security Archives - SLee and Topher

Mobile Security 101 [Infographic]

September 10, 2012 By Topher Leave a Comment

In the last decade or so, there has been an overwhelming level of consumer and business adoption of smartphone devices. Whether it is for personal use, sharing files and photos, communicating, emailing, and gaming, or for business use, also sharing files, networking, emailing, conference calling, and increasing productivity, the sheer amount of smartphone internet usage that occurs on a daily basis nowadays by the general population is astounding. But with all of this new technological activity, most smartphone users are completely unaware of the safety, privacy and cyber security issues that come along with smartphone usage. The overall assumption is that a smartphone is a phone, and it’s not like a computer or laptop that is susceptible to hacking. Well this is a news flash for anyone who things that way – smartphones can be hacked too! This infographic, Mobile Security 101, breaks down how your smartphone and the contact lists and information inside it might have already been shared with someone without you knowing it.

This infographic was produced by Brainloop, an Enterprise Software and Services company providing electronic document compliance management. Consider safely sharing documents with Brainloop.com

Mobile Security 101

Click for larger image.

DNSChanger Malware Detector: The FBI Is Turning Off the Internet

May 10, 2012 By Topher 2 Comments

The Lonely Planet shows Estonia on the borders of Russia and Latvia.

When I was an exchange student in Japan, I met a girl from Estonia. That was the beginning and the end of my experience with Estonians… until I learned about the DNSChanger malware epidemic. [Read more…]

How RFID Chips Are Making Your Identity Harder to Protect

October 12, 2011 By Topher Leave a Comment

You might be surprised to find out what common products now have RFID chips in side of them. RFID stands for Radio Frequency Identification and most commonly used on toll roads for collecting your credit card information as you pass through the toll without having to come to a complete stop. This has made driving on toll roads much more convenient, but that same technology can pick up an RFID signal from over 300 feet away. In fact, you might even have other RFID chips in your car that those same scanners could pick up and someone could find out more about you than you want them to know.

Did you know that many driver’s licenses and passports have RFID chips inside them too. This means that anyone with an RFID transmitter (which can easily be picked up on eBay) can find out who you are from the distance without even having to bump into you. The way it works is the transmitter will send a special signal to the surrounding area, and if any RFID chips are in the vicinity it will send back a ping along with the information it contains. Some crooks are using the RFID chips in your car keys to get access to your car while you are shopping. This is usually a two man team and it is much more high-tech than other forms of car theft, but it still happens. It should be noted that car’s with RFID ignition systems have had a 90% reduction rate in car thefts, but don’t think you are not vulnerable just because you have such a vehicle.

RFID chips are even commonly found in car tires today. This technology allows car owners to monitor the tire pressure in their cars, but the RFID signal also contains the car’s VIN number and you can be tracked by the simple signal coming out of your tires. The vulnerability here is that the VIN number on your car is connected to your name and personal information about the vehicle, and someone with the right RFID tools can freely get all of that data without any trouble.

Many retail stores are contemplating using RFID technology to keep track of inventory as well. This means that jeans and shirts will soon have RFID chips so an employee can just scan a shelf at one time and know exactly what is left and what needs to be ordered. The problem is that if retail stores have RFID scanners in them, they can essentially be scanning customers as they walk around and find out their identity through their driver’s license. They will know the names of people in their store who have not even purchased anything yet. This might seem innocuous to you, but remember that many identity thieves have this same technology. And if these RFID chips remain on the jeans you just bought, that chip will be able to get picked up when a criminal passes by your house, even if you threw it out and it’s sitting in the trash. The thief will know that you just bought a pair of $100 jeans.

Top image by ZapTheDingbat
RFID image by midnightcomm

5 Security Tips That Could Save Your Server

October 6, 2011 By Topher Leave a Comment

Securing a dedicated server or VPS is an ongoing process that can sometimes be overwhelming. Just as quickly as you find ways to keep would-be attackers out of your server, they look for new ways to get in. Above all else, it is important to be proactive and always look for ways to improve your server’s security. The following are 5 tips that should help you keep your server safe.

1. Secure Web Applications

A common mistake for new system administrators is to place too much emphasis on network security while ignoring the rest. No doubt, it is important to have a good network firewall in place, but it will not save your server from attacks aimed at open network ports, especially your web server.

On any Internet-connected server, the most vulnerable points are those which must be exposed to the outside world. The web server is always susceptible to attacks because anyone on the web can access it. Therefore, it is important to keep it patched and secure your web applications and server-side scripts. All it takes is one security hole in a PHP script to expose your entire server. One way to lessen the sting is to install a web application firewall like the free and open source ModSecurity.

2. Install Intrusion Detection

It is conceivable for people to attack and invade your server without you even knowing it. Think of your server as a compound with multiple borders to defend. A single person can probably find a hole in the fence to sneak in unnoticed. With surveillance at every point, however, you will at least know when someone attempts an intrusion.

Intrusion detection software, such as Brute Force Detection, can alert you whenever someone attempts to sneak into your fortress. Many of these solutions will also take measures to keep those attackers from finding ways into your server.

3. Monitor Everything

It is easy to sit back and hope no one attacks your server, but by actively monitoring it, you can often prevent attacks before they start. Monitor your network, web server, database server, mail server, operating system, an any other vital systems. You can do this by watching the system logs with a tool like logwatch and by using advanced scanning tools like OpenVas vulnerability scanner.

Some monitoring tools will even notify you of problems via text message to your mobile phone. By monitoring your server, you can often pick up on threats and potential attackers before they cause problems.

