May 10, 2012
Let's Talk Passwords - now updated with a significant point
I was just reading a lament by a friend on Facebook who had accounts compromised because of weak passwords. Therefore, you lucky readers now get an entire post on passwords. Aren't you thrilled! Okay - don't throw things at me.
Let me first state - this does not begin to cover everything to do with the subject at hand. It's just a blog post not a dissertation (although some of you may be wishing for a simple dissertation before I'm done and others stamping in a rage because I "forgot" something important). Consider it a glancing blow pointing out a few items that might help you stay a bit safer online. The vast majority of information will be omitted. That's life.
Passwords. What can we say about passwords? Well, the entirety of the username/password type of access system sucks. Period. It completely and totally sucks pond water. That will not change in the near future much as we all hate it. Until computers evolve enough to find better ways to know "we are who we say we are", we have to deal with it. This post won't be about better ways to do it. Those topics are fun to talk about but completely irrelevant to this discussion. We have to work with what we've got the best way we can.
So what's the number one problem with passwords? Remembering them. If you forget, you either give it up in disgust or you have to jump through hoops to get back in the system. We hate hoops. They waste time and cause massive irritation. We just want things to work. That is the entire problem in a nutshell.
So, what do people do about this? When they are at home and are not under the tyranny of computer security people at work, they go for the easiest solution. Pick a password that is memorable and use it everywhere. This would be what I call: Huge ass mistake number 1.
Here's one list of
The 25 worst passwords of 2011
Do you use any of these? Yeah? You might want to consider changing things in that case... just sayin'...
Everyone wants things to be easy. Security is not easy. It's a huge wet smelly blanket thrown over all the fun in life. If it was easy, this post wouldn't be necessary.
Let us move on to:
Huge ass mistake number 2. No one will know.
Ah yes, the "obscurity factor". No one will know what I choose for a password, they aren't sitting here, they can't see me type it. They can't possibly know so how could they guess? There's no way they can figure it out, it's not even a real "dictionary" word. (here's a hint: the hackers don't figure it out - they let computer tools figure it out - way easier)
It really is a toss up as to which of the 2 huge ass mistakes listed above are the worst. Both are parts of human nature and both make it very easy for people to totally ignore any advice that might help keep them safer online. Because... really... can't we all find something better to do with our limited free time? Like there is always a good excuse not to workout at the gym, there is always a good excuse to not to "worry" about passwords we use.
Of course, there is another difficulty. Even if you take as many precautions as possible, bad guys can still manage to make your life a misery. They have the advantage. They only need to find one way in, you have to block all ways in. Not fair and very tiring, but there it is. We're at a disadvantage before we start. Even people who are very good and try to do everything right can be "gotten" by a bad guy (especially if they are specifically targeted). So why should you make an effort? Because:
You don't want to be the low hanging fruit.
If the bad guys really want to get you, make them work for it! You don't want them to steal a username/password database like the RockYou data breach or the Gawker data breach, take that info and start trying to apply it to email accounts, credit card companies, or banks.
Since most username/password combos are email address/password, the first thing an intelligent hacker would do is try to use what they have to log into your email account. If you are a person who uses the same password everywhere - voilà! They're in. From there they can peruse your email and check out your bills and bank notices to figure out what to hit next. Simple.
To that end, let's go with some tips to help you fix your passwords. Let's start with where you'll keep them so you don't forget.
1. A database just for passwords.
Because it's best if you have a different password for every site where you log in, remembering becomes next to impossible. That's where a password database shines. You can use apps like 1Password (my preferred) or LastPass among others to store your passwords safely. This way you don't have to remember anything except the one password to log into your password database. The database remembers everything else for you. The good ones can also generate good random passwords and keep track of password changes among other things.
2. A homemade spreadsheet option.
Okay you don't want to get a password safe, you can create your own spreadsheet to hold your information. Not exactly the safest way to do it, but certainly doable. Point in favor, you don't have to pay for anything. You could even use the basic notepad app every system comes with. However, it won't generate passwords for you and you will have to decide if you want encrypt the document in case your system is compromised or you lose your computer.
3. Stone Age - paper and pencil.
At the very least, decide what accounts are your most important. Banks, credit cards, utilities, email, social media (no one wants to try and unravel a breach through "facebook help" now do they?). List out the places you find the most important and make sure the passwords you use for each are different. Then you can use another single password for sites you don't consider important. Next, write them down in a notebook. If you don't leave the notebook at the local coffee shop, this could work for you.
UPDATE (by VW in the comments) The only thing I would add, is that you really should use one of the options you list and make sure your significant other knows what the 1pass is or the location of the spreadsheet or written paper.
How to create a decent password.
Ah - therein lies the rub. If you google it, you will get an endless list of helpful advice on how to create good passwords. What is unclear is exactly how good any of the advice might be.
Let's just go for an overall set of "rules", for lack of a better word, you can follow to create passwords that aren't quite so guessable by your roving hacker.
1. Check the website for any directions on what it will allow for passwords including length and types of characters. Some sites have major restrictions so create your password accordingly.
2. Length is your best bet. Go for between 10 to 15 characters if you can.
3. Use upper and lower case letters.
4. Use at least a couple of numbers.
5. If they allow it, use at least a couple of special characters such as !@#$%^_ ( or spaces.
But - how to remember it if you don't have a password database handy? If you create your own, the best thing is to use something like book titles or sentences from a favorite book and then embellish. (do not use family names, addresses, birthdates, that kind of thing)
A couple of examples might be like these I made up from Douglas Adam's Hitchhiker's Guide to the Galaxy
#D0n't^P4nick!
my_G@laxy-guiD3
Get creative. Look at it as a fun exercise.
As for changing passwords. There is some controversy there too. Once again it depends on your circumstances, who has access to your computer, that kind of thing. And let's be realistic, you are not going to change anything on a regular basis are you. Ha! Yes, I already know this.
If you ever think about changing passwords on important sites, when would be a good time? Maybe right after you've been traveling, every 6 months to a year, or if one of your accounts is "owned" that would be a good time to go through and change things. (as long as the attacker doesn't have access to your email account).
I think that covers the very very basics. It could be made much more complicated, but what would be the point? No one would do it then, just like they pretty much don't do it now.
For anyone still reading - congratulations. You deserve a medal for persevering to the end. Now that you've read this, think about it. If your current password strategy is the bare minimum, you can always improve it and save yourself some headaches later on. Or not. Up to you.
Now - you can go find something more fun to read.
Let me first state - this does not begin to cover everything to do with the subject at hand. It's just a blog post not a dissertation (although some of you may be wishing for a simple dissertation before I'm done and others stamping in a rage because I "forgot" something important). Consider it a glancing blow pointing out a few items that might help you stay a bit safer online. The vast majority of information will be omitted. That's life.
Passwords. What can we say about passwords? Well, the entirety of the username/password type of access system sucks. Period. It completely and totally sucks pond water. That will not change in the near future much as we all hate it. Until computers evolve enough to find better ways to know "we are who we say we are", we have to deal with it. This post won't be about better ways to do it. Those topics are fun to talk about but completely irrelevant to this discussion. We have to work with what we've got the best way we can.
So what's the number one problem with passwords? Remembering them. If you forget, you either give it up in disgust or you have to jump through hoops to get back in the system. We hate hoops. They waste time and cause massive irritation. We just want things to work. That is the entire problem in a nutshell.
