security

Avast 8 is out and already well-regarded

Dave Farquhar security , , , , ,
Avast 8 is out, and the initial reviews are positive.

If you use Avast, either as your primary or as your secondary AV, updating it is a good idea. One critical improvement is that virus database updates happen more frequently now. There’s no such thing as too frequently when it comes to database updates.

Use Secunia PSI to keep all your programs up to date with minimal effort

Dave Farquhar security, Windows , ,

Did you know Adobe released three Flash updates this month? And that every last one of them was absolutely, positively necessary? (At the time. They’re cumulative.) Seriously, you need a computer to keep track of all this stuff.

Secunia PSI is a free program to keep track of these updates and pull them down and install them for you. I’ve written about it before, but not in any depth. I downloaded it to a machine that didn’t have it, and it scanned my system, found four out-of-date programs–it knows about 3,000 pieces of software–and updated three of the four without me doing anything at all. It’s dead simple. Download it, install it, accept the defaults, and let it run. If you can’t get by without the four horsemen of the security apocalypse (Quicktime, Flash, Acrobat, and Java), at least Secunia PSI will ensure you’re running the least insecure–I’m not calling any of those security nightmares any word that would suggest they’re good–version of each.

If you’re running Windows, go download it and install it, please. It’s not a substitute for antivirus software, but it’s a tool that can close the security holes that antivirus software can’t protect you against. Really, you probably need both.

In defense of telework

Dave Farquhar security , , , , ,

I work from home one day a week. Most of my coworkers do as well.

So I was interested when I read about Yahoo! doing! away! with! telecommuting! (with apologies to The Register. I couldn’t resist.)
Read more

Is powerline networking secure?

Dave Farquhar security , , , , ,
Is powerline networking secure?

Is powerline networking secure? It can be, but just like wireless, you have to set it up securely. Here’s what you need to know about powerline networking security.

Read more

Firefox 19 is a big security improvement

Dave Farquhar security , , , ,

Mozilla quietly released Firefox 19 this week. Its biggest selling point is a built-in PDF viewer (like Google Chrome does), which makes me more comfortable than having Acrobat Reader installed–Mozilla is generally faster at fixing security holes than Adobe. Besides that, the built-in reader is fast. No waiting for Acrobat to launch. Short documents like IRS form 1040 display very quickly, though it wasn’t so crazy about me throwing the 237-page NIST 800-53 (if you’d like some light reading) at it. I closed the tab and revisited it, and it loaded the second time.

So this is an update you want. You may be wise to wait a day or two for it to stabilize (Firefox 18 was rapidly updated to 18.0.1 and 18.0.2 after its release), but being able to ditch Acrobat Reader (or leave it installed but only use it when absolutely necessary) definitely is appealing. Update it this weekend, maybe.

Read more

CISPA is trying to solve a legitimate problem

Dave Farquhar security , , , , , ,

I read yet another anti-CISPA piece today. I’m not comfortable trying to read it and decide whether it’s a good or bad piece of legislation, but I do understand the problem it’s trying to solve.

Those who have tried to paint CISPA as the new SOPA or PIPA are misunderstanding the problem CISPA is trying to solve. CISPA isn’t supposed to be about stopping the scourge of teenaged boys using the Internet to copy music and movies. It’s actually chasing something nefarious.

Let me give you an example.
Read more

Ars Technica looks at asymmetric enryption

Dave Farquhar security , ,
Ars Technica posted an overview of asymmetric encryption recently. (Link removed in retaliation for Conde Nast’s 11/3/2025 layoffs. Sorry not sorry.)

CPE opportunity: Exploding the Phone

Dave Farquhar security , , , , , ,

This week Cnet interviewed Phil Lapsley, the author of Exploding the Phone, a book about the early history of phone phreaking.

Phone phreaking is absolutely fair game for the CISSP exam. I couldn’t tell you anymore how many phone phreaking questions I had to answer, but let me just say I’m glad I’d read those pages in the CBK about phone phreaking.

Read more

The problem with dictionary passwords

Dave Farquhar security , , ,

Consulting firm Deloitte is warning that 8-character passwords will be obsolete this year. Sound familiar? Of course, the Slashdot crowd blamed it as security “experts” (their words) creating hype to make money.

Well, I’m a certified security professional who doesn’t have a dog in this fight, except that I don’t want your accounts getting stolen. So here’s the problem with many of the solutions the Slashdot crowd posed.

Read more

Update Flash now

Dave Farquhar security ,

Adobe updated Flash today, to fix a couple of 0-day vulnerabilities. Here’s how to force a manual update on Windows and Mac OS X. I put on my sysadmin hat and looked over the update scripts on the page; they’re a little complex but don’t do anything nefarious.

Grab the appropriate update script for the type of computer you’re running, close your browser, run it, and stay safe. And remember, you’re doing me and the rest of the world a favor; if your computer is up to date, then it isn’t attacking my network, and if mine’s up to date and secure, mine isn’t attacking yours.