Security | The OS Quest

You are here: > Archives for Security

Field Notes: Google Two-Factor Authentication

Written by ray on August 14, 2012

There’s been a lot of discussion recently about GMail’s two-factor authentication thanks to the Matt Honan hack publicity. I’ve been using it awhile and figured I’d share my thoughts and experiences. I had been using it for an account that I just used for email so it wasn’t much of a hassle. But I recently added it to a second Google account and it’s been more of a hassle. It’s probably needed more on this account, since it’s used for more than just email so I’ve kept it enabled. In [...] Read the rest »

LastPass: Still My Choice

Written by ray on May 5, 2011

LastPass - despite the recent dust-up with LastPass it's still my Read the rest »

Security: DLL Search order Vulnerability

Written by ray on September 25, 2010

This is a little old, reported about a month ago, but I’m just getting around to patching it and Microsoft isn't. The “Insecure Library Loading Could Allow Remote Code Execution” vulnerability was announced by Microsoft back in late August in bulletin 2269637. Unfortunately Microsoft has not rolled out a patch with their normal patch rollouts. Probably because of the potential to break apps. They did publishknowledge base article 2264107 which has a workaround to the problem. Read the rest »

TrueCrypt: Full Disk Encryption

Written by ray on September 22, 2010

After seeing how easy TrueCrypt worked when I used it to encrypt files (or more accurately, create a encrypted container to hold files) I decided to give full disk encryption a try on my new Dell Inspiron laptop. I was planning to take the laptop on my vacation trip and wanted to encrypt the data. The laptop was new and not a critical part of my workflow so if full disk encryption cratered the laptop, requiring a rebuild, it could wait until after my trip without causing any serious problems. Read the rest »

TrueCrypt 7.0–Install & Encrypt USB Flash Drive

Written by ray on September 20, 2010

With the arrival if my new Dell Inspiron laptop just before some planned vacation travel I decided to try out disk encryption. My plan was to encrypt a USB drive and add an encrypted container for files on my laptop. Using Windows Bitlocker would have required upgrading to a more expensive version of Windows 7 so I went with the free Open Source TrueCrypt. In addition to being Open Source, it’s also cross-platform and runs on Windows, OS X and Linux. Read the rest »

WordPress – The Windows of the Internet

Written by ray on September 7, 2009

It’s been widely reported that sites running the standalone version of WordPress are under “attack” and vulnerabilities are being exploited to insert malicious code into the site. I couldn’t help but notice similarities to Microsoft Windows. While WordPress may not have the same market share as Windows it does have greater mindshare than any other single publishing platform. (OK, I don’t have the stats to back that up so maybe I’m wrong.) There’s even a major hosting company that specifically promotes WordPress standalone hosting. So like Windows, which comes pre-installed [...] Read the rest »

WordPress Administration Over SSL

Written by ray on April 21, 2009

Since this is my third straight WordPress related post it’s probably obvious that I spent some time digging into WordPress this weekend. This feature (WordPress Administration over SSL) has been in WordPress awhile and was available via plugins for some time before that. Administration over SSL encrypts the traffic between the browser and the server so no one can look in on your traffic. In the case of WordPress this means no one can pluck your password off the network. Without SSL your password is in clear text and can [...] Read the rest »

Microsoft Security Updates for July 2008

Written by ray on July 8, 2008

Microsoft has released four security bulletins for July 2008, two of which are for desktops. MS08-038 addresses a vulnerability in Windows Explorer and is for Windows Vista and carries an “important” rating. The update includes the original Vista, Vista SP1 and Vista x64. MS08-037 addresses a vulnerability in DNS and is for Windows 2000 SP4, Windows XP SP2 & SP3, and Windows XP x64 original release & SP2. it’s rated as “important”. [Updated: This patch is part of a coordinated, multi-vendor DNS patch.] These patches, and the others, also affect [...] Read the rest »

Microsoft Security Bulletins for April 2008

Written by ray on April 11, 2008

Another "Super Tuesday" patched this week but I just got around to firing up my Windows VM’s today (actually it’s been about 12 days since I’ve been in Windows). There were ten updates waiting for me on Windows Vista and eight on Windows XP Home, although not all were security related. This month’s updates included: KB945553 (MS08-020) – Vulnerability in DNS client could allow spoofing. This is rated as "Important" for all supported desktop OS’s except Windows Vista SP1, which doesn’t need the update. KB948590 (MS08-021) – Vulnerability in GDI [...] Read the rest »

Microsoft Security Bulletins for March 2008

Written by ray on March 11, 2008

Microsoft has released 4 security bulletins for March. All are for Office products and all are rated critical for one or more of the affected products. There weren’t any OS or IE updates this month. Since I don’t run any Office products I didn’t install any Microsoft updates this month, but these were the updates: MS08-014 is a security update that patches several vulnerabilities in Microsoft Excel. Microsoft Excel 2003 Service Pack 3 and Microsoft Excel 2007 Service Pack 1 are not affected but other versions of Excel are vulnerable. [...] Read the rest »