‘basic security suggestions’4 Ways to Improve Security for Web Designers
convenience vs securityBut where is the decryption key?
‘risks are not theoretical’A basic guide to when and how to deploy HTTPS
‘different kind of attack’The New Threat: Targeted Internet Traffic Misdirection
Note: Promotional vehicle.
creepy vs. usefulYour TV is spying on you, and what you can do about it
‘junk-filled installer’ (again)The Safe Mac » Boycott CNET’s Download.com
Related (from 2011):
dailywebthing linkport: ‘gauntlet of crapware’
identify security issuesQualys BrowserCheck
Note: This is not an endorsement.
'more important than ever'Software Transparency
on social engineering tacticsStaying safe from virtual robbers
Is resetting password enough?Security bug?
'using Facebook to spread'Malicious Chrome extensions: a cat and mouse game
looking forward to...Predictions for 2013
important security infoMicrosoft Fixes Zero-Day, Four Other Flaws in IE (ads)
remote, encrypted backupsDuplicati – "a free backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers..."
Note: This is not an endorsement.
Be careful out there!Dropbox: Password Breach Led to Spam (ads)
Related: Password Do's and Don'ts (ads)
'mobile privacy application'Wickr - Leave No Trace!
Note: This is not an endorsement.
7 vulnerabilities (at least)Critical Security Fixes for Adobe Flash Player (ads)
Flash updates are available for Windows, Mac, Linux and Android systems. Adobe AIR patches are available for Windows, Mac and Android platforms.
'not a guarantee'ScanURL.net (About)
Check website or URL/link safety: reports of phishing, hosting malware and viruses, or poor reputation.
reminder: update pluginsCritical Flash Update Fixes Zero-day Flaw
standalone tool (OS X Lion)Flashback malware removal tool
contains the same malware removal tool as Java for OS X 2012-003...
This update is recommended for all OS X Lion users without Java installed.
[Macworld (heavy advertising)]
See dwt: OS X security advisory for more background information.
'growing number of attacks'10 Simple Tips for Boosting The Security Of Your Mac
Online Social Networks (OSNs) offer access control mechanisms to protect users' sensitive information from undesired accesses. Yet, their information is still vulnerable to disclosure when their friends assign conflicting privacy policies: a user prohibits everyone from accessing his own content or profile but his friends allow others to see it...
not-so-safe browsingGoogle Safe Browsing diagnostic page for www.google.com
a reminder to Firefox users
...and another reminder - watch out for checkboxes which are checked by default when updating certain plugins...;~))
'gauntlet of crapware'Download.com Bundling Toolbars, Trojans?
QR code-related security risksHacker says 'Don't scan that QR code!'
Java plugin vulnerabilityAttack against TLS-protected communications
(more info: Transport Layer Security)
the illusion of trustFraudulent *.google.com Certificate at Mozilla Security Blog
Mozilla was informed today about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc.
How honest is your ISP?Widespread Hijacking of Search Traffic in the United States
Don't do that!Plain Text Offenders – "Did you just email me back my own password?!"
'easy hacking'It's not just Big Brother watching (ads)
interesting conceptAES text encryptor
Note: This is not an endorsement. Use at your own risk.
'In the meantime...'How to avoid or remove Mac Defender malware
Note: Though somewhat incomplete on the 'how to avoid' side, this information (provided by Apple) may be helpful in identifying and/or removing the malware from your system if you've downloaded it.
protect your sensitive data... (2)How Dropbox sacrifices user privacy for cost savings
protect your sensitive data...Dropbox authentication: insecure by design
Topical: Internet SecurityThe Security Skeptic – "about all matters related to Internet Security, from domain name and network security to phishing and malware"
49 flaws addressed!Microsoft issues its biggest-ever security fix
Microsoft said four of the new patches – software updates that write over glitches – were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.
'something very odd going on'Twitter 'onmouseover' security flaw widely exploited
adventures in scriptingNaked Password - jQuery Plugin to Encourage Stronger Passwords
'unsurprisingly common' vulnerabilityXSS - an Underestimated Threat?
'sophisticated and dangerous'New trojan virus Zeus v3 empties online bank accounts
How to protect yourself from trojans when banking online
- Make sure your anti-virus software is up to date.
- Keep firewalls set to the highest level.
- Never open an e-mail attachment from someone you don't know.
- Never double-click on an e-mail attachment that ends in .exe. It is an 'executable' file and can do what it likes in your system.
- If you think your machine has already been infected, contact your bank immediately. If the bank thinks you are a genuine victim of fraud it will reimburse you.
common sense...Top 8 Things You Shouldn't Give Social Networking Sites
noteworthy traveling precautionsSummer Vacation - A Privacy and Identity Theft Primer
important security fixesFirefox 3.6.2 Released
don't trust the bunnyEnergizer DUO USB battery charger software allows unauthorized remote system access
trojan-infected add-ons foundPlease read: Security Issue on AMO « Mozilla Add-ons Blog
Is your data safe? (2)
- Official Google Blog: A new approach to China
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.
