Monthly Archives: March 2013

Passwords

KeePass main screen shot

I read a great deal about computer security. It is a topic that concerns me and interests me greatly. All too often the breaking news stories concern hacking and data breaches and electronic theft.

I recently read an article that suggested passwords are becoming obsolete. With the continuous advancement of processing power and speed, the time it takes for passwords to be ‘cracked’ (guessed by trial and error) decreases and the technology required to do so becomes more accessible. Future security measures will involve biometrics and/or embedded chips rather than passwords. Until then, passwords are what we have and use.

Recommended in almost every article I read about security and passwords is that passwords should be ‘strong’ (not easily guessed). In 2012, however, the three top passwords, unchanged from 2011, are still: “password”, “123456″ and ‘12345678″. Almost every article I read about passwords and security also recommend that people use different passwords for each site and account. That way, if someone does manage to obtain your password, at least they won’t be able to access all of your data or accounts. Doing so would limit the damage that could be done.

That leads to the dilemma, of course, how can one possibly remember each password for each website or account that one has?

The answer, of course, is: you can’t. To address that problem, I have seen people who use post-it notes, a journal or notebook, or even a single Word document or spreadsheet. Even a protected Office file is not very secure. Many people allow their web browser to store this information – very high risk!

I access a multitude of password protected sites. I have multiple email accounts. I have many computer log in credentials. The number of credentials I use make it impossible for me to remember them all while maintaining an acceptable level of security.

I use and recommend KeePass. KeePass is a password management database that uses an AES encrypted database for storing all of your access credentials and passwords securely. AES (Advanced Encryption Standard) is NSA approved for top secret information. KeePass is fully portable, it can be installed on and run from a USB drive. KeePass notifies you automatically of password strength. KeePass even has a random password generator built in that will make up passwords for you. In short, KeePass is an easy to use, encryption protected password management database that requires one master password for access.

Finally, KeePass is open source and, as with many of the programs I recommend, free.

Backup, backup, backup

“Save and save often” used to be the computing mantra. These days computers are so much more reliable, you don’t hear that phrase repeated as often. Power outages, bugs and crashes could send people into a fury who had been working diligently on a file or document only to have time and productivity lost when the screen went black or blue. Although not as often, it does still happen – though this post is about backups, I thought I’d remind you to save and save often…

You do back up your files, don’t you? Hard drives fail. They do. I see it all the time. There are instances when you do receive some kind of warning and you have time to create a final backup before replacing the failing hard drive. Other times, there is no warning.

Time was, when it required a fairly good bit of misfortune to lose everything: precious photos of relatives who’ve passed, of your son or daughter’s first day of school, video of baby’s first steps, graduations, you get the point, misfortune like a house fire or a leaky roof, or flooded basement. In this digital world, all that is required is a hard drive failure.

You have to back up your files and data! It is not only personal photos and video at stake. I have experienced people who’ve lost hundreds of dollars in music purchases. We never really had much to worry about with albums, cassettes or CDs, but now with music and video downloads there is much at stake. All of your email communication could also be lost. Not to mention data files and documents. With hours of labor involved, it is hard to attach a monetary cost to such items.

Put in perspective, spending $150 to $200 for an external USB backup hard drive is cheap insurance to protect your digital valuables.

Personally, I use a Synology server, which I mentioned in a previous post. It was much more expensive than a simple external back up device, but still when compared to the value I would stand to lose, it really is cheap insurance.

Why I don’t like “Cloud computing”

It was announced that on July 1st, 2013, Google will shut down Google Reader, an application for organizing and reading favorite web sites and blogs via RSS feeds.

Google’s decision is as a result of declining membership: “While the product has a loyal following, over the years usage has declined. So, on July 1, 2013, we will retire Google Reader.” as indicated on their Google’s blog.

One of the benefits that developers of cloud based applications claim is that you do not have to purchase and install updates or upgrades. Because the application is cloud based, when updates and upgrades are applied, all users instantly benefit.

