Security

There are plenty of Windows applications out there that will let you synchronize files across multiple folders. But there are a few things that set Allway Sync apart. First up, you can install Allway Sync on a flash drive to carry with you and use on multiple PCs. Second, Allway Sync is free for personal use and you’re only required to pay for a license if you’re a heavy user of if you feel like it. No one will ever make you pay, but the software is totally worth buying.

The latest version also adds support for synchronizing files with an FTP server or Amazon S3 storage. This makes Allway Sync a great little tool for backing up your files to offsite storage. The only problem is that there’s no built-in scheduler. You have to initiate each sync job manually. If you’re lazy and prefer automated backups, you might be better off with a utility like Jungle Disk. But the advantage of performing manual backups is that Allway Sync provides detailed information about each new, changed, or questionable file.

[via Ed Bott]

So you’re thinking, “Hey, I want to be totally irresponsible with my computer and load it up with crapware!” Really, isn’t everyone getting tired of having to be so stinking responsible on the Internet all the time? We certainly are. We’re ready for system protection that isn’t afraid of our reckless browsing, indiscriminate downloading, and general apathy towards good computer usage habits.

…Which is why we love Windows Steady State. It creates a cache file in which your operating system operates, meaning any harmful changes can be undone by simply emptying the cache. After downloading it’s a snap to install - just a few obligatory clicks and the usual EULA mumbo-jubmo and you’re set.

Our first test was pretty a pretty low-intensity workout. We surfed, bookmarked, set up a POP account and downloaded a few messages, and cluttered up the desktop with a dozen or so hilariously named folders. After issuing the old Windows - U - R we waited anxiously for the system to reboot.

There it was, just as it had been before - no trace of any of our activity. The desktop was still tidy, no favorites or emails were anywhere to be seen. So far so good, but let’s try some real abuse!Do your worst! Fire up Internet Explorer and go on a malicious web-surfing bender. Download rogue applications! Install 16 browser toolbars! Download obviously fake songs with Limwire! When you’re spent, reboot and check the results. To the dismay of Trojans everywhere, not a shred of your misdeeds will remain.

When you factor in the other features Steady State offers - restricting program, Internet, and Windows feature access, the ability to hide drives, scheduled cache cleaning - it’s easy to see why similar programs like DeepFreeze go for big bucks. And yet Microsoft gives it away for free!

Hey, who are we to argue? Anyone who’s got a toddler (or perhaps a spiteful co-worker?) that loves to click first and ask questions later better give this app a permanent home on their computer.

Learn more about it on the Microsoft Shared Access Computing mini-site.

If you were one of those 8 million people that downloaded Firefox 3 the other day be aware that Tipping Point DVLabs has announced a vulnerability in Mozilla’s latest browser.

Details are unknown but in order for this exploit to work, you’ll have to visit a site with the malicious code and click the infected link. Zero Day rates the severity as “High” and it effects both version 2 and 3 of the popular internet browser. Mozilla has acknowledged the security issue and should have a patch issued in its 3.0.1 release shortly.

With the amount of beta testing that’s been done on Firefox 3 it makes you wonder why something like this slipped by?

In the mean time, be careful of where you click and make sure Firefox is set to auto update.

If you guessed that UndeleteMyFiles is a program that hacks into government databases and gives you the secret launch codes for nuclear missiles, you really need to stop watching Cold War era movies. But what you can use this free Windows utility to do is recover some recently deleted files on your computer.

There are several other free programs that do pretty much the same thing. But there are a few features that set UndeleteMyFiles apart. First of all, the program features a nifty preview function. Just hit the check box next to the file you want to see and hit the preview button and the program will restore the file to a temp directory so you can check it out before deciding whether you really want to restore it to your hard disk.

UndeleteMyFiles also has several different modes for scanning your hard disks or removable storage media. For example, you can use the Media Recovery mode to scan a disk just for media files. Or you can use the Deleted File Search to scan for files meeting certain size or file type. The File Rescue wizard, on the other hand will show you all deleted files on a disk.

The program also includes a file wiper, which lets you securely delete files so that they will be nearly impossible to recover. This feature could come in handy if you happen to be in possession of oh, say a nuclear missile launch code that you probably shouldn’t have.

[via gHacks]

We’re talking part one, the one with the hot version of Jennifer Love Hewitt. And oh yeah, that’s who you were downloading last week, and we know alllllll about it.

A recent study by Cyber-Ark, who asked 300 IT Professionals about the topic of System Admins checking out what you’re doing online at work, says that 1 in 3 IT professionals snoop on their co-workers surfing habits and stats.

I mean why not, right…all the info is right there! They’re just “protecting the company from harmful usage”.

Sheah, right.

IT Professionals download more pr0n than the entire state of Texas.

Even scarier? 47% of those surveyed said that they accessed info about you that had nothing to do with their job.

No wonder most SysAdmins have the password g0d. Oy!

What might be even worse, is that the other 2 in 3 surveyed lied out of fear that someone was snooping on them while they were taking the survey, thus uncovering the fact that they snoop on us. OMS our heads hurt!

SysAdmins, do you snoop? Worker folk, are you snooped upon?

You can hiphopanonymously write a comment here and let us know about it.

