It’s not a matter of if, but when (Part II)

As promised, here is the second part of the post the other day. A disclaimer, these are only services and resources I’ve used in the past and found useful or appropriate for the situation at that time. I’ve noted the ones that I’m using currently and why I’m still using them despite more well known products or resources being available. The majority of what I’ve found in my experience is that online protection and security is more behavior (knowing what not to do or recognizing signs its bad stuff) rather than finding the right application to rely upon. What I’m using currently is an extension to my own experience and knowledge that helps when its not clear if I’m going down a road to something malicious.

Online Safety Resources

These are sites that I’ve come back to time and time again as resources to help people. Everyone has to realize that it’s their responsibility to keep themselves safe online because no one else is going to do it for you (unless you’re a child with proactive parents). The wife and I have consistently kept a lot of technology away from our daughter on purpose because we knew she wasn’t ready to 1) listen to our advice and 2) properly police herself online. A recent foray into YouTube that got her into some real-life videos with questionable content is a perfect example. She didn’t know enough to say “I shouldn’t be watching these” and close the application. The computer is now only allowed in open family space, no more in the bedroom with a closed door!

YouthSpark Hub (sponsored by Microsoft)

StaySafeOnline.org (sponsored by National Cyber Security Alliance)

Get Safe Online

Protection (Anti-Virus / Anti-Malware / Web Filtering)

Out of all the things that you can choose to passively keep yourself safe out there, these are the three that I highly recommend. They’re a good balance between protection and minimal resource impact on the machines you’re running them on. I’ll address each individually to make things easier.

Microsoft Internet Safety & Security Center

This is a combination service that includes Microsoft Security Center and Windows Defender that come bundled with Windows 8.x and Windows 10. It’s automatically enabled by default and if you don’t know that they’re there, you’re already protected to a certain extent. I like this application because it literally sits in the background and only reminds you its there when something bad is about to happen or your actions are going to trigger something bad. It would well despite some of the bad press online, however its free and capable at protecting the “macro” stuff.

Microsoft Family Safety

Probably one of the best services I’ve seen from Microsoft, this lets you create an account for your child with a password they select, yet let you watch/see/block anything you want. An amazingly easy interface, you create the Microsoft account while logged in with your account and authorize their account on only the devices you want them to be able to log onto. You have the ability to restrict their total time, the time frames they’re allowed to log on, as well as see everything they download/install/browse online. If a site shows up you don’t want them getting on, a quick click of “Block” next to the site will remove their ability to get to it via any browser. You can also block installations of certain applications (like Firefox or Chrome) forcing them to use IE or Edge so you can keep track of their online behavior. Instructions are easy and they take you through every step.

Sophos Home (anti-virus/anti-malware/web filtering)

I highly recommend this service due to the ease of use and quick setup. You create an account, then install the Sophos Home agent on every computer you want to protect (up to 10 for free). Each computer shows up individually by machine name (I change them to be specific, e.g., “DaughtersLaptop”) and lets you review their online activity. This is an added blocking defense for any site that they got to that Family Safety didn’t block for some reason. In addition to the web filtering, this is also an added anti-malware tool and has an extensive database of web sites that have been reported as having a bad reputation in regards to malware or virus activity. Simple installation and small footprint (less than 50MB of memory used when running), this passively watches in the background.

Passwords

I can’t stress enough how important it is to have strong, complex, and long passwords. A password using capital/lowercase letters, numbers, and special characters that is 8 characters long, can be cracked in about 6-8 hours @ 1,000 attempts/minute. The same type of password at 15 characters will take 2-3 years @ 1,000 attempts/minute. Once you add in non-standard characters, it could take decades to crack. It’s not a matter of making your password uncrackable (that’s impossible) but more a matter of making it so long to get it cracked that they move on to the poor guy that has decided to use “12345678”, “p@ssword1”, or “qwerty1234” as their password for their banking site. And please, don’t be a smart-ass and make it “passwordWITH1number”….. that’s just stupid.

I personally use LastPass and definitely utilize the password generator built into it for everything now. I can access my password database on all my devices including my mobile. The database is encrypted even in the cloud to the point where LastPass is unable to decrypt it should I happen to forget my master keycode. They also just released an authenticator application (numbers that sequence every 60 seconds) to allow for dual-factor authentication on sites that allow it. WordPress supports it ūüôā

LastPass – Password Manager

Creating a strong password

How to Create a Strong Password (and Remember It)

How to Create a Super Strong Password (Infographic)

Well, there you have it, a lot of information to digest and absorb. It’s worth the read in my opinion as it holds true: “It’s not a matter of if, but when” you get hacked / you get a virus / you get malware / you get phished / etc. Stay safe out there!

