For parents looking for something to teach kids about online safety, there is
Zoe and Molly Online. It is a web comic and quiz designed to teach children about possible dangers online. It was created by the Canadian Centre for Child Protection, in partnership with Shaw Communications Inc. It's being introduced to kids at school all over the country.
If you find something online that exploits children report it here: http://www.cybertip.ca
Friday, May 28, 2010
Friday, May 21, 2010
Hotmail Gets More Secure
Following Google's lead, Microsoft has made the SSL/TLS secured http (https://) protocol the default for Hotmail.
In addition, Microsoft has started an attempt to make the users more aware of possible phishing attempts by marking the e-mails they have verified as coming from a legitimate source with a green shield icon.
Spam filtering finally gets personalized. You can now mark senders (who are not necessarily on your contact list) that you don't want to be sent to the junk mail folder.
And perhaps the most innovative feature, if you are away from home and accessing your e-mail from a public workstation (like a cyber-cafe or library) or simply on an unsecured wireless network and want to have the added assurance that your password will not be compromised, you can request a one-time password to be sent to your phone.
In addition, Microsoft has started an attempt to make the users more aware of possible phishing attempts by marking the e-mails they have verified as coming from a legitimate source with a green shield icon.
Spam filtering finally gets personalized. You can now mark senders (who are not necessarily on your contact list) that you don't want to be sent to the junk mail folder.
And perhaps the most innovative feature, if you are away from home and accessing your e-mail from a public workstation (like a cyber-cafe or library) or simply on an unsecured wireless network and want to have the added assurance that your password will not be compromised, you can request a one-time password to be sent to your phone.
Tuesday, May 18, 2010
SecTor 2010
I registered before the Early Bird price expired again this year, and boy am I glad I did. Looking at the first round of speakers that have been announced... There are a few I'm really looking forward to, but none more than HD Moore's talk on Metasploit and penetration testing.
For those who don't know what that's all about, penetration testing is basically simulating a cyber attack. HD Moore Is one of the world's most recognized names in this field because he started the Metasploit Project to create an open framework of tools to do such testing.
This is the direction I'd like to take my career in. I'm really excited about a chance to meet HD.
For those who don't know what that's all about, penetration testing is basically simulating a cyber attack. HD Moore Is one of the world's most recognized names in this field because he started the Metasploit Project to create an open framework of tools to do such testing.
This is the direction I'd like to take my career in. I'm really excited about a chance to meet HD.
Cyber Security In Canada?
A CSIS memo says risk of cyber attacks on the rise. (No surprise to me or anyone else in the computer security industry.)
Check out this video clip from CBC's The National
So far Canada doesn't have a comprehensive plan. By contrast, the USA is spending $40 billion on cyber security. Are we falling too far behind?
Public Safety Canada says that a national strategy is pending, I hope it's worth the wait.
Check out this video clip from CBC's The National
So far Canada doesn't have a comprehensive plan. By contrast, the USA is spending $40 billion on cyber security. Are we falling too far behind?
Public Safety Canada says that a national strategy is pending, I hope it's worth the wait.
Friday, May 07, 2010
The Very Real Dangers Of Photocopiers
In case you missed it, the internet's been all a-buzz about the dangers of photocopiers from a privacy and information data leakage point of view.
CBS did a great little 5 minute segment on this, here it is:
Watch CBS News Videos Online
CBS did a great little 5 minute segment on this, here it is:
Watch CBS News Videos Online
Tuesday, May 04, 2010
How To Start using E-mail Encryption (Part 1)
I called this "Part 1" because there are a number of different ways to encrypt e-mail, and this is the one I use, but over time I will try to cover others.
Why encrypt? E-mail is sent in plain text. If you are careful, you connect to your ISP's mail server using SSL encrypted transports. (the https:// page of a webmail, or using the SSL versions of POP or IMAP as explained in my previous post about Gmail security). If you are lucky, your ISP might use SSL encrypted transports beween their server and the next server (still not common practice), but plain text versions sit on the disk at both servers, and eventually on the computer of your intended recipient. The recipient we are not worried about, but if it's not something you want the mail man reading you don't put it on the back of a post card, you stick it in an envelope. That's encryption. SSL trasport encryption is like those big yellow interoffice mail envelopes. All your stuff goes into one of those for transport across the office and is opened when it gets to the right department. PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard, the opensource version of PGP) is like mailing your letter in a lockbox that only your recipient has a key for.
