Facebook rolls out secure browsing as an opt in only feature

Three months after Firesheep was released into the wild, Facebook has began rolling out secure end to end https encryption as an opt in only feature for users. Secure https browsing vastly increases user security by encrypting traffic at the browser level preventing packet sniffing while members use unsecured wireless connection such as those found at coffee shops.

FacebookThree months after Firesheep was released into the wild, Facebook has began rolling out secure end to end https encryption as an opt in only feature for users. Secure https browsing vastly increases user security by encrypting traffic at the browser level preventing packet sniffing while members use unsecured wireless connection such as those found at coffee shops. Continue reading “Facebook rolls out secure browsing as an opt in only feature”

Pranksters exploit Twitter.com causing popups

San Francisco based Twitter.com experienced a short but visible exploit yesterday when someone realized Twitter.com failed to replug an old exploit allowing cross-site scripting. This oversight allowed users to enter scripts in the form of text and caused viewers on Twitter.com who mouseover the tweet to see a color change or retweet without the users knowledge. The security exploit was discovered and fixed within six hours. Continue reading “Pranksters exploit Twitter.com causing popups”

Gmail to offer more security with a six digit verification code

Google Inc. began rolling out a new security feature on Monday to provide more security for Gmail users. Account holders will be asked to enter a six digit code sent to their phones when they log in the first time from an unknown computer.

Gmail security
Gmail security

Google Inc. began rolling out a new security feature on Monday to provide more security for Gmail users. Account holders will be asked to enter a six digit code sent to their phones when they log in the first time from an unknown computer. This feature offers an additional layer of security and will make it harder for hackers to use brute force methods or social engineering to guess a user’s password. It will not, however, prevent a wife or husband from gaining access to their partner’s account if they have access to their mobile phones.

Continue reading “Gmail to offer more security with a six digit verification code”

Model Mayhem continues to struggle with problems of their own making

Model Mayhem is still running nginx version 0.6.34, a version specifically labeled as vulnerable.

Model Mayhem's downtime graph

No site operators want to see a downtime chart like this one on the right. Model Mayhem has been down 26 times for close to 3 hours in a 24 hour span. General manager Michael Egan posted yesterday that one of the reasons is “We have some stinkin IP from Senegal hitting us at an atrocious rate – blocked that.”

But is that enough? Many will remember the site was hit with a massive DDOS attack 11 months ago causing the site to go offline for over a day and struggling to perform for over a week. Members were told Internet Brands was putting many measures in place to prevent that kind of exploit from occurring again. Continue reading “Model Mayhem continues to struggle with problems of their own making”

Facebook adds remote logout and new security features to alert users of unfamiliar logins

Facebook has been busy lately adding more security features to discourage or even eliminate unauthorized logins. I first noticed this a week ago when I tried to login to Facebook from Starbucks. It detects a different IP and if you mistype your password, it will go through a series of authentication steps to verify your identity. Users are presented with Facebook’s version of the roadside sobriety test.

Facebook has been busy lately adding more security features to discourage or even eliminate unauthorized logins. I first noticed this a week ago when I tried to login to Facebook from Starbucks. It detects a different IP and if you mistype your password, it will go through a series of authentication steps to verify your identity. Users are presented with Facebook’s version of the roadside sobriety test. You are given a series of pictures from your friends albums and multiple choice of names. You must match the names to the photos with a few opportunities to get it wrong. The problem with this method is that it assumes I know all my Facebook friends by look. In an ideal world, I may know most of them by their headshots but when presented with a picture of their foot or a closeup of their pet turtle, how am I suppose to identify them? Continue reading “Facebook adds remote logout and new security features to alert users of unfamiliar logins”

Beware of latest Twitter phishing attempt

The latest Twitter phishing attempt is from twitter member who sends out a direct message saying “look what this bitch said about you on her twitter page” with a link to a shortened url which redirects to

The latest Twitter phishing attempt is from twitter member who sends out a direct message saying “look what this bitch said about you on her twitter page” with a link to a shortened url which redirects to http://error-twitter.com/. This is not a Twitter site.

Whois list the site as:

Domain Name: ERROR-TWITTER.COM
   Registrar: INTERNET.BS CORP.
   Whois Server: whois.internet.bs
   Referral URL: http://www.internet.bs
   Name Server: NS1.CYBERCASTCO.COM
   Name Server: NS2.CYBERCASTCO.COM
   Status: clientTransferProhibited
   Updated Date: 22-jun-2010
   Creation Date: 15-jun-2010
   Expiration Date: 15-jun-2011

The best way to defeat phishing sites is to use a password you can’t even remember along with your browser’s password feature. I use an 80 character alpha-numeric password with symbols. I couldn’t enter the password if I wanted to. If you can’t do that because your device does not have a password saving feature, just make sure you never enter your user name and password into a site where you have been redirected.