Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Tools to reduce browser-based tracking

The search engine DuckDuckGo has received a lot of attention because of its attitude towards user privacy. Unlike Google, DuckDuckGo doesn’t store your search queries. Their motto is ‘The search engine that doesn’t track you.’

Not everyone cares whether their online activities are tracked. But for those who do, DuckDuckGo’s Fix Tracking! page is an excellent source of information. Once you’ve selected your web browser, you’ll be presented with a list of tools and techniques that can help to reduce the amount of tracking that is done when you use that browser.

The Fix Tracking! page also contains a section describing Common Tracking Methods. Recommended reading.

New service from Microsoft: myBulletins

On Wednesday, Microsoft announced myBulletins: a new web-based service that allows users to keep track of updates.

The service provides a centralized view of all Microsoft bulletins that can be customized to show only products in which you are interested. The resulting list can be further searched, filtered, and sorted. Once you customize myBulletins, it’s a handy way to see all Microsoft bulletins in one place without a lot of clutter.

To use myBulletins, you need a free Microsoft account.

Stop using TrueCrypt

Before Microsoft started including whole-disk encryption in Windows (with Bitlocker in Vista), the best solution was TrueCrypt.

Now, according to its developers, TrueCrypt is no longer secure and should not be used. Development has been shut down and users are being instructed to use something else.

There is a lot of speculation about what’s going on. Recent revelations about security solutions being compromised by the NSA led one group to undertake a complete audit of TrueCrypt. It’s not much of a stretch to imagine that this audit prompted TrueCrypt’s shutdown. If the NSA inserted a back door into TrueCrypt, the software’s developers might want to keep that a secret. On the other hand, the audit continues, regardless of TrueCrypt’s status.

Anyone using TrueCrypt is strongly encouraged to switch to something else, like Bitlocker.

Atos still using email, despite CEO’s bluster

Back in 2011, the CEO of Atos expressed his frustration with the amount of time his employees were spending on email, and promised to eliminate email from the company within three years.

Fast-forward three years, and the Contact page on the Atos web site still sports email addresses. Not as easy as you thought, right? Maybe that’s because email has distinct advantages over other forms of online communication. In particular, email is far less likely to be overlooked by the recipient, than, say, a Facebook post.

Update 2022Oct14: Atos is still using email.

Stop Firefox from showing embedded media automatically

My browser of choice these days is Firefox, despite its recent problems with bloat, performance and the user interface.

I recently made a change to the way Firefox handles embedded content like Java, Flash, Shockwave and Silverlight. By default, Firefox displays embedded media automatically; when you visit a web page that contains embedded media, it plays immediately after loading.

To change this behaviour, do the following:

  1. Go to the Firefox Add-ons page. How you do this depends on the version of Firefox, but one method that always works is to enter ‘about:addons’ in the address bar.
  2. In the menu on the left, click ‘Plugins’.
  3. To the right of each listed plugin, there’s a button. Clicking that button drops down a list with these options: ‘Ask to Activate’, ‘Always Activate’ and ‘Never Activate’.
  4. Change the activation setting for each plugin. ‘Never Activate’ disables a plugin completely. ‘Always Activate’ means that the associated media will run without any user intervention (the default behaviour). ‘Ask to Activate’ will prompt the user before playing the associated media. I set the following plugins to ‘Ask to Activate’: all Java plugins, all Flash plugins, all Shockwave plugins, and all Silverlight plugins.

Once you’ve made these changes, visiting a web page that includes embedded media shows grey blocks where the media would normally appear. A link appears in the middle of each block: ‘Activate Adobe Flash’, ‘Activate Java’, etc. Clicking the ‘Activate’ link pops up a small dialog that allows you to activate the media this time only, or permanently for that particular web site.

This has several benefits:

  • Malicious code in Java, Flash and other media files no longer runs automatically when I visit sites that use them. This makes web surfing much safer.
  • Pages that contain embedded media load faster. If I decide that I want to actually watch some embedded media on a site, I only have to click the ‘Activate’ link.
  • I can now see exactly what kind of media is embedded on a web page, which is especially useful for determining the relative popularity of different kinds of media.

Internet Explorer vulnerability reported

Zero Day Initiative, a security vulnerability reporting initiative funded by HP, recently announced a vulnerability affecting Internet Explorer 8 (and possibly other versions).

The vulnerability was originally discovered and reported to Microsoft in October 2013, and confirmed by Microsoft in February 2014. Since Microsoft has not yet issued a patch, ZDI announced the vulnerability in keeping with their disclosure policy.

Anyone using Internet Explorer is strongly encouraged to install and use Microsoft EMET, which will help to mitigate this vulnerability.

Update 2014May25: Despite some reports to the contrary, Microsoft is planning to fix this vulnerability. The problem only seems to affect IE8, and no exploits have yet been seen in the wild.

Blackshades users being investigated

Krebs on Security reports that anyone who purchased the hacking toolkit known as ‘Blackshades’ should be prepared for the authorities to kick in their door and confiscate their computers.

Blackshades is “a password-stealing Trojan horse program designed to infect computers throughout the world to spy on victims through their web cameras, steal files and account information, and log victims’ key strokes.”

eBay systems hacked, users should change passwords

eBay just revealed that their systems were hacked earlier this year. Encrypted passwords and other non-financial data were stolen.

Anyone with an eBay account is strongly encouraged to change their password as soon as possible.

Oddly, when I logged into my eBay account to change my password a few hours ago, there was no mention of this breach or any warning about changing passwords. The only announcement of the breach from eBay seems to be this blog post on ebayinc.com. Ars Technica has more information about this unfortunate lapse on the part of eBay.

Update 2014May23: All the recent attention to their passwords is leading to some criticism of eBay’s password-handling procedures. Hopefully eBay will be quick to improve in this area.

Update 2014May25: Lost in all the concern about password changes is the fact that even if none of the stolen encrypted passwords are cracked, the other – unencrypted – information stolen (including eBay customer names, email addresses, physical addresses, phone numbers and dates of birth) will be very useful for anyone involved in credit card fraud and phishing efforts. And there’s not much you can do about that.