Navigation
Home | Send me an email. | Links
About This Site
This is the personal blog of John F. Morton. It's where I talk about the stuff that interests me. Primarily technology, marketing and pop culture. If you are looking for my portfolio of work, visit johnfmorton.com. Thanks for stopping by!
Members
Login | Register | Member List
Monthly Archives
- July 2008
- June 2008
- April 2008
- March 2008
- February 2008
- January 2008
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
Syndicate
Join our Mailing List
Filtered by Category: Security
Quick Fix: Make FriendFeed Bookmarklet Work As Advertised in FireFox 3
FriendFeed is the current “coolest app ever” on the Internet for good reason. It’s a simple central location for all your online social activity. It doesn’t require you to stop using your old sites. It just aggregates everything you and your friends are using in one convenient location. It’s also got an impressive pedigree in that its been created by 2 people who brought us Gmail and Google Maps. You can read more about it on Wikipeida, in Louis Gray’s series on using FriendFeed, and of course the FriendFeed Web site itself.
As I use Friend Feed more, I kept trying to use the Bookmarklet to share sites. It’s billed as the easiest way to add content to your FriendFeed. See the video on the FriendFeed page about it.
My bookmarket would never work as advertised though. It required me to log in every site even though I had already logged into Friend Feed. Since I keep a complex password, this really annoyed me. This also prevented me from ever sharing a link in a room on Friend Feed. A room is basically a group dedicated to a topic.
What was the problem? In FireFox 3 you can easily shut off access to third-party cookies and I use that option. In theory, this prevents cookies from sites you didn’t visit from being able to track you.
The problem with this is that FriendFeed is seen by Firefox as a third-party cookie when I used the bookmarklet which meant that it wouldn’t allow the cookie that had my login credentials to FriendFeed to be used I tried to add a site to my FriendFeed stream.
To fix that, you need to add an exception to the the no-third-party-cookies preference. Open your preference panel in Firefox (called Options on the Windows side, I believe) and open the Privacy tab.
I’ve marked in this screen shot where the unchecked third party cookies option is. Now select the “exceptions” button.
In this window, just end “friendfeed.com” in text field and click the “allow” button. You’ll now see “friendfeed.com” listed as an allowed third party cookie. Now your FriendFeed bookmarklet should work across any site as long as you’re logged into FriendFeed. If you see the “share to” option in the bookmarklet, you know you’re logged in. Here you can choose your main feed or any room you participate in.
If you added me to your FriendFeed yet, check out my feed and add me if you’d like at http://friendfeed.com/johnfmorton.
Blogging • How To • Security • Social • (0) Comments • Permalink
Traveling Through US Customs? Your Data Is Not Safe.
When I travel, I usually have some sort of computer with me, whether it’s a laptop or something simpler like an iPod. Just over the past few days, after returning from an international trip, I learned of a new ruling that says that US Customs now has “the responsibility to check items such as laptops and other personal electronic devices to ensure that any item brought into the country complies with applicable law and is not a threat to the American public,” according to Lynn Hollinger, a Customs and Border Protection spokeswoman. (via the Wall Street Journal’s Business Technology blog.)
What does that mean? The ruling seems wide open for interpretation. Obviously, you can’t bring in some sort of terrorist plans on your laptop. I don’t know anything how terrorist work. Maybe bad people bringing data across the border on laptops is a big problem.
What’s another way to read the statement from the Customs spokeswoman? Complying with applicable law means not breaking copyright, right? What if you’ve put some movies on your laptop that you’ve ripped from some of your DVDs? That breaks copyright. That’s illegal under the current law. What if you’ve got MP3’s you can’t prove aren’t stolen off the Internet on your iPod? Does that count? If you read the Customs Agent’s quote, it seems to. It at least gives an easy excuse to detain you. According to the Guardian, the UK news site, US Customs “can take your computer and download its entire contents, or keep it for several days.”
A recent article from Ireland’s RTÉ, US seeks intrusive copyright powers, suggests that the copyright protection issue is actually the reason behind this new practice. “More worryingly, the treaty suggests that customs officers should be given the right to search laptops and media players for pirated material. Such officers would be able to confiscate and destroy anything they believe to be pirated, fine the owner and confiscate the equipment.”
For some reason, this story hasn’t gotten much traction in the public sphere, so I wanted to mention it here. If you’re traveling, since this is now the law, you’ve got no choice but to deal with it. One way of doing that is not bringing anything on your laptops or other devices across the border that you don’t feel comfortable having Customs go through in minute detail. Password protection won’t protect you either. According to the same Guardian article, “the border agent is likely to start this whole process with a “please type in your password” and if you refuse, you could be refused entry into the country.
What should you do? Luckily, there are a couple blog posts dealing with this exact issue that you should check out. The first is from CNET, Keep your data safe at the border, and the second is a followup to that post at Crunch Gear, Locking down laptops from the TSA Customs, with a tip for Mac users.
By even raising this issue, I think it’s obvious that I don’t like this situation. If you’re a US citizen, it’s your responsibility to contact your elected officials and tell them your thoughts on the matter. To contact your elected officials start at the Contact Elected Officials page at USA.gov. In the meantime, you’ve got to deal with the current state of affairs and act the best way you see fit. Good luck.
How To • Law • News • Privacy • Security • Technology • (0) Comments • Permalink
If You’re a Verizon Wireless Customer, Your Privacy Is In Question.
How private is your private life when it comes to Verizon Wireless? If you have not specifically “opted out” of giving away your information, what you do with your phone is for sale. What kind of information is Verizon Wireless selling? According to Ars Technica, the “data on the calls you make and receive and the services that you may make use of” and “the features of your phone and its capabilities.” (Read the full article here.)
Verizon Wireless has been contacting its customers via mail to inform them of their intent to share CPNI data with “our affiliates, agents and parent companies (including Vodafone) and their subsidiaries.” The company says that customers who do not want their CPNI data shared need to call 1-800-333-9956 to “opt-out.” Upon dialing the opt-out number, Verizon customers will be prompted for their phone number, billing ZIP code, and last four digits of their Social Security Numbers (in the case of businesses, their Employer ID numbers).
Failure to opt out will be interpreted by Verizon Wireless as “consent” the company’s data-sharing practices.
This type of opted-in sharing of personal information isn’t limited to Verizon Wireless. If you read over your agreement with your credit card company, you’ll probably find a similar situation. Your privacy is yours only is you claim it in the modern age.
If you have another mobile carrier, don’t assume you are protected against this type of activity. No matter which company handles your mobile service, it’s probably worth a call to them to protect your personal information.
Security Lesson: Turn Off Your JavaScript, or use NoScript for Firefox
Yesterday was the SuperBowl. If you were attending in person you might have checked the website for the stadium before you went to the game. If so, you may not only have got soaked at the rainy game, but you might have unknowingly installed a Trojan virus and a keylogger on your computer. As reported in the eWeek story Super Bowl Site Hacked with Trojan, Keylogger, there was a malicious piece of JavaScript inserted in the website’s code.
The malicious JavaScript file was inserted into the header of the front page of the Dolphin Stadium site. Once visitors entered, it was designed to execute a script that attempts to exploit two known vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.
If you understand what that means or not, one way to have avoided it is to surf the web with your JavaScript turned off. This can be a pain in ass, honestly. Many sites don’t function properly, but it will keep you much safer. If you’re a Firefox user though, you can use NoScript, a free add-on that allows you to selectively turn JavaScript on for sites you trust. That way, you webmail functions like you expect, but the webpage you visit to check your seat for the SuperBowl won’t allow JavaScript to run.