Category: Tips

“Human beings are members of a whole
In creation of one essence and soul
If one member is afflicted with pain
Other members uneasy will remain
If you have no sympathy for human pain
The name of human you cannot retain”

-Saadi (1184-1283/1291?)

Let’s face it, we live in a digital world.  Most of our errands and tasks are performed online.  We do our banking online; we get our news from our favorite news media websites; all our communication is either by email, messaging apps such as Skype, Whatsapp, Snapchat or Facebook.  Majority of us work remotely using our computer and do our shopping online.  There is a lot at stake if our Internet security is compromised.  This is specially true when we are traveling.  But there are a few tips for you to stay secure, though total security is impossible.

Do not use public WiFi.  Specially avoid using hotspots not secured with a password, also known as open networks.

Using public computers for sensitive transactions or communication.  The answer is simple: Don’t.   You have no idea if the public computer has spyware installed or not.  One simple way to steal credentials is to install a key-logger, where every key you press is recorded in sequence without your knowledge.  It is wise to never use a public computer other than for non-sensitive interactions.

Locking all doors but leaving a window unlocked.  Many computers and laptops have a file sharing feature.  When you connect to a public network such as a WiFi, your computer is now on the Local Area Network (LAN).  Every other computer on that network can access your computer if you have file sharing enabled and even worse if you you do not have it protected with a strong password.  All data on your computer is now at risk of being compromised.

Accessing personal banking while traveling.  It is best that you avoid doing this while on travels.  If you must access your bank, make sure you are back in the hotel and hardwired as opposed to WiFi, as this reduces the risk.  Better yet, it is better to use a Virtual Private Network (VPN) for all your communication.  Make sure you never enter any Personal Identifying Information (PII) on any website that is not secured (HTTPS) with a valid certificate.

Track your phone.  Before you start your travels, be sure to install tracking tools on your smartphone and turn the GPS on.  This will assist you in finding your phone if it gets lost.  I lost my phone once and could not remember where.  So I went online to track my phone and I had left it in a restaurant.  So I went back and picked it up.  In addition to tracking your phone, you should also password protect it.

There are a few more tips to stay secure.  Rather than inundate you with information, following the few steps above will will be of great help to you.  More security tips will be forthcoming.

Stay physically and digitally safe.

If you are like me, you are probably using unique password for every account you have.  When you have dozens and dozens of accounts, it will be difficult to remember all the random passwords.  Password managers to the rescue.  As secure as these password managers developers claim their product to be, there are nonetheless vulnerabilities as I recently was notified about one of these called Lastpass.   A flaw was discovered by Google’s Tavis Ormandy of Project Zero.  Though no malicious activity has not yet been reported, the developers quickly scrambled to patch the security holes.

If you use password manager like Lastpass or 1password, please make certain you have the latest version with all the security patches in place.  Despite such scary news, a password manager is far more secure than Post-it Notes or committing passwords to memory.

Mark your calendar to immediately patch your Mac, Linux and Windows operating system on April 12th as soon as the update is released. Engineers at Microsoft and Samba are currently working on the patch and it is projected to be released in two weeks on a Tuesday which is the update day for Microsoft products. Release time is approximately 17:00 UTC.

We don’t currently know a whole lot about the extent of this vulnerability but we do know it is serious. Some speculate it has to do with file handle invalidated on broken lock. The bug is in Samba which is a cross-platform file sharing pre-installed on your operating system. Patch is for Samba versions 4.4, 4.3 and 4.2. 4.1 version is discontinued.

We will add more information as we receive them. Please check back here frequently.

Your website, the front door to your business, the exposure it gives you is not something you should create and set once and then forget it.  Websites are living things just like us and require frequent maintenance so they are up-to-date in terms of technology and security.

There are thousands of hackers out there.  For the savvy ones, it only takes a few automated seconds to discover vulnerabilities in your site.  They will then upload and inject malicious scripts and execute it, which allows them to be able to either take full control of your site or simply live there as stowaways.   You may ask, why do hackers to do this?  They do this for some or all of the following reasons:

1. Use your site to redirect traffic to their own sites.
2. To send out spam
3. To use your site for it’s bandwidth
4. To steal information
5. And other malicious acts.

Check your website frequently or use the services of professionals to monitor for vulnerabilities and take action in repairing infected sites and closing of security holes.

After the Windows 8 fiasco, I was less eager to evaluate Windows 9.  Microsoft must have concluded the same and decided to not release the Windows 9 and wait for Windows 10 development to complete.  There is no official word from Microsoft, I am only assuming this to be the case since there are no rhymes and reasons to skip 9 and go to 10 straight away.

I will write a more detailed evaluation later, but here are some of the things I have found about this latest version of OS:

1. Windows 10 is free to upgrade for Windows 7 and 8.1 users.  It is not free however, if your version is Microsoft Volume Licensing (MVL).
2. You remember the “I spy” game?  Be prepared for that as some of the settings and icons have been moved to different places.  Windows Update is no longer in the Control Panel but instead resides in Settings.  You do not have as much control over the updates you will install either.  Microsoft figures they know better than you do and will decide those things for you.
3. The Windows Search is integrated with Bing.  Every time you try to search for something on your computer, Microsoft is eager to send you to their search engine on the Internet in hopes of earning a few adverting dollars from the “free” upgrade they gave you.
4. Internet Explorer is still packed with this OS, but is tucked away and hidden.  Edge is the new browser.  As both browser names start with E, the logo is still similar.
5. I do find this version of operating system to be faster than the previous version.  So, kudos to developers.
6. Anti-virus and spyware is included and is called Windows Defender.  I have not used this OS long enough to give a review.  We will see in a few weeks.

