Arthur's Tech Advice

Friday, September 24, 2010

how to not get hacked

so I seems like at least 3 of my friends recently have gotten their facebook accounts hacked by the same spammer in the space of like a day... not sure why all at once but I thought I would create a quick online guide that may help my friends avoid it in the future. A lot of these things are common sense and many of them y’all may already know so please don’t take this as any sort of insult to your intelligence it’s just me trying to help (after all I do get paid to know this sort of stuff).

Get a really good password for online sites. A good password is at least 8 characters long and does not include words from the dictionary. It does include Capitol letters, numbers, lowercase letters, and if allowed symbols (like $%^&$). If your not sure if your password is secure or not check it here:http://www.microsoft.com/protect/yourself/password/checker.mspx Passwords that are just a word from the dictionary are really really easy to crack. An average home desktop computer can crack a password that is just a word from the dictionary in under a second.
Use different passwords for everything. This way if one account gets hacked you won’t lose everything else at the same time. It’s a common practice for hackers once they have gotten a username and password that works to try it at many other common sites (gmail, yahoo, facebook, myspace, popular banks, ebay, paypal, etc) to see if it will work there too. If you use the same username and password for everything then your screwed, big time.
Never click on a link your unsure about, seriously think of the internet as some old creepy guy that you wouldn’t trust even if he was the last person on earth. If for any reason you’re unsure about a site, link, or download, just don’t use it.
If a site tells you that you need a plugin or download to use the site a big red flag should pop up in your head. That’s a number one way scammers use get you to download viruses. For example: you get a pop up window that says that you have spyware on your computer, you click the link and it prompts you to download a program that will “scan” your computer. When you click this link it performs what looks like a scan and finds what looks like viruses but what’s actually happening is that is it’s downloading viruses to your computer and inviting all of it’s friends over for dinner. The best thing to do is if you need a plugin or software to run something on a site then go to a legitimate source and download it, if the site won’t tell you the name of the program you need than leave that site. For example if a site tells you that you need flashplayer, go to the adobe website yourself and download flasherplayer. If that site still doesn’t work then it’s probably a scam
Legitimate sites will never send you an email asking for personal info, your bank/paypal/ebay will never send an email that asks you to “sign in” to verify who you are after following a link in an email. If you have doubts than go to that site itself in a separate tab or window and log in that way
If you use a public computer for anything always clear all the personal data from the system after you are done. This can be done by clearing the cache and the history. Some public computers do this automatically, but enough of them don’t that its common practice for spammers to logon public computers and see what people have left themselves logged into (which is a lot believe it or not). The best practice is not to use public computers for anything personal…but it doesn’t always work out that way so just remember to clear your personal data.
NEVER visit Pornographic, or gambling sites. Seriously these sites are like the STDs of the internet and will infect your computer faster than cheap hooker. It’s just good sense not to go to them anyways for a bunch of other really good reasons, but at the very least do it for your computers sake.
If you want to download a program, (or music or movies or whatever) via the internet and you decide to use a torrent or other related peer to peer sharing program be very careful. While these programs are really useful for a lot of legitimate uses a lot of people still get their computers infected this way because they don’t know what they are doing. Whenever you download a file from a peer to peer network always always virus scan it first. Some sites like thepiratebay.org have comments about the file, read these and if any of them suggest that it might be a virus don’t download it. Just remember when you are using peer to peer networks nothing is regulated or inspected so use them at your own risk.
Have passwords on your home computers and if somebody wants to use it create a user with restricted access that they can use. This seems a little insane and untrusting but after having to clean porn and viruses off of my computers numerous times in the past that other people downloaded onto them I stand by this rule. Other people can create all sorts of security problems for you un-intentionally. Sometimes it’s just because they don’t know what they are doing and sometimes it’s because they are doing things they shouldn’t. Either way it’s a security risk that can’t be ignored. If they download a virus that steals passwords onto your computer you still get screwed by it even though you didn’t download it.

10. Finally always remember if anything seems too good to be true it probably is. A healthy dose of skepticism is the best antidote for protecting yourself from viruses and spammers on the internet.

Amendment 1.

so after seeing Alaska Gov. Sarah Palin's private Yahoo e-mail get hacked and reading the steps he did to do it, I thought I would add this amendment.

your security questions to reset your password should not be items that are easily google searchable. Palin got her account hacked because her security questions were her birthday, her zipcode and where did you meet your spouse. These apparently were all easily available online. If you create a security question make sure it's something really obscure that only you and maybe a close family member (to be honest mine are something even a close family member can't guess) can guess. Otherwise you might end up with all your email on somebody else's blog...

http://blog.wired.com/27bstroke6/2008/09/palin-e-mail-ha.html

Monday, January 26, 2009

Spam and Viruses

Hello this is your friendly neighborhood IT guy Arthur again for the monthly newsletter. As many of you may know I was down for quite a few weeks with infectious Mono. I blame my girlfriend, she had Mono several years ago and probably gave it to me but in reality I could have gotten it anywhere. She doesn’t like it when I tell people I could have gotten it “anywhere” after all Mono is the kissing disease . Since it seems that everyone around me has been sick recently I thought I would talk a little bit about computer viruses and how they work and how to avoid them.

