Tag Archives: security

How Dropbox Can Save Your Bacon

July 6, 2012 Computers Made Simple 1 Comment

Yesterday, we locked ourselves out of one of our WordPress websites. Even though we write about tech things, we sometimes screw up. Luckily we were able to get back into the site using a password file that we had backed up on Dropbox. Here’s how it went down:

1. We keep a list of passwords in a simple text file on the main office computer and a duplicate file in our Dropbox folder online.

2. Somehow, probably when someone started to type something but didn’t know they were in the password file, one of the passwords got erased.

3. We had the admin password but we’d changed the admin user account’s settings so even though we were able to log-in as admin, we couldn’t do anything. If you have a WordPress site, this is one of the first things you should do. Hackers know that most WordPress users leave the log-in name as ‘admin’ which means that they are already half-way there when it comes to breaking into your site.

4. Since Dropbox syncs your computer’s Dropbox folder with its own online version, both text files were corrupt.

5. We logged on at Dropbox.com, found the file, then looked for the previous versions of that same file, an older version that hadn’t been corrupted. Dropbox stores older versions of files for these kinds of accidents.

6. After we found the file, simply right clicking it brought up this menu:

Photo of Dropbox menu — Right click and choose ‘Previous Version”

7. The previous version of the file had the correct password in it. After we logged into the site, we copied and pasted the missing password back into the original file on our computer. Dropbox, of course, immediately synced the two folders, its own and the one on our computer. We left the previous version as it was, just in case we need it again.

Now, you’re probably thinking, “Why didn’t they just use the ‘forgot password’ option on WordPress?” That makes perfect sense if we used the same email address for all of our sites but we don’t. Checking each of a dozen websites for the WordPress link would have taken much longer. The Dropbox option was faster. We have, however, made a list of what email address is used for each site. That file is on Dropbox and the main computer, of course. Yes, we should have thought of that before but we’re not real geniuses here, we’re just reasonably smart.

Dropbox can really help in this kind of situation. We hope you take our advice and use it. Check out the site, the installation process here: Dropbox

Thanks for reading!

Privacy, Security

My View on Internet Freedom

February 20, 2012 Computers Made Simple Leave a comment

Remember the Berlin Wall? It was one of the last relics of the Cold War. Built in 1961, it was a symbol of backward thinking politicians, persecution and the loss of personal freedom until it was torn down in 1989. You might also remember Ronald Reagan’s famous line, “Mr. Gorbachev, tear down this wall!” How dramatic that line was! It’s still used in stirring and patriotic speeches about God Bless America and freedom. Unfortunately, the western world is far less free than it was in 1989.

This week, Canada will enact legislation that will allow police and governments to spy on its citizens without a warrant of any kind. The legislation will force ISPs to provide vast amounts of information without any kind of judicial control. Canadians, showing their natural good humour (we spell it with the ‘u’), reacted to this legislation by using Twitter to make fun of the government minister who promoted the bill. We tweeted everything we were doing, everything we were thinking and everything that our cats and dogs were doing. Providing a mass of unrelated information just might be a way to hide your tracks if you are up to something sinister. Unfortunately, this would also hide real criminals and terrorists from being identified.

Hasan Elahi used much the same kind of tactic when he was questioned by the FBI for six months in 2009. Here’s a description of what he did: http://www.nytimes.com/2011/10/30/opinion/sunday/giving-the-fbi-what-it-wants.html?pagewanted=all

Hasan’s website is here: http://www.elahi.umd.edu/track/ and you can track him virtually everywhere in the world. He’s taken privacy to a whole other level. By making himself completely open in all of his activities, he has invented a way to, perhaps, cloak his actions in behind a wall of transparency. Here he is on Youtube (Ted TV):

http://www.youtube.com/watch?v=wAdwurHhv-I

explaining what happened and how he handled the situation.

