Avoiding password stress with Sticky Password

There are so many websites and communities out there that require unique credentials for logging in. Over time, if you’re like me, you’ll end up with a whole pile of different usernames and passwords for every which place.

Sticky Password Pro 6 steps in to solve those problems. The program acts as a master database of all of your usernames and passwords, taking care of the memorization and letting you relax your brain just a bit.

Sticky Password is your personal password and form filling manager. It makes browsing, website and application login fast and secure. It protects your passwords, personal notes and bookmarks on your computer and on the road.

With Sticky Password, you can:

  • login automatically to your favorite websites
  • fill in online forms with one click
  • generate, encrypt, and store strong passwords
  • protection against identity theft, phishing and key-loggers
  • easily manage your application and website passwords
  • USB portable version: take all your passwords with you

Click the video below to see Sticky Password in action

Data Servers

Netgear ReadyNAS duoLooking for an efficient way to share, backup and remotely access your data?  If so, you need a data server, otherwise known as Network Attached Storage (NAS) device.

The Netgear ReadyNAS Duo is one example of a network attached box that holds two hard drives.  It connects to your router by LAN cable, using 1000 Mbps ports.  It also includes 1x USB 2.0 on the front of the device, and 2x USB 3.0 ports at the rear.

Netgears setup software allows you to create shared and/or private folders on the data server.  The data server also allows remote access to the devices folders, using VPN.

I installed a Netgear ReadyNAS Duo for a small business client recently.  This would also be very useful in the home environment, where the data server holds your media collection, making it available to all PCs in your home, and also allows you to remotely access the data server from work to retrieve an important document – while your PC is safely turned off.

 

If you would like to discuss a data server, contact Tailormade IT Solutions.

Disabling Browser Autocomplete

Browser Autocomplete is a feature in most modern web browsers.  It’s a handy feature which saves time by storing passwords for later use.

 

Firefox Browser Autocomplete

 Firefox Browser Autocomplete

In this short example, I’ll use Internet Explorer to log into a Google account.  As you can see, Internet Explorer asks if I want it to remember this password.

Should I remember this password ?

Internet Explorer Browser Autocomplete

 

While this feature can be handy, it does present a security issue as a freely available hackers tool will mine these stored passwords and display them.

 

Hacker tool mines stored passwords

Hacker tool displays stored passwords

 

Disabling Browser Autocomplete is a simple process, which is shown below.

 

Turning off the Auto-Complete feature:

The Internet Explorer Auto-Complete feature can be disabled by following these steps.

  1. Open Microsoft Internet Explorer.
  2. Click Tools and then Internet Options.
  3. In the Internet Options window click the Content tab.
  4. Click the Auto-Complete Settings button.
  5. Uncheck the option User names and passwords on forms.

The Firefox Auto-Complete feature can be disabled by following these steps.

  1. Open Mozilla Firefox.
  2.  Click Firefox/Tools and then Options.
  3.  In the Firefox Options window click the Security tab.
  4. Click Saved passwords to view and clear history.
  5.  Uncheck the Remember passwords for sites option.

 

 

Avoiding dodgy emails

Avoiding dodgy emails

Phishing is an attack used by hackers to gain access to private information such as credit card numbers and user passwords.

Phishing is a social engineering attack where targets are typically duped into providing this information directly to false versions of legitimate websites run by the hackers. Personal information can then be used for fraudulent purchases, resale to third parties and even identity theft.

 

Pictured is a screenshot from a phishing email I recently received from a client who was suspicious.



 

What would the natural reaction from an account holder be?

“I never sent Nickolas Sims $498 – I’d better click the link and put a stop to this” Of course that sense of emergency may mean you get flustered and click the link and fall for the fake PayPal site. Enter your details and the bad guys have it.

 

So let’s have a look at the warning signs:

Incorrect recipient address information

The email is addressed to multiple recipients, as if this payment was made by you AND all your friends (I’ve obscured the email addresses for privacy)

Impersonal greeting

The email says “Dear PayPal Customer” – Phishing scams rarely know the real names of its targets and tend to rely on general greetings like Dear user. PayPal know your name and use it when emailing you.

Convoluted hyperlink

Hyperlinks in email messages should be distrusted in general, but long and convoluted hyperlinks like the one below should cause heightened suspicion.

Normally PayPal resides at the URL PayPal.com. If you hover over one of the links (as shown below) you will notice the link actually goes to a website in .com.ar – that’s Argentina.

No offer of additional information

There is a “Help Centre” link but that link goes to the same website address based in Argentina. In fact ALL links go to exactly the same address!

Warnings from email client

A well-designed email client may detect many of the irregularities listed as well as check for suspicious points of origin (e.g. spoofed emails) and links to insecure servers.

Warnings from web browser

If for some reason you actually clicked on the URL, your web browser might give another warning, alerting you that the URL has already been reported as a forgery, or is not secure.

 

Summary

Most phishing email messages wont contain all of the above characteristics and probably will contain other defining characteristics not mentioned. Phishing is an evolving practice due to its lucrativeness and increased usage by organized crime.

