Posted July 19th, 2012 by Mark with No Comments
If you are one of the folks using Windows Vista or 7 that use “Windows Gadgets” (those floating desktop applications like the clock, stock ticker, weather forecast, etc.) – you need to do this now. Seriously.
A long-standing, but recently “outed” security vulnerability in Windows Gadgets will likely be used in short order as a way to deliver infections or worse to your computer. Microsoft’s (and my) recommendation? Turn them off.
There is a simple method provided by a Microsoft “Fixit” link, here.
To do this, click on the link, decline the “experience survey” if offered, then look for the Fixit link in the middle of the page on the left labeled “Disable Windows Sidebar and Gadgets.” Click this link, if offered, choose “Run”. If your browser (like Firefox or Chrome) requires that you save the file first, be sure to click on the saved file to run it. This file will do exactly what it says, disable the Windows sidebar and gadgets. When finished, it will ask you to reboot your computer – which you should do.
While Gadgets were never a critical part of the operating system, they were useful. It’s unfortunate that they chose not to fix the problem. Be sure to let us know if you have any trouble – this is the sort of thing that can be easily done in a short remote session if you need help.
Do it today!
Posted June 13th, 2012 by Mark with No Comments
With the spate of publicized security breaches this spring, I’d like to revisit the password theme. Having good passwords for your online life is just too important not to cover it again.
It seems that every time you turn around, another task you’re trying to accomplish requires a password. In general, this is a good thing, but unless you’re prepared, it’s also a big annoyance. So – let’s get prepared.
First, some overview – If the site will allow that many characters, you want to use at least 12. Ideally, you also want to mix the case of your letters and have some numbers and/or symbols in there as well. You need to be prepared, however for those institutions that have limited their software unwisely. Some don’t allow symbols, some don’t allow spaces, etc. Hopefully, though, you can use however many characters you want of any description.
To keep from getting trapped by the oh-so-tempting practice of using the same password for everything – you need a system. Here’s one that is a good mix of security and ease of use:
Pick a phrase. You can use a line from a song, book or movie, or just a phrase that means something to you. For our example, we’ll use a line from Shakespeare.
All by itself, this rates as a very strong password, but with a simple change like substituting ‘zeroes’ for the ‘oh’s', you can make it even stronger.
Now, to make it individual, add characters to the end to identify the site for which you are making the password. If you are creating a password for Facebook, for example, put FB at the end, like this:
Similarly, you can do PNC for the bank, AZ for Amazon, GM for Gmail – you get the idea. If the site allows any number of characters, you could just use the name of the site:
Although, some sites enforce a rule that prohibits the name of the site anywhere in the password, so it’s probably safer to use abbreviations.
For different substitutions, you can use “$” for “S”, 4 for A, 7 for T, 3 for E, etc. Don’t get carried away, just make one or two substitutions and stick with that. If you can use at least 12 characters you’ll have a very strong password that is pretty easy to remember.
There are a couple of sites you can use to judge the effectiveness of any password. Here’s one that rates the strength of the password:
And here’s one that measures how long it would take to guess any password using a computer and brute force (try all possibilities until you find the answer).
If you can score high marks on both sites, your methodology is good.
Note that this system has a weakness in that if you give or anyone guesses the core part of the password you are using, they can easily guess your passwords for everything – so resist the urge to tell anyone one of your passwords, and be sure to change them once in a while.
Posted May 3rd, 2012 by Mark with No Comments
The usual media storm of hyperbolic headlines about the latest spyware / malware scare has begun. Here’s my explanation, along with ONE simple thing you need to do.
A few years ago, some bad guys in Estonia cooked up a deal with companies selling fake “little blue pills.” They wrote a piece of malware that, once installed on your machine, would wait patiently until you tried to go anywhere on the Internet. It would then leap into action and redirect you from your intended destination; taking you instead to a site selling these fake pills.
The crooks got a percentage of any purchases made — which netted them about $14 million dollars before the FBI and Estonian police shut down their operation.
To minimize disruption on the Internet, the FBI kept the redirecting computers running, but set them to send you to the actual site you requested (in other words, act like any other “DNS” server and just route traffic appropriately).
The real news here is this: The FBI doesn’t want to keep running these computers forever. They will be shutting them down on July 9th this year, unless they receive an extension and additional funding.
When the computers are shut down, people who have this infection, but don’t know it, may have problems searching the Internet.
To check to see if you have this infection, just go HERE. If you get a green graphic, then you’re clean and good to go.
If, on the other hand, you get a red graphic,
then you have the infection and should call us to help remove it.
That’s it. Take this small test before July and let us know if you need help.
Posted April 16th, 2012 by Mark with 1 Comment
Ok, open Internet Explorer, click on the “Tools” menu, choose “Options”, then click on the “Security” tab. Locate the box “Allow spyware infections” and UNCHECK it.
Of course, it’s just not that easy – if only there were such a box…Back to reality now.
