In the last couple of days a lot of attention has been given to the paper "Lest We Remember: Cold Boot Attacks on Encryption Keys". The attack outlines how laptop disk encryption is vulnerable due to the properties of RAM and its retention of the encryption keys. Its a pretty sophisticated attack and one can assume that the kind of subject that will perpetrate this attack is pretty serious about getting to your data. (Think organised crime or overzealous immigration police).
The consensus seems to be that the best way to defeat this attack would be to "hibernate" your machine or shut it down completely when travelling about. Macs unfortunately have this concept of "Safe Sleep". Through this default process a hibernation file gets created but the machine is put into low/power or "sleep" mode first (fully vulnerable to this attack).
All is not lost however - as shown in this blog post on Macworld you can set the mac to hibernate by default.
This is of course a bit of a pain and your Macbook will not resume normal operation as fast as normal.
I have set my Macbook Pro to only hibernate using the following command from a Terminal window:
$sudo pmset -a hibernatemode 5
Please note that this applies to my machine as I use the "Secure Virtual Memory" setting in the Security Preference pane. Other readers might need to use the value 1. Please refer to the blog posting mentioned a little earlier.
One other method would of course be to keep the status quo hibernation settings.
1) Safe Sleep your Macbook as normal.
2) Wait for the machine to indicate that it has successfully entered Safe Sleep (the little white light on the lid button will slowly pulsate on and off)
3) Then remove the battery.
By removing the battery you will kill the "sleep" mode and the Mac will resume from its hibernate file. That should get rid of any encryption keys in memory with the added advantage that while you are in a "safe area" or not travelling you have super fast resumes from sleep.
Wednesday, February 27, 2008
Thursday, February 14, 2008
FOSS and Security experience in South Africa? Who are you?
Dear Lazyweb,
The company that I work for, Exponant, is currently looking for skills in Information Security and FOSS (Free and Open Source Software).
If you are an experienced professional in the above areas I would love to hear from you.
On the security side we are looking for senior engineers and architects.
On the FOSS side we are looking for individuals with experience with FOSS in the enterprise.
We are based in Centurion, South Africa and most our demand is from clients in Pretoria.
The company that I work for, Exponant, is currently looking for skills in Information Security and FOSS (Free and Open Source Software).
If you are an experienced professional in the above areas I would love to hear from you.
On the security side we are looking for senior engineers and architects.
On the FOSS side we are looking for individuals with experience with FOSS in the enterprise.
We are based in Centurion, South Africa and most our demand is from clients in Pretoria.
Friday, February 01, 2008
Microsoft and Yahoo!
Wow! By far the biggest news of the year is that Microsoft has put in a bid to buy Yahoo!
Amazing news on so many levels, Yahoo! has been languishing for years and neither Microsoft or Yahoo! have been able to really respond to Google's dominance in the search market. This hot on the heals of Google's missed earnings...
Amazing news on so many levels, Yahoo! has been languishing for years and neither Microsoft or Yahoo! have been able to really respond to Google's dominance in the search market. This hot on the heals of Google's missed earnings...
Monday, January 28, 2008
Open Season for Open Source
Nokia has acquired Trolltech. This hot on the heals of Sun's acquisition of MySQL. It truly is an exciting time and really gratifying for those of us that have been saying for years that Open Source Software is viable and that it makes sense to businesses.
I've always had a soft spot for KDE and Trolltech and it really seems like a great opportunity for them to truly become serious players. Webkit has already demonstrated over and over that KDE is build on top of solid technology. An interesting intersection of KDE -> Trolltech -> Nokia and Apple...
I've always had a soft spot for KDE and Trolltech and it really seems like a great opportunity for them to truly become serious players. Webkit has already demonstrated over and over that KDE is build on top of solid technology. An interesting intersection of KDE -> Trolltech -> Nokia and Apple...
Wednesday, January 16, 2008
Want to share your Wi-Fi like Bruce Scheier? Here's how (and no, its not by leaving it open).
