678PC

Archive for the ‘Security’ Category

So
you’ve been computing for quite a few years now, and you’ve built a
nice collection of hard drives, internal or external, collecting dust
in the corner. Here’s how to put them to good use.

10. Turn an Old Hard Drive into an External Drive

If you don’t have a ton of external drives lying around, you might still have a bunch of old internal drives, and the best thing you can do is put them in a USB enclosure so they see some use.
Furthermore, this trick also works for upgrading existing external
drives: if it dies or becomes too small to be useful, you can always
swap the current drive out of the enclosure for a better one you have
collecting dust.

9. Back Up Your Computer

If you haven’t set it up already, one of the most popular (and most
important) uses for an external drive is an automatic backup. Whether
you’re using Mozy, SyncBack on Windows, or Time Machine on OS X, an automatic, local backup is a must to make sure you don’t lose any of your important data to the ever-looming possibility of drive failure.

8. Clone Your Current Hard Drive

While backing up your data allows you to restore it should anything bad
happen, using those external drives for direct clones of your current
drive gives you a much faster solution. It requires more manual work,
but in the event of a drive failure, you can be up and running again in
no time (as opposed to reinstalling your operating system all over
again and then transferring all your data, which can be done when you
have the time to do so). We’ve walked through how to clone your hard
drive in both Mac OS X and Windows.

7. Back Up Your Backups Using Windows Home Server

Local backups are great, but they’re still vulnerable to lighting
strikes, fires, floods, and other immediate disasters. While you can
automatically back up your computers to a Windows Home Server, it’s
nice to have a backup of the server, too—even if it’s a backup of critical files and not a full backup—to keep in certain, more protected places.

6. Use an Extra Drive As a Scratch Disk

If you have a FireWire capable drive and do any kind of video editing,
using it as a scratch disk instead of your internal drive can really
speed things up. Caching files to your internal drive can put quite a
load on it, because it’s constantly reading and writing from the same
drive. By shifting that cache to another drive
(connected with FireWire or something speedy), you can increase the
speed of your renders and exports, making you a happier video editor.

5. Swap the External Drive with Your Computer’s Drive

Sometimes, you’ll actually buy an external drive for one purpose or
another, but realize you don’t need the space. In cases like this, you
can actually open up the enclosure and replace your laptop’s hard drive with the better one,
and use your older, slightly outdated drive in the enclosure (you can
even buy an external drive just for this purpose—it’s remarkably
cheaper than an upgrade from Apple).

4. Use the External Drive’s Controller to Connect Other Peripherals via USB

External drives work by having a controller that converts SATA or IDE
connections to USB. If you have an old IDE optical drive that you only
need every once in a while, you can take the circuit board from an old,
IDE-based external drive enclosure and connect it to your computer via USB.
It’s remarkably useful for netbooks that don’t have optical drives, or
those really rare occasions you need to install something from CD on
your newer, IDE-less computer.

3. Back up and Play Your Wii Games from an External Drive

You love your Wii, but your discs are fragile, disorganized, and easily misplaced. By backing up those games to an external hard drive,
you can decrease your load times, protect those disc from harm, and
always have your games on hand whenever you have a hankering for some
Wii.

2. Move Your iTunes Library to an External Drive

If your music is the reason your hard drive always seems full, consider
moving those music files to an external drive. Not only can you do so while keeping your preferences and playlists intact, but you can then use previously mentioned iTunes Export to take the most important music and export it back to your space-challenged laptop.

1. Run XBMC From a USB Drive

If you don’t want to build a full-fledged XBMC computer, you can always put XBMC Live on a USB drive
and connect it to an already built computer for certain occasions. And,
while you could do it with a USB thumb drive, a larger, external hard
drive would allow you to store your movies and TV shows on it, thus
saving you precious space on your main computer.