So how do you set up GPG for personal use?
First, if you are still using Outlook Express as a mail client, switch to Thunderbird. No, really. Outlook Express is a bad mail client anyway, and the integration with PGP and GPG is dismal.
If you are using the full blown Outlook you must be using it for corporate use, just buy PGP it integrates seamlessly.
Now for those already using Thunderbird (or new converts from Outlook Express), download the appropriate version of the Enigmail Add-on and GNUPG for your OS. (Gpg4win if you are on windows)
Install GPG. Install the Enigmail add-on into Thunderbird
When you have Enigmail installed you will see a couple of new menu items and icons at the top like this:
Then you need to create a GPG key, associate your key with your e-mail address in Thunderbird, and set the settings of when you want your key to be used for signing and encrypting. I recommend that you set it to encrypt automatically if the contact has a known encryption key.
Follow the instructions that came with your version of GPG for creating a new key.
Associating a key with your e-mail address is pretty easy.
Open the account settings in Thunderbird (where you set your e-mail address), there is a new menu item there too.
If this is your first time ever using GPG/PGP then you can probably leave it set to use e-mail address to identify OpenPGP key. If you have old keys floating around or use multiple keys select the Use specific OpenPGP key option.
Select whether you want it to insist you sign messages or not.
Back to that OpenPGP menu item on the main window... Click it
Select Preferences.
The most important setting in this menu is this one:
When sending mail, Add my own key to the recipients list. If you don't select that you won't be able to read your own sent mail when you encrypt.
Next to that I'd say selecting the Encrypt replies to encrypted messages is a good one to check. If someone went to the trouble of securing communications with you, you don't want to reply to them in the clear.
Now when you go to write a message there is a new option icon at the top of that screen:
Now you just need some PGP public keys of friends to send encrypted mail to. Here's mine. Have fun, and stay out of trouble. :)
Why encrypt? E-mail is sent in plain text. If you are careful, you connect to your ISP's mail server using SSL encrypted transports. (the https:// page of a webmail, or using the SSL versions of POP or IMAP as explained in my previous post about Gmail security). If you are lucky, your ISP might use SSL encrypted transports beween their server and the next server (still not common practice), but plain text versions sit on the disk at both servers, and eventually on the computer of your intended recipient. The recipient we are not worried about, but if it's not something you want the mail man reading you don't put it on the back of a post card, you stick it in an envelope. That's encryption. SSL trasport encryption is like those big yellow interoffice mail envelopes. All your stuff goes into one of those for transport across the office and is opened when it gets to the right department. PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard, the opensource version of PGP) is like mailing your letter in a lockbox that only your recipient has a key for.
So how do you set up GPG for personal use?
First, if you are still using Outlook Express as a mail client, switch to Thunderbird. No, really. Outlook Express is a bad mail client anyway, and the integration with PGP and GPG is dismal.
If you are using the full blown Outlook you must be using it for corporate use, just buy PGP it integrates seamlessly.
Now for those already using Thunderbird (or new converts from Outlook Express), download the appropriate version of the Enigmail Add-on and GNUPG for your OS. (Gpg4win if you are on windows)
Install GPG. Install the Enigmail add-on into Thunderbird
When you have Enigmail installed you will see a couple of new menu items and icons at the top like this:
Then you need to create a GPG key, associate your key with your e-mail address in Thunderbird, and set the settings of when you want your key to be used for signing and encrypting. I recommend that you set it to encrypt automatically if the contact has a known encryption key.
Follow the instructions that came with your version of GPG for creating a new key.
Associating a key with your e-mail address is pretty easy.
Open the account settings in Thunderbird (where you set your e-mail address), there is a new menu item there too.
Select whether you want it to insist you sign messages or not.
Back to that OpenPGP menu item on the main window... Click it
The most important setting in this menu is this one:
Next to that I'd say selecting the Encrypt replies to encrypted messages is a good one to check. If someone went to the trouble of securing communications with you, you don't want to reply to them in the clear.