So, what do people do about this? When they are at home and are not under the tyranny of computer security people at work, they go for the easiest solution. Pick a password that is memorable and use it everywhere. This would be what I call: Huge ass mistake number 1.
Here's one list of
The 25 worst passwords of 2011
Do you use any of these? Yeah? You might want to consider changing things in that case... just sayin'...
Everyone wants things to be easy. Security is not easy. It's a huge wet smelly blanket thrown over all the fun in life. If it was easy, this post wouldn't be necessary.
Let us move on to:
Huge ass mistake number 2. No one will know.
Ah yes, the "obscurity factor". No one will know what I choose for a password, they aren't sitting here, they can't see me type it. They can't possibly know so how could they guess? There's no way they can figure it out, it's not even a real "dictionary" word. (here's a hint: the hackers don't figure it out - they let computer tools figure it out - way easier)
It really is a toss up as to which of the 2 huge ass mistakes listed above are the worst. Both are parts of human nature and both make it very easy for people to totally ignore any advice that might help keep them safer online. Because... really... can't we all find something better to do with our limited free time? Like there is always a good excuse not to workout at the gym, there is always a good excuse to not to "worry" about passwords we use.
Of course, there is another difficulty. Even if you take as many precautions as possible, bad guys can still manage to make your life a misery. They have the advantage. They only need to find one way in, you have to block all ways in. Not fair and very tiring, but there it is. We're at a disadvantage before we start. Even people who are very good and try to do everything right can be "gotten" by a bad guy (especially if they are specifically targeted). So why should you make an effort? Because:
You don't want to be the low hanging fruit.
If the bad guys really want to get you, make them work for it! You don't want them to steal a username/password database like the RockYou data breach or the Gawker data breach, take that info and start trying to apply it to email accounts, credit card companies, or banks.
Since most username/password combos are email address/password, the first thing an intelligent hacker would do is try to use what they have to log into your email account. If you are a person who uses the same password everywhere - voilà! They're in. From there they can peruse your email and check out your bills and bank notices to figure out what to hit next. Simple.
To that end, let's go with some tips to help you fix your passwords. Let's start with where you'll keep them so you don't forget.
1. A database just for passwords.
Because it's best if you have a different password for every site where you log in, remembering becomes next to impossible. That's where a password database shines. You can use apps like 1Password (my preferred) or LastPass among others to store your passwords safely. This way you don't have to remember anything except the one password to log into your password database. The database remembers everything else for you. The good ones can also generate good random passwords and keep track of password changes among other things.
2. A homemade spreadsheet option.
Okay you don't want to get a password safe, you can create your own spreadsheet to hold your information. Not exactly the safest way to do it, but certainly doable. Point in favor, you don't have to pay for anything. You could even use the basic notepad app every system comes with. However, it won't generate passwords for you and you will have to decide if you want encrypt the document in case your system is compromised or you lose your computer.
3. Stone Age - paper and pencil.
At the very least, decide what accounts are your most important. Banks, credit cards, utilities, email, social media (no one wants to try and unravel a breach through "facebook help" now do they?). List out the places you find the most important and make sure the passwords you use for each are different. Then you can use another single password for sites you don't consider important. Next, write them down in a notebook. If you don't leave the notebook at the local coffee shop, this could work for you.
UPDATE (by VW in the comments) The only thing I would add, is that you really should use one of the options you list and make sure your significant other knows what the 1pass is or the location of the spreadsheet or written paper.
How to create a decent password.
Ah - therein lies the rub. If you google it, you will get an endless list of helpful advice on how to create good passwords. What is unclear is exactly how good any of the advice might be.
Let's just go for an overall set of "rules", for lack of a better word, you can follow to create passwords that aren't quite so guessable by your roving hacker.
1. Check the website for any directions on what it will allow for passwords including length and types of characters. Some sites have major restrictions so create your password accordingly.
2. Length is your best bet. Go for between 10 to 15 characters if you can.
3. Use upper and lower case letters.
4. Use at least a couple of numbers.
5. If they allow it, use at least a couple of special characters such as !@#$%^_ ( or spaces.
But - how to remember it if you don't have a password database handy? If you create your own, the best thing is to use something like book titles or sentences from a favorite book and then embellish. (do not use family names, addresses, birthdates, that kind of thing)
A couple of examples might be like these I made up from Douglas Adam's Hitchhiker's Guide to the Galaxy
#D0n't^P4nick!
my_G@laxy-guiD3
Get creative. Look at it as a fun exercise.
As for changing passwords. There is some controversy there too. Once again it depends on your circumstances, who has access to your computer, that kind of thing. And let's be realistic, you are not going to change anything on a regular basis are you. Ha! Yes, I already know this.
If you ever think about changing passwords on important sites, when would be a good time? Maybe right after you've been traveling, every 6 months to a year, or if one of your accounts is "owned" that would be a good time to go through and change things. (as long as the attacker doesn't have access to your email account).
I think that covers the very very basics. It could be made much more complicated, but what would be the point? No one would do it then, just like they pretty much don't do it now.
For anyone still reading - congratulations. You deserve a medal for persevering to the end. Now that you've read this, think about it. If your current password strategy is the bare minimum, you can always improve it and save yourself some headaches later on. Or not. Up to you.
Now - you can go find something more fun to read.
Posted by: Teresa in
WebTech
at
07:47 PM
| Comments (10)
| Add Comment
Post contains 1573 words, total size 10 kb.
April 15, 2012
When in doubt start pointing fingers
Well it looks like Google is in a bit of hot water with the government
Google fined $25,000 for impeding FCC investigation
That's it? Twenty-five thou is not even pocket change for this company, it's more like pocket lint. They lose more than this between the cracks of the server farm frames every day.
In their infinite wisdom, The Goog has decided they are not turning anything over to the eeeevil US government merely because some of their more zealous employees broke a little bitty law. Pish and tush!
After all they are only following the dictum of Eric Schmidt their executive chairman.
Which, it seems, the company took to include the collection of your username and password along with other data as they drove by.
However, I guess this bit of government interference has been just a tad too much for the old Goog to tolerate. One of the "don't be evil" founders has taken to the news media to loudly proclaim:
Web freedom facing greatest threat: Google founder
Seriously? Apple, Facebook, and the government are all out to destroy the internet? They are all eeeeevil!!! But the Goog... the Goog is pure of heart and wants only the best for us all!
Right.
While portions of the government seem hell bent on taking away our internet freedom, why do I have the feeling Brin is talking about one particular agency?
Maybe The Goog should take Eric's advice above. After all he's one of their top guys. Isn't that why they pay him?
Now, how long before I'm totally delisted form Google for this completely offensive post. Ha.
Google fined $25,000 for impeding FCC investigation
That's it? Twenty-five thou is not even pocket change for this company, it's more like pocket lint. They lose more than this between the cracks of the server farm frames every day.
In their infinite wisdom, The Goog has decided they are not turning anything over to the eeeevil US government merely because some of their more zealous employees broke a little bitty law. Pish and tush!
But Google also collected passwords, Internet usage history and other sensitive personal data that was not needed for its location database project, the FCC said.
After all they are only following the dictum of Eric Schmidt their executive chairman.
