Consumer Infosec Tech is Hard – No Wonder So Many are Pwned

I’ve been a MacBook Pro user for close to fourteen years now, both at home and at work. At home, I write my many books and conduct supporting research on my personal MacBook Pro.

Since I’m an infosec professional, I’m aware of threats to MacOS and associated components, so I run several security tools, among them Cylance, Malwarebytes, and Sophos. I use privacy-centric browsers and search tools.

Starting yesterday morning, my browser (Brave) started acting up quite badly: new pages simply would not load, and the browser would throw nonresponsive page errors left and right. I also use Firefox, which continued to function normally, Safari too, so I was pretty sure the problem was with Brave itself.

I cleared all cache and cookies, tried building a different profile in Brave, and even removed and reinstalled Brave. No go. I posted an entry in the Brave Community in the hopes that someone else would recognize my problem in case I could not fix it. I am somewhat tied to Chromium-based browsers, but prefer not to use Google Chrome. SRware Iron is an alternative, but they don’t update it frequently enough for my needs.

Since other browsers were working normally, I could dismiss my Internet connection, my local network, and DNS as possible culprits.

Next, I turned to my security tools. I had noticed that Cylance had been using about 90% of a CPU core for a few days, so that was my first object of study. I shut down Cylance, and immediately my Brave browser problem was solved. I turned Cylance back on, and the problem returned. Gotcha!

I removed and reinstalled Cylance, hoping that this would solve the problem. That was a few hours ago, and Brave is happy as a pig.

Retrospective: I cannot imagine ordinary consumers going through troubleshooting like this. My decades of daily hands-on software / network / systems / OS / security engineering on Unix and other OS’s helped me zero in on this fairly quickly. I shudder to think that most consumers just turn security tools off when things stop working, and go unprotected thereafter.

My Writing Tools

As a professional writer for over twenty years, I have been using a small set of tools that helps me improve my writing. Whether I’m writing a new blog entry, commenting on a LinkedIn post, updating my resume, or writing the first draft of a new book, one or more tools help spot errors in my copy.

The primary tools at my disposal include these:

• Microsoft Word. I’ve been using Microsoft Word since the mid-1980s when DOS and Word 1.0 fit on a 360k floppy disc with room left over for several documents. A few years ago, I considered stopping using Microsoft Word in favor of other word processors. However, Word is the mainstay of the major publishing houses (John Wiley, McGraw-Hill, Cengage Learning) with detailed requirements that include the use of customized template (.dot) files, Track Changes, and more. These features require that authors use Microsoft Word and nothing else. And to Microsoft’s credit, Word for Mac has improved significantly over the past couple of years.
• Microsoft Word spell check. While I turn on real-time spell check, I generally just do batch spell checks on sections of chapters (or entire chapters) to correct spelling errors.
• Microsoft Word grammar check. I used to use Microsoft Word grammar check, until I started using Grammarly a few years ago. Now I just keep the MS Word grammar checking turned off.
• Grammarly Premium. I use Grammarly Premium as my primary grammar and readability tool. Grammarly Premium is integrated into Brave Browser, so it checks most of my browser-based writing such as email, short LinkedIn postings and comments, and most free-form text fields. Ironically, it does not (yet) work with WordPress, so as I write this, Grammarly is blind. Often I will copy my blog post directly into the Grammarly desktop tool and check my grammar there and manually make corrections in my blog posting. The nice thing about Grammarly Premium is that it works on all of my devices, although in slightly different ways. A disadvantage of Grammarly is that it cannot process large chapter files; I manually have to copy large blocks of text (20-30 pages) into Grammarly manually and then transcribe my corrections into my manuscript.
• ProWritingAid. This is the latest tool in my collection, having learned about it from Stephanie Newell. I have the ProWritingAid extension installed on the Brave Browser on my MacBook Pro. Interestingly, ProWritingAid checks my WordPress (Grammarly does not), and most other web-based input. It’s interesting to see Grammarly Premium and ProWritingAid working on the same text side by side.

Having recently watched a video by Stephanie Newell, I’m considering turning off real-time spell checking in Microsoft Word, as it may prove a distraction while I write. I do wonder, however, whether doing spell checking later might leave me puzzled on whether I’ll remember what I was thinking and if I will make the proper corrections. My Word spelling and grammar settings are shown below.

