Security
How to Secure your Password from Hackers
Posted by admin in Security, Tips & Tricks Friday, 18 November 2011 19:45 No Comments
securing your passwords from hackers
Facebook Apps can cause problems with your Privacy
Posted by admin in Misc, Security Wednesday, 13 October 2010 17:46 No Comments
Facebook launched its widely popular application developer program back in May 2007. As of press time, there were more than 14,000 applications. Some, including most of the popular apps, are made by companies, while a few of the popular apps, and a significant number of the long tail of the less popular applications are made by individual developers.
But a new study suggests there may be a bigger problem with the applications. Many are given access to far more personal data than they need to in order to run, including data on users who never even signed up for the application. Not only does Facebook enable this, but it does little to warn users that it is even happening, and of the risk that a rogue application developer can pose.
Privacy problems for the user
In order to install an application, a Facebook user must first agree to “allow this application to…know who I am and access my information.” Users not willing to permit the application access to all kinds of data from their profile cannot install it onto their Facebook page.
What kind of information does Facebook give the application developer access to? Practically everything. According to the Application Terms of Service,
“Facebook may…provide developers access to…your name, your profile picture, your gender, your birthday, your hometown location…your current location…your political view, your activities, your interests…your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history,…copies of photos in your Facebook Site photo albums…a list of user IDs mapped to your Facebook friends.”
The applications don’t actually run on Facebook’s servers, but on servers owned and operated by the application developers. Whenever a Facebook user’s profile is displayed, the application servers contact Facebook, request the user’s private data, process it, and send back whatever content will be displayed to the user. As part of its terms of service, Facebook makes the developers promise to throw away any data they received from Facebook after the application content has been sent back for display to the user.
For the entire article, go to: http://news.cnet.com/8301-13739_3-9854409-46.html
Why wireless network setups are not a good idea!
Posted by Steven in Security Sunday, 11 October 2009 12:03 No Comments
If you run a business and have confidential data on your computers, then you should think twice about using a wireless network setup. Sure it saves time and money from having to run cables from PC to PC but you’ll allow cyber thieves with more options in which to crack into your system. I recently read an article from USA Today (Oct 9, 2009) that talked about how “Interception of data is not technically difficult”. It states how easy it is for amateur thieves to map out Wi-Fi signals (a process called “war driving”) by cruising areas with just a laptop and antenna. Upon picking up a signal, the bad guys then use free password-breaking programs (available on the Internet, how nice! :p ) to establish a virtual private network connection, thus allowing them to install “sniffer” programs. A sniffer is a program that captures data that moves across the network. The thieves customize these sniffer’s to log all data that has to do with financial information, such as credit cards. This is how 94 million credit and debit card transactions were stolen from TJX in 2007 and over 130 million such records were taken in 2008 from Heartland Payment Systems.
Now if you don’t use a wireless network, that’s great. But if you allow access to your Intranet via the web, then you have another door open for these thieves still! By using a technique called SQL injection (in which a hacker simply types in random characters into a web form’s input/password box), the person is often able to break the connection between the web page and the database, allowing him inside access.
