Friday, 30 November 2012

Added Security part 3




Get rid of Java
I'm repeating myself here, but if you don't need it, throw Java in the bin ASAP. It has never been, is not and most likely won't ever be safe running Java in your browser. That some companies forces users to run Java is a sign of incompetence, ignorance and stupidity. The amount of stories regarding security flaws in Java keeps popping up like farts in a barn full of cows (whatever comparison that is).

Here are three (out of hundreds) stories:
09.10 : csoonline.com
26.09 : arstechnica.com
29.08 : krebsonsecurity.com


Java is not safe as a browser plugin. Throw it in the bin!

Norwegians are forced to use Java for online banking. Plain stupidity!

BankID, responsible for making Norwegians insecure on the Internet.



Use two-factor identification
Wherever possible use two-factor / two-step identification. Gmail and Google Apps has got it already, same thing with LastPass. Luckily more and more services do come with this option as well.

Dropbox
Dropbox was hacked this summer, and did set their users passwords to be expired.

Or: sorry we got hacked and we lost you password.

Dropbox has recently increased their security by offering two factor authentication as well. If you are a Dropbox user you should enable two factor today. Log in and go to the security settings for enabling Two-step verification.

Click to enable.

Welcome to a more secure world.

Use texts or app.

Etsy
Etsy has also introduced two-factor authentication. So, if you're an Etsy user you know what to do to stay safer.





Terms of Service; Didn't Read
For all security and privacy aware people out there the TOS or Terms of Service is important. However, most people don't read several pages of boring details. I don't blame them. However, there is a brilliant page to the rescue:


ToS;DR aims at creating a transparent and peer-reviewed process to rate and analyse Terms of Service and Privacy Policies in order to create a rating from Class A to Class E. 

Check it out at:
tos-dr.info



Browser Improvements
Disable 3-party cookies
To limit tracking and enhance privacy you might consider disabling 3-party cookies. If you're a Chrome user this can be done going to chrome://chrome/settings/content#third-party. If you're using another browser Google is your friend.



Disable JavaScript by default
I have mentioned NotScript earlier. An option, at least for Chrome users, is to by default disable JavaScript in your browser. The NotScript extension is more feature rich, however it is simpler just using Chrome's built-in functionality.





Do Not Track
Most browsers now has got a "Do Not Track" option. Turn it on if you want to at least ask sites not to track you (or send a "DNT signal"). Note that there is no guarantee the sites will listen though. You are by turning this option on simply asking sites to please not track.
To do this in Chrome you can go to chrome://chrome/settings/search#do%20not%20track.

Privacyfix

Privacyfix is an extension that you can consider. This is what they write:
"Privacyfix puts you in complete control of your online privacy. The Privacyfix browser extension scans for privacy issues based on your Facebook and Google settings, the other sites that you visit and the companies tracking you. Privacyfix then takes you instantly to the settings that you need to fix. Privacyfix also can warn you of new privacy issues as you surf the web, so you know when sites like Facebook change their privacy policies or have privacy breaches."
https://www.privacyfix.com



Stupid password restrictions
I've started on a list of sites having insane and stupid password restrictions. It's crazy how many big sites there are on the Internet that obviously are storing password as clear text, or weakly encrypted. To check out the list go to:
http://morphogenetically.blogspot.com/search?q=security+fail+-+



Cloud storage

Glacier
If you've got a lot of old files, that you do not need to access that often you can check out the new service from Amazon, the Amazon Glacier. This is what they write about the service:

"Amazon Glacier is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup. In order to keep costs low, Amazon Glacier is optimized for data that is infrequently accessed and for which retrieval times of several hours are suitable. With Amazon Glacier, customers can reliably store large or small amounts of data for as little as $0.01 per gigabyte per month, a significant savings compared to on-premises solutions."

CloudBerry Lab


Another option for backing up your data in the cloud comes from CloudBerry Lab. They offer a set of nice tools, like tools for integrating cloud storage as a local drive. Check out more on www.cloudberrylab.com.

cloud explorer

virtual drive

cloud backup



BoxCryptor

If you store your data in the cloud, your data is not necessarily encrypted. And if the data is encrypted it might not be done the TNO way (Trust No One - means no one that yourself can decrypt your data). A solution to this is to use a tool that locally encrypts your data before it is sent to the cloud. One tool is BoxCryptor. This is what they write:

"You want to encrypt Dropbox, Google Drive or Microsoft SkyDrive and access your data from everywhere without worrying about data security or give up comfort? Then BoxCryptor is the perfect software for you. It has never been easier and more user-friendly to encrypt your data without losing the advantages of cloud storage."



Windows Defender Offline
Got malicious software on your computer? Windows Defender Offline to the rescue.

"Windows Defender Offline can help remove such hard to find malicious and potentially unwanted programs using definitions that recognize threats. Definitions are files that provide an encyclopedia of potential software threats. Because new threats appear daily, it's important to always have the most up-to-date definitions installed in Windows Defender Offline. Armed with definition files, Windows Defender Offline can detect malicious and potentially unwanted software, and then notify you of the risks."



