Posts Tagged ‘security’

The Bible is telling people your passwords

Posted on: October 9th, 2013 by SoftwarePatch.com No Comments

A recent report has claimed that the Bible is giving passwords away. Top IT news site Ars Technica spoke to password security researcher Kevin Young, who described how he and fellow researcher John Dustin fed about 15,000 books, including the Bible, into their password cracking software. The software managed to uncover a multitude of passwords which used words borrowed from popular literature and films, emphasizing the fact that Star Wars, Harry Potter or, yes, the Bible really shouldn’t be the inspiration for checking your security on the internet.

A false sense of security with Google Chrome

Posted on: August 9th, 2013 by SoftwarePatch.com No Comments

Be careful of storing passwords in Chrome – a serious flaw in its security means that anyone with access to your computer can see your passwords. By just clicking on the settings icon, choosing ‘Show advanced settings’ and then ‘Manage saved passwords’ gives you access to any passwords you’ve inputted whilst browsing. A plain-text option reveals the passwords properly, meaning that they can simply be copied and pasted in an email, or captured in print screen.

 

 

The problem is Google is entirely aware of this problem but isn’t willing to address it. In a bizarre statement Justin Schuh, the head of Google’s Chrome developer team, said:

“We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works. We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account that they can get at everything.”

In theory this is true, but it should not be suggested by the organization behind one of the three most widely-used browsers on desktops worldwide. Firefox, Internet Explorer and Safari all had similar problems, with the difference being that they chose to address it – either through the addition of a master password or through an increase in security features.

If you use Chrome and you’re not the sole user of your computer – or even if there’s any chance that someone else might have access to your browser – be wary of the way you store passwords. Either deselect the option when the standard Chrome request pops up after a log-in, or at this stage, choose a different browser.

Internet security tips – What is Microsoft EMET?

Posted on: July 29th, 2013 by SoftwarePatch.com No Comments

As the everyday PC user has more and more software on their computer originating from vendors big and small, the likelihood of an exploitable vulnerability remaining unpatched is ever growing. The developers of your anti-virus software or the vulnerable program might not be able to patch the vulnerability as quickly as they get discovered, but there are some helpful tools to make these vulnerabilities as hard to exploit as possible. One of these tools is Microsoft EMET.

Microsoft EMET stands for Enhanced Mitigation Experience Toolkit, and it is a utility that helps preventing software vulnerabilities from being exploited. EMET is using security mitigation technologies to achieve this goal to make exploitation as difficult as possible, as a possible attacker will face extra obstacles to get through. It can be used with any software, regardless of when it was written and who the author or vendor is; it doesn’t need to be a software product of Microsoft.

EMET can be downloaded from the Microsoft TechNet page, and requires the Microsoft .NET Framework to operate, which can be downloaded from the Download section of Microsoft’s website. The latest version, EMET 4.0 has got a Certificate Trust feature to detect man-in-the-middle attacks leveraging the public key infrastructure.

After installing, EMET must be configured to protect the piece of software you want to be protected. For this, you need to provide the name of the program and its location on your PC. The above mentioned Certificate Trust will need you to provide the list of websites you want to protect. For a detailed introduction please visit www.microsoft.com/emet where you can download the latest version that comes with a detailed user guide.

By Gergely Sumegi