JS/Redir-B – Viruses and Spyware – Threat Analyses – Threat Center – Sophos. I was stumbling today and I got this on a popular site. Sophos for Mac removed it easily. I have to say that Sophos has really paid for itself. It would be a bigger hassle to remove this manually.

via Five OS X security threats that fizzled – StumbleUpon.

Troj/JSRedir-DO – Viruses and Spyware – Threat Analyses – Threat Center – Sophos. I just got this virus when I was StumbleUponing sites. Interesting. SU has been the biggest source of malware for me.

15 Worst Internet Privacy Scandals of All Time PCWorld – StumbleUpon. This link has some interesting stories. It is amazing to me that people engage in this kind of immature behavior. What do they seek to gain from it?

Wifi \’Protected Setup\’: not that protected at all | TG Daily – StumbleUpon. No surprise here. Anytime you make things easier you compromise the security of the product.

Edenwaith : Products : Permanent eraser – StumbleUpon. If security is your top goal, then using this program will help you. Of course the regular mac secure delete takes longer, so I expect this to take much longer.

Adobe Warns of Critical Zero-Day Vulnerability in Reader and Acrobat Products | SecurityWeek.Com. I’m coming to the conclusion that the less Adobe you have the more secure your computer is. I bet they have as many security vulnerabilities as Windows. Perhaps they need a Trusted Computing Initiative of their own?

Hack your monitor and 3D glasses, ensure ultimate privacy — Engadget. This doesn’t seem like a good idea to me. We already know that many people have headaches with 3D theater glasses. Plus the fact that you can’t collaborate with this setup. Loose your glasses and you are out of luck too. No, this seems to cause more issues than it solves. If someone needs that much privacy, then you need to stick them in an office and not a cube.

Bruce Schneier: The iPhone Will Not be Safe From Malware. Of course. The whole idea of security is silly. How can anything made from man be secure from man? You can certainly make things harder to mess with, but sometimes you have to admit that securing things only leads to more work to the users, not in more real security against people with mal intentions.

Full disk encryption is too good, says US intelligence agency | ExtremeTech – StumbleUpon. I have to wonder if this is disinformation. When the supercomputers that the government have gathering as much information as they do, it seems that a password would be trivial to figure out. I wonder why they would make this study available if true.

SIPRNet – Wikipedia, the free encyclopedia – StumbleUpon. I wonder if we are safer for knowing this information? Does security ever really exist?

I wonder if this means that Mac anti-virus companies have a stronger case to make for purchase of their software? Thanks Intego!

It has been for me. I opened Console and it said that the last 5 crashes were due to the presence of Cisco AnyConnect software installed. I had a friend give me version 3 so I have been trying it. Well I didn’t have a VPN session going when it crashed, but the module was still loaded and it was indicated as the problem.

So I have uninstalled the program using the Cisco Anyconnect uninstaller and restarted the machine. I am trying to recreate the crash, but what I have done in the past to create the crash has not triggered it. Have I found the solution for you?

Other research at the Apple forums said it was the system UI server. This was a problem in Snow Leopard too, and seemed to be fixed then by throwing away the UI preferences. You can throw it away by going to your own user folder ~/Library/Preferences/ByHost. Throw away that entire folder. I am going to do that if it crashes again.

Nice informative article. I wish I had read this when my site got hacked. If you run a WordPress site this is required reading.

I don’t know about you, but I peak in remembering about 5 different passwords. After that they all seem to get fuzzy when and where I should use them.

So I spend some time at websites resetting my password to the newest password that I am using. In the decade of using passwords, I have about 50 different passwords that I have used. However I mostly use 5 passwords and that is sometimes due to the silly nature of website authentication.

Isn’t passwords on the Internet a mess? The bank that I use won’t allow punctuation or special symbols. Isn’t that silly? So I must have a unique password for them. Another website requires 12 digits, so I have an extra password for them. Most sites require 8 digits with a mix of upper/lower and punctuation. Those are normal. One site required a 16 digit password. I rarely visit them. I can’t remember the site because I always had to reset the password.

I have tried systems like OpenID and using Yahoo/Twitter/Facebook login. Those help but still are a terrible way to authenticate. Generally when you do that, you give those places rights to tweet or communicate in your name and give up some privacy. Not worth it to me, so I normally create an original account. What makes authentication worse is when sites have enforced usernames that are all upper case or lowercase. Why not give people the most flexibility instead of being so proprietary.

The older I get the less I am tolerant of proprietary formats and processes. I think the growth of open source has made people more sensitive to vendor lock in, and push against that. It is strange therefore, that we seem to embrace vendor lock-in with Apple. Clearly they have clever products, but is that enough to safeguard our choices and liberty? I do not think so.

So what do passwords protect us from? A cynic would say unemployment. By using them, we ensure we have a job. However the real truth seem to be that since passwords can be cracked, they are a poor security choice. Passwords would be great if people’s memories were better. However since most people use the same password for everything, it becomes more of a security risk than less of one.

www. Michael Righi .com » Dell Charges $49 to Remove Their Own Spyware. So many people are affected by being monitored and they don’t even know it. I wonder if a “cheap” computer is really worth it?

Mal/Iframe-V – Viruses and Spyware – Threat Analyses – Threat Center – Sophos. I just got this when I was Stumbling. I have gotten more virus from stumbling than just surfing the net. I should write an article about preparations before you use StumbleUpon.

I tried to tell this blog owner that his page gave me a virus but you had to sign-up to communicate with him. Why would I do that given that he isn’t taking care of his site?

Security Alert: New Trojan Horse on Mac OS X Spread Through Social Networks | Mac|Life. Interesting that the trojan.osx.boonana.a affects both mac and pc. I wonder if this is the future for trojans?

