so along with 99.9% of facebook users, i HATE the new update, and i hate that they plan on making even more changes soon. the ticker popped up on my profile earlier in the month. i complained about it in a status, and then, quite thankfully, it disappeared. of course it came back earlier this week, along with all the new changes. if you don't have facebook, or haven't been on to see the changes, the ticker is an up-to-the-minute update of EVERYTHING going on on facebook... as it happens... i can see what friends like what as soon as they 'like' it, when they post on anything (even on people that i'm not friends with, due to their privacy settings), and everything else you used to have to do work to be able to see. now, i admit... i've been known to creep around on facebook quite frequently... what can i say, i get bored. but this is taking it to a whole new level. now everyone is expected to creep on everything. i've been meaning to do a post about facebook privacy settings for awhile, and now that everything has changed on there, i'll have to do things a little differently than previously anticipated, and while i would like to just sit here and bash facebook, i won't. i'll make this an actual 'learn something' post, and while i mainly am going to talk about facebook settings, this really applies to every profile/account you have online. and parents, i really suggest going through your children's privacy settings (either with or without them) to ensure they're being safe online, too.
now, lets start with the basic things you need to check out. if you don't know, there are privacy settings on facebook that you should check out. i tend to even check my settings out every couple of weeks, because facebook is constantly adding new settings, and often times, you have to lock your stuff down yourself, rather than facebook just doing it by default and then you having to open your stuff up to the public if you wanted. the latter sounds like the more reasonable option, no? but facebook isn't reasonable, so let's just continue. now granted, with the new updates, it gives you more control from the spot, it also shows who has their stuff locked up, and who has it spread about like glitter after a craft day. to check your overall settings, click on the arrow in the upper right corner of the page, and go to privacy settings. from there you can see the settings you have, and have the option to change them. i highly recommend setting your stuff to friends only, merely because you can't always trust the friends of your friends. i used to have a few things, such as a few certain picture folders and some videos set to "friends of friends" only because i wanted the friends of the people that were in them to see the stuff they were tagged in. i no longer need to do that though, because facebook has enabled an option for me to allow the friends of my friends to see only the tagged photos their in. totally works for me, and means i don't have to mess with as many settings anymore. yay!
you will, however, want to check out the settings for everything else. i shouldn't have to explain how important it is to keep some of your personal information private. and remember, just because facebook gives you the option to insert certain information, it doesn't mean you have to! just say no people... just say no. you don't need to have your home address visible to everyone! not even to all of your friends. do you really want the kid you used to sit next to in second grade or the guy you met at the bar last week to know exactly where you live!? that's a straight shot to getting a stalker right there. same goes for your phone number. if you put your phone number visible to everyone on facebook, or even just to all of your friends, don't go complaining when you get drunk dialed by someone at 3am. you made it public!!! 'but laaaaaaayne. what if my friends need it!? what if they lose their phone, or forget where i live!?!?!!' well here's a simple solution. instead of making it available to all your friends, just pick who you want to be able to see it! this isn't a new feature, and i've used it since i put my phone on there so i could receive text updates. i only share it with people that A) already have it or B) i don't mind having it. if you want to receive your text updates but don't want anyone to see your number, there's an option to just have it visible to only me. that setting applies to anything on your profile. i'll explain how to do that a little later.
so while you're in your privacy settings, i recommend going through each option and making sure it's set to how you want it. you might be surprised by the stuff you've been accidentally sharing with everyone. check every setting! again, i recommend having most, if not all of your stuff set to friends only. i'm not going to walk you through each setting, because i'm sure you smart people can figure things out. i just wanted to point out that it is there and that you can change things!
once you're done checking out your privacy settings, you should check out your account settings. click on the arrow in the upper right corner again, and then click on your account settings. there again, you will be able to see info and settings and change them. what i want you to check out most is the security tab and the facebook ads tab that are located on the left hand side of the screen. in the security tab, i recommend enabling secure browsing. this will make your facebook browsing an https site, which if you remember from an earlier post means the website is secure. your information is encrypted so 'the malicious one's' can't get your info remotely. https=good! now if you use a lot of applications on facebook, this setting will be turned off every time you go to an app and won't be turned back on until you either manually go back and turn it back on once you're done using your app, or it will come back on automatically the next time you log in. if you're like me and don't really use facebook apps, this should be no problem. if you do though, you may want to make it a habit of logging off and then back on when you're done with your apps. if you feel like that's too much of a pain, don't say i didn't warn you!!
the next thing i'd like for you to check out in your account settings is in the facebook ads tab. i like to disable everything in there because i feel like ads don't need to be viewing and sharing my personal stuff. of course, read the info there and decide for yourself.
before you leave the account settings page, give a look over everything and make the necessary changes from there. check all the tabs, and do what you gotta do.
ok.. now the next step is to go to your profile (your actual profile, not your homepage) and click on edit profile in the upper right corner. from there you can see how every bit of your information is shared. the icons on the right side of the page show who that particular piece of information is shared with. to change it, click on the icon and choose how you want to share it. remember, you can make custom lists to share it with only certain people, or not certain people, with certain lists, or not with certain lists or even, just yourself (in the case of address, phone numbers, etc). the choice is yours! you just have to make it and change it! go through all the tabs on the left side. again, i recommend choosing the friends setting for everything. again, it's up to you and i'm only here to inform you, not make you! so choose wisely my friends.
lastly, with the new changes came facebook's way of copying another social network. their new feature of being able to customize each post you share with certain groups on each individual post is a great idea, but too bad it's not their own. every time you post something new, you are given the option to share it with whomever you want, right there before you post it. i keep sounding like a broken record, but i advise you share with friends only, or with your already customized lists according to your post's subject.
now, while i just gave you all this information, i feel the need to point out the *hopefully* obvious. you should be acting as your own personal security screening. remember, you don't have to put everything about you on your profile or in your status. you DO need to be your own filter. just because we're given the option to connect and share everything, doesn't mean you should. privacy shouldn't be dead. chivalry shouldn't be dead. just because our world is changing, doesn't mean we should forget about the old one. you don't need to post every 5 minutes. you don't need to publicly bash someone. you don't need to share personal, and what should be private information. remember who could be reading what you're sharing. just because i don't talk to you, doesn't mean i don't look at what you post. keep in mind that if you decide to make everything public, then don't be surprised when it get's used against you or when info falls into the wrong hands. if you make it public, people will creep! i'll do it, and i won't feel bad because you were warned and should know better. censor yourself both with your settings and with your own personal judgement.
hopefully you already knew all the stuff in this post, and if not, i hope you learned something from it. with each new update facebook makes, be sure to check out your settings and learn how the new features work and what they share. oh, and if you want the original personalized sharing network, join google+ and find me :) only if i actually know you in real life though... cause i don't share with just anyone!
