Top 5 Tips to Keep Your Website And Network Secure

Every day, innocent websites are compromised by malicious hackers. Google identifies almost 10,000 malware-infected websites each day, and half of those are genuine websites belonging to legitimate companies. These companies haven’t done anything wrong, but they find themselves blacklisted by Google, and that’s only the edge of the brutal iceberg.

Hackers inject vicious malware into these sites to infect visitors. They confuse and lure users to dodgy websites and they break in and steal important and often sensitive customer information.

It’s a real and constant problem, but there are easy and simple steps you can take to guard against these attacks and keep your site, your network, and your customers safe and sound.

1. Use strong passwords, keep them secure and change them frequently

We all know that we should choose complex passwords, but sometimes laziness takes over and we slack off. This is a crucial mistake. Obviously, you want to choose exceptionally strong passwords for your server and website admin area, because a vulnerable password here is a free ticket for hackers to cripple your site and do untold amounts of damage.

It can be inconvenient to remember frequently changing passwords, but in the end, it’s a simple solution that can save a lot of headaches in the future. It’s also imperative that you enforce good password practices for your users.

Compromised user accounts are a special hell of their own. Demanding that minimum password requirements are met for registration will force users to make smart choices. Insist on eight characters, at least an uppercase letter and a number or special character. It’s a bit of a hassle, but it’s worth it.

Make sure that any passwords are stored as encrypted values. Ideally, you’ll use a one way hashing algorithm like SHA. This method means that during authentication, only encrypted values are ever compared. In a worst-case scenario, if someone hacks in and steals passwords, this will limit the damage.

They can’t decrypt them, and they will be reduced to attempting dictionary or brute force attacks, trying every single combination until a match comes up. It’s time consuming and computationally expensive and just not worth the effort for most people.

Your wireless network password should be seriously strong, and the network should be protected by Wi-Fi Protected Access 2 (WPA2) rather than WEP (Wired Equivalent Privacy). WEP encryption is brittle and hackable in minutes these days and should never be relied upon.

It’s also imperative to ensure that your PCs are well protected against viruses at all times to prevent password theft.

2. Be discreet with your error messages

Make sure your error messages aren’t giving away too much information. If your website requires a login, you should pay attention to how your error messages deliver the message that their login attempt has failed. A quick-and-simple, very generic message such as “incorrect login information” is your best bet.

It doesn’t tell the user if half the query is right (especially not which half!) When a hacker is attempting brute force attacks to gain access to usernames and passwords and the error message identifies one field as correct, that’s valuable information for him. He then knows that he’s halfway there and can concentrate all his attention and effort on the remaining field. Don’t make it easy for them!

3. Keep software up to date

Make sure that you’re consistently and quickly applying security updates to all of your software. From your personal PC’s virus protection, to your server operating system, and website software like content management systems, blogging, forums, and blogging platforms.

Hackers are quick to exploit any known holes and bugs, and you want to get there first. Sign up to the mailing lists and RSS feeds of all your software vendors. They’ll be the first to alert you to any security issues and their solutions. Find out and follow it up.

4. Limit Use of your Administrator Account

Keep your computer’s admin account for installing updates and software, or for reconfiguring the host when you have to. Don’t go online while logged into your admin account. Non-privileged user accounts are not just for guests and visitors: you should have one yourself for everyday use. If you browse the web and read your email with an admin account, you leave yourself open for an attacker to gain entry and access to your host.

5. Ask the experts

You don’t have to do it all on your own. There are good tools out there for monitoring your own website, but not everyone has the time or inclination to stay on top of security 24/7.

It’s possible to find monitoring services for very reasonable prices. These companies will check for malicious activity, give you an alert if your website shows up on a blacklist, scan your site for vulnerabilities, and be there for support and repairs if you do fall prey to a hack.

If you’re dealing with databases of sensitive customer information that are attached to your site, it’s probably worth it to get an expert in from the start, sweeping your code for bugs and building in extra lines of defense from the ground up. For small businesses, companies such as SiteLock and Stop the Hacker offer packages for under $100 a year.

