Daily Cup of Tech

My favorite encryption tool, TrueCrypt has just released version 4.3. The primary purpose for this version is to support Vista.

From their website, here is a complete list of changes for this version:

New features:

• Full compatibility with 32-bit and 64-bit Windows Vista:
  • Support for User Account Control (UAC).
  • All .sys and .exe files of TrueCrypt are now digitally signed with the digital certificate of the TrueCrypt Foundation, which was issued by the certification authority GlobalSign.
  • When moving the mouse on a single-CPU computer while reading or writing data to a TrueCrypt volume, the mouse pointer stopped moving for a second every few seconds. This will no longer occur. (Windows Vista issue)
  • Other minor compatibility-related changes.
• TrueCrypt volume is automatically dismounted if its host device is inadvertently removed.Important: Before you physically remove a device (such as a USB flash drive) where a TrueCrypt volume resides, you should always dismount the volume in TrueCrypt first, and then perform the ‘Eject‘ operation (right-click the host device in the ‘Computer‘ or ‘My Computer‘ list) or use the ‘Safely Remove Hardware‘ function (built in Windows, accessible via the taskbar notification area).
• Support for devices and file systems that use a sector size other than 512 bytes (e.g., new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.)
• Support for devices with a GPT partition table (GUID partitions). (Windows Vista/2003/XP)
• After a partition is successfully encrypted, the drive letter assigned to it (if any) is automatically removed. (Windows)
• Volume name (label) is displayed in device/partition selector. (Windows)
• New hotkey: ‘Wipe Cache’. (Windows)
• New command line switch ‘/q background‘ for launching the TrueCrypt Background Task. (Windows)

Improvements:

• Portions of the TrueCrypt device driver redesigned.
• Maximum allowed size of FAT32 volumes increased to 2 TB (note that NTFS volumes can be larger than 2 TB).
• Traveller Disk Setup improved. (Windows)
• Volumes hosted on read-only media will always be mounted in read-only mode. (Windows)
• Improved support for big-endian platforms.
• Other minor improvements (Windows and Linux)

Bug fixes:

• The built-in FAT format facility now functions correctly on big-endian platforms.
• Improved handling of partitions and devices during volume creation. (Windows)
• Improved handling of low-memory conditions. (Windows)
• Fixed bug that rarely caused system errors when dismounting all volumes. (Windows)
• Tray icon is recreated when Windows Explorer is restarted (e.g. after a system crash).
• Other minor bug fixes. (Windows and Linux)

Security improvements:

• Improved security of set-euid mode of execution. Volume can be dismounted only by the user who mounted it or by an administrator (root). (Linux)

Miscellaneous:

• The option ‘Cache passwords and keyfiles in memory‘ in the password prompt dialog window no longer sets the default setting (to set the default setting, select Settings > Preferences and enable or disable the option ‘Cache passwords in driver memory‘). (Windows)

Removed features:

• It is no longer possible to create new volumes encrypted with 64-bit-block encryption algorithms (Blowfish, CAST-128, and Triple DES). 64-bit block ciphers are being phased out. It is still possible to mount such volumes using this version of TrueCrypt. However, it will not be possible to mount such volumes using TrueCrypt 5.0 and later versions (this applies also to volumes encrypted with AES-Blowfish and AES-Blowfish-Serpent, which have been in the process of being phased out since TrueCrypt 4.1). If you have such a volume, we recommend that you create a new TrueCrypt volume encrypted with a 128-bit-block encryption algorithm (e.g., AES, Serpent, Twofish, etc.) and that you move files from the old volume to the new one.

This is a must upgrade for all of you that are working with TrueCrypt.

Useful Links:

• TrueCrypt Website
• Downloads
• Screenshots
• Documentation

Trackback link - http://www.dailycupoftech.com/2007/03/21/truecrypt-with-vista-support-released/trackback/

A new version of Torpark, the portable anonymous web browsing tool, has been released.

If you are new to Torpark, it uses the Tor network to route your information through different systems so that it becomes more difficult to track where you are coming from. From the Tor website:

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

One thing of note. There appears to be some changes with Torpark coming with the company that is now formed which owns Torpark. They will be offering some premium services and even secure notebooks that appear to piggyback on the Tor network. I hope that the company finds success in this market because if they do not, there is a good chance that they will end up stopping all work and Torpark will either disappear or end up as an abandoned project.

Trackback link - http://www.dailycupoftech.com/2007/02/28/torpark-2002a-released/trackback/

News sites have been noting recently that Myspace and Xanga (and their ilk) have been a place for friends and social networks to grieve for those who have passed away - while this is notable and a very cool use of the technology, it was bound to happen.

