Hacked Password….Aaauuuggghhhh!

Thank you to us.123rf.com for this great image!

Just got a call from a friend who got attacked by SPAM and had bank and PayPal accounts hacked. The question I got was this, “Do I have to change my email address?”

My answer was, “No, Get a better password!”

I also suggested that AOL might not be the best place to park her email. (They have a bad reputation for harboring SPAMmers, although they try to keep them away.)

I thought it was a good time to review password policy. Good News to some of you is this: Changing your password is NOT as important as having a good password. For some of you the question is, “What makes a good password?” Well, I am here to help!

CERN Computer Security says;

A good password is:

  • private: it is used and known by one person only;
  • secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the monitor;
  • easily remembered: so there is no need to write it down;
  • at least 8 characters long;
  • a mixture of at least 3 of the following: upper case letters, lower case letters, digits and symbols;
  • not listed in a dictionary of any major language;
  • not guessable by any program in a reasonable time, for instance less than one week.

 

And here are some DON”Ts from CMU/SCS Computing Facilities:

What not to do when choosing a password

  • Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
  • Do not choose a password that is a word (English or otherwise), proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a “dictionary” of passwords.
  • Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backwards, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word.
  • Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.

Borrowed from www.madhusudhan.info

My last piece of advice for my friend was this: Find two or three passwords that are easy for YOU to remember (following the guidelines above) and use a different one for each of your bank accounts, Paypal and such. This way, one compromised password will not let them into every account.

Got Questions? I am here to help! Use the Contact page to shoot me an email.

Old Friends and Old Computers

OLYMPUS DIGITAL CAMERA

My daughter was only 2 years old when this photo was taken in 2001. The dog was named Patch and he died in September of 2011. I love looking at this photo, and any of you with teen-agers might just know what I mean by that. This is the dog after which my Crazy Dog logo is modeled. That dog was almost 14 human years old when we had to let him go. In dog years, he was 75!

But why would I even bring it up if the photo is twelve years old, do you ask? Well, here is why: Windows XP was released less than a month after this photo was taken, and now it is also twelve years old! Software ages just like dogs; in just 2 years it is fully grown and having puppies of its own. That would make XP 70 in dog years. Windows XP still accounts for 38% of all computers and yet we have THREE newer Microsoft Operating Systems.

“But Rick, my XP computer is running just fine; why should I upgrade?” Well if it is true that your system is working flawlessly then no, you don’t need to upgrade…yet.

Come April of 2014 [this next year] Microsoft will eliminate support for XP, which means there will no longer be any more security updates. This is like making my 96 year old grandfather into a security guard at the bank and taking away his gun and pepper spray. Who wouldn’t rob that bank?  I am not going to mention Vista, but Windows 7 is light-years ahead of XP in security AND stability. I have removed malware from Windows 7 just by using System Restore. You can’t do that with XP.

I loved my dog, Patch, but at the end, he couldn’t protect me from a baby in a stroller; and in this same way, XP cannot protect you from current Internet threats like the Medfos Trojan. If you have any questions, I am here to help.

Rambling Tale

Thank you to http://blog.pixert.com for the image.

As a computer repairman, I have a lot of electronic carcasses laying around my workroom, many of them are still around because they have some value, even if it is just for spare parts. My wife is always amazed at the “junk” I keep. In some ways, I am a handy-man for computers, and if you ask my friend John, handy-men never throw anything away, because they might need it some day. You would be surprised by how much stuff I never end up using, and by how many things I can fix because I just happen to have one of “those” laying around at home.

Why do I even mention any of this? Well we all have extra stuff laying around or packed in secretive spots for when it might be needed. It may be lawn or sports equipment, or supplies for our favorite hobby or just memorabilia like photos or mementos. But in the world of electronics, upgrades and new technologies make older parts obsolete in only 2 to 4 years time. The law of Diminishing Returns demands a reckoning on my storage bins on a semi-annual basis.

