Firefox to use Google secure search by default

Now that the Google secure search offering has matured in terms of scale and performance Firefox is moving to use Google secure search as it’s default search provider.

From a privacy / security perspective this is great news as it makes it much more difficult for people to view your searches / search terms.  As always, the solution is not foolproof and Google breaks the ‘security’ for paid advertiser links etc.  However this is a good step in the right direction for improving security / privacy and specifically search security / privacy online.

More details can be found here;

http://searchengineland.com/firefox-to-use-google-secure-search-by-default-116231

If you want to use Google secure search yourself, just replace http with https in the address bar when you use Google search.

K

TSA’s good catches of 2011 or Terrorists can’t use ziplock bags

As an interesting follow up to my previous post ‘real security – safety vs. liberty’ that can be found here;

http://kevinfielder.wordpress.com/2011/01/03/real-security-safety-vs-liberty/

I came across the TSA (Transportation Security Administration) blog posting on their 10 best good catches of 2011.  Now bear in mind this is their own blog, not an independent news report so can be expected to paint them in the best possible light..;

http://blog.tsa.gov/2012/01/tsa-top-10-good-catches-of-2011.html

So mostly forgetful / stupid passengers, the odd criminal and 1 person who took C4 through one airport and only got caught on the return flight.

You will notice ZERO terrorists or terrorist plots foiled.  We are beholden to more and more checks that in fact do nothing to catch or prevent terrorism.  When will the voice of reason prevail over checks that appear ill conceived and only get enacted as poorly thought knee jerk reactions to previous issues.

The chairman of BA has echoed similar sentiments as quoted in this Daily Telegraph report;

http://www.telegraph.co.uk/travel/travelnews/8089096/Airport-security-checks-are-completely-redundant-BA-chairman-says.html

To further back up my opinions on how ridiculous many of these new checks are, I recently flew from Luton to Dublin.  On my out I duly had my clear plastic bag of toiletries, all less than 100ml, and a total of well under 1 litre.  No problem I thought, I am well prepared.  However my bag was a clear tie-handle bag.  I was stopped and told they have to be in a resalable zip-lock type bag.

How this will reduce terrorism I do not know?  As per the title, has recent research proven that those inclined to blow up or take control of aeroplanes struggle with zip-lock, but can tie handles together?

The problem with all of this is that we as the people who are not actually being served or protected by these extra checks cannot question or challenge them – if you argue or protest you can’t fly, simple as that.  It’s about time someone saved us all time, and airports money by reviewing exactly what checks are sensible and needed.

K

Cloud computing is complex..

Recently came across an excellent article around the complexity of cloud here;

http://blog.theloosecouple.com/2012/01/10/cloud-complexity-its-a-wrench/

If you just use / consume cloud computing the concept seems simple enough, and on the surface it is.  However if you are implementing a cloud type service whether a huge public cloud or a smaller private cloud the work involved is considerably more complex.

The cloud concept is to deliver IT services as a utility much like power or other utilities.  From a consumer viewpoint this makes the consumption of the services a simple idea.  The provision of these services in a reliable, location independent, scalable manner is far from simple.  Many larger businesses are either implementing or at least considering the idea of a private cloud, if you are in this camp, or just interested in the complexities of implementing cloud computing then this article makes a great read!

K

Hackers outwit on-line banking security

If you ever doubted either the inventiveness of criminals, or the need for taking sensible security precautions this story should be a wake up call;

http://www.bbc.co.uk/news/technology-16812064

Hackers have developed ‘Man in the Browser’ attacks that potentially allow them to circumvent even the relatively new 2-factor chip and pin security many banks now implement.  These attacks also have the potential to at least temporarily evade protection such as AV software and any blacklists as they will redirect to new sites that are not yet known by security firms.

In short stay vigilant, keep your computer(s) protected and up to date, and always use security software such as anti virus etc.  And as documented by Bruce Schneier several years ago we need to look at authenticating each transaction.

K

MSc Update

Checked today and I have passed the final module – Secure Systems Programming.  I actually did considerably better than I expected and as I had virtually no C/C++ experience prior to this module I’m very pleased!

Nice to make some progress on the first item from my post about plans for the year as well..

Just the project to go, so I’ll definitely complete the Masters this year.  I will post some updates on the project later in the year as that gets started and progresses from around April time.

K

Trust requires transparency

I came across this excellent post via Bruce Schneier’s blog;

http://newschoolsecurity.com/2012/02/dear-verisign-trust-requires-transparency/

The post highlights that while Verisign has publicly claimed that they have dealt with the recent breach of their systems and that the Domain Name System (DNS) has not been compromised, they are still very light on details of what actually happened and how the DNS system was protected and has in fact not been compromised.

The point of the post is that for us to truly trust them and the systems the own and run again they must be open and transparent.

This is an excellent point and one well worth remembering.  While it may appear that the most secretive systems or organisations may be the most secure, actually it is likely we can place the most trust in those that are most open where we can clearly see and verify the security of their systems and processes.

Read the post and Verisign’s statement and make up your mind on whether you think you would be more ready to trust them if they were more open and transparent.

Be secure, open and trustworthy..

K

Joke of the day..

The below is of course hypothetical and similarity to any real people or situations is purely coincidental..

Hi can you design solutions for our environment?

Sure, could you provide me with details of the environment, ideally some sort of architecture document covering what it comprises of and how it’s configured?

No we don’t have that.

OK, could you provide me with access to the environment so I can understand it, how it’s configured and any capacity constraints etc.

No

Erm OK.. I’m off to buy a magic 8 ball then.

Dilbert couldn’t do better

Back to more serious posts next!

K