While researching the new version of Metasploit I came across a good blog post there that kind of sums up my term paper for school this semester - The best defense is information. Matter of fact, that is one of my best lessons or goals from my paper on the SANS / CWE Top 25 most dangerous programming errors. Keep up , with podcasts, SlashDot, blogs, etc.
This blog posting on Metasploit's site talks about the recent Adobe 0 day exploits last February. The poster says that security providers by and large depend alot on public information to keep users safe.
http://metasploit.com/blog/#blog-0
Friday, March 20, 2009
Saturday, March 14, 2009
Securing your email.
Encrypting your email.
Here is a good article on how to encrypt your emails:
http://www.wi-fiplanet.com/tutorials/article.php/3786446. Here is a link to one of my favorite podcast transcripts where they also talk about email security: http://www.grc.com/sn/sn-182.htm.
Make sure if you use Gmail, make sure to use https rather than http. I have found that if you go to www.gmail.com, it will put you in SSL for logon only. Once, you log in, you go back to plain old http.
If you go to https://www.gmail.com after you log in, you stay in https. I don't know why that's not the default. Also, I am looking forward to the day where all email systems, including Outlook, doesn't have PGP built in tranparentlly. If I sign up for an email system, the first things that should be done is to have me sign up for a certificate.
Lastly, if the contents of the email is really sensitive, encrypt the attachments with a tool such as TrueCrypt, send the email and then call your recipient and give them the key to decrypt.
Here is a good article on how to encrypt your emails:
http://www.wi-fiplanet.com/tutorials/article.php/3786446. Here is a link to one of my favorite podcast transcripts where they also talk about email security: http://www.grc.com/sn/sn-182.htm.
Make sure if you use Gmail, make sure to use https rather than http. I have found that if you go to www.gmail.com, it will put you in SSL for logon only. Once, you log in, you go back to plain old http.
If you go to https://www.gmail.com after you log in, you stay in https. I don't know why that's not the default. Also, I am looking forward to the day where all email systems, including Outlook, doesn't have PGP built in tranparentlly. If I sign up for an email system, the first things that should be done is to have me sign up for a certificate.
Lastly, if the contents of the email is really sensitive, encrypt the attachments with a tool such as TrueCrypt, send the email and then call your recipient and give them the key to decrypt.
Subscribe to:
Posts (Atom)