Keys to a Secure Website – Passwords

on May 25, 2010

Today’s Topic: Passwords

Throughout this week I will be posting some tips on how to keep your website (and other accounts) as secure as possible from malicious activity or unwanted intruders.

The first topic I am going to discuss is by far the easiest and most commonly use way of account exploitation: Easy Passwords.

With password cracker software out there and hackers getting smarter, it’s cheesecake for them to get owner access to your account that should be protected.

Examples of weak, vulnerable passwords:

  • kelly824 (my name and day of birth) seriously, that’s easy information and anyone can figure that out.
  • letmein
  • opensesame
  • p@ssword123
  • fluffy

And the list can go on and on. You never really want to use a password (especially when it comes to your bank account) that can be found in the dictionary or a name, or any numbers that are identifiable such as birthdays, anniversaries, etc. It’s just too easy for people to crack and most sites that get hacked are done so because the admin password has been compromised.

Examples of strong passwords:

  • b@b8!llA
  • MSte790eq (if only numbers and letters are allowed, no special characters.)
  • h!t0Pt@b1e

Password Recommendations:

  • Use UPPERCASE and lowercase letters
  • Use Numbers
  • If allowed, use special characters such as !@#$&
  • Do NOT use any easily identifiable names or numbers
  • Ideally, you want your password to be as long as possible, but please try not to use a password less than 8 characters.

Have trouble remembering passwords, try KeePass Password Safe. Keeps your passwords on your computer, but encrypted and ready for you to copy and paste. :-)

Remember, it’s the littlest things that can go so far, the same goes with website security.

Filed Under: Security, Technology Tagged With: , ,

[Security Warning] Use FireFox? Update to 3.6.2 Now.

on March 23, 2010

Mozilla has pushed out an update for a major security whole within the browser, announced March 22, 2010. Researcher Evgeny Legerov of Intevydis reported the issue:

…The WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system…

If you haven’t upgraded your version yet, you can do so by going to Help > Check for Updates OR Help > Apply Downloaded Update Now.

Filed Under: News, Security, Technology Tagged With: , , ,

Fisher Price Develops iPhone Apps for 2-5 Year Olds

on March 19, 2010

Yes, you read that correctly. Fisher Price has teamed with IDEO to develop and launch iPhone games for children between the ages of 2 and 5. The games so far developed and available for purchase are:

See ‘N Say: A virtual version of the real thing.

Little People Farm: Farmville for Tots?

Chatter Telephone: Children will learn about numbers.

The prices are between .99 cents and $1.99. Not bad but I’m really not sure about handing a 2 year old my $400+ iPhone. Maybe for the hand-me-down iPhone’s?

Filed Under: Gadgets, News, Software/Applications, Technology Tagged With: , , , , , , , ,

[Malware Warning] Facebook Password Reset E-mails

on March 19, 2010

Yet another warning about Facebook.

This week (and weeks to come maybe?) many people around the world have received an e-mail message supposedly from Facebook with a message that their user password has been reset and attached to the e-mail is a .zip file.

DO NOT OPEN THE ATTACHMENT

My fiance’ received such a message and while it says from “support@facebook.com” the e-mail has been spoofed; meaning it actually came from another source but is trying to look like it came from Facebook.com.

I was not able to get a screen shot from him but I did find one on the interwebs.

Facebook Malware

Now, a lot of people may pick up quickly that this e-mail is fraudulent. The verbiage, lack of name, lack of signature and privacy statement and the fact that you have to download an attachment to get said “password”, but for those that aren’t quite sure. It’s FAKE.

According to McAfee Security the attachment contains downloaders, password trojans, just to name a couple. Either way, it’s bad news for you and your security.

If you ever receive a suspicious looking e-mail from Facebook, please report it to Facebook’s Security Team.

Filed Under: News, Security, Social Media, Technology Tagged With: , , , , , ,

Deep Pockets + Bling Addiction = Diamond Studded iPad

on March 17, 2010

As celebrities continue to “Bling” out everything from iPod’s, sunglasses, watches. to teeth, dog collars, and leashes the craze of diamond studding still continues to hit new lows (or highs?).

Recently, Mervis Diamond Importers decided to be the first to offer a Diamond Studded iPad for only $19,999. Only.

Diamond iPad

Diamond iPad

Mervis told TheRegister that “it was a matter of time that before someone creates, so I wanted to be the first”.

I am curious, however, to see how many of these puppies he sells. Interested in one? Visit the website. If you actually buy one, let me know!

Filed Under: Gadgets, News Tagged With: , , ,

AT&T vs Verizon – The Clash of Titans

on December 9, 2009

Since the iPhone’s creation and launch users have flocked to AT&T to get on board the iPhone craze and phenom. With the ever increasing Features and Apps you can pretty much do anything with the iPhone. Thus, “There’s an App for That” was born. In the widely popular “App for That” commercials to boast the abundance of apps available to do this, that, and the next thing while on “the World’s fastest 3G Network” just by purchasing and using the iPhone, popularity continued to soar and it seems like everyone had an iPhone.

