The SQRL and the One Time Login (OTL).

Paul

VPN4ALL : Use Coupon code “savenow15” and get 15% off the lifetime of your account!Secured QRL Codes!

You probably are wondering about this.   I heard it from Steve Gibson and he calls it “squirrel” Code.  It basically helps those who are worried about security and privacy.   I just didn’t want to forget to talk about this myself.  Ever since I heard the podcast entitled “SQRL Episode 424”,  my mind has been trying to get a handle of the whole thing. 

What most people don’t know and haven’t yet figure out is how useful a QR Code is.   I did not think of this solution and would of laughed if I did.  It is really simple, but yet from what I have heard and understand it could be a game changer in the next few months.  I just have a few things that I must be fixed and standardized.   I wanted to share them with you and maybe in the same instants help the community with this problem.

One Time Login “OTL”

Since we are basically logging in every time we use a different QR Code we are only allowing one instance of the login for each time we use a SQRL login.  Thus we will need to limit the time and when we can use that one QR to login.   We also must figure out how we will deal with collision logins.  This is where the site or server sends out the same securely generated long random number to two different users.   This could happen if say we were using this on like Facebook or Twitter.   It is unlikely but possible, unless we disallow it to only be used once and then we get into the ridiculousness of even longer random numbers.   The only thing I can come up with is using the date and time to create the cryptographic challenge.   This would change the it from any two different users from getting the same challenge and thus we would avoid the collision of logins.  

Pretty Good Privacy

The next problem is which encryption key would we want to associate with the smartphone.   I personally think PGP is a good one to start off with and maybe even create the public key that is needed to accomplish this.   The Smartphone in question could be linked in some way to a server with our public key PGP.   I am unsure as to how well this will work but it would allow us to share that key whenever needed.   It may not work but I am thinking we should only use Open Source encryption and thus this is one of the many options.

If the Smartphone is stolen?

This is where PGP can be very useful, we could Revoke the key and tell everyone else this is is no longer trusted and thus we prevent illegal logins to our services.   I’ve heard people do with PGP and thus it should be really easy to implement in SQRL but again, I am not a designer or even ever created things like this so I thought we should at least throw that out and see what people say about it.

Needs to be Available Everyone

It needs to be available on IOS, Android, and even Windows systems.   When this happens it will make it that much easier for this to succeed. 

As you can see I have  these small questions that need to be answer and I even saw some others which I will gladly link to to better help those who may want to explore more into this realm that Steve has started.  

What do you have to say about this and are you curious to see this happen or do you think this will even work.  I may have missed something or do not fully understand it but at least I am wanting this to succeed.   What is your thoughts on this?

The Long Road home, and When things go wrong! (A Short story)

Paul

Road

The long Road Home!

It was a dark and stormy night and nothing in the world could stop the downpour. The rain came down as if the heavens opened up and started crying.   You couldn’t see a foot in front of you and not even the head lights could help.   You wonder if your going the right way or if took the wrong road.   This long winding road just seems to unfamiliar and and a little spookie.   You pas by farm houses and see only a flicker of light from a few of them.   You check your watch and it says it is 9:00 o’clock PM.   It seems kind of odd that all these houses would be dark.   Your gas gauge is reading empty and you will need to get more gas.  You come to a gas station and you pull in to the next available gas pump.   You hear “ching … ching… ching” as your car stops.  

As you wait, you hear foot steps coming closer and you look to see who it was.  You hear a “BOOM” from the storm, it makes you jump and ask  “Who are you?”   He replies, “The gas attendant, sir.  You can call me Bob!”.   “Sorry Bob, it seems I been feeling on edge.  Please fill my car up with regular unleaded.” I said to the attendant.   He says, “certaintly sir, and no problem, this country side can do that to some people.”

The story and you!

So as you can see this is where I left the story and I have been thinking something else should go wrong after that but my brain coulnd’t come up with it.   I am asking my readers what it should be and what you think of this short story so far.   Should I make the driving more exciting or should I make the driving more longer.   You will help me develop this story and hopefully we can have a little fun with this story.  I’d love to hear your comments and suggestions.

Android Vulnerabilities and Exploits in the Wild!

Paul

Android garden

Time to Do what?

When I was researching this on the web I didn’t expect to find so much stuff, but I do think IOS has more vulnerabilities then Android but it isn’t as bad as Apple IOS problems!

I am not going to talk about all of them but just a few that have peaked my interest!

The ‘Master Key’ Exploit

A simple but yet easy way to fool your Operating System and gain more access than it should.  The name doesn’t mean they actually have the master key to your device.   It is using what all Android devices use in the APK.  The MANIFEST.MF, which if done right, will have two more copies in the APK (Zip file).   When the Android OS installs this APK it will use the the last MANIFEST.MF and thus it can gain more access than you once thought.   Be able to communicate with a server  or copy your contacts.   I’ve pretty much come to the conclusion that 3rd party apps are dangerous now and I will not use anything but Google or Maybe even Amazon US app store!  