Layneman's Terms
a simple girl making sense of cyber security.... and other ramblings
Thursday, September 29, 2011
Saturday, September 24, 2011
"i'll never let go (dellbert)... i'll never let go"
do you remember what your first family computer was? i can mentally remember ours, but i don't remember the name of it. i think it was a neighbor's old macintosh that we bought off them. the monitor and "tower" were one piece, and it took huge floppy disks. i remember it not being able to do too much, but we thought it was awesome! eventually we got a gateway computer (it sooo came in the cow print boxes) and then at some point during my high school days, my parents bought a dell (yes, my mom and i made the ups guy say "dude, you're getting a dell"). i eventually bought my own dell in '07. when i bought my computer, i made sure i got a good one, and spent the extra money to make sure i'd have something that would last me awhile and be, in general, AWESOME!!!!!!!!!!!!!!!!!!!!! 4 and a half years later, my awesome computer is on the bottom of the mega awesome list. it still functions, it's clean (as in viruses... there is some dust of course), i have enough room to store a bunch of stuff, it has an "A" drive (who uses that anymore?!) but it's not worth anywhere near as much as i paid for it. but, that's how technology rolls. it moves at such a fast pace that soon after you buy something, a newer version will be there to take it's place in a matter of months (sometimes weeks it seems). so while your computer may work fine if technology never moved forward, the truth is, your old stuff just can't handle what the new stuff needs.
a real life example, shall we? remember that computer i said my parents bought back when i was in high school? that is still the computer they use every day. we named it dellbert back when they bought it... now keep in mind, i graduated in 2004.... and they bought it before my senior year.... it came with windows xp which was brand new at the time.... we still had dial up....so needless to say, it's pretty old (for a computer). my parents have been saying for years that it takes forever to boot up and is so slow to run anything. they thought maybe there was a virus on it, or just too much junk that didn't need to be there, so while dan and i were up over christmas last year, he took a look at it. now, just like humans, over time, computers slow down. that's their nature. sure, other things help that along, but computers do tend to naturally "break down". viruses can slow your computer down, so can lack of ram and enough space on your hard drive. after waiting 10 minutes for the computer to be happily logged into windows and ready to "work", dan poked around to see what he could find. the result? nothing. no viruses, not much junk. it's just old. the problem isn't the computer so much, it's just technology has moved so far and updated so much over the last few years that good old dellbert just can't keep up. if they weren't going to hook the computer up to the internet and just use it for word documents and publisher, the computer would probably be fine. they could get rid of the anti virus programs, internet explorer, games, flash players, cookies, history, java, etc.... and just use programs that originally came with the computer. but then how would they keep up with my blog?!? ;) in reality, it's just time to let dellbert go and move onto dellbert IV (my computer is aptly named dellbert jr, and my new laptop is dellbertIII).
think about how far technology has come. when computers were first invented, they took up an entire room! and they didn't have that much power. now we carry around little computers (in the form of our phones and ipods) that are like a thousand times more powerful, yet fit in our pockets! it's insane!!!! even our calculators are more advanced than the technology that got us to the moon!!!!! and on top of being more powerful, you can get more bang for your buck. a 1 gb flash drive (aka thumb drive) cost a lot a few years ago. i read somewhere that one guy paid $85 in 2004 for a 1 gb flash drive. today, you can get an 8gb for like 8.99. under $10!!!! craaazy! newegg sells up to a 128gb flash drive! a few of those and you have more storage than my laptop! see what i mean about more bang for your buck?!
so what's the point of this post you ask? well, to remind you that sometimes you need to upgrade your equipment or replace it altogether. there is no getting around it. as technology continues to advance, basic requirements advance too. in the case of my parents' computer, dan wasn't even able to download a program to be able to run a virus scan due to lack of space and ram. they wouldn't be able to put the windows 7 operating system on their computer, because even if they erased everything off their computer, the basic ram and hard drive wouldn't be able to run windows 7 alone, let alone with any other program loaded on there. even programs like microsoft office requires more room to run than the older versions.
something as simple as opening up a webpage will even slow an older computer down due to all the extra stuff that pops up. think of having a slow internet connection and trying to stream a video online, or open a page with a bunch of ads and pictures and a music player trying to load songs (i always remember myspace giving me trouble loading on a slower connection). a dial-up-like internet connection can't handle all that and it takes forever to load the smallest things. that is what your older computer goes through. so consider letting go and doing an upgrade. as i said in my last post, you can get new ram and memory put into an older computer to upgrade it, but sometimes it's just worth getting an all new setup with new versions of programs and newer operating systems that are better able to keep up with the ever changing advances. i did, and now i have a mega awesome computer again!!
a real life example, shall we? remember that computer i said my parents bought back when i was in high school? that is still the computer they use every day. we named it dellbert back when they bought it... now keep in mind, i graduated in 2004.... and they bought it before my senior year.... it came with windows xp which was brand new at the time.... we still had dial up....so needless to say, it's pretty old (for a computer). my parents have been saying for years that it takes forever to boot up and is so slow to run anything. they thought maybe there was a virus on it, or just too much junk that didn't need to be there, so while dan and i were up over christmas last year, he took a look at it. now, just like humans, over time, computers slow down. that's their nature. sure, other things help that along, but computers do tend to naturally "break down". viruses can slow your computer down, so can lack of ram and enough space on your hard drive. after waiting 10 minutes for the computer to be happily logged into windows and ready to "work", dan poked around to see what he could find. the result? nothing. no viruses, not much junk. it's just old. the problem isn't the computer so much, it's just technology has moved so far and updated so much over the last few years that good old dellbert just can't keep up. if they weren't going to hook the computer up to the internet and just use it for word documents and publisher, the computer would probably be fine. they could get rid of the anti virus programs, internet explorer, games, flash players, cookies, history, java, etc.... and just use programs that originally came with the computer. but then how would they keep up with my blog?!? ;) in reality, it's just time to let dellbert go and move onto dellbert IV (my computer is aptly named dellbert jr, and my new laptop is dellbertIII).
