Monday, October 24, 2016

Protecting your data at rest


Data In Transit – Data At Rest

I recently received this question from a user:


Question,
Especially given the new anti-privacy laws. Is there a way to encrypt your data to avoid it getting sold to the highest bidder. I already have everything on Google drive, for the most part. It makes it easy since I have so many computers where I do my work and I travel a lot, which increases the likelihood that I lose a laptop or tablet.


Here's my response:

First of all, congratulations on being aware of these issues.

Protecting data at rest is not a matter of one or two simple responses: 


On your computer you may have financial and medical records, password lists, personal emails, and a decade of browsing history. While legitimate internet communication shouldn’t expose static data, your disc drive is a prime target of malware. You have installed “set and forget” technical protection in the form of antimalware software and think you’re protected. Modern operating systems are largely hardened already and user best practices are even more important. Once you click on a link, you’ve given whatever is attached to it permission to do whatever it might. Everyone who sits at the computer must develop the reflex to ask why are they opening an attachment or visiting a website and what are the risks?

Now you can trust that your data are safe once you turn off the computer and lock the door to your office. But that computer is a laptop sitting on the seat next to you on the train or in the coffee shop. Maybe your data aren’t even on the computer but conveniently shared and available “in the cloud.” Either way, some stranger may be able to walk by and pick it up from you.  

How do you protect this?

The answer is that your files should be encrypted whenever they are not in use. Unlike your HTTPS communications, this encryption is something that you must take responsibility for. It’s a nuisance, but it means every time you open a project or share a document you must use a password and appropriate procedures.

Fortunately this need not require entering a unique password constantly. Probably most of the files you handle daily don’t really need to be strongly protected against snooping. Most pictures and emails, even if they’re not public, may not represent a significant privacy or financial risk.

For what does need to be protected, files can be encrypted either individually or in bulk. Modern office suites offer an option to password protect a document as you save it. Compression utilities (“zip”) also can encrypt the files as they’re stored. Their encryption methods are now solid; unlike the password option in Microsoft Office 2003 (.doc files rather than the current .docx format) which could be opened without difficulty if you used another brand of editor.

For larger quantities of files you can use an encryption system like VeraCrypt to create an encrypted virtual disc or even to encrypt your entire computer. If you choose the virtual disc option; it creates a single file that, when you open it appears to the system like any other drive. When it’s closed the contents appear as total gibberish to anyone without the key. The encrypted file can be stored or transmitted without fear of loss of your data. While it can be stored in a shared cloud, it must be synchronized manually as most systems won’t recognize when it has been changed.

But you want universal access of your data in the cloud.
 
 Again, weigh the nuisance factor of file or folder encryption with the value of its contents. Most “name-brand” cloud providers probably offer reasonable security by requiring a sign-in to your account. Hopefully they also use encrypted transmission while it's in transit. The bigger risk is when you give a collaborator access to modify a document that is synchronized back to your computer. In that case, you have given someone permission to put any file they want on your computer without your intervention. This could represent the ultimate phishing attack if you’re not alert to it.

What if someone doesn't have to break in to see your data?

If you synchronized individual files, the cloud provider has your data and all the meta details associated with it. Unless you've encrypted the individual files with a password, they also have access to that content. Maybe their terms of service promise they won't actually read the files, how will they react if someone comes in claiming to be "with the government" and asks for your data? If their data center is in the same jurisdiction as you they have to satisfy a subpoena; and may respond to an unjustified request.

You can make your cloud storage secure from this loss by using the same practices you use for data on your own laptop. You would have to download and upload the files every time you use them to ensure the protection is always in force. Collaboration also would be problematic unless you were all working with the shared files in a homogeneous environment such as Microsoft Office365.

Hacked over Russian hackers?

OPINION

Are you upset that Russian hackers – possibly operating under the influence of, or even directed by, their government – got into the Democratic Party’s email system?

I’m not.

I’m upset that anyone was able to get into the system as easily as they did.

Any high interest operation such as a major election is going to attract the attention of hackers trying to break in for any of a multitude of reasons. Just as Willie Sutton is going to rob banks, political adversaries or those seeking financial gain will take any advantage they can against their opponents.

It is the responsibility of the people with valuable information to protect it themselves. Once an organization reaches a size, a level of notoriety or importance, or economic or political significance; they must take advantage of professional security experience. An individual who gets hacked may have some losses but won’t necessarily suffer serious economic or reputational disaster. A large business may be able to expend the resources to clean up after they’ve learned their lessons. But the entities in the middle, from a 10-person office to a national volunteer organization could be damaged beyond recovery.

What should a high profile organization like a political party do?