This guest post was provided by Amanda Gareis on behalf of Drexel University Online. Drexel expanded into the online learning sector in 1996 and now offers its recognized curricula to a worldwide audience. Drexel Online offers degrees in Information Science, Information Technology, and Computing and Security Technology. The university also provides an Information Technology Career and Salary Guide resource for those looking to enter the industry.

It’s Banking Day at the Ranch and a Linux Live CD is in the Saddle!

I’ve maintained for years, that I treat my Windows machines as if they have already been compromised – a position that has left me open to some criticism. I’ll take the criticism – I’d rather be safe than sorry.

If you’re a regular reader of Tech Thoughts Daily Net News column then, you’re probably aware that the following items from last week (below the break), are not in the least unusual. In fact, notification of security breaches, or unpatched vulnerabilities that are weeks or months old, are now commonplace.

A legitimate question is – how likely were you to have been affected by any of the unpatched flaws – as noted below – or, the scores of similar long-standing vulnerabilities published in Tech Thoughts Daily Net News over the last few years?

I’ll grant you that “not very likely”, is a reasonable assumption. Still, the question remains – how do you know that you’re not already compromised by a yet to be disclosed vulnerability? Something to think about.

————————————————————————————————–

Eight-month WordPress flaw responsible for Yahoo mail breach: Bitdefender – A cross-site scripting flaw that saw some Yahoo email users lose control of their accounts has now been traced back to a WordPress installation that was not patched for at least eight months.

Serious security holes fixed in Opera – but Mac App Store users left at risk again – It should go without saying that if you use Opera, you should update to version 12.13 as soon as possible. But… what if you didn’t get your copy of Opera from the official website? What if, instead, you acquired your version of Opera for Mac from Apple’s Mac App Store?

Symantec denies blame after Chinese govt hacks The New York Times – After one of the world’s most famous newspapers points the finger at Symantec for failing to protect its network against a four-month long Chinese cyberattack, the security firm returns fire –

Symantec:

“Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security.”

I found Symantec’s response more than interesting. This is the first time that I can recall, that a major security vendor has gone on record and suggested that their product, as a stand alone solution, should not be expected to identify and contain each and every conceivable threat.

I couldn’t agree more and, I have made that point consistently, for years.

—————————————————————————————————

Initially, I had no intention of writing such a long introduction to a simple review – but, my continuing disappointment in the computer technology industry as a whole, whose overall response to an epidemic of criminal activity, runs along the same lines as that old time movie – Jaws – in which one of the plot lines revolves around keeping people in the water (despite the evident danger from a Great White shark) since to do otherwise, would be bad for business, got the better of me. Perhaps not the best analogy – but, it works for me.

I have a sign on the wall above my desk that reads – Bullshit in = Bullshit out. I can’t think of a more fitting epitaph for the current state of affairs in an industry rife with misinformation, misdirection, hype, and sheer outrageous bullshit.

I’m not a gloom and doom guy – but, market forces are such, that a little crystal ball gazing has convinced me that the status quo is as stable as the Rock of Gibraltar. In other words, if you want to be safe on the Internet, then accept the fact that you’re on your own.

—————————————————————————————————

It’s Banking Day at the Ranch and a Linux Live CD is in the Saddle!

While connected to the Internet, just like you, I face exposure to Trojans, spyware, viruses, phishing scams, identity theft, scam artists, schemers and cyber crooks lurking in the shadows, just waiting to make me a victim. Even so, the odds of me picking up a malware infection, or being scammed, are fairly low. Am I just lucky, or is it more than that?

To some extent I might be lucky – but, it takes much more than luck to stay safe on the Internet. For me – it really boils down to prevention. Preventing cybercriminals from getting a foothold by being vigilant and adhering scrupulously to fundamental security precautions, including –

A fully patched operating system.

A robust firewall.

Automatically updated anti-virus and anti-spyware software.

