After all my warnings about scareware, Google comes along with a warning on its search results pages that many of you might believe is scareware, but it’s not – it’s real.
Google Malware Warning
According to Google’s Online Security Blog
This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.
This malware is actually a result of scareware, or fake anti-virus software that infects computers. And, Google admits, there may be a whole new slew of fake scareware ads that look like the Google warning. A valid Google warning will only be seen at the top of a search results page.
So, if you see this warning it’s time to run an AV scan. You do have anti-virus installed, right? And it’s up-to-date, right? If not, Google will even help you at their Help Center..
————————
HOSB RSS Feed
Who reads the fine print? Everybody, right? Sure. Like you read the EULA for every piece of software you install or the terms of service on every web site you visit.
But, others on the web are looking out for you by spending time actually reading those legal contracts which you are inadvertently agreeing to.
I just came across a post that compares the Terms of Service of 7 different cloud services. The blurb that got my attention is something like the following
a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services
That’s in Google’s version, the post (7 cloud services compared: How much control do you give up?) compare’s seven cloud services and in my humble opinion (I’m not a lawyer) Amazon Web Services (which I use) and SugarSynch (which I don’t) have the most favorable (to you) terms of service.
Most large companies have lawyers on staff who write this stuff and who, in the best interests of the company that pays their paycheck, try to make it as legally broad as possible.
Of course, in the U.S. with its Patriot Act, the government can demand access to all your files online, without a warrant, and the company storing your files not only can’t ask your permission, they can’t even tell you what the government is doing with your private property. But that’s a story for another day…
In the meantime, it’s still your responsibility to read the fine print..
————————
HOSB RSS Feed
Long, random passwords are even more vital in today’s world of cheap GPU’s (Graphics Processing Unit).
There has been brute force password-cracking software out there for years but now, combined with a GPU rather than a CPU, the cracking time has shrunk incredibly.
In a recent post from Vijay’s Tech Encounters (GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card) Vijay compared cracking passwords with a GPU and CPU.
For example, a five character random password takes a CPU 24 seconds to crack. A GPU takes less than a second. An 8 character password that would take a CPU almost a year to crack takes a GPU 18 hours and 30 minutes. 9 characters is 43 years vs. 48 days, although adding symbols to the mix increases the time.
Since GPU’s are built for math heavy processes like rendering graphics they are much better suited to cracking passwords.
Do you need to worry?
First of all, there are methods to prevent password cracking at the front door (login) of a web site, things like timeouts after 3 guesses, etc. Plus, network speeds are not fast enough to allow a billion guesses per second.
But, what if your password is stolen from a company’s database? Passwords are encrypted and stored as “hashes”, and that’s where password cracking software comes in.
According to privacyrights.org, over 500 million records have been breached since 2005.
So, what do you do?
Use a password manager. Most integrate with your browser so all you need to remember is one master password. They can automatically generate passwords for you. Set yours up to have at least 10 characters, including symbols, and use a different password for each different website.
Use a secure link (https) whenever possible, especially when on the road using a wi-fi connection.
Technology is improving with the use of two-factor authentication, like using a token communicated on a sideband (e.g. SMS message or phone call), tokens generated with a crypto keyfob, or using smartcards for PKI signing.
According to Moore’s Law, password cracking using a GPU will take half the time every two years. It pays to stay ahead of the game..
————————
HOSB RSS Feed
Your cell phone may have a legitimate reason to give our your whereabouts via GPS (think 911 service, which will soon be able to pinpoint your location), but how about listening to you – all the time!
As always, technology is a two-edged sword. I remember when there was a big todo about the FBI listening in on conversations through the GM OnStar system. GM and other car technology companies can listen in on your conversations and even bring your car to a stop and shut it off.
This may be great for emergencies or carjackings, but who’s on the other end of this technology?
Then there was the idea of implanting RFID chips in humans to limit/allow access to secure areas or computers. My reaction was “Are you nuts?” Most kids under 25 were saying “You mean I don’t have to log into my computer anymore? Cool!”
Leo LaPorte brought up the subject of apps turning on your cell phone’s microphone – without your knowledge – and listening to your ‘environment’ in an early April podcast of his twit.tv show (about 10 minutes into it).
Mike Elgan of Computerworld took it a step further by listing the apps that turn on your cell phones microphone by sarcastically saying “It’s not a bug, it’s a feature!” Continue reading .
————————
HOSB RSS Feed
Not ready to move your whole small business into the cloud? Well, neither am I.
But, I find myself starting to use little, cloud-based applications that make conducting business easier instead of harder.
For example, I’m testing out a new password manager called LastPass. Instead of keeping all my passwords in a desktop solution that requires me to copy and paste them into my browser, LastPass keeps an encrypted password manager in the cloud. You can access it from any browser on any computer for free and they have a premium service that includes smartphones.
Plus, they just recently acquired Xmarks which does the same thing for bookmarks, synchronizing them across browsers, computers and (again, for a small price) smartphones.
I’m already using Amazon S3 to stream video and I’m exploring Google Apps.
For those of you with limited personal or business data you should explore using the web for offsite backups.
For years I’ve had everything on one desktop computer that I control. Now, as things are starting to get spread out over different browsers and computers I am finding it easier to use the web to synchronize my data.
So, while you don’t have to dive right in, it’s worth sticking your to into the water and see what cloud can do for your business..
————————
HOSB RSS Feed
Security is only as good as the password protecting it and from a recent evaluation of 32 million breached passwords it appears that security is still lacking 50% of the time. It’s like securing a barn door with a stick through the hasp instead of a lock.
Researchers at Imperva analyzed millions of passwords that were hacked from rockyou.com and published in a database on the web. The results?
Source: Imperva.com
Using the same password for multiple logins is also a security breach. If one password is hacked it opens up all your logins.
So, what do you do? Use a password manager.
Using the ‘remember my passwords’ option in your browser is NOT secure, especially in Internet Explorer. Firefox gives you the option of using a master password which makes it a little more secure.
Instead of trying to remember complex passwords there are several software solutions where you only have to remember one password and they do all the rest. Most will even fill in online forms for you. They’ll also generate strong passwords – since you don’t have to try and remember them, you’ll be that much more secure.
One of the most popular browser-based programs is called RoboForm. While it has a free version it’s only limited to 10 logins. The Pro version is only $9.95 and can be used on multiple computers.
Another browser-based option is LastPass (free for computers, premium for smartphones)
If you want a non-browser based password protector, we’ve used the free Password Corral for years to store not only browser passwords, but software keys, combinations for locks and safes and anything else we want to keep encrypted or you can try KeePass, the free and open source password manager.
So there’s no longer any excuse for using simple passwords in this age of increasing identity theft, is there?.
————————
HOSB RSS Feed
Recommended
