I’ll be honest: I didn’t think I had to explain any of this, because I thought it was obvious.
Given the number of recent online security breaches – including the release of really, really bad passwords – clearly it’s not so obvious.
Well, I guess I shouldn’t be surprised. After all, I think about this kind of thing as part of my work. Most people don’t. It’s my job to program things that work, but a big part of it becomes making things that other people will find difficult to exploit.
Otherwise, what’s the point? No one cares if it “just works” if some evil person out there can break it in 5 minutes! The way to go about doing this is to not program a single line of code until you’ve got the whole thing sorted in your head. Then, think about how you would hack it.
You don’t do this by thinking like yourself; you must think like someone who wants to attack you. Unless you’re a Russian chess master, you probably don’t think this way very often.
But, not to worry! The following are a few tips that will greatly increase your online security without making your brain catch on fire. Which is nice…
Here’s a fun one:
The Department of Homeland Security (??) announced that QuickTime for Windows has 2 nasty security flaws.
They also say that Apple is no longer providing updates for QuickTime for Windows, so they are recommending that QuickTime be uninstalled from Windows machines.
So… DHS? What?!
In this day and age of well-known NSA spying, everyone keeps saying that the only way to be safe is to use SSL/TLS, commonly known as “browsing with https://”.
The sad reality is that HTTPS does virtually nothing to protect you from the prying eyes of alphabet soup agencies – or anybody else with enough knowledge about how these supposedly “secure” connections actually work.
It’s true that connecting to web sites with SSL will certainly prevent “script kiddies” and other more winky opponents from eavesdropping on your surfing or otherwise interfering in your affairs. But as for the Real Bad Guys, forget it…
We shall begin by taking a brief dive down the rabbit hole of SSL, hopefully in a way that will make sense to even the least technically inclined among us.
This issue is, after all, so extremely important that I think everyone needs to understand what is really going on, and how web security actually works, without needing a PhD in cryptography, computer science, or engineering!
Computers, How Does it Work?
NetworkWorld has an interesting article entitled How to use electrical outlets and cheap lasers to steal data. The article discusses a presentation that will be held at the Black Hat USA conference later this month.
The deal is that two researchers are supposedly going to demonstrate how keystrokes can be read from a remote computer using either a laser, or signals transmitted over the ground line coming from a nearby computer.
While these techniques might be interesting to know about, somehow I think we have bigger things to worry about.
Read on to see what I mean…
Many people these days use a Wi-Fi (IEEE 802.11) router, or they have a broadband modem with built-in wireless. It’s amazing to me that in this supposedly “high-tech” and “high-security” age, many people still are completely unaware just how wide open their home network really is.
With a Wi-Fi modem, usually your provider will be smart enough to lock down your wireless connection for you. But if you bought a wireless router or access point and set it up yourself, there are a few things you should know to keep others from “stealing” your connection and using it for nefarious purposes…
Everyone is totally crazy about security these days – especially computer security. We’ve all got antivirus software, a firewall, spyware scanners, and god knows what else loaded up on our PCs to protect ourselves from the “evils” of a networked world.
Some of us choose to use certain operating systems that we believe are inherently secure, while the reality is quite different. I remember hearing all about how “ultra-secure” OS X Tiger was in comparison to Windows XP. I know a lot of people who believed this, and who even went out of their way to harp on XP and how insecure it was. Well, there have been numerous updates for Tiger and Leopard that were sent out from Apple HQ. Guess what? There were scores of security vulnerabilities in OS X. What really might shock you is that the vulnerabilities in OS X read like a list of XP security holes (see here and here and here). That’s right, just because Apple tells you OS X is safer doesn’t mean that it’s actually true! Go figure!
Of course, there’s also Linux. In some respects, Linux is safer. In others, it’s no different than XP and OS X. Personally, I prefer Ubuntu and Vista at the moment. But the bottom line is that when it comes to security, it’s up to you to keep your data safe. The first and best way you can do that is to create and use strong passwords!