I do use cloud based services. I’ve used QuickBooks Online, Dropbox, and Gmail among them.

I’ll never embrace them fully. What happens when an update applied is something you neither want nor need nor like? Applications that are actually installed on my own machine allow me to decide for myself whether I want to upgrade or not. What happens if a service is sold or shutdown? As recently happened to me with an anti-spam filter, and now with Google Reader. What if the provider determines that the service is no longer for their benefit, what about your benefit? Finally, although some amount of privacy protection is written into most services Terms of Service, some more than others, how private is your information when transferred over the internet and stored on someone else’s machine? Couple that with the fact that, as any Facebook user knows, terms tend to change. Here’s another relevant article about cloud storage privacy.

I like the “old way”, LOL!

I store my own files and data on my own computer and back up accordingly. I use Dropbox merely for convenience and the ability to share files with others. My primary email accounts reside on my machine and I back up my email boxes. When away from the office, I check via web based email or on my mobile. I buy a software license and install the application to my computer. I have the freedom to decide whether I update and upgrade or not.

Proper (data) disposal of your old computers

What do you use your computer for? Do you use it to file your taxes? Do you purchase items online? Do you perform financial transactions? At the bare minimum you have personal information, including communications, that you’d probably rather remain private. Have you ever considered whose hands your data might fall into?

How do you dispose of your old computers? Do you recycle them? Do you throw them in the trash? Do you pass them along to someone who might make use of it? What happens when that person is finished with it? Where your personal data may end up can be anyone’s guess.

But you deleted your data before you disposed of the computer, you say… Are you aware that using recovery software, even deleted files, if not properly overwritten, can be retrieved.

If you’d like to ensure that your data is properly removed from an old computer, or old hard drives, please contact me. I can help. My disposal techniques adhere to D.O.D. (Department of Defense) standard 5220.22-M.

Consider the contents of your USB drive, should you lose it

What do you carry on your usb drive? You know, the little device, sometimes referred to as a thumb drive or flash drive. If you are like me, the contents change constantly.

Have you ever considered your reaction should you lose it, or it gets stolen? Perhaps you have private information, tax forms, client information – most certainly your home address and contact information can be found on your drive. Perhaps you even have more sensitive information like accounts and passwords.

I’ve never lost one (knocking on wood!). I have, however, misplaced one for a time, unsure of exactly its whereabouts. Immediate note to clients: none of your data was ever at risk. I was reassured and had peace of mind because I use disk encryption software to protect data on my thumb drive. Easy to use, my disk encryption software utilizes 256 bit AES encryption (NIST-certified AES 256-bit encryption). With that level of encryption, depending on the number and type of characters in your password, it would take years to brute force attack the file to open it.

By the way, the same thought applies to laptops (even desktops in the case of home theft). Have you considered what might be lost should your laptop be stolen?

If you carry files and data on your portable drive that you would rather keep private, speak with me about encryption options. There’s no need to lose sleep over not knowing where your data will end up.

Speed up a slow machine

Many people come to me, frustrated that their PC or laptop seems to have slowed down over time.

While that is a symptom of system ‘bloat’ – people don’t realize just how many programs and applications they install over time, there are measures that can be taken to add some pep to their machine.

First and foremost, if you are still using Microsoft Windows XP, and many are, as it is still a worthy, stable and useful operating system, do yourself a favor: at a convenient time, when you don’t intend to use the computer for a time, let the machine run a full defrag (short for defragmentation). Hard disk fragmentation happens naturally over time and using the defrag utility can speed up a slow machine noticeably – particularly when you have a large hard drive capacity. It could be advisable to run the CHKDSK (checkdisk) utility also. Both tools can be found by clicking My Computer, then right-clicking on the hard drive (C: drive), choose Properties, then click on the Tools tab, and there you’ll find the tools labeled: Defragmentation and Error Checking. Note, however, that sometimes, when a machine is really dragging, that can be a sign of a failing hard drive. Note also that in Windows Vista and Windows 7, defragmentation is conveniently automatically scheduled for periods of computer inactivity.

