Archive for the ‘Security’ category

Web security protocol HSTS wins proposed standard status | Security & Privacy – CNET News

October 4th, 2012

Web security protocol HSTS wins proposed standard status | Security & Privacy – CNET News.

A Web security protocol designed to protect Internet users from Internet hijackings due to unencrypted Web sites has won approval as a proposed standard.

A steering group for the Internet Engineering Task Force (IETF)gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers to always interact over a secure connection.

Web browsers complying with the policy will automatically switch insecure links to a secure version of the site, using “https,” without the Web surfer having to remember to type that in the URL bar.

HSTS is designed to deflect HTTP session hijacking, in which limited encryption used on many popular Web sites put user accounts at risk of compromise by someone snooping on session traffic between the user’s computer and the site’s server. Sites typically encrypt the username and password as they are transmitted, but unless the entire Web session is encrypted with “https,” or secure hypertext transfer protocol, someone sniffing the network could capture the cookie information and use that to access the accounts.


The technology is already supported by sites and services such as PayPal, Blogspot, and Etsy. It’s also included in the Chrome,
 Firefox4, and Opera 12 Web browsers. However, Microsoft’s Internet Explorer and Apple’s Safari have not yet embraced HSTS.Whether the proposal is accepted as a standard depends on its degree of technical maturity and whether there is a general consensus that the protocol provides significant benefit to the Internet community.

How To Activate Windows 7 Offline After Reinstalling It

June 14th, 2011

How To Activate Windows 7 Offline After Reinstalling It.

Due to widespread piracy of the Windows operating system, Microsoft implemented strict measures since the advent of Windows Vista to ensure that piracy can be curbed. This includes adding a minimum limit to the number of times a key can be used for activating Windows. While this might restrict piracy, it can become quite inconvenient for users. If you for instance run out of the activation limit of your Windows 7 key due to frequent re-installation of the operating system, you will have to either call Microsoft support for resolving the issue or purchase a new activation key. A better alternative to repeatedly activating Windows and running out of your allocated limit can be to use 7Token Manager. It’s a one-click solution to backup all important information and then restore it to activate Windows 7 offline.

With 7Token Manager, you can back up Windows 7 activation key along with certificates and tokens to restore them later on freshly installed Windows in order to bypass the restriction imposed on number of times one can activate Windows through single license. Since you can activate Windows online for only 10 times with one license key, it fetches all the information which Microsoft Windows online activation wizard fetches from your system while activating Windows and backs them up. After installing Windows, you can restore all the information with license key to activate your copy of Windows without going through online activation process. This not only makes Windows activation process easier but saves you from wasting another usage count of purchased license key.

To backup Windows key, certificates and tokens, click Backup.

7Tokens Manager by Josh Cell

All information will get saved in a Backup directory residing in 7Token Manager. It can be quite useful to backup not just your Windows key but also server certificates with the help of this app for easily restoring them later.

Backup Folder

To restore your information, make sure that the Backup folder is present within the 7TokenManager EXE file directory and click Restore.

Restored

7Token Manager works on Windows Vista and Windows 7.

Download 7Token Manager

How to Remotely Control Your PC Even When it Crashes – How-To Geek

March 29th, 2011

Being able to remotely control your computer is an age old geek trick. But what about changing BIOS settings or installing an operating system remotely? With Intel AMT KMS this is within reach for any geek with the right hardware.

Intel vPro is a management platform built into Intel processors and other hardware that allows companies to manage their desktops and laptops out-of-band (OOB). That means the computers can be managed no matter if the computer in on or off, and even if the operating system has failed or there is no hard drive present.

With Core processors Intel introduced Active Management Technology (AMT) 6.0 which introduced a slew of new features including Keyboard Video Mouse (KVM) Remote Control. This means that with the right hardware configuration you have full remote access to your computer no matter what state it’s in.

Most geeks are familiar with VNC software that runs inside your operating system, but Intel AMT KVM runs at a hardware level which allows you to go remote with your computer in the case of a total system failure or even without an operating system installed. Let’s get started and set up Intel AMT KVM so you can go remote with your computer.

