Info Security Basics: Complex Passwords

I will soon be teaching a bunch of “Information Security Basics” courses at work, and that gave me the idea for a few blog posts.

So children, today we will learn about Complex Passwords!

Passwords – they are everywhere!Love ’em or hate ‘em, you probably use them often, if not daily. Passwords are one of the most basic types of authentication used – your basic Who You Are (user id) combined with What You Know (password).

Do your best to NOT use the same password for everything – your online banking password should not be the same as your Facebook login password. Ideally every password you use should be unique, but realistically that would be a nightmare to maintain – but do the best you can. I tend to group in terms of importance/risk:

1) High (e.g. banking) – unique, very complex passwords
2) Medium (e.g. Facebook, Twitter) – unique-ish, complex passwords
3) Low (e.g. web forums) – I have a few passwords I tend to use

Also, don’t use common words or proper names of people/pets. Common words are easily guessed using a dictionary attack, and proper names are easily guessed by doing a bit of research on people.

Most websites give you a “forgot your password?” link if you are having problems. Be careful of the standard security questions they use – the answers tend to be common things that are easily guessed or researched. You know those online quizzes and Facebook “25 things you didn’t know about me” type things? Did you know the name of my first pet was Snowball? Oddly enough that’s also one of the common security questions used when you forget your password!

Basic Rules for Complex Passwords:

• Minimum of 8 characters
• Use both upper (A to Z) and lower case (a to z) letters
• Use numbers (0 to 9)
• Use at least ONE symbol (e.g. , ! $ & % #)

One of the most common complaints about complex passwords is that they are hard to remember. A good suggestion is to use the first letters from an 8 word (or more) sentence or catch phrase, replacing some letters with numbers or symbols:

We work hard so you don’t have to” becomes WwH$ydh2

Oh, and one other thing: please don't write your password on the under side of your keyboard, or on a sticky note by your monitor, etc! That sort of thing really makes that vein in my forehead throb....

It's Like Christmas in August!

August 28th 2009 will be like Christmas...only in August... and not cold and raining...

Anyway, 2 great things happen on August 28th that I feel compelled to share with you:

1) Snow Leopard will be released, and the world will be a better place. And the best part? The OS upgrade is only $35 for a single user licence (in Canada). That is cool. I am about to phone my local Apple Reseller and pre-order a copy so I can pick it up on the way home from work on Friday.

2) The newest D&D Penny Arcade podcast begins on the 28th, and the world will be a happier place. If you haven't listened to the previous sessions, you really should. No really, go listen.

Also:
Season 3 of The Guild will be released on August 26th! You don't have to be an MMO player to enjoy The Guild, so go watch seasons 1 and 2! I command you!

Ahh, Snow Leopard, D&D PA podcast, and The Guild all in one week... all is well in my world!

I Had A Cunning Plan

But was it cunning enough to put a tail on it and call it a weasel? I think not. For you see, my plan has failed, and here is where I need your help.

The Background:
I recently canceled my cable TV subscription, I just torrent the few TV shows I like to watch. I have the media files on a USB external hard drive attached to my PC. I have a wireless home network, with the PC, PS3, XBox 360, and a MacBook laptop.

The Current Situation:
Using Windows Media Player I stream the video to both my PS3 and my XBox 360 so I can watch on my HD TV and make use of the surround sound system. This is working well. However, I had to go and want more. Why? 'Cause that's just how I roll.

What I Want:
I want many things, but to keep on topic: I would like to also stream the video to my MacBook, and attach the laptop to the TV in my bedroom. It seemed like a simple desire.

The Setup:
I stopped by my local Apple reseller Simply Computing to get a Mini-DVI to Video connector. Why didn't I go to an official Apple store you ask? Because I live in a city without one. Confession time: I have NEVER been to an Apple store. This makes me sad. But I feel closer to you all now that I have that out in the open. Thanks.
Anyway, then I went to Monoprice.com to get a couple of cables. I bought a 6 foot m/m s-video cable and a 6 foot 3.5mm stereo to RCA audio cable. I really recommend Monoprice if you need any cables - their prices are great, shipping to Canada is reasonable, and they fill the orders quickly.

The Test:
It was like Christmas. The cables arrived, I brought everything into the bedroom and set it all up. It worked! I had video and audio from the laptop through the TV. The resolution isn't spectacular, but workable. I played a DVD, laying in bed controlling the playback with the apple remote. I was ecstatic. For about an hour. I know, typical woman!

