Image via Wikipedia

Via ComputerWorld.

Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft.

The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.”

Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system.

Another one of those funny-sad stories about another vulnerability in the Windows operating system. These are coming so often these days we’re becoming as inured to them as we are to Windows updates. No one reads all that stuff; we just click “approved”, “OK”, “agreed”, just do it, get it over with.

How many typical Windows users even know what the F1 key is for?

F1	Displays the Help task pane.CTRL+F1 closes and reopens the current task pane. ALT+F1 creates a chart of the data in the current range. ALT+SHIFT+F1 inserts a new worksheet. (Microsoft)

You can also press the F1 key on some computers to access the BIOS when you start your computer before Windows boots up. On other computers it’s usually F2 or Escape.

You know what I find really ironic? A lot of people have been getting after Google the last week or so over releasing Buzz to so many users without fixing some glaringly obvious (to the techies, at least) security weaknesses. And what are a vast majority of them using to express these concerns? Windows. And how many of them are using the latest release, Windows 7, with all the latest updates and drivers installed? How many acknowledge that Windows has released every version of its operating system unfinished and incomplete?  True, there are flaws that only exist because of advances in the writing of viruses and spyware. No one can anticipate every possible scenario. All I know is that I always feel more secure, more comfortable when I’m using the Mac or booted in Linux. Sadly, Buzz is especially aggravating in those systems since everything else for the most part just works. Software updates outnumber version updates by a good number.

I don’t argue that Buzz needed a beta period. Come on, Google. Everything you’ve produced up until now have been labeled beta. You even let us make Gmail say beta in the header if we want. Even if all you had done was add the now-anticipated beta label to the name, Buzz beta, you would no doubt have received a warmer reception. The critics would have had shaky grounds for criticism. Especially those criticizing from a Windows machine.

Let me give you a tip applicable to any version of Windows. It goes beyond the rather timid approach Microsoft suggests in order to avoid a single potential vulnerability. Employing the technique I’m about to share with you, you are assured of never again being at risk for any sort of vulnerability. If you want to know you are totally secure when using Windows, if you want to be invisible to viruses, free of spyware, if you want to never see another blue-screen-of-death ever again for the rest of your life;

Do not press ANY key on your keyboard. Not the F1, not the Enter key, don’t even tap the space bar.

Better yet, don’t even turn the damned thing on. Can’t get much safer from cyber threats than that.

Related articles by Zemanta

• Microsoft: Don’t press F1 key in Windows XP (computerworld.com)
• New zero-day involves IE, puts Windows XP users at risk (infoworld.com)
• New Internet Explorer Vulnerability Confirmed (ghacks.net)
• IE code execution bug can bite older Windows machines (go.theregister.com)
• Researchers find decade-old Windows flaw (v3.co.uk)
• Microsoft investigating new zero-day exploit (v3.co.uk)
• IE flaw gives hackers access to user files, Microsoft says (infoworld.com)

There are many ways that shareware developers and content providers can show disrespect and contempt for their customers. Some are the result of paranoia on the part of the developers while others are the result of laziness and/or blatant greed on their part.

One example of this I frequently encounter is the unrealistic installation limitation.

Once upon a time a family could barely afford a single computer. It wasn’t unreasonable for a shareware distributor to limit the number of computers you could install a single copy of their application on. They fairly reasoned that in the vast majority of cases the only time you would need to install multiple times was if you were letting all your friends install your copy, robbing the developers and distributors of earned income. Thus were born limits on the number of times you could install a copy of software you purchased. The most draconian of these licenses would only allow you to install one time on one computer. Less extreme licenses allowed you to create a backup copy, and family licenses, usually more expensive, allowed you to install the software on two or three other computers on a home local area network (LAN).