I need a laptop that will run Minecraft as a gift, so I was reconditioning one of the better laptops stacked in my workroom, when I noticed that many of them will only run Windows XP. Say what you will about the new Operating systems from Microsoft, but XP is a dinosaur, really, it is so unsafe to use! Over 50% of the malware I clean is cleaned from XP computers. Windows 7 is safer, better and more reliable. Now is the time to upgrade while Win7 can still be purchased. [Windows 8 is best saved for the new touch-screen devices.]

It is not OK to keep using old software and hardware if it accesses the internet at all. Would you drive a car with 3 wheels? Take it from a pack-rat; it is time to upgrade and Windows 7 is your ticket if you live in a Microsoft world.

If you live in a Mac world you should be on Lion, if not Mountain Lion [OS X 10.7 or 10.8]. Apple has already set all version of OS X version 10.4 [Tiger] and older adrift in the Ocean of no-upgrades. And remember; if you have any questions, I am here to help.

Which is the better Browser?

browser-logos

Linked from https://github.com/paulirish/browser-logos without permission

Not only do I get this question often, I also get the question, “What is a Browser?” A browser [or Web-Browser] is the program that lets you view web pages, or as some call it, “The Internet.” The Internet is MUCH MORE than just web pages, but this and E-mail are the two most prolific uses. I mean, Facebook is just a popular web-site [and now a phone app.]

I don’t think this is a stupid question for this reason; software companies are more interested in making their products easier to use and be recognized, than trying to describe their purpose and function. [This is a good thing for users that are familiar with that type of software.]

The problem occurs during remote troubleshooting when I need to lead a customer to the web. Many users are happy with one of the main browsers but not usually all of them. I will always install a secondary browser such as Mozilla Firefox just so the user has a, “spare in the trunk.” Asking a user to, “open their browser,”  often requires a definition for the same reason that we ask people for a “Kleenex” as opposed to a facial-tissue. Everyone knows what the blue “e” does, but not what it’s called.

If Internet Explorer isn’t acting right, then having Firefox installed can save hours of frustration and lost revenue. [hint-hint]

So what is the best browser? Some may say it come down to preference, but for the last three years, the Federal Bureau of Investigation, in conjunction with US-C.E.R.T. has said that Mozilla Firefox and Google Chrome are the safest browsers with Firefox often beating out its younger sibling from Google by only a small margin. Why are these young upstarts more secure than the venerable Explorer from Microsoft? There are many reasons, most of which are quite technical, but in the end, the competition between all of these companies is good for you, the End-User.

My preference is Firefox, but if you are not sure, then read this article over at InfoPackets.com.

Java Flaw…Again?!

Yet again there is a ZERO-DAY [or 0day] threat in Java. Oracle has been mired in problems since they acquired Java from Sun, but it seems like the bad guys know about the flaws before anyone else. Thank God for the researchers who make them known to the rest of without hacking our computers to do it.

It has been almost a year since the FBI and everyone else told you to remove Java from your computer, so here is how you do it:

Disable Java in All Browsers
Last month Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don’t see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled “Enable Java content in the browser.” Un-check this box, click OK, and you’re done.

Disable Java in One Browser
For security’s sake you really should be using the very latest Java version. If you’re not, or if you need to enable Java in some browsers but disable it in others, you can do that too.

Using Chrome? Enter chrome://plugins in the browser’s address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle’s recommended steps. The process is similar in Opera, which Oracle’s page doesn’t mention. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.

Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to “Java(TM) Platform.” You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.

Stay Updated
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java and figured I didn’t need to update it. That was lazy thinking; I’ve reformed. At any time you might find you need Java, perhaps for a Web meeting, or a remote-control tech support session. If you don’t want to let Java update automatically, you can check for updates from the Java Control Panel at any time.

Whichever method you choose, visit the Java test page at http://java.com/en/download/testjava.jsp to confirm that Java is disabled. Yes, you’ll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.

In Conclusion, this isn’t over and you need to use a JavaScript blocker like NoScript also. If you have a questions, just remember, I am here to help.