Increased Internet Browser protection through selected add-ons.

Encryption where necessary.

and, most importantly never forgetting to – Stop. Think. Click.

Despite all those security precautions though, there’s one connected activity that still concerns me – online banking. Regardless of the fact that I choose my Internet banking provider based partially on it’s low profile, I’m not entirely relying on this low profile as a guarantee that cybercriminals will not target my provider.

The inescapable fact remains; I am my own best protection while conducting financial transactions on the Internet. Frankly, I’m not convinced that financial institutions are where they need to be when it comes to protecting their online customers.

Despite my best efforts, it’s possible that malicious code may be installed on my computer – ready to pounce on my banking user account names, and passwords. Which is why, I have long made it a practice to conduct my financial affairs on the Internet via a self-booting Linux Live CD. Since a Linux Live CD is read-only media, the environment (running entirely in RAM), should be more secure than Windows.

I’m not suggestion that Linux systems are impervious to malware (I know better than to make that claim) – but, since the majority of malware is Windows specific, banking online through a Linux Live CD should offer a more secure environment.

If you can click a mouse – then, you’re good to go. It’s that easy. Today’s Linux distros are not your Granny’s Linux.

I’m not suggesting that you replace your Windows operating system and jump with both feet into Linux. That’s impractical. What is not impractical however is – running with Linux on those occasions when you do your Internet banking.

Recommended Linux Live CDs:

Puppy Linux – A complete operating system with suite of GUI apps, only about 70 – 140MB, and boots directly off the CD. I should point out that Puppy is my personal favorite.

Damn Small Linux – Damn Small Linux is a very versatile 50MB mini desktop oriented Linux distribution.

Fedora – Fedora is a fast, stable, and powerful operating system for everyday use built by a worldwide community of friends. It’s completely free to use, study, and share.

Ubuntu – Fast, secure and easy-to-use.

Lightweight Portable Security (LPS) – A Linux distro from the US Department of Defense. Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive.

Not Running Secunia PSI? Why Not?

Despite the fact that burglaries are at an all-time high in my neighborhood, and despite the fact that the Police regularly caution residents to lock both windows and doors when not at home, one of my close neighbors always leaves at least one window open while she’s out. I have to say – it just boggles my mind.

Throughout the summer she is out of town every weekend and, you guessed it – she still leaves at least one window wide open. Her behavior, not to put too fine a point on it – is idiotic. If you’ve ever wondered why your home owners insurance policy is more expensive than it needs to be, it’s partially due to lamebrains like my neighbor.

Computer systems running insecure and unpatched applications are analogous to the open window in my neighbor’s house, and are a common gateway used by cyber-criminals to infect unaware users’ machines. Worse, unlike the aftereffects of a home burglary, which are rather self evident, a compromised computer can often remain undetected.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you close any “open windows” in your operating system, by keeping your installed applications current and up-to-date. And, Secunia, the leading provider of Vulnerability Intelligence, can help you do just that with its free application – Secunia Personal Software Inspector (PSI).

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

During the install process, you will have an opportunity to select “Auto Updates”. I suggest that you take advantage of this feature.

Again, during the install process, you will have an opportunity to select “full changes in the tray icon”. If you have selected “Auto Updates”, as per the previous window, you should select this option.

The settings menu provides a full range of adjustments so that you can configure the application to more accurately meet your specific needs.

The following screen capture illustrates a security scan in progress. The full scan took under two minutes to complete.

According to the scan results, my test machine is 12% more secure compared to non-users of PSI in my local area. This is no cause for celebration though, since the test machine is running two insecure applications. One of which, VLC Media Player, has been a recent target of cyber criminals. Ouch!

The following screen capture shows the full test results and you can readily see, that both Adobe Flash Player and the previously mentioned VLC, are both insecure. Adobe Flash Player, dramatically so. Double ouch!

Additional data on an insecure program can be gathered by double clicking on the program, as shown in the following screen shot.

