Node v0.10.33. This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs. With this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3. Though you are still able to programatically consume those protocols if necessary. Included is the documentation that you can find at that describes how this works going forward for client and server implementations. Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these protocols are disabled. Shasums:
Tools for a Safer PC. An important aspect of securing any system is the concept of “defense-in-depth,” or having multiple layers of security and not depending on any one approach or technology to block all attacks. Here are some links to tools and approaches that I have found useful in stopping malware from invading a PC. Your mileage may vary. Learn, Memorize, Practice the 3 Rules Follow Krebs’s 3 Basic Rules for online safety, and you will drastically reduce the chances of handing control over your computer to the bad guys. In short, 1) If you didn’t go looking for it, don’t install it; 2) If you installed, update it. 3) If you no longer need it, get rid of it! For more on these rules, check out this blog post. Keep Up-to-Date with Updates! It shouldn’t be this way, but the truth is that most software needs regular updating. Put a Leash on Javascript Most Web sites use JavaScript, a powerful scripting language that helps make sites interactive. Microsoft EMET The application page of EMET.
Prop up Your Passwords. Join the fight against phishing. Canary: The first smart home security device for everyone. Our Indiegogo campaign has ended but you can still pre-order Canary at:canary.is Canary is a single device that contains an HD video camera and multiple sensors that track everything from motion, temperature and air quality to vibration, sound, and activity to help keep you, your family and your home safe.
Controlled entirely from your iPhone or Android device, Canary alerts you when it senses anything out of the ordinary — from sudden temperature changes that can indicate a fire, to the sound and movement that could mean an intrusion. Instantly receive, view and act on the alerts wherever you are. Over time, Canary learns your home’s rhythms to send you smarter alerts. Canary is the smartest way to stay secure. "A new startup called Canary is about to launch what could revolutionize the home security business" – Technabob "Canary is easy on the eyes and the smartphone interface looks equally appealing. " – The Next Web "Canary helps the internet of things take on home security" – GigaOM.
Your secure private social network. Facebook’s ticker privacy scare, and what you should do about it. Amongst the recent new changes to appear on Facebook, there is a "ticker" (a rolling real time list of what your friends are doing). Not everyone has received it yet, because it's on a staggered rollout, but millions have already seen it. You'll find it on the right hand side of your Facebook page, in the collapsible chat bar. It's smashing if you want to keep fully up-to-date with your friends' activity, but there is a problem with it. The ticker makes it very simple for you to eavesdrop when one of your Facebook friends says something to someone you've never heard of - and even see what the stranger originally wrote too. Testing shows that your privacy settings are working the same as they did before, providing you used them in the first place.
The appalling enforced eavesdropping in the ticker (your friend said something to someone you've never heard of) is the result of the lax or non-existent settings of your friends, so here's the deal.. What happens is this: 1. Still baffled? Public.