Category Archives: Computer Security

Software Updates: What They Are and Why You Should Care

Posted on by
Reply

There are two main types of software update, those for your operating system (Windows, Mac OS etc.) and those for the programs you have installed. Software updates are distributed primarily to fix security issues and to correct bugs.

Operating systems and most programs include mechanisms to distribute software updates automatically over the Internet. This is why you will frequently see a notification on your computer that an update is available – your operating system or a program has ‘called home’ over the Internet and discovered the update.

What should you do when you see one of these notifications?
In most cases you should install the update. While there is always a small risk that an update will cause problems of its own, the benefits of eliminating security issues usually outweigh this risk. For example, imagine you’re notified that an update is available for your web browser (e.g. FireFox, Internet Explorer, Chrome, Safari). The makers of your browser have been working hard to fix the issues that the update addresses. Meanwhile, criminals have been working hard to exploit the same issues to attack the computers of innocent users. If you don’t install the update and you’re unlucky enough to stumble upon one of their maliciously crafted websites, your computer is vulnerable to attack.

You may be surprised to learn that a similar scenario can play out with any program you have installed. It’s harder for hackers to exploit issues with programs that open other types of files, such as pictures or office documents, but it’s far from impossible. You might receive a document from a trusted associate, but perhaps that person’s computer has been compromised without their knowledge. If your software is out of date, you’re taking unnecessary risks.

How do you know if an update is genuine?
Perhaps the best advice is simply to get used to installing updates. If you’re familiar with the appearance of notifications from the software you have installed, you’re less likely to be fooled by a fake.

When should you decline an update?
If you’re working to a strict deadline and you’re offered an update for software that’s critical to the completion of your project, you may choose to defer installing the update pending completion of the project, just in case the update causes problems. Also, if you have serious doubts about the authenticity of an update notification, you may choose to decline it until you can verify its authenticity. Make a note of any information contained in the notification, especially details of version numbers, then check the software maker’s website for information about the update. If the information matches then it’s probably safe to install it.

As a general rule, keep all your software as up to date as possible. If you’re unwilling to keep a specific program up to date, consider removing it from your computer.

For help with software updates, call Robert at 518.392.0846 or email suzanne@trevellyan.biz.

Top Ten Most Common Passwords

Posted on by
Reply

According to a 2010 article in The New York Times, these are the top ten most common passwords.

  1. 123456
  2. 12345
  3. 123456789
  4. password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Sometimes having “the most popular” of something isn’t a good thing. If you’re using something this obvious, you should change your password immediately.

Top Eight Rules for Creating Strong Passwords

Posted on by
Reply

Follow these simple steps to create a password that is hard to hack.

  1. When possible, use at least 12 characters. Never use less than 8.
  2. Use a variety of characters including letters, numbers, punctuation, and upper and lower case. The greater the variety, the stronger your password will be.
  3. Avoid using real words from any language.
  4. Avoid using real words spelled backwards, abbreviations or common misspellings.
  5. Avoid using repeated characters or rows of adjacent keyboard characters.
  6. Never use personal information such as your birthday, driver’s license number, family member or pet’s name.
  7. Never use your username as your password.
  8. Test your password with an online password checker to determine its strength.

Having trouble coming up with a good password on your own? Google “free online password generator” for help creating a secure password.

If you’re on a Mac running a recent version of OS X, your system comes with a built in password assistant. This tool can generate passwords that are easy to remember but hard to crack. To access this tool, go to System Preferences > Accounts and click on your account. Click on Change Password, then click on the key icon to see a password suggestion meeting various criteria. Click on the down arrow next to the suggested password to see more suggestions.

The Importance of Using Strong Passwords

Posted on by
Reply

There are many things to consider when dealing with online security. One that is often overlooked is passwords.

We use passwords to access email, retrieve voice mail, get cash from an ATM. To make them easier to remember, we often choose passwords that mean something to us, using personal information and common words. Unfortunately, these passwords are easy to guess, and if your passwords are easy to guess, your computer files, personal information and online accounts are at risk.

A couple of simple tools hackers use are the Dictionary Attack and Brute Force Attack. A dictionary attack tries to discover your password by going through a list of known words. This is why you should never use a real word as a password. A Brute Force Attack systematically checks all possible character combinations, so the longer the password, the longer it will take to discover.