I would argue that software manufacturers/distributors these days need to rethink their licensing restrictions with an eye to the current reality.  In the 21st century, despite the economy, families frequently have several computers. More importantly, we are far more likely to update the operating system of our computers at least once in their lifetime. Recently we’ve seen major updates from all the big players, Microsoft with Windows 7, Macintosh with OS X Snow Leopard and several distros of Linux. For many of us these updates required a fresh installation of the OS and a re-installation of all our applications and software, at least those programs that allowed us to reinstall. No one should have to face the loss of a favorite application simply because they’ve updated their computer from XP to Vista and now to 7. “Oh sorry, you’ve exceeded the number of installations allowed under the terms of use”. Users shouldn’t be penalized for trying to keep their systems current. Personally I’ve encountered these limitations with (former) favorites like RoboForm and DFX Pro. I’m sure you can think of a few examples yourself. I don’t mind having to call and explain that I’m reinstalling on the same computer after an OS upgrade. But I resent encountering the presumption that I’m pirating software and being told I have to re-purchase the software with no other option offered.

Here’s a thought; Make your software able to read the machine address (MAC address) of the computer at installation. With every re-installation it reads the MAC address and if it’s the same (machine addresses aren’t based on the operating system) it re-installs without a fuss.

Developers need to do a better job to accommodate  their customers in the legal and reasonable use of their software. They need to quit assuming their customers are out to do nothing but take advantage of them. Every day there are more and more updated and often no-cost alternatives to pricey applications. If you want to retain your customers and encourage their loyalty treat them with respect and construct your licenses in accordance with the current realities of computer ownership. Alternatively, keep your pricing low so that I can afford to purchase a license for my desktop, laptop and netbook.

Related articles by Zemanta

• 7 reasons not to upgrade to Windows 7 (en.onsoftware.com)
• Windows 7 already bigger than Snow Leopard and Linux combined (downloadsquad.com)
• Opinion: Is Windows 7 as good as it sounds? (netnewsdaily.com)
• Netbook Linux Guide Lets You Easily Kick Windows XP To The Curb [Linux] (gizmodo.com)
• Microsoft to schools: Share a PC (news.cnet.com)

Image by juhansonin via Flickr

Users of electronics relate to their devices through a graphic user interface, or GUI. The iPhone and iPod Touch have received a lot of accolades for their revolutionary user interface. Some users buy their phones based largely on the user interface. Whether your computer runs Windows, Linux or Macintosh, most of your interaction with your computer is through the graphic user interface (desktop).

When an operating system is upgraded, the most noticed features involve the GUI. Apple is famous for their GUI. Microsoft has for years been playing catch-up with Apple over the user interface. Linux users are flocking to Ubuntu, primarily due to its friendly and functional user interface. We have recently seen new releases of Mac’s OS X, Windows 7 and Ubuntu 9.10, all of which focused on a better experience for the user by improvements to the GUI.

At the same time many of us “geeks” continue to complain about the number of “clueless users”, computer owners who don’t understand much about their computer beyond the user interface. It’s a situation akin to the car owner who knows how to drive the car but has no idea what goes on under the hood, no clue as to how to add oil or change the filters. People who mistake the desktop for their computer or AOL for the internet are the stock of many in-jokes in the IT world. Many of us who have worked help desks shake our heads at the stories we’ve heard. We think it’s a shame that more people aren’t interested in the inner workings of their computers or that more don’t take an interest in the amazing things a user can accomplish from the command line.

I suspect that in the interest of making computers “user friendly” we’ve created a situation in which people don’t have to learn much about their own computers. GUIs are so easy to navigate there’s hardly a need to delve further into commands, scripts and other advanced functions.

Even when the effort is made to get users to think more about their computer’s functioning it’s often unappreciated. With Windows Vista Microsoft introduced the User Account Control (UAC), an effort to alert users when a program or website attempted to make changes to their system. The unintended result was that either users disabled UAC altogether or became jaded and clicked “approve” without reading the content of the warning. This attempt to create more aware users failed, so much so that in Windows 7 Microsoft grants us the ability to restrict the UAC notices that pop up.

Many computer users want to be just that, users. They have no interest in knowing why things happen on their computers, they just want them to work the way they need them to work. The inability of legacy apps to run on newer systems, their inability to make their 1999 printer work with their 2009 operating system simply frustrates them as there’s no “fix this problem” icon on the desktop. It’s doubly frustrating to those of us who try to help them by explaining why the system is failing them. They don’t want to know, they just want it to work.

Maybe if GUIs were a bit less intuitive, maybe if computer interrfaces required their user to understand a bit more about why problems occur and what can be done to remedy them  we’d have fewer “clueless users”.

Of course there would also be less need for us geeks.