The ‘Webview’ JAVA Exploit

If you don’t use JAVA you will need to consider disabling it in Android.  While this one is a little more trickier and harder to avoid if you use Java, you best bet is to install Dolphine Browser, FireFox, and/or Chrome.   Then install a java an Addon or and Extension that does not allow Java to be used unless you specify.   This exploit can send SMS, or send out emails from you to spam your friends and family.   So this is one that you must start worrying about to a point.

The ‘Scarevertising’ Exploit

This last one I have seen become very prevalent and thus you should be on the lookout for this!   They claim in either a push notification or in some kind of inside application banner that basically tries to scare you into thinking you have a virus.   I’m not sure which advertising networks are being used but you can bet this will be a constant problem.   Some rules of thumb are install only from the Google App Store and never install any third party apps, which some call side along install.  

If your worried and you want to protect your Android Device, here are a few free applications that will help and hopefully keep you safe:

The last thing I can say is there are more than 100 different anti virus apps out there but it all depends on the end user (you) to know and trust vendors who are reputable and you can trust.   If you don’t know the Anti virus Company than maybe they shouldn’t be used.   I do hope I have helped you find what your looking for and we will discuss more in the future on Android Exploits!

 

[Rant] Obamacare and Minimizing Hours!

Paul

My Personal Insurance Agent (#93041)

Obamacare and Me!

I never thought this would of happened but lately my employer that I have been working with for over a year has started to move everyone they can to part time.   It seems that I may be one of those alas, the money I was getting might dwindle and I will need to find another job to help make up the difference. 

 

Who thought of this loophole?

I am very unhappy with this loophole and it will more than likely make everyone have to find two different jobs that are part time just to get 40+ hours somewhere and you know that isn’t going to be overtime but all straight pay.

I usually don’t talk about stuff that isn’t technology related but I wanted to just rant about out ridiculous this Obamacare is and how it does nothing to help the low income people who are just trying to survive.   I have yet to have insurance and now I have to figure out how to get around the 2.5% of my income in three years.   This is the going to hit me really hard.   I either have to pay around 120$ a month or pay 367.12 a year.   I hardly been sick and when I am it is moderately bad and thus I usually only go once a year.   How is this going to help me from getting into debt.  

Obama figure this out!

I’m calling on Obama to withdrawal this plan and come up with a more fair plan that will allow the low income workers from having to work harder than we have in the past few years.   Make companies increase hours and make companies to pay more is one step that will help use get out of debt quicker and much more easily.   We are working hard and can’t easily claw ourselves out of this debt.  You just don’t understand what it is like for a low income worker.   It might be time to get your hands dirty and do some of the things we do and then you tell me how fair this law is!  

Get with it and stop making the low income work harder for the same benefits!   You aren’t helping me but making it harder for me to survive!  

Ok so that is the rant and I won’t get into much else but this is just ridiculous. 

 

4 Gadgets Every Techie Should Have

Paul

Gadgets :) iPhones 4 n' 5 + iPad 2

If you consider yourself a techie, you need the right tools in your arsenal to keep up to date in today’s rapidly changing world. It’s easy to confuse yourself with what seems to be the next greatest product. That said, every techie should focus on getting these four essentials before they branch out to what would be considered extra.

A Smartphone

For starters, every techie needs a smartphone, which will keep you up to date on everything going on in the tech world. There is always going to be the debate about whether you should purchase an iPhone or other model. The choice is completely up to you, since every techie has their reasoning for which they chose. Be prepared to defend your decision against other techies, because there will never be consensus. Be wise in your smartphone choice because your smartphone will become your right hand man.

A Tablet

The next best thing for a techie would be a tablet. The benefits of the tablet seem to be endless. Most people see a tablet as just a larger version of a smartphone, but there is so much more to a tablet than meets the eye. A tablet is really a smaller, more portable computer. In fact, today’s tablets have become so powerful that they have the capability of running faster than a lot of computers. Tablets give you certain application functions and internet browsing speeds that you would otherwise miss out on if you were using a smartphone. Tablets are big enough to give you access to a full keyboard, just as you would on a computer. 

A Computers

As obvious as this next one might sound, in today’s world, people are tending to skip out on purchasing a computer. However, computers will always have the most capability when it comes to internet browsing. It likely won’t ever be beaten in software capability. A computer provides access to useful programs such as Photoshop and Microsoft Office that you just can’t duplicate on a Smartphone or Tablet. Computers nowadays are seen as kind of clunky, but they aren’t ‘big’ for no reason – they have much more memory and overall storage ability. For at least the next decade, there will be certain things that can only be done on a computer.

That Watch

Finally, every techie needs their very own techie watch. They’ve advanced, bu it can get a bit pricey. After all, nobody said being a true techie would be cheap. For the right price, you can purchase a watch that displays the weather, your heart rate, bits of news, and of course the time and date. Some techies prefer the even higher-tech bracelets, such as Nike fuel bands that track physical movements and distance covered, but they come at a pretty penny.

Vanessa Alvarez writes all about technology. Her recent work is on the Top Online Software Engineering Programs.