Tag Archives: security

So much spam and phishing this last 24 hours

I’ve gotten more spam and phishing messages in the last 24 hours than in a really really long time. In case you don’t know the specifics:

  • Spam – is junk mail. Porn, dating and penis enlargements are in some of the common ones.
  • Phishing is “fishing”, they’re just throwing a line out there to see what they catch. THey send something list looks like it’s from a bank or credit card (“there is a problem with your account”) or from YouTube (“you h ave a new video in your favors” or “your video has been denied”) and then they redirect you to a site that looks like that site and hope you type in your password!
  • spamfish.jpeg

    I got one from FourSquare today, “Peter has sent you a message” and as I was thinking, “I didn’t know I could get messages on FourSquare”, I clicked on it. I could see it was bogus before it even loaded from the site it was taking me to. It was a messy address (http://sfjisdkf.ru or something crazy like that, sometimes they tray to trick with something like http://YouTubeMessages.FakeSite.com/ ) but it looks like a FourSquare address before I clicked it. This is a type of Social Engineering, they don’t hack into your computer they just trick you into giving them the password (it’s like the guy hanging out in front of a restaurant acting like he’s valet parking, he doesn’t even need to say anything, you just hand him the keys and walk away).

    The downside of me clicking on the link is that sometimes they put trackers in them, so they might now now that the guy at my address does actually click sometimes, and then target me for me.

    So I was just sharing some warning since I know I’ve seen more the last day, so you be careful out there…

    Why your passwords MUST be more complicated!!!

    WIth today’s (alleged) password breach of LinkedIn, it made me think to change some passwords. Why? Because I had a few accounts that use the same passwords. Yes, I know that’s bad. But they were “unimportant” to me at the time I was checking them out, but later they because more important and yet I still had a week password.

    If you don’t know why it’s bad here’s why: password.jpegNow that they’ve got your login and password, the bad guys are going to start plugging in that password into every computer system out there (Facebook, Amazon, Google, the USPS, Twitter, etc.) and knowing many of you, they’re probably all the same. Some variation doesn’t count, having your google password is gary1234google means someone’s probably going to guess for Facebook it’s gary1234facebook. There are computers out there trying to guess your password all day long, I promise you.

    A few of the sites I could log into, but couldn’t find where to change my password. So I logged out and clicked “I forgot my password” and it sent information to my e-mail account on how to reset the password.

    They’ve mentioned it’s only a small number of the passwords stolen (6 million), it’s assumed the other 150 million users were also compromised, they just had easier passwords to crack. They also believe that a bunch of eHarmony passwords were breached also, because many of the passwords consisted of the words “harmony” or eHarmony”. I think most of this is done for money, but do you really want some bored hacker posting your eHarmony information to your LinkedIn profile?

    To clarify about my accounts, most of my accounts that deal with money all have unique passwords (and unique logins) the same goes for my places that I shop. But a few older accounts still had some older shorter passwords. Does it matter to me if someone hacks those passwords? Maybe not, but still I want my Flicker photos right where I put them.

    With a site like “www.HowSecureIsMyPassword.net” you can punch in some passwords and it’ll tell you how long they might take to hack. FYI, most 8 character (letter and numbers) are about 3 hours. Try it, you don’t have to give them your password (if you don’t trust it), if you use a word, year or name, just try a different name and year, just so you can see (how many minutes or seconds it takes).

    Also, keep in mind if someone has access to your e-mail, they can have your password reset at many sites and have the change password information sent to the compromised e-mail (that someone else has access). Some sites are smart, Ticketmaster when resetting your password, also deletes your credit card information.

    Back to my passwords: Keep in mind some sites the function changes. Maybe when I created that password at the Post Office or FedEx, I just used it for tracking alerts or vacation holds. But now they might let me purchase postage or other things that I just couldn’t buy when I set it up with a non-complicated example.

    And I know some people don’t worry about shopping accounts, because they don’t keep their credit card information on-line. But all your receipts are in there, you might want that someday (and where you had all that stuff sent). What if you sign up for that Amazon card with the $50 bonus and it automatically puts it into your account?

    And when your computer remembers passwords for you, that’s great, but who else uses your computer? You trust them, but do you trust they won’t download a virus or something that will steal that information? What happens if you lose that computer or it’s stolen?

    Personally, I keep passwords on my computer just to wake it up from sleep mode. Passwords on my iPhone (10 tries and it deletes all the data on it). I even keep a password on my Kindle, why? Because I occasionally check my mail or access my Amazon account on it.

    I was surprised that some of the apps on my phone didn’t need new passwords. They had already authenticated to the other accounts so many seemed okay. I’m not sure I liked that…

    Security and the Detroit Airport

    I’m always trying to loosen up my shoes when I travel so I decided to wear sandals for this trip. Then I got to security it and remembered why I never where sandals, because you have to take your shoes off (yuk!). Plus, I kept forgetting stuff in my pockets (and then my belt) so I had to go in and out through the scanner a few times stretching the experience out. At least there wasn’t anyone behind me so I wasn’t holding people up.

    The flight to Atlanta wasn’t very full, it looked really full on-line when reserving seats and the staff seemed to think it was going to be full so maybe a connecting flight didn’t make it. I moved seats and I’ve had more than enough space. My connecting flight looks really really empty so I’m hoping for 3 empty seats for a nap, I did not get near enough sleep last night.

