Download Squad

Microsoft disables active links in Messenger 09 to halt spread of worm

Lee Mathews — Sat, 13 Nov 2010 06:35:00 EST

The Inside Windows Live blog has announced that Microsoft has temporarily disabled active links for Windows Live Messenger (WLM) 2009 users. Its motivation: to prevent the spread of a malicious worm plaguing users of the instant messaging program. An infected user who is chatting with someone else could unknowingly send a poisoned link to other users -- who then click the link and download its malicious payload.

This is a fairly common way for infections to spread, and on a network as big as Live Messenger such worms can spread in a big hurry. Shutting down active links -- where URLs are automatically turned into clickable links in chat windows -- is a good first step, and will keep WLM 2009 users safe while Microsoft works on a permanent fix.

Not sure if you're running Live Messenger 2009? If you see the message box above on your main window, you probably are. The missing feature the message refers to is the disabled link support.

If you're running Live Messenger 2009, this might be a good time to consider upgrading to the 2011 version. WLM 2011 isn't affected by this particular worm thanks to its built-in Link Safety defenses. You can download the new version from Microsoft here as part of Windows Live Essentials 2011.

Microsoft disables active links in Messenger 09 to halt spread of worm originally appeared on Download Squad on Sat, 13 Nov 2010 06:35:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Windows Phone 7 Marketplace lets you peek at any app's source code

Vlad Bobleanta — Fri, 12 Nov 2010 10:00:00 EST

Filed under: Security, Windows Mobile, Microsoft, Mobile

It has just been discovered that it's possible to download any Windows Phone 7 XAP full application package directly from Microsoft's Marketplace server -- no need to use a Windows Phone 7 device or the Zune application. This is possible because the Zune application uses Atom XML feeds to get the applications' information, so it's fairly easy to grab a direct link to the full app package just by looking at the XML. Once you have the XAP, you can unzip it and get access to all the assets and resources that app uses. And, by using a tool such as Reflector, you may even get to peek at the app's source code. One thing of note is that the XAP can't be installed on a retail WP7 handset, although it can be used in an emulator.

It looks like Microsoft's solution to this for now is asking developers to use code obfuscation tools, such as DotFuscator, before submitting the apps into the Marketplace. Unfortunately that tool has only been out for a few days, so not many app developers have had the possibility to use it yet. Furthermore, the commercial edition of DotFuscator can be pretty expensive for those developing 99-cent apps in their basements.

The easy fix would be to have all the XAPs encrypted, but Microsoft hasn't said anything about when that will become reality -- a fix is coming, though. Until that happens, closed is apparently the new open.

[via MobileTechWorld]

Windows Phone 7 Marketplace lets you peek at any app's source code originally appeared on Download Squad on Fri, 12 Nov 2010 10:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Microsoft Security Essentials 2 Beta update brings more improvements

Lee Mathews — Wed, 10 Nov 2010 11:00:00 EST

Filed under: Security, Microsoft

Microsoft has pushed an update to Security Essentials 2, which is currently in beta testing. While there aren't a vast number of forward-facing changes, there is one important one: the re-introduction of context menu scanning. Once again, you can right-click any file on your system to quickly check it for infection with MSE.

When Security Essentials 2 is finally released, it will include heuristic abilities, which will allow it to detect malware that has not yet been added to its definition files. Symantec recently took a shot at MSE because of its dependence upon definitions, saying "Unique malware and social engineering attacks fly under the radar of traditional signature-based technology alone - which is what is employed by free security tools such as Microsoft's."

They'll no doubt be glad to know that Security Essentials 2 will be adding both behavior checking and tighter Web browser integration to its already strong defense system. MSE2 will also continue to be free, despite adding those new features.

Intrepid types can download the Security Essentials 2 beta from Microsoft Connect -- you'll need a Live account to get in, of course.

Thanks for the tip, Sean!

Microsoft Security Essentials 2 Beta update brings more improvements originally appeared on Download Squad on Wed, 10 Nov 2010 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

BlackSheep add-on detects Firesheep on your network

Jay Hathaway — Mon, 08 Nov 2010 11:30:00 EST

Filed under: Security, Utilities, Browsers

With all the hype about Firesheep, the Firefox add-on that snatches up social network login credentials over open wireless networks, security companies are starting to make anti-Firesheep measures available to the average user. BlackSheep, developed by "cloud security" firm Zscaler, is a Firefox add-on that detects the presence of Firesheep on your network.

