It seems like it has been years since I have had a chance to make a post about anything and it actually has been. The last couple of years have been a struggle with a few moves. I have not felt settled for a while which has limited my ability to do a lot of the things I like doing. Photography, posting articles and so on. I will be attempting to change this. So stay tuned for future post updates.
Ask yourself this question and answer yourself truthfully. If my computer was to get stolen tonight, what have I just lost that I can’t get back. Can you remember everything on your computer that is important? Some tax returns here, the kids school word documents there. A weeks worth of work on a report intended for the bosses desk in the morning. Some important photos not uploaded to Facebook yet or chat history with a love one. You might even be thinking I got nothing really important on that computer. But then a month later you remember something that was.
But really home robberies are so rare, its not really something to worry about. And myself personally computer theft if not that high on my list. So what about a natural or human caused disaster. Perhaps a fire or a flood does the computer in. For many of us this is a far greater concern and a more likely possibility depending where you live. So its something that gets a passing thought every year at insurance renewal time.
Ransomware… Have you every herd of it? Yes, in passing? But you are not really sure what it is. Ransomware is the new kid on the block, and have been poking its ugly head around for the last couple years. And because early versions of this have been so successful financially for criminals a lot of hackers and other criminals have copied the methods and type of attack causing a big increase in Ransomware attacks.
Ransomware is pretty ingenious when you think about it. Traditionally Viruses would do things like make itself noticed on the computer so the maker of it got famous. It was a game. Others used viruses to steal documents from computers to sell on the black market. I really do wonder what a SIN /SS number is worth these days on the black market. But most of the time these viruses at worst only crippled the computer and the data was actually safe. Ransomware is different. It is designed to hold your data hostage. Using strong encryption methods Ransomware will encrypt all your data and demand money to release it. Most of the time those that paid didn’t actually get the data back. And the files are lost for ever because no recovery method can actually recover an encrypted file unless a super computer is involved, and lots of years to break it. You might remember that last year the FBI had some problems getting data off a iPhone that was encrypted.
The only real solution and viable option of protecting data from Ransomeware, theft and natural disaster is off site backups that are automatic. External hard drives, USB drives, tape backups, zip drives and yes I just said zip drive just so the young ones can go look up what is a zip drive, all offer the same kind of protection. That is, if the person making the backups remembers to A) test the backup media and recovery options, B) remembers to plug in the backup drive, C) remembers to unplug it when completed and D) actually take it to a secure location like work or a friends house or in the case of a business a secure storage facility like Iron Mountain. The failure in this method is, well, humans. Face it we suck. We are inconsistent with what we need to do, and get easily preoccupied with other tasks. We tend to let things slide with a “I will do this tomorrow” mentality but tomorrow never actually comes. The fact is most of us fail to maintain such a routine and because nothing bad happens for a very long time we get complacent with not doing it.
Automatic offsite backups through the internet solves almost all of these problems. While not 100% perfect since technology can sometimes break, for the most part the Automatic nature of offsite backups means you are well protected and never need to lift a finger. Additionally its off-site which means its protected from all the the above. Network servers and attached backup devices are susceptible to a virus. If you can save your work on it, a Virus can ruin that work since a virus will have at least as much access to stuff as you do.
So if you have questions about off-site backups or would like help to get setup to protect all the unimportant data and those few really important things you can’t think of until its gone kind of files then give me a shout to set you up.
Last summer a real awesome movie came out. Originally I had written off as being something stupid. I ignored it based on the trailer. Ironically this is one of those movies that trailer does not do it justice. A now former friend convinced me to go see it in theatre. The movie, Guardians of the Galaxy.
To say this movie was a pleasant surprise is a understatement. The cinematrography was excellent. The special effects mind blowing. The actors selected for the roles they played perfect and a adventurous story line made this a pleasant wonderful movie to watch. It’s one I would enjoy seeing again and again with friends.
I only bring this up now because I just finished watching it again. I don’t recall ever posting anything about it really and its ashame I didn’t because it’s a movie that deserves being talked about.
