What Good is Security if You Almost Give Away the Info?

I just finished a rather unsettling TED talk (00:12:00) about Stalkerware.  What is that you say?  Well it’s programs that allow someone to view everything on a device of another person.  Scary?

Well, there’s more to it and it’s just about as bad.  Watch: Stalkerware   The stalker does need to, physically, get to the device, but that’s not as hard as you think.  Watch it, I am going to continue.

One of the first things she talks about is passwords.  I have written about this before, but it bears going through again.  Even I have learned things on this very subject.

1. Use Very strong passwords for each account.
2. Use a Unique password for each account.
3. Use Secondary measures (like phones calls before allowing entry) for passwords.
4. Keep passwords Safe.

Okay, 4 steps. Number 4 should be obvious.  If you write your passwords down, hide it well.  Don’t keep a list or even type a list on your computer. This is one time when pencil and paper win.

If you type something on your computer and erase it, people can still get it back in most cases.

Now, there are 2 things I hear over and over about passwords:  1.  People use the same password on multiple accounts.  2. People don’t want to take the time or energy to make unique strong passwords.  There is also the matter of changing your passwords every 30 days.  At least, make sure you change them several times a year and that they are strong each time.

Now, making a strong password is time consuming and hard work – I think that getting all of your information stolen and your accounts broken into will make MORE work!

A strong password:

1. 12 or more characters
2. Don’t repeat a password – EVER!
3. Don’t pick something simple.  Somewhere they did a study and found that a big percentage of system Admins had the password God1234 as their password!
4. Don’t follow a pattern that is easily figured out.  test1234TEST is 12 non=-repeating characters, bad choice!
5. Make certain to use  at least 1 Capital Letter, 1 Lower-case Letter, 1 Number, 1 special symbol (like (,),!,#,$,%,,<,>).
6. Dont’ use names, dates, or words for passwords unless you really mix it up (see below).
7. Remember this:  NO password or device is entirely unbreakable.  If they want to get in, they can.  Your job is too make it difficult enough that they don’t want to bother.

So, an example:

Take the words and page number from a book.     “Sally and Henry talked all night.”  page 175

Now, use every other letter and number.    “SlynHnyakdlngt7”

Now, change some letters to Numbers “51nHnyakd1ngt7”

Now, alternate Capitals / Lower-cases.  “51nHnYkD1nGt7”

Change 1 number and 1 letter to 2 specials.   “5#nHnYkD1*Gt7”

Now, take odds and evens and write them separately.   “5nnk1G7” and “#HYD*t”

Last step, write them both backwards and put together:    “7G1knn5” and “t*DYH#”  —>  7G1knn5t*DYH#

That is a good strong Password!

Thanks for your time.  I hope I helped.  I know it is hard.  I have approximately 37 accounts and each has a password this difficult or better.

A word on secondary securities.  Anyone may be able to guess security answers if you use ones a lot of people (say, Facebook) know.

So, I get around this as follows:  Example.  “Name of City You were born in?”  Answer: 137

Don’t use the real answer or anything close to it.  “School you graduated from”  Elvis Presley

Get the idea? Thought you would.  I, actually, set one up on a site with some help from the “security” person.

“The Name of your Sister”   Answer I gave (example):  Indianapolis

Her response was: “well, that’s not a correct answer!”    Duh?

Just think of what any account could do to you or cost you.  Definitely worth the time and trouble.

Namaste,

Scott

Your Money or Your Life (But, Your Password Will Do)

Some time ago, I published a post in which I tried to help people create a good password.  I still think my way is an excellent one.  Of course, 12-16 digit random characters including capital, small letters, numbers, and special characters is really hard to beat.  Anyway, here is an somewhat entertaining TED talk about passwords.  It’s less than 10 minutes and may help you.  After it, I will tell you, briefly, how I have made some really good passwords.

Now, simply put, try this:

1)  Use at least 12 characters (10 in a pinch)

2) Use numbers, letters (capital and small), and special characters.

3) Don’t follow a pattern

4) Change it fairly frequently

5) Password Guardians such as Norton’s password manager can help you.

6)  Don’t ever reuse a password

7)  Never just change a letter or a number when making a new password

8) Don’t repeat passwords

Ex.  12345 is a horrible password, so is any 8 digits or 8 letters, same case  (even mixed is poor)

Strong password:  how about:  rjdhFh2$#%fSncy  (16 randoms)

You only need to be hacked once – one poor password can allow that.

________________________

Namaste,

Scott

A Little Java in the Morning?

This article was sent to me by a friend recently:

WASHINGTON — The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.

The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

Experts believe hackers have found a flaw in Java’s coding that creates an opening for criminal activity and other high-tech mischief.

Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer’s operating system.

Oracle Corp. bought Java as part of a $7.3 billion acquisition of the software’s creator, Sun Microsystems, in 2010.

Oracle, which is based in Redwood Shores, Calif., had no immediate comment late Friday.

Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

I did a bit of research and came up with this article:

http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/

Thing is that this article is from August 2012.  Is there still a problem?  A new one?

Some further digging prompted the idea that there was a problem just last week, but may be fixed as stated in this article:

http://techland.time.com/2013/01/14/oracle-says-java-patch-fixes-security-problem/

All well and fine.  But, what is Java?  Why do we care?

http://www.java.com/en/download/faq/whatis_java.xml

Put very simply, Java is a small amount of programming that is used by games, mobile phones, and other devices (to the tune of about 850 million computers) to make them run better.  For us, a lot of it is used in your browser (Foxfire, Netscape, etc…).  The problem is that this vulnerability may allow a hacker to get into your computer and steal information.  One way they do this is by putting a small bit of malware (a bad program) in your computer that runs and can monitor emails, passwords, and other pieces of info.  It could also allow them to simply have your computer’s hard drive be ruined (empty of useable info) next time you reboot.  Hundreds or thousands of possibilities for a good hacker to disable your computer and/or steal your life.

My understanding is that, right now, they haven’t fixed it.  I went to “Control Panel” on my computer and simply uninstalled Java until they fix it.  That may stop some of my programs from working or working well.  So be it.  If the patches they have created will fix it, I will put them on and reinstall it.

I put this out there just so you would have a heads up.  Do with this info as you will.  But, know this, just because you ignore or don’t understand a problem, doesn’t mean it isn’t real.

Latest note:  I was still looking and it appears that you can go here and get the latest “fixed” version of Java.  This is them talking, not me.  I loaded it.  But, I am not guaranteeing anything. 🙂

http://java.com/en/download/index.jsp

Namaste,

Scott

It Might Not Take Much

http://www.askdeb.com/internet/computer/hackers/protect-computer-hackers.jpg

Today, I was sent an email with a link to an article attached.  Here is the link.  I will talk about it so don’t feel you have to read it.

Article

The article centers around a suspected group of Muslim (Arab) people (government?) who have attempted, somewhat successfully, to hack into our banking system through denial-of-service attacks.

My best understanding is that these attacks keep the valid people from getting into their bank accounts and, I imagine, the hackers get some time to try to really break into them.

This post is not aimed at the Muslims, the Arabs, or any government.  I think or hope that you all know me a lot better than that.  I want to concentrate on the word “hacker”.  This can be anyone from a six year old child who finds mom’s password to a chat site to a huge group of terrorists trying to shut down a government.

http://www.inquisitr.com/wp-content/2012/04/Anonymous-Hacking-Initiative-e1333640606470.jpg

I want you to understand that, for most of us, it’s the little ones that could cause a lot of trouble.  For instance, those of you who don’t worry much about your email passwords.  If someone managed to figure out or steal your password, before you could do much (or, perhaps, before you even know about it) they could simply send a bomb threat or death threat to the president’s public email address.

Now, they may get caught (and then they are in so much trouble), but I can pretty much guarantee you that your home or office would be quickly visited by men in black suits (or swat) and you would have a very interesting day with them (perhaps, several, or more).

The thing is that it might be you having to prove you didn’t do it and that it was, indeed, stolen to get you out of hot water.  Furthermore, with the Patriot Act (that gray piece of law) enacted, they could well hold you in prison without many rights for a very long time if they so chose to do it.

http://www.gnosticliberationfront.com/150906swat.jpg

Do I sound like someone who is screaming a bit about freedom and rights?  Maybe, but my main thought here is to protect through knowledge those of us who live a lot of our lives online and who have a lot of different ways back to us on computers.  It’s not even that far fetched.

I know of a situation where a reasonably small town had a hacker attempt to get into the organization.  He didn’t, but, here’s the thing:  the hacker was from Asia!  That’s right.  He was trying from Asia to get into this organization in little Indiana.

You get emails, I am certain, that are from scam artists, a lot of whom are from Africa and such.  I have written about the “women” I have received love letters from.  They say they are from Romania, France, and other countries.  I do not open them.  My email has a preview window.  I copy and paste the note from there and then delete it.  I NEVER answer them or open them up.

Looking through Norton Anti-virus info, I find that it protects me from thousands and thousands of viruses and scam attempts (hacks).  One of the common ways that this works is for you to open an email from the hacker.  The small virus in the email may simply copy your email address list, mail it back to the hacker, and then send the virus out to all the people you send emails to for the next few days or weeks.  When this repeats for a while, the hacker may now have thousands of emails to send things to or to try and hack into.

http://001yourtranslationservice.com/computer-tips/pics/virus/virus%20cartoon.jpg

I did something one time just to see what I could find out.  For a few forwarded emails, I simply copied the email addresses that they were sent out to.  Within an hour I had almost two hundred email addresses, many of whom I didn’t know who they were.  I sent a mass email out to all of these people letting them know how I got their email and suggested to all that, in the future, they “blind copy” the other names instead.  I know one person who started doing this from my suggestion.

The problem is that it only takes one person to carelessly send your email address on for people you don’t want to have access to your address.  I know we give these addresses out freely, but still, I don’t see any reason to “give” information out to others concerning addresses I didn’t ask if I could mention.  Besides, it clutters up the email.

http://www.examiner.com/images/blog/EXID28796/images/j0433153-1.jpg

Bottom line:  pay a lot of attention to emails from people you don’t know.  Delete them without looking at them.  I do.  Try to learn a bit about how to not be so vulnerable to hackers.  My previous post on passwords is a start. It is here.  Computers are wonderful, in the right hands.  But, then again, there are a lot of nice things that can be put to bad use.

Namaste,

Scott