Even the most careful internet user may find himself/herself on a questionable site that loads the browser with all kinds of "wonderful gifts" like toolbars, new search engines, extensions and the like. Normally recovering from something like this is painful and time consuming.

A crafty and detail oriented individual, Francois Beaufort, discovered a new feature in Chromium called reset profile which resets everything back to factory defaults:

homepage
search engine
cookies
and disables the extensions

Why is this interesting? Because cool new features often work their way from Chromium back to Google official Chrome browser. One more tool to make the internet a safer place.

You can read Francois' Google+ post here. And if you're not on Google+, what are you waiting for?

Enable 2-factor authentication for Google services

March 14, 2013InfoSecEdward Kiledjian

How To Secure Your Online Accounts

How to enable 2-factor authentication for Google

Sign into your Google account

Click the arrow next to your name

Choose Account

Select Security

Click settings listed under 2-step verification

You have to start the setup process. You are then asked to supply a telephone number where an authentication code will be sent when you login from an “untrusted computer or device”. A code then arrived that you have to enter when Google login detects something strange.

You are then asked to login and test the code. When you login, you will be asked whether you trust the device you are loging in from.

The other option on 2-factor authentication page is the IOS or Android Google authenticator application which generates a new unique login code every 60 seconds. You download the app from your app store, then chose the Google Authenticator option on the 2-factor settings page, you scan the barcode generated on the setup webpage and then test the generated code.

Personally I use the Google authenticator option and have the app on my phone (iphone) and my tablet (nexus 7). If you intend to use the Google Authenticator on multiple devices, download the app on all of your devices at the same time and scan the generated barcode on both devices at the same time. The same unique codes will then be generated on both devices.

How to secure your online accounts

March 13, 2013InfoSecEdward Kiledjian

What is 2-factor authentication?

One of the most common ways to hijack your online accounts is to steal your passwords. The way to prevent this type of issue is to use a technique called 2-factor authentication. The 2 factors are:

Something you know : your password which is still used
Something you have : a one-time use password that is generated on demand that proves you are in possession of something physical.

You use 2-factor authentication everytime you use your bank’s automated banking machine. You go to their machine, you insert your card (something you have) and then enter your pin (something you know).

Many of today’s most popular services allow you to add this additional level of security to your account such as Dropbox, Google, Lastpass, Paypal, Facebook, Yahoo, etc.

Detractors

Some detractors complain that you need to use a physical device (phone, USB key, token, etc) that can be lost and then causes issues when you try to login.

Their second complaint is about services that email your unique one-time login code to your phone, because they complaint that you have to hand-over your personal phone number to a third party.

My views

I believe more security is better and use 2-factor authentication when available and recommend you do the same. It is an extra step but how much is extra security worth?

Saudi Aramco Twitter account hacked

March 6, 2013InfoSecEdward Kiledjian

Due to recent attacks again Twitter and high profile Twitter users, Twitter has started implementing new security measured. Now we learn that the official account of Saudi Aramco (the world’s largest oil producer) was hacked by “Mister Rero”.

Saudi Aramco is no stranger to infosec issues and had 30,000 workstations hacked last year. Don’t forget other twitter accounts were also recently hacked from Burger King, Jeep, etc.

Evernote will implement 2 factor authentication

March 5, 2013InfoSecEdward Kiledjian

A couple of days ago, I wrote about Evernote being hacked and the fact that it is the new reality for cloud services.

Now we learn that Evernote intends to implement 2 factor authentication. In case you were not aware, Evernote was hacked and it forced its 50 million users to reset their passwords. According to InformationWeek, they will offer some kind of 2 factor authentication for all of their users before the end of the year.

Chromium browser can clean-up after malware infections