Tag: security

Posted on

Your location privacy and photos from smartphones

I’m seeing a video go around about your photos from smartphones posing a privacy risk.  This video was published back in 2010 and many of the social networks have since started removing this location data from photos as they are uploaded because of this privacy concern. HOWEVER….

HOWEVER what I DO want to point out is that this might not be the case if you are uploading photos to your business websites and other places on the web.

Before any of my clients panic – I do have you covered (no need to change your phone settings) because there are ways to remove this data when being uploaded to a website as well.

This isn’t as big a deal if your business address is published and you’re taking photos at that location, but what if, for example, you are an artist taking photos of your art in your home studio? Or maybe you even simply took some products home to photograph?

For WordPress there are several plugins but my favorite is Smushit because it ALSO reduces file size and increases performance: http://wordpress.org/plugins/wp-smushit/

Related Testing Tools: For anyone interested in checking to see if their website photos are showing their location, the data talked about in this video is called “Exif data” and there are browser plugins that allow you to check to see what information is showing on your photos.

To make sure the tool you are using shows Geo Location Exif data, here’s a photo you can test with: http://www.summitpost.org/test-this-image-contains-exif-data/769474

Posted on

YOU need strong passwords

http://www.youtube.com/watch?v=VYzguTdOmmU

Secure Password Database solutions
(in order of our preference):

Though the skeleton key looks simple and easy, it’s not the most secure option.
Lastpass1PasswordKeepassRoboForm
CostFree or
Premium $12/year
Compare versions
One time fee
$49.99 mac or pc
$14.99 iphone or ipad
30 day demo available		Free
Exception: iphone & ipad apps ($0.99 and up)		Free or
$19.95/year RoboForm Everywhere
or one time fee (not recommended):
$29.95 Roboform Desktop
Compare Versions
30 day demo available
Does not require an outside service to to sync across multiple devices.Yes - just log in and go. (Must have internet access in order to update on mobile devices.)No - Need dropbox or similar to sync across multiple devices.No - Need dropbox or similar to sync across multiple devices.Yes - Roboform Everywhere (online).
No - Roboform Desktop requires dropbox or their recommended GoodSync to sync across multiple devices. May only sync to other computers with the software.
Computer PlatformsPC
Mac
Linux		PC
Mac		PC
Mac
Linux		PC
Mac
Linux
Mobile PlatformsPremium Accounts only:
iPhone
Blackberry
Android
Windows Mobile
Windows Phone 7
HP WebOs
Symbian S60		iPhone
Android and windows phone 7 in beta		iPhone
Android (beta)
Blackberry
Windows Phone 7
Pocket PC & smart Devices
Palm OS converter
iPhone
Android
Blackberry
Windows Mobile
Palm
Symbian
Encryption Type256-bit AES
exclusively encrypting and decrypting on your local computer. No one at LastPass can ever access your sensitive data.
Full tech details		128-bit AES
Full tech details		256-bit AES (default)
or
256-bit Twofish
Full tech details		256-AES
or
Blowfish, RC6, 3-DES or 1- DES algorithms
Full tech details
Fills forms in browsersYes:
Internet Explorer
FireFox
Chrome
Safari
Yes:
Internet Explorer
FireFox
Chrome
Safari
detail		NoYes:
Internet Explorer
FireFox
Chrome
Safari
Quickly Generate Secure passwords with programYesYesYesYes
Special details (things that the others don't do)Share passwords securely with other lastpass users ("share" option does not disclose the password, "give" option lets the password to be seen by the other person.)Open Source OSI certified
Independent security audit (a knowledgable outside party checking the code)Sorta - as of Jul 18 2014, it's the closest thing any of these have to an independent audit: http://blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html
NoCode is open for review but hasn't been specifically audited by a knowledgable entity with results postedNo
Also listen to the Security Now 464 podcast at the 1 hour 24 minute mark for more info about Lastpass security.
https://youtu.be/dnFFVPsLULs
Posted on

I can’t say these two things enough…

 

  1. BE SMART WITH YOUR PASSWORDS:
    1. Use a strong password for your email. Use a strong password for other accounts too but I want to emphasize email because people seem to forget that your email account can be used to reset other passwords AND contact everyone in your contacts list.
    2. Use different passwords for different accounts: “If you have ever used the same password in more than one place, you have reduced your overall safety record to whichever site had the lowest amount of protection.”
    3. and if you need to store a lot of passwords, use an encrypted database like lastpass.com, 1password or keepass. These password databases can also help you generate more secure passwords that utilize random letters, numbers, caps, and symbols.
  2. BACKUP YOUR DATA no matter where it’s located: computer, cloud, hosting. E-mail, contacts, even social networking data if it’s important to you. Back it up. There are different backup solutions but without going into specifics, think about external hard drives AND off-site storage.
The reason I bring these things is that having a secure password can help prevent your accounts from getting hacked. Or save your business by having backups if you do get hacked or have a computer system fail.
Posted on

I’ve heard that AES encryption can be cracked easily, is that true?

The simple answer is that no, it’s not true. The biggest threat to AES encryption is poor choice of password.

AES is often confused with WEP which is easily crackable.

The more complicated answer is that nothing is 100% secure and anything is susceptible to attack. The most common security hole, which is not actually common, is a software bug that bypass the need to break the key. The key length and password chosen can help determine how likely it is to be cracked. Entry via brute force and dictionary attacks are different than the encryption method having flaws.

There is a theoretical weakness in AES but it has never been proven. Even if the weakness were proven, it would not reduce the time to crack it into a reasonable time-frame, IE less than the lifetime of the universe.

Posted on

My facebook account is posting odd messages or I think it was hijacked – now what?

facebook acct compromised

facebook acct compromisedYour facebook account can be hijacked by a malicious application or going to a website that isn’t facebook and entering your password. If you have clicked on a link or added a facebook app you shouldn’t have, don’t panic yet!

I would recommend changing your password and following these instructions :
https://www.facebook.com/help/?page=1009

I would also suggest removing any facebook apps that you aren’t familiar with (or it’s a good time to clean house and remove apps you no longer use also if any.)

You can remove an application you have allowed from the Applications You Use page. To get to that page, follow these steps:
  1. Go to the Privacy Settings page from the “Account” drop-down menu located at the top of any page on Facebook.
  2. Click the “Edit your settings” link under the Applications and Websites section towards the bottom of the page.
  3. Click on the application you’d like to remove. If you don’t see the application listed, you can find it by clicking the Edit Settings button towards the top right-hand side of the page.
  4. You’ll then see an expanded view of your settings for that application. From here, you can click the “Remove application” link. Once you confirm you’d like to remove the application, it will no longer have access to your data and be removed from your profile, bookmarks, and your Applications and Games Dashboards.