Browser Switch: SRWare Iron to Brave

I’ve recently switched from one Chromium-based browser to another

I’ve been a fan of Chromium-based browsers for years. Eschewing Google Chrome‘s propensity to snitch on every little thing I do on a browser, I switched from Google Chrome many years ago to SRWare Iron, which, like Google Chrome, is a Chromium-based browser that looks and feels like Chrome, runs Chrome extensions, but doesn’t tell Google what I’m doing.

On another computer (both Macs), I’ve been using Brave, yet another Chromium-based browser that, similar to SRWare Iron, runs Chrome browser extensions and also doesn’t tell Google what I’m doing.

With these computers side by side, I’ve noticed something peculiar: Brave updates came in regularly, while SRWare Iron updates were infrequent. I also keep my eye on the frequency that Google Chrome is updated – it feels quite regular to me, often associated with new malware exploits that Google squashes. With the number of advisories and browser updates occurring, I’ve begun to feel that SRWare Iron is behind the curve.

A quick check on Wikipedia shows that the latest version of Brave on Mac was released five days ago, while the latest update of Iron on Mac is five months old. My perception, then, is that SRWare Iron has several months worth of unmitigated vulnerabilities. Being an infosec professional, I can’t live with that.

I’m not keeping detailed records on this – my perception is based mainly on gut feel.

If someone who represents SRWare Iron can rebut this, be my guest. I’m interested in learning whether SRWare has mitigated recent Chromium browser vulnerabilities in some other way.

So Long, Microsoft, And Thanks For All The Fish

Word Version 1.1a

I have been using Microsoft software since 1985 when I purchased Microsoft Word and Microsoft Multiplan for my new Zenith Z160 “portable” PC. I’ve used Word continuously for thirty years at home, at work, as a university instructor, and as a published author.

I wrote my first three books in FrameMaker, a superior but far more expensive word processor ($500 per user in 1998) as required by my publishers at the time. But by the early 2000’s most had moved to Word since Microsoft had sufficiently closed the feature gap.

I’m coming to realize that this weekend might be the last time I use Microsoft software – at home anyway (I use a PC running Windows 7 and Office for work).

Zenith Z160 portable computer

I ordered a new MacBook Pro yesterday, and it will arrive on Monday. The MBP comes with Apple’s versions of office programs, called Pages, Keynote, and Numbers. Next week I will try them out on my university teaching and on my current writing project. If it goes alright and I figure out all of the subtle differences, I will probably not purchase Office for the new Mac.

Part of this comes down to economics. Office for Mac costs $150 or more, and the same programs from Apple cost $20 apiece (if you don’t have a new Mac that came with them), or free with your Mac since some time in the past year or two.

I’ll post a review of Pages, Keynote, and Numbers in a month or so after I’ve been using them a while.

Still, I can’t help but feel somewhat nostalgic, as I’ve had Word with me nearly all of my adult life. But as the dolphins exclaim in Hitchhiker’s Guide to the Galaxy, “So long, and thanks for all the fish.”

What does a network scanner bring to the company?

Guest post from Emmanuel Carabott of GFI Software Ltd.

Whenever someone does research on the best methods to secure a company’s network, they are sure to come across articles recommending network scanners. But what value do network scanners really provide any organization?

Network scanners generally provide two distinct important functionalities – information gathering on the network they’re scanning and information on any security issues found on that network.

Information on the network

Administrators need to keep up with the constant changes made to the network. Some might see change management as unnecessary, but this is an essential part of the process to keep a network in excellent shape. There are various reasons why administrators would want to know what software and hardware is running on their network, but the main reasons are security and the need to make sure that the changes administrators make will cause conflicts within the existent network infrastructure. When new software is installed, or updates are made to the existing installation through patching, certain configurations can make the system unusable (blue screens, for example) or unstable. To avoid this from happening, the administrator should keep a test environment which mirrors the network where these changes will be made before they’re pushed onto the live server. If users install new software on their systems without notifying the administrator, the test environments will not match the current network and therefore any pre-deployment tests will be inconclusive and not a true reflection of the current status.

