Mostly online security, but also related to identity theft and protection, personal and home security and maybe even financial security.
This week I helped a client re-key their SSL certificate due to having lost the private key. In the process, I was given the option to use SHA-1 or SHA-2. I figured 2 is better than 1, but then I read up on how SHA-1 is gradually being phased out in Google Chrome because it’s […]
As a follow up to my post on cheap SSL certificates, I learned that the certificate wasn’t the reason I was getting an A- on the Qualys SSL Labs test. But after a few configuration changes, I achieved the coveted A+ grade. First, find out your current grade by entering your web site here. If […]
First off, if you already run an SSL-enabled server, update your SSL certificates immediately. You can use this tool to see if your site is vulnerable to HeartBleed, a serious issue in OpenSSL. If you want to enable SSL for your web site or to spend less for your SSL certificates, read on. There are […]
Every time I switch to a new cell phone I’ve had to disable 2-factor authentication on all my accounts in order to set them up on the new device. I just switched again and decided to make it easier. I had previously saved the secret keys for the various accounts in a secure location for […]
If you use a computer with a keylogger, your privacy is severely compromised. This screencast shows you two free keyloggers and how they work, as well as some tips on how to protect yourself. I demo Hooker (careful searching for that phrase…) and pyKeylogger.
While reading this reddit post about Mikko Hypponen’s TED talk, I concluded that some users either had incredible visual acuity or they were watching the video at a higher resolution than me. Then Mikko posted a comment recommending we watch it in HD. I looked around for a link to the high res version for […]
Here’s a cool infographic discussing the stats around identity theft and passwords. Via: Online MBA
It’s been almost five years since I linked to a phishing test that measured your ability to distinguish between valid and fraudulent emails. Phishing is still a problem, perhaps even more so now. Browsers and web mail services try to filter out or at least notify you of a potential phishing scam, but fraudsters continue […]
The recent Facebook terms of service changes and consequent complaints made me wonder how much privacy really exists if you’re active online. Starting with just a name, sites like 123People, Pipl and Zabasearch can find a phone number, photos, a street address, age, and other social networks like Facebook, LinkedIn or MySpace. With only a […]
Don Knuth has decided he can no longer write checks after being forced to close three checking accounts after they were subjected to multiple attacks by criminals. He says the way checks work is fundamentally broken. With the information on a check, a criminal can create an ATM card, impersonate a bank in another country […]
If you have a wireless network using WPA, read this. A PhD candidate recently discovered a way to compromise a wireless network using WPA. Fortunately, the attack only works against TKIP (the default from what I’ve seen). The fix is to switch to AES encryption, usually the second option when you’re configuring WPA. I had […]
I’ve had no trouble finding processor, memory and network monitoring tools on Windows. Process Explorer from SysInternals does a great job of showing processor and memory use (overall and for each process) and NetStat Live displays incoming and outgoing network traffic. The only thing missing was an easy way to see what processes were using […]