If I were consulting them, the first thing I’d do is sequester the devices and accounts from everyone with a recognizable name. Then I would issue them devices that are known free of any malware and without the most attacked apps. These would route all online activity through the office via VPN where it is protected from interception and filtered. Similarly, their email and messaging will go through a single system with advanced safeguards and appropriate passwords. Finally, social networking will all be posted by public relations personnel. Although there can be accounts in the principals’ names and they may submit posts; they will be vetted and edited, if necessary.

Finally, everyone will attend a class in protecting themselves against attacks from phishing to ransomware and all the online lures. This is because a slip of the finger by anyone from the top dog to the intern – and even the IT staff – can open the entire organization to an attack.

Browsers churn disc drives

A researcher discovered that browsers might churn disc drives - to the extent of writing gigabytes of redundant data per day.

Steve Gibson, using Sysinternals tools discovered that the Firefox web browser was rewriting a snapshot of its current contents to the default disc every 15 seconds. If you habitually leave your browser with many tabs open all the time, this could amount to a huge amount of data over the course of the day. Also, if you are leaving tabs open, it's writing the same data every time. (Gibson admits to keeping hundreds of tabs open.)

While writing unnecessary redundant data to the disc may have had a minor impact on overall computer performance a decade ago; this could seriously degrade the life of modern Solid State Drives.

All chip-based memory devices from a $5 flash drive to the industrial-grade system storage in servers can have information written to a given cell a only finite number of times before the reliability starts to deteriorate. Under normal use, the SSD that helps your laptop run cooler and have a longer battery life will probably outlive your desire for a faster computer or larger screen. But there is no need to put this extraordinary stress on the system and reduce its life by possibly as much as half.

SSDs are also appearing in higher-end consumer and business desktop computers or are being retrofitted by hobbyists. End-market devices marketed at a lower price point may be even more prone to early failure under this load. They might have a lower redundancy and not be able to survive as many write cycles as those sold for use in internet servers.

A similar issue of heavy disc usage also exists in Google's Chrome browser. Hopefully publicity will encourage the browser publishers to revise this procedure. Unfortunately, not being a security issue, it probably will not get a high priority for correction.

Gibson has determined a tweak to Firefox that allows the user to reduce the churn that is excerpted at http://bloghd.zaitech.com/extras/BrowsersChurnDisc.pdf. Or listen to the podcast at https://twit.tv/shows/security-now/episodes/582 (you can jump forward to about 1:05).


Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at http://zaitech.com/satellite/contacts.htm.
(cc) 2016- Bill Barnes - Disclaimer - Home Page - Blogs Home

Friday, September 23, 2016

How to steal an election

Please read my article on how difficult it is actually to significantly change the outcome of a major election.

Download it here: http://zaitech.com/downloads/HowToStealAnElection_pub-wm.pdf


Wednesday, September 7, 2016

Heat

A spinning hard drive (HDD) is often the greatest source of heat in your computer. My custom-built computer has five (5!) HDDs in the case. While one is a different model, they are all 1 TB drives with similar specs.

I happened to be running with the case open recently and touched one of the drives. It was HOT! After installing Crystal Disk Info (http://crystalmark.info/download/index-e.html), I discovered a couple of my HDDs had internal temperatures of 47° and 59°! (That’s 116°F and 138°F).

I moved one HDD to the empty DVD bay so that none would be sandwiched between two others. Then, with the case open, both showed running temperatures of 44° (111°F). Whether it was adjacent to another or completely in the open, both drives showed the same internal temperatures.

When I put the covers on the case, the temperatures came down another 6° to 38° (100°F). You may think having the case wide open to the air conditioned room would be good for component temperatures. Being enclosed allows the fans to pull outside air over the drives and other critical components, cooling them more efficiently.

While I was at it, I pulled out my wife’s computer which is almost 10 years old – and runs fine. However, when I opened the case the cavity and heat sink fins had an incredible amount of dust. I hit it with the compressor (I can’t afford enough canned air to keep my computers clean) and reconnected the computer after straightening out the spaghetti bowl of cables that built up under her desk.

Monday, September 5, 2016

A useful utility

How many keyboards and screens do you have on your desk?

Here's a utility (skip down) to help tame a tangle, but first, the history.

Many hobbyists, power users, and business people find it necessary to work on more than one computer at a time. Lots of people have multiple monitors, but this applies if you have a complete additional computer and monitor at your workstation.

I have long used a KVM (keyboard-video-mouse switch) to use two computers with a single set of desktop components. In the mid-1990s the keyboard would not reliably switch so I kept a second keyboard connected. Unfortunately, I often forgot to move to the alternate keyboard and would type a command to "computer A" that actually had a deleterious effect on "computer B".