Second, check to see how much memory your machine has installed. The minimum system requirements specified by Microsoft are often inadequate when you consider the programs that you are running on top of the operating system – think anti-virus, among other things. A memory upgrade can be a very economical way to add life to slowing PC. Memory prices decline over time. The older the machine, the cheaper this upgrade becomes.

Lastly, consider installing an SSD hard drive. SSD refers to a Solid State Drive. SSD hard drives of the same storage technology as portable ‘flash’ or ‘thumb’ or ‘usb’ drives with higher capacities. SSD hard drive capacities have increased over time which reduce prices on lower capacity models. This can be the most expensive upgrade option, but it usually pays the highest dividend. Why? Because the most commonly used hard disk drives (HDD) have moving parts, similar to a record player (remember those?) where in order to read or write the required information, the HDD platters must spin (like the record) and a magnetic head must move (like the needle) to the appropriate area of the platter to read or write the information. If the HDD is fragmented, as mentioned above, the head has to move to multiple locations on the platter to find the required information – that really slows things down! None of this occurs with an SSD. There are no moving parts. This upgrade can be particularly useful in a laptop because it is also far more energy efficient.

When I built my first Windows 7 machine. I originally did so using an traditional HDD. Windows 7 has a built in rating utility (the Windows Experience Index) that will indicate which parts of the machine are the slowest and rank the system on a scale of 1.0 to 7.9, with 7.9 being the fastest. My original build indicated a 2.9. The slowest part? The HDD. I quickly decided that that would not do! I installed the operating system to a newly purchased SSD and relegated my general storage to the traditional HDD. The revised speed rating of my machine? 6.6! The slowest part now is the video adapter – I can live with that!

Again, an SSD is not an inexpensive proposition. But in terms of return on investment, replacing an older platter HDD with an SSD makes a hugely noticeable difference.

Is your computer running slow? You may want to consider these things.

Catch Notes – for mobile devices

One of my favorite apps for Android is Catch Notes.

At the time of this posting, Catch Notes has a user rating of 4.4 with 42,705 downloads.

I use Catch in lieu of paper notes and post-its. I can’t say I’ve used all of the features, so I won’t attempt to describe them all. The features I use most often are the typed Text Notes, the Reminder notes, the Voice Notes, the Checklist notes, and the recently Sketch notes.

Catch, by default, categorizes your notes into a “Space” called “My Ideas”. If you use the app to its fullest and take a lot of notes, you can categorize your notes into different customized “Spaces”.

I used to jot notes down on any scrap of paper available and they would collect and build up in my pockets or brief case. I would try to throw them away when no longer needed. Some, I would lose. Most ended up tattered. Now, I use Catch.

The Checklist notes are aptly named and perfect for lists of any type. I use them for listing items and tools I must remember for field work. I use Checklist notes for shopping lists, for example a list of home repair items that I need to pick up from the hardware department. Before Catch, I don’t think there was a time when I didn’t forget to bring home one item or another that I intended to remember when making my pilgrimage to Lowe’s or Home Depot.

The Voice notes are perfect for when typing is not convenient or simply not an option. Tap to create a voice note and speak your note, the note is saved by date and time.

Reminder notes will pop-up a reminder message at the date and time specified.

Text notes are the standard note entered using your keypad.

Using your phones camera or photo ‘gallery’, you can also save photo notes.

The Sketch notes are the most recent addition and, in my opinion, the coolest of notes, which is why I saved this style for last. Using the touch screen, sketch, draw or write anything you’d like and save it as a note.

You can share notes using social media, collaborate with others, tag, location tag, add attachments to notes, with full search functionality.

