DoubleClicks.info About Computers for Newbies & Everyone Else

December 12, 2017

Tunnels on the Internet

At a recent speaking engagement, I was talking to the group about security.  This discussion was centered on Virtual Private Networks or VPNs.  Since 1996 when a Microsoft employee created a secure tunneling system for computers, VPNs have been around.  It was not as we know a VPN today; however, it certainly set the process in motion.

Basically, a VPN is a “tunnel” through the internet that connects a specific group of computers.  This network keeps out anyone who does not have the proper keys to work with the others.  Businesses first started using VPNs to connect their data networks between different locations around the globe.

A VPN keeps out the bad guys, or not even bad but just people you do not want looking at your data.  In more recent times VPN usage has been encouraged for individuals too.  This statement may lead you to ask, “Why?”

The reason is security.

If you go into a local coffee shop and check your spam email you may be fine.  But if you have private email which you are sending and you do not want others to see, a VPN may be needed.

When you are in a coffee shop, or any public Wi-Fi for that matter, it is most likely an open connection.  That means anyone walking by can access the internet through that business’s network without a username or password.  They may even require usernames and passwords but you do not own that connection.  You do not know who else is there in the background.  You consider that a nice feature, which it is; however, there could be nefarious people nearby lurking about seeking your information.

If you have a VPN connection on your device, you log in with your own username and password to a server at another location.  It is similar to “drilling” a tunnel through the local internet Wi-Fi connection you are on.  That stops anyone from seeing what you are sending or receiving, keeping your information private.   This includes your login and all transactions on your bank account if you use it while there.  All banks use “Hyper Text Transfer Protocol Secure,” you know the URL that starts with “https.”  That “S” means that it is secure but again someone may be digitally looking at your keystrokes while in the open and recording them for their use.  If you use a VPN they should be stopped dead in their tracks from getting your info.

The VPN encrypts the information you send to be unencrypted only by the person/organization to whom it is meant to be delivered.

Check the short video below to see how a VPN works. 
Sometimes pictures are worth a thousand words.

Also, many people use VPN for a location setting.  If they were to want to watch a TV show in a foreign country but it was not allowed out of that country, you could use VPN.  It would camouflage their actual location and appear to be in that country.  But they could actually be on the other side of the earth.  What if someone is in a county that will not allow free speech but wants to blog about the injustices or issues there?  With VPN they could do so and not be discovered by their governments.

This is only a high-altitude flyover of what a VPN is and how it can be used.  If you are interested look for more information online.  Remember, a VPN that you pay nothing for may be exactly what it is worth.  Shop around and read reviews as a good one will cost a little.

October 24, 2017

A Paper That Changed Our World

Filed under: Columns — Tags: , , , , , , , — Ron @ 5:08 am

You know everyone makes mistakes; however, not many make as far reaching a mistake as Bill Burr.  Mr. Burr is the person responsible for the current password guidelines he dispersed and he now says the instruction was wrong.

He authored an eight-page document which was OK’d by the National Institute of Standards and Technology.  He also mentioned that, “…the paper wasn’t based on any real-world password data, but rather a paper written in the 1980s.”   Unfortunately, the document he wrote went on to become the Holy Grail of industries around the world.  It made it so that all businesses, governments, etc.  updated their password policies to coincide with this new information.

Password graphicYou know the spiel if you are in the workforce today.   You should have capital letters, lowercase letters, numbers, symbols, nothing related to your date of birth, children’s names, pets’ names and maybe a few more.  And the one that made me the craziest, you must change your password every 90 days and cannot repeat one within a certain time period.

In a recent interview with The Wall Street Journal Burr was quoted as saying, “Much of what I did I now regret.”   It went on to say that none of these actually make your passwords that secure.  Especially the, “change it every 90 days” rule.  It was determined in a 2010 study at the University of North Carolina, Chapel Hill that updating passwords regularly can actually help hackers identify a pattern.  (You know you do it, changing just the last letter, number or symbol of a password you have used for years.)  I read another article stating that if you have never been hacked or noticed any strange happenings regarding your password you should never change one.