If you have been online for a time, you have probably posted here or there in various forums, commented to blog entries, or even (if you are old enough) have posted on various UseNet groups and good old newsgroups (which I still love!)…

The point I am making is that the vestiges of our Internet personas will be, for all intents and purposes, immortal - - well, at least the information will be around far beyond our lifetimes. It is the closest we will be (as far as we know so far) to becoming eternal and be able to prove it to those that are still breathing and logging on to the ‘Net…

With that, I suggest you go Google yourself and see what the Internet has to say about you while you are still here.

There are several articles that talk about this and have great tips if you want to limit or do something about your sensitive information on the ‘Net:

• About.com - Google Yourself
• ZDNet - Why you should Google Yourself, and Often
• WindowsNetworking.com - Google Yourself To Identify Security Holes
• Google - and the list goes on…

I’m somewhat hesitant to admit that I do this quite often… Usually, my goal is to see if I can innocently catch up with someone. Is this a new form of stalking?

However, I did Google a person that I was entering into an auction transaction with. The auction was for a set of wheels and tires, and I discovered that this person was in a car accident recently, as stated by his local paper (I searched for the name of the person, and the city he was from). Of course, this brought up the question, was the set from the car? Would this affect the transaction?

If I did this with a person I was paying money to, it doesn’t take a stretch to realize that potential employers can do the same thing…be aware if you are job-hunting!

So, if you do find information on yourself that you don’t like - here is an interesting…work-around: A search tool that can create higher-scoring search results with more favorable information that you specify (you can read about it via this Wired article). Particularly useful for the shadier folks among us.

Now that I’ve fed your paranoia bug, go Google yourself!

Oh, I still went through with the wheels and tires - my car looks sharp!

Trackback link - http://www.dailycupoftech.com/2007/02/23/why-dont-you-just-go-google-yourself/trackback/

IT Security has written a very useful article entitled The Twenty Minute Guide to PC Security: 20 Tips to Secure your Box. This is a very good article that talks to pretty much everyone who has a home network or spends time on the Internet. If you do nothing else but take the advice in this article, you will be doing more to secure your computer and home network than the vast majority of users.Here are the areas that are covered in the article:

The Basics: Spotting and Eliminating Threats

1. Use a firewall
2. Install and update anti-virus software
3. Install and run anti-spyware software
4. Install additional basic threat counter-measures

Tweaking Settings and Making Usage Adjustments

1. Strengthen your web browser security
2. Install the latest OS service pack
3. Select secure software and update it regularly
4. Disable file sharing on your hard drives
5. Be cautious when downloading

Safely Emailing

1. Use a first-rate email client
2. Handle email attachments carefully
3. Do not click on email links haphazardly
4. Set up email filters

Protecting Your Password

1. Keep hackers guessing
2. Use a variety of different passwords
3. Password protect your computer login access

Wireless Protection

1. Protect your wireless network
2. Do not use a neighbor’s wi-fi connection

Physical Protection

1. Disguise your laptop
2. Use anti-theft solutions

We can all stand to improve our security knowledge. Take some time to read through this and think about your security setup.

Trackback link - http://www.dailycupoftech.com/2007/02/22/secure-your-compute-in-20-minutes/trackback/

While I was working my way through the Internet today, I ran across an article on MSN called Thwart the Three Biggest Internet Threats of 2007. (Mirror page in case Microsoft gets embarrassed and takes it down.) I immediately thought, “This should be good! I wonder what type of spin Microsoft will put on this?”

Imagine my surprise when the #1 threat listed is Internet Explorer! In fact, the article goes on and recommends that you install another web browser, in this case Opera, as your default web browser:

…the best way to reduce your PC’s vulnerability to ActiveX exploits is to download and install another browser, and set it as your default browser. Mozilla’s Firefox is the most popular IE alternative. Unfortunately, Firefox’s growing popularity has enticed malware authors to exploit its own flaws. While no software is perfectly secure, many experts (including me) think the Opera browser is safer than either IE or Firefox.

It appears that MSN is publishing stories from PC World and not really checking the content very well!

This information is opposite what is on the Microsoft Internet Explorer website:

Internet Explorer 7 provides security through a robust new architecture, security features that help defend against malicious software (also known as malware), and new ways to better protect against the theft of personal data from fraudulent websites, a practice known as phishing.

This seems to indicate that someone isn’t really paying attention to what is happening from a management perspective at Microsoft. This reminds me of the Windows 98 BSOD:

What do you think? Did someone at Microsoft drop the ball? Will heads roll? Or do they even care? Let me know in the comments.

Similar Posts:

• Free Internet Security Suite
• Quick Review: Outpost 4 Pro
• You Don’t Want To Be On This Top 20 List…
• Secure Your Compute in 20 Minutes
• Three Ways to Access ISOs

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2007/02/12/microsoft-says-ie-biggest-internet-threat-get-opera/trackback/