Linksys Smart Wi-Fi makes a stupid Guest network

A recent article pointed out that Linksys and Belkin routers are incapable of offering over-the-air encryption (WEP, WPA or WPA2) on their Guest wireless networks. On top of this, their Guest networks use a captive portal, which is...


The NetUSB router flaw Part 2 - Detection and Mitigation

Without a comprehensive list of routers vulnerable to the NetUSB flaw, the burden falls on us to test our routers. This requires scanning for port 20005 on the LAN side, for sure, and possibly the WAN side too. Here I describe...


What most people don't know about the NetUSB router flaw - Part 1

What most people don't know about the NetUSB router flaw - Part 1

The recent NetUSB flaw in routers was written up by almost every tech news organization, yet, much of the story was untold and some of what was written was flat out wrong. Here, and in my next blog, I hope to correct the record,...


Some perspective on Flash Player bugs

Adobe's Flash Player has had 143 bug fixes in the last year. After 18 years of development, no software should be this flawed. Here are four Defensive Computing approaches to being as safe as possible when running Flash.


Insecure routers hacked yet again

Insecure routers hacked yet again

A new report from Incapsula describes thousands of hacked routers being used in DDoS attacks. The routers could not have been more vulnerable: they were enabled for remote administration with default passwords. The focus of the report...


Security issues at the HP online store

The word that best describes my recent shopping experience at the HP online store is amateurish. Its security issues offer a lesson in things to be aware of at any secure website.


SSL/TLS/HTTPS: Keeping the public uninformed

SSL/TLS/HTTPS: Keeping the public uninformed

Perhaps the most important thing to understand about the SSL/TLS/HTTPS system that secures websites is that you are not supposed to understand it.


Web browsers are also to blame for Lenovo's Superfish fiasco

Web browsers are also to blame for Lenovo's Superfish fiasco

That no web browser prominently displays the name of the Certificate Authority vouching for a supposedly secure website makes man-in-the-middle attacks, such as the one by Superfish, possible. Techies can find this information, but it...


Bloatware free Windows computers

The Lenovo Superfish fiasco illustrates how dangerous the pre-installed software on a Windows machine can be. Here I discuss options for starting off with a clean copy of Windows, both versions 7 and 8. Also, some tips for keeping it...


Using a router to block a modem

Using a router to block a modem

If your Internet connection consists of a separate router and modem, then a private IP address,, may provide access to the modem. This can be a double edged sword. Motorola SURFboard modems, in particular, can be reset...


Talk to your modem

Talk to your modem

Those of us with separate routers and modems may lose sight of the fact that the modems are computers. They offer technical information about an Internet connection that can provide a baseline to compare against when things go wrong....


Down the rabbit hole with NOD32 antivirus

For years ESET's NOD32 antivirus program was running happily on the Windows computers of a number of people I know. This will change in the future and here's why.


Recovering lost bookmarks in Chrome

Recovering lost bookmarks in Chrome

After mistakenly wiping out my Chrome bookmarks, which neither Google nor I had backed up, Windows was able to restore them.


Fighting with a broken Windows Update - Part 2

Windows XP and Server 2003 are experiencing a problem with Windows Update and/or Microsoft Update failing with error code 0x80248015. I wrote about this last time and now have additional information and more work-arounds.


Windows Update is broken on XP

Windows Update has been broken for the last few days on Windows XP. As soon as IE8 loads the web page, it fails with error 0x80248015 before the user can search for fixes. I found a fix that worked on all three of my XP machines.


Wi-Fi security vs. government spies

Wi-Fi security vs. government spies

Its one thing to be lectured to about Wi-Fi security and quite another thing to see an actual spy manual. The Intercept just published manuals for interception software from Hacking Team which shows their three types of Wi-Fi attacks....


What's new with Java

There are three latest versions of Java. Tweaking Java to disable SSL 3.0. Securing Java. Explaining the security messages when running Java applets. Expiring old versions of Java.


SSL,TLS, POODLE, email, Fastmail, Popcorn and me

The POODLE flaw in SSL version 3 also impacts email.


Fallout from the JPMorgan Chase breach

Fallout from the JPMorgan Chase breach

What's the fallout from the Chase bank breach? Phishing of course, but phone calls and snail mail can also be abused. I was targeted by a snail mail billing scam. Most website rating systems fail to warn about the site involved in the...


A router firmware update goes bad

Many people don't upgrade the firmware in their routers. It's dangerous and confusing. When I recently upgraded an Asus router, I experienced the danger firsthand. But, there are ways to protect yourself.


Load More