I have been giving Bruce Schneier's article about leaving his wireless network open a lot of thought lately. Although I agree that its great to help out your neighbours there are just too many risks to leaving your Wi-Fi open. Paul from Pauldotcom raises very good points to which I wholeheartedly agree. Why risk leaving it open? It is analogous to leaving your sugar on the curb in-case a neighbour might run out. Obviously you could end up without any sugar at all and perhaps even in the worst case end up with something other than sugar in your food. The world can be a strange place.
In South Africa we routinely have people asking for help at our homes, they come in all shapes and sizes and I normally eyeball them and unless they really seem like bad apples I normally help out with a little food or money. I use my gut to judge the character of the individual.
Now, if I wanted to I could just always leave some money and food on the curb or in a publicly accessible place, but I'm afraid that that system might get very easily abused and leave the souls who really need my help with no help at all.
Ok, so what about Wi-Fi? I think that open wireless network are just silly, due to abuse, threat and possible liability. However, I do agree with Bruce that its nice and neighbourly to share. "Sharing is caring".
My proposal?
Set your SSID of your Wireless router to something that indicates your willingness to share, for example: "22 1st street for access" or "Text 5551000 for access" or even "Contact B. Schneier for access". Be creative as there is a limitation to how many characters your SSID can be.
In the case of a neighbourhood one can assume that your friends will be able to track you down and phone you for a password, you might prefer "authenticating" or making a "gut call" on all people you let in, but you can still broadcast your willingness to do so - while keeping your Wireless router encrypted with WPA encryption and a good password that you can change after a reasonable amount of time or when you feel that your goodwill is being abused.
This seems to me to be a "best of both worlds" solution. What do you think?
In South Africa we routinely have people asking for help at our homes, they come in all shapes and sizes and I normally eyeball them and unless they really seem like bad apples I normally help out with a little food or money. I use my gut to judge the character of the individual.
Now, if I wanted to I could just always leave some money and food on the curb or in a publicly accessible place, but I'm afraid that that system might get very easily abused and leave the souls who really need my help with no help at all.
Ok, so what about Wi-Fi? I think that open wireless network are just silly, due to abuse, threat and possible liability. However, I do agree with Bruce that its nice and neighbourly to share. "Sharing is caring".
My proposal?
Set your SSID of your Wireless router to something that indicates your willingness to share, for example: "22 1st street for access" or "Text 5551000 for access" or even "Contact B. Schneier for access". Be creative as there is a limitation to how many characters your SSID can be.
In the case of a neighbourhood one can assume that your friends will be able to track you down and phone you for a password, you might prefer "authenticating" or making a "gut call" on all people you let in, but you can still broadcast your willingness to do so - while keeping your Wireless router encrypted with WPA encryption and a good password that you can change after a reasonable amount of time or when you feel that your goodwill is being abused.
This seems to me to be a "best of both worlds" solution. What do you think?
Friday, January 11, 2008
Steal This Wi-Fi
A very interesting, thought provoking, article by Bruce Schneier.
Security is all about tradeoffs, you can choose never to participate in dangerous activities like flying or driving a motorcar but most of us choose to assume the risk.
Security is all about tradeoffs, you can choose never to participate in dangerous activities like flying or driving a motorcar but most of us choose to assume the risk.
Thursday, January 10, 2008
Mac OSS roundup
Thanks for KMF for some of these.
Looking for OSS software for Mac OS X?
Here is a list of very useful Open Source Software/Free Software directories for the Mac. I have used a couple of these with great success. There inevitably is some duplication, so be warned.
Here they are:
Looking for OSS software for Mac OS X?
Here is a list of very useful Open Source Software/Free Software directories for the Mac. I have used a couple of these with great success. There inevitably is some duplication, so be warned.
