Daily Bits

Security

Security Tips When Using Public Wi-Fi

by 3 Comments

It’s a dream coming true, isn’t it? Most places you go nowadays, you can access the Internet via Wi-Fi. Most cafes are following the trend – even Starbucks, which has been resistant for quite some time. In some cities, the coverage is especially wide.

While this is pretty convenient for all of us, we should realize that using public Wi-Fi isn’t exactly the safest thing to do. Still, as long as you don’t access and transmit sensitive information, right? You might be wrong there – you cannot deny that there are many ways by which you can be prone to security issues when using Wi-Fi. With a little vigilance, though, you can make your access a little more secure.

Always use SSL, if possible.

That is, use HTTPS instead of HTTP. For example, when accessing Google, key in https://www.google.com/ instead of http://www.google.com/. The good news is that this is where Google is headed anyway. If you take a closer look, Gmail already uses HTTPS as a default. To make it even easier, check out HTTPS Everywhere, an add-on for Firefox.

Make sure your sharing settings are secure.

In other words, turn off all sharing! If you’re like me, you have certain files and folders that are shared for use at home. When you go out and use public Wi-Fi, however, it is better of you turn sharing off. How to do this? Go to Network and Internet -> Network and Sharing Center, then click Choose Homegroup and Sharing Options -> Change Advanced Sharing Settings.

Double check your firewall.

Sometimes, for one reason or another, I turn off my firewall at home. I don’t exactly remember the reasons, but I am pretty sure they were convincing at that time. Don’t take it for granted – operating systems come with basic firewall setups, but they can be your very first line of defense.

Cyber Security Bill Approved, Feared By Many

by Leave a Comment

The Internet has become so big that the government just can’t seem to “ignore” it. In fact, laws have been cropping up left and right, so as to impose some measure of control over activities online. The most recent one is the Cyber Security Bill which the Senate Committee has just approved.

If you’re unaware of what the bill is all about, here’s a short description, courtesy of Politic365:

• Would establish a White House office for cyberspace policy and a national center for cybersecurity and communications, which would work with private U.S. companies to create cybersecurity requirements for the electrical grid, telecommunication networks and other critical “infrastructure” (water, electricity, banking, traffic lights and electronic health records)
• Allow the U.S. president to take emergency action to protect critical parts of the Internet, including ordering owners of critical infrastructure to implement emergency response plans during a cyber emergency
• The president would need congressional approval to extend a national cyber emergency beyond 120 days under an amendment to the legislation approved by the committee

Naturally, controversy has arisen, primarily because of the fear of the creation of an “Internet kill switch.” Imagine the power that any one person has if he has access to this kill switch. You can read through the Myth versus Reality document that Homeland Security has created, though, and decide for yourself if your fears are unfounded or not.

On the one hand, the concept seems sound – an attack is bound to happen one of these days and the government is being proactive in passing this bill. On the other hand, we know that it is open to abuse, and there are so many loopholes.

What are your thoughts and sentiments on the Cyber Security Bill?

No More Windows XP SP 2 Updates After July 13

by 1 Comment

Mark the date on your calendars, people! After July 13 of this year, Microsoft will stop rolling out updates for the stable operating system Windows XP Service Pack 2. News reports have not stopped sprouting left and right about the decision of the software giant to stop offering extended support for this particular operating system; and by no means are they rumors – the cessation of the support is confirmed.

Foremost of those who are worried are corporate clients who use Microsoft XP SP2 for many of their business computers. What is to happen if they stop getting those updates?

Experts say that while the news might initially be alarming, there really is nothing to worry about. The fact of the matter is that Microsoft XP SP2 will continue to be stable and secure in spite of updates not being offered in the future. More so, it really is only the 32-bit version of XP SP2 that will be affected. Those who are using the 64-bit version will still continue receiving automatic updates – way until April 8, 2014 in fact.

Here’s an added perk: for companies using the 32-bit version, there is the option to upgrade to Service Pack 3 for FREE. Believe it or not, it really is free. So there really is NO problem at all.