"If you have something that you don’t want anyone to know maybe you shouldn’t be doing it in the first place”
Which, it seems, the company took to include the collection of your username and password along with other data as they drove by.
However, I guess this bit of government interference has been just a tad too much for the old Goog to tolerate. One of the "don't be evil" founders has taken to the news media to loudly proclaim:
Web freedom facing greatest threat: Google founder
Seriously? Apple, Facebook, and the government are all out to destroy the internet? They are all eeeeevil!!! But the Goog... the Goog is pure of heart and wants only the best for us all!
Right.
While portions of the government seem hell bent on taking away our internet freedom, why do I have the feeling Brin is talking about one particular agency?
Maybe The Goog should take Eric's advice above. After all he's one of their top guys. Isn't that why they pay him?
Now, how long before I'm totally delisted form Google for this completely offensive post. Ha.
Posted by: Teresa in
WebTech
at
09:47 PM
| Comments (2)
| Add Comment
Post contains 321 words, total size 2 kb.
April 10, 2012
Patchy - Patchy Please
New windows updates came out today. Time to patch as there are exploits in the wild already.
Interestingly enough on reading the article linked above, we're back to nasty stuff being passed along via Windows Office documents. Please be careful and don't just open stuff that hits your inbox!
You'd think after all these years people would kinda get that. But apparently such is not the case.
In Apple news, they will be releasing software to get rid of the Flashback trojan. They are also trying to take the botnet offline. Of course as with any botnet, the only way to get rid of it is to get rid of all of it. Depends on how distributed it is as to whether they can take it down. We shall see.
This has been a public service announcement on behalf of your computer. Thank you for your cooperation.
Interestingly enough on reading the article linked above, we're back to nasty stuff being passed along via Windows Office documents. Please be careful and don't just open stuff that hits your inbox!
You'd think after all these years people would kinda get that. But apparently such is not the case.
In Apple news, they will be releasing software to get rid of the Flashback trojan. They are also trying to take the botnet offline. Of course as with any botnet, the only way to get rid of it is to get rid of all of it. Depends on how distributed it is as to whether they can take it down. We shall see.
This has been a public service announcement on behalf of your computer. Thank you for your cooperation.
Posted by: Teresa in
WebTech
at
08:44 PM
| No Comments
| Add Comment
Post contains 151 words, total size 1 kb.
April 05, 2012
All That Java - small update
I'm a little late blogging this. Sorry about that. But here's a quick tip for everyone browsing about the web. Windows, Mac, it doesn't matter.
If you have Java on your system please disable it! (instructions on that to follow)
Yes you see it in bold because this has been the week of the Java meltdown and it's not pretty. If you've missed the high drama surrounding this bit malware fun and games you can catch up via this post at F-Secure.
Mac Flashback Infections
If you aren't interested in backtracking through all of it, suffice it to say, Apple left Java unpatched for about 6 months... finally sending out the patch yesterday after the news hit the internet that it was a problem. Guess what happened... the Java hole that had been patched by Oracle but NOT by Apple was exploited on Macs running Java. All people had to do was hit a web site with an infected Java applet and voilà! instant own by the trojan. Yippee Skippee.
So let's start with the Mac people... did you get owned? (If you are running a new machine with Lion you might not have Java - it does not come on Mac with Lion and would only be there if you downloaded it)
If you are a Mac user, certainly check your updates and make sure you've got it patched. Then open a terminal window (it's in Applications --> Utilities --> Terminal.app). Terminal looks like an old DOS window with cute things like your computer name and $ where you would enter text if you knew what to type. Well, here you go, enter the following - you can cut and paste from here:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
Hit enter. If it says:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
Breathe a small sigh of relief. If you run Firefox, you'll need to change the Safari.app to Firefox.app and do it again.
Next copy and paste this into the terminal window:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
Hit enter. Once again if you receive:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
All is well and you are set. (BTW the "joe" above will be your login name) If you got anything other than the "does not exist" message for either of these commands, see the F-Secure Disinfection Page to get rid of it.
Now... on to the fix. Disable Java! You can do this in several ways. Either disable Java in the browser, disable it on the system or remove it from your system. I would suggest disabling both the system and browser, wait about a month. If you haven't broken anything, remove it from your system. That should be the least traumatic way to do this. If something is broken, you'll then have to decide if it's worth keeping Java or not. You could keep it and only enable it when you really need to use it.
So here we go:
Windows:
On the system. Go to control panel. In the search bar type in "Java". This should bring up the Java entry. Click this to open the Java panel. There are several tabs across the top, click the "Java" tab. Click on "View" it will open a new little window. Uncheck the "Enable" box and click "OK". Then "OK" again to close the Java box.
In IE (this might be different for different versions - I have the latest so I hope you don't have to search too hard to find this). Open the "Internet Options" box. In the latest version it's located in the "settings wheel" on the top right of the browser. Click the "Programs" tab and the the "Manage add-ons" button. Scroll down and you should see the Java plugin(s). Disable them.
In Firefox open the "Options" box. Under the "General" tab (the first tab!) Click the "Manage Add-ons" box. Disable the Java plugin(s).
Restart the browser. That should do it for Windows.
Mac:
Open Finder. Type in "Java Preferences" in the search bar. You will have to scroll, but it should be in the list of stuff there. The icon is a cup of coffee with a window background. Click it to open. Depending on your system you may have both a 32bit and 64bit Java. Doesn't really matter, just uncheck the boxes under the "general" tab. Then you can close the window.
In Safari:
Open Preferences. Go to the Security tab and uncheck "enable Java". That's it.
In Firefox - go to Tools -- Add-ons and disable Java.
Now at least you might not pick up any unwelcome little trojans. Maybe. At least for a little while.
I hope the instructions make sense. If not, you can ask, or you can find a local geek who can help.
****
I don't have Chrome, but it looks like you don't have to do anything if you do have it : For Java specifically, Chrome now disables Java by default on all pages and prompts you to allow it to run each time a site needs it. So you should be okay with the browser part.
***
Update 2: I should be clear that Apple didn't patch Java for about 6 months. But the current exploited hole is one that Oracle patched in February. Be that as it may, there were other Java patches in the meantime just not noted as being exploited on Macs like this one.
If you have Java on your system please disable it! (instructions on that to follow)
Yes you see it in bold because this has been the week of the Java meltdown and it's not pretty. If you've missed the high drama surrounding this bit malware fun and games you can catch up via this post at F-Secure.
Mac Flashback Infections
If you aren't interested in backtracking through all of it, suffice it to say, Apple left Java unpatched for about 6 months... finally sending out the patch yesterday after the news hit the internet that it was a problem. Guess what happened... the Java hole that had been patched by Oracle but NOT by Apple was exploited on Macs running Java. All people had to do was hit a web site with an infected Java applet and voilà! instant own by the trojan. Yippee Skippee.
So let's start with the Mac people... did you get owned? (If you are running a new machine with Lion you might not have Java - it does not come on Mac with Lion and would only be there if you downloaded it)
If you are a Mac user, certainly check your updates and make sure you've got it patched. Then open a terminal window (it's in Applications --> Utilities --> Terminal.app). Terminal looks like an old DOS window with cute things like your computer name and $ where you would enter text if you knew what to type. Well, here you go, enter the following - you can cut and paste from here:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
Hit enter. If it says:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
Breathe a small sigh of relief. If you run Firefox, you'll need to change the Safari.app to Firefox.app and do it again.
