Secure Browser Alternatives for browsing safely on the web!

Paul

Zero day vulnerabilites target Internet Explorer

Cyber Security Awareness Month

If you didn’t know October is Cyber Security Awareness Month and I wanted to give out some ways to keep you safe on the internet.   I know I am not the only to suggest some of this but if you didn’t know please don’t use Internet Explorer to web browse.   If should only be used for updating Windows and that is the extent of what it should be used for it.

Is Chrome more secure than Safari?

Safari, to my knowledge as a few vulnerabilities and thus you should be keep away from using it.   I won’t say much about this because we never really know who is actually going to use these but you can bet hackers know of ways to get into your system.

Which Browser is best?

Any browser you think is safe is probably going to be wrong.   I am going to tell you which browsers are safer but none of them are a 100 percent safe.   Each one of them has good and bad but I am going to at least guide you in the right direction.  

Chrome Browser

Chrome is one of the ones, I do recommend but it shouldn’t just be used by itself.   You should add a few extensions to better protect yourself:

  • Adblock Plus — Good to protect yourself from those annoying advertising.   (Please be aware that I use advertising on my site and that is how I pay for my hosting and other things like that.   Please consider white listing my website to allow advertising.)
  • Lastpass — This is one of those that I recommend on a constant basis because it makes sure you create a strong password that you don’t have to remember.   It helps make sure no account password is ever the same!
  • ScriptSafe — Keep unwanted scripts from playing when you visit a website!  Certain web sites should be allowed and white listed, like mine. 
  • Dolphin Connect — I use the Dolphin browser on my Android Device and this is one of those ways to keep track of all your bookmarks.   Not really security related but it is very useful!

These are just a few that I recommend when you use the Chrome Browser.

FireFox Browser

FireFox is another one that I recommend when you are looking to browse the web securely.  Although it isn’t 100% secure because none are.   Some of the Add On’s you should add to your FireFox Browser are:

  • NoScript Security Suite — It is another No Script app that lets you prevent unwanted scripts from running! 
  • Lastpass — Just like Chrome, it helps keep your passwords safe and helps you keep all passwords unique!
  • Adblock Plus — Just like Chrome this can help keep those annoying advertisements from showing but please remember to white list sites that do need to advertise and do not use annoying advertisements!
  • Web Of Trust — This is a good add on for Firefox to know which web sites you can trust more with and which ones that are not trustworthy!  (if you like my site could you review it and let people know what you think about this site!)

As you can see these are the two that I always tell my family to install, I usually don’t tell them to install both but one of these two but it is up to you if you want to have both web browsers installed on your system.   It just varies from person to person which one is better for your use!   I am sure there are more addon’s or extensions that you should add but these are the ones I tell my friends and family to install first.  Which one of these two browsers are you favorite?  Leave a comment and tell others!

 

The SQRL and the One Time Login (OTL).

Paul

VPN4ALL : Use Coupon code “savenow15” and get 15% off the lifetime of your account!Secured QRL Codes!

You probably are wondering about this.   I heard it from Steve Gibson and he calls it “squirrel” Code.  It basically helps those who are worried about security and privacy.   I just didn’t want to forget to talk about this myself.  Ever since I heard the podcast entitled “SQRL Episode 424”,  my mind has been trying to get a handle of the whole thing. 

What most people don’t know and haven’t yet figure out is how useful a QR Code is.   I did not think of this solution and would of laughed if I did.  It is really simple, but yet from what I have heard and understand it could be a game changer in the next few months.  I just have a few things that I must be fixed and standardized.   I wanted to share them with you and maybe in the same instants help the community with this problem.

One Time Login “OTL”

Since we are basically logging in every time we use a different QR Code we are only allowing one instance of the login for each time we use a SQRL login.  Thus we will need to limit the time and when we can use that one QR to login.   We also must figure out how we will deal with collision logins.  This is where the site or server sends out the same securely generated long random number to two different users.   This could happen if say we were using this on like Facebook or Twitter.   It is unlikely but possible, unless we disallow it to only be used once and then we get into the ridiculousness of even longer random numbers.   The only thing I can come up with is using the date and time to create the cryptographic challenge.   This would change the it from any two different users from getting the same challenge and thus we would avoid the collision of logins.  

Pretty Good Privacy

The next problem is which encryption key would we want to associate with the smartphone.   I personally think PGP is a good one to start off with and maybe even create the public key that is needed to accomplish this.   The Smartphone in question could be linked in some way to a server with our public key PGP.   I am unsure as to how well this will work but it would allow us to share that key whenever needed.   It may not work but I am thinking we should only use Open Source encryption and thus this is one of the many options.

If the Smartphone is stolen?

This is where PGP can be very useful, we could Revoke the key and tell everyone else this is is no longer trusted and thus we prevent illegal logins to our services.   I’ve heard people do with PGP and thus it should be really easy to implement in SQRL but again, I am not a designer or even ever created things like this so I thought we should at least throw that out and see what people say about it.

Needs to be Available Everyone

It needs to be available on IOS, Android, and even Windows systems.   When this happens it will make it that much easier for this to succeed. 

As you can see I have  these small questions that need to be answer and I even saw some others which I will gladly link to to better help those who may want to explore more into this realm that Steve has started.  

