Throughout this week I will be posting some tips on how to keep your website (and other accounts) as secure as possible from malicious activity or unwanted intruders.

The first topic I am going to discuss is by far the easiest and most commonly use way of account exploitation: Easy Passwords.

With password cracker software out there and hackers getting smarter, it’s cheesecake for them to get owner access to your account that should be protected.

Examples of weak, vulnerable passwords:

• kelly824 (my name and day of birth) seriously, that’s easy information and anyone can figure that out.
• letmein
• opensesame
• p@ssword123
• fluffy

And the list can go on and on. You never really want to use a password (especially when it comes to your bank account) that can be found in the dictionary or a name, or any numbers that are identifiable such as birthdays, anniversaries, etc. It’s just too easy for people to crack and most sites that get hacked are done so because the admin password has been compromised.

Examples of strong passwords:

• b@b8!llA
• MSte790eq (if only numbers and letters are allowed, no special characters.)
• h!t0Pt@b1e

Password Recommendations:

• Use UPPERCASE and lowercase letters
• Use Numbers
• If allowed, use special characters such as !@#$&
• Do NOT use any easily identifiable names or numbers
• Ideally, you want your password to be as long as possible, but please try not to use a password less than 8 characters.

Have trouble remembering passwords, try KeePass Password Safe. Keeps your passwords on your computer, but encrypted and ready for you to copy and paste.

Remember, it’s the littlest things that can go so far, the same goes with website security.

…The WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system…

If you haven’t upgraded your version yet, you can do so by going to Help > Check for Updates OR Help > Apply Downloaded Update Now.

This week (and weeks to come maybe?) many people around the world have received an e-mail message supposedly from Facebook with a message that their user password has been reset and attached to the e-mail is a .zip file.

DO NOT OPEN THE ATTACHMENT

My fiance’ received such a message and while it says from “support@facebook.com” the e-mail has been spoofed; meaning it actually came from another source but is trying to look like it came from Facebook.com.

I was not able to get a screen shot from him but I did find one on the interwebs.

Now, a lot of people may pick up quickly that this e-mail is fraudulent. The verbiage, lack of name, lack of signature and privacy statement and the fact that you have to download an attachment to get said “password”, but for those that aren’t quite sure. It’s FAKE.

According to McAfee Security the attachment contains downloaders, password trojans, just to name a couple. Either way, it’s bad news for you and your security.

If you ever receive a suspicious looking e-mail from Facebook, please report it to Facebook’s Security Team.

Is this u in this vid? [bad link here]

This you??? [bad link here]

24/female and horny [bad link here]

Twitter has FINALLY implemented a filtering system that filters DM’s and e-mail notifications for harmful/phishing links, rejects them and sends the legitimate DM’s/notifications through. You may notice new Short URL’s, twt.tl too!

Hopefully this will put an end to those annoying DM’s and Twitter can be a slightly safer place.

Read more from Twitter’s Blog.

Can the media get any more pathetic? This all started with a story running in some super market tabloid reporting that Mr. Woods engaged in extra marital affairs with some VIP Club Hostess and then a few days later poor Tiger crashed his car in the weeee hours of the morning. And then from there, speculation swirled, privacy was invaded, all these women are coming out saying they too have had intimate relations with Mr. Woods.

Let me break for a second to send a message to those women -
First of all, your 15 minutes of ‘fame’ are for all the wrong reasons. Not only are you happy to “Kiss and Tell” (when you think it will benefit you), you are telling the world and other possible mates, famous or not, that you do not respect the privacy of the other party. You’re showing the world that you’re quite happy with sleeping with a married man (or just showing your shallowness by only sleeping with a RICH married man thinking you’ll get something from it) .
Second, it does take two to tango. You were just as wrong and just as at fault as Mr. Woods for the consent to any intimate or extra flirtatious relations.

Ok, what was I saying? Oh yes, the media on a rampage. Ever since the accident it’s been non-stop gossip and prying into the life and history of Mr. Woods and he said she said. Last time I checked Tiger Woods was human, he was a man, and he is not perfect. Am I saying this was right or something for his wife to brush off? Definitely not, my husband cheats on me and he’s gone. However, this matter is for the Woods family to deal with PRIVATELY. It is none of our business and it is not helping that we find it necessary or tasteful to print, write, talk, about any of this. Gee, Keleigh, why are you writing about it then? Why? Because I’m not fueling the rumors or the fire, I am simply telling you people to shut up and let the Woods family deal with this in privacy.

Mr. Woods has already lost a lot of respect from a lot of people and I can’t say that he wasn’t asking for it but he already has to face his wife, his children, mother, and his close friends and provide them with answers. Those are the people that he needs to be answering to, not us.

Black Screen of Death

On November 27, 2009 a dingleberry of a security “professional” from a computer security company that will go unnamed because they suck published a report that a Windows 7 security update was causing computers to crash and display the “Black Screen of Death” rendering them “useless” but of course, NO ONE CONTACTED MICROSOFT!

According to Ed Bott, who covered this story thoroughly, the original blog post went unnoticed until November 30, 2009 when it was picked up by the IDG News Service and from there it just spiraled out of control with a plethora of blogs and articles written and published on this supposed Microsoft F-up with no one actually doing any fact checking.

Now, I am by far not a journalist or professional writer, but it seems to me that when publishing something such as a security related article you would want to have the facts. Of course we can have our opinions about things and interpret things differently but this was not that article. With the blame placed directly on Microsoft, and quite blatantly too, the only interpretation of this article was that Microsoft caused this, they are fault for the millions of users who may encounter this “Black Screen of Death”.
And then we have the kicker. After all is said and done, this BSoD is of no error of Windows 7 and the company retracted that information and said…

“Having narrowed down a specific trigger for this condition we’ve done quite a bit of testing and retesting on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

“We apologise to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.”

Not only was that a lame attempt at an apology, I mean, come on, inconvenience? A challenging issue to identify? It wasn’t too challenging for you to quickly blame Microsoft. And what’s with the plug? Use our “free tool to restore…” Why would I want to use a tool from a company who cannot properly diagnose a problem and where it comes from? No thanks!