ENTRIES
Welcome to Eric Cheng's online journal! You are not logged in. [ Log in ]

Switch to secure browsing on Facebook NOW

:: Tags: , ,

If you’re reading this and are not already browsing Facebook using HTTPS (secure HTTP), you need to go to Facebook RIGHT NOW and enable the option (lest you fall victim to Firesheep). In in your Account Settings under Account Security -> Secure Browsing (https). If you need more help, Gizmodo has a great tutorial about how to do it.

San Francisco, CA | link | trackb | 1 comment » | Feb 2, 2011 00:23:23

How to protect yourself from Firesheep

:: Tags: ,

Firesheep is a Firefox extension that allows users to steal login cookies on popular websites, which allows the user to login as you if you are browsing on the same network. It was release last week and has already forced sites like Facebook to issue statements addressing security. I downloaded it just now to test it out, and ran it while I logged into Facebook, Gmail, Amazon, Twitter, and other sites I frequent often. Here’s what Firesheep sniffed out:


Firesheep can login to a lot of the sites I use

Double clicking on an avatar or account in the sidebar immediately opened a browser session as me, logged into the website shown. Anyone running Firesheep on an open network can sniff out and login as anyone on the network who is actively using the websites Firesheep knows about. (read more »)

San Francisco, CA | link | trackb | 1 comment » | Nov 1, 2010 22:17:44

Warning: Firefox stores passwords in plain text

:: Tags: ,

This is an security problem that has been rehashed numerous times, but I’ve found that none of my friends seem to know that it is an issue. Note that if you’re someone who keeps all of your passwords on a sticky attached to your monitor, you probably won’t care about any of this.

I love Firefox and rely on it heavily, but one thing that has always bothered me is that its password manager stores passwords in plain text and by default, allows anyone at your computer to see them. You can see this for yourself, and if you’re like me, it will probably freak you out to actually see your password written out.

In Firefox, go to Preferences->Security:

Click on Saved Passwords, and then Show Passwords. Firefox will ask you if you’re sure. Click Yes, because that’s what someone snooping around on your machine would do.

Surprise! All of your passwords are there, in plain text.

Note that Firefox does offer a “Use a master password” option in its security dialog. This does prevent the casual snooper from seeing your passwords, but it also prompts you for a password every time a webpage wants to auto-fill a password field once per session. In my world, that happens 20-30 times a day (if not more). Unacceptable. [Corrected: John Lilly wrote me to let me know that Firefox only asks once per session. This behavior is totally usable, but there are still some issues. When I launched Firefox with more than one tab open, it prompted me once for each tab.]

Solutions:

  1. Uncheck Remember passwords for sites and use 1Password. I swear by 1Password, and everyone I’ve demoed it for starts to use it.

  2. Switch to Safari, Chrome, or Camino, all of which use Mac OS X’s Keychain to store passwords securely.

I’m going to stick to Firefox — for now — but it is a huge convenience FAIL that I have to turn off the feature to save passwords. As more plugins start to appear in Chrome, I’m more and more tempted to Switch; this security issue is the number 1 reason.

San Francisco, CA | link | 13 comments » | May 4, 2010 10:32:24

PGP 9.9.1 for Mac disables Mail bundles in Leopard

:: Tags: , , ,

I just reinstalled PGP Whole Disk Encryption (WDE) on my MacBook Pro 17″ running Mac OS 10.5.8. I’m not using it to encrypt my entire drive, but I used to use it to encrypt entire backup volumes so the data on them cannot be used if the drive itself is stolen (when traveling, mostly).

I’m embarrassed to be a FileVault user, but I don’t see any other way to have certain parts of my disk remain fast, while keeping other parts encrypted (and slow). (read more »)

San Francisco, CA | link | trackb | no comments » | Aug 19, 2009 23:16:53

1Password: password manager for websites

:: Tags: ,

I did some research yesterday on website password managers for Mac OS X. A good place to start is Alex King’s blog; he has written two thought-provoking articles about why you shouldn’t use the same password for everything, and how software can help your password / login workflow (Passwords, More on Passwords).

Really, it should just be common sense to not use the same password for everything; after all, you have no idea how a particular website is going to store your super-secret password. What if your password is stored in plain-text on a server with a gaping security hole? What if the website likes to email you a password reminder — in plain text — every month? I’ve seen sites that do all sorts of bad things, and if you use the same password at an insecure site as you do at your bank’s website, you’re asking for trouble. And even if you use different passwords, you need a secure way to store them all. The worst I’ve seen is someone who kept all of their passwords and financial account numbers in an Excel document on their notebook computer’s desktop. I suspect that sort of thing isn’t as rare as it might seem to be. (read more »)

San Francisco, CA | link | trackb | 4 comments » | Jul 26, 2009 13:41:51

Prevent Facebook from using your photo in ads

:: Tags: ,

I just came across a particularly disturbing article about Facebook’s ad policy, which by default allows the use of your face in advertisements targeted at your Facebook friends (via @johnolilly).

Facebook occasionally pairs advertisements with relevant social actions from a user’s friends to create Facebook Ads. Facebook Ads make advertisements more interesting and more tailored to you and your friends. These respect all privacy rules.

To turn this off, go to Settings -> Privacy -> News Feed and Wall -> Facebook Ads -> Appearance in Facebook Ads and select “no one.”