To utilize your existing hard-drives, purchase a new one, setup a home backup, or help with any of the other things listed above please call 678PC for a free estimate – 678.404.1001

Facebook is in the process of testing a new feature which lets you subscribe to all the actions of a specific user. In other words, you can receive notifications anytime a specific user takes an action on Facebook. It also appears to be Facebook’s answer to Twitter’s follow feature. As a Facebook user who has seen the feature explained to us, “By subscribing you don’t miss any updates from people you subscribe to.”

This could also serve as a new engagement opportunity for Pages if Facebook enabled users to subscribe to their activities as well. The result would be a fan count and a “subscriber” count, which is the number of people who are guaranteed to get all of your updates. For the time being it appears to just be a test, however this would definitely change the communications flow within Facebook. It’s also the ultimate stalking tool!

While I’m not quite sure how advanced this feature will be, you could imagine a system in which you get a mobile notification every time one of your friends that you’ve subscribed to makes an update. I think that stalker aspect of the feature could also result in some backlash. Previously, it was chance if a friend’s information was displayed in your feed, however this will remove chance from the process.

As the image below illustrates, you’ll be able to subscribe to the user and then a notification (like the one pictured in the second image) will alert you whenever the person updates their status, posts a photo, or shares a link. However I’m not sure if a notification will also show up if they like things or check in places. We’ve reached out to Facebook for more information about the feature, however we’re not sure if they’ll provide any details as the product is currently in testing.

Update
Facebook gave us the following statement: “This feature is being tested with a small percent of users. It lets people subscribe to friends and pages to receive notifications whenever the person they’ve subscribed to updates their status or posts new content (photos, videos, links, or notes).”

 

 

Facebook on Thursday added a remote log-out feature that will allow users who accidentally left themselves logged in on a particular device to end those sessions from another location.

"Have you ever borrowed a friend's phone to use Facebook and then forgotten to log out before you handed it back? Maybe you logged in from a public computer, but accidentally walked away with your Facebook session still active," Facebook wrote in a blog post. "Now, you can see if you're still logged in on other devices and immediately log out on those devices from one central control in your account."

The "Account Security" section of your Account Settings page will now include a menu that displays "Most Recent Activity," as well as "Also Active," if your account is signed active in two or more locations.

Facebook will show log-in time, approximate location based on IP address, and browser and operating system. It will also show device name if you have enabled Facebook's log-in notifications feature.

If you notice a location that is unauthorized or you know that the listed location is your friend's cell phone or a public computer from which you forgot to log out, you can click the "end activity" link to the right of the listing to end that session.

"Control isn't just about deciding what you share and with whom you share it; it's also about being able to keep your Facebook login secure," Facebook said.

Facebook said the service is now rolling out gradually to all of its 500 million members.

Google has had a similar remote log-out feature enabled in Gmail since 2008. Earlier this year, Google introduced a feature in Gmail that alerts you at sign-on if Google believes your account has been compromised.

 

Call 678PC for a free estimate regarding the security of your personal information.

A group of hackers exploited a hole in an AT&T Web site to get e-mail addresses of about 114,000 iPad users, including what appears to be top officials in government, finance, media, technology, and military.

The leak could have affected all iPad 3G subscribers in the U.S., according to Gawker, which broke the story on Wednesday. Among the iPad users who appeared to have been affected were White House Chief of Staff Rahm Emanuel, journalist Diane Sawyer, New York Mayor Michael Bloomberg, movie producer Harvey Weinstein, and New York Times CEO Janet Robinson.

A group that calls itself Goatse Security tricked the AT&T site into disclosing the e-mail addresses by sending HTTP (hyper text transport protocol) requests that included SIM card serial numbers for iPads, the report said. Because the serial numbers, called ICC-IDs (integrated circuit card identifiers), are generated sequentially, the researchers were able to guess thousands of them and then ran a program to extract the data by going down the list.

AT&T spokesman Mark Siegel confirmed the breach to CNET, saying the company turned off the feature that provided e-mail addresses on Tuesday, one day after learning of the problem from someone not affiliated with the hacker group.

“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device,” he said in a statement.

