Two Major Security Flaws, A Rant and The Fixes
Posted on 10. Mar, 2010 by Squealing.Rat in Apple, Miscellaneous
I was recently staying at a hotel that offered Wi-Fi. On the network with my Macbook, I noticed the other computers on the network. Curious, I clicked on one, expecting to see a password prompt or an access denied message. Instead, I saw the computer’s public folder and another folder. Interested in what files someone would publicly display to anyone on the network, I opened it to see files that were highly sensitive, including financial data. My mind was blown.
What kind of person would do this? Perhaps a person who had no idea how to use their computer. Perhaps a person that didn’t realize the security flaws at risk. Perhaps a person that was not reading this article.
Mac Security
If you use a Mac, there are at least two different settings you should adjust to make sure your computer is secure. The first is the firewall. Unbeknown to most, the firewall on the Mac is not on by default. This means that when you first start using your Mac, you need to activate the firewall. To do this, go into your System Preferences, Security, and into Firewall. Turn the firewall on.
This means that all applications accessing the internet must be approved. If a rogue application gets on your computer, it cannot access the internet without your permission.
The second and perhaps more important setting is Sharing. From System Preferences, click Sharing, then make sure that what you want is checked. Most should un-check File Sharing and Screen Sharing, unless this is something that you use. If you do use these, go in and tweak the settings, to be sure that no one can access your files with out permission.
Auto Fill
I recently tried to switch from Firefox to Chrome, a task that I will detail in a later article. Finding replacements for my Firefox extensions was not difficult, and to replace my Auto Fill ability in Firefox, I grabbed LastPass. I began entering the information I would want to be autofilled. Then, I came across a box, requesting my Social Security Number. WHAT!?! Why on earth would you ask that?!?
Your Social Security Number is highly sensitive information. Giving it to someone else could wreak havoc on your life, entering you into the world of fraud, and identity theft. Which brings us to the over arching solution to this is never put anything into a form that you would not want the general public to see.
Rant
Hermia (an obviously fake name to protect the innocent) is the most computer illiterate person I know with a computer. She pays Aol for her free email account. She gives out her friend’s contact information to almost any telemarketer (I’m still receiving calls), and her computer is probably part of several botnets. People like Hermia make the internet more dangerous for the rest of us.
While, I could, like so many before me, demand “computer tests” that you must pass before you can use a computer, I’m not going to. Instead, here is one thing you should take out of this: Do not give out your personal information to people that you do not know. Preserve your identity and your privacy.
What do you do to protect yourself? What massive security flaws have you seen in the past? Let us know is the comments!
Photo: chefranden
The writer of this post compiles the latest tech news and more at Squealing Rat, and writes about tricks and tips of deception, trickery and survival at Lone Iguana. Find him on Twitter.
Related Posts
5 Responses to “Two Major Security Flaws, A Rant and The Fixes”
Leave a Reply
- Top 10 Ways to Discover New Music
- Top 6 Free Antivirus Programs
- Google Wave Invites
- 5 Great Alternatives to the Twitter Interface
- How To Use Apple's Magic Mouse on a Windows PC
- 10 Great Ways to Use Evernote
-
Kyle Judkins: You're welcome!...
-
Debaditya Chakravorty: @Sajib I hope the developers come out with Linux a...
-
Susan: Thanks a lot, Kyle, for this kind of info and to a...
-
Sajib: Amazing soft. Sometimes I accidentally delete file...
-
Elijah: Thanks it worked for me!!! :)...
Joe Siegrist
10. Mar, 2010
While you should take caution when deciding to give out your social security number, putting it in LastPass isn’t dangerous as it isn’t revealed to LastPass in any way. It’s locally encrypted with a password that doesn’t leave your computer.
LastPass asks for it because many people want the OPTION to fill it — you can leave it blank and there’s nothing for LastPass to fill, it’s not a required field.
Joe Siegrist
LastPass
Squealing.Rat
12. Mar, 2010
But if you give someone the option who is not savvy, you risk indirectly allowing identity theft or worse to happen. My point being, why would you offer to automatically fill in something as unbelievably sensitive as a SSI when it would be so easy for a skilled spammer to retrieve that information when the consumer clicks the autofill button? But besides that, you are encouraging people to be casual about entering their SSI in places that they maybe should not.
You point out that many people want the option to do this. If this is the case, what is your responsibility as a product? Is this like selling specially design rope for hangings because consumers like that option? I think you may want to rethink what you’re doing, not just for the security of the consumer, but of you as well. I wouldn’t want a victim of an identity theft to pin the blame on you.
Joe Siegrist
12. Mar, 2010
Form fill data is never automatically filled — you must choose to form fill. We make it easier, yes, but there’s still a decision going on there to fill or not to fill. Then another to submit or not (though in a world of Javascript this is blurred)
I take your point though; one thing I see is that we should be warning before filling SSN over http, like we do with credit cards.
I’m hesitant to go further though, we can warn and advise, but won’t forbid people from doing what they want to do.
Squealing.Rat
12. Mar, 2010
While you must choose to auto fill a form, I am sure there are ways to hide a form entry section that would accept SSN, thus enabling the collection of a SSN when someone presses the auto-fill button.
Thanks for the discussion.
Lone Iguana - Secure Your Computer
09. Apr, 2010
[...] Two Major Security Flaws, A Rant and The Fixes [...]