Search the Community

http://arstechnica.com/security/2012/09/yet-another-java-flaw-allows-complete-bypass-of-security-sandbox/

SSH inventor warns that IT security's getting worse

http://www.ghostery.com/ Neat add-on, Well worth a look.

10 Minute Mail Going to that link will generate a temporary email address--one that's good for 10 minutes. You control it and can access the messages right from the page. So, if you need an email address to sign up for something but you don't want to divulge your actual email, this is a simple way to do it. You can extend your 10 minutes--to take you back to 10 minutes. You can do this multiple times, if a website takes a while to send you a message. After the timer expires, the email vanishes.

Today's Debian security upgrades included this recommendation to upgrade Iceweasel in Squeeze;

SuperGenPass (see second post for update) The above link gives you an easy tool for creating secure passwords, though they are only usable online. You provide a master password, and it will then take that, combine it with the domain of the site, and creates an md5 hash of it. You can select options like the case of the password (I don't see a reason to pick anything other than "mixed", unless the site specifically requires a certain case), the length, and several other things. It can generate your passwords online, or you can create a bookmarklet that will do the same thing for you, but not require the website. In either case, your information is not transmitted back to his (or any other) site. So, all you have to do to start using this today is: go to the site, find the "build your bookmarklet" section, look through the options (the default are fine, but I changed the generated length from the default of 8 to "ask each time", and the case to "mixed"; be careful changing the length, if you use different numbers on each site, you might forget what you used on a particular site!). Then hit the "Build Bookmarklet" button, and add the bookmarklet to your browser. I added it to the bookmarks toolbar so it's always a single click away. Who this will help: Anyone who uses the same password for every website. If you're already using different, secure passwords at each site, then more power to you (that is difficult; the more secure a password is can generally be linked to how random the password is--along with other things like length and what the set of characters used is--so if you're remembering multiple secure passwords, you've got a great skill!) How this will make you more secure: Using a single password everywhere is dangerous. With this tool, you are using a different, totally random password at every site you visit. They can't be reverse engineered, i.e., a hacker could not take your generated password and figure out your master password from it. What this does NOT do: - If your master password is compromised, your password can be compromised. Of course, a malicious user would still have to know that you used this particular generator.- If your physical machine is compromised, particularly with the bookmarklet, particularly if your master password is encoded in the bookmarklet (I changed it to ask each time), you are not safe. You can turn off the browser's automatic storing of passwords, but that could get very cumbersome. If you are extra-paranoid, you can change your master password at a certain interval. And, to be honest, it probably wouldn't hurt to do that anyway, even with the randomness of this. A nice feature of this particular generator is that it is available online. If you lose the bookmarklet, if you get a new computer, whatever, you can find it at that site. If you're even worried about the site going offline, you can (in theory, I didn't try this) store the page locally, burn it to a few CDs, and even store one in a safe deposit box. I don't think I'll go that far though. A note for IE users (note 4/14/2012: this may not apply to newer versions of IE, I'm not sure):

It seems like we hear news like this very regularly lately. LinkedIn confirms password loss: 3.5m already cracked

Did you read this lunacy? Has Adobe gone absolutely loony, lazy, or what? They cut of Linux updates, they charge to freakin' much for software, and now this outrage ... Adobe: Pay upgrade price to patch critical bugs

Hacking Expert David Chalk Joins Urgent Call to Halt Smart Grid - MarketWatch SmartGrid 101 Take Back Your Power - ThePowerFilm.org - There is a video with David Chalk on this site. Let me know how it is please. I can't watch it. I am very happy that an expert has come forward to openly not only discuss this but make it understood in no uncertain terms that the 100% that it is an inevitability that in today's world, the SmartGrid being hacked is a foregone conclusion it has no protection AND is on the Internet! It is a cool technology but too dangerous in a terror, malware and more often than not, being part of a very unfair world. A very bad combination.

Sophos Anti-Virus for Mac Home Edition - Free antivirus that works simply and beautifully That's one free one, and of course there is the Free VirusBarrier (non realtime scanning) available in the Mac AppStore as well as the full blown VirusBarrier for what is it $69? And there is the ClamXav for free as well (also non realtime scanning. I would have listed Symantec but I am seeing too many issues with Lion and Snow Leopard right now. Any others?