August 27th, 2009
Computer scientists in Japan have found a way to break into a WPA/TKIP wireless system in less than 1 minute. The group has published a paper on the subject so it is just a matter of time before the bad guys get a hold of the technology. Fortunately, WPA/AES, a stronger encryption, and WPA2 have not been compromised so consider switching to one of those.
A brief history on Wi-Fi encryption
At first, 1997, there was Wired Equivalent Privacy or WEP for short. This was cracked in a few years after it came out and is now regarded as useless.
WPA with TKIP “was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago,” said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2.
Wi-Fi-certified products have had to support WPA 2 since March 2006. “There’s certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time,” Davis-Felner said.
Most routers with TKIP also have AES so the switch should be easy.
Posted in Wireless | No Comments »
May 13th, 2009
This type of email makes its round every so often.
Here is the email:
If you have a cell phone, remember to make your call with it…
Cell phone numbers go public next month: All cell phone numbers are being released to telemarketing companies and you will start to receive sales calls. You will be charged for these calls. To prevent this, call 1-888-382-1222, the National Do Not Call List. It blocks your number for 5 (five) years. You must call from the cell phone number you want to have blocked. You cannot call from a different number.
Help others by passing this on to all friends. It takes about 20 seconds.
A good idea but not necessary. Read about it from the FCC.
http://www.fcc.gov/cgb/consumerfacts/truthaboutcellphones.html
Originally, phone numbers remained on the registry for a period of five years, but are now permanent due to the Do-Not-Call Improvement Act of 2007, effective February 2008.
Doug
Posted in Spam | No Comments »
May 6th, 2009
Yes, there are swine flu email phishing scams. Unsolicited email messages are being sent with subject lines related to swine flu so recipients will open and click on harmful links or malicious attachments aimed at infecting computers. To be safe, please be sure you take the following measures of protection:
• Beware of swine flu related emails and subject lines
• Do not click on unsolicited web links or attachments in email messages
• Maintain up-to-date antivirus and antispyware software
Posted in Email | No Comments »
April 23rd, 2009
What is KeePass?
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. All your passwords are in one database, which is locked with one master key or a key file. You only have to remember one single master password or select the key file to unlock the whole database. The database is encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
One big advantage is KeePass can be kept on a USB thumbnail drive so it can be transported from one computer to another…even a public computer. No information is stored outside of the KeePass directory or in the registry.
Another advantage is KeePass is free. Just go to the KeePass download page and choose either the classic or professional version.
The professional version is not as portable as the classic version since it relies on having .NET framework, a free download from Microsoft, installed. Most Windows computers have it installed and Windows 7 will have it included. So if you want true portability now, use KeePass classic.
Security
One thing to keep in mind is that the default KeePass uses auto-typing which is not safe from keyloggers. If you are worried about keyloggers on your computer, KeePass professional can help. There is a checkbox (under the Auto-Type tab in the Entry’s window) called Two-channel auto-type obfuscation. Just check the box and KeePass will do the rest.
Use
Using KeePass is easy; just start it up and create a database. Then click on Add Entry and fill in the title, user name, password, and URL of where you want to automatically fill in. If you want to enable two-channel auto-type obfuscation, click on the Auto-Type tab and check the box.
Highlight the entry you want to auto fill in, the ctrl-U (opens browser to the page) then ctrl-V (auto-types the login and password).
Note to use KeePass you must login to it with a master password, a key file, or a Windows user account.
There is a tutorial on the website. A forum is available if you are really stuck.
Tags: KeePass, review
Posted in Reviews | No Comments »
February 28th, 2009
Here is a new way criminals are getting into locked cars. It was just a matter of time. I’m not sure why the security between the door lock and key lock is not more secure. This reminds me of when criminals intercepted garage door codes with an electronic sniffer. I received this email from a friend and will reproduce the salient points of it. Whether it is an urban legend, I don’t know. As an electrical engineer, I know it is very possible. I know a few people in the police department and will see what they say.
This is a report from Cst. Wally Henry near Edmonton, Canada.
How to lock your car safely.
While traveling my son stopped at a roadside park. He came out to his car less than 4-5 minutes later and found someone had gotten into his
car, and stolen his cell phone, laptop computer, GPS navigator, briefcase…..you name it .. called the police and since there were no signs of his car being broken into- the police told him that there is a device that robbers are using now to clone your security code when you lock your doors on your car using your key-chain locking device.
They sit a distance away and watch for their next victim. They know you are going inside of the store, restaurant, or bathroom and have a few minutes to steal and run.
The police officer said… be sure to manually lock your car door by hitting the lock button inside the car, that way if there is someone sitting in a
parking lot watching for their next victim it will not be you. When you hit the lock button on your car upon exiting…it does not send the security code, but if you walk away and use the door lock on your key chain- it sends the code through the airwaves where it can be be stolen, something totally new to us.
Be aware of this and please pass this note on.
Tags: Breaking and entering, theft
Posted in Security at Home | No Comments »
January 30th, 2009
If you are like most people, your antispyware is from another vendor besides Microsoft. If so, Windows Defender should be disabled or uninstalled, depending if you have XP or Vista. Windows Defender which was previously known as Microsoft AntiSpyware is an anti-spyware utility that built-in to Windows Vista (and downloaded to XP) to detect, prevent, remove and quarantine spyware. It is available as a download at no charge for XP.