I now have 3 monitors on my desk. My primary computer has dual screens and the third is connected to a secondary computer so I can continue to work while monitoring a process - or watching Netflix.

Start reading again ...

I used to use a KVM to control the secondary computer - ignoring the video component. Then I discovered a free utility from Microsoft Garage. This is a group that thinks up neat stuff and makes it work - at least sorta. But the powers decide it's not commercial or of broad interest and they abandon the project. But they make the program available - without any promises of support, updates, or even that it will function as described.

I'm using Microsoft's Mouse without Borders* to control my secondary computer. It allows the mouse and keyboard to move seamlessly across up to 4 computers, each with their own monitor. Move your mouse and instantly you're controlling a different computer. Slide back and you're on the original. Even the clipboard comes across more smoothly than it does for many remote control programs.

One of its quirks is that it doesn't reliably reconnect after a reboot. You still might need a KVM or extra keyboard for that twice a month that you have to reboot your computers.

LINKS 
Full links are offered so you can examine the URL to ensure there is no hidden misdirection.

Mouse without Borders: https://www.microsoft.com/en-us/download/details.aspx?id=35460 

Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at http://zaitech.com/satellite/contacts.htm.
(cc) 2016- Bill Barnes - Disclaimer - Home Page - Blogs Home

Friday, July 15, 2016

Planning for 2020

Windows 7? ... Windows 8.1? ... Windows 10?
Planning for 2020


Note: these comments may be irrelevant after July 29, 2016.

Are you like me? I'm very happy with Windows 7 which I've been using for 6-8 years and my computer is tweaked just like I like it. This custom-built computer has adequate power for now and is easily upgradable. But  Microsoft is definitely going to kill Win 7 in four years while I hope this computer will still be going strong. At that time, I'll have to upgrade to the newest version of Windows for which Microsoft may want to charge me $249 by then.

By July 29 - I should have started sooner - I will upgrade "this" computer to Windows 10 for free. Then I'll revert and go back to using Win7 until it can't walk any more. However, any time in the future I'll have a free Win10 license ready to run.

There are two ways I could do this "upgrade on new installation" or "upgrade, archive, and revert." I'll use the first method, "upgrade." If you have an OEM Windows without install or restore media, you may have to use the second, more complex method.

METHOD 1 - A clean install

My plan is to install Win7 on a new hard drive in this box and allow it to get upgraded. Since I'm no fan of dual boot - and am not sure I could dual boot the same DVD key - I'll disconnect my current C: drive and repeat the basic process I performed 2 years ago. Once Win 10 is installed, I'll take the new drive out and return to my running machine. Occasionally I'll swap back to Win10 to get updates and verify the installation.

Since this is a generic computer and I have a retail copy of Win7 on DVD, it shouldn't be significantly different from what would happen if I had a drive failure. At this writing, I have installed Win7 on a new drive, but am missing a few drivers. I'm looking into a utility to extract the running drivers from the running installation which happens to be on the same hardware. There's also the issue that a reinstallation of Win7 will require over 200 updates and can take a week to complete. There is a means to shortcut that problem by manually installing just a few updates.

METHOD 2 - Upgrade and revert

If you don't have your original distribution media or find it difficult to temporarily replace your primary boot drive, you will need to upgrade the way Microsoft expects most people to. This will require multiple backups, one or more large capacity external drives, and a lot of interactive patience.

Start with a complete data backup to reliable media. Don't forget any settings and customizations you've made to your applications and your password database. Also backup your email and account details and passwords if not included in your data folders. This protects your data in case something goes terribly wrong.

Then do a full system image of your Win7 boot drive. There are multiple programs that can do this; most of the ones with comprehensible interfaces you will need to pay for. This allows you to get back to where you started if the upgrade and revert processes fail.

Now allow the Win10 upgrade to install and use it for a while so it has a chance to stabilize. After you're comfortable that everything is working and no data or applications have been lost or corrupted, create an image of Windows 10.

Within 30 days of the upgrade you can revert back to your previous operating system. Theoretically you have a perpetual license to reinstall Win10 on this computer at any time in the future - even if you've made minor changes like adding memory or replacing a hard drive. I don't know how either process works or will work. If anything fails, you've still got your image backups to get back to where you started.


Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at http://zaitech.com/satellite/contacts.htm.
(cc) 2016- Bill Barnes - Disclaimer - Home Page - Blogs Home

Sunday, June 5, 2016

A second thought on upgrading to Windows 10

(1)

If you seriously want to get Windows 10 for free on your computer, you might want to get started by mid-July, 2016. When I went to upgrade my newest brand-name laptop from its factory-installed Win 8, I had to fight with it for several weeks. Here are things to consider:
  • If you are happily running Windows 7 or 8.1; consider keeping it. Microsoft will continue to support them for another 3-1/2 years and you won't have to worry about missing drivers or other quirks.
  • Will your computer take the upgrade smoothly? In my experience, what Microsoft considers "adequate" hardware has always been very optimistic. It was very happy to install Win10 on my netbook with 1 GB RAM and a 1 GHz Atom CPU. I am telling my clients they need a minimum of 4 GB RAM and a 64-bit multi-core CPU. (2)
  • Is your computer at all old or non-standard? Even if the hardware is capable, your manufacturer may not provide 64-bit or Win10-compatible drivers for components more than 2 or 3 years old. The same goes double for any non-factory components you've added or peripherals like printers or scanners.
  • Perform a full-system image backup to facilitate a roll-back should you have any problems. Even better, clone your hard drive to a new one and upgrade the disc that hasn't already got several years usage on it. Then your old drive is your backup.
  • Get the resources from Microsoft to install Win10 from a DVD or USB; even if you intend to allow the automatic upgrade. (3)
  • Verify you can boot from your external media. I found the Secure Boot feature of new computers would not allow me to do so. These two steps alone took me a week to complete.
  • Back up your data again. (4)
  • Finally say "OK" to the nag you've been getting for months. I recommend you choose the "download now, install later" option to ensure a clean, continuous download. The entire package is 3-6 GB.
Bill Barnes


Notes:
(1) Share these notes here: http://fromthehelpdesk.blogspot.com/2016/06/a-second-thought-on-upgrading-to.html
(2) Find this information in Control Panel > System. If you have 32-bit Win7, but a new computer; the app at https://www.grc.com/securable.htm will determine your CPU's capability.
(3) https://www.microsoft.com/en-us/software-download/windows10/.
(4) Naturally, I recommend you buy Carbonite backup software from me: http://goo.gl/CXqBsB.

Friday, May 27, 2016

Quotes without comment (Windows 10 edition)

Some stories that were recommended for me to read/view:

On Friday I received:

https://channel9.msdn.com/Shows/TechNet+Radio/TNR1655?wt.mc_id=DX_840368&MC=MSAzure&MC=CloudPlat&MC=Windows&MC=EntMobile&MC=SecSys


But on Thursday I had already gotten a link to:

https://www.thurrott.com/windows/windows-10/67367/upgradegate-microsofts-upgrade-deceptions-undermining-windows-10?NL=WIN-01&Issue=WIN-01_20160526_WIN-01_114&sfvc4enews=42&cl=article_2_2

(These screenshots are linked to the documents. Click on them for the “full” story.
Open links are below to verify source. For the safest surfing, read the destination [// domain.com/] and copy the link into your browser.)

Microsoft:
https://channel9.msdn.com/Shows/TechNet+Radio/TNR1655?wt.mc_id=DX_840368&MC=MSAzure&MC=CloudPlat&MC=Windows&MC=EntMobile&MC=SecSys

Thurrott:
https://www.thurrott.com/windows/windows-10/67367/upgradegate-microsofts-upgrade-deceptions-undermining-windows-10?NL=WIN-01&Issue=WIN-01_20160526_WIN-01_114&sfvc4enews=42&cl=article_2_2

Tuesday, May 10, 2016

Microsoft will not call you

Pardon the redundant warning ...

I hope this reminder falls in the same category as “buckle your seatbelt” and just reinforces the diligence you already take to treat every offer from a stranger with a grain of salt. My saying it now was inspired by a warning in a WindowsSecrets (1) that there is a current rash of this type of scam.

Microsoft will not call you offering to fix a problem you didn’t know you had. (Neither will Dell, Google, Facebook, the IRS, or anyone else.)

If you get an unsolicited call, email, or popup on your screen  referring to some critical issue that you must use their assistance to repair right now – it’s likely to be a scam!

  • Do not click anywhere inside a popup.
  • Do not install anything that you didn’t go looking for.
  • Do not ever give anyone you don’t know access to your computer or your money.

The exception to these rules might be if you can’t open any of your files and the only thing you can see is a message that you need to send some anonymous entity money – usually via Bitcoin. This is a ransomware infection and it is probably real! In this case, immediately unplug your computer and contact your computer professional. Most likely, you are toast. The only solution is to pay up or start over with your backup data. Also, unfortunately, if you delay or attempt to get around this on your own, you run the risk of even corrupting the good backups you do have.
(2)

Actually, some people may legitimately initiate the call such as to inquire or warn about an atypical credit card charge. If they ask you for privileged information such as an account or Social Security number, you are perfectly right to make them identify themselves. The best thing is to for them to be able to give you a piece of non-public information such as the first digits of a Social Security or credit card. For more ways to verify a caller, see the tips in "Should I Open This Email" (July 2012). If you independently have a contact number for them such as the support number on a the back of a credit card or 911 if they claim to be police; hang up and call them back. do not trust a callback number they give you.