There is one more feature that I must mention: the app is free; free with no adds! You haven’t downloaded it yet? 😉

You can find Catch Notes on Google Play. Catch is available for Android, iPhone and iPad. Learn more at Catch.com

Synology server – a robust solution for centralized, secure storage and computer backups

Synology makes a terrific home and small business server, sometimes referred to as an NAS (network attached storage).

I have installed Synology servers at over 8 client locations and, in addition, run one myself.

The Synology server is an economical yet robust and secure piece of hardware for centralized file storage, computer backup storage and more!

I’ve recommended the Synology server to clients for many reasons. It runs on a linux platform, has an easy to use web based management system and it ships with more features than most people will use. I won’t go into all of the features here. They can be found in detail at the Synology web site. But I will go through some of what I’ve found to be the most important.

The Synology servers I employ feature a RAID disk array. What that means is that your data is replicated on two, mirrored, identical, hard disk drives. If one drive should fail, your data is safely stored on the second, for redundancy. Is that fail safe assurance that your data is safe and secure? Well no, there is still the possibility of catastrophic failure including fire, theft and natural disaster – for that reason, your Synology server can be backed up as well. But the chances of two hard drives failing at the same time are remote and the entire device is small and light enough that it can be taken with you in an emergency.

Unlike Windows (and other) servers which require license purchases per user, the Synology server’s linux operating server won’t cost you per user. While there are physical limitations to the number of users, the target consumer for this type of system will never come close to that limit.

You can utilize the Synology server as the destination repository for manual or scheduled backups of the data stored on individual PCs. Synology includes an application named Synology Data Replicator which will run attended or unattended backups scheduled when it is convenient for you. All data stored on the Synology server is password protected and secure.

You can also configure your Synology server to store shared files and folders. Your server can be configured in a workgroup or domain environment for shared, centralized, file storage and conveniently mapped as drives on your Windows workstations.

Of the many more features, your server can be configured for remote access. You can retrieve files from home or when traveling. It includes a fully functional web and email server for web and email hosting. It includes a security/surveillance application for the recording and storage of video from security cameras, which can also be viewed live and captured remotely (this feature does require the purchase of additional camera licenses as well as cameras). You can stream music, and create your own photo galleries of digital pictures.

In addition to remote access of the features mentioned above, Synology includes mobile device applications which allow the full remote access functionality right from your Apple or Android device!

This hardware is well worth considering. Call or email me for more information. I can also provide a demonstration. I haven’t even mentioned the low cost!!

Better Understanding of Malware

I have repaired many computers and have encountered most forms of malicious software. The question I am asked most often by the infected party is “How did it happen?”. After the fact, that is a very difficult thing to determine.

The term “computer virus” has become a catch-all phrase that incorporates all forms of “malware”, “spyware”, and “adware”. The thread that binds these malicious programs together is the fact that they are employed for nefarious purposes. The differences, briefly, include the “worm” which can travel from machine to machine over a network exploiting security holes in operating systems and programs, the “virus” which is self-replicating and must be executed (run – like any other program), and the “trojan horse” which, true to its name, presents itself in some friendly way, concealing malicious intent, and must also be executed.

The best way to avoid worms: keep your software and operating system up to date by installing the latest security patches, and use a firewall.

To avoid viruses: install and run a reputable antivirus program, and keep it up to date. Don’t install software if you don’t know where it came from. If it’s free, unless it was recommended by a reputable source, I avoid it. Avoid file-sharing: music and video are commonly shared files and often the source is unknown. Avoid opening email attachments where the file ends in “.exe”, “.zip”, “.bat”, “.com”, “.vbs”, “.scr” to name a few (make sure “Hide extensions for know file types” is unchecked in Windows Folder Options, under View). Be careful of Microsoft Office files that contain “macros” – again, know the source.