So that’s it for this blog post. Thought this town after watching I would post something about it. I don’t want to go into a review about the movie itself and ruin it for people that have not seen it. I highly recommend any one that has not seen it should.
Web startups are made out of two things: people and code. The people make the code, and the code makes the people rich. Code is like a poem; it has to follow certain structural requirements, and yet out of that structure can come art. But code is art that does something. It is the assembly of something brand new from nothing but an idea.
In an exclusive article, Gizmodo penned a powerful exposé about how Yahoo has bludgeoned Flickr. The title conveys the brutal reality of how the internet giant slowly ruined one of its best web properties. Eric Jackson frequently writes about Yahoo! and offers ideas on how it can turn the ship away […]
This is a good article on the issues of data privacy and the issues companies face protecting it. The good is that most companies really do want to protect personal data. The bad is most don’t have any ideas how to do it effectively
The Great Canadian Copyright Giveaway: Why Copyright Term Extension for Sound Recordings Could Cost Consumers Millions – Michael Geist
Randy Bachman, the well-known Canadian musician, found himself embroiled in a public fight with Prime Minister Stephen Harper last year when Harper used his song “Takin’ Care of Business” as a theme song for a major speech. Bachman said he probably would not have granted permission to use the song, since “I don’t think he’s taking care of business for the right people or the right reasons.” Bachman was singing a different tune yesterday as the government released its budget and apparently took care of the right people – record companies. Despite no study, no public demands, and the potential cost to the public of millions of dollars, the government announced that it will extend the term of copyright for sound recordings and performances from 50 to 70 years. For that giveaway, Bachman was quoted as saying “thanks for the term extension PM Harper, you really are taking care of business.”While the government lined up industry supporters to praise the term extension, the decision is unexpected and unnecessary (it also announced that it will accede to the Marrakesh copyright treaty for the blind, but that should not require significant domestic reforms). The music industry did not raise term extension as a key concern during either the 2012 copyright reform bill or the 2014 Canadian Heritage committee study on the industry. Experience elsewhere suggests that the extension is a windfall for record companies, with little benefit to artists or the public. In fact, many countries that have implemented the extension have been forced to do so through trade or political agreements, while signalling their opposition along the way.Canada will extend term without any public discussion or consultation, yet other studies have found that retroactive extension does not lead to increased creation and that the optimal term length should enable performers and record labels to recoup their investment, not extend into near-unlimited terms to the detriment of the public. For Canadian consumers, the extension could cost millions of dollars as works that were scheduled to come into the public domain will now remain locked down for decades.
This is a endorsement for a friends gaming channel. He seriously won’t stop bugging me until I help spread the word. So here it is.
A gaming channel by 3 friends! Content includes Call of Duty games like Black Ops 2 and Advanced Warfare, Grant Theft Auto V, other games, and upcoming giveaways!
They are looking for more subscriptions.
Privacy and Security
I will be blunt. People don’t think about their privacy or security. Why should they? We live in a complacent society with expectations installed into us by the media and advertisements of governments and companies. Our upbringing comes from family and friends and the institutions that taught us like public education. The core of society is the belief in the institutions that make up that society and that kind of thinking translates down to every level of our lives. We trust the institution of education. We trust the institution of law and justice. And some of us even trust the institution of government, and while many of us don’t fully trust it, we accept it as is. We trust the people we interact with are not going to steal from us or kill us. We trust the person driving the bus is a professional and will not get us killed. Society can not work without some level of trust. And it is for this reason most of us do not second guess what is.
When we turn on a computer we trust that the computer is not spying on us. When we go to a website, we trust that the website only collects the information it needs to provide us with a service. We trust the company or the man behind the website has no ulterior motives. When we provide our credit card number for an online purchase we trust that information will get from our computer to the seller safely.
We trust too much…….
The sad fact is simple, if money can be made by stealing your information then someone out there is going to try and steal your information. And the digital age has made this so very easy. Most people only think about the credit cards. They don’t think about information such as your address, phone number, name. And lastly, passwords and usernames!!!!
