Security alert for Internet Explorer

From my friend Edward, the IP Wizard,

A new security flaw has been reported by Microsoft for all versions of Internet Explorer. Microsoft is working on a fix, but until that is available use Chrome or Firefox.
For further details see:

Serious Internet Explorer Security Flaw

Cheers,
Edward
S/Y Gypsielady

Advertisements

Have you fixed the Heartbleed problems yet?

I thought that the coincidence was quite strong.

I watched episode 2 of the 2010 TV series, “Human Target” that has the hero and his team, trying to save the life of someone who has discovered a secret, “Key to the Internet, that will allow anyone to unlock ANY website and steal money or secrets, etc.” Hollywood drama, right?

Just a day later, a colleague here in the marina announce the, “Heartbleed Bug” to us. Virtually the same thing.

In case you have somehow missed it, here is a link below that explains it. You know all those chain emails that come around, where, “The sky is falling! Send this to everyone you know, and everyone you don’t know, IMMEDIATELY!”

Well, I’m somewhat surprised that Edward is the only one who has told me about it so far. But, it is a genuine threat, that as you will see in the link below, does not affect the entire Internet, but does in fact jeopardize a great deal of it. In the flaw has existed for about two years, without the good guys knowing about it. Have a look.

http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/

There is more and more every day about it online. As they caution, not every website is affected, and changing passwords on a website that still has the problem, is of limited usefulness. But, look at some reputable sources and protect yourself.

The browser, “Google Chrome” has a plug-in that automatically warns you if you go to a website that still has the danger unresolved. A nice safety feature.

BTW, there are/were a LOT more sites that had/have the problem than listed in the link I show. I think it would be responsible for any website that, EVER had this problem, to post a notice on its homepage, like, “We used to have this problem, that no one knew about until recently. However, we have fixed it now. So please change your passwords. We apologize for the inconvenience, but literally no one knew the danger existed, until very recently.”

David

I believe that Google+ is dishonest and ought to be sued (again).

I just got an email from my good friend Mike who forwards my snail mail. Here is the relevant part of it:

>>>>>>>>>>>>
Hi Dave,

I got this message in my inbox this morning:

Your contact David Heath (alegria1976@gmail.com) joined Google+

I have gotten a whole flock of these lately, which I have been ignoring. Two of them were from W and E, so I wrote them asking what it was. W wrote back indicating that he hadn’t joined, or asked me to join. Actually, W had essentially no idea what Google+ was.

Do you know anything about it?

M
>>>>>>>>>>>>>>>
Well, I think I know what it wants to be. It is trying to replace Facebook. And moral fiber is not included in their business plan.

A few days ago, at a meeting about computers here in the Marina, one of the experts said that Google+ and Google groups and related things from Google have a very bad reputation. Many say that when you join it, it goes through your contact list and sends advertisements to everyone on your contact list. These may be advertisements to join, or fraudulent claims that Dave recommends such and such product. But Dave knows nothing about it.

This morning, I was logging into my Gmail on the computer that I don’t use for that purpose very often, and it appeared to me that a screen came up like the one I occasionally get saying that, ’We do not recognize this computer and could you confirm some information?’ As is often the case, I was in a hurry and did not read it very carefully. The information looked correct.

However when I clicked on the ‘continue’ and expected to now be in my Gmail account, I got a page welcoming me to Google+. That really upset me and I spent the next several hours trying to figure out how the hell you sign out of Google+. By the way. Their help pages tell you everything in the world except how to close your account. I eventually found it but it was a battle.

I think I have gotten out, but unfortunately, a nanosecond after I pushed the ‘continue’ button, they probably had already sucked up my entire contact list and address book. And that kind of toothpaste is not going back into the tube.

I sent them several nasty emails, but I doubt if they care a hoot.

I apologize to everyone of you for my mistake. They tricked me fair and square. But, in less than that 10 seconds, I went from really liking Google and all of the wonderful things they have done, to thinking that they are dishonest, moneygrubbing scum. Actually, that is not a fair statement. Pond scum is actually a very useful organism. Not at all like the people at Google.

I think some people do honestly like Google+ and since I know essentially nothing about it, I’m not giving them a fair shake. But Mike’s email confirms my fears.

Gmail already handles my address book and contacts list. So it is only a matter of faith that one hopes that they will not use it for bad purposes. At the moment it looks like that faith is unjustified. It will be interesting if I really have signed out of that plan. And what sort of lies they will tell and for how long.

My mistake. I should have read more carefully.

Several times in the last two weeks I’ve gone to comment or answer a question on a website and it says you will need to login. It is free and all you have to do is click this or that to login through your Facebook account, or Twitter, etc. But, before I did that, I noticed that further down the page it said that in doing so, I would be giving this Joe Blow website my complete friends list or contact list or address book.* That scared the heck out of me and I did not do it any of those previous times. But Google+ fooled me. We live in complicated times.