It’s not a matter of if, but when (Part I)

I received a letter from American Express yesterday. ¬†It was nothing out of the ordinary as they send me crap all the time, but this was different. ¬†The letter informed me that my information changed via a third party service sometime in January 2016. ¬†Red flag. ¬†The letter didn’t tell me that this was an ordinary or extraordinary action and in the 22 years I’ve had this card I’ve never had anything changed via a third party. ¬†Red flag. ¬†Upon calling them, I was informed of a potential breach in a third party system that American Express uses to update their credit files. ¬†The letter was auto generated and was a result of a changed file. ¬†My question “Why did I get a letter its changed as I’ve never received this before?” went unanswered.

This event triggered me to write about it, because I’ve yet to talk to someone that completely understands the extent of their threat exposure. ¬†So here, a short list of items that I’m sure everyone has an account with or a device in their possession:

  • Mobile Devices: ¬†mobile phones, wifi doorbells, wifi cameras, wifi baby monitors
  • WiFi Vehicles: ¬†On-Star, Hyundai Assist, Ford Sync
  • Medical Devices: ¬†pacemakers, defibrillators, insulin pumps
  • Social Engineering: ¬†email, text messages, phone calls
  • Service Providers: ¬†mobile phone companies, cable, phone, electric, gas, water

Every single one of the above items (its not an exhaustive list) has a component that can be breached and used to take advantage of unsuspecting people. ¬†I’ve been in this industry for years and still see threat deltas that I’ve never seen before. ¬†The potential that hundreds of thousands of people are even less aware is very real and the news tends to support that theory. ¬†Here are some scenarios that may or may not fit:

  • Get a new WiFi router for your home and just plug it in and it works. ¬†No changing of the default password, no wireless security (open), no update to the default factory settings that allows for internal device browsing, etc.
  • Get a new Android phone and start to build out your profile, download apps, etc. ¬†You get a prompt to enter in your credentials for GooglePlay and blindly enter in your credentials because you think its for an app. ¬†You don’t notice that you’re not prompted for a username/password ever for downloading apps (since it uses your Google account automatically) through official channels.
  • Connect your personal mobile device to a hotspot for internet access without reviewing the entire list of available networks. ¬†Most places of business will display their wifi network name so you don’t connect to something malicious. ¬†Ex – a wifi network will NEVER show up as “ad-hoc”, the ones that do are malicious almost in every case.

There are literally hundreds of thousands of articles and resources available if you want to learn more about protecting yourself. ¬†I’m going to list a few of the more easier to understand resources in my next post. ¬†Keep yourself safe online and the horror stories you see online will never be about you.

Ponderance of future technology

I often find myself day dreaming about the future of computers and how this massive human experiment is going to play out over the next few decades.¬† I was well into my passion for technology when the Internet, as we know it today, became commercially available in 1992 and restriction-less (within open standard guidelines) in 1995.¬† There was a lot in those days that didn’t make sense and we were all sort of going on instinct as we explored the “shiny” that the Internet offered.¬† For those of you not of a technology or geeky mind, the term “shiny” is a universal term for anything that is new or interesting that we’ve never seen or used before.¬† I’ve had dozens of “shiny” things in my life that continue to evolve.

What does the future bring?

future_computer_geekThe future is limitless, really!¬† We are only hindered by the limits of our imaginations and the possibilities of current tech.¬† There are hundreds of examples in the last 40 years where we thought of something, saw there wasn’t technology to make it reality and literally invented something to make it happen.¬† The UNIX operating system is a perfect example that most people can understand.¬† A programming language was developed in parallel to allow the operating system to not only function, but run other applications written in “C”.¬† Having gone through several iterations, including C++ and C#, UNIX is a universally accepted operating system around the world.¬† Linux was born from UNIX and for years attempted to mirror itself to Microsoft Windows, but never garnered the popularity it needed to be anything other than a hard core only type of system.¬† Of course this is my opinion and my facts could be slightly biased.

A good place to see the imagination of the future is in movies.¬† The best example that I could think of recently is the reboot of Star Trek.¬† The one with Chris Pine, not William Shatner.¬† The thought that went into designing the fully functional (yes, functional) sets was absolutely amazing and the proof is in the authenticity the film if you’re paying attention to that.¬† The computers used, the way they interacted with the controls and the oddity of some of the tools all contributed to this authenticity.¬† IBM_8086My day dreams will reflect on what people 40 years ago were thinking when they were holding the first prototype of the IBM 8086.¬† I imagine they were all scratching their heads thinking “What the hell can we use this thing for?”.