Next copy and paste this into the terminal window:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
Hit enter. Once again if you receive:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
All is well and you are set. (BTW the "joe" above will be your login name) If you got anything other than the "does not exist" message for either of these commands, see the F-Secure Disinfection Page to get rid of it.
Now... on to the fix. Disable Java! You can do this in several ways. Either disable Java in the browser, disable it on the system or remove it from your system. I would suggest disabling both the system and browser, wait about a month. If you haven't broken anything, remove it from your system. That should be the least traumatic way to do this. If something is broken, you'll then have to decide if it's worth keeping Java or not. You could keep it and only enable it when you really need to use it.
So here we go:
Windows:
On the system. Go to control panel. In the search bar type in "Java". This should bring up the Java entry. Click this to open the Java panel. There are several tabs across the top, click the "Java" tab. Click on "View" it will open a new little window. Uncheck the "Enable" box and click "OK". Then "OK" again to close the Java box.
In IE (this might be different for different versions - I have the latest so I hope you don't have to search too hard to find this). Open the "Internet Options" box. In the latest version it's located in the "settings wheel" on the top right of the browser. Click the "Programs" tab and the the "Manage add-ons" button. Scroll down and you should see the Java plugin(s). Disable them.
In Firefox open the "Options" box. Under the "General" tab (the first tab!) Click the "Manage Add-ons" box. Disable the Java plugin(s).
Restart the browser. That should do it for Windows.
Mac:
Open Finder. Type in "Java Preferences" in the search bar. You will have to scroll, but it should be in the list of stuff there. The icon is a cup of coffee with a window background. Click it to open. Depending on your system you may have both a 32bit and 64bit Java. Doesn't really matter, just uncheck the boxes under the "general" tab. Then you can close the window.
In Safari:
Open Preferences. Go to the Security tab and uncheck "enable Java". That's it.
In Firefox - go to Tools -- Add-ons and disable Java.
Now at least you might not pick up any unwelcome little trojans. Maybe. At least for a little while.
I hope the instructions make sense. If not, you can ask, or you can find a local geek who can help.
****
I don't have Chrome, but it looks like you don't have to do anything if you do have it : For Java specifically, Chrome now disables Java by default on all pages and prompts you to allow it to run each time a site needs it. So you should be okay with the browser part.
***
Update 2: I should be clear that Apple didn't patch Java for about 6 months. But the current exploited hole is one that Oracle patched in February. Be that as it may, there were other Java patches in the meantime just not noted as being exploited on Macs like this one.
Posted by: Teresa in
WebTech
at
10:30 PM
| Comments (5)
| Add Comment
Post contains 912 words, total size 6 kb.
March 12, 2012
Posterous Bought By Twitter
The big news this evening... that Posterous is now a part of Twitter.
I have my iphone photo blog on Posterous. (Technicalities to Go) although I haven't been posting much of anything lately. It's dead easy to post using only an email then it will send out messages via twitter, facebook, flickr, etc, etc, etc. Can't hardly beat it.
Guess it's wait and see time. I do hope it doesn't go away. If it ends up being dissolved I'll be very unhappy. That's the blogging life I suppose.
I have my iphone photo blog on Posterous. (Technicalities to Go) although I haven't been posting much of anything lately. It's dead easy to post using only an email then it will send out messages via twitter, facebook, flickr, etc, etc, etc. Can't hardly beat it.
Guess it's wait and see time. I do hope it doesn't go away. If it ends up being dissolved I'll be very unhappy. That's the blogging life I suppose.
Posted by: Teresa in
WebTech
at
08:49 PM
| Comments (2)
| Add Comment
Post contains 92 words, total size 1 kb.
March 02, 2012
An Amazing Woman
Grace Hopper who was a computer scientist before the term was even coined. Here's a short vid where she explains the "nanosecond". I so wish I had had her for a teacher in school.
Mind Your Nanoseconds!
I'm pretty sure she could teach today's young programmers a thing or two or three.
Mind Your Nanoseconds!
I'm pretty sure she could teach today's young programmers a thing or two or three.
Posted by: Teresa in
WebTech
at
05:03 PM
| Comments (2)
| Add Comment
Post contains 55 words, total size 1 kb.
March 01, 2012
If You Have That "Someone Is Watching Me" Feeling
You may not be too far off. It's amazing how much data we give off to the world at large.
Phone Call 'Line Noise' Could Expose Thieves
In this case the data being watched is being used for "good" according to the people writing the article. However, if you give it a little thought you could see how it might be used in many and varied nefarious ways.
If you are interested in a true expert talking about this, Patrick Gray of Risky Business has a two part interview with the incredibly brilliant Dan Geer. I was fortunate enough to hear Dan speak at a meeting recently and I swear I would have become a statistician if he had been my stats teacher in college... amazing man!
Part 1 of the interview is "Digital Exhaust"
Part 2 of the interview is "Surveillance"
Be aware... the first 20 minutes or so of the show is security news. I find it fascinating and informative, but you may want to fast forward until the interview starts directly after the news.
Keep looking over your shoulder - you never know who is watching.
Phone Call 'Line Noise' Could Expose Thieves
In this case the data being watched is being used for "good" according to the people writing the article. However, if you give it a little thought you could see how it might be used in many and varied nefarious ways.
If you are interested in a true expert talking about this, Patrick Gray of Risky Business has a two part interview with the incredibly brilliant Dan Geer. I was fortunate enough to hear Dan speak at a meeting recently and I swear I would have become a statistician if he had been my stats teacher in college... amazing man!
Part 1 of the interview is "Digital Exhaust"
Part 2 of the interview is "Surveillance"
Be aware... the first 20 minutes or so of the show is security news. I find it fascinating and informative, but you may want to fast forward until the interview starts directly after the news.
Keep looking over your shoulder - you never know who is watching.
Posted by: Teresa in
WebTech
at
10:07 PM
| No Comments
| Add Comment
Post contains 198 words, total size 2 kb.
January 31, 2012
Winding Your Way Through Google's Latest Privacy Maze - UPDATE
***sorry wrong wrong link earlier - fixed now. Ha! ***
If you don't want to completely drop Google from your world, Naked Security will give you the step by step of what to look for.
How to navigate Google's privacy options
It's so tiring having to go back and redo privacy options all the time. Of course we all know the reason these places keep changing things is in hopes you'll eventually just say "the hell with it, I'm tired of messing with these things" and then they get their way and get to track you all over.
If you don't want to completely drop Google from your world, Naked Security will give you the step by step of what to look for.
How to navigate Google's privacy options
It's so tiring having to go back and redo privacy options all the time. Of course we all know the reason these places keep changing things is in hopes you'll eventually just say "the hell with it, I'm tired of messing with these things" and then they get their way and get to track you all over.
Posted by: Teresa in
WebTech
at
03:23 PM
| Comments (3)
| Add Comment
Post contains 108 words, total size 1 kb.
January 20, 2012
IPhone Battery Life : now with a tiny update
When Apple updated their stuff (all at the same time... what could POSSIBLY go wrong?). There was a sudden battery life issue for many iphone users.
