Ending racism

“Human beings are members of a whole
In creation of one essence and soul
If one member is afflicted with pain
Other members uneasy will remain
If you have no sympathy for human pain
The name of human you cannot retain”

-Saadi (1184-1283/1291?)

Digital security while traveling

Let’s face it, we live in a digital world.  Most of our errands and tasks are performed online.  We do our banking online; we get our news from our favorite news media websites; all our communication is either by email, messaging apps such as Skype, Whatsapp, Snapchat or Facebook.  Majority of us work remotely using our computer and do our shopping online.  There is a lot at stake if our Internet security is compromised.  This is specially true when we are traveling.  But there are a few tips for you to stay secure, though total security is impossible.

Do not use public WiFi.  Specially avoid using hotspots not secured with a password, also known as open networks.

Using public computers for sensitive transactions or communication.  The answer is simple: Don’t.   You have no idea if the public computer has spyware installed or not.  One simple way to steal credentials is to install a key-logger, where every key you press is recorded in sequence without your knowledge.  It is wise to never use a public computer other than for non-sensitive interactions.

Locking all doors but leaving a window unlocked.  Many computers and laptops have a file sharing feature.  When you connect to a public network such as a WiFi, your computer is now on the Local Area Network (LAN).  Every other computer on that network can access your computer if you have file sharing enabled and even worse if you you do not have it protected with a strong password.  All data on your computer is now at risk of being compromised.

Accessing personal banking while traveling.  It is best that you avoid doing this while on travels.  If you must access your bank, make sure you are back in the hotel and hardwired as opposed to WiFi, as this reduces the risk.  Better yet, it is better to use a Virtual Private Network (VPN) for all your communication.  Make sure you never enter any Personal Identifying Information (PII) on any website that is not secured (HTTPS) with a valid certificate.

Track your phone.  Before you start your travels, be sure to install tracking tools on your smartphone and turn the GPS on.  This will assist you in finding your phone if it gets lost.  I lost my phone once and could not remember where.  So I went online to track my phone and I had left it in a restaurant.  So I went back and picked it up.  In addition to tracking your phone, you should also password protect it.

There are a few more tips to stay secure.  Rather than inundate you with information, following the few steps above will will be of great help to you.  More security tips will be forthcoming.

Stay physically and digitally safe.

Password Managers

If you are like me, you are probably using unique password for every account you have.  When you have dozens and dozens of accounts, it will be difficult to remember all the random passwords.  Password managers to the rescue.  As secure as these password managers developers claim their product to be, there are nonetheless vulnerabilities as I recently was notified about one of these called Lastpass.   A flaw was discovered by Google’s Tavis Ormandy of Project Zero.  Though no malicious activity has not yet been reported, the developers quickly scrambled to patch the security holes.

If you use password manager like Lastpass or 1password, please make certain you have the latest version with all the security patches in place.  Despite such scary news, a password manager is far more secure than Post-it Notes or committing passwords to memory.

Badlock bug

Mark your calendar to immediately patch your Mac, Linux and Windows operating system on April 12th as soon as the update is released. Engineers at Microsoft and Samba are currently working on the patch and it is projected to be released in two weeks on a Tuesday which is the update day for Microsoft products. Release time is approximately 17:00 UTC.

We don’t currently know a whole lot about the extent of this vulnerability but we do know it is serious. Some speculate it has to do with file handle invalidated on broken lock. The bug is in Samba which is a cross-platform file sharing pre-installed on your operating system. Patch is for Samba versions 4.4, 4.3 and 4.2. 4.1 version is discontinued.

We will add more information as we receive them. Please check back here frequently.

Don’t set it and forget it

Your website, the front door to your business, the exposure it gives you is not something you should create and set once and then forget it.  Websites are living things just like us and require frequent maintenance so they are up-to-date in terms of technology and security.

There are thousands of hackers out there.  For the savvy ones, it only takes a few automated seconds to discover vulnerabilities in your site.  They will then upload and inject malicious scripts and execute it, which allows them to be able to either take full control of your site or simply live there as stowaways.   You may ask, why do hackers to do this?  They do this for some or all of the following reasons:

  1. Use your site to redirect traffic to their own sites.
  2. To send out spam
  3. To use your site for it’s bandwidth
  4. To steal information
  5. And other malicious acts.

Check your website frequently or use the services of professionals to monitor for vulnerabilities and take action in repairing infected sites and closing of security holes.