Guess what the new rules state?   A better solution is to create a password with four random words.  If you are allowed to do so you should include spaces.  This combo is supposedly harder to crack than the old revered password stylings.  You can even capitalize or use punctuation if you wish.  However, the length of the password is what discourages the hackers not the combination of letters, numbers and/or symbols.  The old rule of thumb about being at least eight characters long seems to be weak too.

So, my new passwords may be something like, “IscoffeeanElephantoraTomato?” or “Is coffee an Elephant or a Tomato?

I do have a couple of thoughts/concerns regarding the past guidelines…which we have found out could be bogus.  “They” always said not to use any word in the dictionary as this was how hackers started with their hacks. However, now it appears that commonly known words are OK.  Huh?  Who said that they should not be used the first time and where was their research documentation?   Is that one true or false?

All I know is that I hope where I work will quickly change the 90-day period between changes – life would be so much easier.

Change my passwords how often?!!!

June 7, 2016

Password Vault

Filed under: Columns — Tags: , , , , , , , , , , , — Ron @ 6:14 am

Bank accounts, dating sites, email, Facebook, Instagram, other email accounts, PC login, Twitter, websites, work, and on it goes.  What do those things have in common with most everything else on your computer?  Correct, passwords.

Five years ago I wrote about various ways to keep your bazillions of passwords safe.  DO NOT do what some non-savvy users do and write them on a piece of paper cleverly hidden under your keyboard.  Yes, I have actually known people to do that.  I also do not recommend creating a text document, spreadsheet, etc. with password protection as these are not really too secure. 

I used to exclusively use KeePass (keepass.info) which is an excellent program; however, from emails I have received it is a little cumbersome and difficult for some.  Especially when used in several locations like work computer, home notebook, tablets and also phones. 

KeePass logo 
I have recently switched over to LastPass (lastpass.com) which I find incredibly more useful in several respects.  When I mentioned LastPass five years ago I was slightly negative toward it since it had just faced its first hack attack.  However, that being said, it totally survived that attack and has not had a major attempt since. 

LastPass logo

LastPass puts your password information on its servers but that database is protected by your password and keys only you and your computer have. This is a very safe combination in that if your account was hacked at LastPass in the cloud, the hackers would still not have the information they need to get in.  That would have to come from you. 

LastPass’s online storage enables you to access your passwords online from any location on any computerized device.  That makes it incredibly easy to use anywhere. 

LastPass has many features but one of my favorites is once it is installed and set up.  You are able to save passwords as you browse, and when you go to that site next time LastPass will autofill the login for you if you want it to, as long as you have first logged into LastPass. 

Another good thing in its favor is if you have three Gmail accounts, 12 Yahoo accounts, and any number of others, it will remember them individually and let you log in to the correct one with the correct password.

As with all applications available today there is the free standard version and also a premium version.  The premium version gives you other beneficial features but you know me.  In my opinion the freebie gives you everything most users need, so try it out. 

If you use this link (rd.dblclx.com/20vo3US) to sign up for LastPass you and I will both get to try out the premium version for a while.  That way we can both see if its is that much better. 

Free or Premium really does not matter, this app will let you be much more secure online.  It will allow you to create a variety of passwords (which LastPass can even create for you) so that you are not using the same password for everything.  Come on, you know you are doing that since we cannot possibly remember a bazillion of them. 

Let me know if/when you try it out.  Below you can see some of the items in my LastPass vault.

Ron's LastPass vault

March 31, 2015

What Should I Install?

I regularly receive questions concerning readers buying new computers.  They will usually ask what antivirus software they should install to keep everything protected.  I usually suggest one or two good antivirus applications.  Keep in mind I am only referencing Windows machines and, due to my frugal nature, free applications. 

Microsoft Windows logoIf you have a Windows 7 system, I recommend going to Microsoft.com and searching for "Microsoft Security Essentials."  Go to the download page, download it and install it.  It may already be on your new computer if the manufacturer made a deal with MS to preinstall it.  However, do not worry if it is, it will harm nothing to reinstall.

Windows Defender screenFor a Windows 8.1 (or 8 if you have not upgraded yet…which you should ASAP) you have "Windows Defender" already installed on your computer.  It comes automatically with all versions of W8.  It is an upgraded version of "Security Essentials" for W8.  These are both good antivirus apps and really all you need unless you go to disreputable places that may possibly be able to defeat them.  They are good in that they will be updated with Windows Update so you do not have to do anything additional to get them updated as you do with all other third party apps. 

