Tag Archives: security

Facebook Timeline Privacy Settings – Part 1

January 29, 2012 Computers Made Simple Leave a comment

On January 31st, 2012, you’ll be forced to accept Facebook’s new timeline profile. There are some new privacy settings that you might want to adjust. In the change from the standard Facebook interface to the new timeline interface, your previous settings won’t survive the transition. You’ll have to adjust them again.

Why is this important? For me, it’s not. For you, if you are a teenager or a single woman, for example, there are dangers to having all of your activities past and present open to the world. Ex-partners, teachers, prospective employers can now access all of your past information very easily. There isn’t much danger of me being stalked but for many people, that is a very distinct possibility.

TIP: The best thing about the new timeline interface is that you can see immediately how your profile looks to strangers or to any of your friends. See the little arrow just to the right of the gear icon on your profile page? Here it is:

The View As menu on the timeline — Click on the View As line.

Once you click on the ‘View As’ line, your profile will change to show how strangers will see it. You can then change the view to show how your friends will see it, depending on your settings for each of them. You may want to hide things from some friends. In that case they will not see the same profile as everyone else.

Step 1 – Hide Your Past from Strangers: Follow these steps to ‘Limit the Audience for Past Posts: https://brianmahoney.ca/2011/09/facebook-control-your-old-post-privacy/ You must do this again, even though you may have done this in the past. Once you have done this, take a look at your profile as I have described just above this to ensure that your past is hidden from strangers/people who aren’t your friend.

Step 2 – Hide Your Friend List From Everyone: If you have family members on your friend list, it might be a good idea to hide your list from them. If you have your privacy settings wide open, everyone can see your list, allowing them to troll through it for ways to contact you. Whatever the reason, I think it’s a great idea to hide your list of friends from everyone. Here’s how you do that:

1. See the photo up above this? Click on the ‘Update info’ section. This will bring you to a page that allows you to edit virtually any part of your personal information. It also provides a link to your other personal settings. Click on the arrow beside the word ‘About’ and you’ll see this:

Settings Menu — This has links to all of your personal settings, including your friend list.

When you click on ‘Friends’, you’ll see a complete list of your friends, of course. What you are looking for now is the Edit button up on the top right. Click it and you’ll see this little menu:

Menu for your friend list — See the padlock on the right? Click it.

Once you click on the padlock you will see this menu next:

Locking your friend list — I would choose 'Only me' here but it's up to you.

As you can see, I have chosen ‘Only me’ for my friend list. Any friend who has a mutual friend will be able to see a list of mutual friends but that’s it. See the tip below but for now, no one can see your whole list except you.

TIP: The new timeline will not allow you to hide mutual friends from anyone on your list. Keep that in mind.

Everyone has different levels of security that make them feel safe online. I’m pretty open about most things but I don’t see why my friends have to see who I am friends with. I can further adjust these settings by grouping my friends into smaller groups. More on that in a future post.

Thanks for reading! Comments are welcome.

Email, Hotmail, Internet, Security, Spam

Spam email from myself? Huh?

January 27, 2012 Computers Made Simple 10 Comments

This morning I received a spam email from my own hotmail account. No, my account hadn’t been hacked. Yes, someone had spoofed my email address (and my name) and had sent it to me using my own email address but from a different IP address. Don’t ask me how they did it but they did. I wanted to block that person from sending me any more emails like that but I didn’t want to block myself, obviously. Every now and then I send an email to myself. Let’s say I change a password on some account on the ‘net. The easiest and most secure way to keep a record of that change is to send it to myself in an email. Of course, I don’t put anything in the email that gives the account that I’ve changed. I use a code. Anyway, here’s how I blocked that person from sending more emails from myself.

As we discovered HERE , it’s easy to find out where an email originates. Using Hotmail as an example, right click any email in its folder (as opposed to having the email open) and choose ‘View message source’. Every email system is a bit different but you can view an email’s source in any of them. If you don’t know how to do it, use Google or ask me in a comment below or on Twitter.