think about how far technology has come. when computers were first invented, they took up an entire room! and they didn't have that much power. now we carry around little computers (in the form of our phones and ipods) that are like a thousand times more powerful, yet fit in our pockets! it's insane!!!! even our calculators are more advanced than the technology that got us to the moon!!!!! and on top of being more powerful, you can get more bang for your buck. a 1 gb flash drive (aka thumb drive) cost a lot a few years ago. i read somewhere that one guy paid $85 in 2004 for a 1 gb flash drive. today, you can get an 8gb for like 8.99. under $10!!!! craaazy! newegg sells up to a 128gb flash drive! a few of those and you have more storage than my laptop! see what i mean about more bang for your buck?!
so what's the point of this post you ask? well, to remind you that sometimes you need to upgrade your equipment or replace it altogether. there is no getting around it. as technology continues to advance, basic requirements advance too. in the case of my parents' computer, dan wasn't even able to download a program to be able to run a virus scan due to lack of space and ram. they wouldn't be able to put the windows 7 operating system on their computer, because even if they erased everything off their computer, the basic ram and hard drive wouldn't be able to run windows 7 alone, let alone with any other program loaded on there. even programs like microsoft office requires more room to run than the older versions.
something as simple as opening up a webpage will even slow an older computer down due to all the extra stuff that pops up. think of having a slow internet connection and trying to stream a video online, or open a page with a bunch of ads and pictures and a music player trying to load songs (i always remember myspace giving me trouble loading on a slower connection). a dial-up-like internet connection can't handle all that and it takes forever to load the smallest things. that is what your older computer goes through. so consider letting go and doing an upgrade. as i said in my last post, you can get new ram and memory put into an older computer to upgrade it, but sometimes it's just worth getting an all new setup with new versions of programs and newer operating systems that are better able to keep up with the ever changing advances. i did, and now i have a mega awesome computer again!!
Saturday, September 10, 2011
you spent how much!?!?
a couple months ago my mom told me my aunt spent $250 to put more ram (the thing that determines how fast and efficient your computer can run by giving it more space to open programs so you can bounce back and forth between tasks quickly) into her computer. it sounded like a steep price to me, but i was blown away when dan told me actual ram costs about $16, and it's not too hard to install yourself. for a little more than $250 she could have practically just bought a new computer that would come with windows 7, and not look like it's from the early 2000's. now granted, messing around inside of a computer is scary, and i wouldn't recommend it if you don't know what you're doing (you can destroy components with static electricity from your body) but maybe someone you know knows how to do that stuff. instead of over paying some "professional" to insert ram for $250, maybe the neighbor kid who builds his own computers would be happy to do it for $20.
ram isn't the only thing that this advice applies to. memory (storage space) is another thing that can be upgraded if needed. you can also switch out the disc drives to upgrade your regular cd burner to a dvd or blue-ray burner, without having to buy a whole new computer! again, you do need to know what you're doing, but the options are out there. dan built his own (really large, powerful, beastly) computer by purchasing his computer components from newegg & tiger direct. if you're in the need for some upgrades and plan on doing them yourself, i recommend checking out those sites.
of course i'm not trying to take away your computer repair guy completely, i'm just trying to save you some money on things you could be saving money on! instead of using him for things that you'd be getting over charged for, save him for the things you REALLY need him for. computer falls off your desk and you can't get it to work but you need to try to recover your data off it? take it to him. get a bunch of nasty viruses you can't get rid of? take it to him. have tried everything but you just can't get it to work? take it to him. just don't waste your money for new ram!
ram isn't the only thing that this advice applies to. memory (storage space) is another thing that can be upgraded if needed. you can also switch out the disc drives to upgrade your regular cd burner to a dvd or blue-ray burner, without having to buy a whole new computer! again, you do need to know what you're doing, but the options are out there. dan built his own (really large, powerful, beastly) computer by purchasing his computer components from newegg & tiger direct. if you're in the need for some upgrades and plan on doing them yourself, i recommend checking out those sites.
of course i'm not trying to take away your computer repair guy completely, i'm just trying to save you some money on things you could be saving money on! instead of using him for things that you'd be getting over charged for, save him for the things you REALLY need him for. computer falls off your desk and you can't get it to work but you need to try to recover your data off it? take it to him. get a bunch of nasty viruses you can't get rid of? take it to him. have tried everything but you just can't get it to work? take it to him. just don't waste your money for new ram!
Monday, June 27, 2011
cracked ya.... like an egg...
alright.. it's been too long, i know.. i had intended to do this weeks ago, but have been sidetracked with other things. then i got on yahoo today and saw a post about my idea, so i figured, now is a good time to get back on track with the blog world.
today's topic...... passwords! we use them all the time, but just because we have one, doesn't mean it is a good one. and really, we SHOULD have more than one password that we use. right? now nod altogether with me, "right".
you'd probably be surprised by how easily many of your passwords can be hacked. there are lists out there that hackers have compiled with the most used passwords. HERE is just one list as an example. if your password is on that list... chaaaaaaange iiiiiiiit! "123456" is not a good password! nor is using "password" or "qwerty"! that's just leaving yourself open to being hacked. why would you go and do that to yourself!? unless you're putting a password on something you don't mind someone getting into, you better get creative and strength up your lockdown. or, if you don't mind someone getting into your bank account and stealing all your money and then continuing on to steal your identity, by all means... go ahead and leave your weak password for the sake of it being easy to remember and type in.
so now is where you say, 'ok layne... i get the scolding... how do i make a good password!?' for starters, make sure it is AT LEAST 8 characters long, though the longer the better. those characters should be comprised of uppercase, lowercase, numbers, and to make it extra secure, throw in some special characters (you know *&^%$#@). the key is variety and non-typical sequences, like capitalizing the 3rd and/or 5th letter in your password, and replacing certain letters with numbers and/or special characters, such as nuMb3r$ (i know that's only 7 characters... you get the idea though).
why is variety important you ask? remember back in high school math classes when you had to figure out how many combinations of a certain sequence you could make? this now applies to your passwords. there are 26 letters in the alphabet. using only lowercase letters for an 8 character password, that gives you 208,827,064,576 combinations of possible sequences. now... add 26 uppercase letters into the mix. that gives you roughly 53,459,728,530,000 sequences! then add in 10 numbers...... 218,340,105,600,000.* ok.. this is getting to be too much math for me*... then add in, lets say, 10 special characters (even though there are more).. 722,204,136,300,000. *head explodes from too much math* see what i mean? and that's with only 8 characters! combining them all with a larger amount of characters gives you a better chance of having an uncrackable password... well... at least a stronger password.
what your password actually is makes a difference too. if you use your kids name and their birthday, you have a good chance of someone guessing that. though the password may be over 8 characters, containing upper and lower case, as well as numbers, that is information that most people can figure out and try by the information they obtain from your facebook. so, your birthday, you spouses birthday, your anniversary, your favorite vacation spot, your mothers maiden name, don't make for good passwords!
guess i should explain how The Malicious Ones go about cracking your passwords in the first place. sometimes they use what is called a dictionary attack, which is actually typing in different passwords they think it could be. there are many lists out there that hackers have compiled of the most used passwords. this is where unique passwords come in handy. a hacker probably isn't going to guess the 2 most random words you could think of that has a mix of upper, lower, numbers and special characters all mixed together and that is 12 characters long. they're probably going to use their list i mentioned above and put all those in first though. or they're going to use information they know about you and try different combinations of that.
another way the TMO's hack is by using their computers to do the work. and trust me, those guys can have some pretty powerful computers. this is called brute force. they use their computers to test combinations, and sometimes, it doesn't take long at all. computers have the ability to try every combination possible in a very short amount of time. sometimes even more than a million a second. for a first hand example, dan was given a computer that was having problems by a co-worker to fix. the co-worker forgot to give dan the password to log into the computer to be able to start solving the problem, so dan decided to test out his skills. once he got everything set, it took his computer 15 seconds to crack the password. now granted, the password was a 7 digit number, but if your password is a 7 digit number, it can happen that fast as well, and his computer was only processing about 500,000 combinations a second.
thirdly, the attacks can be non specific. as many of you probably saw on the news, sony's system was hacked recently. hackers gained log in information and passwords, as well as other account information. in this case, even the strongest password isn't safe. while the hackers weren't specifically after me, they do now have my password. which brings me to my final point.....
now that you know how to make a good password, make at least 5 more. you should not use the same log in passwords for every online account you have. think about it... if someone manages to hack your facebook password, they now have your bank password, and your credit card password, your paypal password, etc. i recommend using as many different passwords as you can remember. if you have trouble remembering them, write them down, and keep them in a safe, private place. it is also recommended that you change your passwords a few times a year.
so.... go on already...go through your passwords and do some updating to them!
today's topic...... passwords! we use them all the time, but just because we have one, doesn't mean it is a good one. and really, we SHOULD have more than one password that we use. right? now nod altogether with me, "right".
you'd probably be surprised by how easily many of your passwords can be hacked. there are lists out there that hackers have compiled with the most used passwords. HERE is just one list as an example. if your password is on that list... chaaaaaaange iiiiiiiit! "123456" is not a good password! nor is using "password" or "qwerty"! that's just leaving yourself open to being hacked. why would you go and do that to yourself!? unless you're putting a password on something you don't mind someone getting into, you better get creative and strength up your lockdown. or, if you don't mind someone getting into your bank account and stealing all your money and then continuing on to steal your identity, by all means... go ahead and leave your weak password for the sake of it being easy to remember and type in.
so now is where you say, 'ok layne... i get the scolding... how do i make a good password!?' for starters, make sure it is AT LEAST 8 characters long, though the longer the better. those characters should be comprised of uppercase, lowercase, numbers, and to make it extra secure, throw in some special characters (you know *&^%$#@). the key is variety and non-typical sequences, like capitalizing the 3rd and/or 5th letter in your password, and replacing certain letters with numbers and/or special characters, such as nuMb3r$ (i know that's only 7 characters... you get the idea though).
why is variety important you ask? remember back in high school math classes when you had to figure out how many combinations of a certain sequence you could make? this now applies to your passwords. there are 26 letters in the alphabet. using only lowercase letters for an 8 character password, that gives you 208,827,064,576 combinations of possible sequences. now... add 26 uppercase letters into the mix. that gives you roughly 53,459,728,530,000 sequences! then add in 10 numbers...... 218,340,105,600,000.* ok.. this is getting to be too much math for me*... then add in, lets say, 10 special characters (even though there are more).. 722,204,136,300,000. *head explodes from too much math* see what i mean? and that's with only 8 characters! combining them all with a larger amount of characters gives you a better chance of having an uncrackable password... well... at least a stronger password.
what your password actually is makes a difference too. if you use your kids name and their birthday, you have a good chance of someone guessing that. though the password may be over 8 characters, containing upper and lower case, as well as numbers, that is information that most people can figure out and try by the information they obtain from your facebook. so, your birthday, you spouses birthday, your anniversary, your favorite vacation spot, your mothers maiden name, don't make for good passwords!
guess i should explain how The Malicious Ones go about cracking your passwords in the first place. sometimes they use what is called a dictionary attack, which is actually typing in different passwords they think it could be. there are many lists out there that hackers have compiled of the most used passwords. this is where unique passwords come in handy. a hacker probably isn't going to guess the 2 most random words you could think of that has a mix of upper, lower, numbers and special characters all mixed together and that is 12 characters long. they're probably going to use their list i mentioned above and put all those in first though. or they're going to use information they know about you and try different combinations of that.
another way the TMO's hack is by using their computers to do the work. and trust me, those guys can have some pretty powerful computers. this is called brute force. they use their computers to test combinations, and sometimes, it doesn't take long at all. computers have the ability to try every combination possible in a very short amount of time. sometimes even more than a million a second. for a first hand example, dan was given a computer that was having problems by a co-worker to fix. the co-worker forgot to give dan the password to log into the computer to be able to start solving the problem, so dan decided to test out his skills. once he got everything set, it took his computer 15 seconds to crack the password. now granted, the password was a 7 digit number, but if your password is a 7 digit number, it can happen that fast as well, and his computer was only processing about 500,000 combinations a second.
thirdly, the attacks can be non specific. as many of you probably saw on the news, sony's system was hacked recently. hackers gained log in information and passwords, as well as other account information. in this case, even the strongest password isn't safe. while the hackers weren't specifically after me, they do now have my password. which brings me to my final point.....
now that you know how to make a good password, make at least 5 more. you should not use the same log in passwords for every online account you have. think about it... if someone manages to hack your facebook password, they now have your bank password, and your credit card password, your paypal password, etc. i recommend using as many different passwords as you can remember. if you have trouble remembering them, write them down, and keep them in a safe, private place. it is also recommended that you change your passwords a few times a year.
so.... go on already...go through your passwords and do some updating to them!
Sunday, May 22, 2011
boo! ahhhh! scareware!!
a few months ago i got a call from my dad, asking if dan could help him with some computer problems. he said a box popped up telling him that his computer was infected with viruses and needed to do a scan. what we had to explain was that he was being tormented by something called "scareware". maybe you've heard of it, maybe it's happened to you. it's another threat to our online experience, but you can educate yourself on it, and learn to not fall for the tricks.
scareware is what it sounds like. something that is supposed to scare you and get you to do something (no, not chainletters, though those are questionable too). in most cases, a box will pop up on your screen, warning you that your computer is infected with viruses. it will say you are infected and you need to run a scan with this antivirus program. it will look all official, and because it's flashing and has lots of !!!!!'s, it scares you into believing it's lies and you fall for the trap. in reality, it was just a harmless pop-up, but once you click on the "ok, please save me" button, it downloads it's junk, and then continues scaring and scamming. your newly downloaded virus will now make your life a living hell.... yes... zombies will be involved.... and we all know that's never good.
you thought you were being a smart surfer and conscientious computer user by following your computer's warnings, but unfortunately, The Malicious Ones are at it again. they scare you into thinking something bad is on your computer, and then ever so kindly offer you a solution. one that costs money. YES! your hard earned money! to clean off the crap they put on there in the first place! but sometimes, they don't even actually clean it off! they just tell you they do, and then months later, you get another pop-up warning you that your computer is infected and the cycle starts again. their trick is to scare you into something that, in all seriousness, is legitimately scary. no one wants viruses on their computer. most of our lives are on the there! pictures, videos, school stuff. so they get you with that. then, in your worried state, they get you again by offering a solution to your problem. "we have this amazing program that will solve all your virus problems! just pay us $$$ and your worries will be gone!" so now they lied to you, and took your money... it's not a very good day, is it? :(
but!! we can prevent this from happening! yaaaaaaaaaaay! i'm here to offer you a solution... and it's free! :) anytime something questionable pops up like that, "x" out of it. there should always be an "x" for you to get the heck outta there that will be safe to click. never, ever ever ever, click on the 'ok'. always "x" in the upper right corner. i sometimes even get freaked out clicking the x, so i'll go so far as to control-alt-delete it instead, and close it from there. closing it out right then and there will prevent many a headache from happening for you! now chances are you had that pop-up, pop up from a compromised website you went to. you should steer clear of that website. the pop-up will continue to happen. as far as it infecting your computer, nothing should actually have happened.. it was just out to scare you. unless you actually clicked "ok", your computer should have a clean bill of health from this attack. always a good idea to run your own antivirus and spyware program though, just to be safe. you do have something protecting your computer, right? make sure it's updated and run a scan of your computer from time to time. it never hurts. i'll post a blog about all of that another time.
also... never trust what you don't know. unless it's your actual antivirus program warning you something is wrong, it could just be a scam. know your programs, and how to use them! TMO's are lurking around everywhere online, so be careful! watch what you click on, educate yourself, and keep your computer clean!
scareware is what it sounds like. something that is supposed to scare you and get you to do something (no, not chainletters, though those are questionable too). in most cases, a box will pop up on your screen, warning you that your computer is infected with viruses. it will say you are infected and you need to run a scan with this antivirus program. it will look all official, and because it's flashing and has lots of !!!!!'s, it scares you into believing it's lies and you fall for the trap. in reality, it was just a harmless pop-up, but once you click on the "ok, please save me" button, it downloads it's junk, and then continues scaring and scamming. your newly downloaded virus will now make your life a living hell.... yes... zombies will be involved.... and we all know that's never good.
you thought you were being a smart surfer and conscientious computer user by following your computer's warnings, but unfortunately, The Malicious Ones are at it again. they scare you into thinking something bad is on your computer, and then ever so kindly offer you a solution. one that costs money. YES! your hard earned money! to clean off the crap they put on there in the first place! but sometimes, they don't even actually clean it off! they just tell you they do, and then months later, you get another pop-up warning you that your computer is infected and the cycle starts again. their trick is to scare you into something that, in all seriousness, is legitimately scary. no one wants viruses on their computer. most of our lives are on the there! pictures, videos, school stuff. so they get you with that. then, in your worried state, they get you again by offering a solution to your problem. "we have this amazing program that will solve all your virus problems! just pay us $$$ and your worries will be gone!" so now they lied to you, and took your money... it's not a very good day, is it? :(
but!! we can prevent this from happening! yaaaaaaaaaaay! i'm here to offer you a solution... and it's free! :) anytime something questionable pops up like that, "x" out of it. there should always be an "x" for you to get the heck outta there that will be safe to click. never, ever ever ever, click on the 'ok'. always "x" in the upper right corner. i sometimes even get freaked out clicking the x, so i'll go so far as to control-alt-delete it instead, and close it from there. closing it out right then and there will prevent many a headache from happening for you! now chances are you had that pop-up, pop up from a compromised website you went to. you should steer clear of that website. the pop-up will continue to happen. as far as it infecting your computer, nothing should actually have happened.. it was just out to scare you. unless you actually clicked "ok", your computer should have a clean bill of health from this attack. always a good idea to run your own antivirus and spyware program though, just to be safe. you do have something protecting your computer, right? make sure it's updated and run a scan of your computer from time to time. it never hurts. i'll post a blog about all of that another time.
also... never trust what you don't know. unless it's your actual antivirus program warning you something is wrong, it could just be a scam. know your programs, and how to use them! TMO's are lurking around everywhere online, so be careful! watch what you click on, educate yourself, and keep your computer clean!
Monday, May 9, 2011
phishing.....not like the good ol days...
it's common knowledge these days that e-mails can contain viruses or other harmful things in them. are you aware that some e-mails are sent as a way to gain personal information about you, such as account numbers, credit card numbers, and other identity threats? e-mail boxes have long been the victim of spam e-mail (i seem to have 50 to 200+ spam e-mails in my junk folder every time i log in), but with the ever growing "phishing" attempts, even e-mails you think look reputable, can be riddled with harm. are you as e-mail smart as you think? below is a link to a test to your ability to identify legitimate e-mails and ones that are fake. my boyfriend was sent this link by his college professor for one of his cyber crime classes. he took it, and though he aced it, he said overlooking little things could have easily made him answer wrong. he then proceeded to have me take it, which i too aced (thank goodness i have such an amazing teacher teaching me about all this!). but how do you do? i encourage you to take it first, and then read on with the rest of my blog. test your basic knowledge first, and then come back and i'll explain! ready set go! -->Phishing Test! <--
soooooo... how'd ya do?...... don't feel bad if you got some, or a lot, wrong. there was someone in his class that got 1/10 correct... majority of his class missed 3.. only one other aced it. and these are people majoring in this stuff!!! so don't feel bad. pick yourself back up and lets put a stop to this, shall we? we must not let these phishers conquer us *fist shake*! here are some tips on how you can become a smarter and safer e-mail user.
first off... i keep saying this word... phishing... what is it you inquire? it is any attempt to steal or trick a person into giving up personal information, usually by e-mail (lets keep in mind, this can be used on websites as well, but i'm going to talk mostly about e-mail for this post). it poses as something legitimate to get you to give up your information to *dun dun dun*... 'the malicious ones'... without you even knowing you gave it up willingly.
the 3 things you should check with every e-mail you should open.
1.) who is it from, and what is the sender's e-mail address
2.) what does the e-mail say
3.) are there attachments and/or links
so lets explain those all in more detail.
1.) who is it from? do you know this person? is it an e-mail you were expecting or is it unsolicited? i tend to have the rule, if i don't know who it is, i don't even bother opening it. it goes straight to the trash folder. but sometimes you're unsure. if it is from a company, they will never use a free email service such as yahoo, hotmail or gmail. so there is your first clue of someone attempting to trick you. if the e-mail is from, say, DiscoverCardSupport@gmail.com, it's soooooo not legit. don't trust it. even your friends' e-mails can become compromised though, and send you malicious things under their name, so you always need to be cautious.
2.) what is the e-mail about? are they saying something is wrong with an account you have? or you need to verify personal information with them? how are they asking you to do this? if it says "click on this link and fill out your info so we can confirm" don't do it! i'll explain more about that in section 3 though. are they asking you to call this 1-800 number of theirs to confirm your info? eh.. double check the number first. check the number on your card or statement to make sure it is the companies real number. are they asking you to do anything at all from this e-mail they sent you? be cautious. if a reputable website does need you to verify something, they will never do it over e-mail. they will tell you to log into their website (which you should type in yourself) and make the necessary changes from there. a reputable company will also have things spelled correctly. if the message is full of typo's, you know "tmo's" are up to no good.
3.) i'll start by saying this... rarely should you trust links in an e-mail. you should get in the habit of not even clicking on them. "tmo's" are very good at hiding evil things in their links. one second you're reading an e-mail warning you there is a problem with your bank account being compromised and that you need to log in to their website following such and such link to sort the matter out, then...... aaaahhhhhhhhhhhhhhh... you've been duped! nothing was actually wrong with your account! they got the information they wanted as you tried to "fix" it! so we need to learn what links are safe, and which ones we should ward off like a non sparkly vampire.
lets talk about secure websites to get our basics. have you noticed that when you log into a website that stores personal information about you, such as banking websites, credit card websites, you cellphone carrier website, etc, that up in the address bar, the link starts with https://? that "s" at the end of the normal http stands for "secure". secured from what you ask? from people viewing your stuff! ok, so that's not a good enough explanation is it, so lets take a little technical detour for a moment. i promise, this won't be dan technical, afterall, this is layneman's terms, so follow me on this. when you enter something, such as log in information into a website, it needs to send that info back to the webserver. during that process, your info takes a journey. now, if you're not using an https website, that info is sent 'as is', unprotected, for "tmo's" to intercept. however, if the website you are using IS an https website, the info you send is encrypted, meaning it scrambles itself so the information can't be viewed, much like the chocolate bar scene from willy wonka. so, https = very good when entering personal information you don't want others to see.
ok, out of technical land, and back to stomping out the bad guys and learning which e-mails to trust.
often times, when phishing e-mails give a link to follow, you won't see that https. so that could be your first clue that you could be looking at a fraudulent e-mail. (though the lack of an https website doesn't necessarily mean the website is bad, but that is for another blog post) but i already said you should make habit of not clicking on links in e-mails, didn't i!? so you weren't going to click it anyway were you? gooood! you should still know the difference from a real link and a malicious one though. now, i want you to try something for me.. scroll back up to the top of the post and put your mouse over top of my "phishing test" link. don't click on it again... just let the pointer hover over top of it. you'll notice, in the bottom left corner of your browser the web address of that link will be displayed there. that is where all your clues are my friends! make sure you check that before you click on annnnything! is the https there if you're supposedly being transferred to a site where you'll need to type in personal information? does the link in the left corner match up with the link they said in the e-mail? even one letter change can mean you're going to a site that can cause harm. are you even going to a site that remotely deals with what the e-mail said? or are you thinking you're going to your bank login, but the link provided is sending you to "www.heheheIJustStoleYourIdentity.com"? be careful of what you click on! using my "phishing test" link again as reference, you'll notice that i could type in what i wanted instead of putting what the link is. i could write anything there! if you didn't check the lower left corner, you wouldn't even know until it was too late! something that says "click here" to review your account info, could really be covering up the fact that they're sending you to "www.mwahhahahaYourIdentityIsMine.com". always check the lower left corner people!
now, this should be common sense, but never EVER ever ever ever, download an attachment from someone you don't know. and unless you were expecting said attachment from someone.. be cautious. i cannot tell you how easy it is for someone to break into your computer remotely if you click on something bad. i've witnessed it myself, (under a controlled setting of course.. for learning purposes only.) but again... that's another blog post for another day.
when in doubt, don't click. companies know scams like this are out there, so they will never ask you to follow a link from an e-mail and enter personal information. always type in the address of the website you know you can trust, and log in from there. don't be lazy people! this is your identity we're talking about!
whew.... that was long, but hopefully informative! any questions, feel free to leave in the comments, as well as your test scores!
soooooo... how'd ya do?...... don't feel bad if you got some, or a lot, wrong. there was someone in his class that got 1/10 correct... majority of his class missed 3.. only one other aced it. and these are people majoring in this stuff!!! so don't feel bad. pick yourself back up and lets put a stop to this, shall we? we must not let these phishers conquer us *fist shake*! here are some tips on how you can become a smarter and safer e-mail user.
first off... i keep saying this word... phishing... what is it you inquire? it is any attempt to steal or trick a person into giving up personal information, usually by e-mail (lets keep in mind, this can be used on websites as well, but i'm going to talk mostly about e-mail for this post). it poses as something legitimate to get you to give up your information to *dun dun dun*... 'the malicious ones'... without you even knowing you gave it up willingly.
the 3 things you should check with every e-mail you should open.
1.) who is it from, and what is the sender's e-mail address
2.) what does the e-mail say
3.) are there attachments and/or links
so lets explain those all in more detail.
1.) who is it from? do you know this person? is it an e-mail you were expecting or is it unsolicited? i tend to have the rule, if i don't know who it is, i don't even bother opening it. it goes straight to the trash folder. but sometimes you're unsure. if it is from a company, they will never use a free email service such as yahoo, hotmail or gmail. so there is your first clue of someone attempting to trick you. if the e-mail is from, say, DiscoverCardSupport@gmail.com, it's soooooo not legit. don't trust it. even your friends' e-mails can become compromised though, and send you malicious things under their name, so you always need to be cautious.
2.) what is the e-mail about? are they saying something is wrong with an account you have? or you need to verify personal information with them? how are they asking you to do this? if it says "click on this link and fill out your info so we can confirm" don't do it! i'll explain more about that in section 3 though. are they asking you to call this 1-800 number of theirs to confirm your info? eh.. double check the number first. check the number on your card or statement to make sure it is the companies real number. are they asking you to do anything at all from this e-mail they sent you? be cautious. if a reputable website does need you to verify something, they will never do it over e-mail. they will tell you to log into their website (which you should type in yourself) and make the necessary changes from there. a reputable company will also have things spelled correctly. if the message is full of typo's, you know "tmo's" are up to no good.
3.) i'll start by saying this... rarely should you trust links in an e-mail. you should get in the habit of not even clicking on them. "tmo's" are very good at hiding evil things in their links. one second you're reading an e-mail warning you there is a problem with your bank account being compromised and that you need to log in to their website following such and such link to sort the matter out, then...... aaaahhhhhhhhhhhhhhh... you've been duped! nothing was actually wrong with your account! they got the information they wanted as you tried to "fix" it! so we need to learn what links are safe, and which ones we should ward off like a non sparkly vampire.
lets talk about secure websites to get our basics. have you noticed that when you log into a website that stores personal information about you, such as banking websites, credit card websites, you cellphone carrier website, etc, that up in the address bar, the link starts with https://? that "s" at the end of the normal http stands for "secure". secured from what you ask? from people viewing your stuff! ok, so that's not a good enough explanation is it, so lets take a little technical detour for a moment. i promise, this won't be dan technical, afterall, this is layneman's terms, so follow me on this. when you enter something, such as log in information into a website, it needs to send that info back to the webserver. during that process, your info takes a journey. now, if you're not using an https website, that info is sent 'as is', unprotected, for "tmo's" to intercept. however, if the website you are using IS an https website, the info you send is encrypted, meaning it scrambles itself so the information can't be viewed, much like the chocolate bar scene from willy wonka. so, https = very good when entering personal information you don't want others to see.
ok, out of technical land, and back to stomping out the bad guys and learning which e-mails to trust.
often times, when phishing e-mails give a link to follow, you won't see that https. so that could be your first clue that you could be looking at a fraudulent e-mail. (though the lack of an https website doesn't necessarily mean the website is bad, but that is for another blog post) but i already said you should make habit of not clicking on links in e-mails, didn't i!? so you weren't going to click it anyway were you? gooood! you should still know the difference from a real link and a malicious one though. now, i want you to try something for me.. scroll back up to the top of the post and put your mouse over top of my "phishing test" link. don't click on it again... just let the pointer hover over top of it. you'll notice, in the bottom left corner of your browser the web address of that link will be displayed there. that is where all your clues are my friends! make sure you check that before you click on annnnything! is the https there if you're supposedly being transferred to a site where you'll need to type in personal information? does the link in the left corner match up with the link they said in the e-mail? even one letter change can mean you're going to a site that can cause harm. are you even going to a site that remotely deals with what the e-mail said? or are you thinking you're going to your bank login, but the link provided is sending you to "www.heheheIJustStoleYourIdentity.com"? be careful of what you click on! using my "phishing test" link again as reference, you'll notice that i could type in what i wanted instead of putting what the link is. i could write anything there! if you didn't check the lower left corner, you wouldn't even know until it was too late! something that says "click here" to review your account info, could really be covering up the fact that they're sending you to "www.mwahhahahaYourIdentityIsMine.com". always check the lower left corner people!
now, this should be common sense, but never EVER ever ever ever, download an attachment from someone you don't know. and unless you were expecting said attachment from someone.. be cautious. i cannot tell you how easy it is for someone to break into your computer remotely if you click on something bad. i've witnessed it myself, (under a controlled setting of course.. for learning purposes only.) but again... that's another blog post for another day.
when in doubt, don't click. companies know scams like this are out there, so they will never ask you to follow a link from an e-mail and enter personal information. always type in the address of the website you know you can trust, and log in from there. don't be lazy people! this is your identity we're talking about!
whew.... that was long, but hopefully informative! any questions, feel free to leave in the comments, as well as your test scores!
Thursday, May 5, 2011
clickjacking madddddddness!
alright... so we all have a facebook account now days, right? it started off as a great way for friends and family to stay connected.. but if your page is like my page, it's getting taken over by JUNK! ok, well, maybe not so much MY page, but my feed is filled with it, and many of my friends have fallen victim to something called "clickjacking". what is clickjacking you ask? it's all those posts about links that sound pretty sketchy. "omg, you will not believe what this girls dad said to her to make her commit suicide!!!!!" "see the official videos of the death of osama bin laden!!!!!" "father walks in on his daughter!!!!" "see what you'll look like in the future!!!" tempting to click on... i know.... but don't! once you do, the link automatically "likes" whatever you clicked on, and then proceeds to post it on your profile...without asking nicely.... BAM! you are the victim of clickjacking!
there are also different ones, that once you click on it, it will do all the stuff i already explained, but then... oooooooh then!!!!! it sends it to everyone on your friends list. so it infects even more people. not good. it makes for several unhappy friends. and probably get you blocked...and no one wants that! the cycle then repeats, because your friends, thinking you sent them this 'awesome' link directly, and wanting to be a good friend and check out what you recommended, click on it themselves, and the spiral of clickjacking continues.
but fear not... there is something you can do!! first off... just be careful what you click on.. not just on facebook, but anywhere on the web. there is so much spamming going around on facebook now, you really need to look at the links before you click on them. is it a link from youtube that allows you to play the video right there in your feed? if so, that's a safe thing to check out. go ahead and watch. is the link going to take you to another website you've never heard of? probably not a good choice to click on. also, be sure to look at what the message your "friend" wrote on the link posted. does it sound like something they'd say? is it spelled correctly? or did some foreign taxi driver from queens probably write it? when in doubt, don't click! simple as that. or, if it's really something that interests you, do a search of it first. make sure you trust the websites you're looking at. anything serious will always be reported on news sites, or yahoo features etc.
if you do happen to fall victim to a malicious website that posts automatically on your page, simply report the post as spam or delete it. to do this, hover your mouse over the upper right corner of the post and a little "x" will pop up. click on that and it will bring up some options. click on the 'report as spam' tab and voila! you've helped report malicious posts on facebook, and it should delete it automatically. if it doesn't, just click on the "x" again and click remove post. it's very important to make sure you take the junk off your page so others don't accidentally fall for the same thing!
so hopefully this little blog can help some of you navigate the scary world of the internet. my goal is to post things that anyone with basic computer skills can follow and learn from or just open your eyes to things. i have several ideas already in mind, but if there is an internet topic that you're curious about, feel free to comment and ask questions! i'll talk it over with my resident computer nerd to get my facts straight, then reply back as best i can! comment as you see fit, for i'd love to get some discussions going! surf smart!
there are also different ones, that once you click on it, it will do all the stuff i already explained, but then... oooooooh then!!!!! it sends it to everyone on your friends list. so it infects even more people. not good. it makes for several unhappy friends. and probably get you blocked...and no one wants that! the cycle then repeats, because your friends, thinking you sent them this 'awesome' link directly, and wanting to be a good friend and check out what you recommended, click on it themselves, and the spiral of clickjacking continues.
but fear not... there is something you can do!! first off... just be careful what you click on.. not just on facebook, but anywhere on the web. there is so much spamming going around on facebook now, you really need to look at the links before you click on them. is it a link from youtube that allows you to play the video right there in your feed? if so, that's a safe thing to check out. go ahead and watch. is the link going to take you to another website you've never heard of? probably not a good choice to click on. also, be sure to look at what the message your "friend" wrote on the link posted. does it sound like something they'd say? is it spelled correctly? or did some foreign taxi driver from queens probably write it? when in doubt, don't click! simple as that. or, if it's really something that interests you, do a search of it first. make sure you trust the websites you're looking at. anything serious will always be reported on news sites, or yahoo features etc.
if you do happen to fall victim to a malicious website that posts automatically on your page, simply report the post as spam or delete it. to do this, hover your mouse over the upper right corner of the post and a little "x" will pop up. click on that and it will bring up some options. click on the 'report as spam' tab and voila! you've helped report malicious posts on facebook, and it should delete it automatically. if it doesn't, just click on the "x" again and click remove post. it's very important to make sure you take the junk off your page so others don't accidentally fall for the same thing!
so hopefully this little blog can help some of you navigate the scary world of the internet. my goal is to post things that anyone with basic computer skills can follow and learn from or just open your eyes to things. i have several ideas already in mind, but if there is an internet topic that you're curious about, feel free to comment and ask questions! i'll talk it over with my resident computer nerd to get my facts straight, then reply back as best i can! comment as you see fit, for i'd love to get some discussions going! surf smart!
Subscribe to:
Posts (Atom)