4. Get Help

I managed Linux servers for many years, but I still do not consider myself anywhere close to being a security expert. Acknowledging that you do not know everything is an important realization because it allows you seek help from others. The web has opened up many possibilities for free support with forums, blogs, and even video tutorials offering server security help. Even if you cannot afford to pay for help, there are plenty of free and inexpensive options.

If you can pay for help, however, it may save you a lot of time and grief to hire security consulting. Just make sure you do your homework and choose a consultant that will actually help your situation. If you know before getting your server that you will need a great deal of help, you might want to consider getting a managed server from your web host. The best web hosts will offer a wide range of managed server options.

5. Manage Users

Finally, and most importantly, you need to manage your users. All of your other security measures will be for nothing if you have users with weak passwords and unsecured scripts. Therefore, you should enforce strong passwords and require users with direct access (such as SSH) to change them periodically. For web hosting clients, make sure they keep their scripts and web applications updated. You may be able to help them by providing automatically installed scripts. Use your best judgement, and always look out for users who may have nefarious intentions.

Server security takes a lot of work, but it is possible to have a secure server without spending a lot of money. Avoid the reactionary approach. Take the time to do it right and be proactive, and you should be able to keep your server safe.

Top image by Jamison_Judd.

How to Secure Your BitTorrent Downloads

October 5, 2011 By Topher 1 Comment

The media often associates BitTorrent with illegal file sharing, but there are legal uses for it as well. Unfortunately, some Internet service providers (ISP) have placed bandwidth throttling restrictions on torrent downloads or even blocks on torrent trackers, preventing legal downloads right along with the illegal ones. But there are ways to still get quality torrent downloads, protect your online identity, and make sure your downloads are secure.

1. Encryption

Most torrent clients support encryption, which makes it difficult for prying eyes to see exactly what you are downloading. Not all peers may have the ability to connect with your encrypted stream, but most will. The headers and the stream will be encrypted, preventing your ISP or others from knowing that the data you are transferring is coming from torrent downloads or uploads.

As a result of this encryption, you will be able to work around any bandwidth shaping or throttling that your ISP may have in place. It is important to note, however, that this will not make you anonymous to torrent trackers or peers. Therefore, illegal downloads can still be monitored.

2. Port Forwarding

The BitTorrent protocol has certain common ports that most clients use. In an effort to slow down illegal movie and music downloads, some ISPs may block these ports. In order to still get your legal torrents through, you can tell your router to use a different port and forward it to your computer. You can even randomize the port in your client, such as uTorrent or Transmission so that your client will use a different port each time it starts. Then, enable UPnP (Universal Plug-N-Play) on your router to make sure it detects your BitTorrent client and gives it access to the Internet.

3. Block Spying Peers

Some people and organizations monitor torrent trackers and set themselves up as fake peers. They connect to you when you start downloading and then have your IP address. Again, if you are doing nothing illegal, you may have no reason to care, but if you are particularly paranoid, you can use a tool like PeerBlock or a filter list from organizations that keep track of bad peers. This can also increase security, as it prevents peers who might send harmful files from connecting to your computer.

4. Automated Limits

Something that has become increasingly important in BitTorrent optimization are download limits, especially now that ISPs like Comcast and AT&T are instituting bandwidth caps. While. you want to be a good file sharer and seed torrents for as long as you can, you cannot afford to have people connecting to your computer 24/7 at the highest speeds. Most BitTorrent clients have settings to limit download speed, the number of simultaneously connected peers, the number of files you want to seed, and even the time of day you want files to be available.

5. VPN or Proxy

If you are extremely concerned about keeping your torrent downloads under the radar, a VPN or proxy is the ultimate solution. With either solution, your torrent downloads will be hidden completely, including your IP address. Most good VPN and Proxy services charge subscription fees, but some of the best are fast and secure, making them worth the investment. If you live in a country that is particularly anti-torrent, even against legal torrent downloads, a VPN or proxy will protect your digital rights and keep you safe. Some Internet users also find it very important to stay anonymous, no matter what they do, and may use VPNs or proxies for web browsing, emails, and all other general Internet usage.

Why It Is Important

Beyond illegal file sharing, many free and open source software projects, such as Linux distributions, use BitTorrent to distribute their programs, effectively lowering bandwidth costs. Some organizations even share legal movies, such as “Sintel”, the Durian Open Movie Project and “Big Buck Bunny”. Moreover, many indie game developers also use BitTorrent to distribute their games.

When ISPs indiscriminately hinder torrents without regard for their legal uses, net neutrality is in jeopardy. That is a situation that would be bad for all parties involved and one that we should collectively strive to prevent.

Password Protect Mac OS X: Screen Saver and After Sleep

July 15, 2011 By Topher Leave a Comment

You can easily password protect the Mac OS X screen saver and upon waking from sleep in just a few simple steps. After selling my old MacBook Pro on Amazon, I bought a refurbished one from the Apple Store. It took me a while to remember how to activate this particular password protect security feature on my MacBook Pro, so to help anyone else wanting to increase their Mac security, here is this post.

To password protect your Mac’s screen saver and after sleep, your first step is to open System Preferences. By default, there is an icon on the dock, but if it is not there, you can open it from the Apple menu in the top-left corner of the screen or from the Applications folder.

On the first row in the top-right corner of the System Preferences window, click on the Security icon. This will open your security preferences, where you can change all kinds of important changes.

The security preferences menu should open on the General tab by default. To password protect Mac OS X during the screen saver or after waking from sleep, simply put a check in the first box and select how quickly you want the password protection to go into effect with the drop down menu on the same line.

That’s it. Congratulations on beefing up your computer security. Thank you for reading this post on how to password protect Mac OS X.