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how to resolve it.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Secure Your Online Banking With A Linux Live CD

While connected to the Internet, just like you, I face exposure to Trojans, spyware, viruses, phishing scams, identity theft, scam artists, schemers and cyber crooks lurking in the shadows, just waiting to make me a victim. Even so, the odds of me picking up a malware infection, or being scammed, are low  – not 0% but…… Am I just lucky, or is it more than that?

Well, to some extent I might be lucky – but, it takes much more than luck to stay safe on the Internet. For me – it really boils down to prevention. Preventing cybercriminals from getting a foothold by being vigilant and adhering scrupulously to fundamental security precautions, including –

A fully patched operating system.

A robust firewall.

Automatically updated anti-virus and anti-spyware software

An aggressive HIPS (host intrusion prevention system).

Increased Internet Browser protection through selected add-ons.

and, most importantly never forgetting to – Stop. Think. Click.

Despite all those security precautions though, there’s one connected activity that still concerns me – online banking. Regardless of the fact that I choose my Internet banking provider based partially on its low profile (four branches as opposed to the usual 3,000/5,000 branches common in Canadian banking), I’m not entirely relying on this low profile as a guarantee that cybercriminals will not target my provider.

The inescapable fact remains; I am my own best protection while conducting financial transactions on the Internet. Frankly, I’m not convinced that financial institutions are where they need to be when it comes to protecting their online customers.

Despite my best efforts it’s possible (though unlikely), that malicious code may be installed on my computer – ready to pounce on my banking user account names, and passwords. Which is why, I have long made it a practice to conduct my financial affairs on the Internet via a self-booting Linux Live CD running Firefox. Since a Linux Live CD is read-only media, the environment (running entirely in RAM), will be much more secure than Windows.

Yes, I admit that it’s a pain to shut down and reboot just to complete an online financial transaction but, I’d rather be safe than sorry – I’m into an ounce of prevention. Since the majority of malware is Windows specific, banking online through a Linux Live CD is my ounce of prevention.

Recommended Linux Live CDs:

Lightweight Portable Security (LPS) – A Linux distro from the US Department of Defense.

Ubuntu – fast, secure and easy-to-use.

Puppy Linux – A complete operating system with suite of GUI apps, only about 70 – 140MB, and boots directly off the CD.

KNOPPIX – Live Linux file system on CD.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

ClearCloud DNS Service Bites The Dust – Pick Up The Slack With Norton DNS

Occasionally, when I’m stuck for time, I’ll post an edited version of an earlier article. In choosing an appropriate article, I try to focus on a free application or service that has real value, but is often underappreciated. More and more often though, I’m finding that a free application I reviewed is no longer free, or the free service I recommended, no longer exists.

Another one bites the dust.

Regular reader Georg L., has just notified me that ClearCloud DNS, a free DNS alternative (reviewed here September 5, 2010) which prevented users from visiting sites identified as harboring malware exploits, will be closing the curtain – effective September 1, 2011.

If you are currently using ClearCloud DNS, you will need to reconfigure your network connection prior to September 1, so that your Internet connectivity is not interrupted. You can learn how to remove ClearCloud DNS from your computer by clicking here.

If you’re convinced that an alternative DNS service has value, and you wish to continue to harden your system by substituting your ISP provided DNS service, with a more secure alternative – you have a number of choices to consider, including – Norton DNS, with Norton Safe Web.

Benefits of running with Norton DNS:

Malware Site Blocking – Automatically blocks known dangerous and infected Web sites. Provides a complete overview of the threats found so you know why a site is blocked.

Web Content Filtering – Lets you block Web sites that contain content that you think is inappropriate or dangerous. You can choose from over 45 different categories of content to block and specify individual sites to block.

Here’s an example of Norton DNS in action following my clicking on a spam comment link. 

Further investigation of the Threat Report, reveals the following.

Pretty scary stuff, I think you’ll agree.

