Dark Reading has outlined what they consider the top ten worst security practices of the average user.

Wouldn’t it be nice if you could give end users a list of the most dangerous things they do online every day, and then tell them why those activities are particularly risky?

We thought so, too. The following is our list of “The Ten Most Dangerous Things Users Do Online,” along with some explanation of the risks — and solutions — associated with each. This list was generated directly from input we’ve received from IT people like you, and is arranged in descending order of danger, based on votes received from the experts and analysts who make up Dark Reading’s editorial advisory board.

Clicking on email attachments from unknown senders
Installing unauthorized applications
Turning off or disabling automated security tools
Opening HTML or plain-text messages from unknown senders
Surfing gambling, porn, or other legally-risky Websites
Giving out passwords, tokens, or smart cards
Random surfing of unknown, untrusted Websites
Attaching to an unknown, untrustworthy WiFi network
Filling out Web scripts, forms, or registration pages
Participating in chat rooms or social networking sites

Stick this up on the door to your office. Better yet, stick it up on the company bulletin board — or post it directly to each of your users. If it keeps one user from making a big mistake, then we’ll have done our job — and so will you.

You may think this is just a cartoon, but it’s actually a good tip;


You should never send everyone in your address book the email address of everyone else in your address book. Help your friends preserve their security and privacy, use the BCC option.

Or so it would seem from an advertisement I got in the mail today trying to talk me into upgrading my DSL service from “Pro” to “Elite”.

Let’s see. It will cost me more than twice what I now pay ($14.99 a month), $20 more. To justify the cost, they offer the following;

Den ganzen Beitrag lesen…

Most Linux distributions are built to meet a specific purpose, address a specific audience. There are USB-bootable versions, live disks, versions geared toward scientific research or desktop publishing. Ubuntu Linux is one of the few distributions designed around a philosophy.

You may have heard about Ubuntu’s founder and first developer, Mark Shuttleworth.

Shuttleworth gained worldwide fame on 25 April 2002 as a civilian cosmonaut aboard the Russian Soyuz TM-34 mission, paying approximately US$ 20 million. Two days later, the Soyuz spacecraft arrived at the International Space Station, where he spent eight days participating in experiments related to AIDS and genome research. On 5 May, he returned to Earth. In order to participate on the flight, Shuttleworth had to undergo one year of training and preparation, including seven months spent in Star City, Moscow. (Source-Wikipedia) In the 1990s, Shuttleworth was a developer for Debian Linux. In 2004, he released Ubuntu Linux.

The Ubuntu website has this to say about their guiding philosophy;
“The Ubuntu community is built on the ideas enshrined in the Ubuntu Philosophy: that software should be available free of charge, that software tools should be usable by people in their local language and despite any disabilities, and that people should have the freedom to customise and alter their software in whatever way they see fit.”

Den ganzen Beitrag lesen…

Usually I prefer to review books one at a time. Since I like to not only read the book I’m reviewing but apply some of the suggestions it makes to evaluate it from an average user’s point of view as well, trying to cover more than one book per review is difficult.

In the case of these two books, though, my usual practices have to be ignored. These two books not only need to be reviewed together, they need to be purchased and read together. Allow me to expand on my reasoning.

Fedora Core is, in my experience, the first Linux distribution to include setting up SELinux (Security Enhanced Linux) as part of its installation routine. Even though SELinux is supported by Debian and Gentoo, Fedora is the only OS I’ve encountered that presents the opportunity to setup SELinux during installation. Having both these books at hand while setting up Fedora Core 5 will leave you with no unanswered questions.

Red Hat Fedora 5 Unleashed is a massive book. To look at it, someone unfamiliar with Linux might think that Fedora is a very complicated system. Actually Fedora is one of the easier distributions to install. The reason the book is so large is that it covers every aspect of the Fedora Core 5 operating system in exquisite detail.

Den ganzen Beitrag lesen…

Packaging isn’t usually an element of my book reviews. We all know what a book looks like, how can someone package a book to make it more interesting?

Sams Publishing understands that packaging is all about making your product stand out, catching the shopper’s eye. It’s what helps a potential customer choose your product over another. With the Linux Starter Kit, it’s what makes this offering unique.

SUSE has always been one of the better documented distributions of Linux. I’ve been a SUSE user since version 7. I always purchased the boxed version as it came with an extensive manual as well as the installation disks. By the time version 8.2 became available, I no longer needed the manual but I still purchased the box just to support the developers of this robust operating system. SUSE has long been one of my favorite distributions.

SUSE Linux isn’t a distribution that’s usually mentioned when the discussion turns to which distribution a new Linux user should consider. I’m not sure why. The SUSE desktop is no less intuitive than the distributions that are thought to be the easiest for someone migrating from Microsoft’s products to Linux, like Mandriva, Linspire or Xandros Desktop. Installation and setup can be a bit daunting, as there’s more to configure than the average Windows user encounters. But if they can get some assistance during that process, the result is a Linux system that is rock solid, mature and feature rich.

Den ganzen Beitrag lesen…

Some web prognosticators are predicting that one day soon our personal computer will be nothing more than a machine to host our browser. All the applications we now have installed on our individual hard drives will migrate onto the web and thus be accessible to us from any computer anywhere.

Google is pushing that future with its recent offerings of an online word processor and spreadsheet (both can be found at http://docs.google.com/). Microsoft is also looking at moving many applications off your local computer and onto the web.

Now a small group of developers are introducung a way to make your entire operating system web-based.

Den ganzen Beitrag lesen…

I’ve long used Eudora on the Windows side of my computers. It has features well worth the price for managing your email.

Now comes the good news that Eudora will soon be an Open Source application, and in the meantime will be sold at a reduced price. Perhaps someone can get this excellent product ported to Linux next year.

QUALCOMM Incorporated, a leading developer and innovator of Code Division Multiple Access (CDMA) and other advanced wireless technologies, and the Mozilla Foundation, a public-benefit organization dedicated to promoting choice and innovation on the Internet, today announced that future versions of Eudora® will be based upon the same technology platform as the open source Mozilla Thunderbird™ email program.

Den ganzen Beitrag lesen…

I’m very careful about recommending software to others. But there are certain applications that I not only recommend to everyone I talk to but also install on every computer I work on.

TinySpell falls into that category, as does IrfanView. Both of these applications will improve anyone’s productivity.

Security applications, though, are another matter. It’s harder for me to recommend my favorites because they may either conflict with the security you already have on your computer or they may require specific configuration that’s beyond some people’s abilities.

One security program I have no hesitation in recommending, though, is WinPatrol from BillP Studios. There is a free version and a shareware version, and Bill has just announced the release of a beta version. I’d encourage you to try the free version, then install the shareware version, if for no other reason than to support the excellent work Bill is doing.

As a MULTI PURPOSE SUPPORT UTILITY WinPatrol replaces multiple system utilities with its enhanced functionality. Explore deep into your system and understand what programs are installed and why. WinPatrol PLUS provides easy to understand descriptions of over 12,000 programs.

As a robust SECURITY MONITOR, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol PLUS includes our unique, patent pending R.I.D. technology.

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You’ll be removing dangerous new programs while others download new reference files.

Den ganzen Beitrag lesen…

The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

As reported in C|Net Newstoday:

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer’s Mac OS X and Linux, they said.

“Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure,” said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

The flaw is specific to Firefox’s implementation of JavaScript, a 10-year-old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a “complete mess,” he said. “It is impossible to patch.”

The JavaScript issue appears to be a real vulnerability, Window Snyder, Mozilla’s security chief, said after watching a video of the presentation Saturday night.

Den ganzen Beitrag lesen…