After listening for over week to Security Now! podcast (thanks, Steve, thanks Leo and happy birthday), I've decided to actually do something about the security on computers around. I started to scanning my home network using "Shields Up" and was happy to found that the only open port was SSH, exactly as I thought I configured it.
As next step, I followed the advice from this podcast and used my hosts file to block out ads servers and other internet vermins. You may also want to look at the podcast notes, read full transcript or listen to it.
I have downloaded the public hosts file, containing over 12 thousands entries and merged it with my own hosts file. Because I am running Web server on every computer I use (to be able to develop web applications), I have replaced the loopback to 127.0.0.1 with 0.0.0.0 in all entries (except for localhost, of course). The 0.0.0.0 is invalid address and will cause that the request will be dropped immediatelly, rather that trying to reach destination. If you are not running web server, the 127.0.0.1 will work just fine. Do not get scared with the file size - Windows can scan through the entries really quickly and it is always by order of magnitude faster than try to do any network connection. Guarranteed ! Btw, Wikipedia has pretty good entry on hosts file.
As third, I started to use 10 minutes email for sites that require my email address to register (and potentially spam me). The idea is simple: you go to the web page, generate for yourself temporary email address that will live for 10 minutes. Any e-mails sent to that address will show up automatically on the web page. You can read them, click on links, and even reply to them. The e-mail address will expire after 10 minutes. You can extend the life for another 10 minutes if you need to. Simple, effective, free. There are many other providers of this service (see e.g. this list) but some of them require you to register first, which IMHO beats the purpose: in order to avoid providing your email, you have to provide your email first :-). The 10minute mail works without this nonsense. Hope it will stay alive
Few more quick finds from Web:
- See the some examples of non-standard and creative 404 pages: 1, 2, 3, 4
- if you are male AND software developer, this is rather non-standard characterization of programming languages
- interesting torrent search site
- here is what will happen when you try to download the whole internet
- nice article on pragmatic agile approach summary (which I wholeheartedly agree with) by Jeremy Palermo