- Official Google Enterprise Blog: Keeping your data safe
This attack may understandably raise some questions, so we wanted to take this opportunity to share some additional information and assure you that Google is introducing additional security measures to help ensure the safety of your data.
- Google's half-truths and a plea for perspective
Coordinated enough to get at GMail's internal data store, if only the one with e-mail headers. If that doesn't scare you, it should. What Google does with their .cn site is relatively minor news.
banking/e-commerce at riskCreating a rogue CA certificate
This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.
'jail-break' with careWorm attack bites at Apple iPhone
The worm, known as ikee, only affects "jail-broken" phones, where a user has removed Apple's protection mechanisms to allow the phone to run any software.
Is your data safe?Facebook and MySpace security: backdoor wide open, millions of accounts exploitable
Facebook and MySpace fixed this quickly after being notified...
'subtle security holes'Secure computers aren't so secure
'still in the works'Mozilla: Plugin Check
[Mozilla Security Blog]
(still) full of holesMicrosoft readies bumper update
'sophisticated ways'Online thieves step up bank raids
Flash: Security and Privacy (2)BetterPrivacy Firefox extension
Flash: Security and PrivacyAdobe - Flash Player : Settings Manager
'to give users control'Vanish: Enhancing the Privacy of the Web with Self-Destructing Data
'users should exercise caution'Security Advisory for Adobe Reader, Acrobat and Flash Player
'surveillance solutions'UAE Blackberry update was spyware
new version fixes security issueMozilla Firefox 3.5.1 Release Notes
(see compiler bug post)
'widespread computer attack'Governments hit by cyber attack
'notorious rogue'FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content
Related: US cuts off 'criminal' net firm
'scam directed at Twitter users'Twitter Blog: Gone Phishing
an echo in here...[Yet another] Serious security flaw found in IE[!]
Related (12/17/08): Microsoft plans quick fix for IE
don't clickFacebook users hit by virus – "The virus tricks users by telling them they're in a video..."
fakes selling fakesClipboards hijacked in web attack
the scum never sleepsSpammers announce World War III
Yet another reminder to "never follow links in unsolicited email messages." (and beware of intrusive/annoying ad tactics if you visit the news site's home page)
'Big Brother' indeedCriticism for 'UK database' plan
from BBC's 'Click' programIdentity 'at risk' on Facebook
Related: Click's Facebook security advice
beware of 'fake E-shops'Cybersquatting Security Vendors for Fraudulent Purposes
Don't be cheap, if you're to buy any kind of software, do so through the official site, and cut the fraudulent intermediaries like the ones in this case.
security and privacy concernsAnger over pupils database plan
according to 'Wikinews'Malicious code inserted into Wikipedia pages spreads computer virus
here's your proof...Clarkson stung after bank prank
TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people's personal details on two computer discs. He wanted to prove the story was a fuss about nothing...
'critical update'Flash Player update available to address security vulnerabilities
fixed in Firefox 126.96.36.199Mozilla Foundation Security Advisory 2007-28: Code execution via QuickTime Media-link files (upgrade)
'unacceptable intrusion'German spyware plans trigger row – "German government plans to spy on terror suspects by deploying malicious e-mails have drawn sharp criticism."
how secure?Bloggers battered by viral storm
Google's Blogger site is being used by malicious hackers who are posting fake entries to some blogs.
The fake entries contain weblinks that lead to booby-trapped downloads that could infect a Windows PC.
company denies security breachMonster attack steals user data
US job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen...
Adobe Security AdvisoryFlash Player update available to address security vulnerabilities
'DomainKeys Identified Mail'Backing for tool to battle spam
attack of the botnets?Estonia hit by 'Moscow cyber war'
'open to attack'Users warned on Windows cursors – "Animated cursors could prove risky for Windows users, Microsoft has warned...."
beware of IE7 promoToday's Other Malware Threat: IE7.0.exe
3 'key servers' targetedHackers attack heart of the net
good to know...Debit card versus credit card – "Your federal debit card legal rights are weaker than your credit card rights."
simple advice worth repeating...Security Response Weblog:
To protect yourself against these threats, do not trust unsolicited files or documents about 'interesting' topics. Do not open attachments unless they are expected and come from a known and trusted source.
'a worthwhile reminder'Google Security Hole Allows Account Hijacking
caution: plugin vulnerabilityWhen PDFs Attack!
You can avoid this problem by implementing a work around in your browser so that it does not use the Acrobat Reader plugin.
Update (1/5/07): A supposedly more secure, new version of Adobe Reader is available. Beware of optional additional software installation, which is checked by default. [BBC]
new exploit...New exploit blows by fully patched Windows XP systems
Microsoft Security Advisory (912840)
Sites exploit Windows image flaw
AORTAL - the anti-portal,
here's today's daily pointers:
[daily pointers archive]
The dailywebthing is intended
for a mature audience.
Some rights reserved.