If the hacker knows who you are, it’s even easier for them. They’ll find words particular to you. Let’s say you live in “Chatham,” have a son “Michael,” and your dog’s name is “Bone.” A hacker might take these terms and create wordlists from the results. Thus, “ekiMBoneNY” may seem like a fine 10-character password, but it will be cracked in minutes by a hacker who knows you.

To keep your identity safe, it is crucial to have a long, strong password. But even a strong password can  be breached if you share it. Your password should be your personal secret. Keep it.

Protect Your Identity: Opt Out of Pre-Approved Credit Card and Insurance Offers

Posted on by
Reply

Have you ever received a pre-approved credit card or insurance offer? Did you know that these seemingly innocuous pieces of mail can be the key a thief needs to steal your identity?

According to the Federal Trade Commission website, many credit card and insurance companies solicit new customers using criteria based on a credit report (pre-screening). If someone steals your mail, they can fill out the pre-approved application. Then all they need to do is wait for that card to arrive in your mailbox, steal it and start spending.

Register your name and address with OptOutPrescreen.com, the official consumer credit reporting industry website, and you will reduce the amount of junk mail you receive and help protect yourself from identity theft. Opting out doesn’t affect your credit score or your eligibility for credit or insurance.

When you register online with OptOutPrescreen.com. you are opting out for five years. Permanent removal is available but requires submitting a paper form through the mail. You will need to provide the website OptOutPrescreen.com with your home phone number, name, social security number, and date of birth. This information is confidential and will only be used to process your opt out request.

Identity theft is real, but with a little thought and some due diligence there are ways to protect yourself. This free service is a good first step.

Are You Streetwise Online?

Posted on by
Reply

The most important factor in protecting your computer from malicious software is not which security package you install, or which browser you use. Far more important than any technical solution is the behavior of the user.

Just like in a big city, different locations present different levels of risk. The dark neighborhood on the wrong side of the tracks is riskier than the well-lit streets of downtown. Similarly, websites or file sharing services that promise free cracked software or adult movies are more likely to contain harmful content than well-known websites run by reputable companies.

Being streetwise in a city isn’t just about which streets you choose to walk on, it’s also about how you assess and respond to those you encounter, even in the best neighborhoods. Someone on a street corner selling cheap Rolexes might be offering a great bargain, or they might just be out to rip you off.

The analogy still holds for online threats. A favorite tactic of online thieves is to hitch their threat to the latest hot topic using what’s known as poisoned search results. When the latest royal wedding was in the news, a search for images of Kate Middleton and Prince William included results that required the user to install new software before viewing the pictures. Did someone really invent a new type of image file just for this event? Of course not – the software was a trojan.

How can you tell if the website you’re about to visit is legitimate? The easiest way is to hover your mouse over the link and read your status bar. Make sure the component of the address that comes right before the first single slash matches what the text claims it to be. Then pay close attention to any deal you’re offered. Celebrity pictures or videos in exchange for installing new software? Just walk on by.

None of this means you shouldn’t install security software to help protect yourself. When clients ask I usually recommend a free package, not because they’re better but because the user will never be tempted to let their subscription lapse for the sake of a few dollars. Just don’t forget that the best security software can never provide 100% protection – user behavior is key.

How To Protect Your Facebook Account

Posted on by
Reply

After a number of friends recently had their Facebook accounts compromised, I thought I should offer a few tips to help you keep your own account safer. Whether you want to protect your Facebook account or your online bank account, learning to distinguish what’s real from what is not can help you protect your computer and your privacy.

One of the most common ways for unauthorized users to access your account (and there are many ways) is to send you an email to confirm your Facebook password. This is called phishing. At first glance, the email appears to have come from Facebook. Instead, a page has been created to look like Facebook.

A phishing email often claims that there is something wrong with your Facebook account and if you don’t respond quickly by confirming your password, your account will be deactivated. If you were to click on the given link it would take you to a page similar to a Facebook page, but it isn’t really connected to Facebook at all. Enter your password information at this point and the person who sent the email now has access to your account.

How can you tell if the email is really from Facebook?
Facebook would never send you a notice like this. They know your password. The only time you should ever type your Facebook username and password is when logging in directly to the Facebook.com site.

