This is a little technical, but it affects your ability to access secure sites without anybody seeing what you’re doing.
DigiNotar, a Dutch provider of SSL certificates, has been hacked, and hacked well and good. The hackers then created rogue SSL certificates, which can be used to impersonate actual, well-known websites, like google.com.
Read on for more, including what to do about it.
Explore related content: browser, browser security, certificate revocation, DigiNotar, security, SSL, SSL certificates
Skipfish is a new security scanning tool from Google that tries to find vulnerabilities in your webserver.
It can be installed either locally or on your webserver.
The easiest place to install Skipfish is on Linux, so I’ll go over installing it on Ubuntu.
Explore related content: compile, Google, Linux, security, security scanner, Skipfish, Ubuntu
Google released a free website scanning tool called Skipfish. Skipfish accesses your entire website’s URLs and tries to find problems from a huge list of tens of different security problems.
Click through for more.
Explore related content: Google, security, security scanner, Skipfish, software, website, website security, WordPress
A data security company released a list of the 20 most common passwords.
Of course, these are also the top 20 passwords to avoid, too.
Click through for the list.
Explore related content: break-in, passwords, security, website
As you may or may not know, Digitivity.org is hosted on Dreamhost. Anyway, they used to boot the operating system from the network to allow for centralized configuration.
Now, they’re moving to local OS’s, which requires rebooting their servers. This means a few minutes of downtime per website as the OS reboots.
There’s a way you can get a custom RSS feed of the problems affecting just the servers you’re on.
Explore related content: backup, DreamHost, Dreamhost status, network, OS, problems, RSS feed, security, server
It seems that, anymore, Visa is increasingly encouraging credit cardholders to use their “Verified by Visa” program, in which you’re supposed to enter a secret code to confirm that it’s really you using a credit card number.
The problem is, it’s insecure.
Explore related content: MasterCard, MasterCard SecureCode, Ross Anderson, security, Steven Murdoch, Verified by Visa, Visa
The technology blog, TechCrunch–which runs on WordPress, was hacked for the second time in 24 hours.
It’s unclear who exactly it was that did the hacking, or how they did it.
But what is clear is that you should take the following basic precautions on your own WordPress blog:
Explore related content: backup, database, hacked, security, TechCrunch, WordPress, WordPress backup, WordPress security
As I mentioned in a post a few days ago, I was hit pretty badly with a virus infection on my Windows XP installation. One of the symptoms was Windows shutting down almost immediately after logging in. Once I recognized the problem as virus-caused, I set out to root it out. Here’s a log of [...]
Explore related content: antivirus, BitDefender, cabextract, conciller.exe, conficker, Kaspersky, malware, McAfee Stinger, rescue CD, Sasser, security, Ultimate Boot CD, virus, Windows XP
The wedge end of malware code can be made to resemble plain English text. That’s what Slashdot is reporting as the result of research presented at the ACM Conference on Computer and Communications Security by security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus. What they say in their paper is that normally [...]
Explore related content: English, English shellcode, malware, security, shellcode, virus
I talked yesterday on how RedHat made a change to Fedora 12 to allow normal users to install any piece of (signed) software from the Fedora repositories without a root password. Slashdot reports that RedHat reversed the policy after an onslaught of community criticism. Owen Taylor (longtime employee of RedHat) made what seems to me [...]
Explore related content: Fedora, Linux, PolicyKit, RedHat, root, security
Next Page »