What do you have to say about this and are you curious to see this happen or do you think this will even work.  I may have missed something or do not fully understand it but at least I am wanting this to succeed.   What is your thoughts on this?

The Long Road home, and When things go wrong! (A Short story)

Paul

Road

The long Road Home!

It was a dark and stormy night and nothing in the world could stop the downpour. The rain came down as if the heavens opened up and started crying.   You couldn’t see a foot in front of you and not even the head lights could help.   You wonder if your going the right way or if took the wrong road.   This long winding road just seems to unfamiliar and and a little spookie.   You pas by farm houses and see only a flicker of light from a few of them.   You check your watch and it says it is 9:00 o’clock PM.   It seems kind of odd that all these houses would be dark.   Your gas gauge is reading empty and you will need to get more gas.  You come to a gas station and you pull in to the next available gas pump.   You hear “ching … ching… ching” as your car stops.  

As you wait, you hear foot steps coming closer and you look to see who it was.  You hear a “BOOM” from the storm, it makes you jump and ask  “Who are you?”   He replies, “The gas attendant, sir.  You can call me Bob!”.   “Sorry Bob, it seems I been feeling on edge.  Please fill my car up with regular unleaded.” I said to the attendant.   He says, “certaintly sir, and no problem, this country side can do that to some people.”

The story and you!

So as you can see this is where I left the story and I have been thinking something else should go wrong after that but my brain coulnd’t come up with it.   I am asking my readers what it should be and what you think of this short story so far.   Should I make the driving more exciting or should I make the driving more longer.   You will help me develop this story and hopefully we can have a little fun with this story.  I’d love to hear your comments and suggestions.

Android Vulnerabilities and Exploits in the Wild!

Paul

Android garden

Time to Do what?

When I was researching this on the web I didn’t expect to find so much stuff, but I do think IOS has more vulnerabilities then Android but it isn’t as bad as Apple IOS problems!

I am not going to talk about all of them but just a few that have peaked my interest!

The ‘Master Key’ Exploit

A simple but yet easy way to fool your Operating System and gain more access than it should.  The name doesn’t mean they actually have the master key to your device.   It is using what all Android devices use in the APK.  The MANIFEST.MF, which if done right, will have two more copies in the APK (Zip file).   When the Android OS installs this APK it will use the the last MANIFEST.MF and thus it can gain more access than you once thought.   Be able to communicate with a server  or copy your contacts.   I’ve pretty much come to the conclusion that 3rd party apps are dangerous now and I will not use anything but Google or Maybe even Amazon US app store!  

The ‘Webview’ JAVA Exploit

If you don’t use JAVA you will need to consider disabling it in Android.  While this one is a little more trickier and harder to avoid if you use Java, you best bet is to install Dolphine Browser, FireFox, and/or Chrome.   Then install a java an Addon or and Extension that does not allow Java to be used unless you specify.   This exploit can send SMS, or send out emails from you to spam your friends and family.   So this is one that you must start worrying about to a point.

The ‘Scarevertising’ Exploit

This last one I have seen become very prevalent and thus you should be on the lookout for this!   They claim in either a push notification or in some kind of inside application banner that basically tries to scare you into thinking you have a virus.   I’m not sure which advertising networks are being used but you can bet this will be a constant problem.   Some rules of thumb are install only from the Google App Store and never install any third party apps, which some call side along install.  

If your worried and you want to protect your Android Device, here are a few free applications that will help and hopefully keep you safe:

The last thing I can say is there are more than 100 different anti virus apps out there but it all depends on the end user (you) to know and trust vendors who are reputable and you can trust.   If you don’t know the Anti virus Company than maybe they shouldn’t be used.   I do hope I have helped you find what your looking for and we will discuss more in the future on Android Exploits!

 

[Rant] Obamacare and Minimizing Hours!

Paul

My Personal Insurance Agent (#93041)

Obamacare and Me!

I never thought this would of happened but lately my employer that I have been working with for over a year has started to move everyone they can to part time.   It seems that I may be one of those alas, the money I was getting might dwindle and I will need to find another job to help make up the difference. 

 

Who thought of this loophole?

I am very unhappy with this loophole and it will more than likely make everyone have to find two different jobs that are part time just to get 40+ hours somewhere and you know that isn’t going to be overtime but all straight pay.

I usually don’t talk about stuff that isn’t technology related but I wanted to just rant about out ridiculous this Obamacare is and how it does nothing to help the low income people who are just trying to survive.   I have yet to have insurance and now I have to figure out how to get around the 2.5% of my income in three years.   This is the going to hit me really hard.   I either have to pay around 120$ a month or pay 367.12 a year.   I hardly been sick and when I am it is moderately bad and thus I usually only go once a year.   How is this going to help me from getting into debt.  

Obama figure this out!

I’m calling on Obama to withdrawal this plan and come up with a more fair plan that will allow the low income workers from having to work harder than we have in the past few years.   Make companies increase hours and make companies to pay more is one step that will help use get out of debt quicker and much more easily.   We are working hard and can’t easily claw ourselves out of this debt.  You just don’t understand what it is like for a low income worker.   It might be time to get your hands dirty and do some of the things we do and then you tell me how fair this law is!  

Get with it and stop making the low income work harder for the same benefits!   You aren’t helping me but making it harder for me to survive!  

Ok so that is the rant and I won’t get into much else but this is just ridiculous.