Learn to check your status bar regularly
Before clicking a link in an email or on a web page, you should always hover over the link with your mouse and carefully read the status bar at the bottom of your screen to determine exactly where the link will take you.

For example, below is an email from Amazon. You’ll see that when I hover my mouse over a link in the email, it shows the linked address in the status bar. Notice that in the example, the component of the URL immediately before the first single slash is “amazon.com”. This is exactly what I would expect from this company, so I would feel safe clicking on the link.

Below is an example of a link on Facebook which, obviously, would not take me where I think I should be going. Yuindrfstzi.tk. Suspicious.

In most cases, the things that happen to you online must be authorized by you. Because viruses can’t just download themselves to your computer at will, you need to give permission for the transfer to take place. Phishers continue to improve the look of what they’re doing in an effort to trick you into giving that permission. Be careful where you click and always read the status bar. You’ll find it will be one of the most valuable tools you have to protect yourself from malicious software.

If your status bar is not turned on, turn it on now.

What to do after your account has been compromised 
Log into your account, directly from the facebook.com website, and change your password.

If you use the same password on any other accounts, change it immediately on those accounts too.

Backup Basics

Posted on by
Reply

If you store information on a computer, you need backups. All electronic data is at some risk of loss or destruction, whether through equipment failure, user error, malicious intent or natural disaster. The question is not, “Do I need a backup?” but, “What type of backup do I need?” Thinking about the questions below can help you to answer this question.

What Should I Backup?
Any data you can’t bear to risk losing must be backed up. For a business this might include all your customer and financial records. For a home user it might mean hundreds of digital photos of your grandchildren. Think about all the information you have stored on any computer. For each item that you’d hate to lose, can it be easily recreated or obtained from another source? If not, then it must be backed up.

When Should I Backup?
How often does the information you’re backing up change? How much work can you stand to lose? Would your business (and your sanity) survive if you had to restore from last week’s backup and spend another week filling in the gaps? If so, weekly backups at the end of your busiest day might be sufficient. If not, you might need daily or hourly backups.

How Should I Backup?
The ideal answer is, “Automatically”. The elements most likely to break any backup strategy are human error and inertia. Modern backup software can run continuously in the background, detecting changes to files as they happen and making backups according to a schedule of your choosing. If automatic backup isn’t an option, partial automation is the next best thing. If you can double-click an icon on your desktop to run a backup every day, you’re more likely to do so than if you have to navigate through menus and options every time.

Where Should I Backup?
Making a copy of a file on the same hard drive doesn’t count! Equipment failure will destroy your backup along with your original. If you’re serious about protecting your data, you need both onsite and offsite backups.

Onsite
Onsite backups provide immediate access to old versions of files and copies of accidentally deleted files. They can also get you up and running again within minutes of a hard drive failure. Additional internal or external hard drives represent a highly effective and affordable solution for onsite backups.

Offsite
Offsite backups protect you against less likely but more catastrophic events that result in physical loss or destruction of both your live data and your onsite backups. Portable hard drives can work well, but you have to remember to exchange the offsite copies. If you have a high speed internet connection, online backups are a great alternative, and if your backup set is small enough they can even be free.

What Now?
Call us today at 518.392.0846 to discuss your backup needs. We’ll work with you to understand your requirements so we can recommend and implement a suitable backup strategy for you.

CrashPlan

Posted on by
2

CrashPlan’s unique feature is the “you show me yours and I’ll show you mine” of backup. What I’m talking about is the ability to backup to a friend’s computer, by mutual consent, which probably means letting your friend backup to your computer. This feature is part of CrashPlan’s emphasis on targeting multiple backup destinations from a single application. CrashPlan offers four classes of backup destination.

Friends
If you and a friend each have a CrashPlan account, you can exchange friend codes. When you enter a friend code into your copy of CrashPlan, you gain the ability to backup to your friend’s computer over the internet. This gives you offsite backup without the need to pay for online storage. You have to rely on your friend’s computer being online during the times when you want to perform backups, but as long as there’s enough overlap in your typical online times, this shouldn’t be an issue. More importantly, your friend’s computer will have to available online or in person for you to restore any data.

