Download the new Switched app for your iPhone

Skip to Content

Free Switched iPhone app - try it now!
AOL Tech

Filed under: Security

Filed under: Security, Utilities, Video

Log into your PC with your face instead of a password with KeyLemon

About 10 years ago I bought an incredibly expensive Samsung X10 laptop. It was one of the first powerful Centrino 'ultra lights', and along with the Sony Vaio range it cost a stupid amount of money -- but it rocked! It was fast, it could run games, and it only weighed 2 pounds!

And it had a fingerprint scanner. 'Ooooh!'

Yeah, it was slick, it was silver and fast -- but really, I'd just paid $2500 for a damn fingerprint scanner and boy did I feel cheated. I thought I'd get all the girls with that thing: 'Hey, babe, look, I can just swipe my finger across...' But no, no cigar. I don't even know why consumer products have biometric scanners -- in the office environment maybe, but at home?

Anyway! The actual news: you can now use your face to log onto your computer with KeyLemon. Sit down in front of your computer and voila: logged in! Firefox users will be able to log into social networks using their face, too. It's not just a one-time login either: KeyLemon keeps scanning whoever's in front of the computer, and if your face changes it logs you out! Also, on the off-chance that your laptop gets stolen, KeyLemon will continue to take photos of whoever's using it.

Don't forget your password though -- what if you undergo plastic surgery and can't login?

[via CNET -- download link (30 day trial)]
Share StumbleUpon.com

Filed under: Internet, Security, Features, Browsers

10+ great tools for safer web browsing

Today is Safer Internet Day, an annual event coordinated by the folks at InSafe -- who are all about promoting responsible Internet use. We've covered a number of great tools in the past that have the same aim, so what better day to take another look at them?

Web Of Trust (WOT, Pictured)
WOT is a community-powered trust and ratings system. With nearly 26 million sites rated to date, it's one of the most popular safe browsing tools you can find. Their browser add-on is available for Internet Explorer, Firefox, and Google Chrome. Once installed, you'll start seeing WOT's color coded ratings rings next to links to let you know if they're safe.

I have WOT installed in my browsers, and I recommend it wholeheartedly.

Read more →

Filed under: Security, News, Microsoft

17 year-old security flaw in NTVDM makes the DOS prompt an enterprise nightmare

NTVDM DangerIt has come to light that there is a security flaw in the NTVDM (NT DOS virtual machine), which is the process that runs when you open a command prompt (DOS window) on any 32-bit version of Windows. This flaw has existed since the very first version of the service on Windows NT and could allow a specially written 16-bit application to escalate the user's rights to that of administrator -- proof-of-concept code already exists for such an attack.

Microsoft has acknowledged the flaw in the NTVDM, but does not intend to immediately fix it. Instead, they have released a One Click Fix for this issue which changes a registry setting to prevent the NTVDM from launching.

The problem with this approach is that there are still 16-bit enterprise applications out there (both on client, and on servers) that work perfectly well and need to continue doing so. The options for companies relying on such legacy applications are limited: they can either stop using their applications (not really an option for some), or they are forced to live with the possibility that users could gain administrative rights on their machines.

The question boils down to whether Microsoft has an obligation to correct this problem in what is by today's standards an ancient piece of code that's sole purpose is to allow people to run ancient software. I would argue that while it's fair for Microsoft to stop shipping the NTVDM as they have in the latest version of Windows Server 2008, until they stop providing it across all of their operating systems, they need to support it and if that means fixing a very old security hole properly, then so be it.

Share StumbleUpon.com

Filed under: Security

Most of the world's electronics are made in China...can we continue to trust our tools?

I know, it's the story that never ends -- and really, don't expect it to end any time soon -- but here's another angle: what about Chinese hardware?

We now know that either the Chinese government, or a very large privately-funded clandestine operation from Asia, has been hacking Western governments, intelligence agencies, and businesses for a decade. What if the hardware they produce also has secret backdoors or comes pre-infested with trojan viruses?

