Sunday, June 08, 2014

Shockwave Vulnerabilities

I read this post on Krebs on Security, about how Adobe is not keeping Shockwave patched to prevent recent exploits.  The post encourages us to ask why Shockwave is needed on MS Windows.

I uninstalled Shockwave a couple weeks ago, and haven't noticed any incompatibilities.  Software minimization is a principle of secure systems, so removing unneeded software is a good move toward more secure systems.



Saturday, April 19, 2014

Add-on For Website Risk Rating

Netcraft has a useful web browser add-on, which includes analysis for the Heartbleed SSL exposure.  Download the add-on for Opera or Firefox or Chrome.

Monday, January 13, 2014

Mobile Phone Notes: Android, ATT, Verizon

A couple privacy apps to consider are PasswdSafe (password manager) and textSecure (encrypted SMS texting).
textSecure will achieve wider adoption when it has a message indicator flag on the icon, like the standard messaging apps.  textSecure is open source and hosted on github.



When using textSecure on ATT, the MMS settings page should work without further configurations.
When using textSecure on Verizon, the MMS settings page will need the following configuration:
  • MMSC http://mms.vtext.com/servlets/mms
  • MMS Port 80
  • MCC 310
  • MNC 012


When prioritizing ATT's 3G Microcell network traffic, prioritize the following ports for both inbound and outbound:
  • 123/UDP: NTP timing (NTP traffic)
  • 443/TCP: Https over TLS/SSL for provisioning and management traffic
  • 4500/UDP: IPSec NAT Traversal (for all signaling, data, voice traffic). 
    After NAT detection, 4500/UDP is used
  • 500/UDP: IPSec Phase 1 prior to NAT detection (after NAT detection, 4500/UDP is used)