Security Woes

Crackers are always on the lookout for new chances to access your accounts, either if you’re a private / regular internet user, or a multinational corporation like Sony who recently fell victim to several attacks affecting their flagship console, the PS3, and their Playstation Network.

It began when their PS3 private keys, that sign all data transactions and operations, got public. I won’t digress here, you can find a lot of info on Google, just look for GeoHot / Sony. The latest attack to the PSN has managed a downtime of a week by the time I’m writing this, and only today Sony has come forth with a press release on this issue, as well as a FAQ, saying that all their entire PSN user base got their data compromised, including Credit Card data.

I’m yet to believe that Sony hasn’t released the full extent of the information about the attack, so for now there are three crucial steps that PSN users should follow:

 

  • If you’re using the PSN password in any other service / account, change it. Change it everywhere. You are probably using the same email address you used on the compromised PSN account.
  • Change the password of the email address you used on your PSN account.
  • Change your credit card number, or cancel the card and get a new one. If you can’t do this, be on the lookout for strange credit card transactions and never, ever, release the confirmation code to anyone. Sony states that the cc confirmation code wasn’t stored on their database.

Read the FAQ, they have more info there, but follow these three steps and when the PSN is up again, change your password for something unique, not used on any other account / service and remove your credit card number from the account.

 

Still on Security

With the advent of social networking and connected services, we’ve witnessed a lot of centralized authentication methods. It’s now usual for us to access services that use other site’s accounts to authenticate, like “Login with Facebook” or “Authorize on Twitter”.

This can be very useful because you don’t have to memorize a ton of different passwords but, if you see your Facebook, Twitter or Google account compromised, all those services using “third-party” authentication will be compromised as well… so what to do?

 

  • Use strong passwords. Having a password like your birthday date is not secure. Having your pet name, girlfriend, mom, dad, favorite actor is not secure. Any dictionary word is not secure. Use random stuff with numbers, signs, uppercase and lower case, like “1M4ecur3!?”
  • Use a password manager like 1Password for Mac or Keepass Password Safe for PC. Not only you’ll have an encrypted and organized password safe, but these apps can also generate random passwords.
  • Use HTTPS always when possible. This will encrypt your traffic to these sites. Twitter, Google, Facebook, all of them have HTTPS options, you just have to go to your account settings and turn it on. Facebook can even warn you by email and SMS when other devices accesses your account. Google has a 2 Step Authorization process for your account, using verification codes and an app for your mobile device that works like a token, giving you real-time generated verification codes.
  • Don’t use free Wi-Fi. Sure, it’s cool to use a free hotspot, but you never know who’s listening. People using free Wi-Fi are exposed to virus and password sniffing. This can happen in your neighbors unprotected Wi-Fi or even your school’s network.
  • The usual crap: use a secure OS. Mac OS X and Linux are secure by nature. If you must use Windows, turn on the system’s firewall and get another one, as well as an AntiVirus. Be sure that they’re always updated.
  • Don’t trust your passwords to anyone.

Remember, even with all these precautions you’re never totally safe.

 

Still on Squid integration with Active Directory

I wrote a post a few months ago explaining briefly how to integrate a Squid proxy with a Microsoft Windows Active Directory.

While with Windows XP and Vista the single sign on works flawlessly, with Windows 7 it needs a little tweak.

You’ll need to change your a GPO on your AD:

Computer configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

Find “Network Security: LAN MANAGER Authentication Level”
Set it to “Send LM * NTLM – use NTLMv2 session security if negotiated”

This happens because Squid uses NTLMv2 after version 2.6 but it is Negotiated NTLMv2, rather than
straight NTLMv2 (dunno why). Windows 7 refuses to negotiate by default and accepts only NTLMv2.

You might come across with other issues in some apps like having to authenticate manually, Dropbox is one example but there may be others.

As usual, do this at your own risk!