security

How to view questionable PDFs safely

Dave Farquhar security , , , , , , ,

I said Tuesday that it’s a bad idea to download and view PDF (Adobe Acrobat/Adobe Reader) documents from questionable sources, but I didn’t really elaborate on why, nor did I tell you how to view questionable PDFs safely.

The reason is that pretty much anybody with a little bit of determination and the ability to follow a recipe can plant a trap in a PDF file and use it to gain access to your computer. Adobe Reader is extremely prone to these kinds of attacks, and don’t think you’re safe if you don’t run Windows. There are toolkits that will inject traps that work on Macintoshes and Linux too.

Yes, your antivirus software should catch it. But most antivirus software doesn’t dig deeply enough into PDF files to find it.

Scared yet? You should be. You do have some options.
Read more

Why SSL isn’t fooolproof security

Dave Farquhar security , , , , ,

Over at Rabbit-Hole, a commenter posted that my low-tier VPN is unnecessary if you’re using SSL. He’s wrong.

Perhaps I should have titled this “When SSL isn’t foolproof security,” but it’s too late now. Oh well.

When you’re sitting on a strange network (not your home or work network), SSL is vulnerable to a classic man-in-the-middle attack. If you’re paying attention, you should know if your session is being hijacked. But who’s paying attention?

Read more

Is someone trying to hack Facebook? Maybe.

Dave Farquhar security

From the big bag o’ Google search queries: Is someone trying to hack Facebook?

Possibly. An announcement came out this week that Anonymous and Lulzsec, the groups behind some of the more notorious hacks this year, plan to try to take down Facebook on November 5. There’s some debate whether they can do it, even within the groups, it seems. Some even believe the announcement was a hoax. But these are the same groups that hacked virtually every cell phone at the hacker conventions in Las Vegas last week, so it has to be perceived as a threat.

What should you do?

Read more

Two reasons you should use something other than your local ISP’s DNS

Dave Farquhar security

There’s some bad behavior going on with DNS right now. In Washington and at local ISPs.

Read more

A simple security enhancement you can and should do now

Dave Farquhar security, Servers and Networking , ,

HTTPS Everywhere is a free Firefox extension–the EFF would like to do it for other browsers but says it’s not possible without source code–that forces the browser to use HTTPS (SSL-encrypted) connections whenever possible. This isn’t foolproof security–HTTPS is vulnerable to man-in-the-middle attacks–but it forces an attacker to do more work in order to snoop on your web traffic.

If you spend a lot of time on public wi-fi networks, this is the bare minimum you should do to protect yourself.

I need to remember to write up an explanation later this week of how SSL is vulnerable to man-in-the-middle attacks. But it’s better than nothing, and there’s nothing wrong with using it as additional protection even when you’re on a safe network.

Why people hack Facebook accounts

Dave Farquhar security , ,

I’ve seen several people I know ask me recently why people hack Facebook accounts. Their Facebook accounts got hacked recently, and they couldn’t figure out why.

I know why. It probably wasn’t Sanford Wallace doing it, but it probably was someone just like him.

So who is Sanford Wallace and why does he want in your Facebook account?
Read more

How to power your computer up from away from home

Dave Farquhar DD-WRT, security, Servers and Networking , , , , , , ,

The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.

If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read more

Secure that public wi-fi with a low-tier, no-cost home VPN

Dave Farquhar security , , , , , , , ,

If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Public connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe.

Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.

Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.

Read more

Don’t fall for the new Facebook stalker scam

Dave Farquhar security , , ,

According to trusted antivirus vendor Sophos, there’s a rogue Facebook application, posing as an app that claims to reveal a way to see who’s been secretly viewing your profile.

It’s a scam. And it’s spreading rapidly. It posts messages on your wall and tries to get you to visit a spam site. Don’t fall for it, but if you already have, delete the fake messages it posts.

Here’s a real app I want you to install instead: Safego.
Read more

Don’t take free software from a stranger

Dave Farquhar security , , , ,

And there’s this. Some people are taking popular free, open-source software, planting malware in it, and distributing it to unsuspecting people.
Read more