Then why is Microsoft stopping the updates for XP SP2? Windows 7 is out, and you know how it is. Pretty soon, XP will not be commonly used at all. In the meantime, hold your horses and don’t press the panic button. There is time enough to enjoy XP (whether it’s SP2 or SP3) and to transition to Windows 7.

AT&T Security Breach: iPad Users Beware

by Leave a Comment

Boy, am I glad that I am not using an iPad right now! First of all, I really want the iPhone 4 (I think I have posted enough about that baby for now). Second, and more importantly, there seems to be a breach in AT&T’s security system which has affected countless iPad users.

What happened was that the e-mail addresses of some iPad users were exposed. Take a look at this image.

So what happened? There’s this group called Goatse Security, which is composed of hackers and security experts. The Examiner shares what these guys did:

Goatse Security used a PHP script to compile a list of the SIM card IDs in iPad 3Gs. Because the SIM card IDs are sequential, the script helped Goatse Security to determine which were legitimately being used by iPad 3Gs by going down a list of all possible numbers. Then, using additional scripts to masquerade as an iPad-like user agent, Goatse accumulated email addresses and the associated SIM card IDs for many iPad 3G users.

Just how many people have been affected? The estimate is more than 10,000 users! To make it worse, some high profile people were included in the list. Think White House Chief of Staff Rahm Emanuel and New York City Mayor Michael Bloomberg. Then there are other well-knonw people like Diane Sawyer, Harvey Weinstein (movie producer), and Janet Robinson (New York Times CEO).

AT&T has already taken action, and says the breach has been fixed, but no doubt, this will cause a big stir – if it hasn’t already.

MySpace to Unveil New, (Better than Facebook?) User Privacy Settings

by 1 Comment

MySpace is not going to take the issues confronted by Facebook with regards to privacy settings just like that. And so, to indirectly add injuries to the many problems faced by Facebook, MySpace has just announced that it will soon roll out a new and simpler privacy settings for MySpace users.

The first few lines of MySpace announcements clearly states what its goals are by this announcement. MySpace tells us:

The last few weeks have been fraught with discussion around user privacy on social networks. We want to take this opportunity to discuss our view of user privacy on MySpace and some of the core features that made MySpace unique from its inception.

It was short of saying, “…discussion around user privacy on Facebook.”

Anyway, according to the announcement, MySpace’s new and simpler privacy settings that will give users greater control over their information. The site is will provide setting options that include public, friends only, or public to anyone 18 or over.  In the coming weeks, MySpace will put the default settings for all users to – “friends only.” Of course, you’ll be free to change this option anytime.

And guess what? MySpace had this planned out for quite some time now.  And admittedly, the only reason why they are rolling these new setting options now is because of the recent issues hauled by media to social networks concerning privacy.

The question here is, will these in any way convince Facebook users who are dissatisfied with how Facebook has been handling privacy issues, to use MySpace for social networking instead? What are your thoughts?

Automattic Launches VaultPress, Back Up Service for Self-Hosted Blogs

by 1 Comment

Automattic has announced its new service that is aim to help self-hosted WordPress blog owners ensure that their blog properties are safe and secure. The new service called VaultPress is an online backup service built on the Automattic grid which in case you’re not aware is serving more than 10 billion WordPress.com blogs and 250 million monthly visitors.

VaultPress would ensure that your blogs and sites are completely secure no matter what happens to the server where it is hosted.  The service will secure your plugins, themes, comments, posts revisions  and of course every bit of content of your WordPress blogs.

Despite the complexity of what it can do, using VaultPress will be surprisingly easy. It’s actually your usual WordPress plugin that you can install on your blogs.  And you can always add additional blogs easily anytime you need to.

And once you get VaultPress running, it will continously monitors and stores updates to your blogs and sites. Everything that you do – write, edit, and upload will be simultaneously reflected in your VaultPress backup.

Sounds wonderful, right? Unfortunately, VaultPress will be offered as a Premium service.  Monthly fee is expected to be around $10.  But hey, it’s not really a big sum of money considering that it will safely secure that your blogs will always be online.

VaultPress is about to go on close beta state. If you want to be part of the beta testers, you may sign up here.

Will you register your blog on VaultPress once it goes public? Are you willing to pay for it?