Some hardware can pose a security risk to the network. It is imperative that administrators are immediately notified when a new device is connected to the network so that they can determine if there is a real risk to the company. The company’s security policy might specify that the administrator must be notified before any new hardware is connected to the network but that alone does not guarantee employee compliance. A network scanner, however, can periodically monitor the network for changes and notify the administrator as these happen.

Security issues on the network

A network scanner will also look for a number of security issues on the network it is scanning.

These generally include:

• Vulnerabilities
• Missing patches
• Unwanted open ports

New vulnerabilities affecting the network can arise on a daily basis, often due to changes in configurations, new exploits being discovered, and because of new software being installed on the network. For these reasons alone, an administrator needs a network scanner that can monitor the network for any vulnerability on a regular basis.

Next on the list is patch management.  Vendors continuously fix security issues in their software and then, release patches for the end user to install. Keeping track manually of all patches released can be a daunting task, but a network scanner helps the administrator to stay on top of the problem and apply any patches that are required.

Finally there are applications that communicate through the internet, such as web servers’ open ports for others to connect to. Every open port is a potential security risk because malicious persons will try to find exploits in these connections. It is highly recommended ports that are not in use are closed immediately. An administrator should be informed as soon as a new port is opened on a network machine. This usually happens when an employee may have installed a new application or due to a malware infection. Since the network administrator cannot be everywhere or see everything happening on the network all the time, a network scanner is an essential tool.

A network scanner is a very useful tool for administrator, making his life a lot easier. Having a ‘virtual consultant’ is a much better option that having to check each and every machine manually.

Companies that use network scanners will save time and money, while administrators can focus on more important issues that require manual intervention. Why add more work when tasks can be automated using a network scanner?

 

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on the importance of using a network scanner.

All product and company names herein may be trademarks of their respective owners.

Demystifying UTM and NGF

You may be here to understand the difference between Unified Threat Management (UTM) and Next-Generation Firewalls (NGF).

Here’s the punch line: there really isn’t a difference. UTM and NGF are two marketing terms that have been developed to put a label on the advance of products designed to provide various protective capabilities. The two terms do represent a somewhat different point of view; let me explain.

UTM is the representation of products that began to combine previously-separate capabilities like anti-virus, anti-spam, web filtering, and so on. This was an answer to the fragmentation of different discrete products, each with its own small task.

NGF is the representation of firewall manufacturers who began to realize that they needed to incorporate many other types of threat-prevention capabilities into their firewalls, such as (you guessed it), anti-virus, anti-spam, web filtering, and so on.

UTM and NGF were different a few years ago, but as product makers from both ends filled in functionality, they met in a common middle where there’s no longer any practical difference.

• sidebar from an upcoming book. Copyright (C) 2012 someone.

Include safe computing in your list of New Years Resolutions

The New Year is a time of reflection, and traditionally a time to consider changing one’s habits.

Our reliance upon computers and networks has exceeded our means to safely use and control them. Every computer user has some responsibility to make sure that their computer and use of the Internet does not introduce unknown and unwanted risks. By following these recommendations you will greatly reduce your risk to fraud, identity theft, and other risks related to Internet usage.

1. Change your passwords. Use strong passwords, which cannot be easily guessed by others, even those who know you. Do not share your password with any other person. If needed, store your passwords in a protected vault such as Password Safe or KeePass. I recommend you not use an online vault for password storage: if their security is compromised, so are your passwords.

2. Scan for Viruses and other malware. Configure your anti-virus software to scan your entire computer at least weekly. Make sure that your anti-virus software is checking for updates at least once per day. Also scan your computer with one of several online virus scanners at least once per month.

Panda: http://www.pandasoftware.com (look for the ActiveScan link on the home page)

Symantec: http://security.symantec.com/default.asp?productid=symhome&langid=ie&venid=sym

Trend Micro: http://housecall.trendmicro.com/

Kaspersky: http://www.kaspersky.com/virusscanner

CA: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

3. Block spam, and don’t open spam messages. The majority of spam (unwanted junk email) is related to fraud. Spam messages advertise fraudulent or misleading products, or lure you to websites that contain malware that will attempt to take over your computer (without your knowing it) and steal valuable information from you.