If someone is using Firesheep, BlackSheep will trick it with a fake login cookie. When Firesheep takes BlackSheep's bait and tries to get your user information from a site using the fake values BlackSheep has been sending out, you'll get a warning that Firesheep is operating, as well as the IP address of the person using it.

Unfortunately, BlackSheep is only available for Firefox at the moment. There are other security measures you can use, though. Sebastian has posted a roundup of ways to surf securely with SSL in any browser. Even more recently, someone released a Safari extension to force Facebook to use SSL. As far as direct anti-Firesheep countermeasures go, a Windows app called Fireshepherd can also help you shut Firesheep snoopers down.

BlackSheep add-on detects Firesheep on your network originally appeared on Download Squad on Mon, 08 Nov 2010 11:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Flash Player update arrives to squash more critical security issues

Jay Hathaway — Fri, 05 Nov 2010 16:00:00 EST

Filed under: Security, Adobe

If you haven't updated your Flash Player in a while, now's the time. Adobe has fixed some critical zero-day security vulnerabilities that were reportedly already being exploited in the wild. If you're on Windows, Mac or Linux, you'll want to make sure you've updated to Adobe Flash Player 10.1.102.64. Android users will have to wait til Monday for an update.

One of the bugs fixed in this release of Flash was the CVE-2010-3654 vulnerability, which affected users of Flash, Acrobat and Adobe Reader. Adobe says the bug "could cause a crash and potentially allow an attacker to take control of the affected system." Adobe's security bulletin also admits that this vulnerability was already being actively exploited by attackers against Acrobat and Reader 9.x, but not against Flash. Those Acrobat and Reader security updates aren't coming until the week of November 15th, though.

[via Naked Security]

Flash Player update arrives to squash more critical security issues originally appeared on Download Squad on Fri, 05 Nov 2010 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Trend Micro raises a stink over Security Essentials via Windows Update

Lee Mathews — Fri, 05 Nov 2010 09:15:00 EST

Filed under: Security, Microsoft

When I wrote about Microsoft's decision to begin offering Security Essentials via Windows Update to users who didn't already have an antivirus program installed, I wondered how long it would be until someone shouted "Unfair!" I wasn't the only one, either -- ZDnet's Ed Bott had similar concerns.

This morning, Computerworld is reporting that Trend Micro -- who develop a range of antivirus and security apps -- are a little miffed at Microsoft. According to a Trend spokesperson, "Windows Update is a de facto extension of Windows, so to begin delivering software tied to updates has us concerned," she added. "Windows Update is not a choice for users, and we believe it should not be used this way."

That is, of course, not correct in the strictest sense. Yes, Windows Update is part of Windows itself -- but a user can choose to install only critical updates or disable them entirely. Security Essentials is offered under the 'recommended' header -- and even then, only to users who don't already have a similar security program installed.

Still, that may not be enough to satisfy a court. Microsoft's Jeff Smith seems confident in his company's position, stating ""By offering Security Essentials as an optional download for PCs that are unprotected, we make it easy for those who want and know they need protection, but for whatever reason have not gotten around to installing it." He adds that they're simply providing an additional way for users to download a useful program.

They're certainly not ramming it down anyone's throat -- you'll never even see the recommendation unless you click through on the Windows Update screen's miniscule text link. But what say you, readers? Will that be enough to vindicate Microsoft in court?

Trend Micro raises a stink over Security Essentials via Windows Update originally appeared on Download Squad on Fri, 05 Nov 2010 09:15:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Critical vulnerability exploited in Internet Explorer 6, 7 and 8 -- but IE9 beta is safe!

Sebastian Anthony — Thu, 04 Nov 2010 09:30:00 EST

Filed under: Security, Browsers

A new vulnerability has been found in all major releases of Internet Explorer -- 6, 7 and 8 -- and a zero-day exploit is already in the wild.

