security Archives

Home » security » Page 26

Unchecky is another tool to help with staying out of trouble with malware

Dave Farquhar security October 22, 2015September 16, 2016Adobe Flash, antivirus, irony, malware, oracle, psi

I found a mention of a tool called Unchecky as a minor point in a story about something else entirely. Unchecky helps to solve the problem with downloaded programs including a bunch of extra junk you don’t want.

I won’t be running it myself. But the next time I fix a computer, I’ll probably install it on that one.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Password management advice from CSO Online

Dave Farquhar security October 21, 2015October 19, 2015breach, passwords

Over at CSO Online, there’s a nice war story about tracking down and resetting 300 passwords.

I could pick nits at a few of his details, but that’s annoying and counterproductive. His overall advice is very good–manage your passwords, set them to something random, keep in mind that some sites just won’t allow for a very strong password so do the best you can, and protect your main e-mail password and your password management system password with all the diligence you can muster.

Dave Farquhar

dfarq.homeip.net

What the NSA can crack, and how to protect against it

Dave Farquhar security October 20, 2015November 27, 2018AES, leaks, NSA, SSL, TLS

Ever since the Snowden leaks, there’s been considerable speculation about what cryptography the NSA could break, and why. Finally, there’s a study that goes into deep detail about what it is the NSA probably can break, and why, plus how to protect against it.

Dave Farquhar

dfarq.homeip.net

What to do after you get breached and sign up for the free credit monitoring

Dave Farquhar security October 14, 2015October 11, 2015breach

After a large company that has your data gets breached, the standard next step is to give you credit monitoring.

It’s not enough to protect yourself, but you can make it enough. Read more

Dave Farquhar

dfarq.homeip.net

If you use Truecrypt, migrate to Veracrypt

Dave Farquhar security October 12, 2015July 14, 2017Privilege escalation, TrueCrypt

I’m playing catch-up with this one, but if you’ve been relying on the quasi-open source Truecrypt encryption solution, you need to migrate to Veracrypt as quickly as possible.

For some reason, it doesn’t seem to be common knowledge that Veracrypt is derived from Truecrypt and is, for all intents and purposes, the successor to Truecrypt.

Dave Farquhar

dfarq.homeip.net

Change a headline, go to prison

Dave Farquhar security October 9, 2015October 8, 20151990s, columbia missourian, journalism, Missouri, prison

A former journalist whose track record includes being fired from the Tribune Co. and from Reuters is facing two decades in prison for giving the hacking group Anonymous credentials to log into a Tribune web site and change stuff.

Anonymous changed one headline, and it took about 40 minutes for someone at Tribune Co. to notice and change it back.

It reminds me of something that happened at the newspaper where I used to work.

Dave Farquhar

dfarq.homeip.net

A sports analogy for security

Dave Farquhar security October 8, 2015November 26, 2016

Explaining security is really hard, but sometimes a sports analogy helps. Here’s an appropriate sports analogy for security.

Imagine you’re playing a sport. The sport doesn’t matter. What matters is you’re playing, and so is the opponent, and you have to follow the rules while they don’t. But you still have to prevent them from scoring.

But it’s more complicated than that. Imagine there’s another game going on, either adjacent to the field or within the field. That’s the business. Whatever you do can’t interfere with that second game, and you also have to keep your cheating opponent from interfering with that second game. And your success at preventing interference with that second game is how you’re going to be judged.

Dave Farquhar

dfarq.homeip.net

Vigilante router security

Dave Farquhar security October 7, 2015October 6, 2015android, malware, passwords, symantec, vulnerability

Last week, Symantec discovered a worm that infects routers and takes measures to make them more secure. For lack of anything else to call it, Symantec is calling it malware, and most of the security echo chamber is probably howling over this, but I think I understand why it was created.

Dave Farquhar

dfarq.homeip.net

Flash vs Shockwave

Dave Farquhar security October 6, 2015November 20, 2016

Bad things happen when security pros like me start asking our infrastructure brethren to patch Flash. We get better security, but the Flash upgrade fails enough of the time to cause extra workload, and it can be confusing. One of the problems is the question of Flash vs Shockwave.

Consequently, I see more Flash-related helpdesk tickets than I ever saw, even when I was doing desktop support long ago. Adobe doesn’t make it any easier by calling the plugin “Shockwave Flash.”

Dave Farquhar

dfarq.homeip.net

A collection of hacking e-zines, new and old

Dave Farquhar security October 1, 2015April 15, 2017

I found this collection of hacking e-zines a while back. Some are new, some are old. Some are series and some were one-offs. If you’re interested in the early days of hacking, or the undercurrents of today, it’s not a bad place to peruse.

Dave Farquhar

dfarq.homeip.net