Avast! logoSome people do not trust MS and want another antivirus software so I recommend, "Avast!"  If you choose to install Avast go to, "Avast.com" only.  The reason is, if you search for it online you may be directed to a disreputable site.  It may be listed as a free download but you may be getting something that could harm your system. 

One other major application I would install on all computers today is Malwarebytes (download the free version at Malwarebytes.org).  I mentioned it toward the end of last year but many people have asked about it, so I feel I need to remind you. 

Malwarebytes logoI personally had not installed Malwarebytes on my computer figuring my antivirus software took care of everything.  A year or more ago I noticed my system running slower than it should be and I found a toolbar installed on Internet Explorer I had not installed.  I had not noticed it before since I do not regularly use MSIE as my browser so I had no idea how long it was on my computer.  Anytime you have a toolbar on your browser that you know nothing about is not a good sign.  It most likely means that you have some malware running and you need to remove it…now!  So I knew my computer had been had. 

Malware is software inserted when you download something, either intentionally or not, that is designed to do damage or some sort to your system.  It can totally or partially disable your computer.

The first time you run Malwarebytes you may get tens to hundreds of files recognized.  Delete them all!  I would encourage you to run it on some sort of regular schedule.  A weekly, monthly or quarterly time frame is good depending on how much you are online.

I almost guarantee if you install and run this on your old computer you will find many malware items present.  

What Should I Install?

I regularly receive questions concerning readers buying new computers.  They will usually ask what antivirus software they should install to keep everything protected.  I usually suggest one or two good antivirus applications.  Keep in mind I am only referencing Windows machines and, due to my frugal nature, free applications. 

imageIf you have a Windows 7 system, I recommend going to Microsoft.com and searching for "Microsoft Security Essentials."  Go to the download page, download it and install it.  It may already be on your new computer if the manufacturer made a deal with MS to preinstall it.  However, do not worry if it is, it will harm nothing to reinstall.

Picture of Windows DefenderFor a Windows 8.1 (or 8 if you have not upgraded yet…which you should ASAP) you have "Windows Defender" already installed on your computer.  It comes automatically with all versions of W8.  It is an upgraded version of "Security Essentials" for W8.  These are both good antivirus apps and really all you need unless you go to disreputable places that may possibly be able to defeat them.  They are good in that they will be updated with Windows Update so you do not have to do anything additional to get them updated as you do with all other third party apps. 

imageSome people do not trust MS and want another antivirus software so I recommend, "Avast!"  If you choose to install Avast go to, "avast.com" only.  The reason is, if you search for it online you may be directed to a disreputable site.  It may be listed as a free download but you may be getting something that could harm your system. 

One other major application I would install on all computers today is Malwarebytes (download the free version at malwarebytes.org).  I mentioned it toward the end of last year but many people have asked about it, so I feel I need to remind you. 

imageI personally had not installed Malwarebytes on my computer figuring my antivirus software took care of everything.  A year or more ago I noticed my system running slower than it should be and I found a toolbar installed on Internet Explorer I had not installed.  I had not noticed it before since I do not regularly use MSIE as my browser so I had no idea how long it was on my computer.  Anytime you have a toolbar on your browser that you know nothing about is not a good sign.  It most likely means that you have some malware running and you need to remove it…now!  So I knew my computer had been had. 

Malware is software inserted when you download something, either intentionally or not, that is designed to do damage or some sort to your system.  It can totally or partially disable your computer.

The first time you run Malwarebytes you may get tens to hundreds of files recognized.  Delete them all!  I would encourage you to run it on some sort of regular schedule.  A weekly, monthly or quarterly time frame is good depending on how much you are online.

I almost guarantee if you install and run this on your old computer you will find many malware items present.  

July 21, 2014

2014-07-21 WSVA Show Notes

Tech News
Russian hackers placed ‘digital bomb’ in Nasdaq
CNN Money – Russian hackers managed to slip a "digital bomb" into the Nasdaq — one with the potential to sabotage the stock market’s computers and wreak havoc on the U.S. economy.

