Google was using javascript to store Gmail address books while the user was logged in. As a result if a user is logged into Gmail, a malicious website could request your Gmail addressbook.Google has resolved this flaw, but it does point out the danger of javascript.
I have read that you need to know security tools if you are going to break into the IT/ Network Security field. I have found this website http://sectools.org/. The site ranks and updates the top 100 network security tools. This site seems like a great place to see what tools are on the rise and which are falling out of popularity.
After reviewing the list I noticed that I used several of the tools. Most of the tools tend to be either free or open source. It is not realistic for me to learn and master all 100 tools. I plan to move down the list one at a time starting at 1 and go to 25. This will allow me to master the popular tools and keep up with changes in the industry.
I found this great little website that has 55 tips for Gmail.
http://g04.com/misc/GmailTipsComplete.html
Check it out.
I read a recent post that detailed how to hack gift cards. The post shocked me how insecure the gift cards are. I hope the release of posts detailing how to hack gift cards will bring about a change in the security of new cards.
You go to a store that has gift cards on display check to see if the serial number is show on the back. Some cards cover the number. If the number is not covered you write down the serial number of the cards. You then check to see if the card has been activated by checking to see if the card is valid via the phone number or internet. Once you find an active card you can then purchase things online with your new gift card.
I have been playing with the TOR (the onion router) network for a while now. I like the anonymity that TOR provides but my problem was always portablity. The download you get from TOR you always had to install TOR, Vidalia, and Privoxy. Once those three are installed you have to set your proxy server settings in your browser to join the network. All of this is not much of a problem if you are on your home computer. But I wanted anonymity on computers that I may not have privileges to install software.
Last week I came across a neat blend of Firefox and TOR. Torpark is a great little app that you can unzip to your desktop or a flash drive and run with out an install process. I installed Torpark on my 1GB flash drive it can take several minutes for it to connect to the TOR routers. Once connected it seems to be a very good solution to my problem. The browsing seems just as fast using the TOR install.
Torpark is built on Firefox 1.5 and it does tend to take a little while to connect to the network. I think if Torparks developers continue to work on this app it will be a great program for portable internet anonymity.
Bush Proposes Faith-BasedFirewalls for Government Computers
By Brian Briggs
Washington D.C.—President Bush announced that by 2008 all government computers should be protected from outside attacks by the faith-based firewall called Protection From Above (PFA) from Houston-based software developer Christisoft.
“For too long we have turned to proven software companies with expertise in computer security for protection, now our computers will be protected by the power of prayer at a much lower cost to taxpayers,” said Bush.
Estimates show the US government spent $1.2 billion dollars to secure their computer systems at various agencies, which many Republicans think is an indulgence the government can’t afford.
“With the faith-based firewall and other faith-based security software from Christisoft we could save billions over the next ten years. That’s money that can be returned to the most generous of taxpayers,” said the President.
Bush also cited doubts about the efficacy “of science-based computer security” though he didn’t use that word exactly.
The software requires no installation or maintenance fees, but only a onetime registration fee for unlimited computers.
Joel Osgood, founder of Christisoft, said, “With the one time registration fee, a company’s entire network of computers joins our network of computer security prayer specialists. The power of prayer can heal the soul and can also protect you from nasty denial of service attacks and viruses.”
Specialists in IT departments at various government agencies said they weren’t contacted by the White House for any feedback on the system and they believe the President’s decision would be “disastrous” for computer security.
Osgood refuted critics who said prayer can’t protect from cyberattacks by saying, “Computers are extremely complicated devices that mere humans couldn’t dream of understanding. It takes the power of God to do that.”
Any security breaches in the PFA software are countered by a double-prayer guarantee.
Osgood said Christisoft’s customer list includes a Fortune 500 company currently being delisted from the New York Stock Exchange.
If your like me you love Gmail. The tagging, chatting, and of course the massive storage. But have you ever noticed when you type www.gmail.com you get redirected to https://www.google.com/… Secure right… Not totally. Once you log into you are redirected to http://mail.google.com/… which is insecure. Granted if you are at home and your system is clean with nothing sniffing network traffic you are fine. But I want more security.
To make your entire Gmail session secure simply type https://www.gmail.com. This will redirect you to the same secure log in page as before. But once you log in it directs you to https://mail.google.com/… Your Gmail session is now secure and everything is on https.
Higher security by typing 8 more characters. It is worth it to me. Is it worth it to you?
The other day hacker Kevin Mitnick published some help security tips. Although basic tips I think everyone needs a reminder. With Spyware infestations on the rise black hat hacker are looking for low security machines to compromise. For those that do not know of Kevin Mitnick in the 1990s, Kevin penetrated of some of the biggest companies in the world. These hacks ultimately landed him five years in prison. After his release Kevin Mitnick started Mitnick Security a security consulting company.
—————————————————–
Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets.
They can even use your computer to store data like stolen credit-card numbers or child pornography, or to attack another innocent home user or business from your system.
Here’s my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.
Hackers are becoming more sophisticated in conjuring up new ways to hijack your system by exploiting technical vulnerabilities or human nature. Don’t become the next victim of unscrupulous cyberspace intruders.
Twitter
Facebook
FriendFeed
LinkedIn
MySpace
BackType
Digg
YouTube
Flickr