Jan 31, 2014

Surfing Safely: Which Website Security Badges to Trust

Those small security badges featured at the bottom of online commerce pages may seem insignificant, but they can have a big impact on a company's online sales. According to Visual Website Optimizer, one conversion specialist ran a study of online websites displaying security badges, and found that those security badges can increase conversions by up to 32 percent.

The numbers prove that online consumers remain wary of online identity theft phishing schemes and other fraudulent activity. While it's smart for consumers to look for these security badges before forking over their purchasing information to an unknown online entity, not all security badges are created equal. Some have a much stronger reputation than others, while others may be more lax in how they verify the trustworthiness of an online retailer. And consumers can't rule out the possibility of a forged security badge on a malicious website. With a little attention to detail, though, consumers can use security badges to ensure they're only working with trustworthy businesses. Here's a guide to help you out:

Sizing up the Security Badges

There are a wide range of security badges out there, with some more popular than others. According to the Bamyard Institute, there are four online security badges that are recognized and trusted by at least 10 percent of online consumers. Norton is the clear leader in online security, with 35.6 percent of consumers recognizing and trusting the security badge. McAfee Secure's badge is next at 22.9 percent. Tied at 13.2 percent are the TRUSTe and BBB Accreditation security badges. But these aren't the only security badges out there. Businesses may display a wide range of valid security badges used to confirm their reputation as a trusted online retailer.

If you have certain security badges you know and trust, look for these first. Then familiarize yourself with other security badges that you might not recognize -- knowing these badges will help you out in the future when doing business with different online retailers.

Verifying Their Accuracy

The presence of badges is a great first step, but the visual image on its own doesn't mean anything. Typically, security badges need to feature a link to the actual security authenticator's website, and a web page that confirms that the retailer is a valid recipient of the security badge, according to Lawyers.com. The page will usually notate the date when the security badge was first awarded, and the duration of the security authentication. Review this information to make sure the badge is more than just a thumbnail displayed in hopes of fooling consumers.

Investigate How Badges are Earned and Maintained

According to McAfee's online security experts, a security badge is only as protective as the workings behind the verification process. Concerned consumers should look into the methods by which badges are awarded and maintained over time. It's best to put your trust in security badges that use regular audits of sales histories and transactions. Security badges that have continual updates to the security verification processes is also essential, in addition to specific metrics for measuring how well a retailer protects your personal information.

Don't Settle For a Single Badge

Last but not least, don't put all of your trust into a single badge. Part of the reason there are so many different security badges out there is that none of them offer comprehensive security and protection. Because of the variance in how websites are audited and reviewed to ensure security, there will always be holes in one company's security verification process. Look for websites with a number of security badges, and if the lack of security verification or badges is alarming to you, consider shopping somewhere else.

Jan 29, 2014

Certificates Section Missing From Fortigate Web Interface

At my day job that shall not be named I use a Fortigate 60C at one of the sites I maintain. The other day I noticed that the SSL certificate for it expired, and when I went into the web UI for the unit I couldn't find the section to manage certificates. If you are new to Fortigate that is usually located in System > Certificates.

Here is what it looked like:


I know it used to be there because that is how I generated a certificate for it when I first got the device. Since then though I have performed firmware upgrades and somewhere down the line that functionality disappeared.

Well I contacted Fortinet support and they suggested doing yet another firmware upgrade, so I did, and again no joy. I went back to them and said it didn't work and that is when they had an epiphany I guess and realized what I was asking. They said to get the certificates  you have to run the following from the CLI:

Fortigate# config system global
Fortigate (global)# set gui-certificate enable
Fortigate (global)# end 

After that when I logged into the web interface I had my certifcates section again! Boom!


Do you use a Fortigate? Did you know about this trick already? Do you like your Fortigate? Why or why not? Let us know in the comments!

Jan 16, 2014

Great Gear for the Business Traveler in 2014

Are you a fearless road warrior? Did you go on one of the approximately 460 million business trips that the U.S. Travel Association reported were taken in 2012? If so, then you are probably on the lookout for new products and devices to help you keep your sanity as you negotiate airport security lines as well as grueling hours on the road.

Portable Charger

If you have ever played the game "Find a place to charge my phone," then you know how frustrating it is to be in the airport with a dying phone and realize that all of the available outlets are being used by other needy passengers. Or perhaps you have a business trip that will include a long period out of doors where you know you won't have access to an outlet. For those times, you'll want to carry a portable battery charger, like the lipstick-sized Halo 2,800 mAh available through QVC. This charger, which even comes with a built-in LED flashlight, can provide an extra eight hours of power to an iPhone 5.