That’s according to an investigative report by Bloomberg Businessweek, which revealed the details of a 2010 cybergrenade that never detonated.


European Cell phone usage
How does the per capita rates of cell phone users compare across the world.  (Depending on where you look you will see different numbers, so this is another approximation.)


Edward Snowden Meets with Hackers
Edward Snowden made an impassioned call on Saturday for hackers and technologists to help would-be whistleblowers spill more government secrets.

Speaking via remote Google Hangouts video feed from Russia, Snowden addressed his comments to an audience at this weekend’s Hackers on Planet Earth (HOPE) conference at the Pennsylvania Hotel in New York


Ron’s Android App Recommendation
(This app can be found on Google Play from your Android phone,
tablet or viewed on your PC from the link below.)
Get Pocket (formerly known as Read It Later)

Get Pocket LogoPut articles, videos or pretty much anything into Pocket. Save directly from your browser or from apps like Twitter, Flipboard, Pulse and Zite. If it’s in Pocket, it’s on your phone, tablet or computer. You don’t even need an Internet connection. Basically you can create your own informational magazine. Then go back to the phone/table app or log into GetPocket.com from any computer.

Pocket apps are out there for every smart phone made today. Go to your store and download it for free.


Rainy Mood RainyMood.com
Since I had a lot of feedback from people regarding coffitivity.com from the last show, I figured you would like Rainy Mood too.

Instead of office murmur how about a gentle rain storm for a nice background sound?


Math Way mathway.com
Having trouble with math? Apparantly this site can solve any sort of math problem you have. Calculus, Statistics, Pre-Algebra, Algebra and even plan old Basic Math.

There are even some Practice questions for up to the 8th grade.


Until next time have a great time online but most importatnly everywhere else too!

August 20, 2013

Android Factory Reset

Last time we talked about what to do if you could not remember your Android phone’s passcode or pattern.  An email this week stated, "OK, I don’t really use Gmail for much and never log into it."  They then went on to explain that they could not provide adequate information to Google to get their password for a Gmail reset. 

Keep in mind that if you cannot get into email it affects all of your Google account information, from your phone, contacts, Google blogs, etc.  So this is the ultimate "fix" in several ways.

Here are the desperation moves when you cannot in any way gain access to your Android phone.  Hold tight!

First you need to set up a new Google account on your computer.  You can also do this as one of the last steps in resetting your phone but it is easier to complete first online.  Go to Gmail.com and click the upper right link that says, "Create a new account."  Finish it all up and move on to your phone; however, do not forget to add your cell phone number in the security section, see last week for more detail.

Turn off your Android phone (it does not matter that it is still locked).  Do not just put it to sleep but cut it off by holding the power button down for 30 seconds or so.  Depending on the age, version of the OS, and manufacturer it will either ask if you want to turn the power off or it may just shutdown.

Next, and PLEASE listen to this part!  The following steps will wipe out your phone, i.e., all of your email, your apps, your high scores on games, your vacation pictures, etc.  So this is a desperation move ONLY.  You could also use it if you are going to give your phone to someone else and want to get all of your info off of it.  This will not reset the SD Card in the phone.  I would recommend you remove that and reformat it too; however, you may have pictures on it that you can get later.  This depends on your phone and how it was set up.

These following steps will vary by manufacturer so I suggest you contact your phone provider, tell them what has happened and ask how to perform a "Hard Factory Reset" via your phone’s buttons. 

Here is the standard way to "boot" your phone this way.  Hold down the Volume Up and Power buttons simultaneously.  After a few minutes or so your phone’s logo screen will display. (Again your manufacturer will have details for your phone so this is generic).  When it does, release the power button but continue holding the Volume button until the Android System Recovery menu appears.

Android System Recovery Menu (yours may vary)Once at the Android System Recovery menu, select the “wipe data/factory reset” option using the volume keys to move up and down them.  Once it is selected press the power button to start the "wipe."  You will get a confirmation screen.  Choose "Yes" and proceed to strip your phone of all but the essentials which allow it to work.

Reboot System Now screenAfter a few seconds it will finish and you will be presented with the Android System Recovery menu. Again this time choose, "Reboot System Now."

