You’re telling me someone gave a stranger his password?

I was talking breaches last week when a very high-up joined the conversation in mid-stream.

“Start over, Dave.”

“OK. I’m talking about breaches.”

“I know what you’re talking about,” he said, knowingly and very clearly interested.

Read more

Why every breach is different

I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.

I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.

Read more

Why the Target data breach news keeps getting worse, and what you need to do

As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, e-mail addresses, and for a whole lot more people, and probably from a longer length of time than just late November to mid-December.

There are a few things you ought to do if you shop at Target, which many people do. Read more

How to make an LG LD301EL dehumidifier drain the water out of a hose instead of the bucket

I recently came into possession of an LG LD301EL dehumidifier. It was supposed to be draining out of the hose, but it wasn’t. I figured out why.

If you have one of these or a similar dehumidifier, chances are you have the same problem. The instructions on the back of the dehumidifier aren’t as clear as they could be and the diagrams are tiny. The manual doesn’t quite seem to explain it either. If you don’t have the manual and don’t want to download one from a dodgy web site–and as a computer security professional I recommend that you don’t (more on that at the end)–here’s how to get it done.

Read more

Book scanning on the (relatively) cheap

Ars Technica has a fascinating article on the trials and tribulations of building a book scanner from a kit.

They lament the lack of software support, however–namely, a program to convert the image files generated by the digital camera into a PDF. Should I point them in the right direction? Why not? The key is Imagemagick, of course.
Read more

A fast way to turn lots of images into an Adobe Acrobat PDF file

I have a collection of magazine scans that, inconveniently, came as a series of JPG images rather than as PDFs that are more conducive to reading. I wanted PDFs, so I found a way to turn lots of images into an Adobe Acrobat PDF file.

Building the PDF manually took a good 30 minutes per issue, so I wanted a faster way. Using command-line tools, I was able to convert the entire collection (about 40 issues) in less than 30 minutes. Read more

How to send banking documents securely over e-mail

When you’re getting a loan, sometimes you have to send documents like bank statements electronically. If you want the money in those bank accounts to actually stay there, you need to protect those documents before you send them.

There are three relatively easy ways to do it, depending on what software you and the person on the other end have.

Read more

End of the innocence for Mac security

Antivirus vendor Kapersky has identified a new trojan horse targetting Macintoshes.  It spreads a botnet based somewhere in China via an infected Microsoft Word document, typically sent as an e-mail attachment.

The spin is that if you don’t use Word on your Mac, you’re safe. That’s true–this week. But going forward, it’s going to take more than that. Read more

How to view questionable PDFs safely

I said Tuesday that it’s a bad idea to download and view PDF (Adobe Acrobat/Adobe Reader) documents from questionable sources, but I didn’t really elaborate on why, nor did I tell you how to view questionable PDFs safely.

The reason is that pretty much anybody with a little bit of determination and the ability to follow a recipe can plant a trap in a PDF file and use it to gain access to your computer. Adobe Reader is extremely prone to these kinds of attacks, and don’t think you’re safe if you don’t run Windows. There are toolkits that will inject traps that work on Macintoshes and Linux too.

Yes, your antivirus software should catch it. But most antivirus software doesn’t dig deeply enough into PDF files to find it.

Scared yet? You should be. You do have some options.
Read more

WordPress Appliance - Powered by TurnKey Linux