The exploit, HTML_BADEY.A, uses the vulnerability to remotely execute code. By visiting a compromised website, encrypted files are downloaded to your computer and then decrypted to become a Trojan backdoor. Little is known about what happens after that -- this might just be a proof of concept, or it might be the beginnings of a new botnet.

For administrators, the Microsoft Security Advisory for the vulnerability suggests some ways to mitigate the risk of using Internet Explorer 6, 7 and 8 until a fix is released. Alternatively, use Internet Explorer 9 -- or any other browser!

Critical vulnerability exploited in Internet Explorer 6, 7 and 8 -- but IE9 beta is safe! originally appeared on Download Squad on Thu, 04 Nov 2010 09:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Google now gives you cash if you find security vulnerabilities in their Web applications

Vlad Bobleanta — Tue, 02 Nov 2010 14:30:00 EST

Filed under: Security, Google

Google has extended its "rewards for bugs" program to its Web properties. Previously, only security vulnerabilities found in Chromium were eligible for cash rewards. Now, all Google services that are on google.com, blogger.com, orkut.com, and youtube.com are part of this initiative.

Those who report critical security issues will get a base fee of $500, which can be elevated all the way up to $3,133.7 (wondering why such a strange amount? look here). Getting the cash is conditioned, among other things, by not disclosing the issues you find to any party other than Google (prior to the fixing of the bugs). Only certain categories of bugs will qualify you for the cash reward, and most prominent among these are all sorts of XSS vulnerabilities. The full list (including "definitely excluded" categories) is available in Google's blog post on the matter.

Google now gives you cash if you find security vulnerabilities in their Web applications originally appeared on Download Squad on Tue, 02 Nov 2010 14:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Sophos Labs releases free antivirus for Mac

Lee Mathews — Tue, 02 Nov 2010 07:02:00 EST

Filed under: Security, Apple

There was a time when Mac users enjoyed "security by obscurity." Because of the much smaller number of Mac users in the world, malware authors didn't bother targeting Apple desktops and laptops. Those days are long gone, however, and new threats that put Mac users at risk are appearing all the time.

Fortunately, there are now plenty of good antivirus options for Mac users to combat the rising number of threats. The most recent addition to the mix is Sophos, which has just released the totally free Sophos Antivirus Home Edition. All the features you'd expect from a good antivirus app are there -- like realtime protection, heuristics (the ability to detect new threats for which Sophos does not have definitions), autorun defense, and quarantining.

Sophos has been a respected name in the security business for quite some time, and you certainly can't complain about the price.

Download Sophos Antivirus Home Edition for Mac

Sophos Labs releases free antivirus for Mac originally appeared on Download Squad on Tue, 02 Nov 2010 07:02:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Half of all companies will continue to use Windows XP after it retires in 2014

Sebastian Anthony — Mon, 01 Nov 2010 14:00:00 EST

Filed under: OS Updates, Security, Windows

According to a shocking report, 48% of IT administrators intend to continue running Windows XP after Microsoft officially retires it in 2014. The "IT [sector] just really, really likes the XP operating system," says Diane Hagglund, a senior analyst at Dimensional Research, reporting on the findings of a survey of 950 IT professionals. "They say it's just that good, and don't want to mess with it."

Windows XP might be really good, but its retirement in April 2014 means that it will no longer be supported by Microsoft -- there will be no more security fixes. That almost half of the IT sector intends to keep Windows XP installed -- it will be 13 years old in 2014! -- can only be indicative of two things: either Windows XP really is is that good, or IT professionals are lazy.

In other news, 6% of companies have now rolled out Windows 7, as opposed to only 1% back in January. "What's really interesting here is that if you look at the numbers, they've almost exactly adopted according to plan," said Hagglund. "That's a real indicator that Windows 7 migration is going well." With almost a quarter billion copies sold in the first 12 months, and the biggest market segment -- the workplace -- about to roll over, 2011 is looking good for Microsoft.

Half of all companies will continue to use Windows XP after it retires in 2014 originally appeared on Download Squad on Mon, 01 Nov 2010 14:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Fight Firesheep with FireShepherd

Jay Hathaway — Fri, 29 Oct 2010 05:10:00 EST

Filed under: Security, Utilities, Windows

Earlier this week, a login-cookie-snooping Firefox plug-in called Firesheep rocked the Internet by letting anyone compromise your Facebook or Twitter account over a wireless network. Alarmed at Firesheep's 200,000 downloads, an Icelandic engineering student named Gunnar Sigurdsson created FireShepherd, a program that crashes Firesheep with floods of nonsense packets.

