Using Common Sense to Secure your Information

Every day technology helps create efficiency for millions of people. With all of the benefits that technology provides there are also many pitfalls that come with convenience.



Online vendors make it easy for people to purchase goods at reasonable prices when compared to brick and mortar stores. There are many good companies to do business with but there are also a lot of shady vendors run by people trying to make easy money. There are some pretty easy ways to spot these characters.



First off just by viewing a site that looks poorly designed can be a sign of a site that was put together with haste just to be taken back down shortly after a few people are ripped off. Searching for reviews of the company that people have expressed there opinions of the company similar to what eBay has in the form of feedback may help you decide. Also companies that are serious about business will no doubt have thoroughly thought about security.



Do not use sites from SPAM or other illegitimate sources. Phishing sites are a sure fire way to have your identity stolen and you don't want that to happen. Make sure the site uses an SSL certificate in order to encrypt your information, this is a must have. Do not use the same password for your various logins at different sites. Use at least 8 characters if not more and make sure to include some random characters which make cracking a password much more difficult. Know that there are sites that you may login to that may not use SSL certificates so your password may be picked up using a traffic sniffer. Also wireless networks are an easy way to lose information. Be weary of people listening on the wire with traffic sniffers. So do not send important information via email and instant messenger since they are almost always sent in clear text. I have tested this numerous times and you wouldn't believe the information that is sent in plain text. Finally make sure to review you credit at least once a year, you may not even know that you a victim of online or identity theft until it’s already happened.



There are a number of resources online to help you from online fraud. A simple Google search can help you find these resources.

Microsoft Vista and Office 2007 - Initial Review

I recently got my hands on a copy of Microsoft’s latest offering in the form of desktop software, Vista and Office 2007. I have also acquired some new 64 bit Core 2 Duo Dell computers in order to test the new software for deployment though I have also been testing the new offerings on older hardware in order to determine which machines will need to be depreciated in the next year or two.



First I went ahead installed Office 2007 on my Windows XP desktop. As with most Office installs I was able to customize an install file so that I can skip on the license agreements, serial number and all of the other annoying stuff. I’m pretty impressed overall with the office install. The look of Office has been improved to use a ‘ribbon’ interface which is to improve productivity. Many users have already had issues using the “Office Button” which incorporates many of the functions that “file” button previously did. This is a common hang up with major releases from a software vendor; end-users will have to take time to become acclimated with the new functions. A trick feature I just picked up on recently was just hitting the “alt” key will highlight the shortcut’s to all of the current functions on the “ribbon” toolbar.



Vista was next on the list for testing. From the start I figured the install would be large since we had to rip the ISO image to a DVD. We started off with a 1.8 AMD with 512 MB of system memory. I knew running a video card with 64 MB of memory would limit the operating systems’ capability graphics wise but I needed a real world baseline in which Vista could run without aggrevating end-users with slowly responding applications. The install was very simple although I did provide a answer file so I wouldn’t have to bother with serial numbers and whatnot. Once Vista was up and running I was happy with the performance overall for the base install. Next I added a beta version of McAfee antivirus for Vista, Office 2007, and some statistical software such as SAS, Gams, Guass, and Limdep. The machine did slowdown somewhat mainly due to background services and the lack of memory didn’t help things much but this did give me a baseline for which machines would be able to handle Vista performance wise.



Next was the 64 bit Vista install on 2.4 GHz Core 2 Duo chips, 1 gigabyte of memory, and 512 MB of video memory. These machines are amazing, Vista of course allows for the full blown user interface including Aero which provides for some pretty cool eye candy. I was able to load this machine down and it wasn’t phased at all. For a $1000 dollars (not including monitor) these machines are going to be the way to go for user’s that want the full Vista experience.



The final test to make Vista useable was to add it to the domain. I was able to add the machines to the domain without a hiccup. Setting up Outlook with the Exchange server was even easier since it picked up the domain credentials from the currently logged in user. That is where the fun ended. Vista employs User Access Controls (UAC) so the domain policy’s made software installation rather annoying at least. The lab computers were even worse because we log users in as guests so profiles are not stored eating up drive space. Vista applies the group policies to all accounts, even accounts that are not on the domain so the only fix was to move a computer out of the organizational unit (OU) before installing software so the restrictions aren’t there and then moving it back in when done.



In summary I am impressed with Vista (with the right hardware) but have a lot of tooling to do in order to find all of the benefits. I figure a desktop computer with a 2 GHz processor, 512 Mb system memory, and 128 Mb video memory should be the baseline for us.

IE (Internet Explorer) 7 Released

Microsoft's latest and *greatest* browser IE 7 has been released. Several people I know have been running beta versions of the software for some time but I'm not a big fan of running beta software in a production environment.



Upon initial review of the browser it seems like a rip off from the Mozilla Firefox browser that has been out for a while but digging deeper reveals some pretty trick features. Tabbed windows have been added to minimize the number of windows that need to be open on a desktop which is a huge plus for single screen systems (I have three monitors on my computer at work =). A search function has been added but your not stuck with Microsoft/msn's search. From the start you may select a multitude of other search providers including the almighty Google search engine. You may add multiple search providers also allowing you to search from any page which is a nice feature and will eventually allow smaller sites to drop ugly search boxes altogether. Site maintainers such as myself can use opensearch functionality so users may search a site's content from the search bar using google or several other providers but I would imagine it's going to take some time for end users to become accustomed to this new feature.



Microsoft's new browser also allows for adding various syndicated feeds directly to it's browser almost eliminating the need for 3rd party rss readers. Usability features have been added such as auto magnification of text on pages that need it. An anti-phishing feature has been added though I have already shut this sucker off because it was just slightly annoying in my opinion. Other security features have been added but I will leave it up to you if you want to learn more about that kind of geek stuff.