4. Get a firewall. If you use Windows, turn on the Windows Firewall. Ask your broadband service provider to upgrade your modem/router to one that contains a firewall (most newer modems / routers do have firewalls or other similar protection).

5. Remove spyware. Obtain a good anti-spyware program and use it to find and remove spyware from your computer.

6. Update your software. Obtain up-to-date copies of browsers and tools on your computer, as many older versions are no longer secure. This includes Firefox, Internet Explorer, Opera, Microsoft Office, OpenOffice, Java, and other programs.

7. Install security patches. If you are using Windows, turn on Automatic Updates, and configure it to automatically download and install security patches and updates.

8. Use separate accounts on shared computers. If more than one person uses your computer, set up separate accounts for each user. Make each user an ordinary user or power user, but never an administrator. Making each user an administrator makes the entire computer more vulnerable to malware (viruses, etc.).

9. Browse Safely. Change to Firefox and use the NoScript add-on. This is the only combination designed to block the new “clickjacking” vulnerability present in all other browsers. Also consider using Flashblock (works only with Firefox) if you want to control the use of Flash content in your browser.

10. Protect your wireless WiFi network. The old an still-common “WEP” protocol designed to encrypt your wireless traffic has been broken, and is no longer safe. Upgrade to WPA, even if it means buying a new wireless access point.

11. Back up your data. All kinds of bad things can happen, from mistakes to hardware failures. If you cannot afford to lose your data, then you need to copy it to a separate storage device. External hard drives and high capacity USB thumb drives cost well below US$100. You’ll be glad you did, sooner or later.

12. Encrypt your hard drive. Mostly important for laptop computers, but also important for desktop computers. The TrueCrypt tool is by far the most popular one available, and it’s free. If you don’t encrypt your data, then anyone who steals your computer can (and will) read all of your private data.

13. Check your credit reports. Fraud and identity theft can result in thieves opening new credit card and loan accounts in your name. They run up a balance and then never pay the bill, making that your problem instead. Consider a credit reporting service as well, which will alert you to inquiries and changes to your credit accounts, limits, and balances.

Annualcreditreport.com

Federal Trade Commission information on free credit reports

Equifax

Experian

Transunion

Recommended Tools:

Secunia Personal Software Inspector – free tool that examines your computer and alerts you to all of the unpatched and older versions of programs that need to be upgraded.

Password Safe – safe and secure storage of all of your Internet passwords. Also remembers userids and URLs.

NoScript – the only way to control third-party javascript and clickjacking. Works only with Firefox.

TrueCrypt – safe and free encryption of your PC’s hard drive.

Another e-mail tracing service available: SpyPig

One of my kind readers made me aware of another e-mail tracing service, one that is called SpyPig.

As professional investigators we are highly familiar with ReadNotify, and use it regularly.  We have introduced it into the local legal community, who is accepting it with open arms.

We have not yet tested SpyPig so we are unsure of how it compares to ReadNotify.  At some time in the future we will compare it to ReadNotify.

Clean out your old programs

Previous tip | Next tip

Take some time to remove old programs that you no longer use, and upgrade the programs and plug-ins you do use to current versions. In Windows XP, go to My Computer > Control Panel > Add or Remove Programs (in Vista it’s slightly different) and remove each program you no longer need. Maybe you have old toolbars and other things you tried out but didn’t like. It’s a good idea to just get rid of them here.

Consider getting a copy of Secunia Personal Software Inspector (PSI). This nifty program will look at all of your installed programs and tell you which ones are old and unsecure. PSI will also tell you what patches are needed on your system.

Get PSI here: psi.secunia.com

Make a new year’s resolution: safe computing

I have an idea for a New Year’s resolution this year. You’ll still be able to eat what you want and walk by the bathroom scale with no pangs of guilt, and you can leave your mess in the garage and the junk drawer so full you can barely open it.

Make your computing safer in 2008. This is a lot easier than you think. You’ll be protecting yourself against potentially painful experiences such as credit card fraud and identity theft.

Follow these steps. In some cases, I’ll link you back to tips I’ve written in the past couple of years.

