November 30th is a day to focus on computer security.

http://www.computersecurityday.org/

Try this little utility and save on your power bill and help save the planet at the same time:

It is called LocalCooling - a small utility to help raise the awareness of the amount of power a computer uses, and the amount that can be saved. 

For more information and to download this free program, please visit LocalCooling.com.

“LocalCooling is a non-commercial project from the Uniblue Labs team.”

A critical flaw has been discovered in Firefox that allows the users password information to be passed to a web server by a cleverly created HTML form.  Exploits using this flaw have been found on MySpace, because MySpace (and many other similar sites) allow users to create HTML forms.   

The exploit that was executed via MySpace involved a clever Phishing lure that induced recipients to visit a specific MySpace account, whereupon the users password would automatically be revealed.

A similar exploit could be executed via many similar social networking and blog sites.

Firefox users should look for a update for this flaw in the near future. 

More information on this flaw can be found in the following ComputerWorld article:

Critical Firefox hole allows password theft

Electronic voting machines are nothing more than computers dedicated to a specific task.  These computers are no better than the people who designed the hardware or those who programmed the software, and are therefore potentially fallible, as is any computer. 

Voters should demand no less than a verifiable result that proves that their vote was properly recorded, including a printed receipt. 

If anyone encounters problems of any kind with these computers, they are strongly encouraged to report them immediately to the appropriate authorities, and also to the following noted watchdog group.

Ask for help immediately before finalizing your votes if there is a problem, or call the hot line to report problems or get assistance.

If voters have problems casting ballots anywhere in the nation, they can call a toll-free Election Protection Coalition hot line set up to report issues: (866) OUR-VOTE, or (866) 687-8683. EFF is a member of the coalition, which includes the People for the American Way Foundation, the National Association for the Advancement of Colored People, and the Lawyers’ Committee for Civil Rights Under Law.

Problems could include hardware that doesn’t properly record or cast ballots, machines that switch votes to other candidates on their electronic summary screens, or ones that reboot or crash as people attempt to vote. “Don’t let concerns about the machines keep you from the polls,” Zimmerman said. “If you have concerns [or problems voting}, the only way they’re going to be fixed is if you let us know about it.”

Other resources:

http://www.verifiedvotingfoundation.org

http://www.pfaw.org
 

DriveSentry, by Drive Sentry Inc., creates a white list of programs that are allowed to write to your hard drives. 

If any program that is not on the list attempts to add or modify a file on your hard drive, Drive Sentry will intercept that action and ask for your input on the matter.  If a virus or other malicious program is attempting to access your files, you have an opportunity to block it.  Quite handy.

DriveSentry can also be used to prevent rootkits and keyloggers from writing to the hard drive, and it works with peripheral storage devices like USB drives.

DriveSentry is available for download from the maker at the following link:  http://www.drivesentry.com/index.htm

We haven’t tried this program yet, but plan to give it a test in the near future.  It looks promising.

The security firm, Secunia has reported a vulnerability in Internet Explorer 7.  The vulnerability is referred to as an “MHTML hole”.  Basically, a malicious web site can fake you into disclosing sensitive information. Secunia describes it as follows:

Description:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the “MHTML:” URI handler. This can be exploited to access documents served from another web site.

For more information and a test for your browser, go to Secunia.com at the following address:

http://secunia.com/advisories/22477/

The cure, for the time being, until this is patched by Microsoft,  is to turn off active scripting.