Monday, January 26, 2009

Safest Way to Surf: The Two Browser Method

The safest way to surf the web is a two browser method. In my opinion there are two types of websites: semi-trusted and un-untrusted. Notice I failed to mention "trusted"; trusted websites don't exist. In this post I will explain how users should utilize different browsers when surfing the Internet.

The semi-trusted websites are sites such as corporate intranets, Google, and Gmail; just to name a few. These are the type of sites that have a remote chance of containing malicious attacks. With these semi-trusted sites, I am comfortable using browsers such as Safari and Internet Explorer.

Semi-trusted websites are the types that you use for work or personal use. Always remember that your credentials may be cached in your browser. This means the browser may contain username and passwords that if compromised, could result in the loss of personal or corporate information. In order to avoid this loss, I recommend that you do all other web surfing to un-trusted sites in Firefox.

Firefox is great because of all the add-ons. NoScript is a great add-on that mitigates users against some malicious attacks. NoScript is nothing new to many security professionals; it attempts to stop malicious JavaScript attacks from executing in your browser. I use Firefox and NoScript for all web browsing outside of my semi-trusted sites.

The two browser method separates all potentially cached information in each browser. If NoScript fails to prevent an attack, I don't have any important credentials in my Firefox cache. This is not perfect, but it makes it harder for driveby attacks to compromise confidential information just by browsing the Internet.

One last tip:

Do not copy information such as credit cards to your clipboard, ie. Ctrl-C.

Attackers can easily grab this information from your browsers!!


Wednesday, January 21, 2009

Binary Literacy

Binary Literacy is a term I heard from Rolf Rolles, he uses it for reverse engineering. I'm going to borrow it to give everyone a quick quiz.

I saw a young guy with the tattoo below, and I had to take a picture of it. He told me, that of all the people he worked with, I was the first to know exactly what his tattoo meant. Since he was an information technology guy, I was shocked that people don't speak binary anymore.

Question: What is this tattoo?


Wednesday, January 14, 2009

Twitter is Fab

A lot of security folks are on Twitter. There is a good reason for this: staying in the loop. If you don't have a Twitter account you need to sign up now. This is the best way to follow things that you are interested in. I made tons of great contacts off of Twitter.

Feel free to follow me: Marcus Carey


Thursday, January 1, 2009

The Season for IRS scams

Happy New Year!

Now is the time to alert friends and family of IRS refund scams. The image below shows the typical scam which has a link to a bogus IRS form. Please note the URL is to a "" address. This URL is possibly a compromised system. The form on the page asks for every possible detail needed for identity theft. While many will not fall for this old trick, there are others who are taken to the cleaners by scams like this.