January 21, 2007
Truth in advertising --or-- Archer Farms Margherita pizza dissapoints
January 05, 2007
Post #100 - Protecting yourself (and your company)
The problem is, no one believes there is a bad person lurking at a coffee shop, just waiting for you to enter your domain username and password to access corporate email/intranet/eBay/PayPal/Hotmail/your bank...
Are you protecting yourself and your company? I ran across an article titled How to protect yourself at wireless hot spots which offers some simple tips and techniques on protecting your data. Here are the highlights from this article:
1. Disable ad-hoc mode -- PLEASE PLEASE do this; it is so simple and the cost of using ad-hoc mode far outweigh the benefits from a security standpoint.
2. File Sharing -- many people doen't even know much about this, so if you don't know how to use it, reduce your attack surface and TURN IT OFF! Even if you think you know how to use it, make sure you are only sharing what you intend to share with the world. I know, your mom always told you to share, but if she would have known about unencrypted WiFi, she would have put on the disclaimer!!! :)
3. Turn off network discovery (Vista only) - I have not fired up Vista yet, so I have nothing intelligent to add here....
4. Carry an encrypted USB flash drive - I like this one; I don't own one of these yet, but suspect I will be picking one up very soon; not so much for storing my OS on it, but strictly for data...
5. Protect yourself with a virtual private network - VPN == goodness; 'nuff said
6. Disable your wireless adapter - ok, this maybe is not a reality, but it *IS* a possibility
7. Watch out for shoulder surfers - The security mantra of "Social engineering trumps most security systems" applies here!
Happy new year and 'safe' surfing!!
jk
Stock touting and a cute little HTML trick
Stock Touting
While reading an artcile about how stock-spammers make money (you know, the emails saying a particular stock is going to be hot), I followed the research link to a Harvard web page titled Spam Works: Evidence from Stock Touts and Corresponding Market Activity. I enjoyed playing with the stock simulator at the harvard site also which simulates the scenario from both spammer and spam recipient point-of-view. It is hard to believe that this kind of social engineering works, but the facts don't lie. :) The only thing I could even *remotely* consider doing on these would be to buy short!!!!!!
A cute little HTML trick
While reading the Harvard page, I noticed this text: "If the email addresses are unreadable, click here. They cannot be copied/pasted directly from this page." which naturally made me try to highlight the authors' email address and copy them. As advertised, it appeared to mangle the email address. After looking into it a bit more, I figured out the little trick: the web page author used a combination of the PRE tag along with a STYLE attribute. I'll show this below: first with no 'style' attribute so you can see the 'real' text and then with the style attribute of "line-height: 0px" to see the obfuscated text. (I will change the email addresses of the real authors to protect their addresses...). They used the 2 line technique, multiple lines also works (as shown below).
Un-Obfuscated
r b t p o m i . o
o o @ o k a l c m
Obfuscated (2 lines)
r b t p o m i . o
o o @ o k a l c m
Obfuscated (3 lines)
r o p k i c
o t o m l o
b @ o a . m
Wrapup
1. If spammers can't make money (by stock touting and every other nefarious ploy, they'll stop spamming.
2. Try out this fun little HTML trick! It should help slow down unsophisticated email collectors, and if nothing else, it is like a little parlour trick to impress your geeky friends :)
jk
January 04, 2007
Not even PDFs are safe - Security hole in Acrobat Plugin
from: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007051&source=NLT_SEC&nlid=38
"January 03, 2007 (IDG News Service) -- Security researchers are poring over what one vendor has called a "breathtaking" weakness in the Web browser plug-in for Adobe Systems Inc.'s Acrobat Reader program used to open files in the popular Portable Document Format. "
Browse safely!
jk