software” Installs Spyware in MAC OS X

0

Always be weary of what you download from the Internet, especially when it’s free.

Just to re-iterate, you can’t install ANYTHING on MAC OS X without entering your password first.

Your computer gets infected because they lure you with the promise of free screen savers and a converter for video files. After you’ve agreed to install them, it’s over. Hello spyware!

Remember – nothing is impenetrable.

Link to another article discussing the same incident…

Go to Top