Every hacker knows your password…

That title is tough to accept. However the reality of today is that passwords as we have used them previously are very very insecure. I’ll spare you the cryptography math. Simply explained hackers have hacked so many major websites and harvested a “whopping 642 million passwords.” http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-a-whopping-642-million-passwords/

The 2012 LinkedIn hack has resurfaced as all 177 million accounts and passwords (all cracked) has been released. If you had an account on LinkedIn ever that password is actively being used by hackers to access accounts on other sites (because people commonly reuse passwords). http://arstechnica.com/security/2016/06/teamviewer-says-theres-no-evidence-of-2fa-bypass-in-mass-account-hack/

I strongly encourage you to update any online service/website/app password if there’s a remote chance its the same username/email and password you had on LinkedIn (or other breached site). http://arstechnica.com/security/2016/06/how-linkedins-password-sloppiness-hurts-us-all/

In analyzing my own usage, my LinkedIn password (8 character randomly generated alpha-numeric crackable in 0.2 seconds) was reused on over 15 web services, half of which were or had financial related information.

I highly recommend using a Password Manager to securely store and generate unique passwords. The two major players with great reps and smart developers are 1Password and LastPass. Both offer free and paid levels of service w/ iPhone apps. Where possible passwords should be 12 characters or greater. Where creating remember-able passwords is necessary check out this Cartoon (bottom) then generator (top). https://xkpasswd.net/s/

Do not be like me…create unique passwords per site. It’s nice to be able to remember passwords but if you consider going to 100% managed passwords where you know none of them we may all be a bit more secure! Now go…change those passwords.

Posted in Uncategorized

PLEASE!! Backup / Back-up / BackUP your important computer data!!

It’s been a very bad week for Hard Disk Drives (HDD). Three separate people have come to me with failed hard drives and desperate hopes of some reasonable recovery. Unfortunately all three of these drives have mechanical failures/defects that prevented 2 from software based recovery and the other suffered from either a circuit board or spindle motor failure dashing any hope for easy recovery.

Let me strike a little fear in those of you that have not had a data-loss failure and point you in the right direction for backup. Everyone else who is already sold on the need to backup your data can skip the next paragraph 😉

Picture yourself at work, school or out to dinner. All your possessions at home are [insert terrible event here] now gone. The house itself is…gone. Gone forever. Angry, frustrated, emotionally gut wrenching. These events are outside our control. We have various forms of insurance to make what is gone whole-again. We can pay a contractor for home construction, buy material goods from a store but we are never really fully recovered. Losing data from a computer failure, theft or accident can evoke similar emotions. All your work….family photos and videos….home documents gone. NOW is the time create backups of your important computer files. And I’m going to help get you get setup!!

There is a widespread saying in photography circles that a digital photo doesn’t exist unless you have 3 separate copies of that picture. This is simply stated as the rule of threes…. 1. your working copy or original source, 2. your primary backup and 3. a cloud or off-site backup. Until you achieve the rule of three you are at risk for losing your pictures. We expand this rule today for all digital files because everything is so very important.

I will start by helping you get setup for the rule of threes with your Mac computer running OS X be it a MacBook Pro, MacBook Air, an iMac, older or soon-to-be brand new and gold MacBook or a high-end professional MacPro. Apple ships all their computers with a simple and powerful backup program. It lives in your system preferences (the Mac’s equivalent to the Windows Control Panel) and it is called Time Machine. It backs up your MacBook (all of it) to an external hard drive or a wireless hard drive on your home network. It works silently in the background and makes hourly backups of your files as they change. Time Machine manages the backups for you so there are a set of older Monthly and Weekly backups. You toggle an on switch, point Time Machine to an external USB hard drive or wireless hard drive on your network and that’s it. Rules 1 and 2 now solved.  (Time Machine Basics: https://support.apple.com/en-us/HT201250)

(editors note: If you are interested in the wireless hard drive and have an all Mac house I highly recommend the Apple Time Capsule product http://www.apple.com/airport-time-capsule/)

With Rule 3 left to resolve you now have some choices. You can use a 2nd external hard drive, make a Time Machine backup and then take that drive off-site and try to remember to bring it back to your house, re connect it for an updated backup and take back off-site OR you can buy online storage or online backup services. There are lots to choose from. PC Mag recently did a nice roundup. Read, evaluate the offerings, buy, setup the backup on your computer and Rule 3 solved. http://www.pcmag.com/article2/0,2817,2288745,00.asp The best part about this Rule 3 is it is the same answer for our Windows users or homes with mixed Mac/Windows computers.

