Tuesday, October 29, 2013

A Primer on Metadata: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada

On July 9th, Steven G. Bradbury, a key Justice Department lawyer behind the NSA’s call log program, defended it by arguing that it did not amount to surveillance. “Surveillance,” he said, “means content collection, not metadata collection.”According to whom? The word “surveillance” means “close watch kept over someone or something.” A program centered on the sweeping seizure of communications metadata would indeed fall under the definition of a surveillance program, capable of facilitating the indiscriminate monitoring of individuals.
Ann Cavoukin

If preview is missing the file is named "metadata.pdf" on this site - https://www.ipc.on.ca/wp-content/uploads/Resources/metadata.pdf

Monday, October 21, 2013

Koodoos - Kapersky is my 3rd biggest referrer to my blog!

This is coincidental, since I use Kaspersky extensively.

Tuesday, October 15, 2013

Fixing Yahoo Media/Web Player to work as of Sept. 2013

Yahoo! Web/Media Player deceased June 30, 2013
If you’re a publisher and currently using Yahoo! WebPlayer on your site, after June 30 the Yahoo! WebPlayer won’t load. Your users will continue to be able to play media files using native browser support. You may wish to locate and remove the following line in your code:
A suggestion to replace the URL "http://mediaplayer.yahoo.com/js" with the URL 
"http://webplayer.yahooapis.com/player-beta.js" was working for 3 months,  but is no longer working
I have gotten this to work by hacking the code as seen in this article:

"For those going this route: it’s important to note that you need to poke through the player code and make sure that all of the elements are served locally. There still are some images and bits that come off Yahoo servers, and given that they’re not supporting this software anymore, it’s a safe bet those elements will go dark sooner or later. It’s a hell of a piece, as others have stated here, it’s the best web media player out there, ESPECIALLY for music, by a country mile."

If you need this done on your site, email me (see contact page).

Friday, October 11, 2013

Chrome, IE store website passwords in plaintext and are easily revealed

As from the Verge, today "Chrome stores some sensitive data in plaintext, but Google says it's supposed to" http://www.theverge.com/2013/10/11/4828958/chrome-history-cache-security-flaw

"A flaw in Google's Chrome browser could find it storing personal details that users don't expect to be recorded. The security firm Identity Finder reports that Chrome will sometimes store data that's been entered into secure websites, and that it'll store that data in plaintext so that anyone can read it. The details are kept inside one of Chrome's cache files buried within the file system, but anyone could see it if they had access to a Chrome user's computer and knew where to look. It's unclear exactly when Chrome chooses to store what would seemingly be secure data, but Google tells us that it realizes this can happen and that Chrome generally doesn't protect against attackers who already have access to a user's computer.
That security model has gotten Google into hot water before: over the summer, Chrome was criticized for storing saved passwords in its preferences menu where anyone can easily view them."
Further exploration has revealed; the following results; 

Difficulty to obtain passwords: Easy

Internet Explorer
Difficulty to obtain passwords: Easy/Medium/Hard (Depends on version)

Difficulty to obtain passwords: Medium/Very Hard

Results fully explained here in the excellent post

Thursday, October 10, 2013

Setting Windows 8/7 date-time to Canada's NRC (NTP) Atomic Clock

Set your Windows 7, 8, 8.1 date and time to Canada's NRC (NTP) Atomic Clock, and get 'n sync. 
How ? 
  1. Right click on your clock in the system bar, and choose "Adjust date/time". 
  2. Choose tab "Internet Time" and click button "Change Settings". 
  3. Type in "time.nrc.ca" in server field, and click "update now" button. 

The NRC's NTP server to the following host name (do not use the IP address, as this may change):
  • time.nrc.ca
  • time.chu.nrc.ca
This second time server is located at a different site on a different network than the first time server. Both servers are controlled in the same way by atomic clocks operated by NRC and provide official time with the same accuracy. The maintainance of seperate servers will offer redundancy and a more reliable time service to Canadians in case of network outage and other difficulties.
More here, thanks to NRC!