If you receive an email that contains one of the above characteristics then be extremely cautious. If the email is threatening the termination of a service, simply let it happen. No company worth doing business with is going to maintain its records by firing off thousands of email messages to various Hotmail and Yahoo accounts in hopes of reconciling its financials.

How can I protect myself from a phishing attack?

 

There are several steps you can take to protect your computer from today’s cyber threats. Following the simple guidelines below will help minimise the risk of attack.

 

  • Be very wary of any email messages asking for personal information. It’s highly unlikely that your bank will request such information by email. If in doubt, call them to check!
  • Don’t complete a form in an email message asking for personal information. Only enter such information using a secure website. Check that the URL starts with ‘https://’, rather than just ‘http://’. Look for the lock symbol on the lower right-hand corner of the web browser and double-click it to check the validity of the digital certificate. Or, alternatively, use the telephone to conduct your banking and report anything suspicious to your bank immediately.
  • Don’t use links in an email message to load a web page. Instead, type the URL into your web browser.
  • Check if your anti-virus program blocks phishing sites, or consider installing Kaspersky Internet Security (links below) or other antivirus software that alerts you to known phishing attacks.
  • Check your bank accounts regularly (including debit and credit cards, bank statements, etc.), to make sure that listed transactions are legitimate.
  • Make sure that you use the latest version of your web browser and that any security patches have been applied.

 

Protect your identity from phishing attacks

Prevent cybercriminals from stealing your digital identity thanks to anti-phishing protection technologies inside Kaspersky Lab’s Internet security software which leverage lists of known phishing websites, proactive anti-phishing technologies and the latest information from the cloud.

PC


Kaspersky Internet Security 2012

MAC


Kaspersky Anti-Virus 2011 for Mac

MOBILE


Kaspersky Mobile Security 9

The dangers of password reuse

With so many passwords to remember now days, and increasing security about how long, how complex, and how often they must be changed – it’s no surprise many of us reuse the same password on multiple websites.

Many websites

 

Unfortunately a current trend of hackers is to publicize usernames/passwords obtained from hacking websites, by posting them online for all to see. People have taken the information and logged on to people’s personal sites: taking money from PayPal accounts, replacing dating site profile pictures with pornographic images, and engaging in chats using other people’s Facebook accounts.

 

Time to make technology work for you.

The following video shows two methods used and recommended by Tailormade IT Solutions to overcome this problem.

 

Fingerprint Scanner

By using a fingerprint scanner, you can store a variety of complex passwords and just logon to your PC and/or web sites with a swipe of your finger. A lot of new laptops come with fingerprint scanners, and for other users USB fingerprint scanners are available.

The big benefit of fingerprint scanners are:

 

Password File

Keeping a password file stored safely inside a TrueCrypt encrypted vault ensures that you have a backup/reference of them. TrueCrypt supports AES encryption (which is used by the US military to encrypt data up to the top secret level)

How safe is TrueCrypt: Lets look at a real world story.

The Brazilian National Institute of Criminology tried for five months to obtain access to the encrypted data of a Brazilian banker suspected of financial crimes without success, before turning over the job to code-breakers at the FBI in early 2009. US computer specialists also drew a blank even after 12 months of efforts to crack the code.
 

Source: http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/

 

The big benefits of using TrueCrypt are:

  • All passwords are stored securely and can be accessed by remembering one password – the TrueCrypt password.
  • As the password file is located on a secure USB stick, it is transportable.

Available for Windows 7 / Vista / XP, Mac OSX, and Linux.

 

Protecting data on your USB sticks

Everyone using USB sticks to transport valuable information should be using encryption – just in case it is lost.

 

In the news recently, the Dept of Defence has lost a USB drive containing sensitive health information of military personnel and their families. The data was on an unprotected USB drive misplaced by a researcher flying from Brisbane to Canberra on 11 May 2012. Source: Sydney Morning Herald

 

DONT LET THIS HAPPEN TO YOU !

 

Tailormade IT Solutions has created a video that demonstrates how to protect your data by creating an encrypted USB stick using TrueCrypt, and shows the error message encountered if someone finds and tries to access the USB.

USB + TrueCrypt = Protection

 

Tailormade IT Solutions uses TrueCrypt encrypted USB sticks whenever transporting sensitive information.

TrueCrypt is FREE, open-source, disk encryption software and can be used to encrypt USB drives/Memory sticks – protecting your information in the event that you lose it.

Be wiser than the Dept of Defence and use it !

Download TrueCrypt

Available for Windows 7 / Vista / XP, Mac OSX, and Linux.

Online Privacy

Ad companies and social networks are tracking everything you do on the web. They know what sites you visit, when you visit them and how often you do…and they know who you are.

This easy to use, FREE utility prevents social networks and advertising companies tracking your internet usage.

If you dont think online privacy is a problem, watch this video.

 

 

Download DoNotTrack+

Using TrueCrypt to protect important information

TrueCrypt is FREE, open-source, disk encryption software and can create encrypted containers (as shown in the video) and it can also be used to encrypt a whole USB drive/Memory stick – protecting your information in the event that you lose it.

Download TrueCrypt

Available for Windows 7 / Vista / XP, Mac OSX, and Linux.

This short video demonstrates how easy it is to protect important information using TrueCrypt.