The story on IT World lays down some pretty chilling precedents: did you know that Chinese intelligence agents approach business men at trade fairs in the UK and offer 'gifts' of digital cameras that come with viruses on them? What if the Chinese government has gotten to hardware manufacturers -- what if your Xbox 360 comes with a backdoor in it that lets them snoop on your home network? How about a chip on your motherboard or graphics card that phones home?

It's an interesting idea, made all the more scary because it's believable. For now, as far as we know, it's just espionage, an attack on governments and businesses -- but when will be the targets?

A vast amount of technology originates from China and Taiwan, and that's not going to stop soon -- if China's grasp is inescapable, why bother worrying?

And even then, is there even a way we can combat it?
Share StumbleUpon.com

Filed under: Security, Search

Scammers exploit the iPad hype

Since it's introduction last week, people have been clamoring for more information on the iPad. Apple has released a video and has posted some basic specs and pricing, but more information has been hard to come by. Scammers have started to pick up on this and have been looking for ways to exploit users searching for iPad websites.

BBCNews reports that handful of security firms have been spotting attempts to "trick" search engines into providing people with rogue links. People that click these links will be redirected to pages that scan their computer looking for holes and vulnerabilities.

So how is this happening? People have started crafting fake websites that will show up high in search results for "Apple" or "iPad", etc. Users will be redirected to sites peddling fake security software, asking them to sign up for credit cards and claiming that more information and rumors on the iPad are just a few clicks away.

The same common sense rules apply for preventing this from happening. Be careful when opening links and as always, make sure you're computer has the latest security patches and updates.

Scamming and exploitation of users is nothing new, especially around high profile "trending" events. A similar scam recently occured involving the earthquake in Haiti.
Share StumbleUpon.com

Filed under: Internet, Security, Google

Jaw-dropping and life-changing details about Chinese attacks on Google emerge

Your world is about to be rocked.

If you're not a hardened, tinfoil hat-wearing the-apocalypse-is-nigh conspiracy theorist, you soon will be. Wired has just published a stunning article detailing a really scary report from computer forensic firm Mandiant. The story brings to light some disturbing truths about the always-connected, always-on world we live in.

As an Internet nerd, I actually found the details numbly humbling. It made me think about a silent war, a cold war that is warming the ground we walk and air we breath -- but has not yet bubbled forth to be joined in the field of war. Reading Wired's story and thinking about the depth and detail and concerted effort required to pull off such a hack scares me.

You should read the full article for complete details, but here's a quick breakdown of the attacks employed against targets such as Google, U.S. oil companies, defense contractors and counter-terrorism departments:
  • A new form of attack is being leveraged by hackers, called Advanced Persistent Threats (APT) -- think of APT as a 'ticking bomb', an apparently-benign piece of software that can be turned on at any time. These APTs can avoid detection and remain dormant for months or years, only turning on when the 'coast is clear'. In this most recent case, an unpatched zero-day attack on Internet Explorer 6 was the entry point.
  • These attacks are theft-oriented -- the sole purpose behind these APT attacks are to get at sensitive data: email, Word documents, Powerpoint presentations, spreadsheets, etc. Corporate secrets, counter-intelligence, you name it.

Read more →

Filed under: Security, Web services, Social Software, Web

Twitter warns against using the same password on multiple sites

keysIn a new post on Twitter's Status blog, Twitter points out that a sudden surge in followers on a few select accounts was due to a large number of insecure passwords being used by regular Twitter users. What's happening is that users are re-using passwords that they've used on other sites, and some of those other sites turn out to have not been secure.

That's the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there's a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you're lucky, you'll notice something's amiss.

This should be a wake-up call for all users who use the exact same password, or a predictable variant at each site they log in to. If you haven't already, right now is as good a time as will ever be to make sure you're using unique passwords for all of your online services. You never know when one of them might get compromised.

