Drowning in Passwords: Tips to Stay Safe and Sane

If you spend much time online, you probably have the same problem I do: How to remember your ever-growing list of online usernames and passwords-and stay secure at the same time.

You’re savvy enough to know that identity theft and illegal access to personal and financial data are real-world problems that you want to avoid. But what are you doing about it? Odds are, not much, says Andrew Jaquith, a computer security analyst at Forrester Research. “There are two classes of people; those who seem to care about the security of their accounts, and those who act as if they don’t.” Most people, he says, fall in the later category.

If you’re one of the majority, your security strategy may be nothing more than using a single password for every site you need to access. On the one hand, the chances of it being stolen aren’t terribly high and you probably won’t forget it. But if it is stolen, the malefactor will have access to your entire online life, including bank accounts and maybe medical records. Not a pretty thought.

It turns out that there are a number of strategies that will help you avoid that ugly scenario. Most of them are simple, free or quite inexpensive, and much more secure than what you’re doing now. But some are just halfway measures that could let you down in a pinch.

Source:
http://www.computerworld.com/s/article/9140585/Drowning_in_Passwords_Tips_to_Stay_Safe_and_Sane?source=rss_security

Posted in Internet, Privacy, Security | No Comments

Critical Flaw Found in Linux Kernel

There is a NULL pointer dereference flaw in the Linux kernel that can be exploited by attackers to gain root access to a vulnerable machine.

The vulnerability is in version 2.6.21 of the Linux kernel and some Linux vendors already have taken steps to fix the vulnerability. Red Hat has released a fix for the flaw in several versions of its Linux distributions. Red Hat also has released advisories on the issue, explaining the vulnerability and its effect on vulnerable machines.

A NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe’s reader and writer counters. This could lead to a local denial of service or privilege escalation.

Debian also has posted instructions for addressing the flaw in its Linux distributions, which are vulnerable to this problem by default. NULL pointer dereferences are particularly complex problems that are difficult to exploit in many cases. This particular problem was identified in mid-October and so far, there have not been any public exploits released for the Linux kernel flaw.

Source:
http://threatpost.com/en_us/blogs/critical-flaw-found-linux-kernel-110509

Posted in Linux, Security | No Comments

Scramble on to fix flaw in SSL security protocol

Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet.

The flaw lies in the SSL protocol, best known as the technology used for secure browsing on Web sites beginning with HTTPS, and lets attackers intercept secure SSL (Secure Sockets Layer) communications between computers using what’s known as a man-in-the-middle attack.

Although the flaw can only be exploited under certain circumstances, it could be used to hack into servers in shared hosting environments, mail servers, databases, and many other secure applications, according to Chris Paget, a security researcher who has studied the issue.

“It’s a protocol-level flaw.” said Paget, the chief technology officer with a security consultancy called H4rdw4re. “There’s a whole lot of stuff that’s going to have to get fixed on this one: Web browsers, Web servers, Web load balancers, Web accelerators, mail servers, SQL Servers, ODBC drivers, peer-to-peer protocols.”

Although an attacker would first need to hack into the victim’s network to launch the man-in-the-middle attack, the results would then be devastating — especially if used in a targeted attack to gain access to a database or a mail server, Paget said.

Source:
http://www.computerworld.com/s/article/9140362/Scramble_on_to_fix_flaw_in_SSL_security_protocol?source=rss_security

Posted in Internet, Networking, Privacy, Security, Software | 1 Comment

Google launches privacy Dashboard service

Google has launched a Dashboard service that’s designed to show how much the search engine giant knows about its users online activities.

The service provides a summary of data associated with a specified Google account. Users gain the ability to view and manage data, which ranges from search engine queries and emails sent through Gmail through to videos viewed on YouTube, and much else besides. Users will usually have already consented to allow Google to keep tabs on their activities online, but the search engine giant’s tentacles reach so far that it’s tough to know how much information it holds on each of us.

Google Dashboard – which is designed to address privacy concerns over the search engine giant’s propensity to catalogue data – is accessed by logging into a Google account. Surfers get a list of the number of items held on particular services (Calenders, Blogger, Shopper, Chat, Gmail etc. etc.) linking to the data repositories of these services for more detailed information.

Source:
http://www.theregister.co.uk/2009/11/05/google_privacy_dashboard/

Posted in Internet, Privacy | No Comments

Microsoft Security Essentials rated best free antivirus for Windows

Thousands of downloads. Countless positive reviews on software blogs around the Internet. It’s been quite a ride so far for Microsoft Security Essentials.

In AV Comparative’s most recent report on malware removal, MSE was the only free antivirus rated Advanced+. That ranking placed it alongside big names like Norton, Kaspersky, and F-Secure. Security Essentials also beat out technician favorite ESET, which managed only an Advanced rating.

It’s also worth noting that only three antivirus apps – Norton 2010, eScan, and Security Essentials – scored marks of good or better in removal of malware and removal of leftovers. So not only has MSE beaten free competitors like AVG (version 8.5 tested, not 9.0), Avira, and Avast, it also posted test scores equal to or better than a dozen antivirus programs you’d have to pay for.

Source:
http://www.downloadsquad.com/2009/10/31/best-free-antivirus-for-windows-microsoft-security-essentials/

Posted in Internet, Security, Software, Windows | No Comments