My views on things
IT Security
Stuxnet: I can’t believe sensitive industrial systems are running Windows…
01 year ago
So, it seems people in the UK are starting to freak out about the “super computer virus” called Stuxnet that could bring down power plants, etc. They’re right! That thing is powerful and very scary! But wait a minute…Companies in charge of protecting key UK infrastructure components decided to give the contracts to Siemens after seeing that the solutions were based on Windows?!? Seriously!?! It’s fine for desktops if you’re extra careful, but come on. It’s a poor choice for business critical missions unless you’re a small PME that got coerced into using a suite of Microsoft tools to ru(i)n your business…
Read all about Stuxnet here
Your passwords should be at least 12 characters long
01 year ago
A study at Georgia Tech Research Institute recommends that you use password at least 12 random characters long (and include letters, numbers, and symbols).
“‘Eight-character passwords are inadequate now … If eight characters is all you use, and if you restrict your characters to only alphabetic letters, it can be be cracked in minutes,’ said Richard Boyd, a senior researcher at GTRI.”
Via Slashdot. Source MSNBC via @wjrothman
Flash is notorious for its security problems, but there are ways to protect yourself without banning it from devices: Blitzableiter
11 year ago
Most people creating Flash content don’t have a degree in Computer Science and fail to really understand OOP and to build optimized and secure applications. Worse, some content is loaded dynamically, meaning that what you put on your website (ads), may not be what’s going to be displayed to your visitors after all. All that and the fact that the Flash player has a long release history and contains 2 VMs means that it’s bloated and is not restrictive enough.
Some hypocritical extremists (#Apple) went for a total ban of the technology on their mobile devices, claiming that it was too slow and insecure, instead of trying to make it work like most other mobile companies are doing. We all know that wasn’t the real reason for the ban and we’re not surprised by more lies coming from a company that denies the Antennagate, but there is truth to the claims that Flash has security problems.
I loved one of the slides of Recurity Labs’ paper on their Blitzableiter application that filters flash files, removing malware, etc. It was titled “Native Security Functionality of Adobe Flash” and was left empty 
.
Recurity Labs are offering an interesting solution for people concerned with what a website can do with their personal data and I encourage you to read more about it on the project’s page:
http://blitzableiter.recurity.com/projects/show/blitzableiter
Blackberry smartphones are too secure for some countries…
01 year ago
Blackberrys provide one of the highest level of security you can get on a smartphone and it’s one of its major selling points (along with its messaging, social networking and multitasking features).
The problem for RIM is that some countries like India and UAE want to be able to snoop on their citizens for various reasons and they have started to introduce bans on the Blackberry data services.
It’s a shame for businessmen trying to fight corporate espionage or citizens concerned with their privacy or rights, because there isn’t really an alternative. Android and iOS phones are slowly getting there, mainly with the help of 3rd party software, but we still too often hear about data leaks. WebOS should not be trusted as it’s missing key encryption components.
Reminder: You cannot surf anonymously using your regular computer or phone
01 year ago
Facebook has been in the news for not taking its users privacy seriously enough and some people have started to wonder what type of information about them is “out there”.
If this has been identified as a problem, the next step is for the user to try and prevent too much data about them to leak out and they may be using some super duper plugin in Chrome or Firefox that they think gets rid of all traces of their surfing habits.
More advanced users, have started to use VPNs (you have to if you’re on Wifi and don’t want all your data to be exposed to the world 
#hole196) and think they’ll be all right since their IP address is hidden.
They’re all wrong! It’s not enough.
Just got to http://panopticlick.eff.org and see how unique your fingerprint is.
It doesn’t matter how you’re trying protect your privacy. If the server at the other end is storing a unique signature linked to you, it’ll recognize you next time you pop round.
The solution…Use a virtual environment (VirtualBox is easy to use) and inside, keep the OS’ settings as standard as possible. Add some security and privacy plugins to your browser, but always check that it doesn’t give your identity away.
Once it’s configured, take a snapshot and use it to surf “anonymously”. Always go back to that snapshots. Don’t sync your bookmarks, passwords and what not.