» Read more: How to Remotely Control Your PC Even When it Crashes — How-To Geek

Privacy Tip — Using VIP Access at PayPal « Tom Olzak on Security

January 12th, 2011

Privacy Tip — Using VIP Access at PayPal « Tom Olzak on Security.

Today I tried to load and activate VIP Access on my iPhone.  The app loaded OK from the app store, but finding the page on PayPal where I could activate it was another story.

For those of you out of the loop, VIP Access provides a means to use your iPhone as a second authentication factor.  When installed, the software provides a different six-digit code every 30 seconds.  This code is used to verify your identity at sites supporting this VeriSign identity management technology—like PayPal.  See Figure 1.

Figure 1

Figure 1

Installing and launching the free software on my iPhone 3GS was easy.  The first screen included a video and other information about how to use the service.  So, having lost my VIP “football” for PayPal, I was anxious to try this out.  That was where the fun began.

There are no references to this service on PayPal.  Neither searching nor browsing turned up anything useful.  Finally, I searched Google and found someone who had solved this lack-of-information challenge by actually sending a message to PayPal.

It turns out VIP Access activation uses the same link used to activate the VIP token, as shown in Figure 2.

In the activation form, enter the VIP Access Credential ID into the Serial Number field.  The rest of the form is self-explanatory.  After jumping the activation hurdle, everything worked as advertised.

Figure 2

Figure 2

Resetting Your OS X User Account Password | Apartment Therapy Unplggd

January 10th, 2011

Resetting Your OS X User Account Password | Apartment Therapy Unplggd.

Resetting Your OS X User Account Password

011011_rg_RestOSXPasswd_01.jpg

If you’re like most users, you’ll have a single user account on your Mac, and it will be the sole administrator account. What happens when you either lose or don’t remember this password? It’s a pretty common scenario. However, there’s an easy way to do this with a Mac, which is somewhat counter-intuitive if you come from a PC background.

011011_rg_RestOSXPasswd_02.jpg

On the weekend, I was updating my wife’s MacBook. Since I’m recent Mac convert, I’ve been customizing my own MacBook Pro, while also installing some apps and programs onto my wife’s computer. For some reason, she didn’t have a password for her user account. I don’t know how she managed it, but when I started installing apps, it started creating some problems because her password field was left empty.

I don’t know why the behavior of the Mac changed, but it had to do with the fact that I was installing some applications. A few days later, we noticed that the Mac would no longer let us update software because when we tried to enter password that was empty, it no longer accepted it. That meant that I had to reset the password.

After quickly reading over the procedure here, I went looking for my wife’s OS X DVD. She didn’t have it with her, but I had mine for my MacBook Pro. I had already tried updating her OS X to 10.6.5 using this DVD, but it didn’t work. However, I thought that I might be able to boot with the DVD and access the system configuration this way.

Here’s what we did:

  • Insert the DVD into the superdrive and restart your Mac.
  • Press the key ‘C’ while it reboots. This will make it boot from the DVD. Depending on the age of your Mac, it could take a few minutes.
  • Once it’s booked up, access the ‘Utilities’ menu and click Reset Password. You can now enter a new password.

If you’re using a DVD that didn’t come with your MacBook, you should try and use one that’s closest to the OS X version that you’ve got installed. For example, my OS X 10.6.5 worked fine on her OS X 10.5.8 Mac, but there might be problems if the versions are very different. If you don’t have your DVD, try using one of your friends’. If you aren’t technically inclined, this will save you a trip to the Apple store.

(Image: Flickr member Foskarulla licensed for use under Creative Commons, Flickr member Minor9th licensed for use under Creative Commons)

Paypal’s New Security Card Fits Inside Wallet – The Consumerist

August 2nd, 2010

Paypal’s New Security Card Fits Inside Wallet – The Consumerist.

Like the idea of the Paypal security key fob, which auto-generates a 6-digit code that must be entered every time you use your Paypal account, but not so hot on its bulky shape? This year Paypal introduced a credit-card sized design that fits inside your wallet.

Change Your Wi-Fi Router Channel to Optimize Your Wireless Signal – How-To Geek

July 7th, 2010

Change Your Wi-Fi Router Channel to Optimize Your Wireless Signal – How-To Geek.

