Somebody’s Watching Me

Somebody’s Watching Me

If you listen to the 80s station on Sirius/XM, you’re undoubtedly getting tired of Rockwell’s sole hit, Somebody’s Watching Me.  Since Al Gore was still working out the kinks of the internet, I imagine that Rockwell was not singing about online security. Instead, he was probably more worried about paying off Michael Jackson for backup vocals on the song’s chorus, since there were no other hits on his debut album. 

On a completely different note, I recently attended a very informative presentation on social media in which the speaker discussed the risks and rewards of social media.  Since the audience consisted of parents of middle- and high school students, he focused on the risks facing children and teens and how to keep them safe online.

I walked away comforted that everyone in the room knew a little more about online risks and were better prepared to watch over their kids as they navigated the world of social media. However, I couldn’t help wondering who might be watching over the parents and their technology.  In other words, are folks taking appropriate precautions to protect their computers and networks?  So, I compiled a quick and dirty list of a few things you can do to stay safe on the world wide web.  Rather than going into detail on how to configure all of these options, I have tried to keep it brief. Feel free to post follow-up questions if you need further guidance. Look for follow-up articles in the future that address some of these options.

Secure your wireless network:

Without a secure wireless network, anyone within shouting distance of your house can access the internet using your connection to download whatever they want on *your* network IP address.  Further, with the right tools (which are widely available on the internet) they can “listen” in on your connection, and may even be able to access files on your computer(s).

Securing your wireless network is much easier than it used to be. Where it once required careful review of the Owners Manual, newer wireless routers can have you surfing securely with the push of a button. Always select the highest security offered by your router.  WEP can be quickly cracked by a determined intruder, so use WPA or WPA2 if your wireless router supports it.

Avoid Using Public Computers to Login to Your Secure Accounts:

Sure, we’ve all been in a pinch before and logged into email on a public computer. However, that was before I knew what I know now. There’s absolutely no way to tell if a public computer is infected with malware, has keyloggers installed or other methods which can steal your credentials.  Malware can grab user names & passwords and beam your information to the mother ship.  Likewise, keyloggers can track every keystroke you make and report back to a hacker. Thus, browse online news and weather on the hotel’s business center computer.  Save online shopping, banking, and even email until you get back to a safe connection.

Use Antivirus Software and Keep it Updated

This one is a no-brainer. If you have not been affected by viruses/malware in the past, you will eventually.  Fortunately, you don’t have to pull out your wallet to stay safe, as discussed in my post on free antivirus options. Use one of the packages that I recommend or choose one you like by reviewing AV-Test’s ratings.

Online Banking, Shopping and Secure Sites:

Ever notice how your address bar turns green, shows a padlock and/or the address changes from http:// to https:// when you login to your bank or shopping site?  This assures you that your connection is encrypted, that the identity of the website has been verified by a third party and that it’s safe to send sensitive information such as your username, password and credit card information over the internet.  In fact, if you click on the green portion in the address bar or the padlock, you will see that the website’s identity has been verified by VeriSign, Thawte or another certificate authority (“CA”).  So while it seems like you’re just connecting to a remote website, there’s actually a lot of stuff going on in the background to verify to your browser that the website is authentic, that your transmissions across the internet are encrypted and that it’s safe to do business.

But what if you attempt to log into a shopping or banking site that should be secure and it is not, in fact, safe?  If you don’t get the https://, the green bar/padlock or you receive warnings that the site’s certificate has problems, check the address that you typed.  If it’s correct, get out and try again later. It may be a temporary glitch with the site’s certificate or the CA.  It’s not worth compromising your security and identity to buy ABBA’s Greatest Hits on an unsafe connection.

Be Careful Using Public Wireless Networks

Free wireless offered by coffee shops and other retailers helps offset Starbucks’ exorbitant coffee prices, but be cautious with your browsing on public networks. This may seem a bit paranoid, but I never do online banking or shopping on a public wireless network, even from my own laptop. Yeah, I know that the connection to the bank or Amazon is encrypted, but I have no control over the coffee shop’s wireless security so I would rather be safe than sorry.

The kid in the corner booth with the AlienWare laptop may be listening in on your connection using a packet sniffer, which is freely available on the internet. Further, if your firewall is turned off, you have shared folders turned on, or your operating system has not been patched, a determined hacker can easily access the files on your PC.