If the Mac has this simple and great backup software surely my Windows computer does too, right? Well kinda. Starting with Windows Vista (but it really sucked) and mostly with Windows 7 and later Microsoft has included Backup and Recovery section to Control Panel. Setting up backup on Windows 7 is a lot more steps and frequency is user defined. This is bare-minimum backup. You’re really “phoning it in” to check off rule 2 with Windows Backup. Its better than nothing, don’t get me wrong. Follow this guide to get it setup to your external or wireless hard drive. http://www.howtogeek.com/howto/1838/using-backup-and-restore-in-windows-7/

Backup in Windows 8 is much closer to the Mac’s Time Machine with the added feature of “File History”. Windows users I suggest turning on backups and reading this to further educate yourself on Windows backup options. http://www.howtogeek.com/189452/8-backup-tools-explained-for-windows-7-and-8/ Between these backup solutions for Rule 2 and the online backup options for Rule 3 you’re in much better shape to not lose large amounts of your important files and data should you have a hard drive or computer failure.

I hope this helps!!

Posted in Uncategorized

Protect your online accounts! (Updated!)

//Update//

It seems the attack vector is not as I described below. Seems its likely reset questions were hacked.

//End Update//

This labor day weekend, 2014, the “kiddies” of the internet had a little fun at the expense of celebrities. It’s a serious matter of digital theft; the online accounts of nearly a dozen attractive female celebrities was compromised and all their stored photos copied and shared online. The sad thing is this kind of digital theft happens every day…24 / 7! There are flaws all over the internet and many dedicated online criminals looking to profit from that information.

News of the hack was first reported on Buzzfeed here. It quickly spread on Twitter and other tech news sites like The Verge. So whats the back story? Simply these celebrities had their iCloud/iTunes password guessed. They likely had very easy/popular password and were easy targets. But how?…so lets dive into the details for everyone to understand…

Screen Shot 2014-09-01 at 12.40.27 PM

When you log into a website your web browser encrypts and sends your username and password to the website you are logging into. Dropbox is an online storage service that also has an App for your Android or iOS device. So it can store all your pictures as a backup so you don’t loose any in case your phone is lost or damaged. iCloud has a built in service called Photostream that copies your last 1000 photos from your iPhone to your iPad and Mac/PC. All your info available everywhere you want it to be. That’s the promise of the cloud. It also leaves profitable information (bank, tax, business docs) available for digital theft. As in the case of the celebs, lots of selfies. 

In this particular case not only did the accounts that were compromised have weak passwords, there was a flaw in one of the backend iCloud services. Apps communicate with web servers via dedicated communications channels called Application Programming Interfaces. APIs as they are known allow many developers or apps to contact a service using the same programming language. In this case, the Find my iPhone application and service simply allowed unlimited tries at a username/password combination. So what you say? They won’t guess my password. Well a human isn’t sitting at their computer typing passwords all day. They write a program to automate it. And if they are smart they write it in a way to check slowly as not to trip network detection on the side of the servers. With the API not preventing anymore guesses after 10 or so incorrect password entries the thieves were able to try passwords their hearts content until they were able to get into an account.

Freely available was the code on how to execute this hack with some instructions and details: 

It uses Find My Iphone service API, where bruteforce protection was not implemented. Password list was generated from top 500 RockYou leaked passwords, which satisfy appleID password policy. Before you start, make sure it’s not illegal in your country. 

Be good 🙂

Be Good…ha! So as I guessed rightly when the news broke, the hackers used a password list from other, previously compromised websites. A list of the top 500 passwords was provided to get you started. You can easily source a list of 10,000; 100,000 or millions of passwords from the internet. All from many previous website hacks. This is also why you shouldn’t (and we never listen) reuse passwords on different websites. Once one website is hacked and the usernames and passwords stolen then they are tools to attack other websites and services. 

Lets protect ourselves. Please generate a random password for each website and online accounts. One good website for random passwords is at GRC.com. That site is run by Steve Gibson who is a well known security researcher and podcaster. I highly recommend using a password manager such as LastPass or 1Password

Posted in Uncategorized

How to re-download purchased iTunes Store content

I’ve been getting several inquiries on how to recover lost/missing items from the iTunes store that are desired on their iPhones, iPads or iPod touches. So lets help you navigate to the right spot to find all this great stuff, again.

First, you need to open the iTunes program on your PC or Mac computer. And while we’re on this subject lets discuss some terms…The term iTunes alone (should) refer to the program that lives on your Mac or PC and started as the tool to rip CDs and sync music to iPods. Then in the early 2000s Apple made deals with the major music labels and launched the “iTunes Store”. This tutorial will help you navigate within the iTunes program/application to the iTunes Store and recover and redownload past purchases. 

Let’s start with this first image:

Image

In the thick blue box you can see the location of the iTunes Store is selected and filling the majority of the right 3/4ths of the iTunes program is the main page of the iTunes Store. At the far right (you may need to scroll right to see it) is a section of quick links. Here circled in blue is where you click to access “Purchased” items.

Image

 

Now I clicked (you should too if you’re following along) is the purchased screen. Circled at the top left is “Music” however you can select any of the content types at top. On the top-right I can filter between all items and items not on my computer. Now there is two ways to re-download your times. You can scroll through all your songs/albums (apps if your looking at different content) and click the iCloud symbol (green boxed). Or click the download all button (green circle) and get it all on your computer to sync.

