Home

security

IE Scary Form Submission Warning

When someone submits a form via Internet Explorer, and their security settings are "high," they get this warning regardless of SSL certificate validation, etc.

scary IE form submission warning

Posted in security | tech jasonn's blog

Submitted by jasonn on October 14, 2007 - 5:30am.

SSL Web Certificate Choices

After considering the cost, hassles, and other factors (and keeping in mind my dislike of big bloated companies), I settled on one of two options. There's a lot of small and startup SSL third party verification companies. Let's start off with a clear explanation of what an SSL certificate is, what it does, and why you would (or wouldn't) pay someone for it.

  1. First, an SSL certificate doesn't require a third party, a purchase, or anything other than the technology standards set forth for the protocol.
  2. The SSL protocol is simply a set of parameters to connect a public key with a private key to secure a connection from point A to point B (usually a PC to a website) for the purpose of encrypting the data passed from point A to point B and visa versa. You can sign it yourself or have a third party verify it so the person at the PC feels more confident that the SSL connection is legit - but the third party doesn't make the server or the company that owns the server more legitimate, nor does it mean the data is more secure or safe.
  3. Since browsers have error messages that are designed to scare people when the website's SSL certificate isn't verified or "signed" by an approved third party SSL issuer, it's smart for the business owner to pay the trust tax and use some big third party verifier's certificate regardless of its meaninglessness.
  4. The FUD is cranking up with different colors in Internet Explorer (Microsoft's browser) to force commercial websites to use the more expensive "more trusted" certificates where the third party issuer claims to investigate the validity of the website owners, whatever that is worth is yet to be seen.
  5. For now, the cheaper entry level SSL certificates issued by third party issuers seem to do the trick for most users, since they cause no scary messages in the major web browsers.
  6. Not all SSL certificate issuers are created equal, and big expense doesn't equal easy interfacing, just big money.

Thawte vs. RapidSSL

If you have less than 3 days to launch an SSL cert, using Thawte can be a problem. I've had certs take as long as 4 days to show up using Thawte. RapidSSL gives me a cert in 10 minutes.

Posted in business | security | tech jasonn's blog | read more

Submitted by jasonn on August 23, 2007 - 8:13am.

New Virus: Do I Have to Tell You? Don't Install Exe Files Sent via Email!

A new email is going around with an executable file attached that claims to inform you that said sender has detected you have a worm or virus, and to please run this program to clean your system.

I could go into the details, but they will change and the scam will morph - just don't install anything anyone sends you via email unless you know for a fact the sender intended to do so and you want the program on your local PC.

Posted in security | tech jasonn's blog | read more

Submitted by jasonn on November 20, 2006 - 9:55am.

Keeping Kids Safe on Laptops and the Internet

My child has a new laptop - compliments of her school system, complete with internet access WIFI in a town that prides itself on free hotspots. Combined with my neighbor's insecure WIFI router, and the periling realities of online predators, I can understand how parents may want software to monitor their child's online activity.

In a meeting tonight, a parent raised this concern in the form of a question: "Is there anything that allows me to control what my child does online when I'm not able to control her access?"

Posted in security | tech jasonn's blog | read more

Submitted by jasonn on August 8, 2006 - 9:45pm.

Microsoft Vista got Hacked, and the Sky is Blue

But, not BSoD :)

Shock! A beta version of Microsoft's latest operating system was compromised by a professional security consultant.

What's nice is that they seem interested in securing their product. This behavior - the interest - is new at Microsoft.

And, I for one am happy to hear it.

Posted in security | tech jasonn's blog

Submitted by jasonn on August 7, 2006 - 9:28pm.

Spyware or Antivirus: Both Cripple Your PC

An MSNBC article discusses a recent law suit filed by the New York State Attorney General against Direct Revenue, a very lucrative spyware company.

Most users don't care about law suits, and wraggling, etc. They just want these resource thieves to go away. If they died, that wouldn't upset most PC users. But, the big thing is, we're tired of fighting for the right to use the hardware and software we paid to use!

Posted in public law | security | tech jasonn's blog | read more

Submitted by jasonn on July 10, 2006 - 4:53pm.

phpBB-Auction: Auction Software, Hacker Friendly

Because a client wanted to use phpBB-auction, I looked at their website, which has this notice:

After almost 2 month www.phpbb-auction is back online. Thanks to a hacker (he can be reached under ignor3_llvlle@yahoo.com) we have lost the database of this website and 8 month of work.

Check out the screenshot.

Posted in security | tech jasonn's blog

Submitted by jasonn on July 10, 2006 - 2:07pm.

Active X Controls, and What Microsoft Says

You should always be cautious about allowing Web sites to run ActiveX controls on your computer. If an ActiveX control is not essential to your computer activity, try to avoid installing it. - Microsoft

And, yet they, the big antivirus companies, and everyone that can talk you into it seem to use this shortcut to get on your PC. It's bad behavior to just click "OK" when sites want to install Active X. I don't let Microsoft.com run it on my PC either. It may be paranoid, but I'm not infected :)

Posted in security | tech jasonn's blog | read more

Submitted by jasonn on June 1, 2006 - 2:43am.

Congress to Stop Telecoms from Selling Your Phone Records

Did you realize that your phone records were for sale?

Posted in business | public law | security jasonn's blog

Submitted by jasonn on January 25, 2006 - 2:36pm.

eBay's Phishing Net

eBay has taken a step toward elinimating (criminal) phishing success by setting up an internal messaging system that handles all communications with their users, related to account information. The hope is that this will train users that they shouldn't respond or react to email from criminals that ask for details about their eBay account.

Of course, a smarter userbase would be nice. Phishing isn't exactly a sophisticated hacking tool. But, through creative graphics, modified message headers (the from: and reply: addresses), criminals have a new set of branding capabilities to con marks with relatively cheap campaigns. In less than an hour, a criminal can set up a site, clone it to look like it's legitimately eBay, create a message that looks authentic, and send millions of these messages around the world. It's a good idea to let people know there's alternative methods of handling their money related accounts. Perhaps veryone should evacuate the email trend and move to more controlled streams of communications.

Posted in business | security | tech jasonn's blog | read more

Submitted by jasonn on November 18, 2005 - 10:55am.
XML feed