Arsip untuk Kategori ini » keamanan «

Senin, 29 Oktober, 2012 | Penulis:

Tampaknya, dalam kebijaksanaan tak terbatas, Google memiliki fitur keamanan yang dapat memblokir aplikasi dari mengakses atau menggunakan akun google Anda. Aku bisa melihat bagaimana hal ini mungkin menjadi masalah bagi pengguna Google, khususnya mereka GTalk dan Gmail pengguna. Dalam kasus saya itu Pidgin mengalami masalah dengan Mengoceh layanan (yang secara teknis bagian dari GTalk). Saya menemukan solusi setelah sedikit penggalian. Aku terkejut melihat berapa lama masalah itu dan berapa lama fitur ini telah ada!

Untuk membuka account dan mendapatkan aplikasi online Anda, menggunakan halaman Captcha Google di sini.

Bagikan
Jumat, August 21st, 2009 | Penulis:

Have we here a Facebook Stalker?!

Of great consideration to online privacy are facebook stalkers. If a stalker randomly manages to add a few of your friends and you have your Profile Privacy Settings allowingFriends of Friendsto see everything then your stalker effectively has access to your profile even without having added you.

I’ve now adjusted my privacy settings more strictly and I’ve used theSee how a friend sees your profile:” tool to get an idea of how it changes things.

Saya “BasicInformation I had available toFriends of Friends”. This includesGender, Birthday, Hometown, Political and Religious Views and Relationship Statusaccording to Facebook’s description. You might think it fair that friends of your friends have an idea of how you roll.

But can you trust semua your friends anti-stalker spidey-senses?

I think NOT.

I previously had it that friends of friends can see my photos and videos but not much else. I’m thinking of changing that now too.

But wait, there’s More!

Further to this, we should be vigilant offakeFacebook profiles. Stalkers are usually apt enough to create more than one account with fake names. If you block one they create another and attempt to get a glance at your profile once more. I’ve created a friend group calledPrivacy Pls”. This group is limited from being able to see anything other than a very basic page. Thisbasicview is akin to when you first started using Facebook and didn’t know you could add lots of stuff in there (stuff you later realised you didn’t want anyway).

If someone adds me and I’m not absolutely sure who it is, I add them to myPrivacy Plsgroup. Also if someone adds me and I don’t want to offend them by ignoring their invite I’ll rather add them to this group. Perhaps you feel you have a pervy boss for example.

But Wait! There’s Moreand this time you can do it TOO!

To do this for yourself, go to your Friends page, clickCreate New List”, and name it something appropriate – “Privacy Plsin my case. Add the appropriate friends to this list now or add any futuresuspectfriends to the group.

Next, go to the Profile Privacy Settings page. Underneath each section you will find aEdit Custom Settingsbutton. Click the first one and, at the bottom of the dialog that pops up, you will findExcept these people”. Add yourPrivacy Plsgroup here. Do the same for all the sections you don’t want them to see. When done, use thefriend’s viewtool to confirm what is made available to persons on that list.

And the Friend-of-Friend Stalker?

To prevent yourFriend-of-FriendStalker from being able to see your profile, do yourself a favour and think very critically about what you want potential stalkers to be able to see. Now go change those Privacy Settings toOnly Friends”.

For the Photo Crazy

Check up on your Photo Album Privacy settings. This is set up much the same as your profile settings. Consider carefully who you want to be able to see which photo albums and adjust the permissions appropriately!

Your Personal Contact Information

Akhirnya, check up on your Contact Information: Click theProfilebutton towards the top left of the Facebook page to get to your profile. Then click on theInfotab within your profile. When you mouseover the Contact Information section you will see anEditlink pop up on the right. Click this button to start editing your details.

Next to each item you will find alockicon. Click this lock to define further permissions for which friends are able to see the items. You’ve never give your address and phone details to a dodgy stranger you meet on the street. Why do we then go and give it away to everyone on the Internet. I recommend the following:

  • AllowNo one” pada:
    • email address
  • AllowOnly Friends” pada:
    • IM Screen Names
  • Remove completely or allowNo one” pada:
    • mobile phone number
    • landline number
  • Limit the following:
    • address detailsgive your area or suburbbut NOT your full address

Hopefully we don’t all have to learn our lessons the hard way.

P.S. (especially to the guys and gals who have asked) I’ve been extremely busy these last couple of weeks. I have a lot of unedited content I’m hoping to make publishable very soon!

