This Week’s Favorite Links – June 7, 2009

Information Week: Anti-U.S. Hackers Infiltrate Army Servers

We got into the nation’s cyber war capabilities and challenges on the radio last Thursday.  The story about Turkey-based (basted? lol) hackers M0sted infiltrating US Army web servers very much stuck out in my mind.  Not because hacking into a web server is that unique, or even the military element of it.

Most interesting to me was the very common method used to carry out the attack, namely SQL injection.  As described in a comment by InfoWeek user DigitalGrimm on the article linked in our post here:

These ‘hacks’ are easy enough for any person worth their weight to exploit and happen every days to hundreds of web sites. Most likely, judging by the described defacement, these were 90% automated attacks. Furthermore, if the web server is setup correctly (be it Linux, Windows, MAC, BSD, etc) the most the group would have access to is the web site’s database which should have nothing more then information for dynamic content. As I doubt any company would be foolish enough to actually have an externally accessible server to have access to internal only data.

Sorry, but there will be no ‘kudos’ to the ‘hackers’ on this one.

We have seen many sites fall victim to this method of attack, and that an Army-maintained site was vulnerable just emphasizes what another recent Information Week article details quite well: Cybersecurity Review Finds U.S. Networks ‘Not Secure’.

This blog is one of my favorite recent discoveries.  Their tag line is Each week we provide a handful of tips that will save you money, increase your productivity, or simply keep you sane” and it has feel similar to LifeHacker.  With posts like “Mono-Task and Work More Effectively” and “How to: Share iTunes Media With All Your Computers” how can you not like it?

Reuters via the New York Times: Facebook Sells 1.96% Stake for $200 Million

According to the story “the stake, sold to Digital Sky Technologies based in London and Moscow, values the social networking site at $10 billion” which should bother you, even if you love Facebook.

WNYT 13: Computer virus invades Rensselaer County offices

This Week’s Favorite Links – May 29, 2009

Google Wave “Is What Email Would Look Like If It Were Invented Today” (LifeHacker)

One of the reasons I find Google so intriguing as a company is that it very often appears to be driven by ideas over immediate profits.  Google Wave, which was announced today and scheduled to be released later this year, is the newest example of this.  Wave is an real-time, open-source communication and collaboration tool and appears to be aimed at stretching the limits of what can be done within a browser.

Wave generated immediate interest.  ComputerWorld asks if Wave is the “Spork of the Internet” while Mashable calls it a “frothy mix” and offers a complete guide as well as a full description of Wave.  Google’s announcement is avaialble in video form here.

Wave might be the most interesting web tool I’ve seen since Twitter – and yes – I’m aware of how odd a sentence that is.

How to Save Your Keyboard After a Spill (LifeHacker)

As soon as I write that I’ve never spilled liquid all over my keyboard, I am sure to do so.  So for purposes of this post – let’s pretend that I’ve done it.  The LifeHacker post linked here includes a video entitled “Keyboard Surgery” which is hard not to like.

Small Business Blogging Gets a Boost (US News)

‘Nuff said.

BlackBerry Wins 101 Domain Names in Single Case (Domain Name Wire)

One of the domains won by Research in Motion in the arbitration case detailed in this post was – amazingly – “” and one can only hope RIM plans to take this domain completely out of circulation.

Hey – I got on the News!

Sandy Family from the Sanford Financial Group –  who we know from our association with Talk 1300 – invited me to speak at a seminar about how to protect one’s self against identity theft.  The turnout was great – about 80 people came to the Holiday Inn on Wolf Road in Albany.  My last post on ID theft was written as a reference for the event.

My luck was pretty good that night.  In addition to being fortunate to be included on a panel with the Chief of Colonie Police, a high-profile attorney and a staffer from the State Attorney General’s Office – I got on the local news too.

Beth Wurtman from local NBC affiliatt WNYT asked me to taped some remarks in the hallway during the tail end of the event. I took some ribbing at the office too.  As the TV spot identified me as a “computer expert” – our design staff felt compelled to make stickers (see pic).  Everyone at the WSG offices was wearing one of these stickers when I came in the next day.

Here’s the video:

Protect Yourself On-Line by Not Being an Idiot

The Internets are a nasty, foul, disorganized place full of people and systems designed to steal what you have and who you are.  Whenever you are about to do something on-line ask yourself if an idiot would do that thing.  If the answer is yes, do not do that thing.