That’s all for now.  In conclusion, I would recommend upgrading if you are using Windows 8, but wait a little longer if you are a Windows 7 user.

 

 

Most of us tend to choose a password that is easy to remember, and in most likelihood it is all in lowercase and perhaps it is either someone’s name or a word that you can find in the dictionary and in some cases just numbers, which are the worst kind. If this is the case, you may as well not even have a password since an average computer can crack it within seconds if not instantly. For example, a password such as sunshine (which is a commonly used by many) can be cracked instantly. This is because this is a word that is found in the dictionary.

Here is an explanation of how to turn a common password into impossible to crack and the important criteria to consider:

1. Length of password
2. Combination of lower and uppercase characters, numbers and special characters like !@#$%^&*/

If you choose sunshin (that is without the “e”), it will take about 2 seconds to crack it, which is longer than instantly if it were a full word. If you replace the last “e” with a number like 3 (i.e. sunshin3), it will take an average computer 11 minutes to crack it. But this is only with lowercase and numbers. Replacing one lowercase with uppercase will vastly increase its security. A password like Sunshin3 will bump it’s cracking time from 11 minutes to 15 hours, and that is just with one uppercase letter. What if you were to keep it at the same length, but simply replace a character with a special character, like Sun$hin3? Well this will now take 3 days for a computer to crack the password. The only thing that can help you from this point on is the increasing the length. With addition of each character you increase the security of the password exponentially. If you have a password such as Sun$hin3forever, which is now 15 characters long, it will take approximately 157 billion years for a desktop computer to crack it. My guess is that anyone who wants your password really bad, is not going to tie up the computer for that long and will give up after the first billion years.

Remember that there are supercomputers that can process quadrillion floating point operations (petaFLOPS). Which is much much much faster than a desktop computer. Every password can be cracked, the point is to make it as difficult as possible for the hackers to do so. On average, if a hacker cannot crack a password in a timely manner (depending on how bad they want it), they will simply move on to the next target.

I just realized, that I shared my password with the whole world in this article. Not to worry, I will change it tomorrow.

Please tune in for my next article where I will discuss more about passwords and the perils of using the same one for multiple sites, and how to protect your passwords within a vault.

According to Benjamin Franklin they are “distrust” and “caution”.  There are no one-size-fits-all solution to this problem.  You cannot buy a product that will guarantee the security of your systems.  Paranoia is your friend when it comes to security.  As Franklin said: three can keep a secret if only all but one is alive.  Here are some sensible things to do to remain afloat in a sea of information:

• If you are like me and don’t want to give out your email for security subscriptions, simply check our website’s security page for the latest security alerts.  You may want to bookmark it for future reference.
• Make sure, users have as minimal access as possible (just enough to be able to do their work).
• Validate backups.  Do not rely on “backed up with no errors” messages.  A good systems administrator will have restore drills frequently.  Have restoration plans on paper ready to go in your desk drawer (just in case all systems are down and you have no access to the files or the Internet.
• Have your backup plan handy each time you perform an upgrade to the systems as they have been know to fail.
• Make sure you have the latest firmware on your firewall.
• Check processes on regular basis and watch for suspicious ones and investigate them as it may be a trojan not detected by antivirus.
• Don’t be so obsessed with technology security that you leave the server room unlocked.

Hopefully you found these tips useful.  Please come back to mine more gems of security precautions and remember it is better to prevent disaster than to deal with it.

If you own a computer, whether at home or in the office, you know that they are not perfect.  Although the computers believer they are.  It is common for a computer  user to experience, “freezes”, “unresponsiveness”, “crashes”, etc.   What is even more frustrating is not knowing what caused it.  Here is where a neat tool bundled with Window 7 and up come in handy.  By the way, rumors of Windows 7 and 7Up being banned in Brazil are not true.

quickest way to get to it is by typing “Reliability Monitor” in the Search box and click on “View Reliability Monitor” after it shows up in the results.  You will see a history of reliability generated as shown in the image on the right.  The formula used to calculate the index is known to Microsoft only, so we do not know how and what are considered to generate the report.  Problems are marked with “X” on red circle and warnings are marked with exclamation on yellow and information is “i” on blue.  You can click on the x or the I to get  detailed report on the pane below.  To scroll historical data click on the left arrow.

Days that the computer was in off or sleep state are not used for the system stability index.  If there aren’t enough data, the graph line will be dotted.

If there are changes to the computer such as software updates and system time adjustments, an information icon will appear.

To view more detailed information, right-click on the item in the bottom pane and choose “view technical data”.  You can also view historical data by day or by week as you can see following the “View by:”.

 

Find the culprit that’s draining your laptop battery

There is yet another tucked away cool tool in Windows that will help you identify the source of your battery’s most consumers.  To use this tool you will need to open a Command Prompt as an administrator.  In the Search Programs and Files type CMD.  CMD.EXE appears in the search results.  Right click it and choose Run as administrator.  In the Command Prompt type “powercfg -energy” (without the quotes).  After serveral minutes of scanning your computer it will create a file located at C:\windows\system32\energy-report.html.  Move the file to another location and view it (Please Note, Windows will not permit you to view the file in the default location, thought I am not sure why the geniuses at Microsoft did not program the default location to be in the Documents folder instead).

You will see all errors in salmon color, warnings in lemon and information in white.  Go through and make adjustments accordingly.