Here they are:
- Open Source Mac (http://www.opensourcemac.org/)
- FreeSMUG (http://www.freesmug.org/)
- iUseThis (http://osx.iusethis.com/search?q=open+source)
- CocoaDev (http://www.cocoadev.com/index.pl?CocoaOpen)
- AjaxFlakes Top 100 Best (http://www.ajaxflakes.com/open-source/top-100-best-open-source-mac-software)
- The mother ship (http://www.apple.com/opensource/)
- MacPorts (http://www.macports.org/)
- Fink (http://www.finkproject.org/)
Apple Address Book and Microsoft Exchange (LDAP)
I had a short discussion this afternoon with a fellow Mac fanatic (KMF) discussing the problem we both share and that is: Accessing Microsoft Exchange from Mac OS X.
There are three elements that you would mostly be interested in: email, calendar and contacts. This quick howto deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).
Step 1: Determine the default naming context (base dn) for the search
- Fire up Terminal and issue an ldapsearch to determine the default naming context:
$ldapsearch -h your.exchange.server -x -b '' -s base '(objectclass=*)' 'namingContexts'
- Search for the lines beginning with "namingContexts":
namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com
The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (btw - this will work on other LDAP servers too), ie. DC=mycompany,DC=com.
Step 2: Configure Address Book to query the server
- Fire up Address Book and go to the Preferences (Command + ,). Select the LDAP tab.
- Hit the "+" to add a new server.
- In the "Server" field complete the hostname of your Exchange server or Active Directory domain controller in the case of larger companies.
- In the "Search Base" use the information that you retrieved from "ldapsearch" earlier. It will be in the format DC=company,DC=com.
- Choose "Simple" authentication.
- "User Name" should be your normal Windows logon.
- "Password" again, your Windows password.
Step 3: Searching your Global Address list.
- Address Book will automatically query the server whenever you search for a name.
This will also happen whenever you type new addresses into Mail.app when composing emails.
Hope this helps!
There are three elements that you would mostly be interested in: email, calendar and contacts. This quick howto deals with getting Address Book to work with LDAP (Microsoft Active Directory in our case).
Step 1: Determine the default naming context (base dn) for the search
- Fire up Terminal and issue an ldapsearch to determine the default naming context:
$ldapsearch -h your.exchange.server -x -b '' -s base '(objectclass=*)' 'namingContexts'
- Search for the lines beginning with "namingContexts":
namingContexts: DC=mycompany,DC=com
namingContexts: CN=Configuration,DC=mycompany,DC=com
namingContexts: CN=Schema,CN=Configuration,DC=mycompany,DC=com
The result you are looking for is the "base/root" and that is the shortest one in the case of Exchange (btw - this will work on other LDAP servers too), ie. DC=mycompany,DC=com.
Step 2: Configure Address Book to query the server
- Fire up Address Book and go to the Preferences (Command + ,). Select the LDAP tab.
- Hit the "+" to add a new server.
- In the "Server" field complete the hostname of your Exchange server or Active Directory domain controller in the case of larger companies.- In the "Search Base" use the information that you retrieved from "ldapsearch" earlier. It will be in the format DC=company,DC=com.
- Choose "Simple" authentication.
- "User Name" should be your normal Windows logon.
- "Password" again, your Windows password.
Step 3: Searching your Global Address list.
- Address Book will automatically query the server whenever you search for a name.
This will also happen whenever you type new addresses into Mail.app when composing emails.
Hope this helps!
Thursday, January 03, 2008
w00t
I am very pleased to report that some feedback I sent was featured on the Security Now! podcast.
There are some podcasts that I make a genuine effort to keep up with and a lot of those come from Leo Laporte's brilliant TWiT network.
Just search the shownotes of show 124 for "Stephan Buys" to read my suggestion regarding private browsing by manually managing cookies in Firefox, alternatively listen to the audio also provided through the link or subscribe to the show using iTunes.
There are some podcasts that I make a genuine effort to keep up with and a lot of those come from Leo Laporte's brilliant TWiT network.
Just search the shownotes of show 124 for "Stephan Buys" to read my suggestion regarding private browsing by manually managing cookies in Firefox, alternatively listen to the audio also provided through the link or subscribe to the show using iTunes.
Thursday, December 20, 2007
Mac OS X Open Source and Security
Previously I blogged about my regularly used Open Source applications on the Mac. Today I am dealing with some applications that deal with security on the Mac. In my career I wear two hats, one of Open Source advocate/developer/consultant and then also a security consultant hat.
I also have a keen interest in keeping my Mac secure when using it from day to day - thus the tools I am about to discuss deal with "personal" security (local firewall for example) as well as "network" security.
Lets get started.
I also have a keen interest in keeping my Mac secure when using it from day to day - thus the tools I am about to discuss deal with "personal" security (local firewall for example) as well as "network" security.
Lets get started.
- MacGPG (http://macgpg.sourceforge.net/)
- The Free Software implementation of PGP. I specifically use the GPGMail plug-in for Apple Mail.app to allow me to send and receive encrypted email as well as sign emails and verify email signatures.
- sshfs (http://code.google.com/p/macfuse/)
- A FUSE pluggable filesystem for the Mac that allows it to mount drives on other Unix or Linux hosts using ssh. This might not be a specific security related app but it does allow for extra security when sharing across a network - the links are encrypted and safe from snooping.
- Waterroof (http://www.hanynet.com/waterroof/)
- A personal firewall manager that exposes the underlying, powerful, ipfw firewall of Mac OS X. There were a couple of scares with the Leopard firewall's default behavior when it first ship and it led me to look for more information on the topic. Waterroof allows a user to truly fine-tune the firewall. A handy wizard also allows novice users to set up a very secure default policy.
- MacPorts Apps (http://www.macports.org/)
- Some applications are best served using macports. To install the following app download and install macports and then issue: "sudo port install appname"
- nmap (http://insecure.org/nmap/)
- nmap is the de-facto standard when it comes to port scanning. You can use nmap to learn a lot about hosts, networks and services.
- wireshark (http://www.wireshark.org/)
- wireshark is a packet sniffer with a lot of advanced capabilities. Packet captures can be analyzed to a great level of detail. It also produces traffic flow and usage reports on the traffic that it captures. If you need find out what is going on on your network you need Wireshark.
Wednesday, December 19, 2007
Mac OS X Open Source Roundup
As we approach the end of the year, here is a list of really usefull Open Source utilities and applications that I use regularly on my Mac.
I run Mac OS X 10.5 (Leopard), but most of the applications should work on Tiger (10.4) as well.
I run Mac OS X 10.5 (Leopard), but most of the applications should work on Tiger (10.4) as well.
- Freemind (http://freemind.sourceforge.net/)
- Indispensable mind-mapping application written in Java. I have been using Freemind for years on Linux, Windows and of course now on the Mac as well. Truly useful with some real advanced functions and scripting capabilities.
- Vienna (http://www.opencommunity.co.uk/vienna2.php)
- An Open Source RSS feed reader. Vienna is a part of my daily routine in which I track a couple of hundred feeds. Once you get to know it you will love it even more - some clever keyboard shortcuts really create a lot of efficiency.
- Firefox (http://www.mozilla.com/en-US/firefox/)
- Firefox is the standard web browser for millions of Windows, Linux and Mac users out there. I prefer Firefox as opposed to Camino on the Mac as I really depend on some plug-ins for my daily security and privacy needs (I'll blog more about this again soon).
- Adium (http://www.adiumx.com/)
- Due to its massive multi-protocol nature (supports over 10 different IM providers) Adium was a no-brainer when it came to Instant Messaging on the Mac. I have never tried iChat or any alternatives mostly as Adium did such a stellar job out of the box. Growl integration makes it even more powerful - I like the ability to do specific actions when certain contacts come online. It also offers the ability to "bundle" accounts from multiple networks into one account for those contact who like myself are on various networks.
