Lastpass Broken Extension

Last Pass Browser Extension Vulnerability

I recently heard about this Last Pass Vulnerability which made me think about changing the way I deal with passwords. I’ve been using Last Pass for several years now but I’m giving it a second thought. Ask yourself, Can I afford to have anyone get access to all my passwords? I used to manage all my passwords myself locally. It was a pain but I knew where my passwords where at all times and I knew they were secure. After this recent Last Pass problem I’ve decided to not use any browser extensions that are not absolutely necessary.

What Browser Extensions Do You Use?

Each browser extension is another possible attack surface. Like me you probably installed a bunch of extensions and don’t use most of them and have way to many. I’ve cut way back on the browser extensions. I’m currently only using two, UBlock Origin and HTTPS Everywhere

How Do Your Manage Your Passwords?

Currently, I visit the Last Pass website and login to get my secure password and copy and paste it into the website I’m trying to log into. It’s a bit of a pain not using the browser extension. What if the internet is not available? I’m going back to a secure local password management solution. I will be putting together a new procedure now and I’ll blog about it soon so be sure to come back soon.

NO, I Don’t Want You To Remember Anything!

I’ve also stopped allowing the browser to remember anything including passwords. Many browsers like Firefox and Chrome allow you to save and sync everything to the cloud. NO! I don’t want you to save all my history, passwords, etc… I’ve made the decision to stop using these services and control all my own data like bookmarks and passwords. I only use private browsing mode when I’m browsing the Internet and my extensions are used only to keep me more private and secure.

Are your Passwords out on the Dark Web?

Your passwords are most likely out on the Dark Web and you don’t even know it. Because of my identity theft protection I got an alert this morning telling me that my email password has been found out on the Dark Web.  If you would like to start protecting your passwords and identity from hackers and criminals schedule a time to chat with me

Be sure to update your browsers to block bad SSL certs from China

dot_cn_chinese_characters

I just updated to the new Firefox 37 and you should too. Both Google and Firefox are now block SSL Certificates from China’s CNNIC Certificate Authority. They have be caught forging invalid certificates and you could be hacked if you visits websites that use these certificates.

http://www.theregister.co.uk/2015/04/02/mozilla_revokes_cnnic_cert_trust/

Is WhatsApp safe?

Now that Facebook has purchased WhatsApp everybody is wondering if WhatsApp is safe for texting.

Well, the fact is, WhatsApp has never really been a secure texting app and now that Facebook is the owner your texts will certainly be read and used by Facebook, the NSA and who knows who else.

Facebook recently made some changes to it’s Android mobile app requesting access to all your text messages. If you want to use their app you have to accept the permission update. I’m sure the same will be true for WhatsApp soon.

If you want a secure text application look at my Threema Review

Apples Goto Fail

Did Apple Give The NSA A Back Door Into Your Computer and iPhone?

A major computer code fail was found in Apple’s SSL security check has gone seemingly un-noticed for years.

There’s been a website put up that will show if your system is vulnerable at http://gotofail.com

 

As of this writing you should run an update immediately on any Apple device you have anyway to update the operating system and fix this supposed error that was missed by Apple for so long.

If you want to learn more about the nitty gritty details of this bug listen to Security Now Broadcast 444

Security Now w/ Steve Gibson

Stay current with Security Now

One of my favorite shows and the best source for Security & Privacy related issues on the internet is the Security Now show with Steve Gibson and Leo Laporte. There are lots of great shows on Twit so definitely check it out.

They get a little technical sometimes, but it’s a great show to listen to even if you don’t understand it all.

I try to distill the great information they give out there and make it more understandable for the non techie person.