January 31, 2014 – Hacking and Security

A small change, I migrated rookery i|o to my already established tech site at mkaz.com, which I should of done in the first place, but I liked the rookery name. You can subscribe to follow the blog to receive each new post.

Ok, on with the show, this week we look at security, online safety and hacking…

{Security Hacking}

Curious what your android device is doing, Victor Dorneanu was and
sniffed his Android phone for 24-hours. He posts his results and how he monitored the phone, so you too can see what all those random apps you installed are doing.

What’s your neighbor doing? Null Byte has a tutorial on how to find out by hacking into your neighbor, please use wisely and for security awareness. Is stealing wifi bandwidth ethical?

Zed Attack Proxy is an open source tool to help find vulnerabilities for your web site, I repeat your site. It is created by the OWASP group, the same group that publishes the annual Top 10 security vulnerabilities which every developer should understand. Burp Suite is another site scanner tool, a commercial product, but a free version is available.

Everything you wanted to know about Security Engineering is available for free in this online book; covering from access control to cyrptography to nuclear controls it has it all. The online format breaks chapters into pdfs but a quick script could probably download them all and merge together.

A few practical commands and things to look for to catch a hacker on your linux system. Most likely this will only tell you they’ve been there, doesn’t really catch them.

{Online Security & Safety}

A study of the top 100 sites finds Apple.com does more to protect customer passswords. Target is also included in the top sites, so online password security isn’t everything. MLB is at the bottom of the list, probably because everyone uses “GoGiants”

Viral Mom gives some basic tips to safeguard your online identity. An easy common sense list everyone should be following. This is one you can forward to your non-technical to ease them in to better security practices.

Passwords are by far the weakest link in online security and looking at this list of most common passwords people still need reminding, don’t use “123456” or “password” as your password.

Your best bet is to use a password manager to create really long random passwords and to remember and fill them out for you.

The security group for the UK government found that Linux is the clear choice for secure computing far ahead of Windows 8 and Mac OS X.

Us geeks might chuckle about people not understanding technology, but a Cambridge study shows that most warning and error messages are confusing. If you’re writing software, help your users, keep your messages clear, non-technical and authoritative.

Story of Naoki Hiroshima who was extorted for his @N Twitter handle by a compromise of his DNS server. The weakest link will always be exploited, this time by social engineering via telephone.

{Further Reading}

For more security reading, you should subscribe to Bruce Schneier’s blog on security, lately he’s been beating the dead horse that is the NSA story a bit too much. However, he is considered the foremost expert on computer and internet security and writes well about the topic.

{Bits & Bytes}

One thought on “January 31, 2014 – Hacking and Security

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>