Enable https on twitter
Twitter erlaubt es nun alle Verbindungen über https laufen zu lassen.
- Go to your Twitter settings page.
- Tick the Always use HTTPS checkbox.
- Click Save and re-enter your password when prompted.
Archived entries for Security
Wipe clean SSDs
Über das “richtige” Löschen von Daten wurde ja schon viel geschrieben, jetzt haben sich Forscher der University of California in San Diego mal die Ergebnisse der üblichen Methoden bei SSDs angesehen:
The researchers found that as much 67 percent of data stored in a file remained even after it was deleted from an SSD using the secure erase feature offered by Apple’s Mac OS X. Other overwrite operations – which securely delete files by repeatedly rewriting the data stored in a particular disk location – failed by similarly large margins when used to erase a single file on an SSD. Pseudorandom Data operations, for instance, allowed as much as 75 percent of data to remain, while the British HMG IS5 technique allowed as much as 58 percent.
Eine (naheligende) Lösung:
The researchers found the most effective way to sanitize data on SSDs was to use devices that encrypted their contents. Wiping happens by deleting the encryption keys from what’s known as the key store, effectively ensuring that the data will remain encrypted forever.
Embed a TrueCrypt Volume Video File
lifehacker erklärt wie man ein TrueCrypt Volume in einem (abspielbaren) Video versteckt. Cool Stuff!
First you need a suitable mp4 file to hide your TrueCrypt container. (…) Really any mp4 file will do, but try to find a file that matches the proportional size of the container you are going to create. Once you have your video file, create a TrueCrypt container. Use the “Hidden Container” option, this generates a container-inside-a-container. (…) Now that you have your two files, the magic happens. Martin Fiedler, a software engineer from Germany, created a Python script named tcsteg.py that will now merge these two files together. Execute “python tcsteg.py Movie.mp4 NameOfTrueCryptVolume.mp4” from a command line to make the merge.
Socialnetwork Security
socialnetworksecurity.org veröffentlicht Sicherheitslücken in Sozial Netzwerken.
Diese Webseite wurde gegruendet, um Sicherheitsluecken auf Social Network Portalen aufzuzeigen.
Der Autor hat in der Vergangenheit vergeblich versucht die entsprechenden Social Networking Betreiber zu kontaktieren, wurde dabei jedoch oftmals mit unzureichender Security Awareness seitens der “Ticketbearbeiter” enttaeuscht. (…) Diese Webseite soll entsprechend die Augen der Verbraucher oeffnen und durch das Aufdecken von Sicherheitsluecken auf Social-Network Seiten dazu beitragen, dass die Betreiber aktiv reagieren und die entsprechenden Sicherheitsluecken zeitnah schliessen. Die Praxis zeigt das medialer Druck auf die Betreiber einiges bewirken kann….
Silently determine Login Status
Mike Cardwell zeigt wie sich via JavaScript feststellen lässt ob jemand bei Facebook, twitter, … angemeldet ist:
When you visit my website, I can automatically and silently determine if you’re logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you’re logged into GMail, but would you care if I could tell you’re logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?
Das lässt sich natürlich auch halbwegs sinnvoll nutzen, z.B. um mailto: Links durch einen Gmail Compose Links zu ersetzen:
$('<img/>').hide()
.attr('src','https://mail.google.com/mail/photos/static/AD34hIhNx1pdsCxEpo6LavSR8dYSmSi0KTM1pGxAjRio47pofmE9RH7bxPwelO8tlvpX3sbYkNfXT7HDAZJM_uf5qU2cvDJzlAWxu7-jaBPbDXAjVL8YGpI')
.load(function(){
$('a[href^="mailto:"]').each(function(){
var email = $(this).attr('href').replace(/^mailto:/,'');
$(this).attr('href','https://mail.google.com/mail/?view=cm&fs=1&tf=0&to='+escape(email));
});
})
.appendTo('body');