A+ R A-

The Tech Report

Tech Talk With Greg Bailey

E-mail Print PDF

Earlier this week, one of my online accounts was compromised. I still have no idea how it happened, or if there’s anything I could have done to prevent it. While there probably was some way I could have kept the account more secure, the only surefire, no-fail way to keep Internet accounts safe is to not have any accounts at all. The only way to make absolutely sure your computer is never infected with malware is to never connect to the Internet. That being said, this article will talk about what to do when the worst happens: when someone has gained access to your account. When the account is first compromised; it is rarely obvious.

More often than not you might not even realize it immediately. You might start noticing some suspicious activity on the account, or a friend might tell you that the account has been in use while you weren’t on it. Slowly, the confusion from the odd situation involving your account becomes fear when you realize just what’s going on. Once you know the account has been taken over, the first thing to do is take just a moment to calm down. The next few minutes could potentially be very important, especially if you happen to catch the intrusion swiftly. Take the time to collect yourself... but don’t take too long.

Do not waste any time at all in taking action. This seems at odds with the first step, but there is a difference between spending time calming tense nerves that could cause mistakes and spending time doing something that can wait until later. The next hour could make a huge difference, and you should be focused on limiting damage to the compromised account.

The steps you take to recover your account depend on a few things. First, can you still logon to the account, even though it has been compromised? If so, you should change the password immediately. Make sure the new password is very strong, use random numbers and letters.

If you cannot log-in to the account, the password has most likely been changed already. In this situation, the next step is to recover your password. Go to the log-in screen and find the “Forgot Password” option. The website should send your password to the e-mail associated with the account (check your spam folder if you don’t see it in your inbox). The processes for each website differ, but as long as the e-mail used with account hasn’t also been compromised, this should let you log-in to the account, where you can change the password.

If you don’t get the e-mail from the website after using the Forgot Password option, then it is possible that they have changed the e-mail address to one of their e-mail accounts (most websites will send the old e-mail a message when this happens, so keep an eye on your inbox). In this case, there is nothing you can immediately do to get control of your account back. Contact the people in charge of the website, and notify them of the situation.

The website most likely has a set procedure for compromised account recovery, find it in their help section and follow it. Be prepared to give information on the account that only the original owner should know.

Once you’ve either regained control of the account or are waiting to hear back from the website, there are a few other steps to take.

You should quickly notify friends and family that you are not in control of the account. The compromised account may be used to scam people you know; they should be put on guard until you have the account back.

After you’ve done this, there are a few simple things you can do to tighten the security on your computer. Make sure your web browser has been fully updated, since an older version could have vulnerabilities that have since been fixed. Run whatever antivirus software you have, you may have picked up malware recently and not known it.

Keep in mind that while it’s possible that your account information was phished or obtained through malware, it is also possible that it was just guessed through a brute force method. Methods like that are why it is crucial to have strong passwords; the stronger the password, the weaker such an attack is in comparison.

But remember, there is no way to reduce the chances of being compromised to nothing, so if it does happen just keep a cool head and act effectively and efficiently.

This article is the tenth in a series devoted to Internet security, and learning how to keep you and your information safe. Any questions, requests for clarifications, or comments can be sent to gregbailey9@gmail.com.

Tech Talk With Greg Bailey

E-mail Print PDF

Last week I touched on spam; now I’m going to talk about it with a little more depth. Or, to be specific, how to deal with spam. Spam can be better described as junk e-mail. It is sent out by trillions world-wide every year, and is the vast majority of email sent. If you have an e-mail address, you have gotten spam at some point. It is almost impossible to make an e-mail address completely free from receiving spam, but there are definitely steps you can take to minimize the amount of unwanted emails you get.

Spam is pretty easy to recognize. Once you have gotten enough spam, it is simple enough to see that it is spam just from looking at the subject line. I’d provide a list of the more common words, but several of them are inappropriate at best. Look for subject lines involving people trying to sell you something, or trying to get you to watch a video, things like that. Most spam is annoying rather than actively malicious, but should still be properly taken care of.

Most importantly, some spam will have a link to unsubscribe, something along the lines of “If you do not wish to receive any more e-mail from this address, please click here”.

A reasonable (and completely wrong) thought is that clicking on the link will cause you to get less spam. In fact, clicking on that link can make you a target for even more spam. Here’s what clicking on that link does. First, the sender of that spam knows that the e-mail account is an active one; its owner checks it regularly.

Second, the sender knows that you read your e-mails, even if they are spam. Third, the sender knows that you are willing to click links in spam messages. These three things make up one very easy conclusion: send this e-mail address more spam.

Spam wants to be seen, read, and clicked on, and trying to communicate that you don’t want more spam means that you fulfill all three requirements.

The correct response to spam is no response. Do not reply to the spam.