I am not going to go into much detail about what people can do with this information. For that you can google it. The biggest concern I have for my clients is the usernames and password. This is the key to our digital lives. With it unscrupulous, profiteering criminals can take your digital lives away from you. You can lose access to all the photos you have collected over the last decade stored on a website. They can read your emails, cut you off and even pretend to be you. You can lose your reputation, money, respect, memories, history, and convenience. They can harm your non digital life by damaging your credit. Stealing from your friends. A stalker could even cause physical harm against you or someone you love. Frankly the what-ifs are endless.
So are the methods of attacks to gain your information, username and passwords. And while no one is perfect and no technology is perfect, there is a lot of room for improvement. Simple choices and simple tools that change the entire scope of your vulnerability to the criminals.
Here is the important part. It is the finding of a good balance between protection and convenience that matters for the common person. You have security geeks that lose sight on the ease of use and convenience factor that most common people would rather have over super tight and complex security that offers the most protection. For the security geek there is no compromise and honestly it really should be this way. But that isn’t how it is. Most of us choose to expose ourselves and our information for the trade of simplicity and convenience. So I am writing this on the premise of what the majority will choose to do vs what we should do.
Lets talk web browsers. The first step in security is the first tool you interact with for using the internet. For this it will be either a Generic or company branded Microsoft Windows computer or Apple’s Mac computer on the computer side and then on the mobile side a bunch of products between iOS, Android, Blackberry and Windows Mobile. Google Chrome, Internet Explorer, Mozilla Firefox and Apple’s Safari make up the majority of internet browsers for both the desktop space and mobile space. I am mostly going to talk about the security on the desktop space. What I am going to say about laptops, and mobile devices is you should not be doing anything secure at all, period, ever, when connected to an Internet connection shared by other people. In other words, a connection that is not your own that you set up at your house. And if you must, I highly recommend not using wifi. Turn that off. Use the mobile internet that is provided to you by your cell phone provider. So back to the browser. The only viable options for secure and safe usage of the internet is to use a secure and safe browser. Google Chrome, Mozilla Firefox and Apple’s Safari fit that definition. Internet Explorer does not. The first thing I will say is do not use Internet Explorer.
User Google Chrome, Mozilla Firefox and Apple’s Safari. Do not use Microsoft Internet Explorer.
The next critical step is in how we use our web browsers. Time and time again I see the same from users. They do not know the URL (Address) of a website they want to visit. Or they do but they do not type in the address. We have become a search engine society. And modern browsers do not help with this by integrating the search function in with the address function in the same place. Sure it’s convenient to just type “TD Canada Trust” into the search bar and let the search engine give you a list of choices with a clickable link. Its easy.
One way sites steal usernames and passwords is by registering domains that look like the one you want to go to and make a fake site that looks like the site you want to go to. It is easy to make a visible link, for example www.hotmail.com that really takes you to www.hotmall.com. It is easy enough to make a fake website that looks like the real thing just to collect your login information. This is phishing. The attacker that collects it can then go to the real site and do bad things to you.
Additionally other problems include links that take you to the non secure version of a website which then redirects you to the secure version of a website.
Good practice is to know the place you want to go and to type it in. Do not rely on a search engine except for when trying to discover new things. If you don’t know the address to your banks website then call the bank and ask them. Or look on your bank card it will be listed there. Do not type GMAIL into the search bar then click a link to Gmail. Put in the address https://www.gmail.com. And let me be clear here. Not www.gmail.com. I included the https:// for a reason which I will explain next.
Almost no one ever puts in the http or https with a website address. Mostly because people don’t even use website addresses any more they prefer to search and click. But lets just assume you don’t do that or you are going to follow my advice above and stop doing that and start using the address. Web browsers will fill in the missing http:// on its own. But they default, to http:// and not https://. All websites accept http but not all can accept https so this is the reason. Web browsers do not want to default to something that might not work and result in complaints, and support issues. It does actually matter for your security though. Almost all interaction with secure connections from users to websites come from a redirect. You put in paypal.com and then your browser adds the http:// to it to make http://paypal.com then when you reach http://paypal.com the site redirects you to https://www.paypal.com.
