Conner's Blog » security

Sensationalism at Its Worse

Conner — Wed, 06 May 2009 18:19:56 +0000

I wouldn’t be writing this if I hadn’t met someone today who was actually worried about it. ABC published this article a while ago, and it must have aired on channel five recently. It’s your basic public safety piece. It’s about a “reformed” thief who breaks into a car and a home and steals a bunch of stuff and how the family is shocked to find out they are vulnerable.

These pieces always drive me a little nuts. Everyone’s home would be an easy target if someone spent time learning their routine. In this example, the thief knew the family was at a Little League game so it was obvious he would have free reign of the home for an hour or so.

This was the part of the article the woman I met today was worried about.

Let’s start with your car. If your GPS has a key lock, use it. If it doesn’t, don’t list your home as “home.” Instead, call your address “ice cream store” or “supermarket.” That way, a thief can’t find out where you live.

Dear ABC, I really doubt car thieves make it a priority to rob the same person twice. Additionally, it’s not difficult to find the home address in a vehicle. The last time I checked your home address is on a few items on your car including the registration and possibly your insurance card. If a thief was really stupid enough to intentionally rob the same person twice, its the work of a minute to open the glove box and put the address into your GPS.

For anyone reading this who might not have their address in their car. Please don’t think your safe renaming your home address “Ice Cream Store” Security by obscurity is a poor form of security in any guise.

Thoughts and Links 11/14 Edition

Conner — Fri, 14 Nov 2008 20:48:09 +0000

If you own a cat, you need to see this. Protect yourself.
Be careful in Canada, someone is chopping off feet.
The NCAA extended the three point line for men’s basketball. I guess they felt high scoring was bad for the game.
If you are in MSP, check out this list of things to do. [via Fresh.mn]
This article’s idea is interesting, but what’s even more interesting is the amount of land the U.S. government owns in the west
In another Duh! moment, we discover that when people consume less alcohol because it costs more, less people die in alcohol related deaths. Of course we don’t consider taxing gas more to prevent deaths.
Another reminder to shred everything, including envelopes.
I was reminded of the dessert at Chino Latino’s today. It was amazing.
Tom Morello performed at The Current this week. If you like music you have to watch. If you don’t like music, the door is on the left.
Lebron James will be remembered as the best NBA player ever. He’s a freak of nature. If you don’t believe me watch this.

Setting File Permission

Conner — Fri, 08 Aug 2008 14:24:01 +0000

Can we all please agree to stop doing this? From here.
sudo chmod 0777 /var/cache/eaccelerator
Why in the world would you do this? It is saner and more secure to set the directory owner to the user your web server runs as. Yes, in this case it probably won’t make much difference, but I don’t know how many times I’ve seen tutorials and forum posts that state, “oh, just run chmod 777 on that directory”

I understand that making your tutorials easy to follow is important. Still, could we all at least make an effort to recommend that instead of running chmod 0777, that the user change the ownership to the appropriate user or group?

Oh and in the case of the above tutorial, the appropriate command should have been:
sudo chown www-data
Then, only root and the webserver have write access to the directory. Much better than allowing everyone full access.

Quick App Recommendation

Conner — Fri, 01 Aug 2008 13:43:19 +0000

Well it’s a bookmarklet to be honest, but it is an incredibly useful tool. I discovered it listening to This week in Tech at twit.tv.(Great Podcast by the Way) It is called SuperGenPass. It is a bookmarklet, which means that it is in your browsers bookmarks but instead of going to a web page, it performs an action.

This bookmarket allows you to generate random passwords using a word or phrase. Basically what you do is you choose a Master Password. Now when you visit a site you want to log into, you input your Master Password into the password field and click on the bookmarklet and it generates a random password. Now the great thing about this is that it allows you to use the same Master Password for all websites, but when it generates the random password it uses the domain you are at. In my blog’s case it would use connermccall.com as part of the password creation process. Using a random test phrase as my master password, this bookmarklet generated this password ‘zTew5ZoSsfjU’.

This means that you only need to remember your master password, but you can use original and secure passwords at all of your sites, and since it’s a bookmarket, as long as you have access to your browser or the web, you can always recreate your passwords. This is a great way to increase your safety and security on the Internet, without causing much inconvienence, which really should be the point of all security software.