Tag Archive: security


Computer Security Basics

Filed Under: General by andrew — Leave a comment
August 23, 2011

I thought I’d publish a brief post of some Computer Security Basics.  While I’m no security expert I can share some of what I think to keep things safe for myself:

  1. Keep your computer up to date.  If Windows wants to install and update – do it. If a software package – such as Abode Flash/PDF – wants to update do that let it.  Don’t put these off – get them done as what they are fixing is probably already be used by the bad guys.
  2. Know what security software you have – is it McAfffe, is it Microsoft Security Essentials?  Know what it is and be sure it’s also up to date.  Some of the most evil threats lately are programs that look exactly like an security (anti-virus, anti-spam, anti-spyware) program – and trick you into giving them money.  I had to basically restore a relative’s laptop back to how it came – as the malware that got on the machine prevent me from doing most anything and the relative didn’t know what was supposed to on the computer.
  3. If something just doesn’t look right it probably isn’t.  This applies to both e-mails, facebook messages, etc.  I’ve seen a lot of things on Facebook lately -where some malware posts on my or somebody’s wall – but it doesn’t seem right.  Ignore/Delete those.
  4. Be aware of your Facebook Security settings – as many of the defaults are set much more open than you would think.  In the upper left-hand corner click on Account – then Privacy and/or Account Settings.
  5. If you are doing something sensitive – like banking, e-mail, etc. – then be sure you’re on a security page – look for the lock!
  6. If you have a Wi-Fi network at home set a password and don’t use WEP.  If you don’t have a password set then you’re network is open to the world.  Also – if you’re in a public place with free Wi-Fi with no password then be very careful what you do as unless it’s on a secure page it’s open to anyone else on that network.
  7. Don’t use the same password on all the sites you visit.  If one of those sites is compromised then you are at risk that you’re compromised on all of your sites.  My best recommendation is to something like LastPass – something that helps you generate unique passwords and keep track of them.  I use it an love it!
  8. If you’re unsure of something then ask and/or research it.  I still find myself having to research items to determine if they are safe or not.
  9. If you have a laptop or smartphone set a password on it.  If you travel a lot with your laptop then you should consider encrypting the drive so if it’s lost or stolen your data isn’t also lost or stolen.
  10. If you see a link in an e-mail either copy the address out or hover over it to make sure it’s what you think – i.e. if it’s supposed to take you to abc.com make sure it shows abc.com, not qef.com.
Tags: ,
Comment

Easier Secure Passwords

Filed Under: General by andrew — Leave a comment
June 24, 2011

The other day I was listening to Security Now – a security podcast with Leo Laporte (my old buddy from Tech TV) and Steve Gibson. Steve Gibson presented a fascinating technique on creating a secure – yet memorable password.  Many of us have heard by now a lot of the techniques for creating secure passwords:

  • lower and UPPERCASE letters
  • At least one number
  • At least one special character
  • Not actual words

Basically random gibberish is what they tell us to use.  Oh, and we should never use the same password on more than one site/application and don’t write them down.  So basically we’ve been told to do something no one of us are really good at.  While Lastpass is an excellent solution – you still have to have a password to use that.  So the challenge is to create a password that is safe, yet memorable.

Steve presented a fascinating idea – documented here:  https://www.grc.com/haystack.htm.  One of the basic points is that length is almost as important as using all the other rules we’ve been taught.  Basically those bad people (you know the guy in Russia smoking a cigarette in a dark room) have to use a brute force method to guess passwords.  Most of them have this big gigantic dictionary of words – all the words you could think of using in a password.  Our goal as users is to create a password that doesn’t have those dictionary words in it. So the traditional approach is to basically create some random gibberish that would never be cracked.

There’s an alternative – length.  A hacker doesn’t know how long your password is – they have to guess – and they’re likely to start small instead of large.  So Steve determined that adding a number of say, dashes, to a password, increases the strength of the password – but is far easier to remember.  Let’s try some examples ourselves:

  • Here’s a LastPass random password: U6^gEeL4zO
  • Here’s an alternative: ———-H0t——  (10 dashes, Uppercase H, Zero, lowercase t, 6 dashes)

I don’t know about you – but the 2nd one, while not simple, is far easier to remember….

Tags: , ,
Comment

LastPass Rocks

Filed Under: Tips and Tools by andrew — Leave a comment
December 12, 2010

I’ve been using LastPass for a few months now and I have to say it Rocks!  It’s one of the best tools I’ve used lately – it just works!.  I find myself loving it more and more – and get this – they even have a version for the Palm Pre! (the betamax of smart phones)  LastPass just seems to work – it integrates with your browser in a wonderful way – filling in forms and logins – handling multiple logins. It’s also great as it prompts you to create new passwords – which enhances your security greatly.  It works across multiple browsers and multiple computers – so I have it on my laptop, my desktop and my palm pre phone.  I can also look up my “vault” on other computers – so I’m basically never without it.

It also allows you to have “secure notes” – so it doesn’t have to be just logins.  I find it an amazing tool – just so impressed with how it works.   But there is a deeper reason why I wanted this tool – to protect against one site compromising others. The best strategy is to not use the same password on more than one site – so in case that one site is compromised they can’t know your password on other sites.  But there’s a problem – who in the world can remember all those passwords? I don’t think anyone can (and I’m sure you never forget a user id either).  LastPass fills the bridge – you just remember the one password – it takes care of the rest – filling in the logins on each website.  And you can always look up the user ids and passwords – even on your mobile phone!

So I don’t know if I can say enough about how much I like this tool – it Rocks!!!!   It solves a fundamental problem with passwords across the web – balancing security and usability.  And since it’s free ($1 per month if you want to have it on your phone) – it’s hard to make a case why not to use. So try it today – be better with your passwords and logins…

Tags: , , ,
Comment
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
I'm a proud member of the WordPress Users Association, Become a member today