 

Posted in Uncategorized

Should I Repair or Replace my broken laptop?

It is never fun when you’re faced with the decision to repair a broken computer. Ultimately you need to make a decision on spending money on repairs versus buying a new computer. This particular issue is focused on hardware failures as any good computer technician (especially Trif :-)) can remedy software and operating issues with a reinstall. A hardware failure in a laptop almost always requires dis-assembly of the laptop. This action is several hours of labor, plus the costs of parts.

It’s important to note that even repaired laptops are not under warranty and its future life is only as good as the care in use by its owners. New laptops may come with a warranty (though manufactures are getting more and more stingy with them) and the latest features for as low as $400 depending on your needs and preferences. MacBook notebook computers from Apple start at about $1000 and increase in price at that point. So how do we decided to repair or replace? Let’s discuss some ideas…

Consider the relative age of the laptop to current computing platforms. While that PC laptop may only be a year old to you was it a left-over from a previous generation? Maybe its time to move on however hard it is to plunk down full price for a replacement. However if you can have a laptop repaired for under 50% the cost to replace and the laptop is under 2 years old it does makes sense to repair the laptop. PC Laptops are simply not made, in general, with longevity in mind. If you are are especially careful, do not spill drinks and food onto it and it spends most of its time on one desk then you could expect 3-5 years of use otherwise under 3 years is the norm. MacBooks are notoriously well built with a rigid and very solid all aluminum body and produced to an exacting specification. There is universal agreement Apple computers are some of the best performing and well build laptops in the industry. As such they command a higher entry price and repair parts are also a bit more expensive.

You should get a diagnosis from a technician (Trif Computer for example) who can advise you on the best approach for repair or replace. Such a diagnosis should describe what the failure is and provide the part and labor costs for repair. You should ask for a cost comparison to a new laptop on the market that is in the same category as the one in for repair.

Laptops take more wear and tear than desktops. Computers and sensitive electronics really don’t like to be banged around much. Remember, if a repair is going to cost 50% or more than the cost of replacing, it’s not worth doing, because you’ll still have an older laptop when you’re done. Also, if your laptop is 4 years old or older, you’re better off replacing since you’ll only get a year or two of use out of it even after the repair since something else is likely to wear out.

Below is a summary of my suggestions on how to proceed for Laptop repairs. These are not hard and fast rules and your decision will be based on the prices quoted from your local repair technician (Trif Computer Services :-)) and personal preferences on where to expend your money.

  • Memory Memory is always easy to replace and upgrade. Access to the laptop memory is usually on a panel on the bottom of the laptop. It is an inexpensive upgrade and the best thing to make an older laptop perform better.
  • DC power jack. Sometimes the jack where the power adapter connects gets broken loose from the internal connections. If the parts are separate from the motherboard it is  usually inexpensive, but this requires that the laptop case be removed and replaced.  Do it? Yes…BUT…If the DC Power connector is soldered on the Motherboard you may need to replace the entire motherboard or attempt delicate re-soldering of a new DC jack. Really consider how old this laptop is before sinking costs down this route.
  • Keyboard If a keyboard is damaged or needs replacing, it’s generally worth doing. Keyboard parts range form $35 to $100. For most laptops, a keyboard replacement only requires that the top bezel be removed, and doesn’t require a complete dis-assembly. It still can take about 1-2 hours of labor though. Do it? YES
  • Hard drive. The hard drive can usually be removed and replaced without the need to take apart the entire laptop case.  It can usually be upgraded as well. Do it? YES! Want to really supercharge your laptop consider replacing your hard disk with a new Solid State Drive (SSD). New SSDs use chip-based memory at are significantly faster than hard drives. The trade-off is they are usually much smaller in total storage space at the same or increased cost than many larger hard disks on the market.
  • LCD. If the LCD panel is not working, it could be either the graphics circuit on the mother board, a faulty inverter board or the LCD panel. If you can, plug the laptop into an external monitor. If you can get a display, the problem is the LCD panel. Prices for LCD parts alone range from $150 to $350 depending on the quality and availability. It takes a complete dis-assembly to replace and repair this item so there is usually at least 2 hours or more or labor involved.  Do it: Maybe. If a new LCD panel and lid assembly are available and total costs under 50% the cost to buy a new laptop they a new display may be the right call.
  • Mother Board. Since mother boards are generally one-piece units for laptops, any failure requires complete replacement of this item. The part can range from $100 to $400 and up. Do it: Maybe! Again you want the total repair cost to be way less than the cost to buy new and only for computers under 2 years old.

Hope this overview helps get though the challenge of deciding when and how to approach laptop repair. While i focused on prices related to PCs the same rules apply to MacBooks. It may be better to repair that 2-3 year old MacBook instead of spending $1000, $1400, or more for a new one.

Posted in Uncategorized