Related articles by Zemanta

• Microsoft admits Mac was Windows 7 muse (theregister.co.uk)
• Windows 7 Was ‘Inspired By Mac’ ? No, No Says Microsoft! (lockergnome.com)
• Windows 7 Usage Outpaces Vista, Closes In on Mac (blogs.wsj.com)
• Windows 8 wish list (lockergnome.com)

Image by inane_spiel via Flickr

Now and then I hear someone brag that they don’t use anti-virus software. “I never visit ‘bad’ websites, I don’t file share and I don’t ever view porn. Why should I bother with software that can slow my machine down?”

I’m not sure how they convince themselves their computers aren’t already compromized. After all, they can’t run a virus scan without installing an anti-virus application. They could use an on-line virus scan I suppose, but can they trust that to scan every folder and file on their machine?

It’s not so much what a virus might do to your own computer. If you got a virus that only afflicted your personal computer, no one else would have a worry. It’s the fact that many viruses only use an infected machine to reach out through email and shared files to infect other machines that concerns the rest of us. We don’t want your lax security to result in our computer getting infected.

Now there’s an even better reason to encourage everyone you know to install and use an effective anti-virus solution. Failing to do so could ruin your reputation.

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.

Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it’s your reputation that’s stolen.

Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they’ll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.

An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.

Their situations are complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement.

“It’s an example of the old `dog ate my homework’ excuse,” says Phil Malone, director of the Cyberlaw Clinic at Harvard’s Berkman Center for Internet & Society. “The problem is, sometimes the dog does eat your homework.”

One case involved Michael Fiola, a former investigator with the Massachusetts agency that oversees workers’ compensation.

In 2007, Fiola’s bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4 1/2 times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online.

Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends.

Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.

An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute — an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.

Prosecutors performed another test and confirmed the defense findings. The charge was dropped — 11 months after it was filed.

The Fiolas say they have health problems from the stress of the case. They say they’ve talked to dozens of lawyers but can’t get one to sue the state, because of a cap on the amount they can recover.

“It ruined my life, my wife’s life and my family’s life,” he says.

At any moment, about 20 million of the estimated 1 billion Internet-connected PCs worldwide are infected with viruses that could give hackers full control, according to security software maker F-Secure Corp. Computers often get infected when people open e-mail attachments from unknown sources or visit a malicious Web page.

Pedophiles can tap viruses in several ways. The simplest is to force someone else’s computer to surf child porn sites, collecting images along the way. Or a computer can be made into a warehouse for pictures and videos that can be viewed remotely when the PC is online.

In the first publicly known cases of individuals being victimized, two men in the United Kingdom were cleared in 2003 after viruses were shown to have been responsible for the child porn on their PCs.

In one case, an infected e-mail or pop-up ad poisoned a defense contractor’s PC and downloaded the offensive pictures.

In the other, a virus changed the home page on a man’s Web browser to display child porn, a discovery made by his 7-year-old daughter. The man spent more than a week in jail and three months in a halfway house, and lost custody of his daughter.

Chris Watts, a computer examiner in Britain, says he helped clear a hotel manager whose co-workers found child porn on the PC they shared with him.

Watts found that while surfing the Internet for ways to play computer games without paying for them, the manager had visited a site for pirated software. It redirected visitors to child porn sites if they were inactive for a certain period.

(Source-mail.com)

No anti-virus program is 100% effective. While it’s not recommended to have more than one AV application running at the same time, you can add a layer of protection to your AV regime with an application like WinPatrol or ThreatFire.  Apps like these will alert you should any rogue program or virus attempt to change system settings or infect your registry. You should also make sure to keep your AV software updated and run frequent scans.

Related articles by Zemanta

• Being Framed for Child Porn… by PC Virus (abcnews.go.com)
• AP IMPACT: Framed for child porn _ by a PC virus (seattletimes.nwsource.com)
• Con Artists Making Millions With Scareware Software (shoppingblog.com)
• Online Banking Passwords at Risk – Chances to Fight it…SLIM and NONE! (pindebit.blogspot.com)
• Fake security software ‘installed on millions of PCs’ (telegraph.co.uk)
• Five Best Antivirus Applications [Hive Five] (lifehacker.com)
• Microsoft Security Essentials – Free Anti Virus Protection Available for Download (ducknetweb.blogspot.com)

Hotmail users aren’t the only ones who’ve been hit by a phishing scheme over the past week. Google told BBC News on Tuesday that Gmail users have also been affected by the hackers who posted passwords online.

The problem is far more widespread than was disclosed on Monday, possibly affecting Yahoo and AOL e-mail accounts as well, according to BBC News.

Google described the issue as an “industrywide phishing scheme.” BBC News said it has seen two lists posted online with “more than 30,000 names and passwords” from Gmail, Yahoo, AOL, Microsoft’s Windows Live Hotmail, and other service providers.

The representative said that Google immediately “forced passwords resets on the affected accounts.”

In an e-mail to CNET, a Google representative said that the company had to reset the passwords on fewer than 500 Gmail accounts so far. However, that figure could change.

Despite Google’s and Microsoft’s awareness of the problem, it doesn’t seem that users are out of the woods just yet. Google’s representative told CNET that it will continue to force password resets on any newly affected user accounts.

Like Microsoft, Google was quick to point out to the BBC that the phishing scheme was a “scam to get users to give away their personal information to hackers” and not an internal security issue. It didn’t say how users fell victim to the scheme. (Source-cnet.com)

With all these phishing attacks hitting the major players in the world of email, Google is offering their own suggestions on what users can do to improve their passwords.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger.

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it’s no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It’s a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don’t use the actual words of the site. If it’s a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be “How much money do I have?” and the password could be “#m$d1H4ve?” (Note: since we’re using them here, please don’t adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” or sequential patterns such as “abcd1234.” Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That’s over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

Problem 3: Using passwords based on personal data
We all share information about ourselves with our friends and coworkers. The names of your spouse, children, or pets aren’t usually all that secret, so it doesn’t make sense to use them as your passwords. You should also stay away from birth dates, phone numbers, or addresses.

Solution 3: Create a password that’s hard for others to guess
Choose a combination of letters, numbers, or symbols to create a unique password that’s unrelated to your personal information. Or, select a random word or phrase, and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as “sPo0kyh@ll0w3En”).

Problem 4: Writing down your password and storing it in an unsecured place
Some of us have enough online accounts that we may need to write our passwords down somewhere, at least until we’ve learned them well.

Solution 4: Keep your password reminders in a secret place that isn’t easily visible
Don’t leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. Also, if you decide to save your passwords in a file on your computer, create a unique name for the file so people don’t know what’s inside. Avoid naming the file “my passwords” or something else obvious.

Problem 5: Recalling your password
When choosing smart passwords like these, it can often be more difficult to remember your password when you try to sign in to a site you haven’t visited in a while. To get around this problem, many websites will offer you the option to either send a password-reset link to your email address or answer a security question.

Solution 5: Make sure your password recovery options are up-to-date and secure
You should always make sure you have an up-to-date email address on file for each account you have, so that if you need to send a password reset email it goes to the right place.

Many websites will ask you to choose a question to verify your identity if you ever forget your password. If you’re able to create your own question, try to come up with a question that has an answer only you would know. The answer shouldn’t be something that someone can guess by scanning information you’ve posted online in social networking profiles, blogs, and other places.

If you’re asked to choose a question from a list of options, such as the city where you were born, you should be aware that these questions are likely to be less secure. Try to find a way to make your answer unique — you can do this by using some of the tips above, or by creating a convention where you always add a symbol after the 2nd character in the answer (e.g. in@dianapolis) — so that even if someone guesses the answer, they won’t know how to enter it properly. (Source-The Official Gmail Blog)

Related articles by Zemanta

• eMail Accounts Compromised in Massive Attack (pindebit.blogspot.com)
• Guess what: Code sharing sites being used to share emails and passwords ALL year round (thenextweb.com)
• Hacked email accounts affect thousands (thestar.com)
• 20,000+ Gmail, Yahoo, AOL Accounts Compromised [ALERT] (mashable.com)
• Password Scam Widens To Google And Yahoo (news.sky.com)
• Are those Hotmail users really victims? (timesonline.typepad.com)
• Latest tally: 30,000+ hacked e-mail accounts (seattlepi.com)
• Most Common Hotmail Password Revealed! (wired.com)

Microsoft today confirmed that thousands of Windows Live Hotmail account usernames and passwords had leaked to the Internet, but said the credentials were “likely” stolen in a phishing attack.The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part.

Earlier today, Neowin.net reported that more than 10,000 accounts had been compromised and speculated that Hotmail had either suffered a breach or an aggressive phishing campaign had collected the usernames and passwords by duping people into divulging the information.

Microsoft did acknowledge that Hotmail accounts had been compromised. “Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme,” the same spokeswoman added.

Both Microsoft and Jevans recommended that all Hotmail users change their passwords, just in case. “Change it, ASAP,” urged Jevans. (Source-ComputerWorld)

If you’d rather be safe than sorry, take 2 minutes and change your Hotmail password right now.

Related articles by Zemanta

• The “Hotmail” Evolution (techpluto.com)
• WARNING: New Twitter worm rofl this you on here phishing attack (ceoworld.biz)
• WARNING: Twitter Worm Spreading via Direct Messages (mashable.com)
• Twitter Spam: Phishing Scam Steals Twitter Passwords (huffingtonpost.com)

When it comes to creating and using passwords, just about every security expert will tell you that strong, complex passwords are the safest.

A strong password is a password that meets the following guidelines:

• Be seven or fourteen characters long, due to the way in which encryption works. For obvious reasons, fourteen characters are preferable.
• Contain both uppercase and lowercase letters.
• Contain numbers.
• Contain symbols, such as ` ! ” ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | \ < , > . ? /
• Contain a symbol in the second, third, fourth, fifth or sixth position (due to the way in which encryption works).
• Not resemble any of your previous passwords.
• Not be your name, your friend’s or family member’s name, or your login.
• Not be a dictionary word or common name.(Source-StrongPasswordGenerator)

You can download applications or access online password generators that will help you compose a strong password. But what if you aren’t using your own computer, are alternating between Windows, Linux and Mac or can’t easily remember a password like “u65;+8)7VL83w)“? The site linked to above suggests the following mnemonic to help remember that password: “usher 6 5 ; + 8 ) 7 VIRGIN LAPTOP 8 3 weather )”. Sure, that looks like an easy thing to remember.

What I’d like to suggest is developing a fairly strong but easy to remember core password which gets customized for each site you need it for, making it unique and far stronger than the core password.

For this method you can use a core password that doesn’t meet the above criteria. As an example, I’m going to use a core password that consists of my age, initials and my birthdate. (Note, all of this information is easily obtainable and thus is not good for a password in itself. This is not a password I use anywhere.)

I want my core password to be 55JEC02031954. I can easily remember that. Since I still can’t believe I’m 55, I’m going to insert an exclamation point after my age, and a pointer to my birthdate. Now I have 55!JEC>02031954.

Now let’s say I want to register for http://jebersblog.com using my core password. Let’s add the custom characters that will be unique to this site. Using the initials suggested by the site name I come up with jb55!JEC>02031954. On the Lockergnome forum I would use lg55!JEC>02031954. For Friendfeed, ff55!JEC>02031954, and so on.

I only recommend using a strong but still breakable password like this for sites where you have no financial or personal information that someone else could profit from accessing. It should be sufficient for your WordPress blog, forum membership or sites like the Cutest Dog Competition, where you can register to vote for my beloved Cleo.

However, for sites like eBay, PayPal, your bank or any other site which requires much stronger protection of your information, I would suggest you bookmark Steve Gibson’s Ultra High Security Password Generator page.You’re going to get a password no one could possibly remember (for example: “>cr+q-kcKF9bBysCLbHdpVt(6\|r3fMV^~8%R.9^u<Mr(VPPH{1z;a4BhM`7@b[9) so you're going to have to record it somewhere. This is the weakest point of security when it comes to passwords. If you do have to write it down, keep it with you (not written on a Post-It note stuck to your monitor) and don't label it ("My bank password:...").

For even more security, do not let your laptop, or any mobile device, save your password for these sites, and change your password on secure sites frequently.

