Fedora 18 firewall.

I upgraded to Fedora 18.  Then verified my web server was running.  Then attempted to visit this site.  I was not able to.    The problem was the new firewall daemon in Fedora 18.   Despite the config file indicating that port 80 was open for http traffic, it was not.

I had to install firewall-config.

yum install -y firewall-config

Then I used firewall-config enable traffic for port 80.  This solved the problem.

Myles Berman web site earns WhiteGate™

The Myles Berman  TopGUN DUI® web site has earned the infamous WhiteGate™ award.  Not because the site has been compromised by various exploits.  Due to the fact that the site has been this way for over six months.  Despite numerous attempts to notify the organization directly via phone and email.

Security issues at Top Gun DUI site

If you happen to be in the market for a DUI attorney, please avoid the Top Gun DUI website for now.
The site is currently the victim of a WordPress vulnerability that may cause visitors serious computer security issues, especially those using Windows.

I did not create nor do I maintain the current Top Gun DUI website.   I do periodically review my former clients’ websites.  I have made a few attempts to contact Myles L. Berman® and his staff related to this issue. So far I have not received a reply.

Adobe security issues

The Flash player and Acrobat reader have security issues again.

This vulnerability affects Flash Player 9 through Adobe Reader 9, Acrobat 9, and other Adobe products (including Photoshop CS3, PhotoShop Lightroom, Freehand MX, Fireworks) provide Flash support independent of Flash Player.

Install the 10.1 version of Flash if you need flash or uninstall flash and adobe acrobat reader.

Facebook privacy – latest oxymoron – WhiteGate™

The WhiteGate award goes to Mark Zuckerberg, the founder and CEO of Facebook.

Full article

For those that haven’t read the article, Mark Zuckerberg is referring to all of his Facebook clients as “Dumb Fu##s” for giving him the private information he requires to create an account at Facebook. This occurred when he was a student at Harvard in 2004. When he created Facebook.   This does not address the latest round of privacy erosion that Facebook is perpetrating upon it’s subscribers.

I have a simple response.

I deleted my account on Facebook.

Then I restored it and removed or modified any information I do not want publicized. It takes more effort on the part of Facebook to maintain an account that has erroneous information than it does to truncate a record in their database. It also erodes their credibility with the 3rd parties they sell the erroneous information to.

Howto: Securely remove data from a drive.

Many purported security experts believe that reformatting a computer will remove all traces of data. That is just not accurate. Drives can be formatted and reformatted and will still have files that can be easily recovered with the right tools.

There are 2 primary ways to permanently remove data from a hard drive. One is destructive and the other is not destructive.

1) Use a degausser ( powerful electron magnet ) on the drive. This renders the drive completely useless and destroys the drive permanently. This will remove the data permanently. I highly recommend method 2) instead of method 1)

2) If you have Windows XP Pro, Vista Pro, or Windows 7 Pro or higher you can wipe the data from the free spaces on a drive. The first step is to delete the files. Deleting a file does not actually remove it. It merely removes the file entry in the File Allocation Table and removes the first letter of the file name. It also frees the block or blocks of drive space that the file occupied for rewrite. Next up you would open a command prompt and type in cipher /w:C: then press enter. This process will perform a government level wipe of the free space of your C: Drive. It can take several hours for the process to complete. What this does, is overwrite all free space of the drive with 0s, then 1s, then a random hex bit. This does permanantly remove any file that has been deleted. You can also remove individual files explicitly using cipher /w:C:directorynameoffile. Once a file has been wiped using the cipher utility there is no chance that it can ever be recovered by any means. Use with caution.

Security: Buying online while wireless.

Recently there has been a lot of technical buzz from purported security experts related to e-commerce on wireless connections. Their general premise is that a wireless network is not secure, therefore any form of communication on said network is also compromised.

Hogwash and an utter lack of technical expertise abound.

The Facts:

When you connect to an e-commerce web site, such as Amazon, the encryption is performed end point to end point between your web browser and the Amazon web server. Typically this is 1024 bit encryption and does not change whether you are connected via wireless, wired, phone, or satellite. The encryption is initiated by your web browser and replied to by Amazon’s server. When either the Amazon server or your computer do not receive the correct challenge or response during any portion of the transaction, either end will terminate the transaction. The hash of the keys is never broadcast in the data stream. This is a much more complex communication than what occurs between the wireless router and your laptop. Even when you are connected via wireless, this e-commerce transaction is as secure as it will be any other place. This form of secure transaction is so secure that it takes hundreds of very powerful computers and a super computer working in unison, over 90 hours to decipher ONE word of the transaction. There was a time this transaction type was believed to be impervious by some of the same purported security experts from the beginning of the story. NO form of encryption will ever be 100% impervious. There is an algorithm devised by the master mathematician Tesla himself that will break any form of encryption. Time and the computing muscle to carry it out are all that is required. The problem is that the time it takes is often calculated in years. Which is great if you are a consumer and terrible news for the thieves that want to steal your credit card data. Your credit card is more likely to be compromised by the database of the merchant, than via your secure transaction. This can and does happen frequently. It is still a much more secure method of purchasing than when you visit a store in person.

Here are some issues related to wireless connections.

When you connect to a wireless network, the encryption options are 8 bit, 12 bit, 48 bit or in some cases 56 bit AES encryption. In relative perspective, 1024 bit encryption is approximately 18X more powerful. Some wireless networks have the encryption completely disabled. This is a fairly insecure method of communication. It can be subverted by anyone that has the technical expertise in a matter of moments using an average computer. While this is not ideal it does not impact your 1024 bit encrypted transaction in the least. What it can impact, is the security of any files you have stored on your laptop. Any time you use a wireless connection it is never as secure as a wired connection is. The price we pay for convenience.

Ideas to consider when using wireless:

Turn off file shares and file sharing.
Secure your wireless routers as well as they allow for (use WPA2 AES encryption if possible).
If you notice something odd, be wary.
Use a software firewall and updated anti-virus software on each and every computer you use.

NEVER click on a Link in your email for an e-commerce site of any type. EVER. No matter what method you are using to connect.
Always visit a secure website by manually typing in the URL by hand OR buy using a LINK you create with Passwords2GO.
It is very easy for anyone to create a phishing link that looks like the real thing. It may look exactly like the real site when you visit it.
Never leave your laptop unattended.
Be aware that video camera surveillance is everywhere. Having the best password and encryption technology is useless if the keys to the fortress can be seen by untrusted eyes through a camera and yes the camera is powerful enough to zoom in on your laptop while you are in the coffee shop.
Never use passwords like 12345 or 123456. If something is important enough to use a password, use a good long one that is hard to guess.
A good example of a strong password is something like MyS0N1s4teen as opposed to password03.

For those who need an extra level of protection:

Use a flash drive with Passwords2Go software to store all of your data that is of a sensitive nature in encrypted format.
Keep it on your person when you need to, secure it in the vault when you do not.
Use it to create and store separate unique LONG passwords for every web site you log into. Never give anyone, save your beneficiary, your master password for Passwords2GO.

Your email and bank accounts should have their passwords changed frequently and more often than your twitter or facebook accounts.
I change most of my passwords every 30 days. The more critical the data, the more frequent the password change.