Then, as it seems, Verizon had an epiphany. What good is the “World’s Fastest 3G Network” if you can’t connect to 3G because it is not available in your area. And so it begins. “There’s a Map for That” commercials begin. Verizon picked at the open wound of AT&T and the fact that they do have a small 3G network compared to that of Verizon. While this is only half true [read this for the technical hoopla], it resulted in a lawsuit filed by AT&T against Verizon, a counter-suit from Verizon and then the dropping of both lawsuits.

As if that sore was not sore enough Consumer Reports ranked AT&T dead last in Customer Satisfaction. Ouch. One thing is for sure, AT&T’s iPhone Exclusivity contract will be coming to an end, probably sometime in 2010, and if their act (and network) isn’t cleaned up and iPhone plans revised to be competitive instead of more expensive, we will see a mass exodus of iPhone users to competitors for network coverage, satisfaction, and/or price of plans.

Now, enough of AT&T, Verizon is not without its woes. Currently, the FCC is investigating Verizon’s sudden increase of their early termination fee for “advanced devices” from $175 to $350 and the FCC is also investigating whether Verizon is guilty of some shady charging practices. Apparently Verizon is charging a $1.99 fee for users who accidentally access Verizon Mobile Web without a data plan. $1.99 doesn’t seem like much but multiply that by thousands of users who inadvertently press it and they’ve made themselves some free money! Read more about this at The Register.

So basically we have a choice regarding the top two Wireless Giants. One that ranks poorly in customer satisfaction or one that has some shady money making agendas.

T-Mobile anyone?

Filed Under: Cellular, Daily Musings, Technology

This Week in Fails.

on December 4, 2009

Tiger Woods

In a testament to show how much the world has become addicted to knowing the private lives of others, the Tiger Woods “transgression” has been a hot bed of speculation, gossip, and privacy infringement. According to many local citizens of Central Florida reports and news media have actually flocked to known hang out places of Mr. Woods to talk to folks who may or may not of seen anything, to get an idea of what Mr. Woods was like out of the spotlight and if they’ve witnessed any of these infidelities or flirtations.

Can the media get any more pathetic? This all started with a story running in some super market tabloid reporting that Mr. Woods engaged in extra marital affairs with some VIP Club Hostess and then a few days later poor Tiger crashed his car in the weeee hours of the morning. And then from there, speculation swirled, privacy was invaded, all these women are coming out saying they too have had intimate relations with Mr. Woods.

Let me break for a second to send a message to those women -
First of all, your 15 minutes of ‘fame’ are for all the wrong reasons. Not only are you happy to “Kiss and Tell” (when you think it will benefit you), you are telling the world and other possible mates, famous or not, that you do not respect the privacy of the other party. You’re showing the world that you’re quite happy with sleeping with a married man (or just showing your shallowness by only sleeping with a RICH married man thinking you’ll get something from it) .
Second, it does take two to tango. You were just as wrong and just as at fault as Mr. Woods for the consent to any intimate or extra flirtatious relations.

Ok, what was I saying? Oh yes, the media on a rampage. Ever since the accident it’s been non-stop gossip and prying into the life and history of Mr. Woods and he said she said. Last time I checked Tiger Woods was human, he was a man, and he is not perfect. Am I saying this was right or something for his wife to brush off? Definitely not, my husband cheats on me and he’s gone. However, this matter is for the Woods family to deal with PRIVATELY. It is none of our business and it is not helping that we find it necessary or tasteful to print, write, talk, about any of this. Gee, Keleigh, why are you writing about it then? Why? Because I’m not fueling the rumors or the fire, I am simply telling you people to shut up and let the Woods family deal with this in privacy.

Mr. Woods has already lost a lot of respect from a lot of people and I can’t say that he wasn’t asking for it but he already has to face his wife, his children, mother, and his close friends and provide them with answers. Those are the people that he needs to be answering to, not us.

Black Screen of Death

On November 27, 2009 a dingleberry of a security “professional” from a computer security company that will go unnamed because they suck published a report that a Windows 7 security update was causing computers to crash and display the “Black Screen of Death” rendering them “useless” but of course, NO ONE CONTACTED MICROSOFT!

According to Ed Bott, who covered this story thoroughly, the original blog post went unnoticed until November 30, 2009 when it was picked up by the IDG News Service and from there it just spiraled out of control with a plethora of blogs and articles written and published on this supposed Microsoft F-up with no one actually doing any fact checking.

Now, I am by far not a journalist or professional writer, but it seems to me that when publishing something such as a security related article you would want to have the facts. Of course we can have our opinions about things and interpret things differently but this was not that article. With the blame placed directly on Microsoft, and quite blatantly too, the only interpretation of this article was that Microsoft caused this, they are fault for the millions of users who may encounter this “Black Screen of Death”.
And then we have the kicker. After all is said and done, this BSoD is of no error of Windows 7 and the company retracted that information and said…

“Having narrowed down a specific trigger for this condition we’ve done quite a bit of testing and retesting on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

“We apologise to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.”

Not only was that a lame attempt at an apology, I mean, come on, inconvenience? A challenging issue to identify? It wasn’t too challenging for you to quickly blame Microsoft. And what’s with the plug? Use our “free tool to restore…” Why would I want to use a tool from a company who cannot properly diagnose a problem and where it comes from? No thanks!

Filed Under: Daily Musings, FAIL, Opinions, Relationships, Technology Tagged With: , , , , , ,