Windows 7 and Vista both make it easier to stay safe on public networks than XP. When you connect to a new wireless network, the Set Network Location provides 3 choices of network location types:  Home, Work and Public.  Always choose Public when out and about.  This sets your firewall at its highest security settings, turns off Network Discovery and file sharing options, providing higher security when on a public network.  

As a follow-up, make sure your mail connection is encrypted (see https:// discussion above).  Many webmail systems are not encrypted by default, but offer this option.  If your email provider offers secure browser connections (thanks, Gmail!) always turn it on.  If you trust the network you’re using, it may be safe to disable.

Windows Updates:

This one is extremely important and super easy to do.  Probably 75% of the computers I sit down with have pending security updates for Windows, Adobe, Java, etc.  Hackers are constantly identifying and exploiting security vulnerabilities in a variety of popular applications. In some cases, they are able to exploit these holes and take control of your computer.  Make sure that Windows Update is enabled and that you’re applying the critical and important updates on a regular basis.  Also, be sure to apply updates to other programs that notify you in the system tray.  Adobe and Java have been particularly susceptible to security issues over the last few years, so make sure you’re keeping the patches applied.

Use Strong Passwords

This one warrants its own post, so take a look at my discussion on passwords.

Other Stuff:

There are plenty of other precautions you can take to stay safe, such as demoting your user account to Standard instead of Administrator, avoiding suspicious links in emails and Facebook, and periodically backing up your data.  However, all this talk about security is making me hungry.  Think I’ll grab a double latte and a scone.  Can someone watch my laptop while I wash up?

Stay safe out there!

 

Browser Wars Heat Up

Which browser should you use? Over the last several years, the field has become increasingly crowded, giving users a variety of choices.  Ten years ago, the answer was simple:  With a few exceptions, everyone used Internet Exploder (IE). In fact, according to WikiPedia, IE commanded 95% of the market share as recently as 2003. Since then, a variety of new players have entered the market:  Mozilla Firefox, Google Chrome, Apple Safari and Opera are the most popular alternatives to IE.

Firefox entered the scene in late 2004. Many users, fed up with IE’s performance and security issues, jumped on the Firefox bandwagon, driving its market share as high as 31% in 2010.  In fact, IBM asked all 400,000 employees to switch to Firefox as their default browser in 2010.

Google entered the fray with its Chrome browser four years later in 2008. Citing faster performance, better security and tabs that run independently, Chrome has rapidly gobbled up market share from IE and Firefox.

Safari, the default browser on Apple devices, holds fourth place in market share.

Market Share

Several organizations track market share, and the fine details differ from firm to firm.  For trends and updated metrics, take a look at NetMarketshare.

Firefox

IE has gotten hammered over the last few years, sliding from 68% of the market in 2008 to 49% in February, 2012. Firefox, which had a lock on the #2 spot, with 31% in 2010, is now going toe-to-toe with Chrome. The most recent report from NetMarketShare has Chrome jumping from 12% in April, 2011 to 17.5% in February, 2012 while Firefox slid from 22% to just over 19% during the same time period.

The Best

So which browser is best?  It depends on whom you ask.  They’re all freely downloadable on the internet, so cost is not an issue.  Factors to consider when evaluating a new browser include:

Performance – how fast do websites load?  This measure is heavily affected by the sites you’re browsing, your hardware, operating system, etc.  Speed is constantly assessed by many companies and rankings vary from shop to shop.

  1. Security – which browser keeps your information safe when shopping/banking online?  And which browsers protect you against malware?  A variety of features are available in each browser, including sandboxing, instant updates/patches, pop-up blockers, and private browsing.
  2. Add-ons are features that improve your web-browsing experience. Currently, Firefox boasts the most generous library of add-ons. While add-ons can customize your web browsing and make your browser far more useful, they can also slow down your browser’s performance.
  3. Stability – how often does the browser lock up or crash?  Chrome’s tabs all run independently. Thus, if a web page locks up, a plug-in crashes, or the tab otherwise becomes unresponsive, that tab can be closed without affecting your other tabs. Some browsers must be restarted when a single tab crashes.
  4. Ease of use – this one comes down to personal preference.  You should download 2 or 3 browsers and try each one for a few days to determine which one suits you best.  Most browsers have hidden toolbars and menus to maximize your viewing area. This is extremely helpful on small monitors.
  5. Other features include the ability to sync bookmarks with other computers, custom themes, RSS reader, etc.

The answers to many of these questions are available online.  PC World recently evaluated six browsers and crowned Chrome as the best overall in their April, 2012 issue. This, of course, can change over night with a new release from a competitor.

