Category: Steve Gibson

Several online retailers have weak password security!

Paul

Retailers makes it easy for hackers!

Dashlane releases their top 100 online Retailers and “The Illusion of Personal Data Security in E-Commerce” this makes it easier for the hackers to know the common passwords for sites.   Some of the retailers that are mentioned are:
  • Cafepress (affiliate link) — Although I have been a huge supporter for those really cool shirts and other personable merchandise.   They only require a 3 character password.  If your using a 3 character password, then you are just yelling to the hackers come get my credit card information and personal information!
  • Scholastic Inc — This one seem likes they allow this for kids, I just hope they don’t give out all that valuable information.   They two also only require a 3 character password for an account!
  • 1-800-flowers (1800flowers.com) — Only requrie a 1 character password, which means that you could use Q for your password and you’d be all set for someone to take your credit card information really quickly.

Those are only the few that I found that were really interesting.   I am calling out these retailers to make changes to their password lengths.  You can see the complete list of the 100 retailers with passwords length and various other data.   This link is thanks to Steve Gibson to see all the important stuff!

Password Length

I’ve talked about Lastpass in the past so I will not talk about it anymore.  I do recommend people use the maximum length you can have on sites that are really important to you.   This will prevent hackers from guessing real simple passwords.   Although you should have Higher, Lower, Numbers, and Special characters in your password to make password guessing even harder.  It is up to you to prevent your account from getting hacked or taken over.   No one can help you but yourself!

 

The SQRL and the One Time Login (OTL).

Paul

VPN4ALL : Use Coupon code “savenow15” and get 15% off the lifetime of your account!Secured QRL Codes!

You probably are wondering about this.   I heard it from Steve Gibson and he calls it “squirrel” Code.  It basically helps those who are worried about security and privacy.   I just didn’t want to forget to talk about this myself.  Ever since I heard the podcast entitled “SQRL Episode 424”,  my mind has been trying to get a handle of the whole thing. 

What most people don’t know and haven’t yet figure out is how useful a QR Code is.   I did not think of this solution and would of laughed if I did.  It is really simple, but yet from what I have heard and understand it could be a game changer in the next few months.  I just have a few things that I must be fixed and standardized.   I wanted to share them with you and maybe in the same instants help the community with this problem.

One Time Login “OTL”

Since we are basically logging in every time we use a different QR Code we are only allowing one instance of the login for each time we use a SQRL login.  Thus we will need to limit the time and when we can use that one QR to login.   We also must figure out how we will deal with collision logins.  This is where the site or server sends out the same securely generated long random number to two different users.   This could happen if say we were using this on like Facebook or Twitter.   It is unlikely but possible, unless we disallow it to only be used once and then we get into the ridiculousness of even longer random numbers.   The only thing I can come up with is using the date and time to create the cryptographic challenge.   This would change the it from any two different users from getting the same challenge and thus we would avoid the collision of logins.  

Pretty Good Privacy

The next problem is which encryption key would we want to associate with the smartphone.   I personally think PGP is a good one to start off with and maybe even create the public key that is needed to accomplish this.   The Smartphone in question could be linked in some way to a server with our public key PGP.   I am unsure as to how well this will work but it would allow us to share that key whenever needed.   It may not work but I am thinking we should only use Open Source encryption and thus this is one of the many options.

If the Smartphone is stolen?

This is where PGP can be very useful, we could Revoke the key and tell everyone else this is is no longer trusted and thus we prevent illegal logins to our services.   I’ve heard people do with PGP and thus it should be really easy to implement in SQRL but again, I am not a designer or even ever created things like this so I thought we should at least throw that out and see what people say about it.

Needs to be Available Everyone

It needs to be available on IOS, Android, and even Windows systems.   When this happens it will make it that much easier for this to succeed. 

As you can see I have  these small questions that need to be answer and I even saw some others which I will gladly link to to better help those who may want to explore more into this realm that Steve has started.  

What do you have to say about this and are you curious to see this happen or do you think this will even work.  I may have missed something or do not fully understand it but at least I am wanting this to succeed.   What is your thoughts on this?

Warning Signs of Hard Drive Trouble

Paul

For every computer there comes a time when you have a problem with hardware or software. This is for those who want to learn the signs of possible fixes for having hard drive problems. Although if you know you’re hard drive is dieing then you better back it up as quickly as possible. You will of course need to get the back up software to protect your data.  If you have special drivers you will need to backup yours drivers.  If you have an OEM system then you will need to backup the Hidden Partition.

So what are the warning signs of a hard drive failure:

    [ad#ad2-right]

  • Unexpected freezing of Windows — When Windows Locks up and you have to reboot or getting a Blue Screen of Death.   You have no choice but to restart because you can’t do anything with windows.

  • Losing data files — if you seem to see files being lost or deleted without your direct input.  It might be a sign of a computer virus or it could be a damaged hard drive.

  • Locking up during boot — this is most common when you have a hard drive failure, although if you can restart and not be a problem then just keep in mind that it might be the beginning.  The more frequent you have the lockup boot problems the more chance of the hard drive dieing.