It seemed to be random. Some people had issues others didn't. Why? What could have caused it?
I think I found the answer. (although only the few peeps who read my blog will ever know - you'll be cutting edge - ha!).
I did not do all the upgrades at once. The first thing I did was upgrade my iphone 4 to iOS 5. That's it. No other changes. No iCloud, no Lion on my Mac... just iOS 5. And my battery life went into a tailspin.
I did all the little tricks that have been posted and I mostly got a better battery life, but it wasn't great. I mean smartphones already have sucky battery life it doesn't help if one upgrades and it's suddenly worse.
I waited around for a few months. I let masses of Apple fans upgrade immediately and fail on all aspects. They moaned and complained and lost stuff. I waited longer still. I had Mobile Me and I had until June.
In another post I talked about the next upgrade. Lion went smoothly but iCloud was a huge annoyance. I finally got the account straight. Thank heaven! But my iphone battery life went straight down the toilet... again.
This time I knew it had to be something to do with iCloud or there was a slim possibility it had to do with my gmail account being on my iphone.
First of all I deleted my gmail account and added it back. It's all imap and no mail actually sits on my phone thus it was simple. No change though. One down. On to the next.
Then I went into the iCloud settings. I turned off everything except Mail... the others are (contacts, calendars, reminders, bookmarks, notes, photostream, documents and find my iphone). Rebooted. Battery life - phenominal!
Next I started turning things back on one at a time. I never have Notes or documents to sync, so those remain off. If I want to sync a note I use Evernote. Since I wouldn't even be able to see a document on my iphone, there's no point in bringing those in.
First I turned on contacts, then calendars. No problems. Then I turned on Reminders. Still no problems. Then Find my iphone. Still okay.
Then Bookmark sync... OMG battery life started draining at a rate of about 10% (on further though I should make this 10-20%) per hour!!! Holy crap!!! Bookmarks? I vaguely remember getting a periodic message on my Mac telling me that Bookmarks were not syncing properly... I should have paid more attention. I always ignored it because I don't use Safari. There is no reason for me to sync bookmarks I just wanted to test it. I was absolutely blown away. Bookmark sync must run continuously in the background. If I had the battery charged to 100% it was dead by morning. Completely dead. No life at all.
So Bookmark sync is off. I even have photostream back on and the battery life continues in the phenomenal range. How weird is that. I have not heard a thing from anyone else anywhere with similar findings.
If you know someone with an iphone and they are having battery issues... they might want to check for bookmark sync on either Mobile Me or iCloud.
Geeze. I'm still stunned.
*****
Tiny update: I do have a couple of apps like Omnifocus and a couple of calendar apps that tend to make my battery drain too fast for my liking. If I turn those off in the background I'm much happier. Thought I should throw that out there.
I should also be clear - I had the notes feature off on Mobile Me (documents was not available and was not on by default) so neither of these could have been draining battery life.
It seemed to be random. Some people had issues others didn't. Why? What could have caused it?
I think I found the answer. (although only the few peeps who read my blog will ever know - you'll be cutting edge - ha!).
I did not do all the upgrades at once. The first thing I did was upgrade my iphone 4 to iOS 5. That's it. No other changes. No iCloud, no Lion on my Mac... just iOS 5. And my battery life went into a tailspin.
I did all the little tricks that have been posted and I mostly got a better battery life, but it wasn't great. I mean smartphones already have sucky battery life it doesn't help if one upgrades and it's suddenly worse.
I waited around for a few months. I let masses of Apple fans upgrade immediately and fail on all aspects. They moaned and complained and lost stuff. I waited longer still. I had Mobile Me and I had until June.
In another post I talked about the next upgrade. Lion went smoothly but iCloud was a huge annoyance. I finally got the account straight. Thank heaven! But my iphone battery life went straight down the toilet... again.
This time I knew it had to be something to do with iCloud or there was a slim possibility it had to do with my gmail account being on my iphone.
First of all I deleted my gmail account and added it back. It's all imap and no mail actually sits on my phone thus it was simple. No change though. One down. On to the next.
Then I went into the iCloud settings. I turned off everything except Mail... the others are (contacts, calendars, reminders, bookmarks, notes, photostream, documents and find my iphone). Rebooted. Battery life - phenominal!
Next I started turning things back on one at a time. I never have Notes or documents to sync, so those remain off. If I want to sync a note I use Evernote. Since I wouldn't even be able to see a document on my iphone, there's no point in bringing those in.
First I turned on contacts, then calendars. No problems. Then I turned on Reminders. Still no problems. Then Find my iphone. Still okay.
Then Bookmark sync... OMG battery life started draining at a rate of about 10% (on further though I should make this 10-20%) per hour!!! Holy crap!!! Bookmarks? I vaguely remember getting a periodic message on my Mac telling me that Bookmarks were not syncing properly... I should have paid more attention. I always ignored it because I don't use Safari. There is no reason for me to sync bookmarks I just wanted to test it. I was absolutely blown away. Bookmark sync must run continuously in the background. If I had the battery charged to 100% it was dead by morning. Completely dead. No life at all.
So Bookmark sync is off. I even have photostream back on and the battery life continues in the phenomenal range. How weird is that. I have not heard a thing from anyone else anywhere with similar findings.
If you know someone with an iphone and they are having battery issues... they might want to check for bookmark sync on either Mobile Me or iCloud.
Geeze. I'm still stunned.
*****
Tiny update: I do have a couple of apps like Omnifocus and a couple of calendar apps that tend to make my battery drain too fast for my liking. If I turn those off in the background I'm much happier. Thought I should throw that out there.
I should also be clear - I had the notes feature off on Mobile Me (documents was not available and was not on by default) so neither of these could have been draining battery life.
Posted by: Teresa in
WebTech
at
11:01 PM
| Comments (5)
| Add Comment
Post contains 672 words, total size 4 kb.
January 11, 2012
Patch It Up
Yesterday was patch Tuesday for Windows machines. If this is your OS, get the patches done please.
Also, you may remember my post from December about the Zero Day exploits for Adobe. If you must use Adobe Reader and/or Acrobat, they now have the patches available.
That is all.
Also, you may remember my post from December about the Zero Day exploits for Adobe. If you must use Adobe Reader and/or Acrobat, they now have the patches available.
That is all.
Posted by: Teresa in
WebTech
at
11:56 AM
| Comments (2)
| Add Comment
Post contains 52 words, total size 1 kb.
December 10, 2011
And Now It's Adobe Flash
Ho-Hum... another day another Adobe Exploit.
This time it's Adobe Flash with a Zero Day
The most relevant bit... since there is no fix available and heaven knows when there will be.
UPDATE: found this vid at CNET that walks you through how to use noscript if you add it to Firefox.
This time it's Adobe Flash with a Zero Day
The most relevant bit... since there is no fix available and heaven knows when there will be.
The exploits should be addressed by Adobe sooner or later, but until then you might consider a tool like Click2Flash, NoScript, or Click2Plugin for blocking unwanted Flash content from running on your system.
UPDATE: found this vid at CNET that walks you through how to use noscript if you add it to Firefox.
Posted by: Teresa in
WebTech
at
11:59 AM
| Comments (3)
| Add Comment
Post contains 90 words, total size 1 kb.
December 08, 2011
Do You Use Adobe Reader?