Although Firesheep was originally created to prove a point about insecure login credentials on social networks, the huge number of downloads means that it could be a security risk to everyday users. Sigurdsson compares it to "living in a house with nothing but windows." Of course, security researchers or malicious users could patch up the Firesheep flaw that FireShepherd exploits, but FireShepherd's creator has vowed to keep finding new ways to stop the snooping plug-in.

[via Forbes]

Fight Firesheep with FireShepherd originally appeared on Download Squad on Fri, 29 Oct 2010 05:10:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

New zero-day vulnerabilities found in Adobe Flash, Reader, and Acrobat

Vlad Bobleanta — Thu, 28 Oct 2010 14:45:00 EST

Filed under: Security, Adobe

Adobe has found a new critical zero-day vulnerability in Flash, Reader and Acrobat. This can be exploited to run malicious code on the victims' computers.

Affected are Flash Player 10.1.85.3 and earlier on Windows, Mac, Linux and Solaris; Flash Player 10.1.95.2 and earlier for Android; Adobe Reader 9.4 and earlier 9.x versions for Windows, Mac and Unix-based operating systems; Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Mac.

Adobe is working to patch this vulnerability and is hoping to have an updated version of Flash for Windows, Mac, Linux and Android by November 9. Updates (that will include the patch) for Adobe Reader and Acrobat are expected during the week of November 15 for Windows and Mac OS X.

Unfortunately, this will no doubt prove to be a popular attack vector for malware authors until the updates arrive. Hopefully Adobe will respond more quickly to such cases in the future.

[via Sophos]

New zero-day vulnerabilities found in Adobe Flash, Reader, and Acrobat originally appeared on Download Squad on Thu, 28 Oct 2010 14:45:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Prey for Android is an open-source anti-theft service

Sebastian Anthony — Thu, 28 Oct 2010 14:15:00 EST

Filed under: Security, Utilities, Android

There are two ways of looking at geolocation and other tracking technologies. There are those that decry the Information Dynasty, that abhor the idea of sharing your location with the godless monstrosities of Facebook and Google -- and then you have the diametric opposite: sharing is good, information is knowledge, knowledge is wisdom, Google is God.

But both schools are missing the point: data is useful. It is simply how you use it that matters. It might not seem apparent as a marketing-bombarded, social media munching consumer, but there is a mid-ground between giving Facebook all or none of your data. The danger with Facebook and other omnipresent Compu-Global-Hyper-Mega-Net corporations is that you never really know how your information will be used: you sign up to chat to your friends, and before you know it, your data is being used by countless other services.

There is a way out, though, if you're looking for that fabled mid-ground -- it's counterintuitive, going against everything we've been taught in the last decade, but it works. You simply have to use services that do just one thing -- no feature creep, bloat, or third-party integrations -- just one thing.

Which brings me onto Prey, an open-source and cross-platform anti-theft tool that lets you track your mobile phone or laptop at all times. It's free to use, there are pro accounts for large companies, and you can even set it up on your own servers if you like.

Continue reading Prey for Android is an open-source anti-theft service

Prey for Android is an open-source anti-theft service originally appeared on Download Squad on Thu, 28 Oct 2010 14:15:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Prey tracks stolen Windows, Mac or Linux laptops, or Android smartphones, for free

Lee Mathews — Thu, 28 Oct 2010 14:00:00 EST

Filed under: Security, Open Source

Looking for an inexpensive -- or better yet, free -- way to track your laptop or Android smartphone in the event it gets stolen? Check out Prey, an open source project that offers multi-OS tracking, reporting -- and countermeasures!