Every time you lower your defenses you become an easier and easier target.  Never forget that your common sense if one of your best defenses.  Do not suspend your skepticism and common sense when you open up a web browser or read your email. Instead, keep these things in mind:

1. Do not be an idiot.

You are a target, and don’t ever forget that fact.

Just because you can’t write or read HTML, or can’t describe a packet of data doesn’t mean you don’t know enough to protect yourself.  Not to be cruel, but spammers, phishers and scam artists thrive on naive and unguarded users and their behaviors.  A Google search for “Nigerian Prince” brings you this 2002 post on the InformIT blog about the notorious phishing scam where someone posing as a Nigerian Prince asks users to divulge their personal and banking information.  Why do spammers keep sending these spam emails long after the Nigerian Prince’s pleas have become a punch-line?  Simple: Because people keep falling for it.  We call these people idiots.

Ask yourself – do you know a Nigerian Prince?  How about anyone at all from Nigeria?  Do you have the phone numbers of any Princes in your mobile phone?  No.  You don’t.  You also don’t know 97% of the people who send you email, and you likely know none of the senders of emails found in the junk or spam folder of your email inbox.  If you don’t know the email sender’s name on sight, don’t open the email.  If a random box pops up on your machine asking you to enter your credit card number or allow a download you did not request, don’t allow it.

2. Use strong passwords, not ‘password123’ and use fake answers for security questions

A password is intended to restrict access to a given resource, such as your personal or work computer or a password-protected web site.  To keep out everyone who is not you.  How secure are those systems if you select passwords which are easy to remember and easy to crack?

Create random passwords which are highly secure and extremely difficult to crack or guess due to an optional combination of lower and upper case letters, numbers and punctuation symbols.  So, like this:

Bad: password123

Good: c4APa96qu

Good passwords are more difficult to remember.  That’s the point.  One would also do well to change their password every few months or so, and avoid using the same password across the board.  Your bank account login should be different from your email login, which should be different from your login.

Also, when establishing answers to security questions, be careful not to use real information.  Don’t enter your mother’s real maiden name.  Use names and answers to security questions which are not connected to your identity.

3. Keep protection systems current and use them regularly

The protections systems around you include the security suite on your home network as well as everything around it – including your telephone, mailbox and garbage cans.  Here’s a quick rundown of the big things to be aware of in your home.

Bills and other personal documents: Shred what you do not need to save.  Store what you need to save in a private, preferably locked location.

Computer anti-virus and anti-spyware: Keep your subscriptions up to date, and utilize them. Run scans on your machine; keep your software firewall running.  We are often asked which security suite is the best, and we usually give the same boring answer.  Using a free tool the right way is better than using an expensive tool the wrong way.  If you are going to purchase a system, we recommend checking out these reviews first:

PC World: The Best Security Suites for 2009

CNet’s Internet Security and Firewall Reviews

Wi-Fi: Always, always, always have your wireless internet connection encrypted and not open to the public.  This involves usage of an encryption key which is required Each wireless router has a factory default username and password, and will say so in the manual.  Follow the instructions, or seek advice on how to change these credentials.

When discussing the topic of personal security online, I’m reminded of early childhood expert Dr. Benjamin Spock’s advice to new parents.  In the preface of his long, detailed book on caring for young children, he implored parents to trust themselves.  He tells them they know more than they think they do.  The same advice hold true when protecting yourself online.  If something doesn’t make sense to you, don’t risk your personal data to avoid feeling dumb.  You may feel dumb erasing the email which appears to be from your old schoolmate, but not as dumb as if you handed over your wallet and keys to a crook.  When you give in to on-line predators, that is excatly what you are doing.  Stay safe; don’t be an idiot.

NY Times: As Browsers Battle…

NY Times writer Farhad Manjoo wrote a brief review on the four main web browsers, and the re-started browser wars on today’s Circuits page.

He ranks Microsoft’s new Internet Explorer 8, Apple’s Safari, Google’s Chrome and Mozilla’s Firefox – in that order – from worst to first.  His viewpoint on Chrome is one I share, and which has lasting implications for the future of web browsing.

Chrome handles the big things – security, scalability, usability – very well.  The things it doesn’t handle at the moment – plugins and addons – have fixes in the works.  Quoting Manjoo: “Google has just outlined a way for coders to create such plug-ins. If programmers start pumping out add-ons, Chrome could be unbeatable.”

Page 11 of 22« First...910111213...20...Last »