background preloader


Facebook Twitter

10 crazy IT security tricks that actually work | Security. Network and endpoint security may not strike you as the first place to scratch an experimental itch. After all, protecting the company's systems and data should call into question any action that may introduce risk. But IT security threats constantly evolve, and sometimes you have to think outside the box to keep ahead of the more ingenious evildoers. And sometimes you have to get a little crazy. [ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ] Charles Babbage, the father of the modern computer, once said, "Propose to a man any principle, or an instrument, however admirable, and you will observe the whole effort is directed to find a difficulty, a defect, or an impossibility in it.

The world of network security is no different. Even bigger bonus? 9 popular IT security practices that just don't work | Security. When it comes to IT security, FUD (fear, uncertainty, and doubt) is more than just the tool of overhyping vendors hoping to sell their next big thing. It is the reality that seasoned IT security pros live in, thanks in large part to the -- at times gaping -- shortcomings of traditional approaches to securing IT systems and data. The truth is most common IT security products and techniques don't work as advertised, leaving us far more exposed to malicious code than we know.

That's because traditional IT security takes a whack-a-mole approach to threats, leaving us to catch up with the next wave of innovative malware, most of which rolls out in plain view on the Internet. Until we solve that problem -- that is, when a critical mass of people wants to end this issue -- we will devise, deploy, and depend on security solutions that will never keep us as safe as we need to be, given the daily escalation of malware aimed at compromising our systems and extracting valuable data. Computer Security Guides and Articles. Security Notes. How do I find out who’s trying to change my password? – Ask Leo! If your account has not actually been hacked, there's little you can do to find out who's trying to log in as you.

But there are steps you can take to protect yourself from would-be hackers and phishing scams. I just happened to check my emails and noticed that I had an email telling me that I had asked for my account password to be reset. I had not done this so I followed the link that confirmed that this was not me. About two minutes later, I received an email from Facebook stating that I had attempted to change my password and was this me?

I immediately clicked on the link to report that it wasn’t the case. What I’m wondering is if there’s any way of finding out how this happened, the location of who and what was behind this? To answer your question, no. Unexpected password resets If you get a password reset email without asking for one, that probably means that someone entered your login ID into a login page and said “I forgot my password”. Staying secure. Gmail takes image loading out of users’ hands – here’s how to take it back. Do your shoulders feel lighter? They should if you're a Gmail user, since Google just lifted from users what one assumes must have been the heavy burden of having to choose whether to display images in email. You were relieved of this choice as of Friday, when Google announced that Gmail users will now see images automatically.

Automatic image viewing for desktops was enabled on Friday, and we'll see it on Android and iOS apps in early 2014. Up until now, we've had to mull whether or not we want to view images because all sorts of security sliminess and privacy pitfalls can lurk behind them. Clicking on images is like leaving whatever fortress you're holed up in and venturing out into the wide, open, scary world of somebody else's HTTP territory.

That's because emailed images, though they might look like they're part of the email, are normally hosted on a web server controlled by the email sender. As Ars Technica's Ron Amadeo points out: It will be great - just great! OK. Microsoft EMET. To help protecting Windows and installed software against known and unknown attacks, Microsoft has released a really cool and fairly easy-to-use tool named EMET - Enhanced Mitigation Experience Toolkit. It uses several protection and detection techniques with cryptic-like names (such as ASLR or SEHOP) to provide mitigation against known hacks and even zero-day flaws.Older and current versions of EMET have successfully protected from several unpatched security flaws in Microsoft, Adobe and Oracle software without any additional configuration; and latest version (4.1) does a lot to make the shields even stronger.

While EMET has set-and-forget style configuration, there is no reason to ditch patching Windows and other software or using anti-virus and anti-malware programs. Microsoft's Enhanced Mitigation Experience Toolkit is just an additional (and effective) security layer for Windows PC-s. Installing or upgrading Microsoft Enhanced Mitigation Experience Toolkit 4.1 OK, let's get started! Firefox 26 bumps up security by letting users screen plug-ins. The latest version of the Firefox web browser is available, introducing new features that improve security and performance. Firefox 26 will be available to download from the Firefox web page later today and is already available via Mozilla's FTP server.

Security In an attempt to improve both security and stability, Java plug-in software components will not load by default. Sections of a site that require a Java plug-in will need user approval before loading. Approval is given by clicking the part of the page where the plug-in is embedded or an icon in the browser address bar. By blocking Java plug-ins, Mozilla hopes to reduce the risk of users being attacked via exploits of vulnerabilities in plug-in code or of plug-in software causing instabilities in the browser. Mozilla will continue to use the Beta version of Firefox to test a Click to Play feature that would block a wider range of software plug-ins by default. Features and performance Developer changes Further reading. Apple's Keychain: The solution and the problem with password managers.

Everyone should be using a password manager. I use Lastpass, but there are other respected ones. Now Apple is baking the password manager directly into the operating system. This would be great if only they weren't being so Apple about it. In iOS 7 and OS X 10.9 (Mavericks) Apple created iCloud Keychain, a password manager which stores credentials in the user's iCloud storage, and APIs for iOS and Mac developers to use for their programs to support it. But it's Apple-only. To see why that's a problem, here's some more about password managers. Ideally, it would be good if passwords went away, but that's like saying world peace would be good — ain't going to happen any time soon. This is where password managers show both their strengths and their weaknesses: they allow us to use passwords responsibly by having unique, strong passwords for each logon we have. As a general rule, third party password managers can't fill userids and passwords into mobile apps, not even on Android.

Safego. Safe social network Bitdefender Safego scans the links you receive from your friends, and monitors your account privacy settings. Friendly advice With "Warn friend" option, you can warn your friends when "fishy" links are posted to their newsfeeds. On-Post scanning Surf the newsfeed and socialize without worries. Check your status in less than 60 seconds, thanks to our scanning technology. Friend'O'Meter Get an instant head-count of how many of your friends are also using Safego to keep themselves protected!

Unfriend your phishy links!