Just download the Prey client software, install, and register an account -- you'll need one in order to be able to access the service's Web-based control panel. Prey can collect a ton of valuable information from your device should it go missing, like:

its MAC address and current IP
nearby wireless access points
session activity, including screenshots of the active desktop
detailed hardware information, including serial number(s)
geolocation data via GPS or Wi-Fi
a webcam (or front-facing camera) image

Continue reading Prey tracks stolen Windows, Mac or Linux laptops, or Android smartphones, for free

Prey tracks stolen Windows, Mac or Linux laptops, or Android smartphones, for free originally appeared on Download Squad on Thu, 28 Oct 2010 14:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Cross-platform Boonana Trojan can infect Mac OS X through Java

Samuel Gibbs — Thu, 28 Oct 2010 09:00:00 EST

Filed under: Security, Macintosh, Apple

Bad news for Mac users -- a cross-platform Trojan that can infect the OS is currently being tracked, masquerading as a video. Boonana, official designation 'trojan.osx.boonana.a,' or 'OSX/Koobface.A' depending on who you want to go with, is being spread across Facebook and other social networks with the old 'Is this you in this video?' ploy. Appearing on people's Facebook pages, the link launches a Java applet that then downloads and runs an installer for the Trojan.

While it's not news that there's another Trojan on the loose for Windows, not much in the way of malware can infect Apple's often touted as secure, desktop operating system or Linux. Of course to actually install the Trojan on OS X, users will have to enter their password to authorize the installer, something that you should never do if you haven't run something intentionally yourself. As with all social engineering like this, users could blindly enter their password, thinking it's for a video. Once on the machine, Boonana runs in the background, reporting back system information and trying to spread itself via the unfortunate user's email account.

It's an interesting and rather worrying precedent to set, with cross-platform infection using Java. Apple's recently taken the decision to stop pre-installing Java with OSX due to security concerns over out-dated versions. But let's hope that this kind of thing doesn't become the norm, and for the meantime at least, be careful what you click on and trust, even if you're a Mac or Linux user.

[Via CNet]

Cross-platform Boonana Trojan can infect Mac OS X through Java originally appeared on Download Squad on Thu, 28 Oct 2010 09:00:00 EST. Please see our terms for use of feeds.

Read | Read | Permalink | Email this | Comments

Russia to develop Linux-based Windows alternative to reduce its US tech dependence

Sebastian Anthony — Thu, 28 Oct 2010 08:30:00 EST

Filed under: OS Updates, Security

In a move to decrease Russia's dependence on American technology, the Russian government has announced plans to develop a state-sponsored national operating system. Shifting away from Windows would mean both money savings for Russia, and increased digital security.

150 million rubles (5 million dollars) have been set aside to create an operating system that will be based on Linux. It's not yet known whether this national distro will be built from scratch, or simply a branch of a popular distro like Ubuntu. Speaking to AFP, Russian politician Ilya Ponomarev said "The devil is in the details," and that a meeting to decide the exact specifications of this new operating system would occur in December.

This move is a sign that Europe and Asia continue to be unnerved by the US-dominated technology industry. The last few years have seen a massive shift towards open-source software across Europe and Asia, and also a marked increase in the activity of European and Chinese space agencies.

Russia [System operates you!] won't be the first country to work on a national operating system either: China's Red Flag Linux first appeared back in 1999, and only last week India announced its plans to build a proprietary, hyper-secure operating system.

Russia to develop Linux-based Windows alternative to reduce its US tech dependence originally appeared on Download Squad on Thu, 28 Oct 2010 08:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Microsoft Security Essentials now offered via Windows Update

Lee Mathews — Wed, 27 Oct 2010 18:10:00 EST

Filed under: Security, Microsoft

We're big fans of Microsoft Security Essentials -- it's lightweight, free, and offers malware protection that's every bit as good as (if not better than) more recognized names like Norton and McAfee (quit giggling, DS regulars...). Today, Microsoft has begun offering Security Essentials as an optional install via Windows Update.

Like Live Essentials and the Windows 7 Language Packs, users can now opt-in to load MSE on their Windows system. The update notification beckons small office users as well, offering a reminder that Security Essentials is free for them to use, too -- as long as they have 10 systems or fewer.

Microsoft Security Essentials now offered via Windows Update originally appeared on Download Squad on Wed, 27 Oct 2010 18:10:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Panda Cloud Antivirus 1.3 adds Web and URL scanning, nixes the nag screens

Lee Mathews — Wed, 27 Oct 2010 15:30:00 EST

Filed under: Security

Panda launched their lightweight Cloud Antivirus app just under a year ago, and it's already received a number of significant updates and improvements. Today, they're announcing the release of Cloud Antivirus 1.3 -- and a few more cool feature additions.