Americans have already lost their freedoms. You might not know it but you have. The NSA, the FBI, the CIA and even the EOP (look it up) are already spying on you. Through the use of expert scaremongering, successive presidents and legislators have teamed up to deny your constitutional rights. The Occupy riots have proven that even the most basic right of freedom of assembly, is long gone.

Canadians are by nature quite peaceful. This bill, hopefully, will stir us into action to defeat the government that introduced and supported it. Our political system is different from the American system. If we get ticked off with the current party in power, it’s not unusual for us to completely trash them in the next election. We’re not a two party country up here and we don’t vote along team lines. It’s a little bit harder for Americans to get rid of a party that threatens to limit their freedom but it’s still possible. As the Arab Spring might* have shown us, change is possible if we work collectively to promote it. Isn’t it curious that the communist principle of a collective voice against oppression seems to be the ideal tool in our post-capitalist society.

Thanks for reading. I’d love to see a few comments on this post.

*I say ‘might’ simply because neither Egypt or Libya seems to have succeeded in enacting the ideals that they fought for. In the power vacuum that was created after the ouster of the old leaders, it seems that the military in both countries has taken over. Just as church and state should be separate, there is no place in the world for a military state.

Privacy, Security, TOR

Online Privacy Part 2 : TOR

February 16, 2012 Computers Made Simple Leave a comment

What is TOR? Here is the description from the TOR website:

“Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.”

What this means is that once you are using the TOR browser, your surfing habits are hidden from prying eyes. TOR also hides your location from the rest of the world. Here is how TOR describes what it does:

“Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.”

If you’ve watched any recent cop show on TV, you’ll know that tracing a criminal can be easy, depending on the time limit in the plot. As far back as Three Days of the Condor (Six Days in the novel), smart operatives defeated tracking software simply by bouncing their source signal from place to place, either in a telephone exchange as Robert Redford did in Condor or through various servers around the world as Lisbeth Salander did in The Girl with the Dragon Tattoo.

Once you start using TOR, your surfing might slow down a bit but you will be as anonymous as you can get on the Internet. Take a journey with me as I begin to discover TOR’s capabilities. I’ll also try to test it’s effectiveness at hiding my IP address in several places around the world. I should say now that TOR is free. There are other ways to hide your IP address from prying eyes but every one that I can think of involves spending some bucks. I’m all for free, aren’t you?

Start by reading the documentation here: https://www.torproject.org/docs/documentation.html.en Start to discover on your own what TOR is about, download everything and pop back for more updates on Monday. (I’m donating blood tomorrow so I’ll be tied up most of the day.)

Thanks for reading!

Email, Hotmail, Security

Hide Yourself Online

February 15, 2012 Computers Made Simple Leave a comment

These days, there is absolutely no guarantee that what you do online is private. While there are many ways to hide your surfing habits from your family, cloaking yourself from unwanted and unnecessary snooping by local, state or federal authorities is much more difficult. As conservative politicians push for more restrictions of personal freedom, it is increasingly difficult for the regular citizen to maintain their right to privacy. Over the next few posts, I will investigate some of the things you can do to protect those rights. Consider this the first of a series.

The most important thing I can suggest to you, dear reader, is to immediately STOP using your ISP’s email. If you don’t know what that is, it’s the free email you get when you signed up for your particular ISP or Internet Service Provider. Instead, sign up for an account with any of the free email services from such sites as Microsoft, Gmail or Yahoo. Personally, I use Hotmail, Gmail and Yahoo, each for different purposes. You don’t have to go as wild as I have but make sure you use at least one of them for yourself.

Why use a free service? There are two reasons, essentially. One is simple. When you change ISPs, you don’t have to send emails around to all of your contacts to tell them that you’ve changed your email address. The chance that any of the three services I have mentioned will go out of business is very slim. Secondly, free email accounts are much harder to trace. Authorities can pressure your ISP to reveal the address you use with them and, probably, your password. In Canada, a bill is in Parliament right now that would allow them to do that without a warrant. Imagine what certain people could do with your personal emails. Anyone who the party in power considers and enemy could be investigated. More on this a bit later.

