Splash of Style...Macs, Photography, Design, and other Passions

Sitepoint Giving Away Free Book

November 20, 2008 by debbie T | BooksCSSWeb Design

It’s a twitaway:
http://twitaway.aws.sitepoint.com/

Sitepoint is giving away a free full pdf copy of their book “The Art & Science Of CSS”

On the twitaway page, it states that you can either follow Sitepoint on Twitter or give them your email address to download the book. I followed them on Twitter, but wasn’t sure how the download exactly worked, so I just gave them my email address to get the download.

UPDATE: Okay, I found out how it works on Twitter. They send you the link in a direct mail from Twitter. Cool.

If you go the email route, be aware that they do like to haunt you a little bit afterward, but it’s not too bad. I don’t mind, especially when they are giving away a free book.

But I did receive my download link by email, and it took seconds to download…It looks like an interesting book. Now to find time to actually read it.

DNS Poisoning & How To Protect Yourself

August 7, 2008 by debbie T | ComputersInternetMac CornerWeb DesignWeb DevelopmentWirelessWordPress
UPDATE: I will be updating this article very shortly. I have new info on how to change the DNS settings for dialup as well as wired users. I will be adding a few screen shots and step by step instructions.

Now I am not one to panic about malware on the web. I have always prided myself on smart & safe browsing. But when I first heard about the new DNS Poisoning problem on the Nosillacast podcast a couple of weeks ago, it scared me. This could be a problem affecting everyone, no matter what safety precautions they take while surfing the Internet.

The subject is so complicated, and I won’t pretend to understand it fully, but I think I understand it enough to explain the situation to my family and friends, which is what I am trying to do with this blog article.

Okay, bottom line is there is a type of flaw that can be exploited by the bad guys, which enables them hijack vulnerable unpatched systems at your Internet Service Provider (Comcast for example) and change the path of traffic to their own web pages. So, if you are trying to go to amazon.com, your browser address bar will display “http://www.amazon.com” but you might be redirected to the hijacker’s site who has created a web site that looks very similar to Amazon. From there, it could be possible to install malware to your computer or to trick you into giving your personal info like credit cards or passwords.

This vulnerability can also affect your email, which is even scarier. A bad guy could intercept your email message(s) and insert a malware attachment or web site link. And you wouldn’t even know it was happening.

Are you vulnerable?

The Security Now podcast lists several links to sites that will “test” your site for the vulnerability:
http://www.grc.com/sn/notes-155.htm

I ran the test @ DoxPara and the following message appeared:
“Your ISP’s name server, xxxxx, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.”

I have heard that similar messages are appearing for other Comcast users. Since the information I am finding online concerning Comcast is vague and unclear, I am not 100% sure I trust Comcast to deal with this. So, I am taking matters into my own hands until I am sure.

I have read that other ISPs like Time Warner and AT&T have NOT patched, so there are still a lot of people out there that are in trouble!

Good News – Use Open DNS

The good news is, you can bypass your ISP’s DNS computers, and use another. Open DNS is a very secure and highly recommended DNS server that offers use of its servers for FREE! All you need to do is change a couple of settings in your router.

Not using a router? If your computer is attached directly to a high speed modem (ie DSL, Cable, satellite) then you are highly vulnerable to this flaw, as well as many other attacks.

Using a router keeps you safe behind a “hardware” firewall, and that firewall can thwart most attacks…so do yourself a favor and head to Staples, Walmart, Target, or Amazon and buy a Linksys, Netgear, or DLink router. It is an absolutely necessary tool in today’s times!

Change Your Router’s Settings

It is very easy to change your router settings to use Open DNS servers instead of your ISP’s.

Note: Don’t worry, you aren’t changing to a new Internet Service Provider, you will still be using the same ISP, it’s just the DNS computer information that you are changing.

There are detailed instructions on the Open DNS site, but I will walk through the instructions for changing a Linksys router.

First you need to access your router’s settings. Linksys router users can use this link: http://192.168.1.1/.

A password window will appear. The user name is “admin” and unless you previously changed the access password, the default password will be “admin”.

Important note: in the router settings, your password should be changed for extra security. To learn more about configuring your router for better security, please read my prior article.

Once you have logged into your router, you should be on the “Setup” page/tab.

Toward the bottom of the page, there is a setting called “Network Address
Server Settings (DHCP)”. Locate “Static DNS 1” and “Static DNS 2” and type in Open DNS’s server numbers, which are:

208.67.222.222 and 208.67.220.220

NOTE: If you have current DNS settings, then write them down just in case you need to revert back.

change dns servers on linksys router

Once the new DNS numbers have been entered, click the “Save Settings” button. And that is it!

Again, if you are not using a router, I cannot stress enough that you need to go out and buy one. They are usually about $50 and sometimes less. I recommend the Linksys WRT54G series routers, but DLink and Netgear also make good routers. Buy whichever is on sale that week; most will have detailed instructions explaining how to set security.

Okay, next, a word or two about Open DNS. Besides free use of their DNS servers, they also offer all sorts of parental controls and other security. I haven’t really delved into their offerings, but from what I gather, it’s all free. How can all this be free? Well to offset their costs, they have advertising revenues. Keep in mind, that whenever you type in a wrong address into your browser, Open DNS will take you to a custom search page, usually with your corrected web site URL on top.

For instance, if you type “ebay” instead of “ebay.com”, your browser will take you to a search page for “ebay”. Some have complained that this isn’t fair, wah wah wah…but who cares. They have to make money somehow. I don’t mind that they make a little on searches.

To learn more about Open DNS and all their offerings, check out the Typical Mac User podcast for a special 3 part series on all the details.

Personal Computer Patches

Besides your ISP computers, personal home computers, as well as business computers also need to be patched.