Related articles by Zemanta

• Two-factor authentication now available for Amazon Web Services (crunchgear.com)
• Three steps to help secure your site (owencutajar.com)
• Strong Passwords Not as Good as You Think (it.slashdot.org)
• The art of creating strong passwords (macworld.com)
• Got Problems With Wordpress Admin Password Reset? (mwd.com)
• The achilles heel of the Internet (blogs.securiteam.com)
• Keep a list of your important numbers with Password Keeper (bbgeeks.com)
• Do we really need passwords and PIN codes any more? (allaboutsymbian.com)

Did you realize that failing to keep your electronics clean could actually impact your security?

Back in the ’70s I was fortunate enough to work in both law enforcement and national intelligence. Both taught me that often the most useful intelligence or evidence comes from the most mundane sources. This was in an era when electronic door locks were the height of technology. We would frequently amuse ourselves by guessing the passcode of a door based solely on the wear pattern of the keys.

People tend to be unaware of just how often they type their password (and too many people only have one password for all their online activities) every day. On light-colored keyboards, the keys used most often become more soiled and more worn than other keys. On dark-colored keyboards, the most used keys become shiny. By looking for the most worn, dirty and shiny keys on a keyboard, I can get a reasonable idea of which keys you use to type your password. This method isn’t foolproof nor does it guarantee I would be able to guess a complex password based on which keys were used the most, but it does provide a means of making it easier for me to reconstruct your password.

Users of the iPhone and iPod touch that password protect their devices have a similar problem. The face of the device retains finger impressions clearly visible on the glass. We know that iPhone passwords are 4 characters long, and by seeing where the fingerprints on the glass face line up with the “enter password” screen, we can pretty easily determine which 4 characters are being used. All we have to do then is try various combinations until we get the right one.

I’m not sure that cleanliness is next to godliness, but I can say that electronic cleanliness is a good security practice. Clean off your keyboards with a paper towel slightly dampened with alcohol every day. Wipe off the face of your iPhone or iPod with a lint-free or microfibre cloth daily.

Don’t let dirt compromise your security.

Related articles by Zemanta

• The art of creating strong passwords (macworld.com)
• Top password tips (macworld.com)
• 4 Unique Tools To Generate Strong Passwords (techie-buzz.com)

Image by HiMY SYeD / photopia via Flickr

Lazyfeed is a new entrant in the field of RSS readers, a field currently dominated by Google Reader, NewsGator and FeedDemon.

Unlike the majority of feed readers, though, Lazyfeed doesn’t require you to manually input the URL of every feed you want to read. Instead, Lazyfeed relies on tags, one word synopsis of what interests you.

Say you want to read blog entries about Technology. Enter the tag “technology” in the “What Interests You” field and a stream of articles on that topic appears. Click on the “Save” button and that topic will be added to your saved interests list.

Louis Gray has posted a far better explanation than this on his blog at louisgray.com. Louis provides not just a great overview of the service along with screenshots of its features, but he also mentions how this manner of presenting feeds can add value to your RSS reading. Lazyfeed adds relevance that other readers often lack.

Lazyfeed is one of those services that might be easier to understand by playing with it for a while than reading about it. With that in mind, I’d like to offer the first three people to request one in the comments an invitation to the Lazyfeed beta. There is only one thing I ask in exchange for an invite: within the next month write a review of your experiences and opinions of Lazyfeed on your blog and link back to this post so I can read your impressions. I’m curious to know how other people use Lazyfeed, if it provides a unique experience and offers a better way to read relevant content on the web.

(P.S. If you’d prefer to not post your email address in the comments (I’ll need it to send an invite) you can email it to me directly at jeber (at) jebers.com)

Related articles by Zemanta

• NewsGator kills its web-based feed reader, supports Google Reader instead (downloadsquad.com)
• Why Promote an RSS Feed if it Keeps People from Visiting Your Blog? (problogger.net)
• How To Discover The RSS Feed Of A Webpage If A Link Isn’t There (makeuseof.com)
• How to Download RSS Content Automatically in Mac (maketecheasier.com)
• I really like RSS (xfep.com)
• Lazyfeed Wakes Up – And We Have Invites (techcrunch.com)
• LazyFeed: Get the News, Vids, and Pics You Want Without Even Trying (readwriteweb.com)
• The One Huge Issue That Is Going To Kill Tag-based Reading Systems (cloudave.com)