Google has made SSL available for the .com version of its search engine. It has not been rolled out to the specific country code Google versions as of yet but surely it cannot be far off.
An article on the FSA’s site shows that the scamming industry is still alive and well. 38,000 UK names have been discovered on a list used by fraudsters dealing in worthless stocks and shares.
It’s quite trivial these days to crack a WEP password. A post in a forum I saw a couple of weeks back had a 12 second record! A fundamental flaw in the way WEP recycles its encryption key over and over means that if you collect enough packets, the key can be easily decrypted.
If you’ve never heard of SPF (Sender Policy Framework), don’t worry, you’re probably not an email administrator. SPF was designed as an addition to the email system to prevent sender spoofing. In other words, allowing someone else to send an email pretending they are you.
ssladmin@ domain name email addresses banned from SSL approval list following an incident where a security expert was allowed to register and subsequently order an SSL certificate for several large webmail providers.
Traditional password reset questions such as “Mother’s maiden name” or “favourite colour” are too easily guessable by robots from publicly available lists and search engines. Companies use this system to save support costs but we need a new, more robust method to authenticate who you are.
The padlock on the website indicating SSL encryption means only that. It does not validate the identity of the website in question, nor does it protect your money. Look for the company information in Extended Validation certificates.
The sheer amount of passwords and pins we need to remember these days, perhaps a change is needed?
Does the public broadcasting of your location compromise your home security?
Would you give your personal details out over the phone? Of course not! But what if the call was from your utility or phone provider and needed to discuss your account?