Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.
Those of you who monitor traffic arriving at your home or work network are no doubt aware that your network is being constantly scanned for vulnerabilities. Brian Krebs rightly points out that much of this scanning activity is not malicious.
A hidden feature in recent versions of Firefox blocks technologies – including cookies – that would otherwise be used to track your activities on the web.
Currently, the Tracking Protection feature can only be enabled via Firefox’s hidden about:config interface. To access this interface, enter about:config in the address bar. You’ll see a large warning message. Click the I’ll be careful button to proceed. In the search box, enter privacy.trackingprotection.enabled. The setting should be listed below, along with its current value. Double-click the line of text to toggle it from false to true.
Tracking Protection doesn’t appear to block ALL cookies, just those that are associated with activity tracking. According to Mozilla’s description of the feature, the default list of blocked resources is based on information from the security provider Disconnect.
Unfortunately, there’s not much available to the user for managing the feature. There’s no easy way to list or modify the resources that will be blocked. All the user sees is a new shield icon at the extreme left end of the address bar, which you can click to see a small dialog:
Firefox Tracking Protection
There’s not much information on the dialog, and the only options available are to close the dialog or Disable protection for this site.
There is a way you can see exactly what resources are being blocked: click the Firefox menu button (the ‘hamburger’ at the right end of the toolbar), then click Developer, then Web Console. As you encounter blocked resources, they will appear in the list at the bottom of the screen. For example: “The resource at “http://www.google-analytics.com/analytics.js” was blocked because tracking protection is enabled.” Unfortunately, there’s usually lots of other information in that list as well.
By default, Tracking Protection blocks useful technologies, including at least two used on this site: Google Analytics and Feedjit. Google Analytics provides invaluable information to site managers, including how many people visit the site, when they visit, how long they stay, and so on. Feedjit is the technology powering the Live Traffic Feed in the sidebar; I’m only using it as an interesting experiment, so it’s not a big deal if it misses some users, but it’s not in any way harmful.
In the final analysis, Tracking Protection is really only useful for the truly paranoid. But if you hate the idea of anyone knowing what you’re doing on the web, you should probably be using Firefox’s Private Browsing mode.
Tracking Protection was apparently added by Mozilla in response to the fact that the Do Not Track feature is not being honoured by all trackers. A post over on VentureBeat provides additional perspective.
On Monday Google announced a new version of Chrome, 43.0.2357.81. This version does not appear to include any security fixes, but it does fix two minor display issues.
A short quiz, provided by anti-malware software maker McAfee, allows you to test your skill at identifying phishing email.
In the quiz, you are presented with ten email samples, and asked to decide whether they are phishing email.
What is phishing? From Wikipedia: “Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”
Hint: look for links in each of the sample messages. Hover your mouse over each link, and compare the address with the supposed sender. If a link points to a site that’s unrelated to the supposed sender, the email is probably not legitimate.
Up until recently, I recommended BitTorrent Sync (aka BTSync) to anyone who needed a simple way to share files between remote computers. I won’t be doing that any more.
BTSync is now out of its beta period, and the news is bad. It comes in two distinct versions: the paid version, which does what we’ve come to expect but now costs $50 per year per seat, and the free version, which is limited to ten shared folders.
BTSync Pro trial expiry message
This, despite earlier promises that functionality would not be removed from the free version. Some may argue that no actual features have been removed from the free version, but if I was running more than ten shares and suddenly some of them stopped working, it would sure seem like something was missing.
Of particular interest in the expiry message (above) is this: “Folder additions and removals will not be propagated to other devices.” I interpret this to mean that in the free version of BTSync, adding or deleting a folder in an existing share will not result in those changes being propagated to peers. If true, this makes the free version of BTSync almost entirely useless. But in my tests, it appears that folder additions and deletions are in fact still being propagated between peers. Possibly BitTorrent intended to make this change but changed their minds and didn’t update the expiry message.
In any case, while I understand that BitTorrent has the right to try to make money from their software, tricking beta users into using (and testing) your software only to break it – and ask for what is effectively ransom money to keep using it – is not going to win many customers.
I expect BTSync usage numbers to plummet sharply soon. I’ll be looking at alternatives, and if I find something good, I’ll add it here. For now, all I can do is warn everyone: don’t use BitTorrent Sync.
Numerous security vulnerabilities were addressed in the latest release of Google’s web browser, Chrome. If you use Chrome, it should update itself automatically to version 43.0.2357.65.
There were some serious problems with Firefox 38.0, and the developers pulled it from distribution almost immediately after its release.
Mozilla moved quickly to resolve these issues, and yesterday released Firefox 38.0.1, which fixes most of the problems in 38.0. One problem apparently remains unresolved: “Responsive images do not update when the enclosing viewport changes.”
Mozilla is clearly aware of the negative aspects of Digital Rights Management (DRM). Most people view DRM as needlessly intrusive at best, and an extremely flawed, greed-motivated roadblock at worst.
Knowing all this, Mozilla has been careful to tread lightly when looking at ways to implement DRM in Firefox. The web is moving towards the new HTML5 standard, and HTML5 includes DRM. Mozilla decided to move forward with DRM in Firefox, but will make it easy for users to disable DRM features, and to obtain versions of Firefox that have no DRM features at all.
This seems like a reasonable compromise. Those of us who hate DRM will be able to continue using Firefox without interference from DRM-related technologies.
Huge networks of compromised network routers form the basis of several large botnets. These botnets – described as ‘self-sustaining’ by security researchers – are only possible because routers are shipped with common, known passwords, and because users fail to change those passwords, or leave remote administration features enabled. The compromised routers are mostly used in DDoS attacks.
Users should not depend on their ISP to secure their router. There are numerous guides for improving the security of routers, but this one at HowToGeek is particularly good.
The latest version of Adobe Shockwave is 12.1.8.158, which was actually released on April 22. The release notes don’t even mention it.
You can check the version of Shockwave on your computer by going to the Windows Programs and Features control panel, where it appears as Adobe Shockwave Player. Alternatively, you can check your browser’s add-ons: in Firefox, Shockwave appears in the Plugin list as Shockwave for Director. You can also check the installed version and install the latest version on the Shockwave Player Help page.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13