The Issue:
I can't find any software to run on the MacBook that will receive the wireless stream from my PC. I don't want to copy the files to the MacBook, I want to stream them. Quicktime doesn't seem to do it. MPlayer doesn't seem to do it. I installed Windows Medial Player for Mac, but that didn't seem to do it. And I felt dirty putting Windows software on my Mac. Sorry MacBook.
I installed TVersity on the PC and tried streaming that way. The user interface for receiving on the Mac was ugly and awkward, and when I tried testing a stream in Firefox it would open the page but won't play. I Am Sad.

So: does anyone have any suggestions / solutions? Please send help.

An email for my nephew :-)

Well Alex, you are 18 months old now and I am sure you will soon be learning to ride a bike. I have some words of wisdom for you: you will fall at least once, but do your best NOT to wipe out during morning rush hour. Drivers get annoyed at you if you lay on the road whimpering - I recommend you do as I did this morning: spring to your feet and pull your bike onto the sidewalk, and THEN realize how much the fall hurt. For drivers are in a hurry and think they are Important and will say Bad Words to you for slowing them down.

Make sure you have at least 1 friend whom you can call and wake up at 8:15am who will come and rescue you, but perhaps remind them that while you really appreciate them saving you and giving you bandages for you owies, beer will also make you feel better. I'm just saying.

Also, make sure your Mom is near enough to give you sympathy, and perhaps laugh at your stupidity for falling down - it's amazing the power moms have to make you feel better.

Love,
Auntie Bonnie

Microsoft Project Natal & Sony Motion Control

So this year at E3 both Microsoft and Sony announced full body motion controllers for their game systems. Microsoft demoed Project Natal, and Sony demoed the cleverly named Sony Motion Controller. I know, wish I had thought of that name.... Both of these systems are trying to take the Wii controller style to the next level (ick, did I really just write "to the next level"? Shoot me now...)

Let's start with Project Natal. It promises to bring hands free control to a variety of game types (eg racing, sports, etc). It gives a 1-to-1 avatar control system, so whatever movement you make, your avatar will reflect that on screen. While there is no announced release date, Microsoft has stated that Project Natal will work with all versions of the Xbox 360 (but no info on price either!)

Here is Microsoft's Project Natal commercial (from my favourite site Joystiq):

My initial thought was that this was a cleverly arranged tech demo, and at this stage would never really work as shown at E3. While I am still not entirely convinced, I have read a number of reports from people who had a chance to try the system, and they seem impressed...

Sony went in a slightly different direction with their new system - it's a controller wand you hold that works in conjunction with the PlayStation Eye camera. The wand is replaced on screen with whatever weapon or tool is appropriate. This system seems to be the middle ground between the Wii controller and Microsoft's Project Natal. The Sony system is due to be released in spring 2010.

Here is Sony's Motion Controller demo:

Both of these systems can detect 3D motion (so forwards/backwards as well as left/right). While I don't think these systems will replace traditional controllers for every game, I think they will have their place. Imagine flipping through the dashboard on your Xbox 360 by just waving your hand - shades of the interactive user interface in Minority Report!

Oh, and FYI, "demoed" just looks wrong....

Fable 2: See the Future DLC

Lionhead Studios released the latest piece of Fable 2 DLC (downloadable content) for 560 Microsoft points (that's $7 in real monies). If you enjoyed Fable 2 then I recommend you buy the DLC - I enjoyed the additional game play. In my run-through I found 9 of the 10 Murgo statues and 8 of the 10 new dyes. I ended up looking online for the location of the 3 missing items, and because I missed the Grumpy Rabbit book I had to look online for help with the Rabbit Hole. And to be honest I don't think I would have figured that puzzle out on my own.

There are three new areas to explore in the DLC - the snow globe, the cursed skull, and the Colosseum. Most of the DLC is spent in either the snow globe area or the cursed skull area. There are some new items, new foes, and some fun new puzzles to solve.

The Colosseum is a total bitch. Seriously. There are 3 teddy bears to get, and I found 2 of them relatively easily. Again I had to go to Teh Googles for help on the 3rd bear (and the final dye). Apparently you need to score exactly 1985 points for the Stupid Annoying @#$*&ing bear to appear. I have tried. Lots. Now I Have Hate in My Heart. I guess this challenge is for the gamers who are willing to spend hours trying, or working out the point values for each enemy and the proper combination to get to 1985. I am not one of those people. Bummer.

But outside of the Colosseum That Causes Hate In My Heart, I had fun with this!

Happy Jedi Day!

Today is Jedi Day - May the Fourth (be with you)!! Seriously, this should be a holiday...

Saturday May 2nd - Free Comic Book Day!

Tomorrow (Saturday 2 May) is Free Comic Book Day!

