Help Desk Hints For the Wary
Thursday, October 2, 2014
"Security" software that violates all security principles, being given out by cops
https://www.eff.org/deeplinks/2014/09/computercop-dangerous-internet-safety-software-hundreds-police-agencies
This stuff, if installed, will literally record every single thing you type (and that means passwords and usernames), and send them UNENCRYPTED across the internet to who-knows where.
There are several agencies in many states that are sending this out. Don't fall for it. If somebody offers this to you for free - take it - then BURN THE DISC. Agencies are paying for it, so make them spend their money on nothing.
The software is supposed to protect kids, but it actually endangers them to exposing activities, login information, etc. And, if I were to be an attacker, I could see all this EXTREMELY EASILY with nothing more than a wi-fi enabled laptop.
Here is a link to a list of agencies in many states that have been known to either buy many copies, or even to distribute them.
https://www.eff.org/pages/whos-giving-out-computercop
Friday, December 20, 2013
12/20 - Sending An Encrypted Email Easily (and Free!)
This post will focus on messages and small files, so we will use a freely-available algorithm, called PGP. 'PGP' stands for 'Pretty Good Privacy', and is one of the most widely-adopted and freely distributed forms of encryption. In fact, it is so good that it was once considered illegal to send this algorithm overseas because it's considered a type of weapon. (Source: http://www.cypherspace.org/rsa/legal.html)
So the software I'll use for demonstration purposes is Portable PGP (http://ppgp.sourceforge.net/). Like the algorithm, this software is free, and can be downloaded from the site linked here. It's capable of signing files/messages (for integrity - proving the message hasn't been tampered with in transit), or for encrypting them (for confidentiality - so it can't be ready by unintended parties), or doing both at the same time.
Portable PGP |
Creating a Key Pair |
Encrypted Message |
Signature Verification |
Decrypted Message |
Monday, July 1, 2013
The Damage Caused by Clicking a Link
So our recent security awareness exercise has a lot of people thinking about everything they do on the computer. And rightfully so. Nearly 30% of my company’s users who received the email clicked on the link, and were warned that they had opened a “phishing” site. Now, the email was fake, and not harmless. But there will be cases where a real phishing email will be sent.
Let’s explain what “phishing” is. It’s a type of information-gathering technique, designed to trick people into providing valuable information for seemingly (but not) valid reasons. The techniques range from claiming a breach and that you need to change some part of your profile, or your password, or some such. Other cases may ask for seemingly innocuous information, such as your name, email address, or other data. But a basic phishing attack doesn’t need to implant a virus, Trojan or other evil code. It just gathers information and then goes to work.
So let’s take into account a basic link you click on, similar to the one in last month’s exercise. If an email like this was sent to every possible combination of “companyx.com” email addresses, clicking tells the attacker a lot of information. By clicking on the link, you have confirmed that your email address exists. From there, they know your name – after all, an email address of “jack.rock@companyx.com” makes it easier to guess that my name is “Ryan Cash”. So now, the attacker knows my name, and the company for which I work.
Next, it’s a simple matter of taking that information to LinkedIn. Very few people hide much information on LinkedIn, as a lot of professionals use it as a way to be found by recruiters. So that site shows what I do for CompanyX, my previous jobs, possibly my certifications/education, probably a picture, and at least a general idea where I live.
Scared yet? You should be. Now that they know where I live, what I look like and my name, it’s not a bad jump to go to Facebook, since a huge amount of people are on it. The attacker can look at my pictures, and if my privacy settings aren’t very well done (and routinely audited), a lot of personal information can be seen; information like children’s names, pet names, spouse names. And a HUGE amount of people (including many who are reading this article) use these items as bases for passwords, so they can more easily remember them.
Now, if the attacker has any password cracking tools (they are easy to get, and freely so), they can put this information into the tool to start running millions of guesses a second. With a child’s name of five letters, that’s five letters out of 12 that they don’t have to guess – cutting their work almost in half.
Now, we have protections against this type of password guessing scheme, but we can’t rely on those alone. And even with them in place, there are other things they can do with that same information.
So BEFORE you click on a link, or open an attachment, in an email that just seems “weird”, call the helpdesk and ask about it. If an attack is real, then clicking on a link at all is dangerous, even if you close the browser immediately.
Friday, June 7, 2013
Why I’m Afraid For You
Okay, I just got back from my first day at the Ethical Hacker class. First, let me give you a background from where I come from.
See, my very first formal IT class was for Security+. And, like many other industries, the first class you take tends to color everything you do in that field. As an example, my first martial arts school was Taekwondo, so I tend to use more kicking than, say, a karateka. So when we deal with networking, I tend to think more on how to secure them, rather than implement or fix them.
