Orangeinks

iPad2 Hack: Bypass iPad2’s Security Code Using the Smart Cover

The iPad2’s smart cover just got a little smarter. The guys from 9to5mac discovered a security flaw in the iPad2. You can actually bypass the security code on any iPad2 by using the smart cover. All you need to do is activate the off screen (home + standby on/off) of the iPad2 without actually sliding to turn it off. The next step is to place the smart cover on the iPad, close it and flip it open and click cancel and you’re in.

The bypass procedure doesn’t actually let you fully use the unlocked iPad2. It’ll allow you to browse through the apps but not actually open them. The real security threat here is when you’ve left a sensitive application open when you locked your iPad2. If your iPad got unlocked this way and you’ve left your email, contact list, notes and other apps that the perpetrator could use against you, then you should be worried.

So, until apple updates this security flaw, the best measure that you can take is to not leave an app open when you lock your iPad2.

Watch the video below.

 

Tags: Apple, hack, iPad2, security

Worst Passwords

PC Mag writer Lance Ulanoff asked hisTwitter followers to reveal their worst and most embarrassing passwords. And these are the results.

1. password
2. 12345
3. CaseSensitive
4. Teletubbie
5. F*ckOffPlease
6. hellogod
7. homeboyee
8. <3BSB<3
9. goldeneye
10. OpenUp
11. asdfhgjkl
12. gotohell40

Read the full article at PCMag with a few tips on how to secure your passwords and generate strong ones.

If you’re having trouble coming up with a strong password, you can use tools like PwGen.

Also check out the 500 worst passwords at BoingBoing.

 

 

 

Tags: password, Password Generator, password protect, security, Strong Password

Securely Browse the Web with HTTPS EveryWhere for Firefox

HTTPS Overview

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. This simply means that when you are browsing under the HTTPS web protocol, you can breathe easier and not worry about your online information being stolen by someone from your network. For added information about SSL/TLS and other Jargon, look it up on Wikipedia.

How to Browse Securely All the Time

HTTPS Everywhere is a Firefox extension that will give you additional security and privacy when browsing your favorite websites. HTTPS is important when you are browsing unsecure networks such as public WIFI (e.g. coffee shops, hotels, etc.). And you would definitely want something like this if you want to protect your information from people who would want to steal them using readily available tools like Firesheep.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. This simply means that if HTTPS is available on a website, HTTPS Everywhere will suck it out and secure your information whenever it can.

Note: Just a reminder when using HTTPS Everywhere and browsing Google for images while using HTTPS Everywere, the image search (link) disappears. You need to un-tick the Google Search in the HTTPS Everywhere Options and restart your Firefox if you want to view (search) images from Google.

Chrome users can use KB SSL Enforcer.

 

Tags: browsing, chrome, Firefox, HTTPS, HTTPS Everywhere, security

WordPress Update 2.5.1 Includes Over 70 Bug Fixes

WordPress just released another update since a major one last month (ver 2.5). The new version 2.5.1, includes over seventy bug fixes including security fixes. Check out the full list of fixes made in 2.5.1 here.

As for added security, all is advised to place a secret key in their wp-config.php file. If you can’t come up with your own secret key, you can let WordPress generate a random secret key for you by clicking the “visit this link we set up to get a unique secret key” in their blog post. Just copy the entire line of code and paste it into your wp-config.php file (or overwrite this line if it exists:  define(‘SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase).

Reminder: To update, just copy everything to your host EXCEPT the wp-content folder.  Copying the wp-content folder to your server will delete (overwrite) your currently installed themes and plugins. Always remember to backup.

Tags: Blog, Plugin, security, update, wordpress

Windows Vista SP1 Blocks Some Security Programs

If you happen to be using Windows Vista, be aware that the Service Pack 1 (SP1) update for your system currently has compatibility issues with some applications. Take note that these applications are not just ordinary applications. Majority of the affected software happen to be Virus Detection programs. There are several reports as of now that when you install SP1 for Vista, it will block certain applications.

In the list of blocked applications are: BitDefender AV ver 10 , Fujitsu Shock Sensor 2.1.0.0, Jiangmin KV Antivirus 10, Jiangmin KV Antivirus 2008, Trend Micro Internet Security 2008, Zone Alarm Security Suite 7.1.078.

In the list of programs that Do Not run after you install SP1: Iron Speed Designer 5.0.1 , Xheo Licensing 3.1, Free Allegiance 2.1.

In the list of programs that lose functionality after installing Vista Sp1 are: NYT reader 1, Rising Personal Firewall 2007, Novell ZCM Agent 10.01.

[The list is provided by Microsoft]

If you are using Vista and planning to install Service Pack one for Windows Vista (the ones that leaked out in Bit Torrent sites) , make sure that you are not running the listed programs above to ensure the security of your PC’s. I hope that there will be improvements in Vista Sp1 before they officially release it in mid-March.

Tags: 1, compatibility, issues, pack, security, service, sp1, Vista, Windows

WordPress 2.3.3 Urgent Update

A security flaw has been discovered in the XML- RPC implementation. XML-RPC is a spec and a set of implementations that allow software running on disparate operating systems, running in different environments to make procedure calls over the Internet. The update fixes the flaw that allows a user to edit post in your blog by doing a specially crafted request.  Enough with the technical details, if you are using WordPress and have your user registration enabled then you should update your hosted WordPress. This will prevent registered users in your blog from editing your posts.

The update also includes some bug fixes:

• gettext fails to determine byteorder on 64bit systems with php5.2.1
• some registration emails fail in 2.3.1 b/c of “callout verification”
• maybe_create_table call to config.php issue

WordPress also reported a vulnerability in the WP-Forum plugin that is being actively exploited right now. WP-Forum is a WordPress plugin that enables you to have a forum directly attached to your WordPress installation.  If you are using this plugin, it is strongly recommended that you remove it until an update is available from its author.

Tags: critical, flaw, Plugin, security, update, wordpress, wp-forum