# Practical Computer Security Tips



## WechtleinUns (Mar 10, 2013)

In the novel "1984", written by George Orwell, the main character comes upon a poster on the side of a staircase. The poster displays two deeply penetrating eyes, and the phrase, "Big Brother is Watching You". This phrase alone was enough to make the book a haunting and long-lasting piece of literature. Today, we live inside an Orwelllian Society, and yet the truth about security and privacy might shock you. Big brother is not watching you, but something much worse is.

The truth about cyber-literacy and computer security is that the people most interested in your personal information are most likely to be corporations looking to sell you stuff. This corporate demand has given rise to a black market of information, which is, quite literally, an "information economy". Information is bought and sold, and then used to move goods and products. Advertisements are tailored to every single thing you do and type. And these advertisements generate large amounts of money for people all over the world. Luckily, there are some practical things you can do to use this system to your advantage.

First, let's discuss our tools. There are three platforms by which a person can access the internet: A desktop computer connected via wi-fi, a cell-phone/Tablet using a telecom network, and/or a 90v Serial Modem Line. Each of these platforms presents different situations that you will have to deal with, so we will discuss each one separately. First, the Desktop:

Desktop Wi-Fi is the easiest platform to secure, so let's discuss the platform. Most modern desktops connect to the internet through a Router. The router is kind of like a mail-box. So when your computer wants to access the internet, it sends a letter into your router/mailbox. The letter is then sent off to its destination, and the relevant information is sent back to your mailbox/router. Then, your computer looks inside the mailbox/router, and your web-browser formats the information.

Several points are important here. First, just like a real mailbox, it is possible for someone to open it up and look inside. Most routers come with a hard-reset function. This is usually a small hole, about the diameter of a paper-clip. So if you stick a paper-clip inside for about 5-30 seconds, then the router will hard-reset. This will reset the password and username to factory defaults. The manufacturer has gladly provided the factory default password on a label on the bottom of the device.

Why is this important? Because you have wi-fi, and johnny next door doesn't. So he offers to mow your lawn, and you invite him in for a cup of tea. He asks if he can use your computer for a bit, and you don't mind. Well, he hard-resets your router, and now Johnny has access to your network. So he goes home and uses your bandwidth. The best part? Johnny gets it for free, because you are paying for it!

It's a good idea to change your password from its default setting, and keep an eye over prying hands. Locally, this is sufficient to ensure that you are not paying for somebody else's internet. However, it might not be sufficient to deter identity thieves. Recall that advertisers want to sell you stuff, but in order to get you interested, they have to know what you are interested in, yes? Well, little Johnny just got his allowance cut off because he failed his algebra test, but that's okay, because Johnny has a password cracking algorithm on his computer.

This is where your new super-fast wi-fi works against you. Password cracking relies on two things: Human laziness, and digital perseverance. A password cracking algorithm uses super fast processor speeds to try millions of combinations in less than a tenth of a password. Thus, the more random your password is, the better.

"Ah, but Wecht! I can't remember a long password like that!" Yes you can. There is a simple technique to memorizing long, seemingly random passwords, and the key is that they are not perfectly random. Here's what you do:

First, pick two random characters. They must be either:

1. two symbols(not letters)
2. two numbers
3. two consonants
4. two vowels
5. two upper case letters.

Then, pick three random characters in the same manner. They must be of a different type.

And finally, pick a single random character, and repeat it three times. You now have a psuedo-random password that is almost impossible to crack, but that you will be able to remember much more easily. But wait, there's more! Every time you use this password, you will increase your recall of it, and be better able to remember it. It's a good idea to change your password every few months or so, but you don't need to throw away your old one. Here's what you do:

You delete the last three characters(weakest link), and then pick two random characters in the same manner as before. Add these two characters to the end of your password. Then do the same thing for an additional three random characters. You're password has jumped in size from 8 to 10, and yet is still easily memorable, and pretty much random. If you keep doing this until you max out the password length(which is typically 14 characters), then you will have an excellent password. After you have reached the max, you can continue to modify the last three characters ever so often.

Wonderful. You are now secure from little Johnny's cracker-bot. But summer is coming, and your lawn is so difficult to mow... and little Johnny really could use some extra cash... You decide that he's just a wayward youth, and decide to hire him to mow your lawn. When he asks to use your computer again, you say no. Case closed, right? He can't reset your router, so you're secure, right?

Not quite. You tip Johnny pretty well for his services, and so he sends you an e-mail of appreciation! You click on the link and read his stunning apology and sincere thanks for allowing himself to mow your lawn. What a nice boy, you think to yourself. One month later, you get your wireless bill, and your jaw hits the floor. But how? You check the router, and your password is still in effect. In fact, your password was never compromised! Or...was it?

If you look at the size of the e-mail that little Johnny sent you, you will see that the actual size of the e-mail itself was around 300kilobytes of data or so. But little Johnny just sent you a quick note, not a freaking novella. A text-only e-mail should never be above 50kilobytes, period(unless it is a manuscript). If you see that the size of the e-mail is larger than it should be, then chances are the e-mail is a Trojan horse. In this case, when you clicked on the link to open the e-mail, your computer was infected with a key-logger. A key-logger monitors every stroke from the keyboard and reports it to little Johnny in his house down the road. Since you are using your network, and the keylogger is on your machine, it has easy access to send the material back to the juvenile delinquent. You typed your password at some point, didn't you?

"But wecht! What about firewalls and or e-mail preview?" You ask. Well, e-mail preview no longer prevents trojan horses. So previewing an e-mail won't protect you at all. And second, your firewall is the reason why little Johnny sent you an e-mail in the first place. Firewalls monitor incoming traffic, and block suspicious activity, but they don't block anything that you explicitly request. And every time you click on a link, you are explicitly telling your router to acquire that information.

The weakest link in any security system is always the human element. Without you giving commands to your computer, the computer would not access any data at all. Remember that. The weakest link in ANY security system is always the human element.

These are just some basic and practical tips that will stop most cyber-intrusions. But if somebody really wants to access your personal information, and I mean _specifically yours_, then these tips won't stand in their way. There are are trickier tricks up the cyber-bandit's sleeve. However, the typically cyber thief is looking for generically useful information, like credit card numbers and advertising related information. If you don't crack easily, then they will give up easily.

No, the hackers that specifically target you are targeting you for a reason. And if they are targeting you for a reason, then you have either: 

1. Done something illegal.
2. Pissed off Anonymous.
3. Have A LOT OF MONEY.

You haven't done anything illegal, have you? 

Next post will deal with the Cell Phone platform, and the particular details of that platform. (Hint, hint: You are screwed. )


----------



## pcdoctorny (Mar 20, 2013)

I would also suggest to customize any piece of hardware you have home, such as computers, changing DNS, Access Control Lists and much more.


----------



## nerot (Mar 23, 2013)

Good info for those of us who are a little less tech savvy than others.:angel:


----------



## janus (Mar 24, 2013)

this is a great topic, particularly for people like us who can & do work from laptops in public wifi settings.  keep the good info coming.


----------



## Gumby (Mar 24, 2013)

Great info, keep it coming.


----------



## bazz cargo (Mar 24, 2013)

How to dodge a key logger:  Make notes of your passwords in a word processing program, then copy and paste them into the guardians request box. That also stops you from forgetting them. 

Back stuff up.

Clean out your cookies every day. You would be shocked at who follows you around and how many naughty things hide in cookies.

Back stuff up.

When was the last time you cleaned your keyboard and mouse?

Back stuff up.


----------



## janus (Mar 25, 2013)

i've recently come across an open souce program called TrueCrypt.  its an open source encryption freeware.  anyone else using it, and if so, your thoughts?


----------



## WechtleinUns (Mar 30, 2013)

*Practical Computer Security Tips, Part II*

*Hey everyone! I'm glad that the article was well received. My target audience for these articles are people who are, for lack of a better word, barely functional when it comes to computers. There's lots of good information that you have contributed, and I'm glad and thankful for that. I might write a more in-depth article for the more computer savvy after this series. *

In part one of the practical computer security series, we discussed some basic tips to improve your security and protect your information from identity thieves and people looking to gain unwanted access to your network on the desktop platform. As it turns out, a general rule of thumb is: "The older the technology, the easier to secure". This works for a variety of levels, though it isn't completely fool-proof. In any case, we discussed the desktop platform, which is a relatively mature technology compared to cell phones and tablets. But, now that we're on the topic, there are certain things you should know...

First, you have limited legal rights when using a telecom network. If you are browsing the internet via a smart-phone, then you should know that the telecom networks can and do view every single thing that you send. Unlike desktop internet service providers, which are required by law to comply with privacy restrictions, wireless telecom networks are much more de-regulated. Technically speaking, this isn't the entire truth. The amount of privacy that you give up when using a telecom network varies, depending on who your wireless provider is. Overall, however, you have less privacy when accessing telecom networks instead of using a desktop platform.

"But Wecht! I don't have to use my telecom network! I can use the wi-fi at the local library! Haha!" Yes. Yes you can. But be cautious when doing so, and here's why: Most public wi-fi networks do not provide secure wireless transmission. Remember little Johnny? Well, he's sick and tired of living with his parents, as he's grown quite a bit in the last few months, and he's a big boy know, and he wants his own pad and girlfriend. So he mosies on down to the public library and uses something called a tcp/ip sniffer. This bad boy listens to any public, unencrypted wi-fi networks over the airwaves, and reports it to it's boss. It's like a keylogger that doesn't actually need network access(once again, this is a half-truth. But unless your a network engineer, the difference is trivial.)

Using unencrypted wi-fi networks at all is an uneccessary risk, and puts you at a disadvantage from a legal standpoint. When you are dealing with a company like Verizon or Sprint, at least you have some legal recourse to invasion of privacy. But, when you are using public, un-encrypted wifi, you don't even know who to sue. In general, however, there are some practical tips that you can use to keep your security risk to a minimum.

If you are using a smartphone, go into your browser settings. It's different for every smartphone, so you'll have to learn the menu navigation by yourself. However, you're going to want to find an option called *Plug-In Settings*. Change the option from "enabled" to "on demand" or "click to activate". Here's why: Telecom networks charge you a lot more for bandwidth than desktop ISP's. So in addition to gaining security, you are also downloading less data when you use your phone, and that's a very good thing. You can use your phone more, and pay the telecoms less. A LOT LESS.

The most common plug-in's are flash plugins, so you shouldn't de-activate them. If you do, then you won't be able to see all those "cats" you look at when no one is home(If you know what I mean, you delinquent. ). If you're not on youtube or other flash-ubiquitous sites, however, then the vast majority of plug-ins you will see will be advertisements. But with click to activate, you see a little gray box where the advertisement is supposed to be. As long as you don't click on it(or tap it or whatever.), your phone doesn't explicitly request the information, and so you keep your data secure.

Now then, go to the official play store and download AND PAY FOR a firewall and antivirus application. Also, get yourself a battery shield. These babies maximize your battery usage by turning off frivolous settings that you don't even know about. This is good, because when it comes to cell-phone networks, your basically buying a pre-assembled platform that has god-knows what on it, and you have limited control. The more stuff you can turn off while keeping needed functioniality, the better. Note, you should PAY FOR THESE THINGS. In fact, here's a very good rule of thumb:

If you're paying for the app, then the guy is probably not a crook. He's got paying customers, and a steady cash-flow, and he has a vested interest in keeping his app reasonably secure. If you're getting the app for free, that's a sign to be cautious. If you're getting the app for free, and there is no advertising, that's a red flag. Smartphone apps generally don't all fit on your phone.

Believe it or not, your phone is not nearly as powerful as you think it is. Resource intensive applications don't actually do the processing on your smartphone. They send the data over the networks to a server, which uses its muscle to handle the heavy load, and then send the data back to your phone. This is all fine and dandy, except servers usually keep logs of the data that is sent them. Take, for example, Google. Do you think that Google deletes your information once it gets onto it's own servers? Yeah, right, and Bill Gates got rich by writing a bunch of blank checks.

The cell phone platform is new enough that legal terms regarding their use have yet to be inscribed in stone. And even then, most legalese is difficult to uncover and enforce. For example, if you get a contract for service with verizon, then you've pretty much given Verizon complete access to your data and use of your data for advertising purposes until that contract is up. If you buy the phone without a contract(which is prohibitively expensive, por supuesto), then you can at least tell them what you want them to be sharing.

What's worse, without root access to your smart-phone, you should be aware that the cell-phone companies can pretty much override your input and take over. They can shut it down and keep the data if you don't pay. Then, of course, there's the fact that if you have your cell phone with you, then you can be located by anyone in the world, no matter where on earth you are(except maybe a mile under the ocean, but let's not go there).

Cell-Phones are portable, and so are tablets and laptops, etc. That means they have their appeal. But just remember that that portability leaves you pretty much a sitting duck when it comes to security and sensitive information. Your mileage may vary, but if you really want to be secure, then:

1. Don't handle any financial information over your cell-phone.
2. Always use telecom networks, and stay off of public wi-fi(unless you absolutely have to. But you shouldn't have to. If it's portable, then you should at least have a portable network, right?)
3. Stay away from the pr0n, you delinquents!
4. Always pay for your apps.

If you follow these four rules of thumb, you'll be fine, security-wise. However...the system is sort of rigged. Smartphones usually wow their viewers with fancy graphics and slick interfaces, and it is just so easy to tap that small little "ToS" and "Eula" box. And if you don't, then you can't use the service, etc, etc, blah blah blah. Using a smartphone is a losing battle. You're forced into a contract, and it is a struggle to keep unwanted "services" turned off. And believe me, if you don't constantly check, they *will* be turned back on.

In fact, the best rule of thumb that you could follow is very simple:
1. Don't use a smartphone(I told you. You'd be screwed. ).

Ok. Now that we've been through the hell that is mobile technology, we're going to talk about my favorite platform: vt90 serial line modems and 56k baud rates!(Geek! Geek! Geek! I can hear you chanting now.) *NEXT** TIME...ON:*
*
The Powerpuff Girls! (lol, jk. It's practical computer security tips, part III.)*


----------



## nerot (Mar 31, 2013)

Thank you for all of this.  Nice to have someone spell it out for those of us who are bringing up the rear tech savvy wise.


----------



## WechtleinUns (Apr 14, 2013)

De Nada. 

I should probably start working on part three.


----------



## writersblock (Apr 15, 2013)

I totally agree with you on the Human element being the weakest link to computer security. I always get the same refrain during my day job -"Oh there's too many hoops to jump through nowadays!"- when I ask my clients to log into something. I have to explain to my clients everyday the importance of secure log in. Great article.


----------



## IanMGSmith (Apr 25, 2013)

Yep, some good advice in there.

How about this...?

If you go to "C:\Users\*your account name*\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys" there is a file called "settings.sol" which holds your Flash settings but also, like a tracking cookie, tracks your internet activity for Adobe and goodness knows who else. If you delete this file it will be re-created on opening any Flash product and it will also be re-created if you delete your browser history/cookies.

Your internet movements are worth money and are sold on and on and on and Big Daddy is definitely watching you.

Anyone know of a good Amish settlement offering assylum? LOL


----------



## IanMGSmith (Apr 25, 2013)

PS: user-tracking is also used to help improve site layouts and assess popularity but I still hate it. 

Call it a "pet hate" which became manifest when facebook continually pummelled me with adverts for funeral policies, walking aids, hearing aids, stairlifts, mortgage equity release, memory loss, erectile dysfunction and old age homes. Holy cr*p.  I run 5 and 10 Ks, play sport, pump iron, have sex three times a night and exaggerate as good as any 19 year old!  

So now, I clear all cookies and all browse history before allowing any site to plant cookies and on facebook I am "19 years old". Now I get delightful ads offering me education, Mac Donalds fried junk, computer games,  mobile phones and the opportunity to please older women LOL 

Sometimes, just for a laugh, I deliberately allow a site visit to remain in history before going on facebook, say "pregnancy tests", and then I get adverts offering me all kinds of pregnancy stuff. What a laugh! I must be a bit warped. LOL


----------



## Lewdog (Apr 25, 2013)

I don't understand why I keep getting all these adds for erectile dysfunction.


----------

