20120301

Password Trick

The other day I was asked what were some of the worst passwords I had ever seen or heard. Here are my top 5.
1. Password
2. 12345678
3. qwerty
4. your pets name
5. Favorite sport team.

Passwords can be a pain in the neck. From being too easy to being too difficult to remember. Some IT departments I've worked with have required such nonsensical rules of their users that the users end up writing the passwords on a piece of  paper and hiding it in their desk, better yet they have an Excel spread sheet marked "passwords" on their computer! Where's the security there?  Here's a simple trick for a secure password that's very easy to change and remember (you should be changing them on a 90 day cycle anyway).
Pick a word that you can change on a regular basis. I'll start with fish. Add a simple static rule like always capitalizing the 3rd letter.
fish becomes fiSh
Add a simple four digit number that you can keep static, say the year of your favorite persons birthday. (Sorry but I can't give you my age so you'll have to think of your second favorite person) Add it between each of the letters of the word. I'll say 1070.
fiSh becomes 1f0i7S0h - cool huh?
Last and not least add one special character somewhere static. Most will chose the end or beginning, some pros like to add it randomly but lets keep it simple right?
<1f0i7S0h
Thar she blows! We've just brewed up a really strong password with rules that create a template so you never have to think of a really tough one every time you need a new one.

1st Rule - 4 letter word you can change.
2nd - a static rule that never changes.
3rd - a simple four digit number.
4th - add a special character anywhere.


Protecting our data is a never ending process. Next week I'll post some cloud and online backup storage options.

Take Care!

20111231

Phishing Attempt and a free plug for OpenDNS

The other day I received an email that looked like it came from PayPal asking me to verify my account details with my username and password. After about 10 seconds I realized it was a phishing attempt. The sender wasn't a skilled phisher because the full URL to his site was actually displayed. Even though the link displayed "PayPal.com" it wasn't the actual website it was about to take me to. A quick way to determine the website is to look at the last two sections of the URL (or link), the "dot com dot net dot org etcetera...". I'll use the following fake URL as an example.
"http://www . paypal . com . craptastic . imtryingtostealfromyou . in". Even though  PayPal is in the link text the actual website you'd visit would be "imtryingtostealfromyou.in". This link was displayed. in the email. A decent attempt would be to hide the link with text but that can be easily debunked as well just by holding the mouse pointer over the link. The actual URL will appear in either the tool tip or the bottom of the browser.

Being the curious guy that I am I wanted to see the phisher's attempt at a the website. I fired up a virtual machine that I use for testing malware and virus "combat". After clicking the link I was immediately given the warning you see in the screenshot to the right. OpenDNS blocked the URL after it had been discovered it was a fraudulent site. Nice going by those guys. I don't make money with OpenDNS or am I affiliated with them (I wish :) ) I just think this is a great free service and highly recommend it.

20111209

Easy 3 Layered Defense Strategy

The more layers you put between yourself and the internet the better. It's a proven strategy thats been used for hundreds of years. Think of the Middle Ages. A  wall and gate protected the city, a moat protected the walls of the castle, and the castle was built with huge stone walls for the last layer of defense.
Think of the internet as a wilderness mixed with fantastic information, beautiful scenery, and the very rare dangerous animals that if you're not careful could harm you. Some of these beasts are hunting you, others aren't looking for anything in particular but are more predators of opportunity. Now, this doesn't mean you should lock yourself in the castle and never leave. The chances of you running into the hostile "creatures of opportunity" are rather slim but the less protected you are the greater the opportunity to be taken advantage of. There are many mechanisms of protection and A LOT cost money. This article isn't about prices or best technology. This is more of a quick lesson on the act of protection. Note: I haven't paid for an anti-virus, anti-malware, firewall, or perimeter defense in years and I can show you how to do the same.
Your 1st line of defense is easy and free. I'm going to name the technology in this one since it's the only one I use and recommend. It's called OpenDNS. OpenDNS acts as a go-between you and the internet. Very briefly DNS (Domain Name System) is what the computer uses to talk to the internet. It takes the name of the website you type in and translates it to numbers. Computers don't communicate like you and me (not yet), they use numbers. These numbers are how everything communicates on the internet. OpenDNS acts as a gateway between you and the internet. It stores, scans, and determines the safety of internet web addresses for you. Not only does this make the internet a bit faster it makes it safer. So it's a free win win for you. Signup is easy and set up is very well laid out and easy to follow.
Number 2 (or the castle moat) can be the most expensive part of the equation. Some of you may already have it. A router. Routers split up your internet connection between multiple computers and devices turning  your home into a network. Blu-ray players, gaming consoles, printers and even smart phones can benefit from a router. The protection part comes from whats called NAT (Network Address Translation). Basically it hides your computer from the outside network/internet kind of like a two-way mirror. You can see the internet but someone on the internet can't see you without a lot of extra work. It's what a lot of professionals call a hardware firewall. Even if you don't have more than one computer routers can be very beneficial for protection. Some routers can be very expensive depending on what they're used for. A simple wireless NAT router can be as low as $25.   They're easy to set up and you'll rarely have to mess with it more than once a year.
The last layer in our multi-layered defense comes from a software firewall. I use mine to track whats leaving my network. Lets say you get a bug on your system that wants to communicate with its parent on the outside of your network. There are plenty of firewalls to use. A good outbound firewall can stop and even inform you when the software tries to leave your system and communicate with an outside host. I've used several freebies in the 11 years I've been involved with computers and have concluded some of the best are free. Comodo, AShampoo (Windows XP only), and ZoneAlarm are all excellent free firewalls. Of course Windows comes with a firewall if you don't want to download these.
That's it. A multi-layered defense for your castle err..home. Remember the more layers, the more protection. The more protection the safer you're computer is. One last item always practice safe surfing habits. If it looks dangerous or offers look too good to be true, it probably is.



GraydenTech's Fan Box

GraydenTech on Facebook