Free Comic Book Day is the first Saturday in May when participating comic book shops across North America and around the world give away comic books absolutely FREE to anyone who comes into their stores.

Best Personal Ad Ever!

Penny Arcade linked to this post on Craigslist: If you know who Jim Darkmagic is, let's talk...

What a great geeky ad! And if you don't know who Jim Darkmagic (of the New Hampshire Darkmagics) is, then shame on you! Immediately stop what you are doing and go listen to these podcasts. When you are finished you many return...I will wait....go on...

Reminiscing about Gaming

I read Wil Wheaton's blog regularly...ok maybe obsessively. Seriously, I am addicted. I follow him on Twitter (www.twitter.com/wilw) so I know when he has updated his blog. Reading Wil's work has made me admit I am comfortable with my childhood geekiness, and sometime miss it. I am proud of my adult geekiness!

Then came the fateful day when Wil linked to a series of D&D podcasts - the folks from Penny Arcade, PVP and Wil sat down with Wizards of the Coast for a 4th Edition D&D session. Listening to them play through, laughing often (these guys are funny!), celebrating their natural 20s, wincing when they rolled 1s, and totally geeking out ... it was great.

It made me remember my childhood days of playing D&D - starting with the red covered Basic set, moving up through Expert, Companion, and eventually Master. And then changing to AD&D - it was so much more complex! Many of my childhood days were spent rolling up characters, carefully drawing maps on graph paper, lovingly collecting dice (really, how many sets of dice do you actually need? Ask any gamer - you always need more!)

Years passed, and then in my early twenties I worked in a comic book / gaming store, and I got back into it all. Our system of choice was GURPS, but we also played a little Rifts, dabbled in Vampire the Masqerade, etc. I also got introduced to table top wargames - we played Epic (2nd edition, before they "improved it" - I had massive Chaos army) and were just getting into Warhammer Fantasy (Dwarf army) when things changed, I went back to school and then moved. I think back on the hours we would all sit around a table, painting miniatures, discussing the latest roleplaying session, weighing the pros and cons of a new strategy for Epic ... I really miss those days!

I really have a strong urge to find a gaming group and get back into it all! But will it be like I remember? I dunno....

Thanks Wil, for sharing and celebrating your geekiness with us all.

iPhone app - Dog Tricks & Bark Machine

Back in early February, I was given a promo code for the iPhone app Dog Tricks & Bark Machine (website) I have been having so much fun with this app that I forgot to write a review :-)

This is two applications in one - Tricks and Bark Machine. This app works on both the iPhone and the iPod Touch.

Bark Machine

This is the part of the app that I have been having the most fun with. There are eight different sounds (woof, meow, doorbell, fire truck, click, squeaky, high frequency whistle, and door knock) Playing with these can drive my dog nuts, and cause me great amusement! There can be a training aspect to the sounds as well - my dog is very reactive to a knock on the door, so I have been able to start to desensitize her to the sound with this app!




Tricks

Tricks is a dog training app, that gives you a bunch of basic commands, as well as some games and tricks you can teach your dog. There are also sections for advice on behaviour issues, and some useful tricks/games specifically for puppies. The developers have added some fluff in the application as well - some cute photos and a mini encyclopedia of common dog breeds.

You can choose "All Tricks" for an alphabetical listing of all the information available in the Tricks part of the app, or you can choose "Random" and shake your iPhone to randomly pick a trick with a Bark Machine sound. There is also a "Search" button if you know the name of the command you are looking for.

Each command is first shown as a couple of clear photos, and then you can press "info" for the step by step text instructions. I found the instructions were pretty clear and easy to follow.

Overall, I think this is a great little app, and is well worth $2.99 (although according to the website it is currently free for a limited time). While I recommend seeking out a professional dog trainer if you are new to having dogs or if you are having issues with your dog, I think this app is a great addition to your training package!

Twitter Hashtags

I have been asked to elaborate on the use of hashtags in Twitter. Using a hashtag allows you to tag your post to a specific topic (eg #spconf) You can use established tags to participate in an event or topic (eg #coralinereview was used when people were tweeting their reviews of Neil Gaiman's movie Coraline), or you can start your own (eg #SC_todo). Remember Twitter only allows for 140 character tweets, and the hashtag count towards that limit!

Now that you have tagged your tweet, what's next? You can go to Twitter's search page (http://search.twitter.com/) and enter the hashtag to see all tweets tagged with that one.