Probably the most significant addition is Cloud AV's ability to filter malicious URLs and websites -- regardless of which browser you're using. Using the Web filter does require installing a toolbar, but that's a trade-off some of your less security-minded friends and family might be willing to make.

Other changes include improvements to Cloud AV's behavioral and blocking rules, which Panda now updates on the fly. Cloud Antivirus also now updates all of its rules and even installs program updates without requiring user interaction. The icing on the v1.3 cake is Panda's decision to remove the nag screens.

Now, I'm not one to complain too much about a free antivirus program that pops up the odd banner advertising a company's paid products... but if Panda's willing to get rid of the nags in Cloud AV, that's just fine with me. You will still see a promotional pop-up for the pro version during the install process, but according to the official blog post that's all, folks.

Panda Cloud Antivirus 1.3 adds Web and URL scanning, nixes the nag screens originally appeared on Download Squad on Wed, 27 Oct 2010 15:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Idiocy auto-hacks Twitter accounts on public Wi-Fi, warns the owners about Firesheep

Jay Hathaway — Wed, 27 Oct 2010 12:06:00 EST

Filed under: Security, Utilities

The geek community has been buzzing about Firesheep, a Firefox add-on that grabs Facebook and Twitter login cookies from any public Wi-Fi network, and uses them to log into others' accounts. Not everyone at the local coffee shop will have heard about Firesheep, though ... and that's where Idiocy comes in. Idiocy is a bit of code you can run that will use Firesheep to automatically break into any Twitter account that sends an insecure login cookie over your wireless network.

Once it's grabbed someone's login credentials, Idiocy will post a tweet from their account, warning them that they've been compromised and linking to a page about Firesheep and how to secure your account against it. It sounds malicious, but Idiocy is more like a public service than anything else. Sure, the tech blogs and Twitter buzz about Firesheep should be enough to convince people to use HTTPS when they log into social networking sites, but some people just don't get the picture until it affects them personally.

The moral of the story is that, unless you want someone maliciously using Firesheep on you, or using Idiocy on you for your own good, you should consider taking five minutes for some quick security fixes.

Idiocy auto-hacks Twitter accounts on public Wi-Fi, warns the owners about Firesheep originally appeared on Download Squad on Wed, 27 Oct 2010 12:06:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Defend against Firesheep by surfing securely with HTTPS

Sebastian Anthony — Wed, 27 Oct 2010 11:00:00 EST

Filed under: Security, Browsers

The last couple of days have seen the launch and explosive proliferation of a Firefox add-on called Firesheep. It's an incredibly simple program that snoops unsecured Wi-Fi packets to grant you one-click masquerading of other users: if you log into Facebook at the local coffee shop, someone can use Firesheep to become you. Seriously, you can go along to any location with an unsecured Wi-Fi network and steal other users' accounts.

Firesheep does this by 'scooping' cookies out of the air. Whenever you log into a website your name and password is only sent once -- afterwards, a stored authorization token is used. This means that if someone has your cookie they can pretend to be you -- and with unsecured wireless networks, anyone can grab your cookie.

This is a huge issue, and you have every right to be concerned -- but there is a solution!

Hopefully you've all heard about SSL and HTTPS, the encryption techniques used to secure Internet communications. The 'secure padlock' icon in your browser is most commonly found when buying things online, but most major sites also use it to secure login and registration. If you see this padlock, you are safe. If you could browse the entire Internet with that secure padlock in place then I wouldn't be writing this post.

Unfortunately, many sites redirect you to an unsecured page after you log in. Yes, your password remains secret -- but what good is that if your exposed cookie can be stolen by anyone on the same unsecured Wi-Fi network?

Fortunately, there are a few solutions for Firefox, and at least one good solution for every other browser.

Continue reading Defend against Firesheep by surfing securely with HTTPS

Defend against Firesheep by surfing securely with HTTPS originally appeared on Download Squad on Wed, 27 Oct 2010 11:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments