As you may have heard Dropbox suffered a major security breach this weekend, for almost 4 hours ALL dropbox accounts (including data) was accessible to ANYONE without password (or rather you were asked for a password, but it would accept anything)..

The major problem here is that ANYTHING in your Dropbox is unencrypted, and thus anyone that gets access to your Dropbox has access to your data…

This is, besides a major concern for Dropbox users, a wakeup call for users of cloud solutions – I totally have to agree with Steve Gibson (www.grc.com/securitynow) that we need PIE – Pre Internet Encryption, everything we store in the colud really NEED to be encrypted before it leave our servers/lan.

Obviously this Dropbox breach was not good 🙁  but never fear there is a solution, still in Beta but still very promising..  The solution is called SecureSync, it creates an encrypted folder in your dropbox and anything stored here is encrypted (you HAVE to access the folder via the “SecureSync” shortcut in MyDocuments though, if you look directly in the encrypted folder you will only get encrypted data – this however is quite clever as you can still syncronize with machines that do not have SecureSync installed, for Dropbox the encrypted data is merely data and is thus synchronized just as other data – however once you instal SecureSync on the target machine you can suddenly read the encrypted data via the “SecureSync Shortcut”.

SecureSync is free (at the moment at least) and still in Beta, but it seem to work fine although especially the install routine obviously will be improved.

Get it here;
http://getsecretsync.com/ss/getstarted/

Seems like I have been sleeping in class 🙂  Backtrack 5 was released in May without my noticing it :-/

Download it here and take it for a spin 🙂
http://www.backtrack-linux.org/downloads/

BackTrack 5 – Penetration Testing Distribution from Offensive Security on Vimeo.

I just read about IATA’s newly proposed security screening process and I must say I am very sceptical 😐 it would seem to rely heavily on sensitive personal data being shared with authorities and cross country borders.. Being a privacy advocate I really don’t like the way things are heading… This newfound “fear” of terror seem to create a number of loopholes in the protection of peoples privacy. I am very concerned about the level og details I have to share with airlines already, having to share more is very unattractive to me, I would prefer them hireing more airport police instead..

Also I don’t think I should be treated like a crook or second class traveler just because I care about my privacy.

Recently I mentioned the Microsoft Security Scanner (https://readmydamnblog.com/?p=2011) a portable/standalone scanner for your pc, well it seem Microsoft is stepping up their Anti Malware/Rootkit effords – link to their new beta project;  http://connect.microsoft.com/systemsweeper

The link is to a beta project from Microsoft introducing a bootable ISO that will help getting rid of rootkits and what now (Rootkits which logically are notorious difficult to detect and remote from within the OS installation).

It’s still in Beta, but looks interesting indeed.

32 bit version; http://go.microsoft.com/fwlink/?LinkId=215854

64 bit version; http://go.microsoft.com/fwlink/?LinkId=215855

Microsoft site; http://connect.microsoft.com/systemsweeper

It is also worth noticing that the latest version of Microsoft DART “ERD commander” (the old Winternal/Sysinternal utility to boot, modify and fix Windows installations) now also contain a malware scanning and removal utility (Standalone System Sweeper) – this is however sadly only available to Microsoft corporate license holders.

A very interesting ‘webcast’ on what could be named “Filter bubbles”, it is an interesting observation on how Google and Facebook automatically filter certain information away for you (all in good faith I hope, but still)..  Your search on “Egypt” may thus bring very different results than the same search done on a friends computer, good or bad?  well it is hard to tell but it offers some scary prospects.  Take the 9 minuts and listen to this, it is interesting stuff.

Microsoft has released a no-nonsense simple to use, free and downloadable tool – Microsoft Security Scanner – to check and cleanup virus infections (or suspected infections).

This tool is not intended as an antivirus, it is intended as a cleanup utility for infected computers or as a tool you can download and do a double-check to confirm you are not infected (say your installed antivirus is unable to detect a certain virus/malware, then you can double check using Microsoft Security Scanner).

You can download it free from here (note the download only works for 10 days, then you have to re-download an updated version, this is to ensure the virus detection patterns are always fully up to date);
http://www.microsoft.com/security/scanner/en-us/default.aspx

A good thing to also do is to run Microsoft Malicious Software Removal Tool from time to time – this is done automatically as part of  Windows Update, however this is only the ‘fast/quick’ scan – by starting the MRT.EXE manually you can do a FULL scan.  The Malicious Software Removal Tool is installed on all windows machines and updated/maintained via Windows Updates.

to run it;

Btw; McAfee has  a similar yet not so comprehensive utility called Stinger (also free download);
http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

It is stated in;
http://www.governmentattic.org/4docs/NSA_AmerCryptColdWarBk4_1999.pdf  (around page 11 in the PDF)

That the CIA in the 1980’s found an early version of what was basically a keylogger in US Typewriters (IBM Selectrics), it was suspected that these had been installed by KGB during their way through Russian or Polish customs, data collected from the typewriters was collected and emitted via radio transmissions.

With that in mind, I am afraid to think what is possible today with the technology we have now 🙂

I just stumbled across this lately, it’s a piece of software you install that should insert itself as a driver between the keyboard and the OS and encrypt all keystrokes – the idea would be that it would foil keyloggers.

An interesting concept, however I’m not fully convinced – I guess that I don’t fully understand how this works – but I tried installing it on a test machine and it did no harm – so I guess it won’t do any harm installing it.  There is a free version that works with IE and other popular browsers – to make it work with everything you need the pro (payed) version – IE is fine but just how do you test a product like this?  Install a keylogger yourself *lol* well let’s see…

http://www.qfxsoftware.com/

a couple more detailed reviews here (although they did also omit installing a keylogger to test the software ;-));  
http://www.brighthub.com/computing/smb-security/reviews/27606.aspx
http://www.vikitech.com/830/protect-yourself-from-keyloggers-with-keyscrambler

Nothing new here, just a quick way to block google ads via a simple addition to your hostfile – Not that I am against Google ads (I use them myself on this blog), but sometimes they are put in annoying places and besides I respect that some people just don’t like advertising.

Here’s how to;

Fire up your Notepad (if you are running Vista,7 you MUST launch in administrator mode – rightclick notepad and select “run as administrator”), open the file “hosts” found here; c:\windows\system32\drivers\etc.

Now add these two lines to the bottom of the hosts file (there should be a tab between the numbers and text);

127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com

save and your done, no more google ads.

I have been trying to recall the name of this little addon to Outlook for ages now, a few of my friends really need this to keep a valid backup of their Outlook PST file..  Fianlly I rediscovered it..

The problem is that some use online backup services, and once they start windows they launch Outlook – subsequently the online backup is unable to ‘lock’ their PST file and their Outlook data file newer gets backed up..

This little add on will a specified intervals create a backup copy which will obviously not be ‘locked’ as an open file and can thus be backed up without issues.

Hopefully the Outlook 2010 version will become available soon?

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8b081f3a-b7d0-4b16-b8af-5a6322f4fd01

By applying the fix below it should be possible to make the older versions work with Outlook 2010;
http://support.microsoft.com/kb/2030523