If you live in an apartment complex you’ve probably noticed more than just the passive-aggressive network IDs that your neighbors use—very likely you’ve had problems with your wireless connections dropping out, or just not being as fast as you’d like. Here’s a quick fix.

Of course, this isn’t the only thing you need to do to make sure your wireless network is running at maximum speed, but for today’s lesson we’ll show you how to pick the right channel to make sure you can stream the new Futurama episode to your laptop without skipping.

Note: if your Wireless network is working fine, please don’t mess with it. Or at least, don’t blame us if you break it.

» Read more: Change Your Wi-Fi Router Channel to Optimize Your Wireless Signal — How-To Geek

SSDownloader fetches popular antivirus, antimalware, and firewall apps

July 2nd, 2010

SSDownloader fetches popular antivirus, antimalware, and firewall apps.

If you’re constantly being called on by friends and family to provide tech support, troubleshooting, and computer advice, you’ve probably had to install security applications on other people’s computers more than once. Heck, you may do it just about every day. If so, you might want to grab SSDownloader — an open source app which makes downloading current versions of popular antivirus, antimalware, firewall, and utility software a snap.

When you launch the portable app, it automatically refreshes its database and presents an excellent selection of free security apps for Windows computers. Included are popular free apps like Avast!, Security Essentials, Malwarebytes, HiJack This, Comodo Firewall, CCleaner, AutoRuns, and Process Explorer — as well as loads more.

Trial versions of programs like Nortonare also provided in case you’re trying to appease someone who demands “name brand” protection (yes, there are still people like that — and they’re not all familiar with our go-to apps).

SSDownloader is an excellent way to make sure you’ve always got up-to-date installers at the ready. Need something with more options? Check out Anti-Malware Toolkit — or Ketarin, if you’d rather go the DIY route.

Windows Live Family Safety

July 2nd, 2010

Windows Live Family Safety.

Help protect your kids online

With Family Safety, you decide how your kids experience the Internet. Limit searches, monitor and block or allow websites, and decide who your kids can communicate with in Windows Live Spaces, Messenger, or Hotmail.*

Family Safety is part of Windows Live Essentials, which includes free programs for photos, movies, instant messaging, e‑mail, blogging, family safety, and more. Get Family Safety or get them all—they’re free!

* The Family Safety Filter must be installed on each computer your children use. If the Filter isn’t installed, the safety settings can’t be enforced.

Editors Note:
Having two small children at home, this product has really been easy to use, and given us great peace of mind that by having this on the two computers that they are allowed to use, we know that it greatly reduces the number of chances that they will stumble on to an inappropriate website site.
All you need is a Hotmail or Live.com account to use this product. There are a ton of websites that are not allowed and you can also add or remove sites as you see fit. Give it a try today!

How Secure is your Password?

July 1st, 2010

howsecure.jpg

How Secure is your Password?.

Most people realize that some passwords are harder to guess than others. But a new online tool allows you to see just how much variation there is.

The appropriately named www.howsecureismypassword.net has a single, simple purpose: you type in your password and the site tells you how long it would take a desktop PC to crack it, presumably by a brute force attack (that is, literally trying out every possible combination of characters.)

It should be noted the site promises that “no data is stored or transferred anywhere.” If you are still a little paranoid, it might be worth typing in a dummy password of the same construction. So, for example, if your password was smith1952, try something like jones1948 instead.

The mathematics of the calculation seems simple enough: as best I can tell it works on the basis that longer passwords take longer to crack, adding numbers as well as letters increases the difficulty, and adding other characters such as punctuation marks adds even more.

The tool does note when you type in one of 500 most popular passwords, but otherwise doesn’t seem to distinguish between dictionary words and random strings of characters. In reality, actual words are usually considered less secure as they can be cracked using the much quicker technique of running through all the words in the dictionary.

Even with these limitations, and bearing in mind that the results should only be taken as comparatives rather than absolutes, the results are staggering. To give one example, a password I use for discussion forums would apparently take 13 minutes to crack, while a longer one I use for my webmail access would take 138 million years!

» Read more: How Secure is your Password?