There is a site called Tweetchat (http://tweetchat.com/) that uses hashtags to create an auto-updating chatroom to follow the topic. Also, anything you post in Tweetchat is automatically taged with the topic. Disclaimer: I have not used Tweetchat! There is no real information on the site, and it asks for your Twitter userid and password. This sort of thing makes me twitchy, and I wouldn't use it.

My Little Cthulhu

I am not a big fan of dust-collecting, space-taking-upping, money-costing toys. However, there are times when I simply must have something. This is one of those times.

Dreamland Toyworks My Little Cthulhu

*squeals with delight*

These toys harken me back to my younger geek/gamer days (as opposed to the current geek/gamer days). I already have a plush Cthulhu and a plush Nyarlethotep. Have you ever tried to explain to someone who Cthulhu is? "Well, he's a Great Old One, and they lay in wait in their city R'lyeh..... oh never mind...."

I...MUST...HAVE...
*sigh* but where can I get these awesome amazing toy amazing-awesomenesses?!?!

Twitter

I recently started using Twitter, and was a bit confused about the symbols and abbreviations often used. I am not talking about the common net-speak abbreviations (i.e. BRB, IMHO), but Twitter-specific things like RT, #

To start with, Twitter is a micro-blogging service that allows you to post small (up to 140 character) messages. You can sign up at Twitter . Once you get set up, you can "follow" people and subscribe to their updates. People can follow you and get your messages. You can block specific people from following you. Sound simple? It is :-)

Make sure you put the bare minimum of information at registration and in your profile, and read Twitter’s privacy policy. Note that Twitter can “process” your information, including collecting, storing, deleting, using, combining and disclosing. The information they can collect from you can include personally identifiable information such as IP address, full user name, password, email address, city, time zone, telephone number – and all of this information is stored in the US.

Here are some useful definitions:

Tweet:
A twitter message, limited to 140 characters. To send a tweet out to the world, type it and hit send.

@ Reply
- to send a public tweet to someone specific, use the @ symbol (e.g. @LeoLaporte hey that was a great show!). Note you don't have to be following a person for them to receive your @ reply.
- if you use an @ in the middle of a tweet (e.g. I just sent a message to @neilhimself!!!) the person mentioned will not get your reply, but it is a good way to mention people. Twitter will automatically make that person's user name a link to their Twitter profile.

RT:
ReTweet - when you repeat a tweet from someone else (e.g. RT @LudwigK "The Joystiq podcast is still coming, but it'll be late")

# (Hashtag)
The # is used to tag a post with a specific category (e.g. #todo, #spconference). If you would like your hashtags tracked, you have to follow @hashtags (it will automatically follow you back). Check out the Twitter Fan Wiki for more info on hashtags, and some other options for tracking hashtags.

Hope this helps, let me know (@SkimbleCat) if you have any questions!

URL redirectors / cloakers

There are a number of sites that will mask or shorten a URL (TinyURL, TubeURL, URLZoom, W3T to name a few). For example, you can take a long URL (http://www.bukisa.com/people/skimblecat) and make it shorter and more user friendly (http://tinyurl.com/cs8kos)

The biggest benefit of this sort of service is convenience - it's way easier to type the shorter URL. This is especially useful when using something like Twitter that restricts the number of characters you can use in each message. You can also use this service to cloak affiliate links.

Of course, there are potential downsides. You don't know the real URL you are being sent to (note: tinyurl has http://tinyurl.com/preview.php that lets you preview the site for 10 seconds before you go, so you can stop your browser if needed). The Bad Guys are capitalizing on this type of service, to redirect people to malware infected sites.

As always, never click on a link from someone you don't know. And be cautious even if you know the person. Really, just be paranoid like me :-)

Bukisa

Hey, does anyone have any experience with Bukisa? It's a site similar to eHow in that it pays you for articles based on readership, click-through advertising, etc. Unfortunately eHow only pays you if you are in the States, so not so useful for Canadians!

Signed up, wrote a few articles (well, copied them from my blog) and we will see what happens....

Weird podcast issue on my iPhone

I have encountered a weird issue on my iPhone. I listen to a bunch of regular podcasts, and have iTunes set to send the 5 most recent unplayed episodes to my phone when synching. Sometimes this means that older ‘casts are on my phone, and if they are news ‘casts, then not so relevant anymore and I want to fast forward through them so the phone marks them as completed.

So as the unwanted podcast is playing, I tap the screen to bring up the slider, move the little dot all the way to the right, podcast is marked as completed, all is well in my world. Unless I am listening to the Xbox 360 Fanboy podcast. Seriously, this is the only ‘cast this won’t work for. I move the slider, there is a slight pause, and then the podcast resumes playing from where it was. Or it jumps to some random location. Sometimes I can get away with moving the slider a tiny bit each time and it will eventually work, but not always. What the hell? Why does this happen with only this podcast?! Yeah, I could hold down the fast forward button, but that takes way too long for a ‘cast that is over an hour long.

