Monday, June 25, 2012

The secret cyberwar of 21st century

If you haven't read about the Stuxnet, Flame, and Duqu viruses, it's time to brush up on the latest wave of cyber-warfare, website hacking, identity theft, and credit card data theft.  Even though the infamous Stuxnet is being phased out, the next generation of super-viruses is already in the works.  Naturally, due to the highest concentration of computer technology controlling most of our infrastructure, the U.S. will be the most likely target of the next attack.  Read the great Christian Science Monitor article:
There's no relief either for worried cyber security experts, some of whom have called Stuxnet the digital equivalent of the first nuclear attack on Hiroshima. They warn that Stuxnet's code provides a template and conceptual model for a far more destructive "son of Stuxnet" cyber weapon that could be deployed by other nation states or hacktivists for cyber attacks against power grids and other civilian infrastructure.

Let's face the facts: doesn't matter what operating system you use, your device is vulnerable to viruses and hackers.  Firewalls and antivirus software offer limited system protection against known malware.  Zero-day attacks or sophisticated root kit viruses can infiltrate any device - don't let be fooled by the talking heads on TV or computer stores.  

Although, casual use of the Internet, checking email, watching Netflix, and shopping on Amazon, may not pose much threat, heavy downloaders and power surfers (yes, adult entertainment included) must remember to stay on alert.  Systems patched with the latest OS updates are the first line of defense.  Strong passwords are also invaluable when it comes to protecting your email, brokerage, and bank accounts.

Physical security is also becoming an important part of your daily web encounters.  I used to smirk seeing people taping their laptop webcams - not anymore.  In fact, I would like to see a physical switch on every web-connected device to turn off a webcam, microphone, and speakers.  Yes, speakers also, since they are basically reverse microphones.  

Why all these precautions?  Because nobody, yes, nobody can guarantee you that your device is not being monitored by someone, some organization, or a government.  With questionable practices of major Internet Service Providers, Facebook exposure, and a vast search engine data - your privacy is worth more than you think.  Use common sense and stay safe.

Wednesday, June 20, 2012

Northwestern University graffiti rocks

What can you tell me about the fine and famous Northwestern University?  That is located in Evanston, IL?  Just north of Chicago?  That is has a gorgeous campus right on the Lake Michigan?  Yes, that's all true.

However, what I find unique are the graffiti rocks at The Lakefill peninsula.  Every time we take a stroll along the coast, newly painted rocks are fun to discover.  You can say, the rocks are a wild art gallery, changing and evolving.  Check out the pictures I took on Father's Day.

Thursday, June 14, 2012

Stronger online passwords? A must.

Recently, it seems like every week some new website or company is being hacked.  With the abundance of web connected laptops, tablets, e-readers, and smartphones, the Internet and social networks are accessible 24/7/365 to most users.  

In the 4th quarter of 2011, Americans spent 38.6 hours online.  That's a work week!  But Canadians beat U.S. into shame with 45.3 hours in the same quarter.  What's that all aeboot!

With all that net presence, it's becoming more and more burdensome to remember all the passwords to secure access to web services.  Feeble, duplicate, obvious, and stupid passwords are the weakest link in online security.  LinkedIn is a perfect example: six million passwords were hacked and exposed last week forcing users to change their passwords.  Other sites like eHarmony and Last.fm shared the same fate.  

So what can one do to protect web accounts?

Avoid weak passwords.
1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football
Avoid reusing passwords on multiple websites.
It sounds easy: you think of one amazing (in your mind) password and you use it on every website.  In reality, if someone hacks your email account and tries the same password on your bank site or social site, chances are they will succeed.  It's a pain in gluteus maximus but the reward is your security.

Keep your password private.
Obvious but surprisingly common.  Do you know how many people I've seen having password taped to the back of their laptop?  Too many. 

Use mnemonics to create strong passwords.
One lesson one can learn from Johnny Mnemonic movie, is that people have trouble remembering things.  With millions of interesting websites, who can remember all unique passwords?  Well, Johnny can, but he had a hard drive implanted in his head. 

You can use password managers built into web browsers or change a number at the end of your main password, but those are questionable ways of securing your access.

My favorite way for strong passwords is an abbreviation of a unique sentence.
Let's say you owned an orange 1969 Chevy Camaro in your twenties.  You loved that car.  Especially on Saturday nights.  What a sweet time!  Right?

So come up with your sentence: I loved my orange 1969 Chevy Camaro 
Now, abbreviate first letters mixing upper and lower case: ILmo1969CC
For more security, add special characters: My hot wife was right on the money!
Now, abbreviate: MHwwRot$!
You get the idea.
This simple way allows you to cherish your memories and have secure passwords.

Use longer passwords.
The longer the password, the harder it is for a hacker to crack it.  So use 8 or more characters, mixed with numbers, upper and lower case letters, and special characters. 

Delete emails asking for your credentials.
Legitimate websites will never ask for your credentials in the form of an email.  Or any form.  They will simply reset your password if needed.  So delete all emails asking for an account update or password, even if they appear legit.  To confirm, you can always call the customer service or the help desk to check if the company or site sent that email.

I invite you to comment and add your ideas to secure your online access.