Update: Looks like we posted too soon. As commenters at TUAW pointed out, the workaround is not 100% foolproof. If someone is logged in via SSH under the same user name as the logged in user, it is possible that they can kill the ARDAgent process and run the script before ARDAgent reloads. While this requires additional finagling and timing and is an unlikely scenario for most users, please be aware that the issue is still unresolved. If you don’t plan on using remote desktop at all with your Mac, you can archive and remove ARDAgent.app, which will rid your system of the program that can open up the vulnerability.

Yesterday, an anonymous Slashdotter posted about a security vulnerability in Mac OS X 10.4 and 10.5 that could allow a maicious party root access to your system. The vulnerability, which works by running an AppleScript on behalf of Apple Remote Desktop Agent, which because of the way ARDAgent works, sets the user ID to root. From there, any subprocesses are running with root privileges, without requiring a user password, and in the wrong hands, the results could be very, very messy.

Taking into consideration that several additional factors would have to be involved in order for any damage to unfold — either physical access to the machine or a remote login under the same account that is currently in use or the end user would have to willingly run a malicious application — this is still disconcerting enough for us to want a quick and effective resolution.

Luckily, there is a very easy way to protect your system from being affected. It turns out, if remote access is enabled under the Sharing pane in System Preferences — even if no other users are permitted to administer or access your machine — you’re in the clear.

TUAW has a visual walkthrough on how to apply this workaround for both Tiger and Leopard users, but the fix is pretty simple. In Leopard, simple enable Remote Management feature in the Sharing panel, don’t select any of the options and then select “apply to only these users” without defining any users. Now, if the potentially damaging script is run, your system will report an error instead of setting itself as root. Plus, if you do have a system that is managed remotely, that person can still acess your computer (just make sure they are listed in the “allowed users” panel).

If only all security threats were that easy to fix!

Thanks Mike, Robert and Scott!

Whether you’re trying to keep the feds off your trail or you just want to keep your mom from figuring out what naughty web sites you’ve been visiting, xB Browser can help. This web browser is based on Firefox, but adds a ton of security features that allow you to surf the web anonymously and quickly and easily clear all your private data.

The browser evolved from the now defunct Torpark and is capable of connecting to the Tor network of anonymous servers that let you obscure your location and identity. You can also use xB Browser to connect to the XeroBank network, which is a commercial alternative to Tor. You have to pay for access to the XeroBank network.

XeroBank also provides severla other programs for anonymous internet access including xB Mail for sending encrypted emails and xB VPN for connecting to the XeroBank network to anonymize all of your internet transactions.

[via Shell Extension City]

Many of us have been in this situation: you want to post your email address on your website so that people can read it, click a link, and get in touch with you. You’re worried about displaying your email as a regular link, though, because bots will index it and start sending you spam. If you want to post your email address on a website so that it’s readable by humans, but obfuscated from any bots trying to harvest it, take a look at The Enkoder.

The Enkoder is a quick web form (and a Mac desktop app!) that takes your email address and the link text you want to use, and spits out some encrypted JavaScript that you can put on the web. It’s provided free-of-charge by Dan Benjamin and HiveLogic.com. The Mac version runs straight from your machine and remembers previous encodings.

[via Daring Fireball]

A common problem for many Blackberry and other mobile phone users have as well is what to do with all of those “omg these could be important” SMS messages. What to delete, what not to delete?

That’s no longer the question in Dexrex’s mind.

Dexrex has put out an SMS archiving software and service for Blackberry people like yourself.

Once you get an SMS message it immediately gets archived by Dexrex for later checking out, re-reading, pining over, crying about, and forwarding to your buddy whilst drinking at the bar online (by just you hopefully). Dangerous stuff indeed.

We’re calling this one Gmail for SMS.

The obvious issue here is privacy, as it is with all web services. SMS messages can be uber private, for example:

“d00d, thiz girl eez hawt”. Do you want everyone in the world to see that? We don’t. Dexrex has to prove themselves trustworthy.

Having said that, if you get a lot of SMS’, give it a shot, tell us if its helpful, and share your experiences.

Just a day after launching a release candidate of Opera 9.5, the Opera team has pushed out the final version of their new desktop web browser.

Opera is all over the place with their releases, and focuses as well. The company loves mobile devices, and at one point stated that Opera wanted to be on any device that you can plug in. We’d love to browse on our toaster. We lose an important few minutes of productivity in the kitchen every morning.

The latest version of Opera has some features that 9.2 didn’t have though, so here goes nothing:

• Opera Link - Hardcore users of Opera use features like speed-dial, note taking, and of course bookmarks. Now you can sync them with your mobile if you use the very popular Opera Mini browser on your phone.
• Quick Find - search for anything on any page you’ve visited.
• Updated skin - This is the one that made us wonder if Opera is has re-invested themselves into the Desktop market. The buttons are sharper and it’s more Firefox like now.
• Opera’s Fraud Protection - This got an update. Opera likes to talk about how they guard you against phishing and spamming, and say they’re the only browser with these features built in.

And it’s faster - So fast it sings we like to say. Operaphiles say that it’s the lightest browser on any platform. What do you think? Tell us in the comments!