Researcher Finds Dangerous Vulnerability In Skype – Slashdot. What is most troubling is how Skype thinks of this vulnerability:

Skype spokesperson Chaim Haas has responded in an email, calling the bug “a minor issue,” and writing that the company plans to implement a fix in an update next week. He adds that the issue only affects “top contacts,” which means anyone attempting to exploit the bug would have to be someone the target communicates with on a regular basis. “As you can imagine, someone who you deal with frequently is probably unlikely to take advantage of this bug anyways.” Haas writes

Apparently some users have had problems with Cisco AnyConnect Software and 10.6.8. It seems that after installing the newest OS, that CAC has problems getting and staying connected. This software has had problems for some people for several years, and here are some solutions to fix them that have worked for others.

1. Upgrade your version of Bonjour or disable it. This can be a problem for machines that are 10.6.3 or earlier.
2. Use Ligion to restart the Cisco VPN service. Google this term and you will come up with the command used for this.
3. Uninstall and reinstall the software. This seems to fix it for some people.
4. Disable third-party software like Anti-virus software, firewalls or programs like Little Snitch.
5. Disable or better yet, uninstall old versions of Cisco VPN software.

One of the neat things about the Site Stats in WordPress is that it will tell you the Google search term someone used to successfully reach your page. I have always seen a ton of misspellings. For example someone typed in “anti virus” and it came up with this anti-virus article I wrote on Sophos. I wonder if there is a plugin that corrects for any misspelling in comments or google searches and helps match the appropriate search query?

15 Great Ways to Secure Your Website. This is an understandable and actionable article that discusses what you can do to protect your web site. Also I have noticed many plug-ins that claim they increase security. So if you don’t wish to follow these suggestions, type the word “security” in your Plugins Add New box and see what you like.

Bitcoin: the hacker currency that\’s taking over the web | Technology | The Guardian. I can understand the desire of people to have privacy. I wonder how we can have privacy and not enable money to be used for anti-social purposes? It is too bad money is so physical instead of virtual.

Amazon.com: Trend Micro Internet Security [OLD VERSION]: Software. This is a review for an older version of trend micro internet security. It shows that most people seem to like the software. I have not used it, but I had a friend ask me if he should buy it. It was cheaper than the competition and he felt it would do the job for him. Could be worth looking into.

Why the bad guys are winning – Computerworld Blogs. Interesting reasons. I can’t help but think that it all boils down to the 2 M’s. Money and Management. If you have those, you can fix everything else.

Hours after security update, new MacDefender variant evades it. So it is clear that the race is on. The need for Mac anti-virus software is not an option and hasn’t been for some time. I have written before that I believe Sophos is the best antivirus for Mac.

How to Retrieve Password From Browser ~ Hack Illusion – StumbleUpon. This is helpful for people who have lots of passwords. It is hard for some people to remember their passwords.

Google CEO Eric Schmidt warns governments against facial recognition technology | Mail Online. So is this saying that Google is creepy but not over the line creepy? Surprising how un PC and inconsistent Google chooses its PR to be.

Internet security: Keys to the cloud castle | The Economist. Gives you a better understanding of the security that Crashplan and Dropbox offers. Nice comparison. They always have well researched and written articles at The Economist website.

Interesting article here titled Dolly Drive 1.2 expands to 2 TB. To give more perspective to those readers I added this comment:

This isn’t a comparison of that service, but it does have some good information. At these prices I don’t see that it will be popular. After all you can buy that kind of storage for a little more money, and it is too expensive for business as well. Perhaps it will do well if it has strong encryption or better security features than DropBox that recently had some security issues.

http://chimac.net/2010/12/22/backblaze-vs-mozy-vs-carbonite-vs-jungledisk-vs-dropbox-vs-crashplan/

OSX/FakeAV-A – Viruses and Spyware – Threat Analyses – Threat Center – Sophos – StumbleUpon. I actually had this virus yesterday. Sophos found it and deleted it as soon as it found it.

Opt-Out of Online Tracking | SelectOut Privacy Manager – StumbleUpon. Do you want to not be tracked on the Internet? Simply click on the link above and it will place Opt-Out cookies on your computer! Fantastic! Thanks selectout privacy manager.

LastPass Pasword Service Hacked – Slashdot. Well cross this off the list if you want to save your password. I don’t use any password services. Some things you just have to remember manually. I hated Keychain on the Mac for this same problem. You hack one password and you get lots more. Doesn’t seem like a good security thing to me.

Errata – Certified Pre-0wned – StumbleUpon. This isn’t surprising. Out of this list only twice has Apple been guilty of shipping a virus on their devices. Now that’s quality control for 20 years.

I did that on my XP running computer and Microsoft Security Essentials said it had the Open Candy advertising malware. I just deleted it and rebooting now. What a waste. Veoh came from a legitimate download site.

Weird Awesome Stuffs – StumbleUpon. I wonder where these lead to? Seems like a good security measure. It would take so much time to climb up that the defense would have an easy time targeting.

I am not a Luddite. I recognize that the internet has revolutionized communication, business, commerce, politics, entertainment, culture and many other aspects of our world. But, like any new technology, it too is fraught with problems. This list details the negative consequences of the Internet. I have tried to order them based on severity. 10Hacking and Data Security It is difficult to establish if the internet has caused our confidential data … Read More

via Listverse

HTTPS Is More Secure, So Why Isnt the Web Using It?. I wondered this as well. It seems that for the cost versus the danger that it would not be worth it.

Apple Sued Over iPhone Data Privacy — InformationWeek. This is very concerning. Apparently data is shared by using your iPhone and there is no privacy.

Anonymous vs. HBGary: the aftermath. Interesting that less than a week later HBGary had another embarrassing security breach. How can you do business with a security company that can’t keep its own stuff private?