Filed under: Security, Google, Browsers

Three privacy-minded Google Chrome alternatives

So you like the speed of Google Chrome, but you want a browser that doesn't communicate quite so much data to the borg collective? Because Chrome is built on the open source Chromium project, there are plenty of options for you.

Third-party developers have taken steps, like removing the unique tracking ID Google slaps on each Chrome install, search suggestions, and other bits which communicate various things about you back to Google HQ. Granted these builds don't do anything about the numerous other ways Google tracks you, but they're a decent starting point.

Read more →

Filed under: Security, Text

E-book buyer's privacy guide - reading isn't solo anymore

The digital footprints we leave as we move along in our daily lives are pretty astonishing. As our lives are transformed by the convenience technology provides, the price we pay is the privacy we give up. Today is Data Privacy Day, and we thought it was a good time to highlight one of the areas where companies are watching your behavior closely.

The Electronic Frontier Foundation published an excellent guide, "The E-Book Buyer's Guide to Privacy " which dishes the goods on E book readers' privacy policies by brand. It might give you pause to think of the powerful information Amazon, Barnes&Noble, Google, and Sony could employ with the information they monitor on what books individuals read or search for.

For instance, two of the E-book readers (Google Books and Amazon Kindle) can monitor what you're reading. Google's Book Search Project takes tracking reading habits to a new level, logging what you searched for, the page you read, how long you viewed the page, and where you searched next.

All of the E-book readers, Google Books, Amazon Kindle, B&N Nook, and Sony Reader can keep track of book searches and book purchases. Most troubling is the fact that the information collected on your book selections, searches, and purchases could be shared outside the company without your consent (applies to the Kindle, Nook and Reader).

The good news is you do have options. You can laugh in the face of the commercial behemoths and get a free, open source FBReader (for Windows/Linux) which collects no data on your book selections or searches. Another option: you can go to a bookstore and purchase an old fashioned paper book, with cash preferably.

Filed under: Internet, Security

International Data Privacy Day 2010

Today is International Data Privacy Day, and some of the big names in the online world are stepping up and... acknowledging issues of data privacy. Google has released a video highlighting the ways it uses some of that personal data it collects about you to make your life easier, and then explains that you can opt out of some of Google's data collection policies.

Microsoft has released the results of a study on data privacy. The study looked at how HR managers and recruiters in the US, UK, France, and Germany look at the information available about job seekers online. The results? 70% of HR professionals in the US have rejected a candidate based on information they found online. But fewer than 15% of the consumers surveyed worried that anything they posted online would affect their getting a job.

In other words: Be afraid. Be very afraid. Because it looks like you're really not worried enough.

Filed under: Security

Facebook's new reply-by-email feature poses a SPAM and security risk

Remember that slick new option Sebastian spotted a while back which allows you to reply to Facebook comments via your email? As it turns out, that convenience may pose a serious security risk.

When a comment is posted, Facebook generates a unique email address which then listens for replies. Therein lies the problem: F-Secure Labs have discovered that the email -- which is displayed in plain sight -- can be replied to by anyone from any email address.

They don't even have to be your friend on Facebook (depending on how your privacy settings are configured, of course). If they can see your wall, they can see your reply addresses.

Big deal? Well, the big deal is that it could turn into a juicy target for phishers, spammers, and other Internet lowlifes. There's enough crap on Facebook already, so here's hoping they sort this issue out in a hurry.

Poor Matti. F-Secure's guinea pig wall now has a few more than the one response you see in the header image...
Share

Filed under: Security, Troubleshooting

How to know if a toolbar (like Google's) is tracking you when it's disabled

A recent tip suggested that even when disabled the Google Toolbar sends data to Google without the user knowing. After doing some digging I've found this is only the case if, while using IE8 the user fails to restart the browser after disabling the toolbar from the "Manage Add-ons" window.

This is certainly possible, but the browser does warn the user to restart immediately after saving the changes. In fact, going to the add-ons screen is the slow way to disable the toolbar -- the easiest way is to click Tools>Toolbars then uncheck the Google toolbar. This stops it from sending the information back to Google immediately.