- Colloquy (http://colloquy.info/)
- The gents behind Adium also recommend Colloquy for IRC (internet relay chat). My usage of IRC varies depending on project and job focus but I have started to learn the nuances of the program and have grown to love it. I'm not crazy about its default behavior but after a little bit of tweaking it really turned out to be a powerful tool.
- Quicksilver (http://www.blacktree.com/projects/quicksilver.html)
- What can one say about Quicksilver? It has changed the way I interact with my computer and probably would be one of the functions I cant live without. The ability to "act without doing" as the developers call it creates the most amazing productivity gains. I am not a Quicksilver ninja yet but the limited ways that I use it in has made life so much easier... Thinking of an app? Three keystrokes and you're there.
Wednesday, November 28, 2007
How to FLOSS
In my never ending quest to discover good up-to-date resources about Open Source Software I stumbled across the following.
The guide can be found at http://guide.conecta.it/.
"This guide (developed in the context of the FLOSSMETRICS and OpenTTT projects) present a set of guidelines and suggestions for the adoption of open source software within SMEs, using a ladder model that will guide companies from the initial selection and adoption of FLOSS within the IT infrastructure up to the creation of suitable business models based on open source software."The guide seems to be pretty comprehensive and could serve as a valuable resource for persons wanting to familiarise themselves with FLOSS.
The guide can be found at http://guide.conecta.it/.
Tuesday, November 20, 2007
WEP?? Leopard Internet Sharing Woes
I anxiously awaited Leopard in the hope that Intenet Sharing would support WPA. I have a really hard time understanding why Leopard supports Internet Sharing through WEP. Aircrack-ng and other tools can crack WEP in uder a minute - it just does not make sense.
Perhaps the Lazyweb can recommend a solution whereby I can do WPA through third party support? From what I understand WPA has the same performance impact as WEP (when not using AES) - but it probably is a case of the Hardware only supporting the old standard...
My recommendation? If you truly need to do Internet Sharing do it through the Ethernet port (using a crossover cable) or enable WEP only for a short while and change the password every time you use it.
Perhaps the Lazyweb can recommend a solution whereby I can do WPA through third party support? From what I understand WPA has the same performance impact as WEP (when not using AES) - but it probably is a case of the Hardware only supporting the old standard...
My recommendation? If you truly need to do Internet Sharing do it through the Ethernet port (using a crossover cable) or enable WEP only for a short while and change the password every time you use it.
Friday, November 16, 2007
Leopard Firewall - OS X 10.5.1 relief
I'm glad to report that this morning after updating to Mac OS 10.5.1 the firewall seems to be working as advertised. They dropped the "Block all incoming" moniker and replaced it with "Allow only essential services", which I selected.
Also, I enabled "Stealth Mode" under Advanced.
I then ran some tests from another host to verify that the firewall was up and it seemed to be performing as advertised. I'm pretty interested to see what the "Essential" services are - perhaps I will do some digging soon.
Just for completeness run the following tests from another host on the network:
$ ping hostname
(Should return no replies if stealth is on)
$ nmap hostname
(Should also not return with any open ports)
I disabled my firewall temporarily to scan for some open ports and then tested connections to those ports using telnet after re-enabling the firewall. All results were also positive.
I'm very pleased that this issue has been resolved.
Also, I enabled "Stealth Mode" under Advanced.
I then ran some tests from another host to verify that the firewall was up and it seemed to be performing as advertised. I'm pretty interested to see what the "Essential" services are - perhaps I will do some digging soon.
Just for completeness run the following tests from another host on the network:
$ ping hostname
(Should return no replies if stealth is on)
$ nmap hostname
(Should also not return with any open ports)
I disabled my firewall temporarily to scan for some open ports and then tested connections to those ports using telnet after re-enabling the firewall. All results were also positive.
I'm very pleased that this issue has been resolved.
Thursday, November 08, 2007
Leopard Firewall Woes
I have been using Mac OS X Leopard for the last few weeks and the article on Heise Security caught my attention. I use a 3G connection to the internet quite often and have to assume that a NAT firewall wont always be available.