1. Protect your computers with a firewall. You might have a firewall already and not know it – your DSL or Cable modem may have a firewall built-in. Look on the label to see what kind of device you have. Log in to your Internet provider’s web site and check whether your modem has a built-in firewall. If it doesn’t, ask to be upgraded.

You can also install a personal firewall program on each PC in your house. If you have Windows XP or Vista, a firewall is provided with Windows but you need to activate it.

Instructions: Activate Windows XP firewall. Activate Windows Vista firewall.

Or, you can install Zone Alarm or Comodo firewall. Both are easy to install and use.

Zone Alarm: www.zonelabs.com
Comodo: www.personalfirewall.comodo.com

Test your firewall to see if it is working: Site 1: (www.auditmypc.com), Site 2: (www.grc.com/) (You can consider these to be trusted web sites).

2. Get the spyware out and keep it out. Spyware is used to snoop on your PC and Internet usage – most people find it offensive and a violation of their privacy. Install one or more of the following anti-spyware programs. Scan your computer now, then scan monthly after that.

Spybot: www.safer-networking.org
Spyware Blaster: www.javacoolsoftware.com
Microsoft Defender: www.microsoft.com

3. Keep your PC’s security patches up to date. Failure to install security patches is a major cause of computer break-ins, especially for home computers, most of which are not protected by firewalls. I recommend you take a look at your Windows Automatic Updates setting and change the settings so that security patches are downloaded and installed automatically (if you are more of a “hands on” computer user, then you should set Automatic Updates to automatically download security patches and then inform / ask you to install them).

Install patches now (www.update.microsoft.com) (you must use Microsoft Internet Explorer for this)

Instructions: Configure Automatic Updates for Windows XP. Automatic Updates for Windows Vista.

4. Make separate user accounts for shared computers. If any of your computers are shared among family members, make separate user accounts for each user. Put passwords on each account and do not share your passwords. Make only one account an “administrator” (you – since you are reading this!) and make all other users a “Limited account”. Turn off the Guest account.

When a family member is done with the computer (even for a minute), get everyone into the habit of locking the screen, which requires a password to unlock. Click here for instructions.

5. Change your Wireless network to WPA. I have written in the past about how the old wireless WEP protocol is no longer safe. You need to upgrade your WiFi access point and the computers in your house that use WiFi from WEP to WPA. The WEP protocol that is still the default on most WiFi access points and routers can be easily broken by any clever computer user with a few simple tools.

Instructions: upgrade your router and computers from WEP to WPA.

6. Clean out your old programs. Take some time to remove old programs that you no longer use, and upgrade the programs and plug-ins you do use to current versions. In Windows XP, go to My Computer > Control Panel > Add or Remove Programs (in Vista it’s slightly different) and remove each program you no longer need. Maybe you have old toolbars and other things you tried out but didn’t like. It’s a good idea to just get rid of them here.

Consider getting a copy of Secunia Personal Software Inspector (PSI). This nifty program will look at all of your installed programs and tell you which ones are old and unsecure. PSI will also tell you what patches are needed on your system.

Get PSI here: psi.secunia.com

7. Learn more about safe computing. Order a copy of Computer Viruses for Dummies – this is a smaller-format Dummies book that talks about Viruses and also spam, spyware, firewalls, and other steps you need to take to make your computer safer.

Purchase hardcopy from Amazon.com

Purchase e-book

Is your ISP inserting ads in your browser?

Submit:

Is your ISP inserting ads in your browser?  Possibly.  Some of them do.

What’s going on: some Internet Service Providers passively monitor the HTML flowing through their network to your PC.  In a scheme to collect advertising revenue, they intercept the HTML and substitute their ad content.  They do this via a transparent proxy server that watches for opportunities to strip out advertising content flowing from a web server and inserting advertising content that the local ISP has sold.

This means that the advertiser who originally paid for your impressions has had their advertising replaced by another.

Here is an analogy, in case you’re having difficulty following this (and I wouldn’t blame you).

A national billboard company erects a billboard along a busy street and sells the space to a national company, and proceeds to put up an ad for that national company.  The national company pays the billboard company a fee for this service.

