Open source software security

Do Not Track

Mozilla and Microsoft are teaming up in a rare show of joint purpose, pushing out aggressive "Do not track" features in the latest versions of their browsers. This feature allows users to set a configuration option and requests to websites from the browsers will carry an additional header letting the site owners know that users don't want to be tracked. Currently there isn't any widely adopted way that sites are responding to this information, but it could become a feasible way to stop tracking by aggressive advertisers.

Yet Another Reason

Yesterday I was alerted to yet another reason why I don't trust my mobile platform. Even though I use Google Android, which is "open source" and even though I consider my self relatively privacy aware, an article in Tech Republic points out that Google is storing the keys to my wireless access points. These keys are the equivalent to passwords for these access points.

FEC Data Ripe for Mining

The US Federal Election Commission (http://www.fec.gov) is a government body set up to, among other things, monitor campaign contributions. From a hacker or social engineer's perspective, the fact that the data collected is made public is sheer gold.

GPG Key

justin@madirish.net GPG key

Undeniable Deniable Filesystems

In a new paper published on Bruce Schneier's website (http://www.schneier.com/paper-truecrypt-dfs.pdf), researchers examine deniable file systems (DFS). The paper specifically focuses on DFS as implemented by TrueCrypt 5.1 and finds several severe limitations imposed upon DFS by regular data usage.

Identity Protection

If you've ever done a Google search for your name you'll be shocked at how much information comes up. There are customer profiles on commerce websites, your profile on social networking sites, heck, perhaps even the deed transfer information from when you bought your house. Of course, we all want our friends to be able to find us online, but often times too much information about who we are gets leaked onto the internet. I'm fine with people finding my e-mail address, but finding out where I work, where I live, my phone number and my Amazon wish list is a little too much for me. There are even new sites like http://pipl.com that do deep searching and pull all these details our for any casual searcher.

Protecting Your Data During Computer Disposal

There often comes a time when you wish to get rid of older computer hardware. Sometimes you're getting a new computer, sometimes you're just buying a new hard drive, but whatever the reason, you should stop and pause before simply tossing your old hard drive or selling your computer online. Depending on your usage habits your hard drive could contain lots of sensitive personal and financial information. You should take steps to destroy that data before letting anyone else get a hold of your hard drive.

GnuPG on Windows

GPG is the free, open source alternative to proprietary PGP encryption. It is easy to use and just as secure. Installing GPG on Windows allows you to encrypt files and emails as well as letting you examine and apply digital signatures.

Open Source USB Key Encryption Techniques

After I bought a new USB key I began to think about possible ways to keep my data safe. Since USB keys are small and easily misplaced, lost, or stolen I wanted to be sure that if my key did go missing that any private data would stay secure. I also wanted to make sure to use open source tools since they are cheaper (free) and more sustainable over time since they use open formats.

Web Bugs in Hot Teen Action!

Graphic descriptions of web bugs in hot online action for your pleasure! A discussion of what web bugs are, how they function, and what you can do to protect yourself against these pervasive threats to your privacy.

Fun with Web Bugs

Just a quick little program that allows you to fire off raw commands to remote SMTP servers and facilitates composition of HTML email.

PGP on Windows Tutorial

How to get started using PGP - Pretty Good Privacy. This encryption software lets you send and recieve secure email, encrypt local files on your system, and decrypt PGP messages from other people.

Anatomy of Web Bugs

Web bugs are tracking tools used by HTML to track hits via server requests. They are almost ubiquitous in HTML spam, which is why you should use a text email reader. Article covers how web bugs work and how to use them.