Security

This is probably old news to a lot of you by now but I found it in one of the newsletters I subscribe to. The article describes how to completely disable autorun.inf on any media from automatically executing. Yes, there are times that itr will still execute, even if you think you’ve turned it off. The above-linked article is derived from this weblog entry, which describes the attack and how to disable it. It all comes down to creating a new entry in your registry (you should already know how to do this) by putting the following into a text file and importing it into REGEDIT (note that everything between the “[” and the “]” should be on one line):


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Lifehacker has become one of my favorite sites (thanks, Vern!). This time they talk about 10 Minute Mail, a site that will create an email address for you that’s only good for 10 minutes. Need to get onto a site that requires an email address but you just don’t wanna give them one of yours? — use 10 Minute Mail! The domains that the email address originates from changes every month or so which means there’s very little danger of a sysadmin banning the domain. And if you need the address to survive for 20 minutes, you can click a link on the site that extends the life of the email address.

Saw a reference to PassPack today in today’s (June 14, 2007) Chris Pirillo’s Picks. Would I use that free service? Think about it … you’re giving the passwords to a free service … does that make sense to you? Having run an Internet operation and seeing what can happen at various operations centers, I think I’ll pass. I know, I’m probably in the minority here. I mean, it’s soooo convenient, and they publish their privacy rules and practices and they swear that your data will always remain encrypted and and and. And that’s all well and good until it’s not. And then where are you?

I’m sure the service will flourish and go on to make its founders hundreds of millions of dollars and all of the passwords will remain safe and encrypted. Like the debit and credit card data at T J Maxx?

From Rod Begbie‘s blog, a link to PwdHash, a browser extension that hashes a password against the domain name of the site at which you’re going to use it, producing a unique password for each site. This means that you can remember and type in only one password at each site but the password that’s actually used is different. Seems worthwhile and there are extensions for Firefox, IE6 and IE7 with a script for Opera.

Note that the opening page on PwdHash contains a link to the Firefox installer only. You need to go to the Stanford project website to get the installers for the other browsers.

From Digg:

This article has some pretty basic but nonetheless good ways to cut down on comment spam in your blog.

SniffPass from the good people of NirSoft makes it possible, nay, even easy to capture passwords that are flying around your network. Amaze your friends, wow your boss!