Windows: If you want access to streaming media restricted by your location, web sites that display differently depending on where you are, or just a little privacy, SafeIP can help. The utility lets you select where your IP address will appear to be located, and can even rotate them regularly if privacy is your goal. SafeIP has IP addresses in ten locations, including multiple servers in the US and the UK, and a handful of locations in places like Hong Kong, the Netherlands, Canada, Austria, Poland, Italy, Germany, and France. You can select any one you choose to have your traffic routed through their servers so any site you visit or app you open thinks you’re in that location instead of where you are. SafeIP even lets you change your IP without disconnecting and reverting to your original one first, and can be told to run at startup, or automatically change your IP on a schedule you set (the default is every 10 minutes). By default, SafeIP works as a proxy—there is an option to encrypt your traffic in the settings, the way a VPN would, but it’s not on by default. Make note: SafeIP is built for private browsing and getting around location restrictions, not security. The app boasts some enhanced features like malware protection and ad blocking (although those features really just try to block items via your HOSTS file; it’s not worth enabling when you have better options available ). While the app is free, there is a “Pro” version ($30) that adds Wi-Fi protection (much like what Disconnect already does ), and some other features we don’t really think are worth the cash. If the app sounds interesting, stick to the free version. You can grab it at the link below. SafeIP | via Addictive Tips
Written from posts that were published over a nineteen-month period (!) Troy Hunt’s work is now compiled in this book, a free e-book on development security, specifically targeting Microsoft’s .NET application platform. It’s called OWASP Top 10 for .NET developers and it’s available as a PDF at asafaweb.com/… Are you programming on this platform? Go get it.
Two-factor authentication is one of the best things you can do to secure your online accounts. Today, Microsoft is rolling out this important feature for Microsoft accounts—the key to Outlook.com, Windows 8 PCs, SkyDrive, Skype, Office, and more. Here’s how to enable it on yours. Head over to https://account.live.com/proofs/Manage and sign in to your Microsoft account. Then click on the “Set up two-step verification” link to secure your account and make it harder for hackers to take it over with a stolen password. Then on the Security info page, add your mobile phone number and an alternate email address. Note that the feature is still rolling out, so you might have to wait a little while before you see the option to turn this on. As with other places you should have two-factor authentication turned on , when you sign in to your Microsoft account from an unknown device, Microsoft will send you a code you’ll have to enter before letting you in. You can have Microsoft remember your device for 60 days so you don’t have to keep entering codes. Finally, Microsoft is also offering a Microsoft Authenticator app for Windows Phone. See Microsoft’s blog for more details on the new two-step verification. Microsoft Account Gets More Secure | The Official Microsoft Blog
Problems with security seem to pop up all the time—from an easy to hack router to apps that leak your data into the world. Thankfully, it's pretty easy to protect yourself. Here's how to do it. Unless you keep up to date on all the security news, it’s easy to miss a bit here and there about what has been exploited and what hasn’t. We’re all vulnerable at some point, and if you haven’t touched the settings on your computer since you took it out of the box, it might be time to take another look. Already know about these security holes and have them patched up? Good for you! Send this along to your friends who don’t to help keep them safe. UPnP Allows Access to Your Gear from Outside Sources UPnP (Universal Plug and Play), a component meant to make devices like routers, printers, and media players easy to discover on a network, has been accused of having security holes for a long time , but this week the US Government suggested you disable it yet again . The most recent study suggests 40 million to 80 million network-enabled devices responded to discovery requests from the internet and are vulnerable to an attack that gives hackers access to webcams, printers, passwords, and more. This means routers and devices with the bug can be accessed from the internet to remotely screw with your system even if you don’t have malware installed. The good news is that most of the affected hardware is old, and the problem likely isn’t as widespread as it seems. That said, in the case of most devices, you can turn UPnP off in the settings (look in your manual for directions). The UPnP setting on your router doesn’t have anything to do with the protocol that lets you stream media over a network , print from inside the network, or anything similar. Turning it off on the router level only blocks you from controlling these devices over the internet , which most people don’t need to do. To turn it off on a router level, you pop into the admin page and disable UPnP. If you want to check your hardware, security site Rapid7 has made a tool to scan devices on your network . As far as security risks go, this one’s easy to fix and it’s not going to affect a lot of people these days. The rest of these are much worse. WEP/WPA Passwords on Your Router Are Easy to Crack Chances are that your router is using either a WPA (Wi-Fi Protected Access) password or a WEP (Wired Equivalent Privacy) password. Unfortunetly, it’s pretty simple to crack a Wi-Fi network’s WPA password and a WEP password . Both of these vulnerabilities exist for different reasons. In the case of WEP, it’s as simple as cracking the password with an automated encyrption program (and a lot of time), while in WPA, it’s more about a vulnerability in WPS (Wi-fi Protected Setup) on certain routers. This can be corrected by turning WPS off. If you can’t turn WPS off, you can install DD-WRT or Tomato so you can. DD-WRT should add a nice security layer to your home network. Browsing Without HTTPS Leaves Your Vulnerable to Snoopers HTTP Secure is the protocol used to secure everything that you send online that’s important. This includes your bank information, social networks, and just about everything else that needs security. For your home network, you can simply install the HTTPS browser extension that ensures you’ll always use the secure version of a site so your data doesn’t fall into the wrong hands . Without HTTPS, your personal data is far more likely to fall through a security hole and into the hands of some nefarious person. While it’s important to use HTTPS at home, it’s far more important to always use it on public Wi-Fi . At places like hotels, airports, or libraries, someone is probably snooping out your passwords . Your best solution for public Wi-Fi is to use a VPN (virtual private network) to route your traffic safely and securely. All the Apps, Software, and Websites You Use Might Accidentally Leak Data It happens time and time again. A hacker finds an exploit, and suddenly all your favorite software and web sites are vulnerable to people snagging your passwords. This might make your entire system insecure, it may give your passwords away, or they’re leaking your personal data like name and address. This happens with Java constantly , but it has happened to pretty much everyone at some point, including: Mega , Google Wallet , Apple , Skype , Path , Zappos , LinkedIn , and Facebook . First off, you need to keep your software up to date . This means both your operating system and your mobile software. Generally, when your data is leaked, someone notices, and the software is patched up right away. It’s not exactly the perfect solution, but since the security holes are on the service or software side, it’s all you can do. That said, make sure you have : two-factor authentication enabled where you can , you use a different password for every site , and use a a password system like LastPass to ensure your leaked data doesn’t reveal enough information to get your login information for another service. Strong Passwords Aren’t Enough to Protect Against Everything When it boils down to it, a good password only gets you so far. Certain security holes, like social engineering hacks can happen when a skilled hacker bypasses technical protections (like a strong password) to get the information they want from talking to a person—no “real” hacking is required. It's exactly what happened last year when the Apple and Amazon exploits were uncovered in Mat Honan’s hack . In short, people are one of the biggest security holes in the larger chain. Hackers can use psychological tricks to get your information, they might pose as someone important, as a Facebook friend, or even as you when talking with customer support. With a little information, they can then gain access to your account. If that account uses the same password as everywhere else, they essentially get access to everything you do. Thankfully, you can protect yourself with a few simple tips . The main goal is to make sure you don’t have all your eggs in one basket. That means if someone gets one password to one site, they can’t get in elsewhere. So, never use the same password more than once , use two-factor authentication , get creative with your security questions , and monitor your accounts . Plugging up these security holes isn’t exactly a fun way to spend an afternoon, but it’s certainly more entertaining than waking up one morning to find someone has stolen your identity. It’s also a pretty easy process, and once you’re set up you don’t need to do much else.
Sometimes we send personal information like credit card details, tax information, health issues through private email service like Gmail. The most secure email service, but there is something that should be kept private. Do you know? Even though you send messages through private email service, it can be traced down and intercept with certain tools. If your passwords get leaked or stolen, hackers can read your messages from archives. If your passwords are strong and the recipients account is hacked, what will you do now? Your messages are seen by the other party. Safe Gmail is a chrome extension that allows you to send encrypted messages inside Gmail. You can send private secret messages with military grade PGP encryption facility from your Gmail inbox. It works with any recipient. Your recipient doesn’t need any extension to view your message. How does Safe Gmail work? Install the Safe Gmail extension in your chrome browser. Open compose email, select the encrypt option. Enter a security question and an answer. The question and the answer should be known to your recipient too. Now compose your message and send it. Your messages are encrypted and sent. The recipient will receive your message with the link to decrypt it. Only when the recipient answers your question, he is able to see the encrypted message. After some time, the encrypted messages are automatically expired to prevent unwanted readers. Is it really safe to use the extension? When you hit the send button, the encryption is done in your browser and email message is sent. The encryption message isn’t stored anywhere; instead there is an encryption key that gets stored in the Safe Gmail cloud. Similarly, the message decryption is just the opposite. The encryption key is pulled out from the Safe Gmail cloud and the messages are decrypted. So your email messages aren’t stored or send anywhere. Safe Gmail extension is completely open source, so if you’re a developer you can check the codes. For a limited time I’m sharing some select Tips and Tricks and How-To Guides for FREE.