Then a local advertising company solicits advertising business, and illicitly replaces the ad on that billboard with one of its own.  The national company that paid for the advertising, nor the national billboard company, are aware of this. 

And why is this a security issue?  Because the three principles of security are Confidentiality, Availability, and Integrity.  This gimmickry of replacing ad content violates the integrity of the content that the user requested from the website.

Is your ISP doing this to you?  Go to this website and find out.  It is run by the University of Washington and the International Computer Science Institute, as a public service and an experiment to see how many ISPs are doing this.  They are going to make their results public at the end of their experiment.  If your ISP is inserting ads, please PDF your results and send them to me, so that I can show others what such a result looks like.

http://vancouver.cs.washington.edu/

Q&A on FBI’s CIPAV

Great Computerworld article on CIPAV. And there’s more to come: Computerworld filed a FOIA (USDOJ site here) request to get more information.

Questions answered include:

• What is CIPAV?
• What does CIPAV do?
• What happens to the data the CIPAV collects?
• Does the CIPAV capture keystrokes?
• Can the CIPAV spread on its own to other computers, either purposefully or by accident?
• Does CIPAV erase itself after its job is done?
• Does the FBI have just one stock CIPAV model?
• How did the CIPAV get onto the targeted computer?
• Is CIPAV related to “Magic Lantern”?

Full article here:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9028298

Disclaimer/disclosure: I’m an InfraGard member. In my writing about CIPAV, I’m providing only information that has already been published.

Tools to hunt down and eliminate rootkits

Rootkits are a special flavor of malware that is designed to hide itself from not only antivirus programs, but from the OS itself. They can be tricky to detect and harder to get rid of.

Two free tools are available that will help you detect rootkits on your Windows system:

• Panda Anti-Rootkit (www.pandasoftware.com)

• AVG Anti-Rootkit (www.grisoft.com) (no longer being updated – functionality rolled into their commercial 8.0 anti-virus product)

• Sophos Anti-Rootkit (www.sophos.com)

• McAfee Rootkit Detective (www.mcafee.com)

Panda, AVG, McAfee, and Sophos are established and well respected anti-malware companies that have been in business for many years.

Both of these tools operate much like traditional virus scanning tools, in that you manually invoke the tool and select which hard drives you wish to scan.

Use ReadNotify to confirm addressee receipt of e-mail

If nothing other than simple efficiency, most of the major e-mail services (Yahoo, MSN, Gmail, Hotmail, AOL, etc.) do not support e-mail return receipts. Even when a sender uses a tool that does assert return receipts, such as Outlook or Thunderbird, many of these services simply ignore return receipt requests and do not create them and send them to senders.

There is an opportunity to change all that. The tool ReadNotify restores the ability for a sender to know whether a recipient has read an e-mail message. The beauty of this is, it works even for the email services that do not support traditional return receipts.

ReadNotify has a 30-day free trial. After that, choose from either the Basic (US$24/yr) or the Premium (US$36/yr) subscription plan.

If you really need to know whether certain e-mails are actually read by their recipients, ReadNotify may be for you.

Certified Return Receipt

A really nice feature available in ReadNotify is digitally signed return receipts. This option will digitally sign your email and insert a timestamp certificate. This certificate irrevocably links the body and headers of an email to the date and time they were dispatched – and may be offered as court admissible evidence if required.

Other Features

ReadNotify supports several other features, including Ensured (stored on ReadNotify servers until the recipient reads it), Retractable (body of message can be retracted), Self Destruct (message can be destroyed prior to user reading it), Block Print (prevents user from printing – well it slows them down anyway), Invisible (recipient will not be aware of your tracking), and more.

Caution: ReadNotify was apparently used to track e-mails in the HP e-mail scandal. Seek legal advice if you are unsure whether your use of ReadNotify is legal.

Identify Vulnerabilities with Application Scanning Tools

Submit:

Now that systems administrators have learned to protect operating systems from attacks, hackers have turned to applications as a new and softer target

Hackers have shifted their strategy in recent years from attacking operating systems to attacking applications. After 10 years of attacking open ports and unprotected services, system administrators are doing a pretty decent job of “locking down” servers and firewalls so that only essential services are visible. Increasingly, those visible services are also patched so as to be invulnerable to attacks. Operating systems are no longer the “soft targets” that they used to be. Unable to penetrate servers through holes in exposed services, hackers have turned to attacking the applications running on those servers.