Make sure your antispyware program is running real-time and is up-to-date.
XP
Just uninstall Windows Defender from the Control Panel > Add Remove Programs.
Vista
Unfortunately there is no clear-cut way to remove or uninstall Windows Defender in Vista. Use the trick and hack below to disable Windows Defender in a way that as is Windows Defender is been uninstalled or removed.
The easiest way to to stop Windows Defender in Vista (since you can’t actually uninstall it) is by disabling and turning it off . Windows Defender provides an graphical user interface (GUI) to easily stop real-time protection checking, and turn off the Windows Defender service.
Note that a lot of guides have asked to disable Windows Defender service via Services in Control Panel and uncheck the startup item in System Configuration (MSConfig) in order to turn off Windows Defender and prevent it from starting up. This is unnecessary, and it’s not a recommended way as any misstep will cause error message (explained below).
Steps to Disable Defender
- Run Windows Defender from Start Menu.
- Click on Tools button.
- Click on Options link under “Tools and Settings” section.
- Scroll down the “Options” page, and uncheck the check boxes of the following two settings:
- Use real-time protection (recommended) under “Real-time protection options”
- Use Windows Defender under “Administrator options”
Note that both options MUST be unchecked for the Windows Defender service in Windows Vista to be completely stopped otherwise only real-time protection is disabled.
5. Click on Save button.
A “Windows Defender is turned off” dialog message will appear, confirming that Windows Defender no longer runs.
In Services of Control Panel, the Windows Defender service is automatically stopped, although the Startup Type is still set to Automatic. Do not try to manually stop and disable the Windows Defender service from Services panel, as it will cause the error message of “Application failed to initialized: 0×800106ba. A problem caused this program’s service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.”
To re-enable Windows Defender in Vista, run Windows Defender from Start Menu and turn it on again when prompted.
Tags: antispyware, Vista, Windows Defender, xp
Posted in Windows | No Comments »
January 4th, 2009
AV.TEST is, among other things, an independent antivirus testing organization. One essential service they provide is evaluating security suites and antivirus software. Though strictly not for the novice, the test results are very informative and will help you decide which antivirus or security suite software you want. AV.TEST has been evaluating for 15 years. Here is a link to their home page:
AV.TEST home page
Doug
This is my own evaluation. mysecurepc.com gets no remuneration.
Tags: antivirus, review, security suite
Posted in Reviews | No Comments »
November 23rd, 2008
LSO or local shared object, introduced in Flash player 6, is like a gigantic cookie; the default size is 100KB. Also known as Flash cookies, they are used to create a customized browsing experience by remembering things such as login, password, or anything else you enter or browse to.
Explanation
A normal LSO can only be accessed from the domain that created them. For example, if www.siteA.com created an LSO, www.siteB.com cannot access it. BUT, a 3rd party LSO can be created which can be accessed by all domains. The default, unfortunately, is to enable LSO and 3rd party LSO.
What to do
Fortunately, you can control how much, if any, LSO experience you want. Just visit the Flash player settings manager and change the settings to your liking. LSO and 3rd party LSO can be disabled for customized per site. Note that you must have at least Flash player 8 to disable 3rd party (shared) LSOs.
3rd party junk file cleaners, such as ccleaner, may delete the settings you changed which means they will revert back to the defaults which is LSO and 3rd party LSO enabled.
Why more people are not aware of LSOs is beyond me.
Resources
You can read about Adobe’s explanation of 3rd party lso and Adobe lso article.
Tags: Adobe, local shared object, LSO
Posted in Privacy | No Comments »
November 20th, 2008
It doesn’t surprise me. Microsoft is calling it quits on Windows Live OneCare. Its replacement will be a basic antimalware program which will be distributed at no cost (called Morro). OneCare’s market share is very small. I, for one, do not use it. Reason? I think Microsoft’s decision to go into the antivirus arena is an example of deworsification. I think a company that specializes in antimalware will have a better product than a general-purpose company…apparently I’m not alone in this view.
It IS in the best interests of Windows, and everyone online, that every computer has up-to-date antivirus/antispyware programs. Unfortunately, almost 50% of users do not have up-to-date antivirus software (see previous post) which causes vast problems for everyone. Hopefully Morro will help.
Tags: antivirus, Live OneCare, Microsoft
Posted in Windows | No Comments »
November 20th, 2008
How much is your identity worth these days? The going rate for a “complete” identity (including name, address, passport, credit card info, driver’s license number, and even banking passwords): About 120 bucks.
And guess what? The average identity theft-based fraud actually reaps over $21,000 for the perpetrator.
Why so cheap? Primarily it’s because there are so many stolen identities available, so crooks who are willing to take the risk on using someone else’s identity to drain bank accounts and run up bills have a vast number of IDs to choose from. In a perverse way that’s good news: Even if your account and identity information is compromised, there’s a good chance that you won’t actually be the victim of a financial crime because the ID may never be used.
Unfortunately, many consumers make it easy for ID thieves. Related security stats uncovered by Get Safe Online are staggering: 48 percent of internet users who have antivirus protection don’t keep it up to date, 47 percent don’t use any sort of anti-phishing software, and 20 percent use one password for all internet accounts.
There are steps you can take to mitigate identity theft. Check out all the resources at mysecurepc.com.
Tags: Identity Theft
Posted in Identity Theft | No Comments »
