The Silicon Underground

Home » Page 241

A guide for safe and private web browsing

Dave Farquhar security August 7, 2015August 1, 2015chrome, Linux Mint, passwords, recycling, Windows 10

Continuing in the theme I’ve been following for the last couple of days, here’s a guide to security and privacy with web browsers. Like the guide I linked to yesterday, I’m not sure I agree with it 100%–I think saying never use Internet Explorer is too absolute–but I do agree with the overwhelming majority of it, and if everyone did all of this instead of what they’re doing now, we’d be in a much better state.

And, on a somewhat related note, here’s a rundown of what Windows 10 changes in the way of privacy, and some recommendations, but here’s a hint: You’re going to want to type privacy into your Windows search bar, pull up everything related, and start shutting stuff off. Use your discretion, but chances are there will be several things. If nothing else, there are things that are appropriate for a Windows tablet that aren’t appropriate for a desktop PC.

Let’s get back to privacy and safety in general, whatever OS you’re running. Here are some highlights.

How I fixed a hacked website

Dave Farquhar security August 6, 2015October 15, 2023

Back in August 2015, my website started alerting. Investigation showed the site had been hacked. Here’s how I fixed my hacked website, in diary form.

Mechbgon’s guide to safe computing on Windows

Dave Farquhar security, Windows August 6, 2015August 1, 2015UEFI, Whitelist, Windows 10

Mechbgon.com, the same place that published the outstanding guide to application whitelisting I mentioned last week, also has a guide to general security when building Windows PCs.

I think he overvalues UEFI and Internet Explorer 10, but if everyone followed his advice, there’s no doubt in my mind we’d be much more secure than we are right now. Although I mildly disagree on a couple of points, he has some outstanding advice in there.

The guide hasn’t been updated for Windows 10 yet, but most of what he says, if not all of it, will still apply and won’t be all that different to set up.

Application whitelisting on Windows, even home editions

Dave Farquhar security August 5, 2015November 29, 2015antivirus, Australia, malware, Microsoft Office, NSA, spyware, Whitelist

One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.

The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.

use application whitelisting to help prevent malicious software and unapproved programs from running
patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
patch operating system vulnerabilities
restrict administrative privileges to operating systems and applications based on user duties.

Advantages of Windows 10

Dave Farquhar security, Windows August 4, 2015August 3, 2017netflix, Windows 10, windows 7, windows 8

Now that Windows 10 is out, the questions I see most frequently are why someone should upgrade, or what benefits they get if they upgrade, or if there indeed is such thing as advantages to Windows 10.

While I understand the skepticism, and I think most people probably should wait a few months before upgrading a Windows 7 machine that’s working well, there are a number of compelling things Windows 10 has to offer.

Hacktivism is real, and getting more dangerous

Dave Farquhar security August 3, 2015July 30, 2015breach, vulnerability

Lost in the stories of last week was a story I really don’t want to talk about, but I have to: Planned Parenthood got hacked, and a database of its employees was stolen.

I don’t want to talk about it because the risk is this story becoming about abortion rather than about security. But it brings up a real problem: Now we know that political activists have the desire and the ability to hack into organizations they disagree with.

How to justify text in Publisher 2013

Dave Farquhar Office, Software August 2, 2015April 14, 2017Justification, keyboard shortcuts, Page Layout

I couldn’t figure out how to justify text in Publisher 2013, but I finally found the way. Here’s how.

I did some layout in Publisher 2013 after having not done page layout in a decade or more, and Publisher 2013’s interface confused me a bit. I finally found two ways to justify text.

The fast, easy way: Highlight the paragraph you want and press CTRL-J. Done. I love keyboard shortcuts. Justify starts with “j,” so that makes the keyboard shortcut pretty easy to remember.

The harder, slower way: In the paragraph tab, click the down arrow in the lower right corner. In the “Indents and Spacing” tab, there’s a dropdown box called “Alignment.” Select “Justified,” then click “OK.” Scout’s honor, I looked past that option at least 17 times.

Oddly enough, once I used full justification, then I got a little icon in the paragraph section of the ribbon for that, but I’m 100% certain that option wasn’t there before.

Pro tip: If you’re going to justify text, make sure you enable hyphenation. Click inside the text box, then click “Format” under “Text Box Tools” under the ribbon. Justified text looks much better when hyphenation is on. Hyphens reduce the number of spaces the computer has to insert. Fewer spaces mean fewer “rivers” in the text, and that makes for a better-looking page. Here’s more on hyphenation if you’re curious.

Five things security experts do vs. five things non-experts do

Dave Farquhar security August 2, 2015December 5, 2015antivirus, breach, malware, passwords, Two-factor authentication

There was a fair bit of talk last week about a study that compared security advice from security experts versus security advice from people who are at least somewhat interested but don’t live and breathe this stuff.

There were significant differences in the answers, and a lot of security professionals panned the non-expert advice. I don’t think the non-expert advice was necessarily bad. Mostly it was out of date.

Droidpocalypse? Josh Drake says no.

Dave Farquhar Android, security August 1, 2015July 31, 2015android, apple, demonstration, IOS, os x, podcast, samsung, vulnerability, Windows XP

Josh Drake, the researcher who discovered the Stagefright vulnerability in Android that lets an attacker hack into an Android device by sending a specially crafted picture or video in a text message, was on the Risky Business security podcast this week to talk about it. What he had to say was interesting.

Patrick Gray, the host, tends to be a pretty outspoken critic of Android and isn’t shy about talking up Apple. He tried to get Drake to say Android is a trainwreck, security-wise, but Drake wouldn’t say it. Drake actually went as far as to say he thinks Android and IOS are fairly close, security wise.

So why do we see so many more Android bugs? Drake had an answer.

How to keep your Android from being hacked by a text message

Dave Farquhar Android, security July 31, 2015July 30, 2015android, antivirus

In case you haven’t heard, it’s possible to hack into about a billion Android phones by sending them a text message with a specially crafted picture or video attached.

Google has a fix. The carriers and phone makers are taking their sweet time pushing it out. They may never do it. Here’s how to protect yourself.