My personal favorite for the last few years has been Chrome.  I use Firefox on occasion, especially on my Linux computer.  When I run Firefox in Windows, it takes forever to open and crashes a lot, even when using the most recent version.  I use IE primarily when running Windows Update (since Microsoft doesn’t play well with others) and when I’m using someone else’s machine that has not seen the light.  Even Microsoft admits that IE (used to) stink(s) in this newly created Microsoft website.  I have used Safari on the rare occasion that I hop on my daughter’s school-issued MacBook, but have found no compelling reason to load it on my Windows machines.

I find that Chrome runs fast… really fast.  A good way to eek out even more speed from your web browser is to optimize your DNS settings, using NameBench.  Chrome is also more stable than the others, in my opinion.  On the rare occasion that a tab locks up or crashes, you can close the offending tab and preserve all other sessions.  Other cool features include ‘Pinned tabs’ and the ability to re-open the same tabs you were viewing in your last session.  For example, if you always have a half dozen web pages open on different tabs, you can set those to reopen every time you restart your computer and run Chrome.  I also like the fact that there’s no separate web search box, as in IE and Firefox.  Searches are entered in the address bar.  Further, the address bar turns green when you navigate to secure websites, assuring you that it’s safe to transmit sensitive information such as passwords and credit card data.

But this is just my opinion.  For another opinion, check out PC World’s assessment in their April, 2012 issue.  Alternatively, if you’re more enterprising and have a lot of time on your hands, run your own tests and let us know the results.

What’s the Password?

http://www.guitarplayerscenter.com/uncategorized/i-call-it-stealing/comment-page-1/#comment-213240

Used with permission: DANIEL R. LEHRMAN at www.guitarplayerscenter.com

I recently got a call from a friend whose Yahoo email account had been hacked.  He had just fielded several calls from friends, family and business associates that had received solicitations from him for Viagra and a variety of other goodies.  When we looked at the email account, his login history revealed that the account had been accessed from all over the world over the course of a few days. Somehow, his Yahoo mail password was compromised and someone or some ‘bot’ had logged into his account, taken indecent liberties with his address book and offered a variety of, err, “performance” enhancements to everyone he knew. We never determined when or how his password was compromised, but it was a frightening look at the importance of spending a little more brainpower to protect online accounts.

Security professionals recommend using different passwords for every site/application. You should also make a habit of changing your passwords periodically – best practices suggest every 40 days. Finally, make sure you’re creating strong passwords, especially for online accounts. I realize that you currently have a pile of passwords for various sites and there’s just no way that the name of your dearly beloved Fluffy will stop safeguarding your online banking, Amazon and Gmail accounts. If you read Paul Gilster’s article below and see some of the organizations, including the Department of Defense,  that have been hacked, you’ll want someone closer to Cujo protecting your sensitive data.

Here are some guidelines for creating strong passwords:

  1. Do not use your name, your user name, family names or familiar numbers, like your birthdate or home address.
  2. Avoid dictionary words.
  3. Use a passphrase instead of a password.
  4. Passwords should be at least 8 characters long.
  5. Employ characters from at least 3 of the 4 following groups:
    1. Uppercase letters;
    2. Lowercase letters;
    3. Numbers;
    4. Symbols;

While there’s no way to provide absolute protection over your account, employing these guidelines can certainly put up a few roadblocks.

I’m always surprised by the number of people that use simple ones like password123 or johnsmith. Even substituting numbers and symbols in dictionary words, such as Pa$$word is easily cracked. Simple passwords can be easily defeated by web bots and determined hackers.  In fact, there are widely available free tools on the web that will crack the login password on your computer.

If your brain cannot handle any more passwords or you’re constantly losing your password napkin, there are a variety of secure solutions, including KeePass.  Take a look at Paul Gilster’s 2011 article on this application. This is certainly not the only password manager available. LifeHacker recently reviewed 5 password managers in case you want other options.

If you need help evaluating the complexity of your password(s), plug it in at HowSecureIsMyPassword.net. This site evaluates your password strength by telling how long it would take a desktop PC to crack it. I evaluated one of my favorites on this site and it projected 423 million years to crack.  I think I can live with that!

Passwords are everywhere today, seemingly guarding every aspect of our lives. It’s time to give passwords a little more respect and thought.  Otherwise, you’ll spend a week on the phone with your bank and online retailers cleaning up a big mess that could’ve been easily avoided.

Stay safe out there!