So, I’m already scared of networks and the Internet. Of course, it’s necessary to use in today’s world as an IT technician, but a certain amount of trepidation accompanies what I do at work. Keep that in mind: a small amount of trepidation.
Today’s class was quick, and spent more on legality of ethical hacking. We spent about 15 minutes of just looking at publicly accessible items, breaking no laws, and not even TOUCHING our target site. With about five minutes, we had:
- The webmaster’s name
- His work phone
- His personal mobile phone
- His direct employer (hint: he does NOT work directly for the company)
- How long he’s been in that position
- What type of server the website is hosted on
- What types of technologies were used in the website (like javascript, Java, active server pages, etc.)
Okay, it took all of about half an hour to show us this. That’s half an hour WITH explanations and questions. That means all this information could be found within less than five minutes – and the attacker would never even be detectable at this stage by the target. And would not have broken any laws at all within that period.
So keep this in mind when the world starts talking about protecting your GMail with two-factor authentication, or when your IT department requires larger and more complex passwords.
Wednesday, May 8, 2013
PC Cleaning Apps, Scams, and speeding up your PC on your own
Here's the article:
http://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/?utm_source=newsletter&utm_medium=email&utm_campaign=080513
So there ya go. Those paid apps are next to worthless, if not outright malicious, and do next to nothing for your computer. I've used CCleaner for years in my PCs, my clients' PCs, and have had no issues. And CCleaner's registry cleaner includes a backup option (which is on, by default), so you can undo any registry deletions you may perform, just in case the system becomes unstable.
Monday, February 25, 2013
What does the signal strength REALLY mean?
So I take a lot of calls on network issues, specifically about laptops connecting to wireless networks.
The common misconception is that signal strength equals speed. While signal strength is, indeed, a factor, it’s not the only factor nor even a major one. Signal strength is an indicator of one items – strength from your laptop/mobile device/PC/macbook to your wireless router. That’s it. Not to the internet, not to your work website, not to Google, not to ticketmaster.com, nothing.
You see, when you connect to the Internet, you’re not connecting directly to the website. You connect to your router, which connect to your modem, which connects to a backbone line, which connects to another (very high powered) router, which connects to another one, and another one, and then maybe your intended site/server. Each “hop” of this transmission takes time to jump from each step to the next, and then any information coming back takes a similar path to come back
Huh?
That means your computer sends a request to a website or other server, then that server sends back the information you requested (web page, file download, video feed, etc.). So each connection is a two-way street, encompassing at least five different sub-connections, all taking their sweet time.
So what does this have to do with signal strength, JR?
Not much, and that’s the point.
As I said above, signal strength is what people use as an argument for “my internet connection should be blazing fast”. They think that since they have four or five bars, they should have instant connection to anywhere in the world, and that’s simply not true.
It only means you have a strong (not necessarily fast) connection to your router. After that, the signal strength means nothing.
So what does it means if I have very LOW signal strength?
As I mentioned, signal strength CAN impact your speed, but not in the way you want. If you have a poor connection, indicated by a low signal strength, you can get a very low speed, as the network and your laptop have to compensate for data packets missing, etc.
Okay, so signal strength is important, to a degree. How do I improve strength if I have a low signal?
Well, understand that wi-fi, or wireless networking, is still a radio signal. Have you ever driven your car into a long roadway tunnel, and your radio started getting fuzzy, or just outright not playing at all? That’s called EMI, or “Electromagnetic Interference”. In layman’s terms: stuff that gets in the way of your radio signal.
The same thing happens to wi-fi signals. But because the broadcast strength is MUCH lower than a radio station’s, it’s easier to disrupt wi-fi. That means the metal in your walls, the wires running through them, the concrete foundation, nearby electrical appliances (TV, anyone?) can all have an impact on your router’s wireless transmissions.
So keep your wireless router away from appliances, and out of the basement. If you need wireless on more than one floor, there are ways to use TWO wireless routers or access points (APs) to cover more area.
So, what can I do if I have great signal strength, but have very slow internet?
First off, determine if it’s ALL sites that are slow, or just one or two. If the latter, it’s probably something to do with an internet backbone router, or the website’s server. In all of these cases, there’s precious little you can do about it. The items you need to troubleshoot are not in your control, and may not be in the control of the website’s owner. You can call them to see if they have issues, but if they find nothing problematic on their end, chances are you’ll have to wait until the Internet fixes itself (which it does have this ability to do).
If it’s ALL websites that are problematic, then call your ISP (Internet Service Provider). They can check for signal to your building, see if an outage is going on, etc. They can guide you through some troubleshooting, or send a tech out if it’s necessary.
Conclusion
There’s a lot that is affected by wireless signal strength, but it’s not the end-all-be-all of network speed. I’ll cover troubleshooting connection speeds in another post, so stay tuned!
