Do you need help using the Internet?

Leave a comment

coverI have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

WiFi Tricks and Threats

Leave a comment

Last week the Huffington Post commented on how to avoid hackers, especially for celebrities.  It was an article full of useful information, but only if you know how to use it.  The fourth of these was to avoid WiFi networks.  Well, that’s nice, but what is it and how does one avoid it?

One can define WiFi as the technology that allows an electronic device, such as your smart phone, laptop or iPad, to connect to the Internet wirelessly (using radio waves).  In order to connect, you must be able to send information to a hotspot (or access point).  Such hotspots are limited inside because walls, furniture and other physical objects can block the signals, but have a greater range outside.  Wi-Fi allows cheaper deployment of local area networks, and  in spaces where cables cannot be run, such as outdoor areas and historical buildings.

You may well have used WiFi at your local Panera (or St. Louis Bread Company as it is known here) while eating.  Bookstores, restaurants and lobbies of hotels also generally provide WiFi coverage to their customers.  Most devices attach easily to WiFi, and may attach automatically (with no obvious signal to the user).  It is a convenient way to access your email, social networking, or web searches from your portable device.

But, it is also an easy way for others to access your email, social networking or web searches.  Most public WiFi networks have no security associated with them (as indicated by the fact that you have no password or other requirements to join the network).  Since there is no security on the network, anyone can attach any device to the network and do on it what they want.  Some people, then,  attach devices that can read any non-encrypted transmission over the network.  That includes your passwords, credit card numbers, confidential corporate information or your surfing history.  This is comparable to the person eavesdropping, except it is with the computer.   They may also be able to masquerade as another device and send requests for information (such as data or pictures) to your computer (which your computer thinks it should honor).  As I have said before, sometimes people do this for fun, or to learn what they can do.  Others engage in such behavior to find information that might be sold to magazines or used to blackmail people.  Still others engage in the behavior to steal confidential information (such as credit card numbers) that they use to steal money.

So, what do you do?  Of course, the normal precautions of having your security software up to date will prevent someone from unleashing a virus or malware on your computer.  But in addition, many security experts suggest you avoid such networks.  Or, if you do use them, set up a virtual private network (or VPN).  You may already be familiar with a VPN because you may use that to login to your company’s computer.   VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.  This software prevents sniffing of the material sent over the network, ensures that communications come from the place they say and that information is not intercepted inappropriately.

A Mobile VPN gives a user the same level of security when using public WiFi networks.  Instead of requiring a stable location on a network like the traditional VPN, a mobile VPN maintains a virtual connection to the application instead.  It allows the computer to move among WiFi networks which changes the “address” of a computer, and handles the changes of the addresses transparently.  This kind of security has been used by police officers as they move among cell towers, and by hospital personnel as devices move with patients.  Both applications require absolute security.  Using a mVPN may involve additional hardware and will involve additional software provided by a third party.

It is, of course, an extra step.  But, if you do not want the world to know the data you process, then perhaps the extra step is necessary.

 

Man-in-the-Browser and Financial Transactions Security

Leave a comment

Online banking makes paying bills and transferring money easy and fast.  But are you sure that you are protecting yourself and your money?  What would you do in the “real world”?  First, you would want to make sure you were really at the bank, and that it is open.  You  would want to hand your checks and money to an official teller and get receipts of all of your transactions.  In addition, you would probably get fairly suspicious if someone were looking over your shoulder or if you had to conduct your business through a third party (not someone who works for the bank).  You would be wise to ensure that your records were accurate and that no one was stealing your signature or banking documents.

If we are going to take advantage of the benefits of online banking, we need to translate those practices into the virtual world.  First, you should have a unique and strong  password for your banking account.  If you are not sure how to get a strong password, look at my previous post on the topic.  Second, you should avoid using a public computer for your online banking because it might have installed software to log your keystrokes or to remember your passwords without your permission.  Third, you should keep information about your account and password quite secret.  Fourth, of course, you should always be running up-to-date virus protection and malware protection to ensure that your computer is doing what you intend.  Your bank may have additional software and/or devices that provide additional security for your transaction.  Fifth, you must update your operating system and browser as recommended, especially if you use Windows and/or Internet Explorer.  Both products have features that are often

Even if you follow safe computing practices, you may still be at risk thanks to a new kind of trojan (similar to a virus) that might have infected your computer,  called a “Man-in-the-Browser” (or MitB) trojan.  The trojan is a piece of software that does not install itself on your computer, but rather installs itself as an add-on program within your browser, without your knowledge.  What happens is the MitB alters what the user and the bank see during the transaction.  So, for example, the bank does not get correct information about how much money to pay a vendor, and you do not see how much money was actually reported.  In fact, it might transfer money to another account and you might not be aware that it happened.

Your virus protection examines all of the software on your computer by comparing it to known problems or peculiar behavior.  Just as your police officers fingerprints and now DNA samples to compare to evidence at the scene of a crime, your virus protection compares strings of computer programs to those known to be viruses, malware and trojans.  If those do not identify the perpetrator of the crime, they look for people who are behaving strangely.  Likewise the virus protection examines programs for unusual activities, like replicating themselves,  growing quickly, or accessing a number of services on the computers. Generally these strategies work well.  However, MitB trojans are particularly difficult to detect since they change their appearance and behavior tens of thousands of times each day.   A particularly good (and easy to understand) description of this phenomenon was aired on BBC News.  Since they are hard to detect, it might take some time before your virus protection understands that there is a problem and by then it might be too late.

There are some warning signs for this kind of problem.

  • If it takes your computer longer to process requests
  • If your financial transactions take longer than normal
  • If you are asked for more information than normal during your financial transaction, especially if you are asked for passwords or sensitive information such as social security numbers.

What do you do if you experience one or more of those symptoms?  You should call your bank as soon as possible and give them the date and time of the transaction.  Do not email your bank because the same software that interferes with your financial transaction may interfere with the sending of the mail.  Your bank may have monitoring software that catches and disallows unusual transactions to protect you, so you may not have a problem.   If you do, you will need to rely upon your bank’s policy as to how much you are responsible.

Happy ‘Change your Password Day’!

2 Comments

You can be forgiven for not realizing that today is a holiday, and you can be forgiven for not knowing how to celebrate it because this is the very first time we have had it.  ‘Change your Password Day’ was proposed by writers as Gizmodo as a way to remind all of us to remember to change our passwords regularly and smartly.

A few weeks ago, I posted an entry about how to change your password, called “Passwords.”  In that post, I suggested some of the common recommendations about how to increase the strength of your password;  if you have not read it, I recommend it.  The goal is to select something another person — OR COMPUTER — would not guess.   The recommendations to stump other people are easy, don’t use something that is identifiable to you.  Computers are a little harder to trick, however, because they can compare your password to dictionaries (in multiple languages) and other documents to find something that you might put together.  So, do not use a word in a dictionary or on Wikipedia or in a fact book.

Gizmado writer, Rachel Swaby discusses passwords in terms of how easy they are to break.  She provided this comparison below:

The chart is reposted from Ms. Swaby’s blog.

The chart nicely shows the relative difficulty of cracking passwords with different characteristics.   Long is better. Clearly, those that are not dictionary words, that have combinations of upper case and lower case letters and special characters are the best.  Even combined words, especially where you have numbers and special characters, are preferred to common words.

So, take a minute today and look at your passwords.  Are they strong?  If not, make them strong.