You can install Norton DNS either by download and running the installer or, if you want to have a bit of fun – you can choose to install manually. At first glance, you may think this is complicated when it fact, it’s quite easy. So, give it a try, and don’t be nervous. 

The screen captures below, reflect the changes I made.

Manual Setup for Windows:

Open the Control Panel from your Start menu.

Click Network Connections and choose your current connection.

On the General tab of the Connection Status screen, click Properties.

On the General tab of Connection Properties, scroll down and select Internet Protocol (TCP/IP), then click Properties.

On the General tab of Internet Protocol (TCP/IP) Properties, select Use the following DNS server addresses, then enter the two NortonDNS IP addresses 198.153.192.1 and 198.153.194.1.

Click OK until each window is closed. You are now using NortonDNS.

Once installation is complete, you will be presented with the following confirmation screen.

To ensure that you have in fact, been successful in making the change, visit this Norton page. The page will let you know if you are currently using Norton DNS.

or

System requirements: Windows XP (32-bit) with Service Pack 2 or later, Vista (32-bit and 64-bit) Win 7 (32-bit and 64-bit).

Download at: Norton DNS

Note: Uninstalling or canceling Norton DNS is easy – simply uninstall it. The process will revert your DNS settings to their previous values.

Additional free alternatives include OpenDNS, and Google Public DNS.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

GigaTribe Private P2P – Share Your Videos, Pics, And Docs Privately

A few days ago, I ran a few tests on peer to peer downloads, on the off chance that things had improved in this malware infested playground. No such luck, of course.

Of the five game files that I downloaded, every one came packed with a Trojan downloader, which, had I installed any of these applications, would have wrecked havoc on my test machine.

In a nutshell, that’s the main problem with public peer to peer file sharing. The chances are high, that you will not get what you think you will, and you will get what you don’t think you will.

Additional issues (but not the only issues) are:

Privacy: When you are connected to file-sharing programs, you may unintentionally allow others to copy confidential files you did not intend to share.

Spyware: There’s a chance that the file-sharing program you’re using has installed other software known as spyware to your computer’s operating system. I can assure you that spyware can be difficult to detect and remove.

So what’s a fellow to do who enjoys file sharing, and who doesn’t want to be burned by the cybercriminals who skulk on public file sharing networks, searching for victims?

A terrific solution to this quandary is a free application from GigaTribe. An application which is designed to create a private network between you, and your friends, relatives, co-workers, or, whomever you choose.

If you have every used peer to peer software, then you’ll find no learning curve involved in using GigaTribe – it’s functional, efficient, attractive, and “follow the bouncing ball” intuitive.

How much more simply can it be than this:

The following graphic is from the publisher’s site.

Fast facts:

GigaTribe has more than 1, 600,000 users.
Its unique technology has been developed by talented programmers with a strong history in the software industry.

There are no limitations on quantity or file size.
All your files are kept on your hard drive, eliminating the need to transfer them to an external server.

Files are available in their original format.
In just a few clicks, you can share and also find files as if you were in a virtual library. You will see files as they were organized on the hard drive, and you can download them in their original format.

You don’t waste time uploading files.
Once you select which folders you want to share, the contents of those folders are instantly accessible to your friends.

Your files remain yours!
Files you have decided to share are not saved on another company’s equipment. You keep your data under your control.

It´s a two-way sharing service.
Each contact can both share and download. You decide which content is worth downloading among the files available to you.

You may invite up to 500 friends.

Transfer automatically resumes.
If a download is interrupted (for example, if a contact goes offline), the transfer automatically resumes with no loss of data when your contact comes back online.

Security is, of course, GigaTribe´s major concern.

Only the people you have invited can see your files. Only the folders you have selected are visible to your contacts. Every exchange is strongly encrypted – No one can see what is being shared.

Downloads are encrypted (Blowfish 256-bit).

As an added bonus, users’ can create profiles, and have access to personal chat and a private blog, all from within the program. Now that’s cool!

According to the developers, GigaTribe (although I haven’t tested this), can also be used to access your PC from a remote location.

System requirements: Windows 2000, XP, 2003, Vista, Server 2008, Windows 7. (no indication on the publisher’s site of x64 compatibility).

Languages: English, Español, Français, Deutsch, Italiano, Português

Download at: Gigatribe

It’s not often that I can rate an application 100%, but GigaTribe comes very close. A superb application! If you’re into private file sharing, or it’s something that you’ve considered, then give GigaTribe a whirl – I think you’ll be glad you did.

For additional information checkout the developer’s FAQ.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Ditch Facebook – Go Private With Free Flink12

There are 600 Million plus, active Facebook users, but I must confess – I’m not one of the active users. It’s true, I do have a Facebook page but, I use it sparingly.

Since many software developers are now into the – “visit our Facebook page, click on the Like button, and we’ll give you ……….” school of marketing,  I use my Facebook account to meet this manipulative requirement.

My list of grievances with Facebook is a long one, but privacy, or more precisely, the lack of privacy, overrides all other concerns – I’ll leave the considerable security issues aside, for the moment.

I’ve always found it difficult to get a handle on Facebook’s constantly shifting definition of privacy and, it’s difficult to understand and hard to apply, personal privacy restrictions.

Maybe I’m old fashioned, but I just can’t get my head around the idea of putting private information out into the ether of the Internet. On the other hand, there are those who love the Facebook experience, and it seemingly plays an important role in their lives. I think it’s safe to say, that this is a market which will continue to grow exponentially.

Some people see this as inevitable progress – but I’m not one of them. Instead, my definition of progress in this market, is the development of private social networking platforms. Platforms that are designed specifically for friends, families, and  work teams, to privately share, discuss, organize photos, videos, etc., – all in a single easy to use private environment.

One such platform that caught my attention recently is Flink12. It was a “no-brainer” really. An application that can set out in a sentence, or three, an approach to privacy that meets my requirements, is sure to grab my attention.

Here’s what Flink12 has to say on social sharing privacy:

“Privacy first” is the highest priority at Flink12. This approach ensures that your personal information will remain completely secure. With no privacy settings to manage, your information is automatically safe. Personal information will not indexed on the web by search engines. You decide when, where and how much of your life you want to share and with whom.”

Since Flink12 passed my first test, I went on to the next set of questions – did it meet my requirements for functionality? Did it meet my requirements for usability? It did in both cases – and, the following list of features was very convincing.

Fast facts:

Safe & Private – Our “Privacy first” approach ensures that your personal information will remain private. Your information will not be indexed on the web by search engines. We designed Flink12 at its roots to be “udderly” private. Users have complete control.

Easy Photo Sharing – Easy to upload, free, fast, private photo sharing. Caption your photos. Comment on photos. There are several options for sharing each photo and privatizing comments. It’s truly the best way to share photos and comments.

Private Texting/Chat – Free instant communication one-on-one between you and any person in your Flink. Texting is free on Flink12.

Blogging – Write about your personal thoughts and activities as often as you wish. Blogging on Flink12 is quick, easy and fun. There are several options for sharing of blogs and comments amongst your flinks.

Friend Mapping – See where your friends are anytime, worldwide. You have a choice to show your location to your Flink friends or not. Very useful for travelers or friends and relatives across the globe or meeting up with friends for coffee.

Playful Icon Themes – Never forget to play. Our icons are all about expressing yourself in a playful way. Flink icons are uniquely humorous and allow you to quickly share your mood, health, activities and events using preset text or by entering your own text. Choices of several fun themes such as Moms & Babies, Sports Fans, Diva’s, Teens and Pets are coming soon.

Web & Apps – You can join and update on any platform- website, iPhone, iPad, iPod Touch and Android and you only have to post it once- Flink 12 updates seamlessly on all platforms.

Alerts – There are several options for notifications or alerts from your friends. On mobile, MOO’s and cowbells let you know when your friends have posted fresh news.

For more information and to sign up – visit the developer’s site: Flink12

Bottom line:

Flink12 is a technology rich application; full of powerful features – many more than I’ve been able to cover in this short review. At the same time, Flink12 has been designed for speed and simplicity.

If you’re into social networking and privacy is a concern, then take Flink12 for a test drive – I think you’ll be glad you did.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Secunia PSI Updated – Version 2.0 Released

Secunia has just released (December 20, 2010), Version 2.0 of their award winning vulnerability and patch scanning free application – Secunia PSI.

As important as it is, that you secure your computer by implementing a layered security approach, it’s equally as important that you keep your installed applications current and up-to-date. Insecure and unpatched applications are a common gateway used by cyber-criminals to infect unaware users’ machines.

Since PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application, when available – installing this small free application will assist you in ensuring that your software installations are relatively secure. I say “relatively”, since there is no perfect system.

The following screen captures illustrate, just how easy it is to take that extra step toward a more secure computing experience, using PSI. Click on any graphic to expand to its original size.

Following the initial scan of two Hard Drives – which took only two and a half minutes, PSI found two end-of-life applications, and one insecure application. The insecure application (VLC Media Player 1.1.14), is currently under attack by cyber-criminals. So, that was a good catch.

Updating VLC Media Player 1.1.14, was a snap – I simply clicked on “Install Solution”. Boom – done!

Quick facts:

Secunia PSI is free for private use.

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

Improvements in Version 2.0.

• Automatic Updates: Functionality for Auto Updates is now implemented as a core feature in the Secunia PSI.
• New User Interface: A new User Interface has been implemented. The design has been updated to make it simpler and easy to use the Secunia PSI, as well as improving the overall look and feel.
• Integration with Secunia CSI: The new Secunia PSI features integration with the commercial Secunia CSI. Secunia CSI customers can learn more about this feature with the release of the Secunia CSI 4.1.
• Improved Presentation of Scan Result: The presentation of scan results have been significantly improved, using techniques that have been tested during the Technology Preview. The Scan Results are grouped according to their installation and patch state, which in turn makes it simpler to identify the programs that actually requires the latest security patches.

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, is quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

System requirements: Windows 7, Vista SP 1 or later, XP SP 3 (32 & 64 bit).

Watch: How to install and use the Secunia PSI 2.0

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

Link: Secunia Online Software Inspector. In the last 24 hours, fully 19% of applications checked by this online tool, were insecure.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Weak Password Control – A Self Inflicted Injury

Over the weekend, Gawker.com was attacked, leading to a compromise of some 1.5 million user login credentials on Gawker owned sites, including Gizmodo, and Lifehacker.

According to Gawker Media –

Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords.

In an ironic twist to this tale of woe, it turns out that Nick Denton, the site’s founder, had not followed his own advice and in fact, used the same password for his Google Apps account, his Twitter account, and others.

So what gives? Why would someone with the supposed technical competence of Denton be so boneheaded? I suspect it’s because the reality is – he’s no different than any typical user when it comes to establishing and enforcing proper password control. A lackadaisical effort is the norm.

I understand the the dilemma. Complicated, in other words, safe passwords are hard to remember, whereas easy passwords, in other words unsafe passwords, are easy to remember. And, a single password is surely easier to remember than a series of passwords, simple or not. No surprise then, that most computer users’ employ a single, easy to remember, and consequently – unsafe password.

So what’s a user to do to avoid this critical security lapse? Well, you could follow the most common advice you’re likely to find when it comes to password control, and install a “password safe” – an application designed to store and retrieve password.

The Internet is full of advice that on the face of it seems reasonable, responsible and accurate. You know how it is – if you hear it often enough then it must be true. In my view, the password safe advice falls into this category.

Let me pose this question – you wouldn’t hang your keys outside your front door, would you? Of course you wouldn’t. Then why would you save passwords on the Internet, or on your computer? If there is one computer truism that is beyond dispute, it’s this – any computer application can be hacked, including password safes.