Do not click any link in the message, even if it says you will stop getting spam if you do. Do not even open the message if it is obvious spam. Instead, it should be marked or reported as spam through your e-mail client and then deleted.

A quick word on the spam folder your e-mail client most likely has: most e-mails in it are there for a reason.

Most e-mails. Occasionally an e-mail you are expecting or an unexpected important e-mail will be relegated to the spam folder by mistake.

For this reason, you should make a habit of browsing your spam folder on occasion. You don’t have to open the e-mails, just make sure that there isn’t anything important accidentally lost in the folder. If this isn’t done regularly, it should at least be done before emptying the folder.

If you are very active on the Internet and regularly use your e-mail address for different services, it would be a very good idea to set up a second e-mail account. Whenever a website or a stranger requests an email address, you can give them your second e-mail account. Whenever a friend or someone you know requests an e-mail address, you can give them your main e-mail account.

Your second e-mail account should receive the bulk of the spam you get, keeping your main e-mail account’s inbox much cleaner.

This article is the ninth in a series devoted to Internet security, and learning how to keep you and your information safe.

Any questions, requests for clarifications, or comments can be sent to gregbailey9@gmail.com.

Tech Talk With Greg Bailey

E-mail Print PDF

Last week I talked about how to minimize risk when using a public computer. Now I’m going to be talking about a very similar situation:

using a portal computer to connect to a public wireless Internet connection, or Wi-Fi. In recent years, more and more establishments have adopted a standard of free Wi- Fi. Bookstores, libraries, even many McDonald’s restaurants have begun to offer customers free Wi-Fi.

Riverside itself even provides free Wi-Fi throughout the city! However, coffee shops and other similar businesses remain the main source of Wi- Fi locations.

A mistake many people make is to assume that these places provide free security as well as free Wi-Fi. This is not always the case; instead assume that a free wireless connection is just that: a free connection and nothing else, with no added security.

That being said, it follows that you shouldn’t do anything financial or equally sensitive on a public connection.

Even if the website you were using uses “https” instead of the less secure “http”, it can still be dangerous. That kind of activity should be reserved for your personal computer and connection at home.

An easy thing you can do is activate your computer’s firewall, if it isn’t already on. To do this, simply go into the Control Panel and find “Windows Firewall” (if you only see categories, switch to “Classic View”). After you click it, simply select the On option to start the firewall.

The firewall won’t automatically protect you from any malicious attacks, but it is always a good idea to have it on. Unless there is a specific reason for turning it off, it’s a good idea to keep it on at all times, not just when using a public Internet connection.

Something else you should do is disable file and printer sharing. Any folders you might have marked as shared across a home network could be accessible by anyone on the same public wireless connection.

To disable this option, find your Network Connections page (if it isn’t in the icons on the bottom right in your task bar, go into the Control Panel, and click on Network Connections). From there, right click on the wireless connection you are using and click on Properties. Look for the option “File and Printer Sharing for Microsoft Windows” and disable it. One thing to consider is physical security, by which I mean keeping an eye on your laptop! This is another problem that you shouldn’t have with a home computer, but comes into play when you bring a portable computer out into the world. Aside from your laptop simply being stolen; it is possible for someone to gain information from your laptop if they can get to it. The Internet browser Firefox for example has all of its stored passwords available to check by just a few keystrokes! A stranger could easily walk up to your laptop with a pen and paper, make a few clicks and keystrokes, and be writing down user names and passwords, all within twenty seconds. If for any reason at all you need to turn your back on a laptop, before you do so quickly hold down the Windows key and hit L. This will automatically send your computer into standby mode, requiring that a user reenter their password to get back into the account (and there should be a password attached to your account, even if you are the only one who uses the computer).

And one final note: when you are done with the wireless connection you should leave it the same way you connected to it. There’s no reason to stay on an unsecured network any longer than you have to.

This article is the seventh in a series devoted to Internet security, and learning how to keep you and your information safe. Any questions, requests for clarifications, or comments can be sent to greg@bpcmediaworks.com.

Greg Bailey is a Computer Science major at UCR Bourns College of Engineering

Tech Talk With Greg Bailey

E-mail Print PDF

About a month ago, gaming company Blizzard proposed the following change to their online forums: any post made by a user account would not use a character name, but a user’s real name. Now you need to know that on these gaming forums most people have used character names for years as they interacted with other users from around the world. As a result, this change was not taken lightly.

In other words, if I were to make a post on a forum with that system, the name of the poster wouldn’t be a character or account name, it would just be “Greg Bailey.” The idea was quickly reversed because of a fierce outcry from the community... but this attempt was still very relevant, not only for gamers, but for anyone who uses the Internet. Attaching a real name to an online identity makes it much less challenging to track down your real world identity.

It is very easy to find personal information using the Internet.

As with many other aspects of computing, the public has the misconception that to get information on a person something dramatic like hacking government computers is required. This is not the case, there are search engines that can find out any basic information on a person with simply a first and last name.