Copyrighted Music & Movies - YouTube, Myspace, etc...

Ever since the Napster rise and fall there has been an on going debate in regards to copyrighted material being shared across networks with peer to peer (P2P) applications and popular social networking websites. I know from my school and work that technology exists that may analyze network traffic and determine what content travels through a connection. The content may be stopped dead in it's tracks if deemed a violation of copyrighted materials. One problem that occurs is what if a student is simply transferring a song or video from home to their email account so they may upload it to their Ipod. Corporations have tons of red tape for it's employees so they may be exempt from many of the free speech debates that arise. University's on the other hand, at least public university's have a large student body to please, and furthermore these students have rights. Also technology can be very expensive if a third party is used to thwart sharing of copyrighted materials.



Another hot topic are the social networking sites such as myspace.com and youtube.com which contains quite a bit of copyrighted material. The content is placed on the sites and shared by the person users but ultimately the site is distributing the music. The music and videos help a lot of newer bands that are just starting gain popularity without spending tons of money on advertising. The same technology that may be used on college and corporate network may also be used on the networks that have web servers that distribute non-copyrighted material in order to find items that shouldn't be shared.



A final interesting note for those who don't pay attention to the news (of any sort), google.com purchased youtube.com. This move for Google is a huge step since they spent 1.85 billion dollars on youTube which is already having issues due to the amount of copyrighted materials that the artists are complaining about.

FaceBook just made stalking that much easier

Now when you login to facebook.com you are instantly greeted with everything you didn't give a damn about. I enjoy logging in to say hey to a friend and whatnot, but now when I do that everyone else gets to see every point and click in facebook. I guess it makes it easier for the weirdo's who cruise around investigating what everyone else is doing lives that much easier. Students are rallying against facebook. One group named "Students against Facebook News Feed (Official Petition to Facebook)" had around 255,000 members.



On a positive note it does make navigation simpler if your looking to just gander of what's going on. I just hope this isn't a move towards the myspace design which is a travesty at best.

Elite programmers compete in CTF at DEFCON

Am I really cool enough to know one of the people in this crew...

Elite programmers compete in CTF at DEFCON by ZDNet's George Ou -- Members of the winning team 1@stPlace after 2 day marathonAt this years CTF (Capture the Flag) competition at DEFCON 2006, elite programmers and security penetration experts duke it out in a grueling two and a half day competition. Out of hundreds of teams that signed up for the competition, only eight qualified for the finals [...]

What is Web 2.0

A article describing the slow migration to what some call Web 2.0

Steve Jobs to 2005 graduates: 'Stay hungry, stay foolish'

An article here has a interesting insight from Steve Jobs.

Drawing from some of the most pivotal points in his life, Steve Jobs, chief executive officer and co-founder of Apple Computer and of Pixar Animation Studios, urged graduates to pursue their dreams and see the opportunities in life's setbacks—including death itself—at the university's 114th Commencement on Sunday in Stanford Stadium.

Botnets that make money, but at who's expense?

The article is locate here.

Witlog claims he doesn't use his botnet for illegal purposes, only "for fun." I found that claim pretty hard to believe given a) the income he could make installing ad-serving software on each computer under his control, combined with b) the risk he is taking of getting caught breaking into so many computers. The kid I wrote about in the Post magazine story on the connection between botnets and spyware was making $6,000 to $10,000 per month installing adware on a botnet half the size of the one Witlog claims to have.

How to Become a Real Computer Geek

lol I came across this article recently, I thought it was pretty amusing:

Now that many so-called "computer geeks" are becoming extremely wealthy, the age of ostracizing the computer savvy is coming to an end. The road to true computer geekdom is long and arduous, but the payoff is worth the trouble.

Steps:
1. Update your computer software and hardware regularly to keep your system state-of-the-art.

2. Purchase and install several superfluous peripherals for your computer, such as a video camera and a CD burner.

3. Establish a separate phone line for Internet use or sign up for a direct connection. This will allow you to be online without interruption around the clock.

4. Attain mastery of a variety of mainstream programming languages, such as C and C++. (Web scripting languages, such as JavaScript, don't count.)

5. Refuse to use "wimpy" graphical operating systems, such as Windows and the Mac OS: Instead, prefer Unix variants, preferably the free and popular Linux.

6. Add so many hacks and patches to your system that others are clueless in its wake.

7. Contribute to GNU or other open-source projects.

8. Establish a minimum of three separate e-mail addresses.

9. Build your own Web page using advanced programming techniques.

10. Subscribe to a variety of computer and computer-related magazines, serials and periodicals to keep up with the latest trends and developments in the computer world.

11. Get involved in other hobbies that tend to be associated with computer geekdom, such as network gaming, trading card games, and anime (Japanese animation).

12. Establish a network of fellow computer geeks with whom you can have long conversations about computers and online adventures that non-computer geeks cannot hope to understand.

Tips:
Many computer geeks build their computers out of separate components rather than buying a preassembled package.

If you're serious about computer geekdom, consider earning a degree in computer science from a major college, university or technical school.

Pod Slurping!

A article on CNET describes how Abe Usher has written an application that can be loaded on a IPOD to steal sensitive information from a corporate network. The process works by scanning the network and grabbing document files such as acrobat and word files.

New phishing techniques to fool online users.

Every day people are becoming aware of the problems posed by online shopping, browsing, and even messaging. The days of email that are obviously spam due to misspelled words and links that contain ip addresses instead of dns names are moving to a new level. The following post describes the process in which an actually SSL certificate was used to trick users into entering confidential information, a tatic previously not used before.

Facebook & MySpace

Facebook.com and myspace.com have become very popular online social sites. With the popularity also comes some draw backs. I found a very interesting article that goes over some of the pros and cons.