Bagikan
Kategori: pribadi, keamanan  | Tags: , , ,  | Satu Komentar
Minggu, 19 April, 2009 | Penulis:

saya pikir Internet adalah tempat yang menakutkan. Ya, saya. Beberapa hari saya menemukan diri saya ngeri untuk menemukan paling rendah dari bajingan kriminal mencoba untuk mencuri mata pencaharian kami.

Ya, orang-orang, ada penjahat di luar sana dan mereka ingin uang Anda atau mereka ingin menggunakan Anda untuk membuat uang. Apa yang lebih menakutkan adalah sejauh mana mereka bersedia untuk pergi, bahkan mempertaruhkan ANDA. Tidak lulus Go. Tidak mengumpulkan $200.

Saya menerima email yang mengatakan bahwa saya sedang ditawari pekerjaan sebagai “Asisten Daerah” dan, meskipun rincian tidak diberi, email menyarankan bahwa itu adalah kesempatan yang sah. Aku menjawab bertanya tentang di mana mereka akan menerima rincian saya dan juga tentang apa yang akan mereka butuhkan dari saya.

Menjadi skeptis saya, Saya pikir saya bisa melihat scammers mil jauhnya. How fortunate that I can still laugh at the idea.

A few hours later, they replied indicating that I’d soon receive further instructions. They’dprobablybeen referred to me by a friend and they had a pile of referrals and so couldn’t specify which friend had recommended me. I waited patiently and left it to the back of my mind. “They’ve probably found a good candidate already and I’ve lost out”, I thought. “How nice that a friend might refer me. Obviously I’m Awesome.” (and daft :-/)

So later on, I receive my email with myfurther instructions”. This is where I finally realised that I was dealing with scammers:

Hi. We’d like to start a trial task. Our customer will make a bank transfer to you this week. Please go to our site <site omitted> untuk menyerahkan rincian perbankan di mana transfer akan pergi ke. Setelah kami membentuk sejarah transaksi yang baik, Anda akan menerima antara 2-3 transfer per minggu (jumlah sekitar R10 000 masing-masing kecuali sidang transfer pertama).
Konfirmasikan bahwa Anda dapat mulai. Kami tidak mengirim transfer ke rekening Anda sampai kami menerima konfirmasi dari Anda.
Pada hari Senin Anda akan menerima pemberitahuan, informasi rinci dan instruksi mengenai transfer. Terima kasih dan memiliki akhir pekan yang indah.

Katakan apa??? Aku memeriksa situs web yang bersangkutan dan, tanpa keraguan, ini adalah skema pencucian uang yang dilakukan oleh para profesional. Mereka tahu apa yang mereka lakukan dan mereka mungkin mencuci jutaan setiap bulan. Apa lagi adalah bahwa, pasti, mereka akan sekrup Anda atas dan polisi untuk menangkap ANDA. Penjahat ini dapat meninggalkan bukti di belakang melibatkan Anda bahkan jika semua yang Anda lakukan adalah rajin bergerak uang dari satu tempat ke tempat lain… dan terus persentase kecil untuk diri sendiri. 😛

Pencucian uang adalah uang haram mana (dicuri, probably) ditransfer melalui pihak ketiga untuk tampil lebih sah. Anda aksesori untuk kejahatan dan, bahkan lebih buruk, Anda bahkan mungkin menjadi korban dari itu. Mengakui ketika kesempatan terlalu bagus untuk menjadi kenyataan. Aku tertipu untuk sementara waktu. Selanjutnya, mengingat bahwa korban mungkin memberikan banyak informasi pribadi, scammers mungkin mencuri identitas Anda dan mulai untuk melibatkan Anda dalam kegiatan penipuan tanpa Anda pernah telah melakukan hal.

Jika Anda kebetulan telah memberikan rincian seperti di atas di mana mereka ingin rincian perbankan saya, hubungi bank Anda dan menginformasikan mereka tentang situasi. Mereka akan memberi Anda mungkin saran terbaik tentang apa yang harus dilakukan selanjutnya. Jika Anda sudah menanggapi surat namun belum sudah memberi mereka informasi yang mereka inginkan, tidak membalas lebih jauh. Saya juga menyarankan memanggil polisi setempat untuk saran lebih lanjut.

Bagikan
Rabu, March 18th, 2009 | Penulis:

[mengedit] So much for that. It turns out that openssl is able to determine that the key and certificate are already in a single file. Therefore, no csplitting required (baik, I hope somebody reading this at least learned about how nice csplit is). In fact, the whole script might as well be obsoleteblaargh. Well, at least it gives a nice warning about not giving a blank passphrase. 😀

Here’s the new version:

pem2pfxconverts a .pem-formatted file containing a private key and signed certificate into a Windows-compatible .pfx certificate file.