Near future possibilities

We’re on the verge of a major leap in technology in regards to how we interact with it.¬† No longer is the keyboard and mouse going to be the go to accessories.¬† Instead, we’re going to be using our hands, gestures, facial expressions and our voices to interact with technology.¬† The fear I have is that we’re becoming so reliant on technology to do everyday tasks that we’re losing our ability to get things done without the aid of technology.¬† Example – A cashier punching in $200 instead of $20, seeing the mistake and going “deer in the headlights” trying to figure out how to give you change.¬† It’s an old persons example though……¬† What is this “cash” you speak of?

bad_ass_designI expect the future of computers to continue a little longer in the physical form though.¬† A physical keyboard and mouse is my preferred method of interaction as I have an insane requirement to be in control of my interactions with technology.¬† “Automatic” things being done based on behavior is the precipice of artificial intelligence; a terribly frightening thing that we as humans should be more concerned about.¬† Certain things should not be done “because we can” no matter how “shiny” they appear to be.¬† Anyone seen Terminator lately?¬† How about The Matrix?¬† Anyone read any stories related to the “grey goo”?¬† Yeah, scary stuff indeed.

Hackers

“Anonymous” hacked the CIA, Alabama State, and several Mexican websites this past Friday into the weekend. ¬†I’m not sure what they’re trying to prove with the wacked manifesto’s they’ve published justifying the hacking of those websites. ¬†I have to wonder what types of people they have actually doing these hacks. ¬†Scruffy guys, wearing t-shirts, sitting around eating Hot Pockets and drinking Monster Energy drinks having a debate on what site to hit next? ¬†I have a different theory.

My thought is that its all of us unsuspecting, unprotected, “I have anti-virus” types out there that don’t know or wish to acknowledge the threat that exists on the Internet. ¬†It hasn’t come out exactly how these sites were taken down on Friday, but if I were a betting man I’d put money down on a distributed denial of service attack, or DDoS for short. ¬†It’s the method that hackers use to link hundreds or thousands of computers around the world and instruct them, through malware, to ping flood a single IP address. ¬†A ping flood is sending large packets of information via a persistent ping command. ¬†Here’s a screen shot of a persistent ping, I used a bogus IP for the sake of demonstration.

Amazing how the simplest of built in tools can be so destructive and devastating!

While I don’t agree with any sort of hacking practice, others out there are basically for hire. ¬†They take a job, transparent to the target, reason, cause, etc. ¬†If the goal of the hire is successful, they get paid. ¬†It literally is as simple as that. ¬†Most of these guys operate out of countries where government corruption is rampant, and therefore they are able to operate with little or no hassle from local officials. ¬†They get paid too in the form of bribes.

I personally use these tools and have for several years now. ¬†I’m of the opinion that just because something is free doesn’t necessarily make it any less effective than something you have to pay for. ¬†In most cases if I like a product that is free, I’ll send in a suggestion for improvement along with a “donation” to grease the wheels on my request. ¬†In all but 1 case, the suggestion was added to a future release.

Using these tools together, will provide you quite a bit of protection from anyone attempting to use your computer with or without your knowledge. ¬†In conjunction with an updated browser (IE9 or IE8, Firefox, Chrome) there are several built-in protections that warn you of potentially un-safe sites or downloads. ¬†Don’t just click on them blindly and allow the hacker crap to get on your computer.

Be safe, its a mine field of crap on the Internet if you’re not aware of where it’s sitting….

Self-aware Internet……woah!

We had a debate at work today on whether we think the Internet would become self-aware at some point in the near future. ¬†While it was mostly conjecture that resulted in us ribbing each other for stupid ideas, it did start me thinking down a path that I hadn’t thought about for several years. ¬†A former professor of mine posed a single quote, author unknown, that we debated for over four hours. ¬†I might have brought this up before in a previous post and I’m just too lazy to go looking for it, but here goes.

“The computer is the network.”

Obviously it can be interpreted as “The network is the computer” but for the sake of keeping things semi-short, I will stick with the original quote. ¬†Putting some logic behind it, one is able to determine that it is true and false at the same time. ¬†What I mean is its a modern “Chicken or Egg” discussion in that its easy to see if from both sides. ¬†Would networks, as we know them as electrical signals that are on or off, have existed if there weren’t any computers? ¬†Would computers, as we know them as smart thinking boxes, have existed if there were no networks? ¬†You can answer yes to both questions, but you can also answer no depending on your point of view. ¬†Does that make sense?

