Security

Visual Map of Internet Attacks

A computer security firm called Norse

has released a stunning data visualization map of internet attacks. It shows a fraction of the scope of constant threats affecting countries today. You can see penetration attempts in real time over services like http (web servers) and smtp (email servers), and more.

 

Norse visual map of internet attacks

Norse visual map of internet attacks

http://map.ipviking.com

via PC World from this article.

 

 

Read More

Be aware of the Heartbleed bug

On April 8 I was notified by WiredTree, our hosting company, that their servers had been patched against a newly discovered (and serious) flaw in the SSL encryption technology which underpins secure browsing over https.

It is called the Heartbleed bug.

Our servers were not affected, as they ran CentOS5 and did not use Litespeed. Other sites which did use LiteSpeed were affected.

Read more at:
http://heartbleed.com/
https://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities

UPDATE

An article on Thursday explains how the bug crept in the Open Source software.

Heartbleed, a “catastrophic” security flaw in the OpenSSL cryptographic protocol that has affected two-thirds of the entire Internet’s communications, was committed at 10:59 pm on New Year’s Eve by Seggelmann, a 31-year-old Münster, Germany-based programmer.

That night, he made an error that has been compared to the misspelling of Mississippi, a careless but almost inevitable mistake that went undetected for over two years.

Read More

Target website hiding its data theft warning

Target’s had a big red target leveled at its data systems recently; the intrusion and theft of over 100 million consumer credit & debit card information is almost the largest in history.

It’s website features a notice to consumers; but strangely, 2 seconds after the home page loads, an ad overlay obscures the warning text and link.

Purposeful or by accident, it’s a big oops on top of the disaster.

See the site 1 second after load:

website shows theft message at page load

The Target website shows theft message at page load

And 2 seconds later:

Target homepage after 2 seconds; the warning is covered over

Target homepage after 2 seconds; the warning is covered over

Intentional or by accident?

Does the law require companies to disclose breaches?
As an aside, most States do not require the companies disclose successful network breaches to their customers. A law firm has published a useful chart to track State-by-State requirements.

http://www.perkinscoie.com/statebreachchart/

The write:

Perkins Coie’s Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification.  The chart is for informational purposes only and is intended as an aid in understanding each state’s sometimes unique security breach notification requirements.  Lawyers, compliance professionals, and business owners have told us that the chart has been helpful when preparing for and responding to data breaches.

Maine has such a disclosure law on its book.

Read More

Website hacks are like lawn dandelions

Google acknowledged (and fixed) a major vulnerability in its google.com and gmail.com domains.

Redirection, cross-site scripting, cross-site request forgery, and SQL-injection vulnerabilities are to websites what dandelions are to suburban lawns. Even sites maintained by experienced and highly vigilant Web developers are likely to suffer from these Web-application bugs.

From ArsTechnica. Read more here.

Read More

Add a password to your Mac Zip File

Apple makes it easy to compress files using the right-click contextual compression command, but it provides no easy way to add a password to the resulting zip file. You can use the Terminal program to add a password, but it’s prone to mistakes and more time consuming.

 

Instead, use this program called Keka.

http://www.kekaosx.com/en/

Keka is a free file archiver for Mac OS X. The main compression core is p7zip (7-zip port).

Compression formats supported:  7z, Zip, Tar, Gzip, Bzip2, DMG, ISO

Extraction formats supported:  RAR, 7z, Lzma, Zip, Tar, Gzip, Bzip2, ISO, EXE, CAB, PAX, ACE (PPC)

Read More

Follow me on Twitter

About PDG & Associates

Paul D. Gurney is the founder of PDG & Associates (since 1996). This "What's New" blog features highlights and commentary on interesting topics related to the web design and development field.

We specialize in building websites with user-friendly content management systems, built with open source technologies like PHP, mySQl, python and jquery.

2009 Blog Archives

Visit our 2009 blog archives for more postings.

Translate

EnglishFrenchGermanItalianPortugueseRussianSpanish