Tumblr Implements HTTPS for New Blogs

Due to the great work by @aloria at Tumblr, they have implemented free HTTPS (by default) for all new Tumblr blogs, that’s right, all of them! But if you already had a blog you might not know where to look to enable this setting for your blogs so I decided to write up a very quick walkthrough on how to enable it.

Continue reading “Tumblr Implements HTTPS for New Blogs”

Two-Factor Authentication

Two-factor Authentication (2FA) or Multi-Factor Authentication is the ability to use at least two forms of authentication for a login. This adds an extra layer of security to your accounts for very little effort applied. This post will cover some of the methods available for client-side 2FA, as well as the pros and cons of each method. Implementing server-side 2FA will come in a later post, and will provide a more in depth look at setting up things like TOTP, SMS, and Email on the server-side.

The most common method as a second form of authentication is SMS, where a code is sent to a phone number that was specified when setting up 2FA. The next most common methods would be a phone call or an email. But probably the best methods would be the use of a hardware token or a software token. Let’s take a look at the methods available and their advantages and disadvantages.

Continue reading “Two-Factor Authentication”

Secure Your Clients by Disabling SSL

At this point SSLv3 is somewhat old news, but there are still businesses that have SSLv3 (and worse, sometimes SSLv2) accepted on their client machines, this can lead to a multitude of security vulnerabilities that can be easily exploited (i.e. POODLE). The purpose of this post is to show you how to disable the insecure protocols on standalone workstations or via Group Policy if you are on a corporate network with a domain controller.

Continue reading “Secure Your Clients by Disabling SSL”

Disabling AutoPlay and Autorun

In very recent news you have likely heard of someone putting infected USB drives into mailboxes, although¬†this is happening in Australia it is still incredibly relevant no matter where in the world you may be. It is always in good practice to never, and I mean never, plug in a random USB thumb drive you might have found out in the wild. This is one of the tried and true methods that gets malware installed on your computer because of a built-in “feature” of Windows called AutoPlay in addition to AutoRun, and also because most people will think one of two things:

  1. Oh, free thumb drive!
  2. Oh, someone might have lost this, let me see if their name or contact information is on it!

The best course of action is to just throw them away. But, in the off chance that you do put a USB thumb drive in your computer, you better hope that AutoPlay and Autorun is disabled. That is what I’m going to show you how to configure today on standalone workstations and on a domain with Group Policy.

Continue reading “Disabling AutoPlay and Autorun”

Force JS Files to Open in Notepad

This post will cover how to change Folder options via Group Policy to force JavaScript (JS/JSE) files to open in Notepad instead of being executed on the workstation. The reasoning behind this is because JS files can potentially be malicious, and JS files can be executed simply be double-clicking on them. This method will make it so that JS files will never be executed accidentally.

Continue reading “Force JS Files to Open in Notepad”