Wednesday, November 19, 2014

Security software on Microsoft Windows 8.1

With the explosion of zero-day exploits, vendors are rushing to patch critical vulnerabilities.  In my opinion, this does not allow time for complete regression testing against the wide variety of applications and hardware.  Since broken and non-booting machines can be difficult to fix in a reasonable time frame, I now recommend installation of Microsoft patches not on patch Tuesday but a day or two later - after the patches have been tested by other users. 

For home use, I run the following free security products on Microsoft Windows 8.1:

Saturday, November 15, 2014

BlackBerry Smartphone - One Month Impressions

While this model is a couple years old, I am thoroughly enjoying the BlackBerry Z10.

The BlackBerry Hub integrates all forms of communication onto one page.   This is surprisingly useful, and I won't go back to previous checking of this and that ... calls and  voicemails and texts and emails.  Multiple email accounts + text + calls + voicemail + notifications all on one page, and I can specify the order of priority.  This one feature makes the BlackBerry a real business communicator.

BlackBerry native apps allow the user to control app permissions such as access to files, camera, contacts, etc.  This level of permission control greatly enhances user privacy - no longer do we have to accept apps that pick every possible permission.

Android apps run fine.  I am currently using the Amazon app store, and have not tried sideloading apps.

Battery performance seems reasonable.

There are a few annoyances:
Mini-USB plugs in to the left side of the phone.  The swipe to see the BlackBerry Hub swipes in from the left side, so when plugged in the cord can interfere with the swipe.

The built-in camera app has no ability to disable shutter sound.  Supposedly this has something to do with Canadian law.  A 3rd party camera app could be installed.

For Android apps, it does not allow user to over-ride the app permissions, as it does with BlackBerry apps.  Permission control on Android apps is a much-desired feature.

Microsoft Enhanced Mitigation Experience Toolkit

Earlier this year I installed Microsoft's Enhanced Mitigation Experience Toolkit (EMET) version 3.  The Microsoft blog describes EMT as... "a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation technologies. The result is that a wide variety of software is made significantly more resistant to exploitation – even against zero day vulnerabilities and vulnerabilities for which an update has not yet been applied."

I'm not sure why "Experience" is in the name of the product.  EMET helps prevent bug exploits by forcing application address space layout randomization and data execution prevention in addition.

With the recent Microsoft zero-day patches, I learned that EMET is up to version 5.  The latest versions add compatibility fixes and additional security protections.

Download the Enhanced Mitigation Experience Toolkit 5.  For those uninstalling a previous version, go to the Programs page in Control Panel and look for "EMET".

Thursday, September 25, 2014

BlackBerry Smartphone - First Look

Turning on a new unlocked BlackBerry Z10 smartphone, the messaging hub is impressive.  The hardware and phone software work together smoothly, and multitasking works allowing apps to continue to run when another app is started.  The built-in security and device encryption is appreciated.  Granular controls of app access to the device (files, contacts, camera, etc.) is a huge improvement over iPhone/Android and was one of the features which attracted me to the BlackBerry.  Speaker sound is surprisingly good.  For a model two years old, the camera is OK.

I'm not missing the junk apps that were installed on other phones.  There is no need for developers to create hundreds of flashlight apps, as a flashlight is built in.  Beyond the BlackBerry World app showcase, Amazon's appstore is available by using the Browser to go to and clicking the prominent download button.  Must-haves such as PasswdSafe, Opera web browser, and Pandora music are there.

The BlackBerry hub, which integrates email, SMS, phone logs, multiple email accounts, and even what is playing on Pandora is simply fantastic.  Contacts can be selected for prioritization in the hub, and it shows actions/contacts by day and time.  On the case there is a red indicator which flashes upon a new contact - much like old-style office phones with a flashing light for voicemail, this flashes (without having to look at the screen display).

Excited to have BlackBerry Blend available on this device soon.  It was recently released for the new BlackBerry Passport, to rave reviews.  Access everything from other devices, without a security-prone hackfest.  Wow!
From the manufacturer website, " you can download for your computer and tablet that seamlessly brings messaging and content that’s on your BlackBerry smartphone to your computer and tablet."

Sunday, June 08, 2014

Shockwave Vulnerabilities

I read this post on Krebs on Security, about how Adobe is not keeping Shockwave patched to prevent recent exploits.  The post encourages us to ask why Shockwave is needed on MS Windows.

I uninstalled Shockwave a couple weeks ago, and haven't noticed any incompatibilities.  Software minimization is a principle of secure systems, so removing unneeded software is a good move toward more secure systems.

Saturday, April 19, 2014

Add-on For Website Risk Rating

Netcraft has a useful web browser add-on, which includes analysis for the Heartbleed SSL exposure.  Download the add-on for Opera or Firefox or Chrome.

Monday, January 13, 2014

Mobile Phone Notes: Android, ATT, Verizon

A couple privacy apps to consider are PasswdSafe (password manager) and textSecure (encrypted SMS texting).
textSecure will achieve wider adoption when it has a message indicator flag on the icon, like the standard messaging apps.  textSecure is open source and hosted on github.

When using textSecure on ATT, the MMS settings page should work without further configurations.
When using textSecure on Verizon, the MMS settings page will need the following configuration:
  • MMSC
  • MMS Port 80
  • MCC 310
  • MNC 012

When prioritizing ATT's 3G Microcell network traffic, prioritize the following ports for both inbound and outbound:
  • 123/UDP: NTP timing (NTP traffic)
  • 443/TCP: Https over TLS/SSL for provisioning and management traffic
  • 4500/UDP: IPSec NAT Traversal (for all signaling, data, voice traffic). 
    After NAT detection, 4500/UDP is used
  • 500/UDP: IPSec Phase 1 prior to NAT detection (after NAT detection, 4500/UDP is used)