The theory behind artificial intelligence is that with enough data, or input, an electrical circuit can and will become aware of its environment. ¬†Simple machines, the size of matchbox cars, have been built with simple circuits that didn’t have memory or storage capacity and have learned their environment well enough to not repeat past mistakes, such as run into an obstacle. ¬†Provided everything remains constant, they don’t go back to the place they ran into a wall or a table leg.

Now, take into account that the Internet has reached a level where you hypothetically measure its contents in exabytes, as in 1 exabyte is the same as 1,024 terabytes, or for the non-technical people, 1,024 terabytes is the same as 1,048,576 gigabytes. ¬†I used a calculator so I know my math is correct, lol. ¬†Moving on, that information is served up and transported by the most advanced and cutting edge computers in the world. ¬†It’s not a stretch to hypothesize someone out there creating a very simple “learning” malware application that anticipates the end-users removal techniques and effectively counteracts said techniques long enough to spread to several hundred computers. ¬†There is documented proof on the speed that malware or a virus spreads around the internet.

Straight out of a science fiction book, that malware, learning all the way along, infects the largest and most powerful computers in the world. ¬†Quicker than we can comprehend, it now has access to the entire digital footprint of the human race and learns at an exponential rate until we realize what is going on all too late. ¬†What we had created as a simple network back in the 1970’s has now become an enemy that has control over utilities, electricity, warheads, planes, ships, and any computer in the world connected to it. ¬†A technical life form by definition, but without any physical presence to attack.

How would you use a laptop that has now become aware of you, and will protect itself at all costs to keep you from unplugging it, removing its battery, etc.? ¬†A scary thought that is, as previously mentioned, right out of a science fiction book. ¬†There are theorists all over the internet talking about this sort of thing, which in my opinion is making things easier for the the Internet (would we call it Lord Internet when it makes us slaves?) to one up us. ¬†Make us obsolete and alter the world to suit its needs….

I for one could, at a moments notice, disconnect and exist off the grid in some mountain cabin in the middle of Montana!

Do we really “know” the Internet?

Wan's WorldI came to work today with a hat on because it was so nice I had all the windows down in my car.¬† The hat has a graphic on the front similar to the hat Mike Myers wore in Wayne’s World and says “WAN’S WORLD”.

“Man, you liked those movies enough to actually wear one of the hats from it?” says one of my co-workers.

“No, look closer.¬† There’s a reason you make mistakes…¬† your eyes don’t work!”

For the sake of this post, the dig on him wasn’t necessary, but I thought it was funny.¬† Anyway, he looks closer and asks me what was a WAN and why would I have it on my hat.¬† My response to him isn’t necessary to put here in that I’m a Systems Administrator, and so is he.¬† The question itself is just stupid to ask in my opinion.¬† For those of you who aren’t in an Info Tech role, WAN stands for Wide Area Network and refers to the global connection of a network outside of its LAN, or Local Area Network.¬† **GEEK CONTENT** Think of it like this, a LAN is likened to all the computers in your house linked together either by wire or wireless connections.¬† The WAN in this example would be the connection to your Internet Service Provider (ISP).¬† Examples of ISP’s are Comcast, Verizon, Embarq, RCN, etc. **END GEEK CONTENT**

The fact he asked the question sort of got me thinking about how the majority of people don’t really know what their email, Facebook, Netflix, and other stuff they do actually does or how it is presented to them.¬† A great dialogue from the show Criminal Minds sums it up quite nicely.

“The Internet is the greatest experiment the human race has ever embarked on that none of us really knows anything about.”

I paraphrased, its been a while since I saw the episode.¬† If you look it up, tell me what it should be and I’ll fix it ūüėõ¬† People who know me will attest to the fact that not knowing about something or knowing how it works drives me absolutely crazy.¬† I almost get obsessed with learning as much as I can about something that totally perplexes me.¬† A good example of that is when I took my first computer apart, completely, just to put it back together.¬† Sure, you’re saying lots of us do that….¬† but do they do that BEFORE ever turning it on for the first time?¬† Yeah, that’s my point.

Having been around technology since I was 12 years old, there is still a lot I just don’t understand or even realize there are things that I need to understand.¬† The Internet is an unquantifiable network of computers interlinked around the world that 99% of the human race doesn’t have the ability to truly appreciate the shear complexity of the whole thing.¬† No one person on this Earth can say “I know the Internet completely.”¬† We live on our little Internet islands where we have information served up