I did some of my own tests and as far as I could tell setting the firewall to "Block All Incoming Connections" just does not seem to work.
The output of "sudo ipfw list" does not seem to change when switching between "Allow All" and "Block All"...
Here is what I recommend for now:
- Download WaterRoof ipfw at: http://www.hanynet.com/waterroof/ (its OSS).
- Run through the Wizard, just clicking next is the equivalent of "Block All"
- If you want "Stealth", go to "Static Rules" and add a rule to block all ICMP from "Any" to "Me".
- Make these changes permanent through: Tools -> Startup Script -> Install Startup Script.
To test if your setup is any good head over to Shields Up! Steve Gibson's excellent resource and run some tests to check that your firewall is actually working as planned. Shields Up! can be found at: http://www.grc.com/.
Please note that this test is most effective if you are directly connected to the internet. If you cannot connect directly rather Google for nmap and run some tests on your LAN. I used nmap to run some tests against the firewall to confirm the results - consider just trying to ping your machine from another host at least.
For reference here are my rules, running "sudo ipfw list" from the terminal should give you similar results.
And remember: "Friends do not let friends get Owned" - Pauldotcom Security Weekly
I did some of my own tests and as far as I could tell setting the firewall to "Block All Incoming Connections" just does not seem to work.
The output of "sudo ipfw list" does not seem to change when switching between "Allow All" and "Block All"...
Here is what I recommend for now:
- Download WaterRoof ipfw at: http://www.hanynet.com/waterroof/ (its OSS).
- Run through the Wizard, just clicking next is the equivalent of "Block All"
- If you want "Stealth", go to "Static Rules" and add a rule to block all ICMP from "Any" to "Me".
- Make these changes permanent through: Tools -> Startup Script -> Install Startup Script.
To test if your setup is any good head over to Shields Up! Steve Gibson's excellent resource and run some tests to check that your firewall is actually working as planned. Shields Up! can be found at: http://www.grc.com/.
Please note that this test is most effective if you are directly connected to the internet. If you cannot connect directly rather Google for nmap and run some tests on your LAN. I used nmap to run some tests against the firewall to confirm the results - consider just trying to ping your machine from another host at least.
For reference here are my rules, running "sudo ipfw list" from the terminal should give you similar results.
$sudo ipfw list
00100 allow ip from any to any via lo*
00110 deny ip from 127.0.0.0/8 to any in
00120 deny ip from any to 127.0.0.0/8 in
00130 deny ip from 224.0.0.0/3 to any in
00140 deny tcp from any to 224.0.0.0/3 in
01000 allow tcp from any to any out
01000 allow tcp from any to any established
01100 deny icmp from any to me
65534 deny tcp from any to any
65535 allow ip from any to any
And remember: "Friends do not let friends get Owned" - Pauldotcom Security Weekly
Wednesday, September 05, 2007
Thursday, August 23, 2007
Spot on
Matt Assay quoting Michael Tiemann on Microsoft and the OSI.
Going Open Source is the _best_ thing Microsoft could do.
...
Going Open Source is the _best_ thing Microsoft could do.
...
Tuesday, August 07, 2007
Switch!!
As of last Thursday I am a Mac OS X user - and I love it!
The latest Macs are the only platforms you can run all 3 of the major OS flavors on (my biggest reason for switching). I am running VMWare Fusion (for Windows/Unity) as well as bootcamp. My Ubuntu install is relegated to a virtual machine for now, but the hardware will run it just fine natively. Contrary to my expectations, I am really at home in OS X - the switch was quick and its complete.
The latest Macs are the only platforms you can run all 3 of the major OS flavors on (my biggest reason for switching). I am running VMWare Fusion (for Windows/Unity) as well as bootcamp. My Ubuntu install is relegated to a virtual machine for now, but the hardware will run it just fine natively. Contrary to my expectations, I am really at home in OS X - the switch was quick and its complete.