To avoid Trojan Horses: remember ‘”all that glitters is not gold”, know what types of alerts are legitimate Windows alerts and know the legitimate alerts from your particular anti-virus program. Also, follow the steps for avoiding viruses.

With regard to email messages, don’t fall for messages that try to create a sense of urgency with statements like “Your account has been compromised” or “Your account information has been stolen”. These email messages generally provide a link where you can “log in” to correct the situation. In reality, these emails are cover for a “phishing” scheme where you are lead to a phony web page, created to look incredibly realistic. Once you enter your log in credentials – you’ve just given the schemer all he/she needs to know: that you have an account at Bank of America/Wachovia/TD Bank, that your user name is XYZ and your password is 1234.

Look closely at the link contained in the message. Generally, a user friendly address is provided indicating ‘bankofamerica.com/login’ when the address behind the link is along the lines of ‘bankofamerica.iwillgetyou.com/login’. As you should be suspicious of strangers at your door, or telemarketers asking questions like ‘what’s your street address?’ and ‘What kind of security system do you have?’, you should also be suspicious of an email telling you that your account has been compromised and providing a link for you to ‘log in’. If you are unsure, log on to your account by typing the actual web site address yourself, or by using the link saved to your “favorites” – or call the company in question and ask if they sent out an alert. Most companies will tell you that they would never send out an email of that nature and would instead suspend your account until you reinstate it. By the way – Microsoft will never contact you by email to let you know that there’s an update you need to install.

Recently, I received a call from someone who was very alarmed by what she was seeing on her computer screen. Apparently, there were pop-ups and messages indicating the presence of “viruses” and “trojans”. Not knowing whether those pop-ups were legitimate or not, I suggested that she simply power off the computer. She did better than that! She put it into standby which enabled me to later pick up right where she left off. Because of that, I was able to document a trojan attack attempt. I detailed it in the hopes that it will help you guard yourself against similar attempts. Visit the next page if you’d like to see a malware attack in progress.

Further Information / Reading:

If you have any questions about what you’ve read, or have similar experiences to share, please don’t hesitate to drop me an email.

Computer and email security has really come a long way.

Like water, which will take the path of least resistance, most cyber criminals gear their efforts toward taking advantage of the human element rather than trying to break through software and hardware security. That aspect of computer security is referred to as “social engineering”. It is much easier to trick the computer user (you) than it is to thwart, crack or ‘hack’ computers.

How is this done?

You probably see it all the time. I know I do. Any email sender can ‘spoof’ the sender information. In United States Postal Service (snail mail) terms, it is as easy as my sending you a letter and putting someone else’s return address on it. The spam emails that I see regularly have return addresses from major banks, the IRS, the Better Business Bureau, UPS, and many, many more. You get the idea: mostly familiar names; senders who might pique your curiosity: “Hmm, I didn’t order anything from XYZ company lately, what might this be?”. “Or, Oh no, why does the IRS say I owe them money?”

If you receive messages such as this, often times you can simply disregard and delete them. Sometimes they are too coincidental, perhaps coinciding with a recent purchase or transaction. Opening the message itself rarely presents the problem. Most of the actual infections occur with message attachments. Often times, the attachments take the form of a PDF, or a ZIP file.

That makes protecting yourself much easier doesn’t it? If the message seems suspicious, and it contains no useful information but has an attachment, don’t open the attachment.

Think about it: How did the IRS get your email address? If you do owe them money, do you really think they’d send you an email? Wouldn’t they call? I laugh to myself when I receive a message from a bank with which I do not do business.

Please remember to remain on guard with respect to email messages. If you do not know the sender, or if it seems odd that you would be receiving a message from a particular sender, or with a particular message, it is probably spam. Always be particularly suspicious if the email contains an attachment.

No email spam filter is perfect; spammers are always trying to find ways through corporate defenses. Remain vigilant and, as always, if there is a question, don’t hesitate to contact me.

Applied Technology Business Services Blog

Pete's technology blog, with information you can use