?>
Archive
Tag "security"

Dear Laptop users,

There’s a controversial Firefox plugin called Firesheep making the rounds right now that is able to sniff out cookies from computers on the same network for login information. With a double-click, someone on the same network as you can access any of your accounts at non-secure sites–Facebook, Twitter, Gmail, Amazon, etc. If you frequent open wireless networks, you should consider Force-TLS, a Firefox plugin that protects against this.

That is all.

Love,

Eric

[h/t Brother Scott]

Read More

So I was having some issues upgrading my iPhone to OS 3.0.1, which is something anyone with an iPhone should do, as the vulnerability it fixes is seriously scary(first link is news story, second is link to white paper PDF, consider yourself warned), and my cat knocked the iPhone off a table, thereby disconnecting the USB cable during the upgrade.

I wasn’t too freaked out – I back up daily – but I was curious to see how the installer handles situations like this, which led me to my laptop’s syslog/Console, and this hilarious gem:

Aug  2 13:57:57 wootbook2 [0x0-0x23023].com.apple.iTunes[371]: MobileDevice: _MobileDeviceConnect_locked: This is not the droid you’re looking for (is actually com.apple.mobile.restored). Move along, move along.

I’m glad to see nerdy Star Wars jokes/easter eggs can still pass through a major tech company’s QA department.

Read More

Because it’s a FUCK YOU FRIDAY

Originally posted (and terribly reported) @ CNET

(C’mon now, this quote makes me laugh chunks):

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

Regardless, the real issue here is:

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates.

“While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children,” U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. “Keeping our children safe requires cooperation on the local, state, federal, and family level.”

TL;DR version: Most consumer-class routers/access points today don’t store nearly enough information to be useful in a forensic sense… unless their firmware is flashed with something like Tomato or DD-WRT (which offers more robust logging options).  Training your average Joe/Jane on how to store these logs in a forensically sound manner would be almost impossible, or take way too much money to properly educate the masses.  

Read More