Now when you go to write a message there is a new option icon at the top of that screen:
Now you just need some PGP public keys of friends to send encrypted mail to. Here's mine. Have fun, and stay out of trouble. :)
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.0 mQGiBEokPi0RBACEx42f/6jaMTyWSfi3165ew22znJ2lUc3hW635/uWw6kD12G3eWqe7Ph74 wMaUanH/pK0ReTHwkds7pMRU0+e+k9bX0xmwAmzVlmp8E2MpLJ9GN5c/Dl7y2wkP2b1LGszl L51ub4KZfZUxZDDCuNu6kZoUw5rLo44XPc0wonP00wCgzkWraKCG/MVqTx7sfN4R1xoPDxUE AIH7p3/n0smBGYqSSPxGEpzqzAmfKR4vnz38SEDlSqCtI4gv1OtW9/ujVXr4JdOD+cvPstPj oeeluGsYDdsi/c3CVAf63sKCHoqEE8LmM2syvULA7RdkZ9bvtvyP1wtH25e/weHSUVWdX/ou x/HG0P952O+tt95w0sYbuWWMKoQNA/4olQ6g/tT9D6hHUPfg3OZjTzIxbWreafg5ZcRoVsCy sMyyQH7zWpzOvy1sZAg5KynvZFqmij4VBRulcieh6Yuz7lYO2XarpYlmoOa8JcbCNHIutkts HT8DHSy18Kiq6RA1gqbT/3tmDsDfYNWEGX379GWM0l9f/3mtw2YQGFRcp7QnUm9kIE1hY1Bo ZXJzb24gPHJvZEBtYWNwaGVyc29uY2xhbi5jb20+iGAEExECACAFAkokPi0CGwMGCwkIBwMC BBUCCAMEFgIDAQIeAQIXgAAKCRClLPlKUhouNpKdAKCK9xZ/T0POQLJjn7/bjanGJIxmTgCg rirVjRUGAOX+pe+X/KWvJwwxyoy5Ag0ESiQ+LRAIAMZcPrDRfiDkPLQPrDqPSBEbyQBBXqhU 5kwdFGyPTJzvluLz4NBvX8JsetQ95FTBQe5e03j+VKrzSPNglXtPYxKLbt6fpNJALF2lmPNU Jm2ppp8PsFwUe1zPUZyf05OohHqpXper8Wpzp3C7fVFTC7Ii7hBPEyo7y/0RLd6u40X3a+5M q/57QXAa8lqm006aG70ScDhtYvT6f8mKBWu+fgD7G5EMT8ICcO78qXLMtWv0R48UPXoqM4GM TrVhlZSwGY5HvY/L8RtUI9irZMH2LoreXRbTaWwYzapJsw3C6oHyeb9hpCbbnwdbrKnRmeMY VqdED2eYOY6VIJ6/vLD4QF8ABAsIAIdQWUOfNY/x7+ZDDdat62dyabzlNFk6YN444WQ+8Qno 9346gxtp4BMH8O0UksYkXl5KeCiMofMTQlZFCSdfTs5QK6NbkT5Yes/mchAJy5749zvGdVnJ HZD6cIaCwYaf4nKbyZP4qyJK7hdBvMeNfaPI131OPtmA8DHxnb8pjPYbdTRbJ0/++iP4HcQU sAvIY9+WXDHUMjDolfa4GtEemsudM+sBGrz5Sv4Jm3vvXazcDO4ehgIflXvF4w32OEYk+3Y5 VuSY4qBbRZlaAwdzlUcr4XMdW0518HJw9U9l+33C0D3o9klt7NzSAeLvloDdEmY1A1xd31Ue 7KuGEP2InEOISQQYEQIACQUCSiQ+LQIbDAAKCRClLPlKUhouNnfiAKCx0e8IUsBXCGDp5/Za ZUathieLqgCaAz1aqmbfvvDM5jYDOhlW038OHJc= =E1F/ -----END PGP PUBLIC KEY BLOCK-----
Sunday, May 02, 2010
Subscribe to:
Posts (Atom)
