We just carried a post on how to make your Hotmail account more secured by ensuring that your Hotmail Password gets expired after every 72 hours. There is yet another way to make your Homail account still more secure by ensuring to use encrypted SSL login to your Hotmail account. Google has introduced this early in its GMail last year.

You have to click the link “Use Enhanced Security (SSL)” at the bottom to use this feature. Based upon your cookie settings, this option will be stored, and the next time when you login, this feature will be automatically selected.

You can turn it off any time, by clicking “Turn Off Enhanced Security (SSL)” option, if you think that it is slowing down your browser speed. But I strongly recommend you to use this feature to protect your Hotmail Login.

Similar Posts:

• Start Hotmail Secure Login – Expire Passwords After 72 hours
• Internet Security Tips: Turn OFF Email Preview Pane
• Wordpress Security – Stop Unauthorized Login Attempts
• Use Manual Windows Updates to Run Windows Faster
• How to Logout from Firefox Master Password After Timeout

Even with the popularity of the Email services like Yahoo and GMail dominating the web-based email service marketplace, Hotmail is still used by plenty of users worldwide.

To make its services more secured, Hotmail has now allowed its users to let their passwords expire after 72 hours, if they opt for it. This may sound as added hassles for many of the users, but if you are really concerned about the security of the passwords, then this is for you. Opting this option, will require you to reset your password after 72 hours.

You can use this link to use this hotmail security feature.

Similar Posts:

• Hotmail Allows Secure SSL Encrypted Login
• Make / Create Strong Passwords Free with Random Password Generator
• Crack, Recover or Remove Lost or Forgotten Password in Excel
• Don’t Remember Passwords? Use Efficient Password Manager
• Clipperz | A Free Online Password Manager you can’t ignore

Clues in McAfee blog post led researcher to existing exploit code which he analyzed to write his own code.

Originally posted at InSecurity Complex

Notorious as a malware ghetto, LimeWire takes its first steps to integrate authoritative threat protection by signing on AVG to provide premium users with download scanning and blocking.

Originally posted at The Download Blog

Links in direct messages on Twitter and e-mail notifications about direct messages will be filtered in an attempt to stop phishing attacks.

Originally posted at InSecurity Complex

Site investigates malware delivered via ads on its site in a fake antivirus attack similar to that on the Drudge Report site.

Originally posted at InSecurity Complex

FTC complaint alleged that LifeLock made false claims for adequately protecting customers from identity fraud and data theft.

Originally posted at InSecurity Complex

Today I was looking at some of the various vendor security and advisory sites and I noticed at the top of the Ubuntu site:  For more details on a specific CVE or source package, please see the Ubuntu CVE Tracker.

I had not seen the Ubuntu CVE Tracker before, so I checked out, very interested because of the fact that certain sites continue to assert and report that some Linux distributions do not have any Unpatched issues.  For example, take a look at the page Vulnerability Report: Ubuntu Linux 9.10 on secunia.com (9.10 is Ubuntu Karmic Koala, released on October 29, 2009) and you’ll see a couple of interesting summary statistics as shown here:

Looks good, eh?  However, if you take a look at the CVE tracker, you get a view that is a bit different:

You can see the Risk Color Key, but it is about what you’d expect.  Red is High or Critical, orange is Medium and yellow is Low.  The asterisk means that this is a package maintained by Canonical instead of a 3rd-party.

I didn’t bother to do a count, but I can see that the number of “needed” fixes is somewhat larger than zero, however, I did not see an RED = High vulnerabilities, so I did check on more thing – I wondered how these severity ratings mapped to CVSS as used by the National Vulnerability Database (ie, http://nvd.nist.gov).  I spot-checked a few:

• CVE-2009-4537, kernel, Orange(Medium) by Canonical,  High(7.8) by CVSS
• CVE-2009-4565, sendmail, Orange(Medium) by Canonical,  High(7.5) by CVSS
• CVE-2010-0408, apache2, Orange(Medium) by Canonical,  Medium(5.0) by CVSS
• CVE-2010-0433, openssl, Orange(Medium) by Canonical,  Medium(4.3) by CVSS
• CVE-2007-5901, krb5 (kerberos), Yellow(Low) by Canonical, High(10.0) by CVSS

There were 474 CVE entries, so I didn’t do a comprehensive check, but it turns out that there are more than a few of these unfixed vulnerabilities that are rated High by CVSS. 

HTC mobile device running Android was distributed by Vodafone with a botnet program on it, as well as Conficker and a password-stealing Trojan, Panda Labs says.

Originally posted at InSecurity Complex

New vulnerability in Windows and Office could allow someone an attacker to take control of IE 6 and IE 7 systems, Microsoft says.

Originally posted at InSecurity Complex