Once you find the source, there will be an IP address at the top. There will also be an email address, in my case it was my own. Since I know that I didn’t send the email, I knew that someone had spoofed the original email. Regardless, the IP address was there. I checked the address, of course, and it turned out to be somewhere in Israel. No problem there, I would block the IP address, not the email.

TIP: If you have the time, it’s always good to block an IP address as opposed to simply blocking an email address. This post is a perfect example of why you’d want to do that.

OK, now I had the IP address and it was an easy task to block it using Hotmail’s great system. It’s described HERE. Once that was done, I can rest assured that I won’t get any more emails from that address, certainly none from my own email address.

A good point to all of this is that if a spammer can send me an email from myself, they can also do other things that will make me think the spam is legitimate. As the Internet changes, you have to keep on your toes to prevent your accounts from being compromised. Make sure you use a good virus and email protection system AND keep reading my posts. If you have questions or concerns about computer or email security, make a comment and I’ll work out an answer for you.

Thanks for reading!

Internet, Privacy, Security, WordPress

Secure WordPress Login

December 12, 2011 Computers Made Simple Leave a comment

Since the default WordPress username is ‘admin’, did you ever think that maybe it’s time to change it to something a bit more secure? Any hacker worth her or his salt can probably gain access to your WordPress installation quite easily. The only thing they need is a password generator of some type if you have left the default WordPress username as admin.

Besides changing the default setting, you should also do something else. If you are a single owner/poster, you should change your posting name to something other than your username. If you want to post as “Jane”, for instance, you can login in as kentucky or anything else that suits you. Why should you do this? It seems obvious but in case you missed it, if you post as “Jane” and your username for logging in is “jane”, maybe a hacker could easily guess your username. Simple, right?

Head over to ‘Users’ on the left side of your WordPress Dashboard. For the default installation, there will only be one Username, by default it is ‘admin’. Here’s what the default setting looks like:

Admin user settings — Admin is the default user. No 'Role' is listed as there is only one user.

The default username can’t be changed but what you want to do is to add another user then switch the Role of Admin to ‘no role’. In other words you can’t get rid of the admin user but you can take the administrative power away from them in order to secure your WordPress site. You’ll notice from the photo above that there is no place to choose the Role of this user.

Update: I forgot to mention that you can’t change the default username’s role until you set up a new user as admin, log out and logo back in again. Set up new user, make that user admin, log out then log in again and change the default admin’s role to ‘no role’.

Tip: You can’t change the role of the current administrator until you have another administrator lined up. Create another user, use whatever name and nickname you want, then make the Role of that new user ‘Administrator’. Once you do that, go back to the original admin user and define its Role as ‘None’. This screen shows you what to look for:

New User Menu for WordPress — This is where you can choose the Role for the new user.

In this window, make note of two things. First, the Role menu is visible since you are adding a new user. Any new user must have a role, even if it is no role at all. Next, make sure the username and the display name are totally different. The Username is the name you use to login to the site. The Display name is the name that shows on each of your posts. Make sure they are different. Anyone can try to login with your display name and guess your password but if your username is different, your site is more secure.

TIP: Whatever your role is on any WordPress site, make sure that your username for logging in isn’t the same as your posting name. If you’re an administrator, make sure of this small but very important detail for every user of your WordPress installation.

Once you have a second administrator set up, go back and remove the administrator role from the default admin username. Once you do that, your WordPress site is a lot more secure than it used to be.

Thanks for reading!

Email, Encryption, Privacy, Security

Hushmail Email Security

December 8, 2011 Computers Made Simple

If you’re concerned about email security, my next few posts will discuss some aspects that you might want to consider. My feeling is that email is far less secure than it used to be, even compared to five or ten years ago. Whether or not anyone is reading your email, you might want to think about some way of securing your private and/or business communications from prying eyes. If you are already involved in illicit activity, you are likely more advanced in this area than I am. All of this is new territory for me. We’ll learn together.

My first stop on this journey is a Canadian web-mail site, Hushmail. Hushmail advertises itself as a ‘free secure email’ provider. It is free and somewhat secure. There is a pro version for use on your own domain but we’ll stick with the free version for now.

Hushmail encrypts your email to other Hushmail users, plain and simple. Once you are logged in, Hushmail provides an encrypted connection. The key to this connection is your password. If, for some reason, your Internet connection is being watched, logging-in to Hushmail will protect everything for you. Your emails are stored on the Hushmail site in encrypted form. Your passphrase isn’t stored anywhere by Hushmail. If you lose your passphrase, you can’t recover it…at least not through Hushmail. It all sounds quite secure, right? It is but Hushmail is very open about its limitations.

I don’t think anyone really reads the EULAs or FAQs that abound in the computer world. Hushmail’s FAQ was both incredibly easy to read and extremely honest. Take some time to read it and you’ll start to understand the limitations of a web-based email security system. Here’s a link to Hushmail’s FAQ: http://www.hushmail.com/about/technology/security/

Hushmail is perfect for the average person who wants a bit of privacy and simplicity with their free web-based email. There are ways to encrypt a regular email on Hotmail or Gmail and I’ll get to those later but for now, Hushmail is worth investigating.

The key to Hushmail is the passphrase. Sure, the email and the connection to Hushmail are encrypted but how can you keep your passphrase secure? That’s the problem, right? If you can manage to come up with a mnemonic passphrase, something that is easy for you to remember but ridiculously hard for anyone else to crack, you’re fine. If you have to write the passphrase down, things get substantially less secure. That’s for you to work out but I’ve got some tips here in another post.

Lastly, if you think that you’re immune to all of this and that no one really cares about your email, check out this PBS documentary. It’s an eye-opener: Nova: The New Thought Police

Thanks for reading!

Scam, Security, Twitter

Staying Safe on Twitter

December 5, 2011 Computers Made Simple

There are many sites that would love to steal your Twitter password. Here’s a way to make sure they don’t.

1. Have your browser remember your password – When you sign-in to Twitter, check the remember me box which permits your browser to save your password in its cache. Do this ONLY if you are on your own computer, right? Don’t do this on a shared computer.

2. Only allow apps that you trust: Once you are signed in, a proper Twitter app will be able to access your credentials through Twitter. Every app that is authorized by Twitter will be able to access your details if you are already using Twitter when you try to add the app. Makes sense, right?

3. Don’t re-enter your password – Any app that is authorized by Twitter does not require your password. You’re already logged into Twitter and the apps, if they are authorized by Twitter, can access your info every easily. Once you click the ALLOW button, the app takes over and does its stuff and you can use it. Easy as pie. If an app asks for your password, then it’s trying to steal your account or hijack it. Once you type in your password the app will use your account to send out tweets and DMs to all of your followers. These tweets and DMs will all contain a link that will try to steal their passwords too. See how it goes?

How to Safely Add a Twitter App

Let’s add an app, just to show you what you’re looking for. I’ll use Tweeter Karma as an example. I like to know who’s following me and whether I am following them or not. Twitter Karma gives me all the details on that. Head over to http://dossy.org/twitter/karma/ This is what you’ll see:

Twitter Karma Site — Look for the 'Sign in with Twitter' button and the official Twitter logo.

Once you click the ‘Sign in with Twitter’ button, you’ll see this come up:

The Official Twitter Access Authorization — This is what you see on an official Twitter app site. Note that your password isn't needed.

Just to be safe, look for this in your url window:

Make sure the Twitter address is in the url, not a fake 'twitter-ish' url.

The site is ‘twitter.com’, the real Twitter URL. The https is a nice touch, too. That means the site is secure.

After you’ve clicked your way through these windows, you’ll see something like this:

Successful Log In Menu — Now you're logged in, all without giving up your password.

If you follow these steps when adding a Twitter app, you’ll be safe. Look for improper urls, password requests, etc. If the app looks suspicious, it probably is. Twitter is just fine by itself, the apps are fun but not totally necessary. Hopefully with this blog post, you’ll manage to stay safe out there!

Thanks for reading.

a little bit of hi-tech, a little bit of common sense and a lot of fun