Devious domain typo hijacking
I just tried to visit Facebook but typed the URL wrong and typed “faceobook.com” (note the extra ‘o’). Here’s where I ended up: Devious, eh? Needless to say, I did not participate in the “anonymous survey.”
Category Archives: Computer Security
The wrong way to be a good samaritan
You’ve probably heard by now (the party line from Gawker, an a much more comprehensive analysis from Forbes) that a huge database of Gawker Media usernames and (poorly) encrypted passwords was recently stolen, and that the thieves published the stolen data for anyone in the world to download, and that the thieves managed to crack… Read More »
Mac OS X Mail parental controls vulnerability
The parental controls built into the Mac OS X Mail client can be easily bypassed by anyone who knows the email address of the child and his/her parent. The Mail client can be fooled into adding any address to the child’s whitelist (i.e., the list of addresses with whom the child is allowed to correspond),… Read More »
Supposed SysAdmin & Network Security experts don’t know how to run a secure Web site
Yesterday, I decided I wanted to unsubscribe from one of the e-newsletters published by SANS, which bills itself as, “the most trusted source for computer security training, certification and research.” There were no instructions in the e-newsletter for how to unsubscribe, so I went to their Web site. It told me that I had to… Read More »
It’s MY desk, dammit!
I share my home office with my kids, an unfortunate necessity in a house with five bedrooms, five children, and no dedicated office space (the “office” is actually one of the bedrooms). All the kids are fully aware of the “never, ever touch anything on Daddy’s desk” rule, but apparently the stuff on my desk… Read More »
American Express has a definition of “electronically” I haven’t heard before
I recently received a letter from American Express confirming that I’d enrolled in online bill payment. I received the letter on paper, in an envelope, with a stamp on it, in the mailbox on my porch. The final sentence of the letter, all the way at the bottom, below the signature, reads as follows: You… Read More »
WordPress inadvertent disclosure bug
As I previously wrote, I recently had to change my password on over 300 Web sites because my default “medium-security password” was compromised. The compromise was caused by a bug in the WordPress blogging platform which can result in inadvertent disclosure of information when content is pasted into the WYSIWYG text editor built into WordPress.… Read More »
Discover is replacing credit cards because of the Heartland data breach
I haven’t seen this posted anywhere else… I received in the mail today replacement Discover Cards for my wife and me. Our cards were not due to expire for quite a while. They were attached to a special-purpose mailing sleeve, not the generic sleeve they usually use when mailing out new cards. Some highlights of… Read More »
Password security hall of shame
As I wrote earlier today, I just changed my password on over 300 Web sites. In the process, I encountered a large number of sites which simply don’t know how to do password security properly. Some of these sites are operated by major corporations which are entrusted by their users with confidential and sensitive personal… Read More »
Why I just spent three days changing my passwords on over 300 Web sites
“Hi, my name is jik, and I’m a password reuser.” “Hi, jik!” If there isn’t a “Password Reusers Anonymous”, there probably should be. By “password reuse,” I mean using the same password over and over on multiple Web sites. It’s a really bad idea, and I should know that better than most, since I’ve worked… Read More »