“We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained,” he added. “At this point, there is no evidence that any other customer information was shared.”

Representatives from Goatse Security did not respond to an e-mail or phone call seeking comment, but Goatse analyst Jim Jeffers gave an interview to CBS News. The group, whose name references an Internet shock Web site, looks for security holes in software, including browsers.

Jeffers said the attack could have allowed someone to take control of the iPad and that potentially every 3G iPad subscriber was affected. Although AT&T maintains that only e-mail addresses were compromised, Jeffers said “it will allow someone who does the proper research to possibly target iPad 3G users and take over their iPads, and they could sniff traffic, they could act as the user of the iPad.”

Jeffers also said the group had contacted AT&T and waited until the company fixed the hole before going public with it.

Representatives from Apple did not respond to a request for comment.

A Web site issue
The problem is solely related to security on AT&T’s Web site and not Apple’s tablet, security experts stressed. Meanwhile, the type of weakness discovered in the AT&T site is fairly common, they said.

“It is an authentication error to not require user authentication before returning private data,” said Chris Wysopal, chief technology officer at Veracode. “This is the type of vulnerability that would be found with a very basic Web application assessment. Apple should require its service providers to show proof of an assessment of its Web apps if sensitive Apple customer is stored there.”

Neither e-mail addresses nor SIM serial numbers are considered to be sensitive information, experts said.

“Doesn’t seem like a huge deal to me,” said Charlie Miller of Independent Security Evaluators. “It’s not like peoples’ Social Security or credit card numbers were compromised.”

But try telling that to Rahm Emanuel or any of the officials in the Defense Department, federal court system, or Goldman Sachs whose e-mail addresses could be targeted for phishing and other attacks.

“Now everyone in the world knows these people have iPads, and here’s their serial number and here’s their e-mail address,” said Bill Pennington, chief strategy officer at White Hat Security. “This puts them in a more vulnerable state.”

There is also the possibility that a SIM serial number could be used to get other customer information through this or other vulnerabilities on the AT&T site, he said. And there’s a chance that not only iPad users were put at risk. “I believe this number could identify any 3G device on the AT&T network,” not just iPads, Pennington said.

“Obviously, AT&T is using the ICC-ID as some sort of authentication mechanism,” said Kevin Mahaffey, chief technology officer at mobile security firm Lookout.

“The question is: in the back-end are there other systems that are using the number as an identifier for other things?” he said. “There is a trend to use identifiers associated with devices as a way to trigger billing or interact with the account. There is some trust associated with these numbers.”

Another security expert said the breach revealed enough information that a determined attacker could use to target the specific device.

“At least in the United States, some major GSM providers are known to use ICCID values that contain the lower nine digits of the International Mobile Subscriber Identity (IMSI), which is considered to be a protected value. The other digits that make up an IMSI are either known or can be easily guessed by an attacker,” said Don Bailey, a security consultant at iSEC Partners.

“Knowing a subscriber’s IMSI allows a potential attacker to target that specific subscriber’s GSM handsets or devices using an IMSI catcher, which itself is a device that can intercept or manipulate GSM traffic,” Bailey said. “An attacker with access to an IMSI catcher can intercept the traffic of high-profile targets potentially leading to a loss of privacy. With the lowering cost of IMSI catching equipment, the ability for an attacker to correlate ICCIDs with high-profile individuals, then derive the IMSI from each ICCID, is a substantial threat to both corporate and personal privacy.”

According to Gawker, Goatse Security shared the exploit it wrote for the AT&T site with others. But Pennington said it seemed like the hackers were more interested in shaming AT&T over lax security than making money off the situation.

“I don’t think the data would have a lot of value in the underground,” Pennington said. “I think their primary motivation is shame and guilt.”

For more information about protecting your information and personal security please contact 678PC at 678-404-1001

With all t

he talk lately about
Facebook’s flawed privacy systems, it’s a good time to consider what
you’re making available elsewhere on the web and on your system. These
10 settings tweaks and setups make your web life a little less public.

Note: The most basic means of boosting your privacy in any computer system is encrypting your data,
but that’s more of a system setup than a slight change to your usual
setup. Still, it’s worth looking into if you’ve got files for your eyes
only.

10. Run a Background Check on Yourself to Know What’s Out There

It
takes only a few seconds to know what Google knows about you, but there
are many, many other avenues into your past and present on the web.
Want to know more about what a potential employer can know? Consumer
action blog Consumerist has a nicely comprehensive list of background check tools
to try out. You shouldn’t try and run them all, but at least get a feel
for what can be known about you with just a few clicks. Photo by omk_489. (Original post)

9. Skip Incognito/Private Browsing and Really Leave No Trace

Private
browsing modes might prevent your coworkers or roommates from seeing
where you wander on the web, but you still leave plenty of traces for
someone who knows where to look. Take the How-To Geek’s advice and really browse without leaving a trace. Wipe away Flash cookies, clean out DNS caches, and automate your system so every boot-up is a fresh start.

8. Pick Better Security Questions

Some
security questions and password recovery schemes offered by webapps are
so bad, anyone with your casual acquaintance and a small amount of
Google savvy could poke into your email whenever they felt like it. To
get around weak security questions, use blogger danah boyd’s security question algorithm.
Instead of straight-up providing your mother’s maiden name, use a
scheme, such as “[Snarky Bad Attitude Phrase] + [Core Noun Phrase] +
[Unique Word],” so that your answer becomes “StupidQuestion MiddleName
Booyah,” substituting “MiddleName” for the actual answer. If you’re
lucky enough to be able to choose your own security questions,
Lifehacker reader James has written about the best kinds of questions at his blog. (Original posts: memorable answers, good questions).

7. Set Up BitTorrent for Private Downloading

BitTorrent
is a public commons of file sharing, and that means that all kinds of
folks interested in, say, what your home IP address is, and what you’re
downloading, can dig into it. With both a proxy and settings in your
favorite torrent app, you can protect your privacy when downloading. Nothing’s foolproof, but a few checkboxes and a different downloading path can do a lot to give you great peace of mind.

6. Know Your Google Settings

If
you’re anything like us, or most of our readers, you’ve got a lot of
your life floating around in Google’s cloud-based apps. It pays, then,
to know how to set what Google shares publicly about you, how much of
your search history is being saved, and how to back up your data so
you’ve always got your own copy. These are among the 10 Google settings you should know about
that center on privacy and data retention, though it’s always a good
idea to know the parameters of the spaces you share your data in.

5. Know How to Travel Without Being Spied On

Just
because some countries have widespread net access doesn’t mean it’s an
open and private web. It’s often meant to deter dissidents in
strong-handed regimes, but why take the chance of letting your web data
fall into the wrong hands? One Lifehacker reader, wishing to remain
anonymous and in a non-specific region, crafted a survival guide for traveling where privacy isn’t respected. Using secure Gmail, carrying two cloned USB sticks, relying on KeePass and TrueCrypt
for passwords and encryption, and knowing how to send data over the web
without having it looked at are all good skills to have, both for
traveling and in general. Image a composite of photos by hemmob and nolifebeforecofee

4. Know Where You Stand With Facebook at a Glance

Facebook has promised “simplistic” privacy settings coming soon,
but in the meantime, knowing exactly what you’ve offered to share or
keep private is far from transparent. One very crafty hacker at
ReclaimPrivacy has put together a settings-scanning bookmarklet
that shows what you’re sharing beyond your social circle, and offers
links and automatic fixes for those settings. Another coder, Ka-Ping
Yee, offers a site that shows what the public web can see on Facebook,
some of which you can then remove. They’re both excellent eye-openers,
both for your own account and for friends who refuse to consider what’s
being shown out there. (Original posts: ReclaimPrivacy bookmarklet, Facebook public).

3. Run Your Browser Through a Proxy

It’s
not something you’ll want to do all the time, but once in a while, you
might want to hide your online tracks. To do so, you can use the go-to
web randomization tool, TOR,
which has tools available for nearly every OS and browser. For a DIY
solution that can work from any browser, we’ve detailed installing the
free PHProxy tool on your home computer or hosted web space to get around restrictions and slightly disguise your tracks. You could also run a proxy through Google’s App Engine, and go the full-tilt geek route of encrypting your browsing with an SSH SOCKS proxy. Any way you choose, it’s a smart skill to have handy for dodgy connections and restrictive networks.

2. Better Protect Your Mint.com or Other Financial Accounts

The
thing that makes Mint.com such a convenient one-stop shop for financial
data and budgeting also makes it a gold mine for anyone looking to
learn more about you, or know which accounts they could try to jump
into. Security professional Jason Owens provides some smart tips on better protecting your Mint.com account
that can apply to any site where you manage your financials. Key among
them—don’t use your regular email address. Set up a new email address
you don’t tell anyone about as your login/password verification
address. You can forward its mail to your main email, sure, but if
someone compromises your email, don’t make it too too easy for them to
get a hold on your finances.

1. Stay Available on Facebook Without Really Being In It

You
might have considered quitting Facebook, but stopped short because it’s
how a few far-flung friends and relatives stay in touch, or a place
those without your email address can ping you. We can understand, and,
luckily, have a halfway solution to recommend. Quit Facebook without really quitting,
as Whitson did. Create a new account, linked to a different email, and
set it up so that your old friends are still there, but Facebook, even
at its most Draconian, can’t really reveal all that much about you, and
your friends can’t really overshare without your permission.

---

What steps have you taken recently to bolster your own web or
desktop privacy? What would you like to fix, but need some pointers on
doing so?  For a free estimate and great prices call 678PC today at (678)404-1001

Now
you can know what Big Brother knows about you and get access to the
same dirt everyone from your boss, landlord, insurance agent, to your
favorite casino has on you. Here is a comprehenisve list of websites
and phone numbers for most of the “specialty” consumer reports, like
your employment, rental, and check writing history. Be sure to check
them out and correct any errors, before a crisis hits.

Employment History Reports
The Work Number
ChoicePoint (866) 312-8075
Acxiom
Abso

Tenant History Reports
ChoicePoint (877) 448-5732
First Advantage SafeRent (888) 333-2413
Tenant Data Services
RentBureau
UD Registry (818) 785-3905

Auto & Home Insurance Claim Reports
ChoicePoint
Insurance Services Office (ISO) (800) 627-3487

Credit Bureaus Reports
Equifax
Experian
Transunion
Innovis
Payment Reporting Builds Credit (PRBC)

Full File Disclosure/Personal Information Reports
ChoicePoint
LexisNexis

Check Writing History Reports
ChexSystems (800) 428-9623
TeleCheck (800) 835-3243.
Shared Check Authorization Network (800) 262-7771 Fax: (800) 358-4506

Health History Reports
Medical Information Bureau (MIB) (866) 692-6901

Prescription Drug Purchase History Reports
Ingenix MedPoint
Milliman IntelliScript

Social Security Statement
Social Security Administration

Purchase Returns History Reports
Retail Equation

Gaming Patron’s Credit History and Transaction Data
Central Credit

Other Reports
TeleTrack

Utilities & Telecommunications Reports
National Consumer Telecom and Utilities Exchange, Inc (NCTUE) Call 1-888-201-5643 for reports

(Thanks to Bob!)

SOURCES:
Do A Background Check On Yourself [Consumerist]
[Consumer Reports]
[PrivacyRights]
[Bankrate]
[Listergeant]
[MyFico Forums]
[CreditBoards]

If you would like assistance in researching information regarding yourself or others please contact 678PC at 678-404-1001 especially for those in the Metro Atlanta area.

Today we’ll learn how to hide data
in a text file that can’t be seen by anybody else unless they know the
name of the secret compartment.

How it Works

Ever since Windows 2000, the NTFS file system in Windows has supported Alternate Data Streams,
which allow you to store data “behind” a filename with the use of a
stream name. It’s not detectable while browsing the file system, or
anywhere within Windows… you can only access it with the “secret key”
which is really just the name of the stream.

You can think of these extra streams as secret compartments within
the file, that can only be accessed if you know the “secret code”,
which in this case is just the name of the stream.

This isn’t a completely secure way to hide data as we’ll illustrate below, but it’s a fun trick to know about in a pinch.

Note: This only works on a drive formatted with NTFS.

Hiding Data in a Secret Compartment

In order to use this feature, you’ll have to open a command prompt and use the following syntax:

notepad SomeFile.txt:SecretWordHere.txt

You can use anything after the colon as a secret word, the key is
that there can’t be any spaces between the first filename and the colon.

 

If you didn’t specify .txt on the end, Notepad will automatically
add it, and ask if you want to create a new file, even if SomeFile.txt
already existed, because SecretSquirrel!.txt doesn’t already exist.

Now you can enter in whatever data you want here and save the file:

When you look at the file, it will still be the exact same size as before:

You can even open up the file by double-clicking on it, and add whatever data you want to make the file look normal:

 

You can use the command line again to add a second hidden “compartment” with a different name:

You can add whatever other information to this file that you’d like:

None of these hidden files will affect the other, or change the main
file. Just remember you have to use the command line to access the
hidden data.

Note: Once you create a hidden stream, that stream isn’t exactly
part of the file… you can’t copy your file to another location and
access the streams over there.

Detecting Files with Streams

Of course these files aren’t completely hidden from everybody, because you can use a small command line application called Streams.exe to detect files that have streams, including the names of the streams.

For instance, in my scenario we’d use the following syntax:

streams.exe SomeFile.txt

As you can see, the names of the streams are shown, which would allow you to easily access them.

Deleting Streams

You can use the same Streams.exe command to delete all streams from
a file, although I don’t think you can delete just a single stream. Use
the following syntax:

streams.exe -d SomeFile.txt

 

As you can see in the screenshot, the streams are now removed from the file.

Adding to Hidden Streams from the Command Line

You can add data to a hidden stream by using a number of commands,
or really anything that can pipe input or output and accept the
standard FileName:StreamName syntax. For instance, we could use the
echo command:

echo “Neat!” > SomeFile.txt:Test

You can see with the streams command in the example above that we now have a hidden stream on the file.

Reading a Stream From the Command Line

You can read data from the stream by piping data into the more command, using this syntax:

more < FileName:StreamName

In my example the actual command was this:

more < SomeFile.txt:SecretSquirrel!.txt

As you can see, the secret data that we added is outputted to the console.

Conclusion

This isn’t a secure way to hide data… for that you should use
TrueCrypt. It’s just one of those things that can be fun to use and
might come in handy here or there.

If you need actual file encryption or would like to explore other data security options for your home or business please call 678PC at (678)404-1001.  Especially if you are in Metro Atlanta  or Gwinnett County

Copy Machines, a Security Risk?

GET YOUR PERSONAL OR BUSINESS HARD DRIVE CLEARED OFF TODAY FROM 678PC
SALES@678PC.com
678-404-1001

Most people take precautions to wipe data off their computers’ hard
drives before getting rid of them, but take note: Most copy machines
store a digital image of every document scanned or copied.

As explained by a CBS investigation (see video above) and highlighted by
tech blog Digital Inspiration, the built-in hard drive of most
photocopiers contains and stores this information to improve overall
performance. The catch is that it allows anyone access to anything ever
scanned if they know how to, which turns into a huge security risk if
you decide to get rid of the machine without wiping out the hard drive:

GET YOUR PERSONAL OR BUSINESS HARD DRIVE CLEARED OFF TODAY FROM 678PC
SALES@678PC.com
678-404-1001