If you have more than that, like a state, it becomes that much easier. These engines can find personal information through various ways, but the easiest way by far to get personal details about a person’s life is by checking their Facebook page.

The Internet is a much more social place than it was fifteen, ten, or even five years ago. Hardly anyone had heard of giants like Facebook or Youtube five years ago, but both sites went through dramatic growth to become the powerhouses they are today. Today, people regularly upload information about themselves that they certainly would not have before sites like these existed.

When you post something online, it is not automatically encased in an impenetrable bubble that only people you know can access. It is very possible for a complete stranger to see what you post on sites like Facebook. If you post information that you would like to keep private, ensure that privacy settings on your account are set so that random people on the Internet cannot see your posts, friends, or other information you may not want to be made public.

Here is a very good ground rule for social networking sites: only post things you wouldn’t care about a stranger finding out. If you want to talk about something more private with a select group of friends, there are better places to do that than a social networking site.

Also, and this has just as much to do with common sense as security, avoid posts that you would not want to be tracked back to yourself in the real world. The Internet is full of horror stories regarding people who have posted something along the lines of “I hate my job/boss,” only to realize that they had added said boss as a friend whom could now read that post. There is no end to the embarrassment and awkwardness that could be avoided by simply taking a moment to consider if making a post is a good idea or not.

In addition to making sure your privacy settings are set up properly, another very easy thing you can do to keep yourself more secure is not automatically accept friend requests. If you receive a friend request from someone you do not know and cannot remember ever meeting or talking with, don’t accept the request just because they went to the same high school as you did. In addition, make sure you actually know the people who are already on your friends list.

Social networking sites are a great way to stay in contact with friends you might not be able to interact with otherwise. Just make sure that you’re keeping your privacy intact.

This article is the fourth in a series devoted to Internet security, and leaning how to keep you and your information safe.

Any questions, requests for clarifications, or comments can be sent to greg@bpcmediaworks.com

Greg Bailey is a Computer Science major at UCR Bourns College of Engineering

Tech Talk With Greg Bailey

E-mail Print PDF

This article is going to focus on a very specific element of Internet security: password strength. For almost any online service that uses an account, there are going to be at least two pieces of information attached to it, your user name and your password.

Your e-mail may also be associated with the account, and some services will have additional safeguards when it comes to protecting your account, such as a security question. But, for the most part, keeping your password secret is vital to ensure your account’s security. Given this, it is very important to make sure that you have a strong password.

But what do I mean by a “strong” password? A password’s strength is based on how hard it would be for someone to figure out or guess. Most people would say that their password is hard or even impossible to guess, but for a shocking number of computer users this isn’t the case.

Let’s look at some passwords, and why they are strong or weak. First, let’s look at passwords like, “Password”, “12345”, and “happy”. This is very important...

DO NOT make your password “password”. Just don’t do it. For the second example, “12345,” a password of all numbers is also not a good idea... but a password of all consecutive numbers starting from 1 is a horrible idea. “Happy” is a weak password, though not as weak as the other two. Simple dictionary words like this are easily crackable. Your password should not be a word found in any dictionary, or a pure number. On top of that, your password shouldn’t be something that names a place or thing.

Using the name of a loved one or a good friend can be an even worse problem. The reason that a password like this doesn’t work is that your family members and friends are likely known by your other acquaintances. This means someone you know could possibly guess that person’s name and therefore has your password. It’s even possible that a complete stranger could look at a social page you own, like your Facebook page, and glean your password from your posts. Your password should never be something that you might say or type in conversation with someone else.

A good password would be something like, “atc39mn2s”.

This password might seem like a random string of gibberish... and it is! Passwords like this are what you should be aiming for; they are incredibly hard to crack compared to simpler passwords.

“Brute force” methods of guessing large amounts of common passwords will be ineffective, and there’s no way someone could figure out a random string of numbers and letters from a Facebook page. While this type of password is more difficult to remember than others, it is by far the best!

I’ll leave you with a few quick tips for keeping your password secure:

1. Try not to use the same password for everything you do. If you use the same password for multiple accounts, if even one account is compromised, so are the rest.

2. When it comes to password strength, more characters is always better. There is no need to be extreme and make your password the length of a sentence, but a fourteen character password is much more secure than a six character password.

3. There is never a bad time to change your password.

Changing your password to something different on a regular basis can make your account that much safer. Just make sure you know how the account lets users change their password. Be weary of an e-mail that suggests a password change, especially if they send a website to go to along with the mail.

This article is the third in a series devoted to Internet security, and learning how to keep you and your information safe. Any questions, requests for clarifications, or comments can be sent to greg@bpcmediaworks.com

Greg Bailey is a Computer Science major at UCR Bourns College of Engineering

Page 7 of 18


BVN National News Wire