  • Hard drive isn’t recognized in BIOS– Although this can be a old hard drive, if the bios can’t see it then the problem might be a hard drive failure, usually this is meaning you just have to replace the hard drive.  there’s isn’t much you can do with this problem, just replace the hard drive.  Most of the time it is a problem inside the Hard drive bios and you really can’t fix this, you’d have to send it off to possibly save the hard drive data.

  • Clicking, Scratching, Whirling, Grinding sounds from Hard drive — This is the most dangerous signs of hard drive failure and means you need to get your data off ASAP.  If you want to hear some of the waring sounds of a dieing hard drive click here.

Although some of these can or can not be a hard drive failure, some can be driver issure or disk defragmentation and should be check out to rule out these problems.   There can be several problems that might be easily fixed.  If you think it is a failure you might try Spinrite.  The program is made by Steve Gibson and he actually has a “Absolute Satisfaction Guarantee“.  So if it doesn’t work or your not satisfied you aren’t out any money.  I’ve used this in the past for hard drives that are dieing so I could get all the important data off before it died all together.  It is essential that if you can get it working for a short time to get a backup.

Disclaimer: Although spinrite might fix some of the problems associated with a hard drive failure, it might not fix all the problems or any problems.   So it is left up to the user to decide if it is worth it or not to buy it.   I don’t recommend this for every situation or every problem only for the off chance that it might let you get the important data off the computer before you lose it.  Use at your own risk.

Some current Threats in December

Paul

Win32/Mydoom.R

[ad#ad2-left]

Win32/Mydoom.R is an e-mail worm for Microsoft Windows systems. Its file is approximately 28 kilobytes long, compressed by UPX. After decompression, its size is about 40kB.

Upon execution the form copies itself in the %windir% using the name java.exe. It also saves a file called services.exe there. This file is a backdoor component, that operates on TCP port 1034.

The following Registry entries are set to point to worm executables:

HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\JavaVM
HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services

The first entry contains path to java.exe, and the other points to services.exe.

According to the information on all the website in order to fix this you must use some anti-virus software.

[ad#ad2-right]

WORM_AGENT.AHQV [Trend Micro], Dropper/Xema.189952.B [AhnLab], Dropper.Small.LQ [AVG], Trojan.Crypt.Delf.AC [Bit Defender], Worm.W32.Agent-1 [ClamAV], IRC.W.W32.ClickIt.D [Otros], W32/Trojan3.AS [Authentium], I-Worm.Agent.ez [Quick Heal], Win32.HLLM.MyDoom.134 [Doctor Web], Trojan:W32/Agent.GCK [F-Secure], W32/Basine.C [Fortinet], Trojan.Crypt.Delf.AC [G DATA], Trojan.Crypt.Delf.AC [Ikarus], Email-Worm.Win32.Agent.js [K7 Computing], Email-Worm.Win32.Agent.js [Kaspersky], Worm:Win32/Mytob.SD [Microsoft], Win32/Injector.BZ [ESET], W32/P2PWorm.AAK [Norman], Trojan.Delfinject.Gen.3 [PC Tools], Backdoor.Win32.IRCbot.apj [Rising], Mal/Basine-C [Sophos], Dropper.Delf.26624.B [Hauri], Email-Worm.Win32.Agent.js [F-Secure], Backdoor/W32.IRCBot.28160.C [Otros], AGENT.ARQB [PerAntivirus]

According to the information on all the website in order to fix this you must use some anti-virus software. This one is a variant and should be dealt with as if it it the actual worm.  It seems to be spreading through P2p and Email fooling the person into running programs.  So be careful out there.


Got a Virus? Got Spyware? This gadget will fix it!!

Paul

31mvvvheoml_sl160_

PC Clean Machine Personal PC Concierge Service

  • Everything you need, including software, is on the thumb drive to get your own personal PC Concierge, a real person working for you. Click on the video to see how it works.

  • Use our anti-virus/anti-spyware and other tools, or we will work with any anti-virus or anti-spyware you already have.

  • PC Concierge will check your computer regularly to keep your data protected and your computer running at optimal levels. Protects both MAC and PC

  • Receive a detailed report explaining what was done to protect your PC and improve its performance

  • Your PC concierge will perform computer maintenance at a time that’s convenient for you

  • Includes ID Theft coverage whether computer related or not

  • Includes computer breakage coverage

  • Includes all security software: anti-virus, anti-spyware, firewall, anti-phishing, IM encryption, family network, protection, gamer mode, laptop mode, anti-spam, parental control, backup, tuneup, file vault, anti-adware.

This was found online and I thought about how much this could be for people in the field.  This is also good for people who have a system offline and don’t want to go online to get the software that is need to fix this.   I saw this and couldn’t wait to blog about this.  If you need to have security for when you have a virus this will help protect your for one Year.  I will say this is a very good deal get several programs for a real low price.  All the reviews for this product are good, check out the product for the reviews.  It cost 119.99 but I think it is worth it for people who don’t have enough security programs and need to protect yourself.