Suggestions? Comments? Conspiracy? User error?

Ushering in a New Era of Fiscal Responsibility

I have started following a number of personal finance blogs, as I am Ushering in a New Era of Fiscal Responsibility.

Here are a three I read every day:
I Will Teach You To Be Rich: Personal finance and entrepreneurship tips from a Stanford graduate - Personal finance blog for college students, recent graduates and everyone else -- including entrepreneurship -- for getting rich.
Get Rich Slowly - Personal finance that makes cents.
The Simple Dollar - A personal finance blog focusing on ordinary people dealing with unprecedented levels of debt.

This group I scan quickly, often the posts aren't that relevant to me:
Wise Bread | Personal Finance and Frugal Living Forums
Canadian Dream: Free at 45 | One Canadian’s Dream to Retire at 45
Million Dollar Journey - Building Wealth through Saving and Investing
Canada's Personal Finance Blog by Award-Winning Financial Author A. Dawn
Michael James on Money
Canadian Personal Finance Blog
ABCs of Investing
gailvazoxlade.com

Facebook

Facebook has a number of settings for securing your profile, but it seems many people either don't know or don't care. When in doubt, set to "only friends".

Here are some of my setting recommendations:

Settings \ Privacy \ Profile \ Basic
Set everything to "Only Friends". By default everyone in your network can see your profile - and your network can contain many thousands of people.

Settings \ Privacy \ Profile \ Contact Information
Think carefully about this section. I would recommend setting most of these to "No one". In my profile, my website is the only thing set to "Only Friends". No one needs to see my home address, email address, or phone number - if you don't already know this info, then you can send me an email via Facebook and I can choose to share. Remember, Facebook is a great resource for identity thieves - why make it easy for them!?

Settings \ Privacy \ Search
Uncheck everything but link to add as friend and send message. I am fortunate in that I have a very unique name, so if you are looking for me on Facebook, you don't need a photo to make sure you have the correct person. Strangers also don't need to see your friend list - be nice to your friends and do a bit to protect them too!
Make sure you also uncheck "create a public search listing" - I don't want my Facebook profile coming up when people google me!!

Settings \ Privacy \ Applications
I don't have a lot of applications on my profile, but I do have a few. So I can't choose to "do not share any information" So instead I have unchecked every box - applications I don't use have no reason to know anything about me! Also don't allow Facebook connect and Beacon.

Things to keep in mind:

Know your employer's position and policies on Facebook - if you list your employer on your profile, you could be representing them. And chances are, you are not paid to surf Facebook all day.

Remember, more and more employers are searching Facebook - drunken party photos don't look good when you are applying for a job. Do a quick google search, and you will find a bunch of people who have been fired, suspended, etc due to Facebook activity. Don't call in sick, and then post party pictures from the night before!!!

Unlock all songs on Rock Band 2 (PS3)

I bought Rock Band 2 before Christmas, to be played casually when friends come over. So I wanted to unlock all the songs so we would have the greatest variety to play, but I found a variety of different codes to use for the PS3 version. I couldn't get the first code to work, tried it multiple times. Then after more googling, I found the second code, and it worked fine.

*Note: this code must be entered using the drums*

The code that worked:
Main Menu > Extras > Modify Game > Red, Yellow, Blue, Red, Red, Blue, Blue, Red, Yellow, Blue > scroll down and select unlock all songs

Apparently I will need to select this option each time I start the game, but I shouldn't need to enter the code again.

iPhone shortcut - deleting email from Inbox

Here's a quick iPhone tip for you - to delete email without opening it, swipe horizontally across the message in your Inbox, and a red Delete button will appear.

iPhone shortcut - taking a screen shot

Here's a quick iPhone tip for you - to take a screen shot of your current display, simultaneously press and release the wake/sleep button and the home button. The screen will briefly turn white and the image will be stored on your Camera Roll.

Blog Readability Test

I stumbled across this link recently, off a personal finance blog (but can't remember which one). You input your blog's URL, and it returns the level of education required to read the blog. Apparently, you must be at least this smart to understand my blog:

But what's the criteria? Too many multisyllabic words? Acronyms? The mind boggles....

Note: lovely little HTML snippet included an ad link that I removed.

iPhone shortcut - scroll to top of screen

Here's a quick iPhone tip for you - if you are trying to get to the top of a long list, just double-tap on the title bar and you will jump back to the top.