Whats wrong with this? The http is not secure, the https is secure. When you go to the http site before getting redirected you can be hijacked and instead of getting redirected to a real https connection you end up with an attackers version of the site while the server thinks its secure with you. This is referred to a man in the middle attack. If you share an internet connection with a landlord, or you use public or open internet connections or you share a network with a roommate or family member, these man in the middle attacks are easy enough to setup. For those that know what tor is, it is not that hard to compromise an out connection this way. Moxie Marlinspike, a creator in one kind of attack tested it with a tor connection and proved very well that he could get credit cards, user names and passwords from the traffic coming out on his tor node. So type in the address, include https and if its a site you visit then bookmark it.
Use the real address, type it in. Don’t search and click it. And when it is a secure site type in the https:// with the address. This is easy to do and not a burden to users. And don’t login in to sensitive stuff on other peoples networks you dont or cant trust.
Passwords and usernames
I say this as an absolute not a suggesting. Use a different password every single website. Never use the same password twice. I don’t care much about easy to guess passwords vs making sure you don’t repeat it. The most common way to get a password is through social engineering. That is tricking the user to give it up freely. I send you an email pretending to be your bank. You click on the link in my email and go to a fake website and put in your username and password thinking you are at your bank. Now that I have the password, I can test the username, email and password on other sites like your email account. This is where the chain starts and next thing you know you are locked out of Twitter, Facebook, gmail and so on because you used the same password everywhere. Use a password manager to store the passwords. Write them down in a book, but don’t lose the book or let people have access to it. Never share a password with anyone. Some websites don’t use encryption for passwords which leaves it wide open for anyone to find with simple tools. So a different password for every site is best. This is where I get yelled at by the all or nothing security geeks. I suggest using an online password manager like lastpass. Its given up some personal control and security for a convenience. But in this case its a convenience that means you will use a different password for every site which I feel is more important than using an online service that gives someone else some control over your personal data. This is a compromise moment between die hard security and something being easy enough to use to use it. An alternative is managing a local program to store passwords. But generally speaking people stop using that after a short time because they don’t like having to go in and copy and paste. A plugin like Lastpass just fills in those fields for you. There is other advantages in regards to keyloggers and spyware but I am not getting into that with this article.
Don’t share passwords. Use a different password for each site and record it. Preferably with a key management program like lastpass that makes use of random different passwords very easy.
Additional Safety (Setup and Forget)
Setup opendns for your devices and house and set it to block known malware sites and otherwise bad sites. Its a blacklist, it will only protect you from what they know. But its a good start.
Use the plugin Https Everywhere, it is a white list of known https sites and will default you to the https version of the site. But if you are typing in the full address anyways you shouldn’t need it. But its useful if you forget to or if you are going to a site and dont know if it has https.
Use the lastpass plugin to manage passwords and put them in the fields for you.
I like using adblock, while its not so much a security protective device it does hide you from marketing companies, and gets annoying ads out of the way and speeds up the general internet experience. Potentially reducing memory usage too.
I also like the WOT plugin which marks websites as green, yellow and red in google searches based on community input. If its a safe sight its green. If its dangerous in some way its red. It lets you know before you click it.
This article only covers Internet usage. There is a lot that should be done to secure a computer as well because a single virus can defeat everything listed here. But assuming your computer is in good health, how you use the internet is a very big part of things. And a few simple tips like this will go a long way at providing better security without it being a burden. I would love to convince everyone to use encrypted email but some technologies are more of a pain to use then its worth for the common person and requires mass adoption to be effective. And we are not there yet.
Links to some of the technologies I described in this article and some interesting videos on the subject
HTTPS Everywhere https://www.eff.org/https-everywhere
Interesting video about hacking SSL https://www.youtube.com/watch?v=MFol6IMbZ7Y