    Curbside check-in: They were really pushing for you to just check in at the curb when I confirmed my flight. But they were so slow and it was really humid out so I decided to go inside. As I was heading in I saw a sign that said it was $3 a bag, I thought that was pretty lame to charge us if it’s helping decongest their floor traffic inside, but I guess if the line inside was long and you were running late it’d be worth it.

    Everything has been really smooth so far…

    Passwords suck

    Argh! I’m annoyed with creating user accounts. Everyone has their own damn process for passwords:

  • all numbers
  • must contain one upper-case character, one number, and be at least 8 characters (but ONLY 1 uppercase letter)
  • no characters other than letters or numbers
  • must be 8 characters

    But no, I can’t use 12 characters with letters, numbers and punctuation because it’s more than 8 or because it doesn’t have a capital letter.

    An the real pain is when you go to log in, they won’t remind you of this “rule”. And I really like it when it says “username” when what they really want is my “e-mail address”.

    My absolute favorite stupid rule is the hint to get your password must be at least 8 characters. Sorry, my hometown, mother’s maiden name, first pet and street aren’t that long! How am I supposed to remember this.

    And all these companies need to have the ability to handle multiple e-mail addresses. It’s such a hassle when I need to change something (for something I signed up for 5 years ago) and I can’t remember their rule and the e-mail address I signed up with doesn’t exist any more.

  • I just got a PacSafe DaySafe 100 Security Backpack

    Here was my mission: I was looking for something so I could go hiking or walking along the beach. But I want to have my camera with me, but when I go swimming (or something where I need to put my back down) I don’t want to leave my stuff unattended. So what I had in mind was a smaller version of an military duffle bag (that really think/tough material) that you could somehow clasp at the top and lock it to a tree. Yeah, someone could cut through it, but they couldn’t just grab it and run (and they’d have to work at it).

    What I found was the “PacSafe DaySafe 100 Security Backpack“, it’s two things in one. The first is a backpack made for security, the zippers can be latched so someone can’t easily open it while you’re just walking down the street (the latches are hidden and hard to get to) and like a lot of luggage and you can (optionally) lock the zippers. Part of the main bag is slash-proof, it’s got a metal screen in the material, so someone can’t cut it to get stuff out while you’re wearing it. Plus, one of the straps is detachable and latchable so while you’re sitting there someone can’t just grab your bag if you’ve attached it to the table you’re eating at (this doesn’t work if you leave it unattended). It’s also got a few other areas that they have to make it harder for someone to casually grab things from it. It pretty much looks like a regular backpack.

    ExomeshinsertThe second is a DaySafe (they sell this as a separate product) the DaySafe is pretty much a small tote bag (17 liters) made completely out of the material with the steel built into it (eXomesh®). The drawstring is a metal cable that latches and locks (included) and is pretty secure. If you take the cable and wrap it around a tree (or a stationary object in your hotel room or rental car) before you lock it, it becomes pretty hard for someone to just grab your stuff and run.

    The safe fits inside the backpack perfectly and there is a special spot (hole) for the cable to secure the backpack too (the stuff in outer pockets would be at risk). I do have a smaller backpack that this fits into that is perfect for just running around like that, the included backpack is pretty big for a casual hike/walk.

    I wouldn’t leave my stuff locked to a tree all day but for the bit that I want to go in the water and stay mostly in sight of it it’s perfect.. Or if I hike up into the hills to the waterfall, I can both take pictures and then go for a swim and not be too paranoid about my stuff. So I’m kind excited about this one, since I don’t have to limit what I take when I wander far…

    Security

    So I haven’t had a chance to talk about security here, it’s been on my mind since day one. We’ve had an armed guard with us whenever we travel as a group. This didn’t surprise me, I actually expected a police escort so it was tamer than I thought.

    Plus every hotel or museum has one or metal detectors and may check bags (but not likely). I know it sounds crazy but you really get used to it.

    I got so used to the guns that one night a few of us were walking in an area that got kind of dark and heard footsteps behind us when I looked and saw it was men with guns my thoughts of fear went out of my mind.

    Security seemed to pick up when we went south (especially in Aswan). In the south we did have an escort pickup with one to four security folks and the security guy on the bus.

    The line for Security

    So we’re waiting in line for security and the person watching the x-ray machine has called up two other people. I’m talking to the other people in line and our general consensus was if you need that many opinions then pull it. Of course it was my tray that they were inspecting. I’m still glad they checked, if there is confusion clear it up and make me and the others feel safe.

    It turns out it was my neck pillow, now I’ve never had one before but it’s a lot of air time I’m doing on this trip so I decided to get one. I got the one with the foam balls inside but Target had one clearance that had a little vibrating massager in it. It did actually cross my mind that it might cause a problem but I forgot. Why the problem? It’s a pillow with a button and some wires that run to a battery that them run to a motor. I can totally see why they stopped me for it.

    Continue reading

    Apple Security Update

    Be sure to do a software update to get the new security update on your OS X.2 or X.3 system. My question is: Why did the update come out on the 21st and it’s dated the 24th? Strange…

    UPDATE: It looks like it might not fix everything…

    More info…