First what is a computer virus? A computer virus is a program written with the intent to do harm to you or your computer. In the early days of computers viruses were often written as pranks by huge nerds, like me. For instance when I was in the 8^th grade I wrote a virus that whenever a computer would boot up it would display a huge smiley face and display the text, “don’t you think life is better without computers?” and then shutdown the computer. I put it on the computers in the school computer lab and got in a ton of trouble, my punishment was to fix all the computers in the lab.

These days computer viruses are a lot more dangerous. Most of the time they are created by the mafia or other criminal organizations often based out of countries like Russia, Ukraine, and Nigeria. Identity theft is often their main goal and it’s a profitable business for them. The way most computer viruses work is they infect your computer via a dangerous web page or a spam email message. Then they infect files on your computer and try and use your computer as what’s called a “zombie” mindlessly sending out spam and other malicious messages to try and infect other computers. Also there are viruses called Trojans named after the Trojan horse. These viruses are after you usernames and logins for popular sites and credit card number and bank routing numbers. The mobsters then use this information to charge up large amounts of money in your name.

What can you do to avoid viruses? Well first of all follow the steps I outlined in the last newletter about how to not get your account hacked. Also most of all don’t be stupid, It seems like simple advice but most of these scams are easy to see through. The prince of Nigeria is never going to give you any money and Bill Gates does not have email tracking software. You would be surprised how stupid people can be, a computer security expert once posted an ad as a test that read, “Is your PC virus-free? Get it infected here!” hundreds of people clicked on the link. These people were stupid don’t be like them.

A quick word about spam as well. I know many people have complained about spam in the department lately. Here’s a couple of really easy ways to avoid spam emails:

1. Don’t give out your main email address to just any website that asks for it. It seems like every website has a free signup that requires your email but often what happens is these sorts of sites just use the emails they harvest this way and sell them advertisers…for Viagra.

2. If you need to sign up for a bunch of stuff online get a free gmail account that you can use for this. When they ask for your email just give them the free gmail account instead of your main email, then if that email account starts getting too much spam you can just close it and make a new one.

3. Pay attention when you are filling out online forms, often there is a button that needs to be checked or unchecked to not receive the “newsletter” or “promotional material” that they want to send you. This will save you a lot of junk in your email box.

4. I know I’ve said this before but avoid going to Pornographic sites, because when you use your email to sign up for their “free trial” you basically asking for a ton of spam about Viagra, bigger boobs, and male enhancements. I mean if you put yourself in that sort of category you will receive those sorts of emails for the rest of your life.

5. Don’t pass on email forwards that you receive. I know the email with the video of the dancing monkeys is really really funny but please do not pass it on. Why? Because what spammers do is they often start emails like this to harvest email addresses. If you notice each time you forward the email a list of all the people that got it appears at the top of the email. This process repeats itself each time it gets forwarded until you have to scroll through 5 pages of email addresses just to get to the message. Then a spammer just waits for this message to get back to him and presto a whole bunch of emails for him to use. If you get forwards all the time from certain people, just email them and ask them to not include you in mass emails. It’s better for everyone.

Just these simple 5 steps can help you avoid getting spam and in the end help you avoid getting your computer infected with a virus and your identity stolen.

Monday, November 3, 2008

my hacking ideas

Extreme freestyle hacking brain storm list

---make a robot from my iphone or a robot that is controlled by my Iphone

---sms app for the servers I'm setting up... might be fun http://www.webmonkey.com/tutorial/Build_an_SMS_Notification_App

---make a hummer robot http://www.popsci.com/diy/article/2008-07/arduino-muscle-car?page=1

I need to think of something new to add to this so I'm not just repeating somebody else's work maybe hook it up with a motion sensor and a digital camera or camcorder so when it senses motion it takes a picture. Better yet give it an old camera phone and have it SMS or e-mail a picture of the intruder it detects with it's sensor.

---make an iphone app that can be used to do online voting and put hits on a youtube page: example everytime the ip address changes on the iphone (it does this whenever it transfers to a new cell tower) it automatically goes to the site and fills out the form/or watches the video this would beat ip filters that prevent you from voting multiple times from the same machine (they work by logging the ip address you vote from and only allowing one vote from that ip address

---make a video of breaking bathroom rules (singing kumbiah in the mens restroom)

---create a robot guardian for my house: when someone enters the house he issues warnings etc...and can be interacted with

---the prank I want to pull on Geoff (and make a video of it) so basically I get a webcam that's wireless (or not) and I get a usb missile launcher and hide it in geoffs room and watch it while I'm at work and wait till he comes in the room and thinks he's alone and then shoot the usb missile at him

---build a rocket launcher (like the one I built when I was a kid) maybe make some sort of guidance system or remote launching system maybe use a wii remote to guide it to the target or something like that

---the plumber and the princess part II

---build a image fulgurator http://www.juliusvonbismarck.com/fulgurator/doku.html

---make a home made GPS unit that I can install in my car and have a home made locater that will tell me from a web browser that I can access from online everywhere. basically it's a homemade lo-jack

---automate my house with home automation and use my iphone to control everything in my house (party button)

---I wonder if you could make a bar code scanning Application for either android or the Iphone??? that would be super useful or maybe make it for android

---use a phone (Iphone) to capture a keyless entry signal and then broadcast it with my phone....wow this has huge ramifications

--home made DVR that works off the internet

--put a touchscreen on my eeepc

http://jkkmobile.blogspot.com/2008/07/asus-eee-pc-900-with-touch-screen.html
http://cgi.ebay.com.au/Asus-8-9-Eee-PC-900-Touch-Screen-Panel-Kit-MOD-EeePC_W0QQitemZ310067891509QQihZ021QQcategoryZ3697QQssPageNameZWDVWQQrdZ1QQcmdZViewItem#MRLOCATE

Thursday, September 18, 2008

how not to get hacked

Get a really good password for online sites. A good password is at least 8 characters long and does not include words from the dictionary. It does include Capitol letters, numbers, lowercase letters, and if allowed symbols (like $%^&$). If your not sure if your password is secure or not check it here: http://www.microsoft.com/protect/yourself/password/checker.mspx Passwords that are just a word from the dictionary are really really easy to crack. An average home desktop computer can crack a password that is just a word from the dictionary in under a second.
Use different passwords for everything. This way if one account gets hacked you won’t lose everything else at the same time. It’s a common practice for hackers once they have gotten a username and password that works to try it at many other common sites (gmail, yahoo, facebook, myspace, popular banks, ebay, paypal, etc) to see if it will work there too. If you use the same username and password for everything then your screwed, big time.
Never click on a link your unsure about, seriously think of the internet as some old creepy guy that you wouldn’t trust even if he was the last person on earth. If for any reason you’re unsure about a site, link, or download, just don’t use it.
If a site tells you that you need a plugin or download to use the site a big red flag should pop up in your head. That’s a number one way scammers use get you to download viruses. For example: you get a pop up window that says that you have spyware on your computer, you click the link and it prompts you to download a program that will “scan” your computer. When you click this link it performs what looks like a scan and finds what looks like viruses but what’s actually happening is that is it’s downloading viruses to your computer and inviting all of it’s friends over for dinner. The best thing to do is if you need a plugin or software to run something on a site then go to a legitimate source and download it, if the site won’t tell you the name of the program you need than leave that site. For example if a site tells you that you need flashplayer, go to the adobe website yourself and download flasherplayer. If that site still doesn’t work then it’s probably a scam
Legitimate sites will never send you an email asking for personal info, your bank/paypal/ebay will never send an email that asks you to “sign in” to verify who you are after following a link in an email. If you have doubts than go to that site itself in a separate tab or window and log in that way
If you use a public computer for anything always clear all the personal data from the system after you are done. This can be done by clearing the cache and the history. Some public computers do this automatically, but enough of them don’t that its common practice for spammers to logon public computers and see what people have left themselves logged into (which is a lot believe it or not). The best practice is not to use public computers for anything personal…but it doesn’t always work out that way so just remember to clear your personal data.
NEVER visit Pornographic, or gambling sites. Seriously these sites are like the STDs of the internet and will infect your computer faster than cheap hooker. It’s just good sense not to go to them anyways for a bunch of other really good reasons, but at the very least do it for your computers sake.
If you want to download a program, (or music or movies or whatever) via the internet and you decide to use a torrent or other related peer to peer sharing program be very careful. While these programs are really useful for a lot of legitimate uses a lot of people still get their computers infected this way because they don’t know what they are doing. Whenever you download a file from a peer to peer network always always virus scan it first. Some sites like thepiratebay.org have comments about the file, read these and if any of them suggest that it might be a virus don’t download it. Just remember when you are using peer to peer networks nothing is regulated or inspected so use them at your own risk.
Have passwords on your home computers and if somebody wants to use it create a user with restricted access that they can use. This seems a little insane and untrusting but after having to clean porn and viruses off of my computers numerous times in the past that other people downloaded onto them I stand by this rule. Other people can create all sorts of security problems for you un-intentionally. Sometimes it’s just because they don’t know what they are doing and sometimes it’s because they are doing things they shouldn’t. Either way it’s a security risk that can’t be ignored. If they download a virus that steals passwords onto your computer you still get screwed by it even though you didn’t download it.