#!/bin/bash
#pem2pfx
#v0.2
#Rumit - brendan@swiftspirit.co.za
# Converts a .pem certificate file to .pfx format
# $1 is the source file
set -e
 
if [ $# = 1 ]; kemudian
  outputfile=`echo $1 | sed 's/.pem$/.pfx/'`
 
  echo "Please specify a password below. Windows refuses to import a .pfx certificate with a blank password."
  openssl pkcs12 -export -out $outputfile -in $1
 
 else
  echo "pem2pfx - converts a .pem formatted private-key and certificate file to an IIS-compatible .pfx file."
  echo "Usage: pem2pfx inputfile.pem"
fi

lebih…

Bagikan
Hari Kamis, March 05th, 2009 | Penulis:

Why is it that we’re so gullible?

I even considered for a whole second that my colleague had cross-checked the following SPAM before posting it on our IRL noticeboard. Please note that the following text originally had really bad-for-your-eyes fonts and colours. 😉

Urgent Warning from
Cell C, Telkomsel & MTN!

[business card of aLegal Representativeof the Special Investigating Unit]

Dear All,
If you receive a phone call on your mobile from any person, saying that, he or she is
a company engineer, or saying that they’re checking your mobile line, and you have
to press # 90 atau #09 or any other number.
End this call immediately without pressing any numbers.
There is a fraud company using a device that once you press #90 atau #09 they can
access your ‘SIMcard and make calls at your expense.
Forward this message to as many friends as you can, to stop it.
All mobile users pay attention if you receive a phone call and your mobile phone
displays (XALAN) on the screen don’t answer the call, END THE CALL IMMEDIATELY,
if you answer the call, your phone will be infected by a virus..
This virus will erase all IMEI and IMSI information from both your phone and your SIM
card, which will make your phone unable to connect with the telephone network. You
will have to buy a new phone. This information has been confirmed by both Motorola
and Nokia.
PLEASE FORWARD THIS PIECE OF INFORMATION TO
ALL YOUR FRIENDS HAVING A MOBILE.

The first things that got me thinking was the text denoting authority at the top of the page. Sekarang, bear in mind this is on a noticeboardnot my inbox where my anti-spam senses are at their peak.

Who could possibly have the authority to say they’re sending out a notification on behalf of each of South Africa’s tri-opoly of GSM providers? Okay, so its someSpecialLegal team that sounds government-type. They’re legitit turns outbut they probably don’t have enough time to take my call asking if this is all true. Absolutely everything on the Internet must be true, especially anything I say. 😛

So anyway, now that we’re over the silliness, let’s break this hoax down:

Official Documentation

Bar a business card, which is hardly standard in any industry, there is no official contact information. I’d expect at least a letterhead or a misguided trailing disclaimer.

Presentation and Language

There are actually 2 notices here regarding separate threats however it isn’t obvious without reading the text in full. This is because the paragraphing and grammar are very poor. Government institutions don’t normally issue poorly-worded or paragraphed documentation. Juga, why not issue a separate notification regarding each threat separately?

Dan Lime Green??? bleh

There are no links to further resources

Any warning of this sort would undoubtedly offer further information or advertise the online presence of the institution. Juga, perhaps they’d like for you to give feedback on the situation or maybe they’d like us to report on further suspicious activity. But no. Nothing. Just a specific representative’s business card. What if the guy dies, finds a better job, atau leaves the country?

There is a fraud company … “

This means that they haven’t any clue who it is. This is a broad and passive statement. Question whenever someone saysthey” atau “people who”. Who is thisfraud company”? Where isthere”? And why doesn’t this crack government legal team (who have to use chain mail to spread warnings) let us know through their uber-powerful chain mail network?

Forward this message to as many friends as you can

Saya, oh my. This line has probably been in every chain letter / social engineering virus (my special definition) since sliced bread.

This information has been confirmed by both Motorola and Nokia.

They’re trying to prevent you from thinking for yourself and try to verify their claims independently. They’re sayingYou’re stupid to check. We already checked for you. :-D”. Tentu saja, in reality, they’re just trying to take advantage of our gullible nature.

“#90 or #09” dan “XALAN

There isn’t any way for you to verify this. Again, question everything. Google’s first page of results is riddled with the wordsCell phone warning hoax”. duh.

If you get a message like the above from your friends, reply and tell them to stop sending spamand maybe give them a link to this page so they know why. 🙂

Bagikan