Friday, May 28, 2010

Keeping Your Kids Safe Online

For parents looking for something to teach kids about online safety, there is
Zoe and Molly Online. It is a web comic and quiz designed to teach children about possible dangers online. It was created by the Canadian Centre for Child Protection, in partnership with Shaw Communications Inc. It's being introduced to kids at school all over the country.

If you find something online that exploits children report it here:

Friday, May 21, 2010

Hotmail Gets More Secure

Following Google's lead, Microsoft has made the SSL/TLS secured http (https://) protocol the default for Hotmail.

In addition, Microsoft has started an attempt to make the users more aware of possible phishing attempts by marking the e-mails they have verified as coming from a legitimate source with a green shield icon.

Spam filtering finally gets personalized. You can now mark senders (who are not necessarily on your contact list) that you don't want to be sent to the junk mail folder.

And perhaps the most innovative feature, if you are away from home and accessing your e-mail from a public workstation (like a cyber-cafe or library) or simply on an unsecured wireless network and want to have the added assurance that your password will not be compromised, you can request a one-time password to be sent to your phone.

Tuesday, May 18, 2010

SecTor 2010

I registered before the Early Bird price expired again this year, and boy am I glad I did. Looking at the first round of speakers that have been announced... There are a few I'm really looking forward to, but none more than HD Moore's talk on Metasploit and penetration testing.

For those who don't know what that's all about, penetration testing is basically simulating a cyber attack. HD Moore Is one of the world's most recognized names in this field because he started the Metasploit Project to create an open framework of tools to do such testing.

This is the direction I'd like to take my career in. I'm really excited about a chance to meet HD.

Cyber Security In Canada?

A CSIS memo says risk of cyber attacks on the rise. (No surprise to me or anyone else in the computer security industry.)

Check out this video clip from CBC's The National

So far Canada doesn't have a comprehensive plan. By contrast, the USA is spending $40 billion on cyber security. Are we falling too far behind?
Public Safety Canada says that a national strategy is pending, I hope it's worth the wait.

Friday, May 07, 2010

The Very Real Dangers Of Photocopiers

In case you missed it, the internet's been all a-buzz about the dangers of photocopiers from a privacy and information data leakage point of view.

CBS did a great little 5 minute segment on this, here it is:

Watch CBS News Videos Online

Tuesday, May 04, 2010

How To Start using E-mail Encryption (Part 1)

I called this "Part 1" because there are a number of different ways to encrypt e-mail, and this is the one I use, but over time I will try to cover others.

Why encrypt? E-mail is sent in plain text. If you are careful, you connect to your ISP's mail server using SSL encrypted transports. (the https:// page of a webmail, or using the SSL versions of POP or IMAP as explained in my previous post about Gmail security). If you are lucky, your ISP might use SSL encrypted transports beween their server and the next server (still not common practice), but plain text versions sit on the disk at both servers, and eventually on the computer of your intended recipient. The recipient we are not worried about, but if it's not something you want the mail man reading you don't put it on the back of a post card, you stick it in an envelope. That's encryption. SSL trasport encryption is like those big yellow interoffice mail envelopes. All your stuff goes into one of those for transport across the office and is opened when it gets to the right department. PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard, the opensource version of PGP) is like mailing your letter in a lockbox that only your recipient has a key for.

So how do you set up GPG for personal use?
First, if you are still using Outlook Express as a mail client, switch to Thunderbird. No, really. Outlook Express is a bad mail client anyway, and the integration with PGP and GPG is dismal.

If you are using the full blown Outlook you must be using it for corporate use, just buy PGP it integrates seamlessly.

Now for those already using Thunderbird (or new converts from Outlook Express), download the appropriate version of  the Enigmail Add-on and GNUPG for your OS. (Gpg4win if you are on windows)

Install GPG. Install the Enigmail add-on into Thunderbird

When you have Enigmail installed you will see a couple of new menu items and icons at the top like this:

Then you need to create a GPG key, associate your key with your e-mail address in Thunderbird, and set the settings of when you want your key to be used for signing and encrypting. I recommend that you set it to encrypt automatically if the contact has a known encryption key.

Follow the instructions that came with your version of GPG for creating a new key. 

Associating a key with your e-mail address is pretty easy.
Open the account settings in Thunderbird (where you set your e-mail address), there is a new menu item there too.

If this is your first time ever using GPG/PGP then you can probably leave it set to use e-mail address to identify OpenPGP key. If you have old keys floating around or use multiple keys select the Use specific OpenPGP key option.

Select whether you want it to insist you sign messages or not.

Back to that OpenPGP menu item on the main window... Click it
Select Preferences.

The most important setting in this menu is this one:
When sending mail, Add my own key to the recipients list. If you don't select that you won't be able to read your own sent mail when you encrypt.
Next to that I'd say selecting the Encrypt replies to encrypted messages is a good one to check. If someone went to the trouble of securing communications with you, you don't want to reply to them in the clear.

Now when you go to write a message there is a new option icon at the top of that screen:

Now you just need some PGP public keys of friends to send encrypted mail to. Here's mine. Have fun, and stay out of trouble. :)

Version: SKS 1.1.0


Sunday, May 02, 2010

Why Keep Passwords To Yourself?

This video I found online will help explain it.

HACKING IS EASY! from Airwave Ranger on Vimeo.