Noise-canceling Headphones

Looking fresh and ready for your international meeting often means catching at least a few winks on the plane. Unfortunately, a screaming baby or a noisy snoring neighbor can ruin your ability to get any rest on a plane. That is where a pair of noise-canceling headphones can really come in handy. But don't just get any brand. If you want to show that you are on trend, pick up a pair of Beats Studio headphones, which cNet included on its list of best noise-canceling headphones.

Laptop

While tablets are all the rage, they are designed for consumers of content, not producers. So if you plan on working a lot on your business trip, make sure to bring along a laptop. If your company doesn't provide one or your personal machine is outdated, it's time to search for a travel-ready laptop. Start your search with Lenovo laptops. Lenovo acquired the highly regarded IBM line in 2005. In 2012, Lenovo was rated as the number one PC laptop brand by Laptopmag. It was second only to Apple. When searching for a laptop to be used for business travel, weight should be a key factor in your decision. But make sure it also has a big enough screen — typically 13 to 15 inches — so that you can view multiple windows when necessary.

TSA Laptop Carrier

Airport screenings can be such a pain if you are carrying a laptop. If you don't have a TSA-friendly bag, you will be asked to take your laptop out and to place it in a separate bin. Unfortunately, harried or forgetful passengers have been known to leave laptops behind at screening counters. To make the screening process easier, purchase a bag, like the Samsonite Xenon 2 TSA-Friendly Backpack, that opens flat and will meet the TSA's requirements. With this bag, you won't have to remove your laptop when you enter the screening area.

Trakdot

Anyone who has ever had a bag go missing knows how frustrating it can be. To combat this problem, business travelers often pack everything into carry-on bags. Unfortunately, with many airlines now charging extra for checked luggage, more pleasure travelers are utilizing carry-ons, which means that overhead storage fills up quickly and your bag could end up being checked at the last minute. Consider placing a Trakdot luggage tracking device on your bag. With Trakdot, you'll be able to locate your bag a lot faster than a clueless airline.

Jan 15, 2014

StartSSL Is Down Hard Due To Cut Optical Lines

At my day job today one of the developers asked me to renew the SSL certificate on one of their QA servers. For that particular server we were using a free StartSSL certificate.

No problem right? just go to StartSSL.com and request a new cert. Ummm, not so much. The site just wouldn't come up for me. I even checked Is It Down Right Now, and here was the result:


Great, so it is really down and not just me. I decided to hit up Twitter to see if there was an explanation. Sure enough! Here was their tweet:

Yep, confirmed! They were down hard and it was because of cut optic lines! Other tweets later asked customers to try again tomorrow, and hopefully everything will be back up.

Many customers had issues because Firefox was not able to lookup the revocation information due to the outage.

Long story short, you have two options at this point, you can wait and hope they come back up or you can spent about $8 and just get a cert from Comodo here: (Comodo Positive SSL)

Are you a StartSSL user? Did you notice the downtime today? How did it affect you? Let us know in the comments!

Jan 9, 2014

How To Change The Luks Encryption Password in Xubuntu Easily

I've been going through all of my stuff lately changing passwords. I like to do that periodically for security reasons. One of the things I needed to change recently was the Luks password on my Linux desktop which is running Xubuntu Linux.

There is an easy to use GUI for Gnome that you can use to do this. Just run the following from the terminal to install it:
sudo apt-get install gnome-disk-utility
Once installed you can find it listed as "Disks" in your Settings manager:


Once open you can find the Luks portion of your drive. Select it and from the drop down menu you can select to change your password:


Next just enter your old password, then enter your new password in twice and click Change:

  

That's it! Now your Luks password has been changed in Xubuntu.

Jan 8, 2014

Affording IT Solutions on a Small Business Budget

Eighty-five percent of small small businesses increasing investments in technology can expect higher revenue, according to the 2012 SMB Routes to Market Study. Business can't afford to ignore the benefits of implementing technological solutions if it means making money. Small businesses can implement IT solutions comparable to large businesses. There are many open source software solutions available to small businesses:

Databases

MySQL is the world's second most used open source database. Several paid editions that use MySQL and increase functionality include Joomla and WordPress. Paid WordPress themes start at $75 per year.
LDAP is an application protocol made for organizing a set of records, such as a corporate email directory. LDAP includes closed and open source software programs for client software from cross platform to Microsoft Windows.

Programming Environments

Python is an interactive programming language. It's open source and companies like Yahoo Maps and Google spider and search engine are written in Python.
With its automatic memory management and dynamic system, Ruby is an open source web application. Companies such as Amazon, BBC and NASA use Ruby.

Enterprise Class Technology

Compiere is an enterprise resource planning and customer relationship management system. It is a good solution for small and medium-size businesses. Its framework is designed with the intention to follow changes as a business evolves.
Open Bravo is used for small- and medium-size companies. There are open and closed source versions. The paid-for version offers functionality including updates and upgrades and administrative tools.
BlackBerry Enterprise Service 10 takes away the concerns about security normally associated with BYOD and makes it easy to deploy, manage, secure and control devices — BlackBerry, Android, and iOS. Although not an open source solution, there is a 60-day free trial where businesses can test the mobility management for employee's devices.