Sorry folks,

Dave
*PS: I include the following link that supports my opinion. HOWEVER!!!! I think that if you comment, it will suck up you address book, just like I described above. I believe it to be safe to read, but do not reply, comment, etc and do not click the Facebook Icon, etc., at the bottom.

http://www.classaction.org/blog/whats-mine-is-yours-google–1-268080.html

PPS:
I added this part on 22 November 2013.
I sent emails similar to the above post to the several people that had invited me to Google+. Every single one of them, was not aware that they had done so. They did not belong to Google+ nor wanted to. This confirms my grim view of how sinister Google has become. If anyone knows of a class-action lawsuit against them, related to stealing my contact information and sending emails claiming that they are from me, please let me know. To me that is lying of one of the worst types, immoral, and I certainly hope that it is illegal.

PPPS:
http://edition.cnn.com/2013/11/20/opinion/schneier-stalker-economy/index.html?iref=allsearch

Is another article about these disgusting practices. Stay safe.

Your passwords may be no longer secret

Since I don’t blame anyone for not reading all the way to the bottom, I will insert at the top, that Dave continues to do well. We just had a couple of days of rainy weather with heavy clouds. But today dawned clear again. There is now snow on the mountains for the first time this season.

Yesterday, some industrious people in the marina hired a small bus for 16 of us to go to Antalya for the day. We had kind of a late start and an early return, but all of us got a lot of shopping done in the big city. And got to yak yak en route. Now for the very important, and extremely annoying reason for this post.

It you would please take a moment to read this:
http://bits.blogs.nytimes.com/2013/11/12/adobe-breach-inadvertently-tied-to-other-accounts/?nl=technology&emc=edit_ct_20131114&_r=0

Basically, the story is that Adobe’s secret servers were hacked. The truly gigantic amount of data that was stolen regarding personal accounts and passwords was posted online for essentially anyone to download and snoop around in. Whatever password information you had on anything that has anything at all to do with Adobe, is probably no longer secure. That may not seem like the end of the world, however, many people use the same password for several accounts. If that is your situation, anything that uses the same password that you used with Adobe, and by Adobe I mean anything at all that Adobe has anything to do with, is now known to bad people.

They also know who you are and can fairly easily go down the list of all the easy to rob accounts that you might have, trying your Adobe password, or simple variations, to see if they can get into your accounts.

Much of this can be automated by a robot, and they only need to break in to one account out of thousands to make it very profitable.

And, as hundreds, or thousands of people have suggested, do not use easy to guess passwords for anything. Personally, I do use a simpler password for something that I can’t imagine could ever hurt me if it got hacked. Like my subscription to the Ingrid Sailboat Blog. I try to use a strong password for bank accounts and the like. If all of my bank accounts were suddenly empty, I would be very sad indeed.

And, one excellent suggestion on how to create a hard to guess password, is to use a passphrase, rather than a password. That is, rather than use your birthday, or your street address, use the initials of some memorable phrase.

For example, Lucky Strike cigarettes, used to have the phrase, “Lucky Strike means fine tobacco.” And the packages carried the abbreviation, “LSMFT” which when I was in high school, we changed the meaning to, “Ladies’ shoes make funny tracks.”

“LSMFT” is not a word, although since that particular combination of letters has been widely used, it may be in a dictionary somewhere.

It is my understanding that a common way to break a password, is to have a computer program try all the possible combinations until it breaks it. It uses some sort of dictionary of the most likely combinations to try first.

It seems kind of obvious to me, that the defense against this, is to only allow you a small number of mistakes per day. For example, if you cannot type in the correct password within six tries, Internet access to your account is closed for 24 hours. Usually, you can call them and convince the human that you are really you, but their robot will not let you in if you make too many mistakes.

This seems like such an elementary defense, yet obviously is not widely used or the dictionary attack would not be so successful.

I use one of the free, but highly regarded, password databases, to keep my gazillion passwords organized on my computer. It has a very strong password to keep you from getting in, and is supposed to be quite thoroughly encrypted. Of course, if the people designing it, are bad people, and it is automatically, secretly sending my information to some archvillain somewhere, then I have a slight problem don’t I?

If you really think about all of this stuff, it gets pretty complicated. Therefore most people don’t really think about all the stuff, because it makes their head hurt. This is wonderful news for the modern-day crook. Especially the clever one. Fortunately there are not very many of those.

But when my credit card information was stolen a few years ago, as far as I could tell, the credit card company and the local law enforcement, did not think it was worth their trouble to go after the person that stole the information, even though we knew exactly who it was beyond any doubt.

I appreciate that a court case would cost them more than the perhaps $6000 that they stole. But, it was surprisingly easy for them to steal it, and if nothing even annoying happens as a result of it, then why won’t they do it again every chance they get?

But, from my perspective, the stolen money was instantly replaced into my account by my credit card company, so I let the matter drop. However, I still question the wisdom of ignoring thieves when you know precisely who they are.

Dave

Rain

We are having rain for the first time in several months. I was on the phone to Turkcell Tech support in a long and very complicated conference call that I really did not want to interrupt, so there are some things outside that are going to need to be dried out. Usually we get no rain from May till Sept, so I was surprised by this one. Not any serious trouble, fortunately.

Good thing I did laundry yesterday and not today.

BTW, I finally got the Turkcell problem fixed, with their help. Turkcell had more English info available 4 yrs ago when I first got the phone and computer data connection. Then they virtually removed it. The English info, that is. Kind of hard on me. But, now they have several people that you can call for free. (No charge on your Turkcell phone.)

Their English is not perfect, but it is usually a million times better than my Turkish. And, as usual, they try hard to communicate. If at first we do not communicate we try another way to say it and I really appreciate it.

In Turkish there are various levels of ‘Thank you’
http://www.turkishlanguage.co.uk/thankyou.htm

I would definitely give them a ‘Sağ olun." for help beyond the norm.

Cheers,

Dave

Things continue to be pretty good.

I could feel people wondering when I would get around to an update, so…

A common email or phone question is

> Hope everything is progressing well for you Janet.

We are both doing very well thanks. It is Wednesday, so Janet is getting chemo as I write this. There are typically several ladies as patients and often some friends of theirs in the chemo room. Just 3 patients and one friend today. I am down the hall in an empty examining room with a small desk, chair, electricity and reasonable WiFi for free, writing this.

When Janet started this last Fall, the ladies were typically quiet and perhaps sometimes not very happy as some types of chemo make some feel bad or sleepy, or even vomiting, etc like a bad sea sickness. Janet likes to chat them up and she can usually get them laughing and carrying on. Having a great time, much like ‘Ladies’ coffee morning’ at some marinas we have visited.

Today is no exception and periodically great bursts of laughter come rolling down the hall to my tiny ‘office’.

Some website coined the phrase, ‘the Chemo Chicks’.

Janet is very glad that so far the side effects for her have been very mild and manageable. This can change, so it pays to not get cocky, but she only has 7 more (out of 18 total) after today. So, our fingers are crossed that her (our) luck will continue.

Our stolen phone was replaced later that week for just the activation fee. For people that seldom need a phone (I may already know the only three on the planet) we have really enjoyed

http://www.consumercellular.com/

My mom wanted a phone only to be able to call AAA (for the
non-Americans that is a company that provides aid to stranded motorists for a reasonable fee). ConsumerCellular’s basic plan for members of AAA or AARP (for retired people) was $10.00/month and they give you a basic flip phone for free. The use AT&T’s network and have many fancier phones for the rest of you. Minutes are $0.25/min, which if there are few or none, is quite nice.

I think the $35, one time, activation is the only other fee, but it was over a year ago.

AND if you are getting close to 40 minutes for the month on the pay for minutes plan, which will add $10.00 to the bill, they notify you that you might want to change to a higher plan. $20/mo gives you 250 minutes free and $30 gives you 500, etc. (With the usual hidden fees, this works out to $24.44 or $35.53 for me depending on which plan.)

If you are on the $20 or whatever plan and you can see that a cheaper plan is better for you this month, you can change to the best plan for you right up to last days. This is new to me. My prior cell phone plans loved to LOCK YOU IN to the most expensive plan that they could, and sock it to you if ran over.

If there is anyone considering getting a ConsumerCellular plan, if you say that I recommended you, we BOTH get $10 off, so ask me before you do it. Or at least get approval from the sales person. They have been very helpful to us. The support people have all been on the same continent and English is their native language AND they know what they are talking about! Also, rare nowadays.

Security dangers

I will probably write more about Internet and WiFi security in another post but here is a start. The final straw was seeing several articles on both nerdy and boating websites about these dangers. There is new free software that makes it easier for even idiots to steal you passwords, bank info and emails and I am trying to learn to be safer as we use Internet and WiFi a LOT. If you are way ahead of me, please get in touch.

So far I have switched to Mozilla Firefox with the ‘HTTPS Everywhere’ Add-on and Astrill VPN with 40% discount from ActiveCaptain. See below.

As I said, we use WiFi a lot and for banks and things that could be disastrous if hacked. And I seem to be getting similar warnings from many sources, so we are trying the offer mentioned in a link below for a discounted version of Astrill. Many other sites seem to like Astrill. But so far I have had a lot of trouble with it. I will try to remember later to mention if I love Astrill or hate it after I have some time with it.

ActiveCaptain has negotiated a special rate with two preferred Virtual Private Network (VPN) suppliers. These VPN services allow you to surf safer by encrypting everything from inside your computer through the WiFi, the Cyber Cafe, all the way to a distant server in another city that can be far far away. This makes WiFi much safer and if you are in Turkey or on a blocked WiFi network that blocks certain sites, this circumvents that blocking.

And, when we were in Spain, but I wanted to buy a US anti-virus software they would only let me buy it through the Spanish branch of their company, in Spanish and at a higher price. This VPN would have let me buy from the US, since it would appear that I was in the US.

I also want to look at weather forecasts, but some pages were not open to me because I was not inside the USA.

Confused? Read the links below and Google around to learn more. But, beware fly by night companies!

You need to sign on to Active Captain to obtain the discounted rates negotiated by them.

https://www.activecaptain.com/newsletters/2010-11-17.php
https://www.activecaptain.com/newsletters/2010-12-15.php
https://www.activecaptain.com/newsletters/2011-01-05.php
http://www.vpnsp.com/astrill.html

Janet’s done, so I will close.

Dave & Janet