What Good is Security if You Almost Give Away the Info?

I just finished a rather unsettling TED talk (00:12:00) about Stalkerware.  What is that you say?  Well it’s programs that allow someone to view everything on a device of another person.  Scary?

Well, there’s more to it and it’s just about as bad.  Watch: Stalkerware   The stalker does need to, physically, get to the device, but that’s not as hard as you think.  Watch it, I am going to continue.

One of the first things she talks about is passwords.  I have written about this before, but it bears going through again.  Even I have learned things on this very subject.

1. Use Very strong passwords for each account.
2. Use a Unique password for each account.
3. Use Secondary measures (like phones calls before allowing entry) for passwords.
4. Keep passwords Safe.

Okay, 4 steps. Number 4 should be obvious.  If you write your passwords down, hide it well.  Don’t keep a list or even type a list on your computer. This is one time when pencil and paper win.

If you type something on your computer and erase it, people can still get it back in most cases.

Now, there are 2 things I hear over and over about passwords:  1.  People use the same password on multiple accounts.  2. People don’t want to take the time or energy to make unique strong passwords.  There is also the matter of changing your passwords every 30 days.  At least, make sure you change them several times a year and that they are strong each time.

Now, making a strong password is time consuming and hard work – I think that getting all of your information stolen and your accounts broken into will make MORE work!

A strong password:

1. 12 or more characters
2. Don’t repeat a password – EVER!
3. Don’t pick something simple.  Somewhere they did a study and found that a big percentage of system Admins had the password God1234 as their password!
4. Don’t follow a pattern that is easily figured out.  test1234TEST is 12 non=-repeating characters, bad choice!
5. Make certain to use  at least 1 Capital Letter, 1 Lower-case Letter, 1 Number, 1 special symbol (like (,),!,#,$,%,,<,>).
6. Dont’ use names, dates, or words for passwords unless you really mix it up (see below).
7. Remember this:  NO password or device is entirely unbreakable.  If they want to get in, they can.  Your job is too make it difficult enough that they don’t want to bother.

So, an example:

Take the words and page number from a book.     “Sally and Henry talked all night.”  page 175

Now, use every other letter and number.    “SlynHnyakdlngt7”

Now, change some letters to Numbers “51nHnyakd1ngt7”

Now, alternate Capitals / Lower-cases.  “51nHnYkD1nGt7”

Change 1 number and 1 letter to 2 specials.   “5#nHnYkD1*Gt7”

Now, take odds and evens and write them separately.   “5nnk1G7” and “#HYD*t”

Last step, write them both backwards and put together:    “7G1knn5” and “t*DYH#”  —>  7G1knn5t*DYH#

That is a good strong Password!

Thanks for your time.  I hope I helped.  I know it is hard.  I have approximately 37 accounts and each has a password this difficult or better.

A word on secondary securities.  Anyone may be able to guess security answers if you use ones a lot of people (say, Facebook) know.

So, I get around this as follows:  Example.  “Name of City You were born in?”  Answer: 137

Don’t use the real answer or anything close to it.  “School you graduated from”  Elvis Presley

Get the idea? Thought you would.  I, actually, set one up on a site with some help from the “security” person.

“The Name of your Sister”   Answer I gave (example):  Indianapolis

Her response was: “well, that’s not a correct answer!”    Duh?

Just think of what any account could do to you or cost you.  Definitely worth the time and trouble.

Namaste,

Scott

You Have a Call

I come home from the store, from supper, from seeing Mom and I usually have, at least, one call on my answering machine. They are, often, from many different sources, some even legit.

It’s not those, though, I wish to discuss with you today.  It is this inundation with pranks, scamming, and dangerous calls I point my finger at.  One particular call came in twice today.  This was a recorded response.  Going something like this: (not an exact quote)

“Intrusions have been coming from many different countries.  We will be changing your IP address to fix this problem.  Please call our service at [phone number].  Thank you.”

Firstly, yes, there have been intrusions coming from many countries.  The above message is just one of them.  Changing your IP would not, particularly fix this problem.  I doubt they even care about the IP, in general.  The IP is, sorta, the name used on the Internet for your computer’s transactions.  Changing that would only help you if they were going directly to your computer.  Not the problem.  Calling them, probably, would get you a person who would, undoubtedly, want you to login to a site and allow them to control your computer.  Again, that won’t handle your IP.  If they want your password to your modem, that would fix the problem, but also allow them to plant something that would allow them into your computer and all other devices using that modem later. If you don’t know what your modem is, it is, usually, a device with about 5-9 lights on the front with, at least, one cable on the back.  That one cable should go to your Internet connection in the wall or ceiling.  They differ, but main thing is don’t EVER make those types of calls, even if you have been having problems.  Call your Internet provider (Comcast, etc…) and ask them IF they have been calling (probably not).  Just ignore the calls.  I thought, today, how tired I get of fielding those calls and I know they are fake.  It really bothers me how just ONE call that gets made to that place can result in all your bank accounts, credit accounts, and other money-type accounts getting hacked.  Not to mention you will have to take the computer to a specialist to get rid of all the messy programming and/or have your entire computer disk and memory wiped clean before getting to use it again at all.  If you wait and, say, send an email out, they could have put an virus into that email that would continue the mess with whoever you send that email (or hundreds of them) and so on.

There are calls about all kinds of offers, emails that you may have received.  Here are a few I have gotten or talked to others who did:

1. You have won the European lottery.  Call [xxxx] to verify and collect your winnings.
2. You have been named in a will by an uncle who willed you as the owner of a silver mine in Africa.  I am a lawyer trying to get your money to you.
3. I am [such and such].  I have several job openings for someone and you can make [several thousand a month] for just mailing letters.

The list goes on and on.  They also stalk Facebook, Dating sites, and other popular places where people chat. I have had constant barrage of offers to “be my friend” on FB.  If I don’t know the person, and sometimes even if I do, I go to their web page.  Usually, there is very little on there. I find a lot with pictures of a beautiful woman in many outfits and locations who goes by this name.  Her current list of friends, if available, are nearly all men.

The dating site ones are the best.  The person will “respond” to my like almost immediately, no matter what time it is. She will give a profile full of grammar errors and lofty love statements:  “I know we will fall in love completely, filling the world with the painting of our affection.” (again, not an exact quote).  She will tell me how devoted she will be as a wife and take care of her man.  But she doesn’t like to chat onsite…could I just call [xxxx] or hit her up on some web site where she can be anonymous and privately chat with the dozens she (or he) has gathered.

I even took one of the photos and ran it through google reverse image search or tineye.  Either will look for photo matches.  Not reliable when they miss, but this one hit and was from a web site where this other woman’s picture had been copied and used.

Another of my warning posts.

You can take it or leave it, but I suggest you pay some attention to it.  These people make their living at faking you out and stealing something from you.

Love you all,

Scott

 

A Revisit to Passwords

I was reading a blog post by a woman who had to choose a new password for her blog because they old one had been hacked.  She had also had her debit card hacked.

This is the life we live in. If computers are going to make our lives easier and faster, it will also be true that some people will do harm through them.

I gave a post on creating passwords some time ago.  Since then I have learned a couple of things that will help keep your computer files and money saf-er.  No computer is entirely safe from hacking.  Even if you don’t have it hooked up to the Internet, someone could break into your house, steal the computer, and hack it later.  But passwords are great IF they are selected with some care.  For example:

These are people who have scammed people for a long time, but now can do it, mostly, from their home through computers. Most computers are fairly easy to be hacked, but you can deter them by using a password 12-20 characters long where you use at least 1 letter lower-cased, 1 letter upper-cased, 1 number, and 1 acceptable special character. Now, don’t make it your phone number or something like that. Ideally, it should have letters and characters on both sides of the keyboard and be a pretty random assortment of characters. Never reuse a password. And, when you do the secret questions, don’t use real answers, use ones that you will remember because they are ridiculous. “Where were you born?” Answer: elevator.

This is a very simple and fairly uncomplicated explanation of how to choose passwords.  If you have to write them down, fine, do it on a pencil/pen notebook and leave that notebook at home.  I have approximately 37 passwords and all of them follow the rules from above.  And you need to do the same for every password.  You never know what a person could learn if they hacked your “game” password.  Norton has a great program that “remembers” your passwords and encrypts them, putting them into the site when requested.  You can also view your passwords here to see what they are if you need to manually enter one.  Not foolproof, just good.  I am told that most hackers will not usually mess with your account if the password is up to speed.  Ideally, you should change them every 30 days.  The big reason for this is that if someone is working on getting into your account and is using password crackers, it is hopeful it will take them long enough to get your password that you have changed it.

The world is a rough place.  Why make it harder on yourself by having to deal with hackers and scams?

Namaste,

Scott

Spring Cleaning or “Cleaning Springs”

Today was the first day in awhile where I have felt good all day (It is 5:37pm and I got up at 10:30am).  I did a sleep study Monday night (perhaps another post – we will see) and had to revamp my sleeping schedule in a week from bed at 4am to bed at 9pm.  That, in itself, was a task.  Then, the night of the test, I went to the hospital, test began at 10pm and she got me up at 5:30am and said it was time to go home!  Jeez!  So, I went to breakfast (quiet at 6:20am), home, bed at 10am-2pm, then went back to bed last night at 1:30am and got up at 10:30am.  I had just finished a sleeping cycle (dream finished and woke up), which is supposed to be the best time to get up and feel good no matter how much or little sleep you have had.  I have not been very tired at all and have had 3x the normal energy I have felt in quite awhile.  So, what grand thing did I do?  I CLEANED MY KEYBOARD!!!

That may not sound like much, but it took 1 and 1/2 hours to finish!  I would advise you all to do it at least 1 time a year.  It had been 1.5 for me and it was interesting…

Steps:

1. shut down your computer completely (not to sleep – shut it down, no electricity going to keyboard!)
2. get your alcohol (rubbing, not drinking!), q-tips (about 20-30), and a couple of gauze pads, and something thin and flat and small.  I had a throwing knife (don’t judge!), but a steel nail file would work.
3. put some alcohol in a small container (holds < 1/4 c.).
4. dip or pour some of the alcohol on the gauze pad and wipe all the top of the keyboard down pretty good.
5. use the knife (or whatever) and remove (pry carefully) up the space key (this will, probably, be the dirtiest).
6. using the knife, easy, scrape up all the hair (pet), and stuff into a small pile and then use a dipped q-tip to pull it out from the keyboard.
7. Be careful how many keys you take out at once (you have to remember the proper order to put them back in!!!).  I would suggest 4-6 at a time and lay them in order and face down nearby.
8. after cleaning the keys and their spaces thoroughly tip the keyboard upside down and shake or tap/shake so that the excess stuff falls out.
9. after the alcohol dries (minute or so – blowing on it helps) replace the keys.
10. repeat 6-9, taking out 4-6 keys, mainly the ones you use the most, until done.
11. for a gamer, like myself, I ended up removing the following keys:  spacebar, backspace, arrow keys(4), main enter key, both shift keys, cntl and alt both sides, a,w,s,d,e,r,z (control keys for games), special window keys, tab.
12. When done, make certain all is dry and clean mouse well (I have a roller ball mouse, so it was dirty and I clean it once a week or so).
13. turn computer on.
14. open up a blank word, work, or some type of writing document.
15. type in all the letters (small and caps) as well as numbers and test all the keys you removed and the mouse.
16. if all is working, you are done!!!! yeah – take this time to smell the keyboard – it won’t smell this clean for awhile.
17. if all is not working – well, sorry for your luck – lol.  I have been there and done that.

That has been a lot of my day so far.  I hope to get more done, but we will see.  I managed to do odds and ends along with this task.

Have a great day!

Namaste,

Scott

Unexpected Evening

Source; Wikimedia Licensed for reuse. Click pic for page.

Tonight, well, last night now since it’s 1:14AM, was unexpected. Not the evening so much as the end of the evening.  My father broke his ankle some time ago and I watched over him while Mom and Sis went to Indianapolis.  I brought my laptop, intending to write a new story, but I got sidetracked (did I sound surprised? Didn’t think so.) and ended up watching the last two episodes of “The Witches of East Side”, Season 1″ on Netflix and 1/2 an episode of “Turn” (2nd episode, Season 1).  When they got home around 10:30pm, I shut off Netflix and powered down my laptop.  That’s when the evening went unexpected.  I knew there were going to be updates.  I hadn’t used my laptop in some time and it has been updating whenever I shut it down.  This time, however, the “loading 1 of 153 updates” was not met with a smile from me because, following that was a “do not shutdown or power off your computer” message that had me staying there until 12:50PM when it finished and shutdown.

I spent the time reading my Nora Roberts’ novel “Calculating in Death”, so it was not a wasted time, but I wanted to be home doing other “home” things.  Then, to simply add to it, I remembered as I walked out the door, that I have somewhere to be in the morning.  So, there goes that time, too.

In trying to figure out how to make good out of bad, or decent out of not-so-decent, I decided to do a post on tonight and how I felt.  I don’t usually feel rushed anymore.  Since the stroke, I take my time, do things as they come and do not get pressured or bothered by waiting.  This, however, for some reason, really irritated me.  Even sitting here now, I cannot figure out quite what was bothering me so much, though I have some ideas.

I think a lot of it is simple.  I just wanted to be home and have more choices as to what I could do when my laptop was unavailable.  For instance, I could simply go to my desktop PC and work or play.  That is what I would have done, normally.  If you add to it that my home computer would have done the 2.4 hours of work in about 15-20 minutes, you can see why I was unhappy.  I would have had time and availability to do a load of dishes, clean up something, read in the comfort of my bed, or to be practical, taken a shower to get ready for tomorrow.  Was I really put out?  Nope, not much.  But, I am used to doing things at my pace and in my own way and that was messed up.

That brings me to the point of this entire post.  When things don’t go our way, we often get upset, short-tempered, or whatever else.  My question now is, why?  It wasn’t that big of a deal.  I no longer work, so whatever I don’t get done tonight, I can do tomorrow.  I have a story deadline, but it is far enough off that I won’t have any problems finishing it.  It just ends up being spoiled…me, that is.  I am “used” to doing thing my way.  So, when it gets a bit out of shape for me, I get upset.  Seems a bit petty.  In fact, it seems a lot petty.  Made me think that if I am this petty over something small, what can others get like over big things and in more of a rush?

The whole thing has now humbled me a bit.  I am not the unshakeable person I made myself out to be.  It was bothering me tonight that it was bothering me.  I guess I can still step back and take a look cause there are things I still need to work on.

How about you?  How do you handle it when things don’t go right for you?

Namaste,

Scott