New youtube channel started

Hey all,

I have recently launched a youtube channel so I make nake tutorial videos on the topics I cover on my blog as well as video contect from when I do my public speaking

My channel is located at http://www.youtube.com/user/seanmancini

I will also post my videos in the video section of this blog as well so
check them out !

Please let me know what you think I am also looking for suggestions

Thank you all in advanced

And as always stay secure !!!

Air Canada Spam Email

Hello All,

Please be aware of this Air canada spam message circulating around the internet

Type of message : Phising
Senders IP : 217.73.236.9
Location of IP 217.73.236.9 located in Italy
Link in email points to http://absabeauty.com/wordpress/pdf_ticket_copy.zip
When a user clicks on the link malware is installed on the host computer

Begin of email text

Dear Customer,

Your credit card has been successfully processed.

FLIGHT NUMBER ET62082CA
ELECTRONIC 63916372
DATE & TIME / FEB 20, 2013, 08:15 AM
ARRIVING / TORONTO
TOTAL PRICE / CAD 419.33

Please download and print your ticket from the following URL :

For more information regarding your order, contact us by visiting : http://www.aircanada.com/en/customercare/index.html

Thank you
America Airlines.

See below for the full message headers

Delivered-To:
Received: by 10.58.212.169 with SMTP id nl9csp5253vec;
Wed, 20 Feb 2013 15:55:20 -0800 (PST)
X-Received: by 10.14.173.67 with SMTP id u43mr74530413eel.22.1361404519863;
Wed, 20 Feb 2013 15:55:19 -0800 (PST)
Return-Path:
Received: from mail.plesk-win9.test-area.it (plesk-win9.tol.it. [217.73.236.90])
by mx.google.com with ESMTP id i43si49415012eem.66.2013.02.20.15.55.19;
Wed, 20 Feb 2013 15:55:19 -0800 (PST)
Received-SPF: neutral (google.com: 217.73.236.90 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=217.73.236.90;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 217.73.236.90 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Message-Id: <[email protected]>
Received: from plesk-win9 ([127.0.0.1]) by plesk-win9.test-area.it with MailEnable ESMTP; Thu, 21 Feb 2013 00:55:20 +0100
Date: Thu, 21 Feb 2013 00:55:20 0100
Subject: Your Order#63916372 – APPROVED
To:
From: Air Canada
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit

How 2factor authentication will soon replace passwords

Hello all,

In this post, I will provide my view on the future of the username and password

With the recent attacks against Twitter/Dropbox, the need for more websites to adopt 2factor authentication has never been higher 2-factor authentication is the future authentication mechanism which should be widely deployed in the corporate world and for home users

What is 2-factor authentication?

Two-factor authentication uses your traditional username and password but adds another layer of protection
With two factor authentication, you are given either a piece of hardware or software that generates a onetime code often called a token that can only be used for a certain amount of time

What is the advantage?

The advantage of 2-factor authentication is it adds a dynamic piece of information to the login process
therefore if a user database was compromised due to an attack the hackers would only have the static information which would be the username and the password static information is values that don’t change regularly such as your username you probably don’t change that often and for some same as passwords
before 2 factor authentication if a hacker was able to get a user database and was able to decrypt the values the hacker would have login details for the affected system and it would put the system at risk until the values were changed but 2 factor has thwarted these types of attacks

What sites currently Support 2factor

As of now
Google Gmail
Facebook
WordPress

There is even a way to implement the service in OpenSSH which I will cover in another post

Twitter and Dropbox have announced plans to offer this type of service as well

2factor authentication is used in a lot of corporate applications
VPN is the most common with RSA VPN token key

All in all 2-factor authentication is the more secure form of the username and password
And is the future of username/password security

Hope this post provided insight into this security enhancement

I will do some other posts about how to implement this protection on some sites later on
so make sure to check back for that!

Until next time

Stay secure!!!

and of course, if you have any comments/suggestions please let me know!