March 7, 2006
Hacker Gains Root Access to OS X in 30 Minutes
This is a link to a ZDnet story of how a hacker supposedly gained access to an Apple Mac OS X box in 30 minutes. This was in response to a contest challenge. The article can be found on Yahoo’s news site at this location: Hacker Gains Root Access to Mac OS X in 30 Minutes. A quote in the article states that Mac’s aren’t any more secure than Windows machines they just aren’t targetted that much. So if you use a Mac on the Internet it is still a very good idea to keep it patched, install good antivirus protection, and use a firewall.
Posted by Clark Coffman at 9:20 AM
January 27, 2006
What to do after getting hacked
SearchWindowsSecurity.com has a good checklist of 11 things to do after a hack. These are great best practices that would fit very well into your district’s cyber security plan.
Posted by Web Developer at 2:30 PM
December 15, 2005
Google Safe Browsing Extension for Firefox
If you’re using the Firefox web browser (you are using Firefox, right?), you now have one more tool at your disposal to keep your information safe online. Today Google announced and released the Google Safe Browsing, an extension for Firefox that alerts you if the site you’re looking at is potentially bogus
A FAQ is also available that explains a little bit about phishing and how Google Safe Browsing works to protect you from it. This is definitely a good extension to have installed!
Posted by Web Developer at 10:10 AM
November 30, 2005
Firefox 1.5 Released
One of my top tips for reducing or eliminating the spyware/malware problem on Windows computers is a simple one: Stop using Internet Explorer. Because IE is so tightly coupled with the operating system, any security exploits affecting it can also usually gain access to the entire system. In addition, Microsoft’s ActiveX technology (which only works in Internet Explorer) lets people distribute what are the equivalent of Windows programs right inside web pages. This lets ActiveX components do exactly the same things as any other program on your computer, from installing software to removing files.
You can take steps to secure Internet Explorer, but it takes work and a lot of diligence on your part. Microsoft offers a guide titled Browsing the Web and Reading E-mail Safely as an Administrator and a software tool called DropMyRights (available for download on the article page) which help you browse the Internet as a regular Windows user, even when you’re logged in as an Administrator. Like I said above - safe browsing in IE can be done, but it’s kludge that doesn’t fix the underlying issues. Plus, it’s out of reach for almost everyone except those people who are likely practicing safe browsing habits anyway.
The alternative is to use a different web browser when you’re looking at web pages. There are many options out there, but currently your best choice (in my opinion) is Firefox. Version 1.5 was released just yesterday, and in addition to offering a much safer browsing experience than Internet Explorer, it has features a faster page rendering engine, tabbed browsing, built in RSS support, and a ton of extensions that let you customize it even further.
While Firefox isn’t immune to security bugs and exploits, it does offer a layer of seperation between itself and the operating system that IE doesn’t have. You will hear about security issues with Firefox, but the developers are typically very quick to fix them and get updates out through the built-in auto-update feature.
Posted by Web Developer at 10:36 AM
November 27, 2005
Ultra High Security Password Generator
Thanks to security expert Steve Gibson of GRC.com, a new extremely high security password generator is now available from his website at the following address:
In episode 14 of Security Now!, Steve unveiled this new tool that, while designed with WPA keys in mind, can be used in any case where you need a random and unbreakable password. When you’re at that page, just hit the refresh button in your browser to generate completely new and unique passwords. If you don’t need or want the entire length, simply chop out the part you do want and use that.
Remember: A weak password is as good as no password at all. Keep them strong!
Posted by Web Developer at 11:52 PM
November 23, 2005
NSA Security Guides
Have you ever wondered what the NSA, one of the most covert federal agencies, does to secure their desktop computers? You can actually find out from the source.
The NSA offers a series of Security Configuration Guides for a range of operating systems, wireless, web servers and browsers, and more.
There is a ton of great info here, but fair warning: some of it isn’t for the faint of heart. It can get very geeky, very fast. But if you’re serious about security, take a look and download some of the documents (all are in PDF format) - you’ll pickup lots of great tips.
Posted by Web Developer at 11:11 PM