Password 101: how to suck at security

Password 101: how to suck at security.

(Totally not a satire post…. Totally…)

1. Always Use a simple password.
2. Always write it down.
3. Always Use the same password for everything.
4. Never change your password. Continue reading

Advertisements

Privacy, is it dead?

So, it’s been a couple of weeks since the NSA “PRISM” was leaked. Outrage followed, but seems to have died down. Which got me thinking, most people I know are their own worst enemies when it comes to their own privacy and important information.

How many of you have Facebook? Most people do. Now, let me be clear, I don’t use Facebook and haven’t for a long time, but my wife does.

Everyone has started to post play by play updates so EVERYONE can know what they are doing. The problem is then, how can you get mad the government collected the data? You posted it in the internet equivalent of screaming in the downtown square, then getting mad someone wrote down what you yelled.

Don’t get me wrong, what the NSA is doing, is wrong; however most people are not taking even the slightest steps to guard their privacy. This makes it very hard moving forward, because it gives us another “lesser of two evils” scenario: Do we give up, and let the government monitor everything we do? Or do we punish those who even stumble on publicly published information that is sensitive in nature for “hacking”

What I think really needs to happen is that people need to start taking privacy seriously. I can’t count how often I have gotten after my family for posting information that could be used against them, and without fail, they ALWAYS seem surprised that what they posted wasn’t private.

Read the end user license agreements for all of the software, and websites you use, they always list what they do with information that travels through their services. Is unfair to get mad at companies and government for spying when you click “I accept” without reading the terms of service.

For this problem to change, it’s going to take a shift in our mentality, not just more useless legislation to supposedly limit the government, even though they already ignore the laws currently on the books, how is another law going to fix things?

Simple solution: Stop being stupid!

Encryption and android, putting on your digital armor.

How much personal information do you keep on your mobile device? Your phone, or tablet, the devices that follow you everywhere you go, chances are you probably keep a whole lot more than you think you do.

If you lost your phone, I bet it likely you’d feel naked, exposed and vulnerable. All your contacts, search history, GPS history, email, and a wealth of personal and private information would be available to anyone who happened to come across it. Most people only use the slide to unlock that leaves all your data open for any person with nefarious, dastardly intentions to steal or use against you.

Tonight I’m going to discuss one option that android offers to help protect you from just that scenario. Since the release of Honeycomb, it has been possible to fully encrypt your device. Once you choose to encrypt your device, you cannot undo it without a factory reset, meaning to remove the encryption, you will have to destroy all the data on your mobile device, so please, proceed with caution.

If like to take a moment to discuss encryption, and what it actually does, because many people are lead to a false sense of security thinking since their device is encrypted that their data is completely protected, and unreadable to anyone else. This is a false statement, and there is no such thing as a security silver bullet. There will ALWAYS be a way around your security, but leaving your door open just screams “rob me blind, I don’t even shut my door”. Digital security is often the same. If you leave your phone laying unattended with no protection, even a person who means no harm might be tempted to look at its contents.

An encrypted phone or tablet, will lock your data with a PIN or password. Without the password, the data on the device looks like garbage. It looks like garbage that is, when it’s locked. While you’re using it, your data is readable. So if you leave a delay timer to prevent the phone from locking, you are leaving the door open for a small amount of time.

I suggest setting the power button to automatically lock, and also to avoid any delay in screen lock after the screen powers off. This will help to ensure that while you are not using your device, nobody else is either.

If encryption sounds like something you are interested in, I will be more than happy to wall you through the setup.

Before you can start full device encryption you will need to take the following steps:
1) set either a PIN or password in the “security” section of the settings menu
2) plug in the device

image

Once you have taken the previous two steps, click on the “encryption” section and click the button to start the encryption process. The encryption took almost a full hour on my nexus 7, so I would expect at least that, unless you only have a very small amount of internal storage.

Once you have encrypted your device, you will need your PIN or password for the following situations; powering on, rebooting, or waking the device from sleep, booting into recovery. To be honest, you will type it so often, it becomes second nature to you.

I encrypted my tablet a few weeks ago, and I have not noticed any performance difference, or had any negative experiences due to the device being encrypted. You can still use lock screen widgets, I use my tablet for alarms, and you don’t need to type a password to silence or shut off the alarm, only to gain access to the device.

image

As usual, if you have questions or comments feel free to contact me on Twitter (@DarkLordZim) or via email (DarkLordZim@gmail.com)

Do you know who’s using your WiFi? Or how to check?

This may sound like a stupid question, but in reality most people don’t. I work in IT support, the customers I support all work from home, or on the road. Many have no idea even what devices are connected to their network, let alone how to set encryption.

My goal for this post is to show you some easy ways to map your network, to ensure only devices you want are using your network. Rogue devices can negativity impact your network in a variety of ways. An attacker could steal your passwords or files, a poorly functioning device could cause internet speeds to drop to a crawl, or even disconnect your computers from the net.

That said, it is easy to monitor your network, and at a very minimum you should audit network usage twice a month (I do it almost daily, because it really only takes seconds to check).

The quickest way to get an idea of who or what is connected on your network is a ping scan, there is an app built specifically for network mapping and even some troubleshooting on android called ‘Fing’ it will report all live ip addresses, along with the manufacturer of the devices network card. Once you have the list of connected/live devices, Fing will let you troubleshoot each device. Some of the things I do with Fing are; port scanning, connecting to windows shared drives, ftp. here is a link to Fing in the play store.

image

Here is a shot of Fing in action

Some of us that are hyper focused on the security of our networks, even go so far as building lightweight intrusion detection systems, but I would not expect that an average person would take the time to learn how to set one up, or even pay the huge prices charged by others to do it. Simply scanning your network is a great step in protecting your digital privacy, if you notice connected devices that shouldn’t be there, you can adjust settings within your routers configuration to block the device.

I will write a follow-up post, with some windows, and Linux tools that are user friendly, and give similar function to Fing on android. I would also like to note that Fing is also available on iOS, but it has been awhile since I used it as I avoid my iPad like the plague.

If you have concerns or questions, feel free to hit me up on Twitter @DarkLordZim or email DarkLordZim@gmail.com

Android app review: Swapps

Now that I’m using my nexus 7 significantly more than my laptop from day to day, I’m always looking for applications to make my life easier while adding functionality and usability to my tablet.

Enter “Swapps”. Swapps is an android application switcher that makes multitasking so much easier. The switcher runs in the background and is accessible via gesture by swiping from the side of the screen to access the drawer.

From the launcher drawer, you can set “starred” apps, that you use the most, it shows the most recent 5 apps, and still will give you access to all applications on the tablet. You can customize each section through the settings. You can set up to 15 starred apps. Turn recent apps on or off (recent only shows 5 apps), and you can turn all apps on or off.

You can also customize the swipe area, as wide or narrow, tall or short, right or left side of the screen. Out of all the productivity applications I’ve tried, this one so far is my favorite. It’s available for free in the play store, with a very small ad bar or you can donate through an in app purchase to remove the ads. (Though the ads don’t remotely subtract from the usefulness are functionality)

I’ve attached some screen shots of the switcher, and settings.

image

image

Also, I would like to add that you can kill background processes by long pressing an app in the “recent” section.

Here is the Google play store link, this is one app I very much think you should try!