LastPass security challenge
src: identi.ca

If you're using LastPass there is a nice tool to improve your online security. As mentioned earlier the LastPass guys has created a security challenge. I've spent a fair bit of time, changing my passwords to increase their strength and making sure I never (there are a very few exceptions, as some services having multiple domains you log in from) use the same password twice. I've even now started using unique email addresses for all new sites I sign up to. My motto is that you can never be too cautious. It's actually a bit addictive to see how good you'll manage to score on this test.

LastPass security challenge.

75% score is not good enough.

40 duplicate passwords, and 131 sites using duplicate passwords. Ugh.

Historical results. I'm getting better.

Option to check if your usernames are compromised.

88.2%, but still not satisfied.

Down to only 9 duplicate passwords, and only 25 sites using them.

Major improvement.

Even more changes done to my online logins, and I'm finally above 90%.

13 weak passwords left.

94.4% score and quite satisfied.

Only 8 sites using duplicate passwords, and those being unavoidable.

A nice development.

Wednesday, 28 November 2012

Pretty please with sugar on


-
INT. DOWNTOWN TOKYO - HOTEL ROOM - MORNING

Mr Me and Yasu are located in a tiny hotel room.

          MR ME
     So, if I want to buy anything, no matter what, I can use the phrase "watashi wo yate kudasai"?

          YASU
     Yes, or you can simply say "yate kudasai". It means "can I please have this" and can be used for anything. Very convenient.

          MR ME
     So if I want to buy something I can just point at it and say "yate kudasai"?

          YASU
     Correct.

Mr Me decides to go and buy some shoes, and at the same time test his Japanese. Yasu comes along.

INT. DOWNTOWN TOKYO - SHOE SHOP - DAY

Mr Me sees a pair of shoes he likes, grabs them and walk over to the male clerk.

          MR ME
     Konnichiwa.

          CLERK
     Konnichiwa.

Mr Me puts the shoes on the counter and looks the clerk in his eyes.

          MR ME
     Watashi wo yate kudasai.

The clerks looks strangely at Mr Me, without saying a word.

          MR ME
       (louder, while articulating more)
     Yate kudasai!

The clerk still says nothing, just looks at Mr Me, slightly scared. Mr Me turns around to get assistance from Yasu. However Yasu is no longer in the shop. He is laying on the pavement in front of the shop, rolling around while laughing. Mr Me me turns back to the clerk.

          MR ME
     Sumimasen.

Mr Me quickly leaves the shop and walks over to Yasu.

          MR ME
     You bastard! What did I say to the guy in the shop?

          YASU
       (while laughing)
     You said "Please fuck me, please fuck me".
-

Friday, 23 November 2012

Ichi

One
I have made my choice, it is option one.

 Singapore Airlines aka SIA aka SQ will take me to the island.

Preferred seat, because I'm worth it! A bit too close to the babies though. CP planning ftw.




Tatami

Mr Me: "I've got myself a new apartment."
Yasuhiro: "Nice, congrats brother."
Mr Me: "Thanks. It is not that big though."
Yasuhiro: "How big is it?"

Mr Me: "28 square meters, very small."
Yasuhiro: "I'm not used to square meters."
Mr Me: "How come?"
Yasuhiro: "We don't use that here."
Mr Me: "So what do you use then?"
Yasuhiro: "Tatami, which are mats we use on the floor."
Mr Me: "Never heard about tatami. I will find out. Just a second."
Yasuhiro: "OK"

Mr Me searching for "tatami sqm conversion", and finds one site for the job.

Mr Me: "Got it, I found a site that will convert square meters into tatami."
Yasuhiro: "Cool."
Mr Me: "28 square meters is 16.9 tatami."
Yasuhiro: "That is not bad. That is a big apartment."
Mr Me: "Big?"
Yasuhiro: "Yes, for us that is a great size apartment. Not small at all."
Mr Me: "You have a point. At least big enough, and the apartment is even bigger than a house."

Wednesday, 21 November 2012

Tuesday, 20 November 2012

Blood & Chrome



My favourite series through all times is "Battlestar Galactica" (wiki | imdb, and my old reviews). If targeted memory erasure was accurate I would have considered erasing all my memories related to the series, just to see it all over again.

Luckily for me, and a lot of BSG fans around the globe, a new series has launched, the "Battlestar Galactica: Blood & Chrome" (wiki | imdb). I've just watched the first four episodes on Machinima's Youtube channel, and it's actually amazingly good for being a series that was considered as just being a web series.

"Battlestar Galactica: Blood & Chrome is a prequel to the reimagined Battlestar Galactica series. It stars Luke Pasqualino, Ben Cotton, and Lili Bordán. Michael Taylor wrote the teleplay from a story by Taylor, David Eick, Bradley Thompson and David Weddle, with Jonas Pate as director. The series started being distributed as a 10-episode online series in conjunction with Machinima.com on November 9, 2012, and will also air as a televised movie in early 2013 on Syfy." (src: wikipedia).

Watch the trailer:


I'll wait with the next six episodes until the extended Blue-ray version is out on February 19th 2013. Proper series needs to be watched in proper quality on a proper screen with proper sound. I'll have the popcorn ready, because nothing is like good sci-fi.

The Cylons are back.