Archive for the ‘Security’ Category

« Older Entries

Americans are easily scammed

Tuesday, January 3rd, 2012

It seems sad, but I’ve observed evidence to support this with my own eyes (and a few times perpetuated by my own mouse clicks). I read an article on CNet which reports a survey on who is the most and least likely to be scammed. Unfortunately, my fellow Americans were more likely than UK or Australia users to provide personal information in an effort to get something for free.

I’ve witnessed many of my friends posting on Facebook “links” to videos of humorous or salacious content but which only end up being a survey scam or some other information grabber you need to fill before you’ll be granted access to the video (assuming there’s actually a video to watch). I’ve clicked on a few myself when I wasn’t paying attention and then had to go remove the reference from my Facebook wall before the link spread any further (if a professional geek posts it, it must be safe, right?).

In the past, it was banner ads purporting to give you a free “popular gadget of the week” by clicking a link, filling out a form, signing up for some “offers,” and then convincing a quantity of friends to do the same. I’m not even sure there were any “gadgets” to go around when all was said and done.

In the end, I’ve not seen a single one of these which were legitimate. They’ve all been scams unless the visible URL was something like YouTube. I’ve been able to view a few by using sites like BypassFanPages and simple Google searches. It turns out, the result is rarely as exciting as the title suggested. So, it’s best not to click on any of them.

Posted in Internet, Security | No Comments »

Your router’s security may not be as secure as you think it is

Thursday, December 29th, 2011

I read a report from Sophos that there is a fairly critical security flaw in many consumer wireless routers. I’ve gone on before about how you should use the strongest encryption method available for your equipment to use (WPA2 if all your stuff can handle it). However, while these routers support that, they also have a feature called WPS (for Wi-Fi Protected Setup) which makes it easy for you to set this up by either pressing a button or entering a PIN on either the device connecting to the network or the router.

Using the PIN method is potentially risky if all you have to do is enter the PIN on your computer or other device. It seems the authentication method for the pin results in a mere 11,000 options remaining which can be brute-forced in less than two days.

When I setup a new router, I’ve always gone for the manual approach and determine a wireless network name (SSID) and key which the clients can remember or have easily available. I don’t even install the software which came with the router but instead go to its web-based administration. I’ll turn off WPS so that it’s not accidentally used (the first and only time I tried using WPS, it scrambled what I’d previously set to something random for both SSID and key).

This falls in line with how security decreases as convenience increases. I advise to disable WPS and do it by hand.

Posted in Hardware, Internet, Networking, Security | No Comments »

SOPA and PIPA are bad

Wednesday, December 28th, 2011

The Internet in the United States is under a threat of assault, the likes of which I’ve never seen. Two bills going through Congress right now, SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act), will likely cause secure breakage to the technical underpinnings of the Internet.

The idea behind these bills is to go after copyright violators. However, the methods allowed are extremely aggressive. Can you imagine a single image uploaded to Facebook which turns out to be owned by someone else being the catalyst which makes it impossible to go to Facebook unless you know its IP address? These bills don’t take sites of the net so much as they break your ability to look up the underlying address of the site.

A thorough treatise is posted here at the Stanford Law Review. There are many other sites which go into detail on SOPA such as this one by Adam Savage of Mythbusters and this one over at Lifehacker (which includes a nice video describing the problem).

There has also been some collateral damage in this war. GoDaddy, for instance, had initially shown support for SOPA. As a result, a boycott was called unless they inform Congress that they don’t support the bills at all.

It also appears that SOPA will break the forming DNSSEC (a secure form of DNS, the “phone book” of the Internet) specification.

All in all, this must stop. Letters and calls to Senators and Congresspeople are a good idea at this point.

Posted in Internet, Networking, Security | No Comments »

Be wary of sharing your passwords

Saturday, November 12th, 2011

I’ve spoken in the past about how you should be using different and complex passwords. Today, I was reading a post from Leo Notenboom which hit home on the subject of sharing your passwords.

Now, in the course of my fixing a client’s computer, I may ask for a password. In 99% of the cases, the client just gives it to me and I proceed. I consider it a great honor that I’m entrusted with this information. For my part, I rarely keep a record of the passwords used which requires that I ask again when doing service at a later time. I know not to breech this trust as that would negatively impact the reputation I’ve grown. Besides, it’s just wrong. I’m also not offended if the client wishes to input the password instead of giving it to me.

You should really consider who has access to your passwords. I’ve encountered simple issues like spouses who know each others passwords on to more risky situations like kids knowing parents’ or employees knowing bosses’. The worst case, of course, is just having your password written down in full view of anyone who may pass by.

To summarize, in addition to maintaining separate and complex passwords for different sites (as well as computer and program logons), you need to take care who else has access to these passwords.

Posted in Security | No Comments »

How will you know your credentials have been compromised?

Thursday, June 23rd, 2011

While there are many news reports on companies being hacked and customer information being released into the wild, how will you know you’re one of them? It seems enough people have asked the same question that one of them decided to do something about it.

According to this New York Times blog entry, one man created a tool for family and friends to check to see if their information is out in the wild and he’s opened it up to the public. Check out his Should I Change My Password site to see for yourself.

Some caveats: It’s a little new so there could be some trust issues with the guy who created the site. Also, it doesn’t check every known data breach, only those where he was able to get access to the data to create his database. While he does plan on adding new information to his database as it comes along, we’ll have to wait and see how well he does that.

Right now, I think it’s better than nothing and worth a shot. I checked several of my e-mail addresses and came up with nothing found so I can’t review what happens if something was.

A reminder: Make sure you use different passwords for each site you are on. Especially use different passwords for financial institutions. Don’t use the same password for a site as the e-mail address used to login.

Want more updates? Send me an e-mail and I’ll put you on my mailing list.

Posted in Internet, Security | No Comments »

« Older Entries