There is currently a zero day exploit - a hole in the software that is known but has no patch available as yet - making the rounds.
Security Threat in Reader
I'm linking to a Mac site because it needs to be emphasized that this is a problem with Adobe Reader NOT just on Windows PC's but on Windows, Mac, and even UNIX machines (which I assume includes Linux).
Version 9.4.6 is the currently exploited software (there is malicious software in the wild). On Windows machines, it will be patched next week. If you are on a Mac or on Unix using this version you are SOL because... hey dudes, it's the holidays! They'll get something out early next year...
Oh... Jolly good then.
If you have a new version of Adobe 10.1.1 there are some options available. The first paragraph refers to Mac (because it is a Mac site).
Or better yet - get rid of Adobe if you can. If you are only using it to read pdf's, then for heaven sake - on Mac use Preview. It's on your system and it's free. If you need a pdf type thing that's allows you to edit, use PDF Pen. It's great and it's cheap!
If you use Windows, do yourself a huge favor and grab Foxit Reader. It's free and about 1000% faster when opening PDF files than Adobe is. They also have editing software that is not too expensive (although I have not used it).
Really - get off Adobe Reader - get it off your system and you will be safer and be able to read documents far faster than you can with it.
Security Threat in Reader
I'm linking to a Mac site because it needs to be emphasized that this is a problem with Adobe Reader NOT just on Windows PC's but on Windows, Mac, and even UNIX machines (which I assume includes Linux).
Version 9.4.6 is the currently exploited software (there is malicious software in the wild). On Windows machines, it will be patched next week. If you are on a Mac or on Unix using this version you are SOL because... hey dudes, it's the holidays! They'll get something out early next year...
Oh... Jolly good then.
If you have a new version of Adobe 10.1.1 there are some options available. The first paragraph refers to Mac (because it is a Mac site).
To enable protected view in Adobe's Reader X and Acrobat X products, go to the Edit menu and select Preferences. Then select "Security (Enhanced)" and check the option to "Enable Enhanced Security," ensure that either the "All Files" or "Files from potentially usafe locations" are checked if they are available.
On Windows PCs you can also go to the "General" section of the preferences and ensure that "Enable Protected Mode at Startup" is selected, but this option is not available for Reader on OS X.
Or better yet - get rid of Adobe if you can. If you are only using it to read pdf's, then for heaven sake - on Mac use Preview. It's on your system and it's free. If you need a pdf type thing that's allows you to edit, use PDF Pen. It's great and it's cheap!
If you use Windows, do yourself a huge favor and grab Foxit Reader. It's free and about 1000% faster when opening PDF files than Adobe is. They also have editing software that is not too expensive (although I have not used it).
Really - get off Adobe Reader - get it off your system and you will be safer and be able to read documents far faster than you can with it.
Posted by: Teresa in
WebTech
at
02:02 PM
| Comments (7)
| Add Comment
Post contains 368 words, total size 2 kb.
November 30, 2011
Malware? Who Needs Malware? - Updated at bottom of post and another Update too.
Many people are tweeting the story in The Register today. The app in question is on many Android devices including HTC units, also Blackberry and Nokia phones.
BUSTED! Secret app on millions of phones logs key taps
I went and found the youtube vid for those who are geekily inclined.
Many people will see this and say it's overly paranoid. But the app is recording everything. Stop and think about that for just one minute. Ponder exactly what that means. Every keystroke, all your locations, everything all in one tidy log package. How convenient.
Go now and read the whole thing, it's one page, I'll wait til you get back.
Carrier IQ is making the point that the data is being used for diagnostics. Since phones crash using any of the included software as well as during calls, it would make sense to have a log of information including what happened prior to any type of crash be it browser based, messaging based, phone based, or app based.
BUT once information gathering starts, bad things can and do happen.
Let me repeat, in case I wasn't clear enough earlier... the problem is, they are recording everything, all keystrokes... private data like usernames and passwords, banking information if you bank via your phone, emails you type out and send, sms messages you send, wifi information including SSIDs of other wifi's nearby, your location at any given time, etc, etc, etc.
This is wrong on so many levels it's enough to leave one gasping at the extent of the over reach in data gathering.
And then your private data can be included in the snippets sent back without your knowledge when carriers are trying to find a problem. That's a best case scenario.
If that's not enough to worry about how about these major items of concern:
1. This information is being stored in a log file that is not encrypted. This log file can be accessed, copied, and transmitted by other malicious apps.
2. It's not clear to me if you do a copy/paste from a password safe (such as Last Pass) whether the usernames/passwords would be recorded since they would not be actual keystrokes. Then again how many people actually use a password safe type of app? Not many, sadly.
3. This certainly violates many laws such as HIPAA among others which means companies that fall under these regulations have to figure out fast how to deal with this.
So far we don't know that any data has been compromised because of this, but now that the information has been released, you know there will be many a data thief looking for ways to exploit this huge security flaw.
Why oh why is it so hard for people to get it through their thick skulls that collecting private data is NOT a good thing without careful thought as to how it's done and how it's protected. How many times does this have to happen?
Carrier IQ and any companies using this service, stop looking so dumbfounded. It's sheer idiocy to be using this type of logging and you should already know that.
Ah the joys of being connected in an internet world.
PS - it wasn't too long ago there was an utter meltdown in the world because Apple was collecting location data (only location data) on the phone itself. If the response to this app is at all in proportion it should cause the world to stop revolving and then explode.
UPDATE: Sheri posted a link to a Naked Security Blog post about this issue in her comment. I thought it should be added to the end of the main post. Also, in that blog post they reference another post about Carrier IQ traces in Apple's iOS devices but it appears to be a true diagnostic feature in Apple
***
UPDATE 2: Dan Rosenberg, a security researcher who specializes on Android type devices, has written his own post to dispute some of the claims made by the original story.
It appears to be HTC who is the culprit behind the major overkill of information being gathered in the video, not CarrierIQ. I was never all that disturbed by the general information being gathered such as phone numbers dialed, location, that kind of thing. First because the carrier already has access to that info and second, you can't debug a problem without information.
The part I find disturbing is the very verbose collection of keystroke data that is kept in a log on the device. If the device is lost or stolen, that log would be available to whoever ends up with the device in hand. Or a malicious app could grab the log file and send it to a remote server over the airwaves without the user even know it. So until HTC changes the type of data it is collecting in the background - I can't say they can be trusted to provide any devices I would want to use as my own phone.
BUSTED! Secret app on millions of phones logs key taps
An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users.
I went and found the youtube vid for those who are geekily inclined.
Many people will see this and say it's overly paranoid. But the app is recording everything. Stop and think about that for just one minute. Ponder exactly what that means. Every keystroke, all your locations, everything all in one tidy log package. How convenient.
Go now and read the whole thing, it's one page, I'll wait til you get back.
Carrier IQ is making the point that the data is being used for diagnostics. Since phones crash using any of the included software as well as during calls, it would make sense to have a log of information including what happened prior to any type of crash be it browser based, messaging based, phone based, or app based.
BUT once information gathering starts, bad things can and do happen.
Let me repeat, in case I wasn't clear enough earlier... the problem is, they are recording everything, all keystrokes... private data like usernames and passwords, banking information if you bank via your phone, emails you type out and send, sms messages you send, wifi information including SSIDs of other wifi's nearby, your location at any given time, etc, etc, etc.
This is wrong on so many levels it's enough to leave one gasping at the extent of the over reach in data gathering.
And then your private data can be included in the snippets sent back without your knowledge when carriers are trying to find a problem. That's a best case scenario.
If that's not enough to worry about how about these major items of concern:
1. This information is being stored in a log file that is not encrypted. This log file can be accessed, copied, and transmitted by other malicious apps.
2. It's not clear to me if you do a copy/paste from a password safe (such as Last Pass) whether the usernames/passwords would be recorded since they would not be actual keystrokes. Then again how many people actually use a password safe type of app? Not many, sadly.
3. This certainly violates many laws such as HIPAA among others which means companies that fall under these regulations have to figure out fast how to deal with this.
So far we don't know that any data has been compromised because of this, but now that the information has been released, you know there will be many a data thief looking for ways to exploit this huge security flaw.
Why oh why is it so hard for people to get it through their thick skulls that collecting private data is NOT a good thing without careful thought as to how it's done and how it's protected. How many times does this have to happen?
Carrier IQ and any companies using this service, stop looking so dumbfounded. It's sheer idiocy to be using this type of logging and you should already know that.
Ah the joys of being connected in an internet world.
PS - it wasn't too long ago there was an utter meltdown in the world because Apple was collecting location data (only location data) on the phone itself. If the response to this app is at all in proportion it should cause the world to stop revolving and then explode.
UPDATE: Sheri posted a link to a Naked Security Blog post about this issue in her comment. I thought it should be added to the end of the main post. Also, in that blog post they reference another post about Carrier IQ traces in Apple's iOS devices but it appears to be a true diagnostic feature in Apple
However, the good news is that it does not appear to actually send any information so long as a setting called DiagnosticsAllowed is set to off, which is the default. Finally, the local logs on iOS seem to store much less information than what has been seen on Android, limited to some call activity and location (if enabled), but not any text from the web browser, SMS, or anywhere else.
***
UPDATE 2: Dan Rosenberg, a security researcher who specializes on Android type devices, has written his own post to dispute some of the claims made by the original story.
It appears to be HTC who is the culprit behind the major overkill of information being gathered in the video, not CarrierIQ. I was never all that disturbed by the general information being gathered such as phone numbers dialed, location, that kind of thing. First because the carrier already has access to that info and second, you can't debug a problem without information.
The part I find disturbing is the very verbose collection of keystroke data that is kept in a log on the device. If the device is lost or stolen, that log would be available to whoever ends up with the device in hand. Or a malicious app could grab the log file and send it to a remote server over the airwaves without the user even know it. So until HTC changes the type of data it is collecting in the background - I can't say they can be trusted to provide any devices I would want to use as my own phone.
Posted by: Teresa in
WebTech
at
02:44 PM
| Comments (8)
| Add Comment
Post contains 950 words, total size 7 kb.
November 09, 2011
Got An Android Based Phone?
Here's a chart showing a number of models and how out of date the software versions are on them. There doesn't seem to be much that can be done about the update problem since it's per vendor, but you may want to be very careful about what you do on your phone if you are using an out of date OS.
Like Windows of old, out of date OS installs are open to security problems. In other words you may want to rethink doing your banking on them among other things. heh.
the understatement: Android Orphans: Visualizing a Sad History of Support
If you want to hear the author of the post talk about how he developed the chart, he was interviewed by Patrick Gray of Risky Business and you can listen to the podcast here.
Like Windows of old, out of date OS installs are open to security problems. In other words you may want to rethink doing your banking on them among other things. heh.
the understatement: Android Orphans: Visualizing a Sad History of Support
If you want to hear the author of the post talk about how he developed the chart, he was interviewed by Patrick Gray of Risky Business and you can listen to the podcast here.
Posted by: Teresa in
WebTech
at
10:44 PM
| Comments (7)
| Add Comment
Post contains 141 words, total size 1 kb.
October 20, 2011
Patchy - Patchy
A big Java update was released today. It's time to patch that Java on your pc's. Why? Because the holes being patched can be exploited simply by surfing to a website with malware java script. It can even be a reputable website that is unknowingly hosting java malware ads.
If you turned off auto updates because they are a PITA (yes I turned mine off), then go to Control Panel and type "Java" into the search box to find it. Click the update tab and then the "update now" button to get started. It's pretty quick and you don't have to do a restart which is nice.
On Mac you'll have to wait until Apple releases an update.
If you turned off auto updates because they are a PITA (yes I turned mine off), then go to Control Panel and type "Java" into the search box to find it. Click the update tab and then the "update now" button to get started. It's pretty quick and you don't have to do a restart which is nice.
On Mac you'll have to wait until Apple releases an update.
Posted by: Teresa in
WebTech
at
11:31 AM
| Comments (7)
| Add Comment
Post contains 121 words, total size 1 kb.
October 12, 2011
Whoosh!
That whooshing noise you hear is the sound of all the people (aka fanboys) who use Apple devices trying to get the iOS5 update and iCloud going... all at the same time. Bits and bytes are flowing at an unprecedented rate over the net. Causing bliss for some and chaos for others.
While iOS5 sounds like a terrific update... yes, I want it on my iPhone... all I have to do is look at my twitter stream to see the results of the onslaught.
Just a few:
This is what happens when there is a highly anticipated software release and everyone is waiting for the words "It's live!".
At this point it's nearly impossible to figure out if the failures are due to server problems, network problems, device problems, or any combination of the above.
Of course some out there downloaded and upgraded with no problem at all. It's hit or miss which is not surprising. The funny thing is, in about 24 hours all the hoopla will have died down and it will all go smoothly.
So, just like I missed all those opening nights at the theaters with billions of people trying to see the must see movie of the millennium. And all the years I didn't buy the must buy toy of the season for my kids. I will wait and do my upgrade in a more leisurely fashion. There might be problems, but then there always are problems. Why add to the headache by wading in with millions of others at exactly the same time?
Oh and if you are going to be doing any Apple updating, please for the love of heaven back up your data first!!!
While iOS5 sounds like a terrific update... yes, I want it on my iPhone... all I have to do is look at my twitter stream to see the results of the onslaught.
Just a few:
@switchermark
Is everyone having trouble moving to iCloud? Is it just system overload?
@beaker
iFail. Oh well. Don't call.
@foresmac
Why does the iOS update process, which keeps erroring when contacting Apple's servers, have to do a full backup EVERY. SINGLE. TIME?
This is what happens when there is a highly anticipated software release and everyone is waiting for the words "It's live!".
At this point it's nearly impossible to figure out if the failures are due to server problems, network problems, device problems, or any combination of the above.
Of course some out there downloaded and upgraded with no problem at all. It's hit or miss which is not surprising. The funny thing is, in about 24 hours all the hoopla will have died down and it will all go smoothly.
So, just like I missed all those opening nights at the theaters with billions of people trying to see the must see movie of the millennium. And all the years I didn't buy the must buy toy of the season for my kids. I will wait and do my upgrade in a more leisurely fashion. There might be problems, but then there always are problems. Why add to the headache by wading in with millions of others at exactly the same time?
Oh and if you are going to be doing any Apple updating, please for the love of heaven back up your data first!!!
Posted by: Teresa in
WebTech
at
03:52 PM
| Comments (5)
| Add Comment
Post contains 326 words, total size 2 kb.
September 08, 2011
Patchy - Patchy
Update: Apple sent out a patch for this today. Whew.
I know most people who read here don't pay much attention (if any) to the computer security news stories going on in the great wide world. Can't blame you, there have been quite a number of data breaches and all kinds of headlines about leaks. It's mind bogglingly confusing. Who can keep up with it all? And why should you?
Since it gets a bit lengthy, I'm putting the rest below the fold. If you are interested, read on.
more...
I know most people who read here don't pay much attention (if any) to the computer security news stories going on in the great wide world. Can't blame you, there have been quite a number of data breaches and all kinds of headlines about leaks. It's mind bogglingly confusing. Who can keep up with it all? And why should you?
Since it gets a bit lengthy, I'm putting the rest below the fold. If you are interested, read on.
more...
Posted by: Teresa in
WebTech
at
09:04 PM
| Comments (2)
| Add Comment
Post contains 1087 words, total size 7 kb.
August 08, 2011
Catch them young, Give them an interest, Chase the Boredom
This year at DefCon, the big news was DefCon Kids. A program for 8-16 year olds that sounds just fantastic. Here are some of the activities:
- wall of sheep
- solving ciphers
- meet the Feds
Details about these are in the article.
When this was first announced there was a major meltdown along the lines of "you're teaching babies to be criminals" or some such rot. Even in this article one of the lines was:
Let me just smack my head against a wall here... sheesh. Don't we tell them to lock doors? Don't they get combination locks on school lockers? Aren't they admonished by teachers not to cheat on schoolwork? You would think these kids are so simpleminded they can barely function and they should all be playing with Barbies and Transformers... BAH!
Now let me introduce you to CyFi... she's 10.
10-year-old hacker finds mobile game exploit
There you have it - the bane of kidhood - boredom. It causes more problems and leads to more crime than just about anything else.
This girl is smart. She's figured out how to hack around a system all on her own. Instead of wringing hands and wondering if she's "too young to understand" why not give her a peer group and people to mentor her and goals to reach. She may one day be a totally awesome coder/cryptographer... you name it. She's 10 with the entire world before her. I can't tell you how happy I am to see DefCon reaching out to these kids and hopefully pointing them in directions that will help them and us as they grow up.
- wall of sheep
- solving ciphers
- meet the Feds
Details about these are in the article.
When this was first announced there was a major meltdown along the lines of "you're teaching babies to be criminals" or some such rot. Even in this article one of the lines was:
Are we introducing kids to computer security concepts too soon? Shouldn't we just let them be kids? Could these concepts be too much for them to handle?
Let me just smack my head against a wall here... sheesh. Don't we tell them to lock doors? Don't they get combination locks on school lockers? Aren't they admonished by teachers not to cheat on schoolwork? You would think these kids are so simpleminded they can barely function and they should all be playing with Barbies and Transformers... BAH!
Now let me introduce you to CyFi... she's 10.
10-year-old hacker finds mobile game exploit
The California hacker - who revealed her discovery over the weekend at the DefCon conference - said she came across the vulnerability in January 2011 after she becoming "bored" with farm-style games.
There you have it - the bane of kidhood - boredom. It causes more problems and leads to more crime than just about anything else.
This girl is smart. She's figured out how to hack around a system all on her own. Instead of wringing hands and wondering if she's "too young to understand" why not give her a peer group and people to mentor her and goals to reach. She may one day be a totally awesome coder/cryptographer... you name it. She's 10 with the entire world before her. I can't tell you how happy I am to see DefCon reaching out to these kids and hopefully pointing them in directions that will help them and us as they grow up.
Posted by: Teresa in
WebTech
at
07:38 PM
| Comments (2)
| Add Comment
Post contains 342 words, total size 2 kb.
July 28, 2011
Got an iPhone or iPad?
There is an important security update out there. I know my i devices are set to check for updates once a month and that's not for a few days yet.
So I connected my iphone and checked for updates in itunes to get it installed. Would be a good idea to do this.
So I connected my iphone and checked for updates in itunes to get it installed. Would be a good idea to do this.
Posted by: Teresa in
WebTech
at
08:57 PM
| Comments (2)
| Add Comment
Post contains 58 words, total size 1 kb.
June 24, 2011
Let's Talk Email
The other day I was blogging about LulzSec and I mentioned a few things you need to look for before you click that link. But I need to add to what I was saying in that post.
Do you pay your bills online? Shop online? Bank online? If so, you have an entire category of emails hitting your inbox that you should never click on.
Basically - all of them.
Ha - bet you didn't think I was going to say that did you.
All of the sites you visit regularly, especially those involving money, should be bookmarked.
Every. Single. One.
When you get an email telling you your credit card bill is due... DO NOT click the link in the email. Is there a sale? DO NOT click the link. Special offer from your bank? DO NOT click the link. Got it?
Sure it's easy, it's right there, what could possibly be wrong? Why go to the extra trouble of finding a bookmark and using that instead of the convenience of saving 10 seconds and clicking the email link?
Database breaches. That's why.
It wasn't too long ago that Epsilon, an email marketing company, had their databases compromised. Data stolen. The bad guys got enough information to create very credible emails. Emails that would look exactly like an email you would normally receive from the companies involved. They would be able to call you by name and it would appear to be legitimate.
So if your email was clockwatcher @ mymail.com and your name was Susan Johnson. You would receive an email addressed to you - Susan. Not to "Dear Customer" or "Dear Clockwatcher".
One scenario is this: You click the link, it takes you to a fake login page that looks exactly like the page you are expecting. You've been here before and you know what it looks like. You try to log in. You hit enter, the page goes away, but comes right back to the login page. You think "oh great what's wrong now?" You try to log in again, this time it works. You think it's a glitch in the system. These things happen.
In fact what has happened is the first page was harvesting your username/password. Then it redirects you to the real page so you don't even realize you've been had. They now have time to use the information as they want. This is but one method of grabbing your data - there are others.
It's called Spear Phishing. They are going after particular people with targeted emails rather than anyone they can get.
You may think, well, none of the Epsilon companies are those I shop at. Okay, but what about the data breaches that have not been discovered yet? Oh you can be sure they are out there. What about the data breaches that may not be discovered? How much extra time do you have to get extra charges off your bill, get your money back in the bank, get your identity back?
It's worth a little extra hassle to either type the url in by hand (most browsers will even auto complete it before you get too far) or click a bookmark. If it's a sale, you can then find the sale page and/or enter the promo code from the email. If it's a bill, you can then pay it. And you will know you're in the right place.
If the company has made it impossible for you to get to the right page on their site without clicking through their email, you need to loudly complain that they are putting you at risk and you want them to stop or you'll take your business elsewhere.
It's a simple thing to do. Very simple. It may save you major pain. Consider this some friendly strong arming... don't click that link!
Posted by: Teresa in
WebTech
at
10:56 PM
| Comments (8)
| Add Comment
Post contains 643 words, total size 5 kb.
<< Page 1 of 13 >>
121kb generated in 0.1728 seconds; 85 queries returned 318 records.
Powered by Minx 1.1.4-pink.
Powered by Minx 1.1.4-pink.