I have never saved passwords online, or on a local machine. Instead, I write my passwords down, and record them in a special book; a book which I keep ultra secure. There are some who disagree, for many reasons, with this method of password control, but I’m not about to change my mind on this issue.

I know that on the face of it, writing down your password seems counter intuitive, and flies in the face of conventional wisdom, since the issue here is one of security and safety.

But, ask yourself this question – is your home, office, wallet etc., more secure than your computer? If the answer isn’t “yes”, then you have additional issues that need to be addressed.

While it may be true that you don’t want your wife, lover, room mate, or the guy in the next office, to gain access to your written list of passwords – and writing down your passwords will always present this risk; the real risk lies in the cyber-criminal, who is perhaps, thousands of miles away.

Computer security involves a series of trade-offs – that’s just the reality of today’s Internet. And that brings us to the inescapable conclusion, that strong passwords, despite the fact that they may be impossible to remember – which means they must be written down – are considerably more secure than those that are easy to remember.

Here are some guidelines on choosing a strong password:

Make sure your password contains a minimum of 8 characters.

Use upper and lower case, punctuation marks and numbers.

Use a pass phrase (a sentence), if possible. However, not all sites allow pass phrases.

Since brute force dictionary attacks are common, keep away from single word passwords that are words in a dictionary.

Use a different password for each sign-in site. This should be easy since you are now going to write down your passwords. Right?

You are entitled, of course to disregard the advice in this article, and look at alternatives to writing down your passwords, including Password Safe, a popular free application. As well, a number of premium security applications include password managers.

Interestingly, Bruce Schneier, perhaps the best known security guru and a prime mover, some years back, behind the development of  Password Safe, is now an advocate of – you guessed it; writing down your passwords.

If you have difficulty in devising a strong password/s, take a look at Random.org’s, Random Password Generator – a very cool free password tool.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Sandbox Firefox With Secure Browser Version 5.1

I first reported on Secure Browser, a virtualized version of Firefox back in July of this year, and since then there have been a number of upgrades to the application, including 64 bit compatibility.

This is not 1985 when the only thing you had to worry about was what might be on the floppy disks you exchanged with your friends. Today, your Browser is the conduit into your computer – that’s the route by which the majority of malware spreads.

So, controlling malware intrusion, while surfing the Net, through the use of a ‘”virtual” environment rather than operating in a “real” environment, continues to make sense given the level of cyber criminal activity on the Internet.

In the last few months we’ve looked primarily at operating system virtualization – Shadow Defender, Returnil Virtual System, Wondershare Time Freeze, and a number of other similar applications. But, there are alternatives to OS virtualization – specific application virtualization running in a sandbox.

KACE Networks, Secure Browser (last updated Oct 20, 2010), is a virtualized version of Firefox which according to KACE –

Changes or malicious files inadvertently downloaded from the Internet are contained within the secure browser, keeping the underlying OS and computer secure from hostile changes.

Any changes resulting from browser activity may be quickly and easily reset to effectively “undo” such changes and return it to its initially installed state.

Graphic courtesy of Kace.

Fast facts:

Provides a virtualized and contained Firefox v3.6 Browser with Adobe Reader and Flash plug-ins.

Rapidly reset any changes made during normal use back to their initial state, enabling easy recovery from infections or attacks.

View statistics related to the number of processes detected and blocked.

Set white and black lists to limit access to known good sites, or prevent access to known bad sites to further limit the risk of attack and infection.

Contrary to my usual practice, I have not tested this application. Instead, I’m reporting on it’s availability only. I tend to stick with Ubuntu when surfing the Internet.

System requirements: Windows 7, Vista, XP (32-bit and 64-bit systems).

Download at: KACE

Note: Registration required.

Alternative solutions:

Sandbox your current Browser in Sandboxie.

Run the Chrome Browser which includes a form of sandboxing.

Run Comodo Dragon a variation on Chrome with additional privacy controls.

Run Ubuntu while surfing the Web.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.