Tag Archives: security

Quote

How confidential are Gmail’s new “Confidential Mode” features?

According to EFF, not very confidential. To see why, read:  Between You, Me, and Google: Problems With Gmail’s “Confidential Mode” | Electronic Frontier Foundation.

 

 

Advertisements

I create a super simple set of tools to secure your Ubuntu server

And you can get it here: blm849/supersimplehardening: A super simple way to harden your server.

I create a lot of Ubuntu test servers, and I find that as soon as I create a Ubuntu server on a cloud environment, it gets immediately attacked by automated software. This is obviously a concern. A bigger concern is that when I went  searching for recommendations on how to harden such a server, I found  a wide variety of recommendations! It can be hard to know what to do. Still, I needed something. As a result, I created this package of scripts. The scripts do a number of things:

  • prevent direct root login to your server via ssh. This was one of the things I saw consistently happen and once someone cracks the root access on your machine, it’s game over.
  • stop some basic security holes, like IP spoofing
  • download some useful software, like logwatch, ufw and others
  • upgrade all software on the server

This is just a very very limited number of things to prevent attacks. But it is better than nothing.

If you install Apache, PHP, MySQL or other software on your machine, there are even more attacks that will be launched against it. I recommend you get a firewall up and running and at least run logwatch on a regular basis to look for potential attacks being launched against you.

Finally, if it is important for you to secure your server, don’t stop with my scripts. Go out and consult with IT security specialists right away.

Good luck!

If you are worried about the WannaCrypt ransomware (and if you are a Windows user, you should be), then…

…Then you want to go here and download and install the appropriate software for your Windows system: Security Essentials Download.

According to this, Microsoft has upgraded it’s security software to prevent similar attacks. That’s good. What’s not good is that you can be certain there will be a wave of copycat attacks coming. Get the software and install it today.

A good list of resources on passwords and PC security in general

I collected a list of all the links I had concerning passwords and PC security and general on this blog. It’s not exhaustive, but it is useful, especially if your knowledge on the topic is limited.

Do you need tools for a safer PC ?

Of course you do: everyone does. Therefore check this out: Tools for a Safer PC — Krebs on Security.

Two really good articles on passwords. (Really!)

Yes, it is possible to write good articles on what is the bane of our current existence: computer passwords. The first one talks about the top passwords that people commonly use. The second one is a beautifully written piece about the thought that goes into people’s passwords.

You will have an entirely new perspective on passwords after reading this.

P.S. Thanks to Anna P for pointing out the second one.

Why I am backing the ‘1984’ Stealth Fashion for the Under-Surveillance Society by Zoltan Csaki on Kickstarter

Here are my reasons for (and why you might want to as well):

  • To reduce abuse of access to your data: There are more and more stories of organizations, government and other, using and abusing data given off from your cell phone (e.g. this story on location based marketing in Toronto being just one).  This product can help put a stop to that.
  • To increase the amount of control I have: I may not have an issue with others using this data and there may be times when I think there is a benefit to me to have this data accessible. Generally I don’t, but I like the option. This product helps with that.
  • To encourage more people to make such products: if this campaign is successful, I hope to see more businesses attempting similar but different and possibly better products, which is a benefit to me and people like me who values their privacy.

Reasons against:

  • it’s not foolproof. By that, I mean anyone with enough motivation could still use the data you inevitably will give off when you are using your phone to extrapolate things about you. As well, there are other ways you can be tracked (E.g., abusive apps).

In my case, I think the reasons for outweigh the reasons against, and that is why I have pledged to this Kickstarter campaign . I would encourage you to pledge as well.

Here’s a link to it: ‘1984’ Stealth Fashion for the Under-Surveillance Society by Zoltan Csaki — Kickstarter.