Note that this privacy page doesn’t appear in Firefox 3.5 if you use AdBlock Plus extension. Even selecting “disable on this page only” in AdBlock Plus and refreshing the page won’t make the controls appear. I had to completely disable AdBlock Plus and refresh to the page in order to see them. Alternatively, you could use another browser (e.g. Safari, Chrome).

San Francisco, CA | link | trackb | 6 comments » | Jul 17, 2009 12:37:24
ARCHIVES
Journal Home
Where is Eric? (password)
Stuff for Sale
February 2014 (2)
December 2013 (1)
October 2013 (1)
June 2013 (3)
May 2013 (2)
April 2013 (3)
March 2013 (1)
February 2013 (2)
January 2013 (3)
November 2012 (2)
October 2012 (3)
September 2012 (8)
August 2012 (8)
July 2012 (8)
June 2012 (8)
May 2012 (5)
April 2012 (8)
March 2012 (15)
February 2012 (7)
January 2012 (6)
December 2011 (8)
November 2011 (10)
October 2011 (12)
September 2011 (8)
August 2011 (14)
July 2011 (9)
June 2011 (9)
May 2011 (11)
April 2011 (11)
March 2011 (12)
February 2011 (23)
January 2011 (22)
December 2010 (16)
November 2010 (17)
October 2010 (26)
September 2010 (24)
August 2010 (24)
July 2010 (30)
June 2010 (26)
May 2010 (21)
April 2010 (26)
March 2010 (19)
February 2010 (17)
January 2010 (29)
December 2009 (21)
November 2009 (23)
October 2009 (32)
September 2009 (19)
August 2009 (34)
July 2009 (21)
June 2009 (30)
May 2009 (23)
April 2009 (18)
March 2009 (6)
February 2009 (25)
January 2009 (5)
December 2008 (6)
November 2008 (22)
October 2008 (27)
September 2008 (25)
August 2008 (34)
July 2008 (34)
June 2008 (32)
May 2008 (26)
April 2008 (15)
March 2008 (19)
February 2008 (31)
January 2008 (43)
December 2007 (33)
November 2007 (29)
October 2007 (29)
September 2007 (9)
August 2007 (19)
July 2007 (10)
June 2007 (17)
May 2007 (26)
April 2007 (38)
March 2007 (39)
February 2007 (13)
January 2007 (35)
December 2006 (35)
November 2006 (14)
October 2006 (6)
September 2006 (20)
August 2006 (24)
July 2006 (32)
June 2006 (17)
May 2006 (23)
April 2006 (16)
March 2006 (16)
February 2006 (26)
January 2006 (33)
December 2005 (17)
November 2005 (21)
October 2005 (18)
September 2005 (17)
August 2005 (5)
July 2005 (15)
June 2005 (20)
May 2005 (25)
April 2005 (7)
March 2005 (22)
February 2005 (20)
January 2005 (38)
December 2004 (6)
November 2004 (24)
October 2004 (16)
September 2004 (22)
August 2004 (12)
July 2004 (17)
June 2004 (15)
May 2004 (11)
April 2004 (35)
March 2004 (40)
February 2004 (29)
January 2004 (36)
December 2003 (20)
November 2003 (18)
October 2003 (10)
September 2003 (18)
August 2003 (10)
July 2003 (34)
June 2003 (12)
May 2003 (49)
April 2003 (42)
March 2003 (42)
February 2003 (15)
January 2003 (7)
December 2002 (17)
November 2002 (19)
October 2002 (24)
September 2002 (22)
August 2002 (20)
July 2002 (21)
June 2002 (14)
May 2002 (15)
April 2002 (11)
March 2002 (13)
February 2002 (20)
January 2002 (17)
December 2001 (16)
Even Older Journal
Travel Journals

CATEGORIES / TAGS
(25) (2) (1) (3) (1) (1) (1) (6) (2) (3) (11) (8) (3) (1) (1) (4) (2) (4) (2) (1) (6) (1) (1) (1) (6) (2) (1) (1) (1) (3) (1) (5) (1) (1) (23) (1) (1) (1) (1) (1) (14) (1) (10) (1) (1) (2) (1) (1) (1) (27) (6) (3) (2) (4) (4) (1) (1) (41) (11) (12) (4) (38) (1) (3) (2) (4) (1) (1) (1) (1) (2) (1) (1) (1) (1) (1) (10) (25) (8) (3) (2) (3) (2) (1) (5) (1) (1) (2) (1) (1) (14) (1) (5) (1) (1) (5) (43) (1) (1) (1) (3) (24) (1) (1) (1) (1) (5) (1) (4) (1) (1) (10) (1) (3) (1) (1) (1) (1) (6) (5) (1) (1) (1) (3) (1) (3) (1) (1) (1) (69) (4) (3) (7) (3) (1) (16) (6) (1) (29) (1) (7) (1) (4) (4) (4) (1) (1) (1) (1) (1) (1) (1) (10) (4) (4) (2) (1) (89) (14) (1) (2) (79) (2) (2) (1) (1) (1) (1) (1) (1) (3) (2) (3) (1) (1) (24) (3) (5) (4) (1) (2) (1)
MOST POPULAR

Eric Cheng's RSS Journal Journal RSS
Eric Cheng's RSS Journal Comments RSS

proudly powered by wordpress
script exec time: 0.95s
i hate computers.