Why SSL isn’t fooolproof security

Over at Rabbit-Hole, a commenter posted that my low-tier VPN is unnecessary if you’re using SSL. He’s wrong.

Perhaps I should have titled this “When SSL isn’t foolproof security,” but it’s too late now. Oh well.

When you’re sitting on a strange network (not your home or work network), SSL is vulnerable to a classic man-in-the-middle attack. If you’re paying attention, you should know if your session is being hijacked. But who’s paying attention?

Read more

Is someone trying to hack Facebook? Maybe.

From the big bag o’ Google search queries: Is someone trying to hack Facebook?

Possibly. An announcement came out this week that Anonymous and Lulzsec, the groups behind some of the more notorious hacks this year, plan to try to take down Facebook on November 5. There’s some debate whether they can do it, even within the groups, it seems. Some even believe the announcement was a hoax. But these are the same groups that hacked virtually every cell phone at the hacker conventions in Las Vegas last week, so it has to be perceived as a threat.

What should you do?

Read more

Two reasons you should use something other than your local ISP’s DNS

There’s some bad behavior going on with DNS right now. In Washington and at local ISPs.

Read more

A simple security enhancement you can and should do now

HTTPS Everywhere is a free Firefox extension–the EFF would like to do it for other browsers but says it’s not possible without source code–that forces the browser to use HTTPS (SSL-encrypted) connections whenever possible. This isn’t foolproof security–HTTPS is vulnerable to man-in-the-middle attacks–but it forces an attacker to do more work in order to snoop on your web traffic.

If you spend a lot of time on public wi-fi networks, this is the bare minimum you should do to protect yourself.

I need to remember to write up an explanation later this week of how SSL is vulnerable to man-in-the-middle attacks. But it’s better than nothing, and there’s nothing wrong with using it as additional protection even when you’re on a safe network.

Why people hack Facebook accounts

I’ve seen several people I know ask me recently why people hack Facebook accounts. Their Facebook accounts got hacked recently, and they couldn’t figure out why.

I know why. It probably wasn’t Sanford Wallace doing it, but it probably was someone just like him.

So who is Sanford Wallace and why does he want in your Facebook account?
Read more

How to power your computer up from away from home

The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.

If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read more

Secure that public wi-fi with a low-tier, no-cost home VPN

If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Public connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe.

Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.

Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.

Read more

Don’t fall for the new Facebook stalker scam

According to trusted antivirus vendor Sophos, there’s a rogue Facebook application, posing as an app that claims to reveal a way to see who’s been secretly viewing your profile.

It’s a scam. And it’s spreading rapidly. It posts messages on your wall and tries to get you to visit a spam site. Don’t fall for it, but if you already have, delete the fake messages it posts.

Here’s a real app I want you to install instead: Safego.
Read more

Don’t take free software from a stranger

And there’s this. Some people are taking popular free, open-source software, planting malware in it, and distributing it to unsuspecting people.
Read more

How to clean an MBR and recover drive partitions

Sometimes it’s necessary to recover drive partitions because you accidentally repartitioned a drive you didn’t mean to, or because your MBR got infected or otherwise trashed. Here’s how to recover them, for free.

Infecting MBRs with malware is popular with virus writers again. And I fully expect chaos to ensue, because that’s what happened the last time there was more than one virus floating around that infected MBRs. They quit doing it for a good reason.

So here’s how to clean up the mess when an MBR gets infected, or when multiple infections blitzes the MBR and the hard drive loses the ability to boot, just displaying a message like Missing Operating System or Operating System Not Found.

We’ll be using the Gparted Live CD. Many Linux live CDs have the proper tools, but GParted works well and it’s a small download. You can try to use another Linux live CD, and it will work fine, but the icons might not all be where I say they are.

Read more