You phone will now reboot back into normal mode and be set up the same way it was when you purchased it and took it out of the box.  Set it up with your new Gmail account which was created earlier and you are on your way again. 

March 5, 2013

What are Those Hard to Read Characters for Anyway?

I receive questions about those goofy, hard to read letters which are found on many websites from time-to-time.  They are known as “Captchas.”  Yes, a nonsensical word, unless you are a geek. It actually stands for the word, “capture.”  Now that you just repeated them both in your mind, you are nodding – you get it!

imageWhen captchas first started out you usually found one “word” which you had to retype in a text box in order to proceed to the next step on a site.  I use the word “word” loosely since when the captcha craze first started out it was a combination of letters and usually did not spell an actual word.  Today they have advanced to multiple words or letter/number combos like “ck1U8iuX7” and appear slanted or wavy.

At first it was easy, but then with the addition of numbers, caps and slants things became a little more difficult.  Was that a numeral one (1) or the lowercase letter “l?” Is that a twisted capital “X” or lowercase?  So, to help out with that they added a reload button, which is basically one curved arrow chasing another.  If you clicked that button it would give you another word, sometimes to your advantage and sometimes not.

Later it was decided to add another button to “speak” the word.  The icon is usually represented by a small speaker for you to click.  I have tried these on occasion and I just LOL (Laugh-Out-Loud, for you non texting folks).  I cannot understand anything.  To me it sounds like static with a voice lightly speaking in the background; worthless.

OK, now you understand what they are but you still need to know the why of captcha.

Captchas were created to keep internet robots (sometimes called net-bots) from signing up for accounts on websites.  Basically I could offer the first one hundred people who join my website a free copy of my book (example only – I have no book).  A net-bot could immediately log onto my site and register hundreds of fake users in a matter of seconds; thereby, locking out real humans.

The captcha process is called a “challenge-response test.” This basically means that in order to make sure you are a real human it gives you a test that a computer cannot pass.  As we can see from above the “challenge” to you is to decipher the words you see in the graphic box and the “response” is for you to reenter that pattern of characters into a textbox.  If you pass the test you go to the next step, if not you can try another set of characters until you get it correct.

I use a captcha program called, “reCAPTCHA” which is owned by Google.  Google states that they are displaying over 100 million captchas every day with this service.

Captchas are a pain but it is all about internet security, so embrace it.

To try it out and see if you can pass the test by going to DoubleClicks.info and click the “Contact Ron” link in the upper left of the page under “Pages.”  If you want to LOL hit the speaker and hear the hint.  And for another reCaptcha try this one.


February 18, 2013

2013-02-18 WSVA Show Notes

Another day of fun in technology with Jim Britt and myself.  Today we hit a bunch of great topics, programs and apps.  Help in traffic, speed traps, the Federal Reserve site getting hacked and more…even the end of life as we know it.  To find out all of the exciting news (well, OK, fun too) check out the podcast from today.

Tech News
Hackers access Federal Reserve website
The Federal Reserve has acknowledged that an outside party gained access to its website and a limited amount of data, raising questions about the central bank’s cyber-security measures.

"The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product," a Federal Reserve spokesman said in a statement.

"The exposure was fixed shortly after discovery and is no longer an issue," the spokesman said. "This incident did not affect critical operations of the Federal Reserve System."


Microsoft’s SkyDrive now stores 1B documents
Computerworld – Microsoft’s SkyDrive cloud storage service now has one billion Office documents stored in it, the company announced today.

While a billion may seem like a lot, the most popular consumer cloud storage service, Dropbox, has more than 100,000,000 users. According to the company’s information site, users save one billion files to Dropbox every 24 hours.


Windows 8 ekes out 2.2 percent market share
Windows 8 may not be setting the PC landscape on fire, but at least it’s heating up some gains in market share.

The latest flavor of Windows scored a market share of 2.26 percent in January, as recorded by Web tracker Net Applications. That showed a slow but steady rise from 1.72 percent in December and 1.09 percent in November.