Computers
Any computer you install CrashPlan on using your own account becomes available to you as a backup destination. Destination computers can be on your local network or on the other side of the country. As with friends, the only requirement is that a destination computer be online when you need to backup or restore. In one scenario, you have a home server with ample free disk space and you use it as a destination for onsite backup. In another scenario, your kid goes off to college and uses a computer that stayed home for offsite backup.

Folders
A destination folder can be on your main drive or on an external drive. For example, you can let CrashPlan automatically backup to an external drive as an alternative to something like Mac OS Time Machine.

Online
CrashPlan Central is the name of CrashPlan’s online storage destination. The compelling feature of CrashPlan Central is the pricing. There are essentially two levels. The Individual Unlimited Plan lets you backup an unlimited amount of data from a single computer. The Family Unlimited Plan lets you backup an unlimited amount of data from any number of computers, provided they are all owned by you or by a family member. Both plans compare favorably with all the other online storage options that I considered.

CrashPlan works on Mac OS, Windows, Linux and, uniquely among the solutions I researched, OpenSolaris. The inclusion of OpenSolaris may not seem like a big deal, but that happens to be the OS that we run on the in-house web server that we use for testing. As a result, I’ve learned to appreciate ZFS, the OpenSolaris filesystem. In short, ZFS is one of the most reliable filesystems available, and you can have it for free with OpenSolaris. Put two or more identical hard drives into a mirror or RAID configuration (a snap with ZFS), set up your OpenSolaris box as a CrashPlan backup destination, and you have a very solid onsite backup solution. ZFS can automatically detect and correct physical hard drive errors that would result in silent corruption on most filesystems. With CrashPlan’s automatic archive maintenance running on top of ZFS, you should be protected from everything but physical destruction or theft of your onsite backup.

For now I’m sold on CrashPlan as our main offsite backup solution and seriously considering it for onsite backup too.

SpiderOak

Posted on by
Reply

SpiderOak is a highly capable online backup solution, with competitive pricing in 100GB increments for an unlimited number of computers. Your first 2GB of online storage is free, just like with Dropbox. The application gives you extensive control of your ‘SpiderOak network’, which consists of all the computers that you’re backing up, and all the files you’re backing up on those computers. SpiderOak works fluidly across Mac OS, Windows and Linux, automatically uploading changes to any file or folder that’s marked for backup. Selecting the files you want to backup, restoring backed up files and previous versions are all easy tasks with the SpiderOak application. Beyond efficient online backup, SpiderOak has a couple of tricks up its sleeve.

First, let’s say you like the idea of synchronizing specific data across two or more computers (a la Dropbox), but you don’t want to have to move files and folders around to achieve this. With SpiderOak, you can set up a ‘Sync’ between two or more folders in your SpiderOak network. Those folders can be on different computers or on the same computer, SpiderOak doesn’t care. Once a Sync is set up, SpiderOak will keep those folders synchronized automatically. Want to do the same with another folder? Just set up another Sync. It’s like having multiple Dropbox folders, all of which are independent, so you don’t have to synchronize everything on all your computers.

SpiderOak’s second clever trick is a feature called ShareRooms or Shares. This feature lets you make a subset of your data available to others online. You set up a named Share that includes one or more of the folders in your SpiderOak network. These folders don’t have to live on the same computer. When you want to give someone access to a share, you give them either the login credentials or a unique URL. Your friend or colleague can then browse and download anything contained in that share. If you make changes to files or folders included in a Share, those changes are reflected in the online ShareRoom. Users can even be notified of changes via an RSS feed.

So why would anyone use Dropbox when you can have SpiderOak? Although SpiderOak easy to use, the process of setting up a Sync or a Share is not as simple as just installing Dropbox and throwing files at it. Contrast Dropbox’s no-UI approach with the 5 main tabs, 11 sub-tabs and maybe 50+ buttons, checkboxes, combo-boxes, text boxes and menus of SpiderOak. The absolute simplicity of Dropbox is a big win if what it does so well is all that you need.

We’ll continue using SpiderOak for its Sync feature. This will make it easy for us to keep files synchronized when we’re both working on the same project, without having to move project folders around. The only reason we won’t be using it for all our online backup is that I found a solution offering unlimited storage for the same price as SpiderOak’s 100GB package. If you have less than 100GB of data to backup, SpiderOak’s unique combination of features is compelling. I also find the company’s philosophy and openness to be very refreshing.