Search

Subscribe

Enter your email address below to subscribe to our privacy and security newsletter.



Name:
Email:

Menu

• Home
• Business/Corporate
• Computer Security
• Digital Signatures
• Encryption
• Firewalls
• Intrusion Detection
• Just Plain Silly
• Personal Security
• Privacy
• Residential Security
• Security Blogs
• Security Consultants
• Spam/Anti-Spam
• Training
• Uncategorized
• Viruses
• Wireless Security

Ontario Governments At It Again

By Ian Scott

Seems that just about everywhere you look, governments are trying to protect us from ourselves.  As reported in The London Fog, the Ontario government is now considering following other jurisdictions in banning cell phone usage in cars.  But not just cell phones - the Ontario Government is also considering banning smoking in cars where children are present and possibly prohibiting the use of other gadgets.

And in Toronto, the Mayor wants to ban the discharge of firearms except by police officers within the city.  This ban would mean the shutting down of several legal and safe firearm ranges where some Torontonians go to enjoy their hobby of target shooting.

Such government intrusion is boneheaded and stupid. Whilst the aim maybe to improve the security of individuals living in their jurisdictions, in the long run, such bans and prohibitions do little to protect anyone.  Take the cell phone ban for example - there are already laws that deal with unsafe or dangerous driving - and someone who uses a cell phone but is driving dangerously could be charged under that law while leaving others who use cell phones (the Police themselves use gadgets all the time while driving!) alone.

Sometimes what governments do in the name of “protection” or “security” is absurd.

Topics: Personal Security |

Free IT Security Resources

By Ian Scott

Browse through our extensive list of free IT - Security magazines, white papers, downloads and podcasts to find the titles that best match your skills and interests; topics include authentication, hacking, internet privacy and internet firewalls. Simply complete the application form and submit it.

Check it out here.

Topics: Computer Security, Intrusion Detection |

Quick Linux Partitioning Tip

By Ian Scott

One way that black hat hackers can get access to your server is by locating a vulnerable application or script that might allow them to upload files to the server.  The tmp (/tmp) directory is a directory where such files might get uploaded to.

This quick tip won’t guarantee that your Linux box will never be hacked or cracked or intruded upon, but it can minimize the ability of a cracker to get access and then run executables that have been uploaded to the /tmp directory.

Here’s what you do:

First, you create the /tmp directory on its own partition.  This is easiest of course when you are first installing Linux on your computer and are asked if you want to manually partition the hard drives.  If you didn’t manually partition the drives and place /tmp on its own partition, it can still be done - but I’ll leave that for another post.

Once the /tmp directory has its own partition and you’ve installed the operating system, you then open up the /etc/fstab file using your favorite editor such as Vi or Emacs.

Remove the word defaults and replace with rw,nosuid,noexec then save the file.

You’ll then need to remount the /tmp partition with the following command:

mount -oremount loop,rw,nosuid,noexec /tmp

Of course, you will need to be root to do the above.

This won’t stop nasty people from uploading files to your /tmp directory, but it will prevent them from being able to run any executable programs from the /tmp directory.

Topics: Computer Security |

A Week Of Major Vulnerabilities Discovered

By Ian Scott

This past week (I’m writing this on May 21st, 2008) has seen some major security vulnerabilities discovered.

Major vulnerabilities include a Microsoft product, and a Linux derivative (Debian) issue with SSL certs.

First with Microsoft: MS Word has a critical vulnerability “that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Ugh.

If you use MS Word, get the update now. Yesterday might be too late.

Linux servers running Debian or Ubunto that make use of SSL or SSH keys have some major problems too. In a nutshell, the key generating system is flawed, and right now, it is within about three hours of time to exploit so called secure keys on Debian systems unless you’ve installed the fix.

This is a very serious problem and more information is available here.

Topics: Computer Security |

Reiser File System Future

By Ian Scott

The recent conviction of Hans Reiser for murder in California may be of concern to some who have implemented the Reiser file system (ReiserFS) on their Linux machines.

Reiser, who apparently continues to maintain his innocence, was convicted in a California court on April 28, 2008 of killing his wife. It’s been an interesting case for those following it as the body of Nina Reiser has never been found.

Hans Reiser was the principle creator of the Reiser file system, the first journaled file system to be included in the Linux kernel. The benefit of using ReiserFS over other file systems is greater speeds.

However, there are also come criticisms of the Reiser file system and many administrators prefer the ext3 system on mission critical servers.

At the time of this writing, the company that continues to develop ReiserFS, Namesys, was having connectivity issues with its website but reports say that Namesys management have advised that continued development, support and improvements to ReiserFS will be ongoing despite the conviction of Hans Reiser.

Reiser is facing 25 years in jail.

Topics: Uncategorized |

Perfecting Your Password Policy

By Ian Scott

“I need to remember my password, so I keep it simple and easy,” I’ve heard many folk say. “I’ve been told to never write it down, so it has to be memorable.”

Just about anyone who uses a computer these days has had to create a password for something at some point. Whether it’s a password for their user account on their PC or a password for a website bulletin board, password requirements are ubiquitous.

How should one select a password? How secure is “secure?” And is it true you should never write your password(s) down?

Read the rest of this entry »

Topics: Computer Security, Encryption, Personal Security |

« Previous Entries Next Entries »

© SecPriv.com | About/Disclaimer | Privacy Policy