Feel free to share this with all your friends and relatives who have a computer or telephone and use the internet.

-------------
(1)
Here’s the open link for WindowsSecrets, because you never click to go to unknown websites from a link you might not trust: http://windowssecrets.com/newsletter/better-localcloud-management-for-big-data-sets/

And a couple weeks later Windows Secrets alerts us to a "support" scam directed against Dell owners:
Support scam alert for Dell users: http://windowssecrets.com/field-notes/tech-support-scams-take-a-disturbing-turn/ (note: this is a 2-part article; scroll down past "Windows 10 ..." to read the report on the new scam). 
   
(2) Which is where I make my pitch for you to buy your Carbonite automatic, online backup service from me:
http://partners.carbonite.com/thetechnologyinterpreter


Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at http://zaitech.com/satellite/contacts.htm.
(cc) 2016- Bill Barnes - Disclaimer - Home Page - Blogs Home

Friday, April 29, 2016

Lost passwords

Lost WiFi passwords

Q. How can I find the WiFi password on my router?

If you know the login information to configure your router, just connect to it as an administrator and go to the Wireless > Security section.(1) The password should display there.

If you have a device that already connects to that router, you may be able to extract the password from it. Windows 7 (and XP) will display the plaintext password under Manage wireless networks in the Network and Sharing section. Some Android devices will also show the plaintext saved password.

If you’ve moved past Windows 7(2) (even as an upgrade), the password is not shown in the interface. It still is available as plaintext if you know where to look in the system. The easiest way to do that is with a utility; which I have recently done.

I usually document my research well, but can’t find exactly what I looked at or why this time. There may be a hint in my caveats, below(3). I thought my original impetus was an article in WindowsSecrets, but can’t find it now. You may be able to search for Key Finders on their site.

I did look at Magical Jelly Bean (https://www.magicaljellybean.com/wifi-password-revealer/) and NirSoft (http://nirsoft.net/password_recovery_tools.html) and eventually used a keyfinder program from Magical Jelly Bean to recover WiFi passwords on a Win10 computer. Both sites had been vetted and recommended … somewhere. A colleague frequently uses Magical Jelly Bean.

The program quickly displayed a list of almost 3 dozen sites I had connected to in the past with this computer with SSID, password, and some technical information. I captured it as a screenshot, blacked out my sites, and printed it to carry with my laptop. Yes, this exposes passwords for many friends and relatives to anyone who steals my bag. But there is no connection between my papers and my friends so all the thief can do is drive around the country looking for the SSID.

It is as important to protect your WiFi password as any other. You may not mind someone using your bandwidth, but anyone connected to your network (either WiFi or wired) could invade any computer on your system – and “computer” includes your phones, game devices, and connected appliances (like a thermostat or light controller) as well. Then any data or settings on them could be vulnerable to attack by stealing the data or malicious destruction. And one of those computers you don’t think of as such is more likely susceptible to becoming a gateway from the outside for bad guys to do even more harm.

---------

Notes and resources:

(1)     If you don't know the login for your router, you can return it to the default settings by pressing a recessed button with a pin. Then you must completely reconfigure all of your settings. Of course, if you don't know the login, you may have never changed the default settings. See my article for tips on critical settings to customize.

(2)     If you’ve got anything with Windows 7 (or XP) that connects with WiFi, you can display the password for each network directly in Windows. With Windows 7, find it at:
Control Panel\Network and Internet\Manage Wireless Networks – Get there from
Network and Sharing Center > Manage wireless networks (on left sidebar) > Security tab

(3)     As always, when researching and downloading non-commercial resources, ALWAYS be careful exactly where you click. (I sometimes use a sacrificial computer* to do my research and downloading.) I have a note with my saved passwords that this program tries to co-install a couple of unrelated programs that will return money to the publisher. For more information on using “free” software, see my post at http://TechnologyInterpreter.info (May 2016).

Creative Commons License. This work by Bill Barnes is licensed under a Creative Commons BY-NC-SA 3.0 US License. Permissions beyond the scope of this license may be available at http://zaitech.com/satellite/contacts.htm.
(cc) 2016- Bill Barnes - Disclaimer - Home Page - Blogs Home

Pages