Wednesday, December 19, 2012
What is "Two Factor Authentication"?
So what is a "factor"?
- Something you know (username, password, passphrase, PIN, secret code)
- Something you have (decoder ring, security "dongle", smartphone, security badge, etc.)
- Something you are (fingerprint, retinal scan, dna scan)
So, my username and password - that's two-factor, right?
So how do I use this newfangled two-factor authentimication?
Monday, December 17, 2012
Why all the big hubub about passwords?
Okay, so that's Social Engineering. What about the title of this post (Passwords)?
What makes a strong password?
- Upper case letters (A-Z)
- Lower case letters (a-z)
- Numbers (0-9)
- Special Characters (@, #, !, &, *, and so on...)
What other items should I avoid when making a password?
- Password4
- Password9
- Password99
- P@ssword1
- <usersname>1
- <companysname>1
- <dogsname>1
- Poiuytrewq1
- pl,okmijn
Okay, so what can we do to get a strong, but memorable password?
So if I choose a nonsense phrase as my password (er...sorry, passphrase), why do I need to change it periodically?
But with that huge 25-GPU machine you mentioned earlier, doesn't that make all this pointless?
Tuesday, December 11, 2012
How To Ask For Help From Techies...
...and nearly any other group of experts on a particularly involved topic.
NOTE: I tried to do a TL;DR version, but with the commentary, it was almost as long as the original article. I STRONGLY suggest you read the entire article linked.
(Note: reposted here in accordance with author's policy)
Monday, December 10, 2012
Beginner Monday–More Terminology
So there’s a lot of users in the workforce that confuse terminology, and inadvertently say the wrong thing to their IT support. This post is about correcting some of those misperceptions. That way, when you talk with your Tech Support, you can say the right things (hopefully) and get them on the right path. Because if you say server, and you mean wi-fi, you can send your tech support down the wrong path (and thus take a lot longer to fix your issue).
1. Network – This is any setup that allows one computer to talk with another. Any method that allows two computers to interact is a network. There are a lot of types of network, but there are two categories that most users care about: wired (or LAN), and wireless (or WI-FI). More on these terms later.
2. Server – This refers to an actual machine type, called a server. It has a special operating system. There are three versions, Windows Server, Linux Server (which has several sub-versions, called distros), and Unix Server. Some applications are accessed on a server. Some network items are done from servers – such as your account and relevant password, anything done by Citrix, emails, websites, and much more.
3. LAN/Wired network – This is when you plug a network cable into your laptop/desktop/netbook. It uses a special type of cable, the most prolific of which is known as an “ethernet” cable, or RJ-45. It looks like a phone plug, but larger.
4. Wireless/Wi-fi – This is a huge up-and-coming technology. Like anything else in computers, there are several types. But for simplicity’s sake, we’ll leave it in general terms, and just call it “wireless”. There’s been some misconception about wireless – it only refers to networking, nothing else. For some reason, a lot of people think that it refers to wireless power (thus no need for a charging cable), which is absurd.
Wireless networking requires two items: a wireless router or wireless access point, and a wireless-capable device. The device is usually a tablet, cell phone or laptop. The “wireless” is only between these two items. Some confusion is people thinking the router didn’t need to be plugged into the wall. There still need to be power and network cables between the router/AP and the wall; just not between the router/AP and the laptop/device.
The general range of wireless is a couple of hundred feet if you’re really crazy lucky. House walls and lots of power lines and metal construction can interfere with signal. Most of the time is pushing it after 50 feet in real-world conditions.
5. Bluetooth – this is a type of wireless that requires a special mention here. It’s a type of radio signal (similar to your car radio), but with a very short range; about 35 feet. It has to be “paired” with devices, so the bluetooth-capable device has to have a passcode to connect. The most common use of bluetooth technology is between a cell phone and headphones. Though, it can be used between a computer and other devices: printers, speakers, docking stations, keyboards, mice, and even between a computer and a cell phone or another computer.
6. Internet – This is the network of all networks. It is a network of networks. Connecting to anything beyond your own building/house/structure is almost certainly going to the Internet before it gets to the destination. The Internet carries the signal from computer to websites or other buildings/cities/countries.
7. Intranet – This is an internal network, meaning it’s only accessible if you’re connected to the same network as the other device (the internet doesn’t count, as it’s not one network, it’s millions of networks). Some portions of a company’s network can only be asked if you’re on the same network; some websites, email, etc. If your intranet is not available, that doesn’t necessarily mean that your internet is down. The reverse is also the case; just because the internet is down, doesn’t mean your intranet is not working. If both are not working, then it’s a local network issue, or a problem with your PC not connecting.