So, while I don't believe Google is being nefarious, after the news of their recent hacking and some of the reasons it was possible, it's a good time to talk about how to monitor what sort of information is being sent through tools like the Google Toolbar.

Read more →

Filed under: Security, Windows, Beta

Comodo Internet Security 4 adds application sandboxing

Comodo receives much more recognition for their firewall software than they do for anything else they develop, but that hasn't stopped them from venturing outside their comfort zone.

In October 2009, they released Comodo Internet Security -- which bundled their popular firewall app with free antivirus defense. It was a good freshman effort, though their AV engine (developed in-house) wasn't quite mature enough to go toe-to-toe with other those from other antivirus providers.

Work has begun on version 4, however, and so far the beta version looks like it will be a substantial improvement. One feature I'm particularly interested in is sandboxing.

Comodo is not alone in introducing this feature -- Avast recently bundled something similar in certain versions of their latest release. It's only enabled in Avast's paid versions though, so Comodo could well be the only security suite or AV in which you'll find totally free, full-featured sandboxing!

Read more →

Filed under: Security, Google, Microsoft, Browsers

Microsoft knew of critical IE flaw used in Google attack 5 months ago

Microsoft has already fessed up -- admitting that a vulnerability in Internet Explorer was a key component in the Chinese attacks on companies including Google and Yahoo. Today, a post at Wired revealed some very disappointing news: Microsoft knew about the exploit as far back as September of 2009.

Microsoft's senior security officer Jerry Bryant had this to say: "Our investigation into this responsibly reported vulnerability began early September...We became aware of the recent attacks in mid January and as part of our investigation determined the vulnerability being used in these attacks was similar to the one investigated in September."

Apparently the official plan from Redmond was to patch the hole in a cumulative update this February -- a full six months after it was discovered. In the wake of the attacks, however, they were forced into action and released an out-of-band patch for IE.

What's your take on this news?

Six months seems like an extremely long time to make millions of customers wait for you to release a patch to a flaw which is considered to pose a severe risk.

Most of our users have already made the switch - maybe it's time for the rest of the world to look at an alternative browser.

Filed under: Security, Adobe, Browsers

Adobe Flash Player 10.1 to cooperate with private browsing modes

There have been more than a few blog posts lately talking about how websites can use Flash cookies to keep tabs on you even if you're visiting their site using your browser's private browsing mode. It would appear, however, that the crew at Adobe thinks this is something which should change.

According to a post on NeoWin, Adobe is working to make sure that Flash 10.1 will play nice with the private browsing offered in most current browsers. Once you close your session, Flash Player will automatically clear the pertinent locally cached files. Visited a site with a Flash-powered login system? Any locally stored objects (LSOs) they create will also be purged.

On top of that, non-private instances of the Flash player won't have access to data created by those running in private sessions.

Right now, Adobe has things working with Google Chrome, Firefox 3.5 (or newer) and Internet Explorer 8. While Safari offers a private mode, support isn't quite there just yet. Expect to see it arrive before Flash 10.1 is released to the public.

Featured Time Waster

Level Up! A platform-hopping RPG Time-Waster

I don't know if this is a labor of love or merely the brainchild of four very gifted games designers, but Level Up is a really weird mash-up of gaming elements that you have probably never seen in a Flash game before. Let's start with the premise itself: Groundhog Day meets Memento. The game experience revolves around 'days': you explore the world and the clock slowly ticks towards the evening. You bounce around picking up gems and talking to the denizens of 'Level Upland'. Eventually you feel tired and head back to ...

View more Time Wasters


Featured Galleries

Defective by Design, London: Protest Pictures
Livescribe Store
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff

 

Follow us on Twitter!

More Tech Coverage

Joystiq

TUAW

DailyFinance

Autoblog

Urlesque

Engadget

WoW

Switched.com

FanHouse