I’ve been told that hackers can redirect a tab that has been left open so that although you navigate to a valid page, if you then switch tabs for a while and then go back and enter (say) your bank details the page is no longer the valid one and you’ve been scammed.

Sounds a bit far fetched but I haven’t seen any “it’s a hoax” information either - not on here or on snopes which is my usual first port of call when “I don’t believe it!”

Do your own search or check out http://www.techwatch.co.uk/2010/06/10/tab-napping-the-new-kind-of-phishing/

Don’t drive drunk, don’t shop hungry and don’t install tired. As I said in my last post my main PC is reduced to safe mode only and after a very long and tiring Saturday I vegetated most of Sunday but in a fit of “I must do something” I installed XP on a second disk in my knackered machine.

I meant to fit a new drive and install the old one as a slave but I was too weary and just slipped a removable drive in. I now get a choice of Win 2k or XP now but the 2K won’t boot at all, in safe mode it says the SYSTEM is missing, a R from the old 2k CD didn’t help so it looks like I’ve truly knackered it this time.

Arrg, I have so many apps installed I can’t remember them all, I just wanted a look through all programs - I guess I just have to explore it from XP.

How do I get my favourites though? MS help explains it from IE 7 or 8 - I’m still on 6! I expect firefox can do it.

It took me ages to navigate my way into this blog entry page without them - one reason it’s been so long (did you miss me?).

Then I’ve got to drag all my Outlook express mails across - I seem to remember that is a pain. Do I have to recreate the folder structure by hand?

I do have back ups - just not simple restore the whole system ones. Now that external HD’s are cheap(ish) maybe I should look at something like the Mac time machine - any recommendations?

If you know much about passwords / security / etc don’t read on, you’ll only get bored (unless I’ve got it wrong, so feel free to read and correct!). Anyway,  I was explaining some basics to someone the other day & though there might be others interested.

Passwords have a long tradition of identifying friends from foe by exchanging a secret data. The problem is, once it’s exchanged in the open it’s no longer secret. Whispering may work but if you have to shout it, put it in a letter or plain text email it isn’t going to stay secret.

Say my password is “3″ (numbers are easier to work with and we know computers turn everything into numbers sooner or later so lets start with them). You know it is 3, you ask me for it and if I give it you, know it’s me - trouble is everyone else overheard it so now its useless..

Instead you pass me a number and I add it to mine and pass it back, if it adds up to what you add it up to it’s still me - you say “5″, I say “8″ you figure out 5+3=8 so yes it’s me. Now any listeners in have got to know or figure out the formula and then calculate my password. If we are using a publicly defined standard formula (which on a computer system we probably are) they know the formula so they can figure out from 5+X=8, X=8-5 that my password is 3. If they don’t know the formula they can probably figure it if they hear enough exchanges.

What we need is a formula that isn’t so easy to work backwards - like a square. You say “5″ I add it to 3, square it and say 64. You do the same calculation and get 64, yes it’s me. Now the listener has to do the inverse function, 64=(5+X)^2,  X=square root of (64)-5. Easy with 1 digit numbers or a calculator not so easy with big numbers and just a paper and pencil.

That’s how most security works, don’t exchange the password but mess up some random data with it in such a way that the sender can mess it up them same way and check your answer. Anyone listening CAN figure out the password by reversing the “messing up” process but if we make it complicated enough they will requires years of super computing to figure it out (a figure quoted for RSA 129 digit key is 5,000 years of 1 million instructions per second computing).
A step on from this is public key encryption where I tell you how to mess it up but only I can un-mess it - loosely speaking! http://en.wikipedia.org/wiki/Public-key_cryptography is a bit more accurate

http://www.ephesus.com/Encryption/PGP-Steps.html, and http://home.clara.net/heureka/sunrise/pgpsec.htm seem quite informative too.

I’m off on my hols next week and the place we’re staying doesn’t have internet access!!! Spooky, off line, no google to solve the crossword, settle arguments or to look up how to play that song I keep humming (I will be taking a guitar!). They tell me the local McD’s has wireless but my laptop is an ebay special, the battery doesn’t last through the lengthy boot process

Cold turkey for me then. I guess I can score a fix at the library or internet cafe but I’m not sure that I’ll visit any site that requires a password (the same, only more, could be said of McD’s open wireless).

Oh well, I guess I’ll survive, but will the world survive without a post on my blog?  Only time (or the patently obvious) can answer…

That is if you are a user, as an Administrator you can access drive C, and can type commands to “run” from the Start button - ma-ha-ha tomorrow the world etc etc.

So how do you get to be an administrator? The same as any windows system, log in as administrator with Administrator as the password obviously.

But it never shows a login prompt - to get a login prompt you must hold down the shift key as windows loads. After some hours, days weeks, … OK a couple of goes, it occurred to me it seemed to load all the USB devices AFTER windows had booted and this was a USB keyboard (as supplied with the unit). I plug in my old PS2 keyboard and I’m in - tomorrow the world etc.

Once I could see drive C I could copy stuff onto it off a USB key, did I forget to click the little green padlock and “commit” my changes to the flash drive? Of course not (well only the once and that doesn’t really count does it?).

So there we are - one WES Thin Client neatly configured. Pretty soon you’ll be able to spot the administrators, they’ll be the ones walking round with an old keyboard under their arm - and muttering “don’t forget the commit, don’t forget the commit, ….”

I have a an old freeserve email account which is useful as I can pop3 to it and also access it via webmail. It is of course Orange web mail these days & it has only been since it has been Orange that I have intermittent problems logging in. This occurs sometimes with pop3 but mainly with web mail.

I have discovered the cause of the most recent problems, I don’t have “enable all cookies” set in my privacy settings (http://support.microsoft.com/kb/299331). Now I have done this I can access the web mail & delete some of the 1800 spams filtered off for me. Unfortunately as I have not received some mail I was expecting I will have to trawl through at least some of them

So, “enable all cookies” is that a wise option? Am I leave my (increasingly creaky) IE6 vulnerable to some attack I don’t know about?