Security/Privacy

Outlook and Outlook Express Users Want to Reply to Digitally Signed E-mail

You are probably reading this post because you are an Outlook or Outlook Express user and you tried to reply to a digitally signed e-mail from me. The result was a warning/error notice stating, "You cannot send digitally signed messages because you do not have a digital ID for this account." or some such thing. You are receiving this notice because Microsoft made a mistake in the default configuration settings when it packaged Outlook and Outlook Express for distribution.

Accounts everywhere!

I've been thinking about all the Internet sites that I've created an account on for one reason or another. It has to be in the hundreds. Of those sites I wonder how many of them would let me delete my account completely. Very few I bet. Probably the most universal method of deleting my account--at a site I no longer want to have a relationship with and does not offer a "delete me" mechanism--is to poison the account with bogus information. I could change all the information about me to false information and, if allowed, change my e-mail address to something bogus as well. I guess I'd have to read the terms of use policies but isn't this my account?

Change your e-mail password

When was the last time you changed your e-mail password? If you're like most people, you probably can't remember. That means it's been too long. How about some external motivation? Consider the number of Internet processes that assume you have control of your e-mail account:
  • e-commerce applications
  • Web site membership enrollment processes
  • domain registration and management
  • hosting providers
What would happen if a bad guy figured out your e-mail password? He could change your password. But why would he do that when he could use your account at the same time as you. He could request a password change from any Web site that uses e-mail confirmations. Perhaps one of the worst things that could happen to you is to lose your domain name. Imagine if the bad guy transferred your domain name to another registrar into an account that he controlled. How much damage would that cause?

Configuring Firefox 2.x or 3.x for Increased Security

Web browsers have become the de facto client interface to Internet based applications. As we travel around the Internet, whether for pleasure or business, we find ourselves creating personal profiles for various Web sites. These profiles usually include access credentials (usernames and passwords). Good password management practice calls for many distinct passwords. But this proliferation of passwords results in the need for strong password storage.

Java Password Strength Check

How do you insure your users passwords meet required standards?
For a front end HTML solution to strong password checking see Steve's Javascript example.
On the Java server side or from the command line take a look at PasswordCheck. This code extends Steve's script onto the server side allowing pre-defined rules to determine pass or fail strength checking before the user's password is stored to the database, LDAP or other directory server. Open source licensed.

Mitigate the risks of a stolen laptop

Think about it for a second. What would you loose if someone stole your laptop (or desktop) computer? What kind of damage could be done to you with the information retrieved from your laptop? The theft of a computer brings with it all the problems associated with a failed hard drive plus the added risks of the data on the drive being out of your control and potentially used by an unauthorized person for things that are likely to impact you negatively. Risk Overview:
  • Loss of computer hardware (laptop)
  • Loss of control of stored data
    • credit card numbers

Pages