http://www.defendingthekingdom.com Security and Privacy in Your Digital Life Tue, 23 Feb 2010 00:30:52 +0000 http://backend.userland.com/rss092 en Just a heads up for you Twitter users: A phishing attack that began striking U.S. Twitter profiles this weekend is still going strong and isn't showing any signs of letting up. As VentureBeat reports, the scam operates through a direct message reading, "Lol. this you?" Once users click on it, they're ... http://www.defendingthekingdom.com/archives/twitter-attack NatWest, a UK-based bank, has a unique login page that makes it safe to sign into your online bank account even on untrusted computers. The login page makes it impossible to employ the Revised Vesik Method that is ordinarily the best way to beat keyloggers, but it more than compensates ... http://www.defendingthekingdom.com/archives/natwest-beats-the-keyloggers If you want a simple way to create, store, and use strong passwords, get Password Safe. You need only remember one password -- the master password that grants access to your password database. Making a suitable password is easy, as I've written about before. Slate has an article this month ... http://www.defendingthekingdom.com/archives/dont-settle-for-weak-passwords First, which browsers are the most common these days? Wikipedia has a useful summary of browser usage statistics collected from various sources. The summary statistics look a little off to me (even after considering the note at the bottom of the table), but you get the basic idea: Internet Explorer ... http://www.defendingthekingdom.com/archives/ie-vs-firefox-security-update Mac's don't get viruses -- everybody knows that. But is it true? It's just one of those things that the media hungry -- but security disinterested -- public has turned into an axiom. But now that OS X is garnering an increased share of the operating system market, it is increasing its ... http://www.defendingthekingdom.com/archives/macs-dont-get-viruses-right As always, a company's security is only as good as its weakest link. Often, social engineering is the easiest way in for someone who wants to steal passwords or account information. Password reset procedures are pretty bad, too ("What is the name of the street where you grew up"? Give ... http://www.defendingthekingdom.com/archives/the-weakest-link Curious about the web's most dangerous search terms? The categories with the worst maximum risk profile were lyrics keywords (26.3%) and phrases that include the word “free” (21.3%). If a consumer landed at the riskiest search page for a typical lyrics search, one of four results would be risky. What makes ... http://www.defendingthekingdom.com/archives/the-webs-most-dangerous-search-terms Any site that asks for a username and password pertaining to another site should raise red flags for you, but apparently contact scraping is getting results: Once you enter your credentials, like your [email] user name or password, the company sweeps through your contact list and sends everyone an invitation to ... http://www.defendingthekingdom.com/archives/contact-scraping Here's the story: Who among us doesn't love a good hack? After putting forth a $10,000 come-and-get-us challenge, it's possible that StrongWebmail CEO Darren Berkovitz is rethinking his stance on that. The company, which makes voice-based authentication software, dared hackers to break into Mr. Berkovitz's Web-mail account and report back details ... http://www.defendingthekingdom.com/archives/strongwebmail-hacked-after-issuing-10k-challenge If your secret question is easier to guess than your password, your password is effectively useless. From the abstract of a recent Microsoft research paper: All four of the most popular webmail providers – AOL, Google, Microsoft, and Yahoo! – rely on personal questions as the secondary authentication secrets used to ... http://www.defendingthekingdom.com/archives/whats-your-secret-question-part-iii