Dec 132012
 
One tactic that is commonly used to block bad websites, ad servers, click trackers and others is to add them to your local hosts file so that when your browser attempts to contact the naughty host they get directed to 127.0.0.1.  This worked well enough, and worked fine for me too.. until something changed in Firefox.  In this case Internet Explorer will try to connect and times out in about 1 second.  Firefox on the other hand takes 30+ seconds before it gives up, I’ve seen it actually try a dns query anyway.  I’m sure someone thought that would be a ‘nice feature’, however it pretty much destroys this tactic if you want to support Firefox on your internal network.
I had to find a better way. Continue reading »
Dec 072012
 

Kill the password

UPDATE: Wired article that contradicts the call to ‘kill the password’.  Much more accurate information there.

This article is wrong on so many levels it’s ridiculous. Everything he talks about in his article are problems with poor programming and security practices.  Passwords are not the problem, never have been and never will.  If you listen to him a 1024bit SSH key is vulnerable.. sure if you don’t take proper steps to secure it.  The sky if falling…auuugh!!!!!!

Here’s a particularly lame example:

Let’s say you’re on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in, info that’s easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you.

Blaming passwords on the above is.. well..just wrong… completely wrong. That’s a simple failure on the part of AOL, and YOU.  Putting all of your ‘eggs’ in one basket (in this case AOL) and tying that in with your banking..etc.. is just stupid and relying on any third party to secure your information is again.. stupid. Continue reading »