Office Productivity Software

​Microsoft Office is the standard in most office environments, but there are other options that work just as well if not better and they are less expensive or free. Google Apps and LibreOffice are effective business productivity suites and are significantly cheaper.
LibreOffice is a free and open source office suite designed to be compatible with Microsoft Office. It has a word processor, spreadsheet program, presentation program, vector graphics editor, mathematical application and database management program.
Google Apps makes collaboration easier. Most small businesses don’t benefit from bulk-purchase prices offered by Microsoft. Most people only use about 10 percent to 15 percent of the features in Microsoft Office Suite, so to use the open source software saves the cost of the proprietary solution.

Photo Retouching

GNU Image Manipulation Program is an open source software that offers many of these advantages at little to no cost. Small businesses should research whether these cost-effective options will work for its firm, suggests Business Bee.

Cloud Storage

Many small businesses are migrating to cloud services for tasks like data storage. Migrating user storage from user's pictures to a centralized location like the cloud reduces strain on client machines; there is less writing to drives and more over the network. It is also easier to backup all end-user data from a single location.
Dropbox allows users to share documents and photos across multiple devices. The free storage capacity is 2 GB, but for businesses that want as much storage as needed can pay $795 a year for five users and an additional $125 per year per user.
Microsoft SkyDrive allows people to replicate files on multiple systems and is best for small businesses. It's free up to 7 GB, while adding 200 GB is $100 more per year.

Web Teleconferencing

Communicating with employees, clients and vendors in other cities or countries can be expensive for small businesses. Web-based teleconferencing allows businesses to make video and voice connections without the need for special equipment or huge phone bills. Web-based teleconferencing, such as AdobeConnect, can also help companies manage their networks of mobile and social media connections.

Migrate to Linux

Most businesses have migrated to web-based tools. On a Linux box, there is no need to worry about virus infections, corrupt registry entries, or installation of malware-infested applications. Linux machines can still use closed source software, such as Microsoft Office.

Jan 3, 2014

On Suing Facebook, And General Privacy Issues In Our Police State: Use Encryption

I was watching the morning news the other day when I saw that a group was suing Facebook for scanning their allegedly private messages and selling the information to third parties.

From Bloomberg:

Facebook Inc. (FB) was sued over allegations it systematically intercepts its users private messages on the social network and profits by sharing the data with advertisers and marketers.

When users compose messages that include links to a third-party website, Facebook scans the content of the message, follows the link and searches for information to profile the message-sender’s Web activity, violating the Electronic Communications Privacy Act and California privacy and unfair competition laws, according to the suit. 


Although I understand that people are upset about this violation of privacy by Facebook, as well as the numerous reports of our very own government violating our privacy; there really isn't anything substantial that the courts will do about it in the near future.

Just look at the Federal Court's ruling in favor of NSA spying, or their ruling in favor of the DHS's Constitution Free Zones. In the eyes of the United States Government and the courts, there is no such thing as a reasonable expectation of privacy these days.

Therefore it really is up to you to try and protect your privacy in the world of the police state and corporations selling your information. You need to start using encryption.

Two relatively simple methods I recommend for communication are GnuPG for email, and OTR for Instant messaging. However many people I talk to are too damned lazy to setup these easy to use tools. They would rather just keep on bitching and complaining that their rights are being violated.

You do realize that without encryption when you send an email, or use instant messaging that anybody can pick that up off the wire right? It's transmitted in plain text across the Internet for crying out loud!

Facebook is a different animal though. You are sending messages to your friends on Facebook's servers. It may be encrypted between your computer and Facebook's website if you use SSL, but on Facebook's servers those messages are in plain text too!

In short, without encryption your communications are transmitting on the digital equivalent of a postcard that ANYBODY can read!

So I say stop bitching and do something about it. Suing is nice, but you can't always expect the government to protect your rights. Nope, you need to get off your butts and protect your rights yourselves!

What do you think about this? Let us know in the comments.

Related articles

Facebook reads private messages to boost "Likes," lawsuit claimsFACEBOOK Sued Over Alleged Scanning of Private Messages...Facebook sued for allegedly making private messages into public "likes"Facebook sued over alleged scanning of private user messages


Posted via Blogaway

Jan 2, 2014

Everything You Wanted To Know About The 'Deep Web' [Infographic]

I am a huge proponent of Tor, and anonymity online in general, however there is more to Tor than just hiding your IP address from Big Brother. There is an entirely separate Internet for those on the Tor network than many refer to as the "Deep Web". In this infographic, we present everything you need to know about it!

[Via WIHT]
Enhanced by Zemanta



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam