Monthly Archives: November 2009

Protecting Your Data

Who are you willing to allow access to your password protected email address/online bank account/computer log-in, etc?

Recently I got an email from a contact of mine, telling me a story about how she had to go to another country to visit an ill cousin and now needs to help pay for some medical bills but don’t have enough money on her and can she borrow some from me?

It looked suspicious so I contacted the person and asked her if she had sent that email. Turns out of course she didn’t. So it came down to a hacked password in her email account. It was not possible to recover that email address as the hacker had changed the password, and reset the secret question and answer to be able to reset the password!

If you run into such situation where your email address has been hacked, here’s what I suggest you do, in this sequence:

1. First of all, if you have used the hacked password for anything else (which many people do), change those immediately, following the guidelines for powerful password creation below.

2. Try to change the password in your hacked email. Depending on the provider, there is usually a link for “forgotten password” in the login page. Use it and follow the instructions.

3. If you can’t change the password because the hacker already changed the secret question or alternate email address, see if  there is a validation page alternative like Hotmail has here.

4. Send an email to all your contacts letting them know about the hacking, so they are alert to any spoof emails coming from that address. If you were not able to recover your hacked email address account, send the email from a different one.

When you create a password, follow these guidelines:

a) DON’T use your name, date of birth, social security number, zip code, area code, or any combination of those in it.

b) DON’T use a word that can be found in a dictionary

c) DO use a combination of uppercase AND lowercase characters

d) DO include at least one number in it

e) DO include at least one special character in it (!@#$%^&*)

The reason for the above is there are programs that will automatically try to guess a password using a dictionary and other data that can easily be found in your computer. This is what is known as a “brute force attack“. Such an attack can be very effective, IF you violate the above guidelines.

Finally, it is recommended that you DO change your passwords periodically. I know people who literally have had the same password for everything for over a decade!

The above simple guidelines should keep your password-protected accounts/data much more secure. Don’t underestimate the power of a good password.

Internet Browsing and Your Privacy

This is not about a crazy nut conspiracy theory. It’s about how your internet surfing activities are kept track of. Many of you know about “cookies”, small files that your internet browser saves in your computer as it visits websites, and that they can be used to keep track of what websites you visit.

A less known fact is that websites include code in them that keeps track and report specifics of all visitors. Then there’s companies that specialize in collecting, analyzing and selling such information, which your browser normally gives away when visiting a site.  Things like date and time of your visit, your computer’s operating system, your IP (Internet Protocol) address (which can pinpoint your geographical location within a few miles radio), your internet service provider, what link took you to the particular website you’re visiting, which browser and what version of it you’re using, even your screen resolution!

The biggest company in this activity of web tracking is, by far (no surprise), Google with Google Analytics. Many other smaller companies also engage in this type of “surveillance”.

What can you do? For the Firefox browser users, there is a free add-on called Ghostery, which you can get here: http://www.ghostery.com/ . What does it do? it alerts you if there are trackers in the website you are visiting and gives you the option to block them. There is also a way to pull a big list of known trackers and with one click choose to block them all, so you don’t have to continuously click to block individual trackers as you visit websites.

I thought you should know about this and what can be done about it.

The Future of Communication

When it comes to computer related subjects, evolution seems hyperbolic. From the slow-start days of the computer in the 1940s, to the speed of evolution in the new millennium, this has become self-evident. It’s not easy to keep up with the new developments in the computers themselves, and the applications that are developed for them.

Such is the case with electronic communications. First used over 40 years ago, and originally modeled after traditional (snail) mail, it seems to have become obsolete in structure and function. Google took a shot at updating it based on tools available now that weren’t available 40 years ago, and recently came up with an attempt to answer the question: What would e-mail look like if it was invented today? The answer: Google Wave. Still in Preview and only obtainable by invitation, it is but a rough draft of what it can become, and I think it is already impressive.

It would take a really long article to explain everything Wave can do. But since a picture is worth a thousand words and a video is probably worth thousands of pictures, I leave you with a few million words worth in these videos below. I have arranged them in sequence, from short and simple to long and complex:

This first video is short and very graphic, and gives a basic notion of what Google Wave is:

http://www.youtube.com/watch?v=rDu2A3WzQpo

This next video is a guy’s take on demonstrating what Wave can do, by “translating” a scene of Pulp Fiction into Wave:

http://www.youtube.com/watch?v=xcxF9oz9Cu0

These next two are from Google team members, first the abridged overview (less than 10 minutes version):

http://www.youtube.com/watch?v=p6pgxLaDdQw

And then the full version that is mentioned at the beginning of the above one. It is for you to watch if you are curious for more information from the above videos. It is 80 minutes long:

http://www.youtube.com/watch?v=v_UyVmITiYQ

So there you have it. In my opinion, this represents an evolution, and the future of communication.

Public Wireless Networks, More About

My most recent article on public wireless networks security has gotten quite some feedback from my readers, which is appreciated. It has also raised a number of questions. While I always love to answer correspondence on an individual basis, there were enough common ground in some of the questions to justify a follow-up article. So here we go.

The main point raised was what to do when one is on the road for prolonged periods of time and cannot just wait until the next time one is home and able to connect the portable computer to a secure wireless connection to do banking and other sensitive data transmission type activities. The earlier article tips were more about what not to do. But can one DO about it? Note: because the technical level of my articles is geared toward the non-initiated and the technical details are generally left out, I will only cover what can be done in a generic way.

For starters, you can make sure your general portable computer security level is robust:

  • Is sharing files and folders enabled in your laptop’s wireless connection? it shouldn’t.
  • Are any of the services that allow remote connections to your computer running? they should be disabled.
  • Is your wireless card set to roam aggressively so if it finds a stronger signal it connects to a new hotspot automatically? that opens the door to connections to rogue hotspots and should therefore be set to not changing automatically.
  • Is wireless network ad-hoc (computer to computer) mode disabled in your laptop? it should be to avoid accidentally connecting to someone else’s computer.
  • Is your firewall on, and if your operating system is Windows XP, do you have a more robust firewall in place? consider free alternatives like Comodo’s or ZoneAlarm’s firewalls.

That covers a few points. But even with all the above points taken care of, there is still the problem of connecting to a hotspot that has no encryption. What to do then when one is about to engage in sensitive emails handling, online transactions, banking? The solution with the most consent is, use a private virtual private network (VPN). What is a VPN? It’s a type of network technology that allows secure communication between 2 computers or groups of computers via a public channel, usually the internet. It has many uses and providing wireless security while on a public hotspot is just one of them.

Both free and paid versions of personal VPN programs exist that can be applied to this problem. An example of a free one is Hotspot Shield, that can be found here: http://hotspotshield.com/. An example of a paid one can be found in this link. There is no implicit recommendation of either of these examples, although the free one was recommended to me by one of my readers. Update: See http://remotehelpexpert.com/blog/?p=1615 for an update on the hotspotshield recommendation.

So if you are in the situation where you are on the road constantly and need to use public hotspots, you might want to consider a personal VPN solution as a deterrent to wireless sniffers and man-in-the-middle type of attacks.