As far as I can tell, Microsoft issued a security patch a week or two ago, so make sure you are 100% up to date with all your Vista or XP critical patches.

As for Mac users, there was a patch issued, but it looks like it doesn’t fix everything, so when I am out from behind my router, I think I am still vulnerable if I connect to an open wifi spot. I am still a bit foggy on that issue, so more research is needed.

More Questions

Since I am still learning about this vulnerability, I still have additional questions that I haven’t found answers to.

For example, are cell phones that connect to the Internet still vulnerable? What about if you use a VPN (virtual private network)? What about web based email like gmail?

There is also a problem with routers being vulnerable too, but the issue isn’t as dire, because they would only be attacking your small network. Initially, I think routers will be okay, and the bigger networks like ISPs will be attacked first. I would like to find out more about the router issues, and whether firmware patches will be issued.

Hopefully I can find the answers online soon.

Helpful sites if you want to learn more about the DNS Flaw:

Configuring a Linksys Router

April 13, 2007 by debbie T | ComputersInternetWeb DesignWirelessWordPress

(updated 2008-11-9)

My friend Jenn is having a tough time properly configuring her Linksys wireless router, so I told her I would write a tutorial. (waving to Jenn!) Hopefully this will help her, and anyone else in need. I suggest printing this tutorial to follow along easier.

First off, let me state that I am not a security expert, so please take everything in this tutorial with a grain of salt. 😉 My router is a Linksys WRT54G wireless router, and I am using Comcast for broadband internet access. If someone is using DSL or a different router model, then settings might be slightly different.

For lots more information on wireless security, I recommend the podcast “Security Now” with Steve Gibson and Leo Laporte. Along with the audio podcast, there are also text transcripts for each show. For specific wifi discussion, locate podcasts from 2005 – episodes 10 through 13.

Let’s get started

Read the Rest of the Article

The New Icon Buffet

April 13, 2007 by debbie T | Art and GraphicsInternetWeb DesignWeb Development

A few of weeks ago, I noticed that Icon Buffet relaunched their icon sharing community.

See: Firewheel Design – how to build a community with icons

I have been a member of Icon Buffet for a little over a year; I can’t say that I have used many of their icons, but it is fun to collect and share.

Observations (Good and Bad):

Bottom line, I like the new and improved Icon Buffet. So, if you are an Icon Buffet member, make sure to drop by my profile page and add me as your friend. If anyone needs any icon deliveries, I have 300+ stamps, and would love to share! Or better yet, register using my referral link, and I get extra points!

Related Web Links:

Get Naked – 2007

April 4, 2007 by debbie T | CSSWeb Design

Well it’s that time of year again, when all daring designers decide to get naked and show off their true form.

Tomorrow marks the Second Annual CSS Naked Day. Remove your CSS style sheets, IF YOU DARE! baahaahaa.

http://naked.dustindiaz.com/

Since I am using WordPress, it is easy to remove the CSS file link. I saved a copy of my theme’s “header.php” file, added the text explanation of why my site is so plain, and deleted the link to my style sheet file.

Don’t Forget to Use CSS Background-color

June 7, 2006 by debbie T | CSSWeb DesignWeb Development

I recently altered my Firefox preferences to display a custom peach color background. Initially the purpose was to ensure that my designs were displaying their CSS background colors properly.

Since that time, I have noticed other web pages were displaying my custom background instead of what the designers thought they had designed.

All it takes is a simple background declaration in the CSS file and this problem can be fixed.

body {background: #fff;}

So many designers either forget or take for granted that their default browser background color (usually white) will be the same default color for all their visitors. No so!

To change the settings in Firefox to display a custom background

* Choose Firefox Preferences>Content>Color
* Change the background color swatch to any color but white.
* Check the box next to “Allow pages to choose their own colors”

set custom background color in firefox

I couldn’t find a preference setting for Safari, but for Opera users, choose Preferences>Web Pages.

You will be amazed at how many web sites will now display your custom background color. I have started a list of high profile pages:

* http://www.google.com/analytics/
* Adobe Events
* Sears.com
* Ebay Reviews
* Domain Tools
* Boagworld – I wrote to the designers concerning their omission.
* Backbone Technology

Dan Cederholm on Inside the Net

April 26, 2006 by debbie T | CSSPodcastingWeb DesignXHTML

This week, Dan Cederholm from Simple Bits was the guest interview on the Inside the Net podcast.

I think this has to be one of my all time favorite podcast interviews. Dan is so down to earth and it’s refreshing to hear conversation about standards and web design.

What Happened to My Styles??

April 4, 2006 by debbie T | CSSWeb Design

UPDATE: Styles are back. I figured since I started early, I will end it a little early.

Why does my web site look so plain and boring?

I decided to take off my CSS clothes, and run around naked for the day. April 5th is the official day to be bare, but since time-zones are all over the place, I deleted my style sheet tonight April 4, 6:10 EST.

For more info on Naked Day, check the official web site at http://www.dustindiaz.com/naked-day/

First Annual Naked Day

April 2, 2006 by debbie T | CSSWeb Design

http://www.dustindiaz.com/naked-day/

April 5th will be the first annual Naked Day – Remove all CSS from your site, and allow the true (x)html structure shine through.

It sounds like fun! Any takers? I signed up, but now I have to set up a reminder of some sort!

Google Sitemaps

March 1, 2006 by debbie T | Web Design

Just found out about this really cool tool at Google: Google Sitemaps

http://www.google.com/webmasters/sitemaps/siteoverview

Add one of your own web sites, verify the site by creating a new file with a unique file name, and Google shares a ton of valuable info like top searches, indexing stats, and page analysis.

Way cool, but maybe I am easily impressed! 😉