The other thing that is open to scrutiny is your surfing habits. Let’s say that you’re a public figure or a politician or a high-profile civil servant. With the new rules in place, any security official could track your surfing habits without a warrant. Unless you are doing something illegal, there is no reason for them to know what sites you visit, is there? If you are committing a crime or if you are suspected of being involved in criminal or terrorist activity, wouldn’t it be fairly easy to get an official warrant to snoop around in your life? The trick to hiding your surfing habits is fairly simple. I will be investigating the TOR network over the next few posts. In the meantime, check out the TOR Project here: https://www.torproject.org/

Lastly, if you’ve been watching any modern TV detective series or movie, you’ll know that your lowly cell phone can give just about anyone your exact location in the world. The GPS locator in your phone sends out complete details of your movements every day. As you know, hackers can listen in on your conversations, access your voice mail and even download photos from your cell phone for their own uses.

Smart phones are wonderful pieces of technology but you might want to stop and think about how much of your private information your little friend is keeping track of. A tip here might be to have a cheap, throwaway phone for day to day use and a iPod Touch, for example, for all of your other Internet and GPS uses. There are other ways around this but now is the time to start thinking about your privacy and how your cell phone impacts it.

Look forward to more tips and tricks here in future posts. I am all for the rights of victims of crime and/or terrorism but I cannot put up with this growing trend of normal citizens losing their right to privacy. What do you think? Comments and questions are welcome.

Thanks for reading!

Privacy, Security, Spam, WordPress

Check Your User Settings in Worpress

February 1, 2012 Computers Made Simple Leave a comment

This morning I received an email from this site telling me that someone had registered as a user. Needless to say I was surprised. I wasn’t quite sure what damage a new user could do to my site but I logged in, deleted him and changed my settings. When WordPress asked me to confirm the deletion, it also asked me if I wanted to delete any links that the new user had put up here. I said yes, of course, but that made me think about my settings on my other sites. The default WordPress settings make it very easy for anyone to subscribe to your site AND to post links. Here’s how you can protect your site before this happens to you.

Head over to Settings, second last link on the left side of your Dashboard window. Once you are there, you should be on the General Settings page but make sure that this is where you are.

Halfway down you’ll see ‘Membership’ with a box that is, probably, checked. If it is checked then ‘Anyone can register’ which isn’t what you want. You want to un-check that box to prevent people from adding themselves as users. You can still add users but you have to be logged in as admin in order to do that.

The second thing you want to do, now that we are on this subject, is to limit comments on your posts. Yes, you want comments but you don’t want spam. There are two ways to prevent this. The first is to go to Settings then to Discussion Settings. What you are looking for there is ‘Email me whenever’ and ‘Before a comment appears’. In the second one, make sure that the box is checked beside ‘An administrator must always approve the comment’. Then, in the section above, make sure that you get an email when someone makes a comment and when one is held for approval.

If you have your WordPress installation set up this way, you won’t get surprised by someone adding themselves to your user list AND you won’t get spam comments showing up unannounced, either. Sure, you will get spam but you can check the comments and delete them. How can you prevent spam completely? You can’t. But you can add a plugin that will put check all comments and automatically put the ones that are spam into the proper folder. Here’s how.

Akismet is a standard plugin that you get with WordPress. To get it working, you need to activate it. To activate Akismet, you have to register and then get what they call an ‘API Key’. Don’t worry, it’s free. All of the links are there on your WordPress Plugins page. The key is the only thing you need before Akismet roots out spam for you. It won’t send an email but it will hold all the comments that it thinks are spam, and it is never wrong, until you show up to delete them.

There are other ways to secure your WordPress installation, these are only two. WordPress is probably the most documented bit of brilliance on the ‘net. Keep learning and keep safe, people.

Thanks for reading!

a little bit of hi-tech, a little bit of common sense and a lot of fun