CivicActions

Google is announcing Friend Connect tonight, a service advertised to "help website owners grow traffic by enabling any site on the web to easily provide social features for its visitors." Friend Connect employs OpenID and oAuth which is a good start, but how it puts them together is lacking vision and, disturbingly, may raise significant privacy concerns.

Are you using the same password for any of your Web site logins? I certainly hope not!

For those who value security and want to keep all those truly-distinct passwords safe in one place, I highly recommend Keepassx.org. This program is completely free, licensed under the GPL, and works on GNU/Linux, Mac and Windows.

Seems Billy Hoffman has developed something of an XSS trojan which uses your browser to launch attacks, and log information. It sounds quite scary from the press I've read, but specifics do not seem very consistent. Here is something from the Bio page on ShmooCon where this will be demo'd (but not released):

43. Solar Designer
Alexander Peslyak (aka Solar Designer) is a Russian security expert know for his exploitation techniques and security audit tools. He is the founder of the Openwall Project, which has designed a security rich operating system for servers.

ref: http://www.itsecurity.com/features/top-59-influencers-itsecurity-031407/

Solar Designer leads our ASP Technology team and helps to ensure that our servers, which run the latest Openwall version of Linux, stay secure.

At CivicActions we know all about open WiFi networks, and I often get asked by friends about "internet security" and specifically, how secure their activities are when they are on open networks. David Pogue covered the issue in his column today.

While he believes his wifi traffic is not worth snooping ("Frankly, I consider the details of my life so boring to other people that I really couldn’t care less. I’ve got nothing to hide, so why not accept it?") he disabused his readers of any notion that their WiFi traffic was generally safe from snooping eyes.