Monday, July 30, 2007
Thanks, but no thanks
I have been tracking Calendar Swamp for a while now and ran across a comment this morning that according to Paul Thurrot the local calendar is dead.
In a way I agree, but essentially, as it stands today, I have an issue with Google (for example) owning my calendar. I fully agree that having my calendar confined to my PC is a pain, and really not very useful to me. I see the solution as having an alternative, if possible, and host my _own_ calendar online (On infrastructure that I own and on software that I control) I would love to say "Thanks, but no thanks" to all these targeted adds and hosted services. As far as planning my own life is concerned and hosting my email I would like to have full control.
Luckily there are positive developments in this direction.
1) Web Contracts (at least in some parts of the world) cannot be changed without notice. I like the idea that Google could not potentially change its terms of service or privacy policy behind my back.
2) Jimmy Wales (from Wikipedia fame) has kicked off Grub. I see this as a really exciting development. How wonderfull would it be to get high-quality search results without someone tracking your search habits, storing your private information and targeting adds at you all the time. Go Jimmy!
3) Open Source Groupware is maturing very nicely. The Kolab and Horde projects are converging slowly but surely and I hope to host all my calendar and email services, that I currently "outsource", myself soon. My email and calendar - hands off.
In a way I agree, but essentially, as it stands today, I have an issue with Google (for example) owning my calendar. I fully agree that having my calendar confined to my PC is a pain, and really not very useful to me. I see the solution as having an alternative, if possible, and host my _own_ calendar online (On infrastructure that I own and on software that I control) I would love to say "Thanks, but no thanks" to all these targeted adds and hosted services. As far as planning my own life is concerned and hosting my email I would like to have full control.
Luckily there are positive developments in this direction.
1) Web Contracts (at least in some parts of the world) cannot be changed without notice. I like the idea that Google could not potentially change its terms of service or privacy policy behind my back.
2) Jimmy Wales (from Wikipedia fame) has kicked off Grub. I see this as a really exciting development. How wonderfull would it be to get high-quality search results without someone tracking your search habits, storing your private information and targeting adds at you all the time. Go Jimmy!
3) Open Source Groupware is maturing very nicely. The Kolab and Horde projects are converging slowly but surely and I hope to host all my calendar and email services, that I currently "outsource", myself soon. My email and calendar - hands off.
Friday, July 27, 2007
7 Actions to browse the Internet a little safer
My 2 cents worth regarding a safer browsing experience, I am ordering these from easy-to-do to really-paranoid and hard to set up.
1) Use Firefox
(http://www.mozilla.com/en-US/firefox/)
2) Disable "Remember passwords for sites" in
Edit -> Preferences -> Security
3) Clear you private data when you close Firefox
(Edit -> Preferences -> Privacy -> Private Data. (I clear all private data on logout without Firefox prompting for permission)
4) Disable JavaScript
(https://addons.mozilla.org/en-US/firefox/addon/722)
5) Use strong passwords
(https://addons.mozilla.org/en-US/firefox/addon/469)
6) Browse inside a Browser Appliance
(http://www.vmware.com/vmtn/appliances/directory/browserapp.html)
7) Browse using a LiveCD
(http://www.ubuntu.com/getubuntu)
1) Use Firefox
(http://www.mozilla.com/en-US/firefox/)
2) Disable "Remember passwords for sites" in
Edit -> Preferences -> Security
3) Clear you private data when you close Firefox
(Edit -> Preferences -> Privacy -> Private Data. (I clear all private data on logout without Firefox prompting for permission)
4) Disable JavaScript
(https://addons.mozilla.org/en-US/firefox/addon/722)
5) Use strong passwords
(https://addons.mozilla.org/en-US/firefox/addon/469)
6) Browse inside a Browser Appliance
(http://www.vmware.com/vmtn/appliances/directory/browserapp.html)
7) Browse using a LiveCD
(http://www.ubuntu.com/getubuntu)
Subscribe to:
Posts (Atom)