This article discusses common vulnerabilities present in Web applications, and two leading scanning tools, AppScan from Watchfire and WebInspect from SPI Dynamics, that can effectively identify these vulnerabilities.

Link to entire article here:

http://softwaremag.com/L.cfm?Doc=1058-5/2007

Use TrueCrypt to encrypt stored data on your laptop computer

Laptops are stolen. Data is compromised. Tens of thousands of individuals are notified of a breach of their private information.

We see this in the news every week.

There is a good product that you can use to safely and effectively encrypt your data; it’s called TrueCrypt.

I have used TrueCrypt for several months and have found it to be solid and reliable. Previously, I used PGP Desktop version 8.1, which is costly and was not reliable for me.

With TrueCrypt you can:

• Create and mount NTFS volumes as drive letters
• Encrypt an entire hard disk partition or portable (e.g. USB) drive
• Create hidden volumes that are impossible to prove that the volume even exists
• Encryption algorithms supported: AES-256, Serpent, and Twofish

TrueCrypt supports Microsoft Vista UAC (User Account Control) (requires version 4.3 released in March 2007).

TrueCrypt is very popular – to date it has been downloaded well over two million times.

(Disclaimer: I have no affiliation with TrueCrypt other than being a satisfied customer)

More information here: http://www.truecrypt.org/

Wanted: bootable ISO CD image with *nix and a WiFi sniffer for IBM R51

Subject line says it all. I’m looking for a bootable ISO CD image with *NIX (Linux, whatever) and a passive WiFi sniffer that will work with an internal Intel Pro/Wireless 2200BG radio. Or, I’ll buy an external WiFi card (tell me which ones work on the R51 and your *nix distro).

Thank you!

Use DBAN to wipe the entire hard drive on computers

Organizations apparently have a difficult time disposing of computers without first erasing the data. Here is a tool that makes the job easy. Darik’s Boot and Nuke, usually known as DBAN. It’s compliant with:

• Canadian RCMP TSSIT OPS-II
• American DoD 5220-22.M

It also has a quick wipe, plus Gutmann and PRNG Stream Wipe.

Download DBAN here: http://dban.sourceforge.net/

Use NoScript with Firefox to make surfing even safer

I strongly recommend using Firefox over Microsoft Internet Explorer. But even with Firefox, you can improve your risks by permitting Flash, JavaScript, and Java execution run only from trusted sites.

Many websites use ads that run scripts from domains that you might not consider trusted. NoScript gives you domain-level control, permitting you to specify precisely which sites you allow scripting and which you consider untrusted.

NoScript takes up zero additional real estate on the screen unless you want to see what’s being blocked and what’s not. There is a nice set of options for setting the level of control you wish.

Update: NoScript recommended in a Dark Reading article, here:

http://www.darkreading.com/blog.asp?blog_sectionid=415

Get NoScript here: http://noscript.net/

Use WinZip 9+ to safely encrypt files

If you are using a version of WinZip that is older than version 9, I urge you to upgrade to version 9 or better. Why? Beginning with version 9, WinZip includes AES encryption. Prior to version 9, WinZip’s encryption algorithm was weak and prone to attack.

With Winzip 9 or better, you can safely encrypt individual files, or entire directories, for transit over e-mail or other means, without fear that anyone else will be able to read the protected data. This, however, is predicated on two important facts:

1. You need to use a strong password when encrypting the archive. Use a password or pass phrase with at least 8, or more ideally, 10, characters.

2. Anyone who can read the WinZip file can see all of the names of the files and directories in the archive. If your file and directory names give away vital information (for instance, a directory named “Merger Companies” containing files such as “General Motors.doc”, “Daimler Chrysler” and “Volkswagon”), then anyone who intercepts your Winzip archive will be able to discern what you or your organization are up to. If your archive contains sensitive file names, then I suggest you “double Zip” your archive to protect your secrets.

Get WinZip here: http://www.winzip.com/