Protecting Yourself From Identity Theft – Outsmarting The Challenge Question

January 10, 2008 By 1 Comment

I have really been focusing a considerable amount of energy on security lately. I have been looking at some of our conventional wisdom and trying to decide how it fits in with our current world. Is it still relevant or does it needs some to be updated.

That brings me to the topic of tonight’s post, the secret question. The secret question is the one that many of your more important services will ask you to supply an answer to so they can verify who you are. The most common question is what your mother’s maiden name is. They will also ask things like, where were you born, what is your dad’s middle name, what was your high school mascot, and many more just like that. The problem with these types of questions is they are easy for someone to socially engineer out of you.

My philosophy is this. Questions that have real answers are easier to answer than questions that don’t have real answers. When you are asked for your mother’s maiden name, pick a word or name or even a series of alphanumeric characters to supply as your answer. Don’t use your mother’s real maiden name. It is easy for someone to find out your mother’s maiden name. Hell, she might even tell them if they ask nice enough. They won’t be able to find out her maiden name is $fop()5tHg.

Filed Under: Internet Security Tagged With:

How Secure Are Your Passwords?

January 9, 2008 By 2 Comments

For many years, the conventional wisdom has been to never write down your passwords. You are suppose to make a strong password and remember it. This practice is very secure, however it is not practical in todays electronic society. Remembering 1 strong password is easy. Remembering 100 is a completely different thing.

In my opinion, forcing yourself to remember the strong password means you will use the same password in multiple places. This will leave you very vulnerable if your password is ever compromised. This also brings the “weakest link in the chain” effect into play. Your banks computers may be strong and your account information may be very secure on them. That internet message board or website you register with may not be as secure with the password to your electronic vault.

I carry a journal with me that has my passwords. I also guard the journal the same as I do my wallet. A journal may be overkill for most people so you could also write down your passwords and a single sheet of paper and store them in your wallet. Make sure you make a copy and stick it with your other valuable papers in a safe or safety deposit box. I create unique passwords for all of my sites and I write them down on a dedicated section of the journal as soon as I create a new account. I also don’t use words or dates in my passwords. Those are a lot easier to brute force than tougher passwords. For example, your name and birth date isn’t a good password. #eL9~ukl5f$ is a good password. EDqz~!)Oy$R:>jp;sd80_xCY}P=1^NVi41{.%GwPB”Dfqo4P,gentAG is an even better password. That last password is a 63 random printable ASCII character password generated by GRC’s Ultra High Security Password Generator. If someone can break that password, they were going to get your info anyway. I know some people have a tough time generating their own passwords so use that site. Steve Gibson of GRC is a legend in computer security.

It is ok to write down your passwords as long as you protect them and make sure you use different passwords for every logon you need. That way if one password is compromised somewhere you only have one password to change.

Filed Under: Uncategorized Tagged With:

Foxmarks 2.0 Upgrade Problems

December 28, 2007 By Leave a Comment

Well, like most other people I upgraded my Foxmarks to version 2.0 recently. What a pain in the ass that was. I should actually read the release notes to see why we needed a new version. The biggest change is probably the bookmarks file itself. I see it went from .xml to .json. Hopefully there is a good reason in there to account for all the headaches caused by the upgrade.

I had been using the custom FTP settings and had plenty of trouble getting it to work after the upgrade. This is what I did to make it work. First, set up your custom FTP server address. I could never get Foxmarks to work when I put in the URL to my FTP server. I had to put in the IP address on several different computers and it would finally work. That looked like this:

ftp://XXX.XXX.XXX.XXX/foxmarks.json

Not sure why Foxmarks is having DNS problems but that seems to be the case. The FTP server answers to the url just like it should. The only thing I can think of that could be causing it is the server is is using 1 ip for different websites and using the host header to forward the traffic properly. If that is the problem, it explains why so many people are having trouble with the custom FTP settings after the upgrade but some say theirs works fine.

The second part is getting the .json file up there. You have to go to a computer with the old bookmarks up to date. Then manually upload that set of bookmarks after you have upgraded Foxmarks. Now you have a .json file on your ftp site. Go to your other computers and configure their Foxmarks settings. Now you can force download the new Foxmarks file.

Filed Under: Uncategorized Tagged With:
« Older Posts
Newer Posts »