Chester Wisniewski

Chester Wisniewski


176 comments posted · 2 followers · following 0

345 weeks ago @ Naked Security - Apple's iCloud iConund... · 1 reply · +1 points

It is my understanding that Keychains is protected by the 2-factor option. I haven't test it though as 2-factor is not available to Canadian Apple customers. I guess we don't deserve protection, seeing as we are all not-American and all.

I certainly wouldn't back up my phone or store my documents on iCloud, but it really is a personal decision. The researcher who delivered the talk states he still uses iCloud, he just hopes that by pointing out its flaws Apple will fix their errors.

I doubt it will work. Apple customers aren't much for holding Apple accountable for its questionable security practices.

345 weeks ago @ Naked Security - Security begins at hom... · 0 replies · +1 points

That is true Phil. Fortunately in Windows 8 it is also available in the Pro edition.

Windows 8.1 was just released this week and it also supports encryption, by default even, if your hardware meets certain onerous specs. While that currently means it will only work for about 5 or 10 models of computer that are available, moving forward manufacturers will begin meeting Microsoft's new specifications and be able to take advantage of encryption at no extra charge.

I don't have the full list of requirements handy, but the system must support Secure Boot, have a TPM version 2 or higher and contain memory chips soldered onto the motherboard. Quite stringent specs!

346 weeks ago @ Naked Security - Twitter introducing ne... · 0 replies · +1 points

Thanks for trying this. I was working off of other media reports. So you don't follow any of these other accounts? Do they all have the feature enabled?

346 weeks ago @ Naked Security - Twitter introducing ne... · 0 replies · +1 points

The screenshot is an example from Skype showing that they had to implement the option of not receiving anonymous private messages because of the quantity of abuse. Sorry for any confusion. I don't imagine this would impact email addresses being sent.


346 weeks ago @ Naked Security - Oracle releases 127 se... · 1 reply · +4 points

Correct. That will work from bash on Linux and OS X as well. Many of our readers are not comfortable with the command line, so I try to avoid using it in my advice.

The point of #1 is that if Java is NOT installed in your browser, than all is well. You don't need to check the version, you are already safe.

346 weeks ago @ Naked Security - How to remove your fac... · 2 replies · +2 points

Sort of. It depends on what country you are in. It appears that only US accounts are opted in by default. I have confirmed with users in the UK, Canada and Germany that it is unchecked. It is also possible it is based on other privacy preferences you may have set previously. I had opted out of Google ad tracking, and the others I checked with may have as well.

The current best theory is that it is only launching on by default in the United States.

346 weeks ago @ Naked Security - D-Link router flaw let... · 0 replies · +4 points

Be sure the admin interface only listens on the inside (see screenshot), be sure your WiFi is secured and update the firmware once DLink makes a fixed version available.

350 weeks ago @ Naked Security - Oracle Java fails at s... · 0 replies · +4 points

Most likely no Kim. There is another technology called JavaScript which is vital for most web pages to work. Java is not related to JavaScript, despite the name. The only mainstream thing I am aware of that requires Java is the game Minecraft.

350 weeks ago @ Naked Security - Oracle Java fails at s... · 1 reply · +2 points

It all depends on versions and what you consider support. There are more details here:

351 weeks ago @ Naked Security - Secure Google Docs ema... · 0 replies · +1 points

Immediately change your Google password is about all you can do. And be sure to enable 2-step verification with Google. You can use an SMS code or the Google Authenticator app on iOS and Android as a required second factor when logging into you Google account to discourage phishers from attempting to victimize you again.