The bottom line here is that there is no absolute way to prevent being infected. This is a war, and every day there are new and increasingly-clever spywares trying to infect you and get your money or your data. Every day the anti-virus and anti-spyware softwares offer updates to protect you against the latest threats. Depending on which side is ahead in this war today, you can be infected, even with the latest protection, or you can safely carry out your business unaware that your software just fought off a nasty virus.
Well, there you have it. The undercurrent here is that this is YOUR computer – YOU are in charge of your defenses. Make sure you have a backup (Call us to help with this!) just in case. Call us if you don’t understand what to do next, of if you get infected despite your best efforts. We’re here to help.
Posted April 15th, 2012 by Mark with No Comments
Let’s all say it together now: “I HATE PASSWORDS!” Now, doesn’t that feel better? For better or worse, passwords are a necessary part of living in the computer culture. More and more websites and softwares require that you create an account with a password. To make matters worse, every one of them seems to have different rules for what they accept: “At least one capital and one lowercase letter” – “2 non-sequential, non-consecutive digits” – “Can’t contain more than 3 matching characters of your user name.”
You get the picture. It’s obnoxious and getting worse (don’t even get me started on those fuzzy letter things called “Captchas”.) Most folks resort to one of two methods. They keep a notebook by their computer where they write down all of their passwords, or to the extent possible, they use the same password for everything. As you might have already suspected, both of these ideas are bad. They are like leaving a key to the front door under your mat. There may have been a time when that was acceptable, but that time is long, long gone. Oh, and just to get this out of the way, adding the digit “1” to the end of a common word does NOT – I repeat, NOT make a secure password.
For years, I have promoted the “letter substitution” method of creating secure passwords. Pick a word or phrase you can remember, then substitute similar-looking numbers for some of the letters. If a “4” looks like an “A”, then “Paris2007” becomes “P4ris2007”.
(extra credit: Google or Wiki “Leetspeak”).
While this is better than a regular word, it’s not as secure as it once was, and you’re still at risk if you pick one secure password, then use it for everything.
As we store more as well as more-important data on our computers and online, using and (ugh) changing more secure passwords is becoming unavoidable. Unless you enjoy getting hacked, that is.
So…..I’d like to offer a short tutorial on another method for creating good passwords that you can remember and then (ugh) change and still remember. I would love to take credit for this, but it comes largely from a great article by Farhad Manjoo found on Slate.com. First, the method, then some examples.
Step 1: Make up or pick a phrase or better yet two phrases (they don’t have to relate to each other). Make one of the phrases have a date or period that you can change.
Step 2: Turn the phrases into an acronym (use only the 1st letter from each word). Keep capitalization as in the original phrase.
Step 3. Use letter substitution for some of the letters. (“1” looks like “l”; “3” looks like “E”, “4” looks like “A”; “@” can be used for the word “at”; “$” looks like “S”; “7” looks like “T”, “&” can be used for the word “and”; “8” looks like “B”; “0” looks like “O”)
Step 4: To change the password use the period chosen in step 1, and just substitute the current period.
Clear as mud? Ok, let’s do some examples.
My phrase: “In high school I scored 14 points in 1st quarter of the homecoming game”
The acronym: IhsIs14pit1qothg – (you don’t have to remember the acronym – just say the phrase aloud or in your head and type only the first letter of each word – try it, it’s easy!)
The acronym with substitutions: Ih$I$14pit1qothg – (Notice I only substituted one letter, $ for S.)
To change this password you can divide the year into quarters, so on April 1st or thereabouts, you can change the phrase to “2nd quarter”, which changes the resulting password to “Ih$I$14pit2qothg.”
If you want to change the password monthly, for example, you might use the following phrase: I like corn on the cob, especially in August.
Password with substitutions: Ilc0tc3ia (I substituted a “zero” for the “oh” and a “3” for the “e”)
In September, this would change to: Ilc0tc3i$ (adding the “$” for “s” substitution)
Once again, the only part you need to remember is the initial phrase, and which letters you use for substitution. It’s simpler to only substitute one or two, and more secure to substitute more. Start easy and work up to more complicated.
For the most important passwords (your brokerage account, for example), use two phrases that are non related, like this:
Phrases: Kermit the frog was green. Its 10 degrees in January.
Acronym: Ktfwg_I10diJ (I used an underscore character to separate the phrases since spaces are usually not allowed in passwords)
Password with substitution: K7fwg_110d1J (I substituted “7” for “T” and “1” for “I”)
Each month, change the phrase, and make the temperature a multiple of the month (20 for February, 30 for March, 80 for August, etc.) So, in September, this password would become: K7fwg_190di$.
Since you are turning the phrase into an acronym, you can use familiar phrases without compromising the security of the passwords. I love jazz standards of the 40’s, so I often use the first line of a song and a singer as my phrase, e.g. “Johnny One Note was sung by Anita O’Day”. My second phrase might describe the weather here in Pittsburgh. “It’s cold in January”. The resulting password from this combination is “J0NwsbA0DIciJ.” In July, the second phrase might change to “It’s sunny in July.” This would make the password “J0NwsbA0DIsiJ.”
Ok, now go out there and change your passwords – I’ll wait.