  1. Windows 7 – 44.4%
  2. Windows XP – 39.5%
  3. Vista – 5.24%
  4. Windows 8 – 2.26%
  5. Mac OS X 10.6 – 2%
  6. Mac OS X 10.7 – 1.96%

Police Drone
Do you live in a drone zone?
What’s that buzzing through the sky? It’s a bird! It’s a plane! It’s… a drone aircraft? If you live in one of 81 cities across the US, you might be seeing drone aircraft flying overhead much more before long. The FAA has just released an updated version of the drone application list, as requested under a Freedom of Information Act action from the EFF. Is your hometown on it?


 
Ron’s Android App Recommendation
(This app can be found on Google Play from your Android phone,
tablet or viewed on your PC from the link below.)
Waze logo Waze

Waze is a fun, community-based traffic & navigation app, 30 million strong. Join forces with other drivers nearby to outsmart traffic, save time & gas money, and improve everyone’s daily commute.

With community-generated real-time traffic, you’ll always get the best route to your destination. By simply driving around with Waze open, you’re already contributing tons real-time traffic & road info to your local driving community. You can also actively report accidents, hazards, police and other events you see on the road, and get road alerts coming up on your route too. Find the cheapest gas station along your route with community-shared gas prices.


 
Ron’s Firefox Suggestions
(You can find this Firefox addon and all the others at addons.mozilla.org
or by click the orange Firefox tab, then "add-ons"
or finally if you use the menu toolbar choose Tools/Add-ons.)
EPUBReader

For all of you ePub book readers out there you can now put your book on your PC and use EPUBReader to read it in Firefox. It will link your books marks between Firefox on different PC (if you sync them). However, it will not lync them to your eBook reader.

With EPUBReader you can read ePub files just in Firefox. No additional software needed!


Have a great day surfing the net, downloading new addons for Firefox and trying out Wave on your Smart Phones. See you next time and do not forget to visit DoubleClicks.info and WSVAOnline.com for more info and good information.

Thanks!

Ron

October 9, 2012

Two-Factor Authentication

I have a feeling if you have not already heard about two-factor authentication you will hear a lot shortly. TFA is also referred to as "two-step verification" so you may see them used interchangeably. 

Two-factor authentication is another advance in security for protecting you on the internet.  Some bank and other online apps including Google, DropBox, PayPal and many others are using or starting to use this security feature.

My first introduction to TFA was through PayPal several years ago.  It involved getting a free credit card-sized device or a security fob which would fit on your keychain. 

The security device was linked with your online account.  When you logged into PayPal to purchase something you had to enter a short, I believe six-digit, random code into a textbox on the site.  To get a randomly generated code number you used the card/fob.  When you logged into the site you entered your username, password and were then asked to enter your code.  You had to push a button on the device in your hand and it would generate that random code.  Once you entered that code into the website and it matched the code generated in the background on the site, you were in.  If they didn’t match you would get several more tries. Then you would be locked out.  You had to go through a bit of a hassle to get it all verified again or wait a specified amount of time before you could try again.

Unfortunately, my card wore out.  They would send you another for a slight fee.  I opted out of the extra verification.  I did not want to pay a fee for a device that did not survive the ride in my wallet for six-months before dying. 

Today things have changed.  This past summer Dropbox (dropbox.com or bit.ly/use-DropBox for extra storage for both you and me) started using TFA.  Their features are very similar to the large majority available today.  So let us look at how Dropbox works.

imageLog into your DropBox account using your email address and password as you normally would.  Next, go to Settings/Security and scroll down to "Two-step verification." It will indicate that it is disabled.  Now click "change."  You will be asked if you wish to use text-messaging or a mobile app.  With text-messaging the code will be sent to your phone via text.  If you have to pay for texting choose the other and you can download an app to your smart phone which will generate the code for you, just like the card from PayPal I mentioned earlier.

imageI always make the text-messaging choice.  You run through a verification entering your phone number, a test-text and you are set up.  Next time you log into your account you will use your username, password and get a text box to fill in with your code.  The code will be sent to your phone in about five seconds after you click the send button.

With DropBox as well as some others you can click "remember this computer" and it will put a cookie on your computer.  Then you will not be asked to verify your login with the code on that computer alone.

I like this process and usually forget about it until I try to log on to a site and get the buzz from my phone.  Good luck!  Let me know if you try any or are already using some two-step verification processes.

Older Posts »

Powered by WordPress

%d bloggers like this: