Posts Tagged “computer security”
Mikko Hypponen: Three types of online attack
by Matt Wharton on January 28, 2012
Cybercrime expert Mikko Hypponen talks us through three types of online attack on our privacy and data — and only two are considered crimes. “Do we blindly trust any future government? Because any right we give away, we give away for good.”
Kindle Fire
by Matt Wharton on October 2, 2011
So in searching for a little more information on the new Kindle that Amazon have launched in the UK I stumbled across the fact that in the US they have launched two new additional model, a touchscreen version and the Kindle Fire. The Kindle Fire is a colour touchscreen dual-core tablet with a 7″ screen and 8GB of storage, all for $199. One of the key features of the Kindle Fire is the Amazon Silk web browser that will dramatically improve the web browsing experience for the user by utilizing the Amazon Web Services cloud to act as a form of proxy server and carry out much of the computational load of displaying a webpage which might contain elements from many different servers thus requiring many requests to many different IPs. In addition through analysis of web requests flowing through the Amazon Web Services cloud they can predict the most likely next page a user might browse to and preload that page in the background as the user views the original page again decreasing the time waiting for a page to load.
Have Amazon created the first viable non-iPad tablet by not copying the iPad?
What most tablet manufacturers have failed to realise is that the iPad is a success not solely because of its form but because of its ecosystem also. Android tablets generally are too variable to be considered a coherent set of hardware sharing the same ecosystem.
But I believe that Amazon will succeed with the Fire because they are not going after the niche currently occupied by Apple instead they have created a device whose purpose is to help sell more products through Amazon. Despite productivity tools such as word processors, spreadsheet apps and photo editing apps being available on iPad tablets are essentially devices for consuming content not they are pretty lousy for producing content. Amazon have realised this and produced the optimal content consumption device and ecosystem.
100 Million Facebook account details on BitTorrent
by Matt Wharton on July 29, 2010
The BBC reports that details of 100m Facebook users has been collected and published online via BitTorrent.
The BBC story takes a little less freaked line than The Telegraph, but it’s not as if this was a security breach that caused private data to be exposed as Facebook says this was all public in any case.
Ron Bowes of SkullSecurity reportedly wrote a program to download millions of the public profiles of Facebook users in order to assist the development of the Nmap Security Scanner and the Ncrack tool by creating a database of usernames typically used by people.
Mr Bowes said his original plan was to “collect a good list of human names that could be used for these tests”.
“Once I had the data, though, I realised that it could be of interest to the community if I released it, so I did,” he added.
Mr Bowes confirmed that all the data he harvested was already publicly available but acknowledged that if anyone now changed their privacy settings, their information would still be accessible.
“If 100,000 Facebook users decide that they no longer want to be in Facebook’s directory, I would still have their name and URL but it would no longer, technically, be public,” he said.
It has been played down by people who have likened it to creating a telephone directory. However the question of whether users explicitly consented to be in such a directory is not easily answered as Facebook’s privacy settings seem to be too complicated for a sizable percentage of their users to understand.
HTTPS Everywhere
by Matt Wharton on June 18, 2010
EFF and the Tor Project have launched a Firefox extension called HTTPS Everywhere. The extension forces the browser to connect using https with every website that offers the facility to do so. With the increasing occurence of sidejacking of web sessions where the site only uses SSL for authentication but not for the whole session this extension should be installed by everyone.
Stuck in London. Need money quick. Facebook hacked.
by Matt Wharton on April 15, 2010
Help! My Gmail and Facebook accounts have been stolen and the passwords changed. Someone I know just called to tell me that he got an email saying that I’m in London in a hospital and need money immediately. What do I do?
Firstly report the fact that your account has been hacked to Facebook and Google using the following links.
Next notify any close friends or family that your accounts have been hacked and to ignore any pleas to send money.
If you get your accounts returned I recommend using http://strongpasswordgenerator.com to create a new password.
Digital economy bill passed – file-sharing will carry on regardless
by Matt Wharton on April 8, 2010
The Digital economy bill has been passed and now just awaits the Royal Assent.
I think that the bill will spectacularly fail to prevent file-sharing instead it will be a boon for the companies that offer virtual private networking services and teenagers will start file-sharing offline by exchanging DVD-ROMs full of MP3s.
I’m torn with regard to the Liberal Democrats as my local MP is Don Foster who not only voted against the bill, but was present at the barely attended second reading of the bill and argued against it in the debate. I’m displeased with the party as a whole though as they didn’t oppose the bill and it was Lib Dem peers Lords Razzall and Clement Jones who sought to amend the Digital Economy Bill to allow site blocking for copyright infringement, although in the end that clause was dropped.
Removing administrator rights fixes 90 percent of Windows 7 vulnerabilities
by Matt Wharton on March 31, 2010
Ars Technica reports that 90 percent of Windows 7 flaws fixed by removing admin rights
After tabulating all the vulnerabilities published in Microsoft’s 2009 Security Bulletins, it turns out 90 percent of the vulnerabilities can be mitigated by configuring users to operate without administrator rights, according to a report by BeyondTrust.
Ars Technica describes this as being good news for IT departments who can reduce security breaches by mandating the use of the ‘Standard User’ account, but it is still not common practice for home users to do the same.
The fundamental problem with the PDF format
by Matt Wharton on March 31, 2010
Mikko of F-Secure argues that the ongoing security problems with Adobe Acrobat Reader, which is now the primary vector for malware having overtaken Microsoft Word sometime in 2009, is to do with fundamental issues with the PDF format itself.
Looking at the 756 page specification document (PDF format naturally) one finds details about how to embed all kinds of things from multimedia to executable JavaScript into PDF files.
So using an alternative to Adobe Acrobat Reader such as the Foxit Reader is not the solution as it is just as vulnerable due to including the same functionality as Adobe Acrobat Reader. There might be alternative PDF readers that simply render the documents without the additional functions but another secure workaround is to open them up in Google Docs.
Kentucky election fraudsters found guilty
by Matt Wharton on March 25, 2010
What might be just another run of the mill vote-buying scandal is made all the more interesting by the fact that some of the corrupting of the electoral process was down to exploiting a flaw in electronic voting machines.
The exploit was far more low-tech than those uncovered by the likes of Ed Felten as it exploited the poorly designed user interface which required voters to confirm their vote after they had pressed the button to make their voting selection. [via]
Edit: Bruce Schneier has of course covered the same story and has links to much deeper analyses of the situation.
Frenchman hacked President Obama’s Twitter account
by Matt Wharton on March 25, 2010
BBC News reports that an unemployed man has been arrested by French police for hacking the Twitter accounts of US President Barack Obama and celebrities.
The unemployed 25-year-old was arrested on Tuesday after an operation lasting several months, conducted by French police with agents from the FBI.
He gained access to Twitter accounts by simply working out the answers to password reminder questions on targets’ e-mail accounts, according to investigators.
This is the same method that was famously used to hack into Sarah Palin’s Yahoo! webmail account and is yet another real world example of the failure of the typical password reminder function that the study by the University of Cambridge’s Computer Laboratory showed.
As I wrote previously that until such time as the companies that use password reminder questions as a security method change the system they use I recommend that people give a nonsense answer to the question. Particularly people such as President Obama where such information is easily researched.