Tuesday, July 19, 2011

Outside the box

An engineer, a physicist, and a mathematician are shown a pasture
with a herd of sheep, and told to put them inside the smallest
possible amount of fence.

The engineer is first.  He herds the sheep into a circle and then
puts the fence around them, declaring, "A circle will use the least
fence for a given area, so this is the best solution."

The physicist is next. She creates a circular fence of infinite
radius around the sheep, and then draws the fence tight around the
herd, declaring, "This will give the smallest circular fence around
the herd."

The mathematician is last. After giving the problem a little
thought, he puts a small fence around himself and then declares,


"I define myself to be on the outside!"


Hmm... I just want to know who affords an engineer, physicist, and a mathematician
to put up a fence? Must be the economy...

Until madness strikes again...

Madhat

Saturday, July 16, 2011

Something Different.



I like various types of music, from Beethoven to Bon Jovi, and from Willie Nelson  to Weird Al. One day I was thinking I would like to hear some good bag pipe music, but some a little different than Amazing Grace (which is an awesome song). That got the Mad in the Mad hatter going "I wonder if there is heavy metal bag pipes" sure enough the Matrix... err the Internet did not fail me.

Skiltron is an Argentine heavy metal Celtic band (Sounds like something Douglas Adams would have come up with). Most of their songs are reminiscent of old battle songs and poems from the middle ages but played to the sound of electric guitars and bag pipes. Best part for me is they tend to stay away from the screaming that many bands indulge way to much in at times.

Until Madness strikes again,

Madhat

Wednesday, July 13, 2011

Security

Read an article today about a man who hacked his neighbor's wireless network and basically set out to ruin his life by sending fraudulent emails and such trying to make the father of the family seem like a pedophile and also sending death threats to the vice president from his email account. The article (http://news.yahoo.com/minnesota-wi-fi-hacker-gets-18-years-prison-032803295.html) states he was able to crack the wireless network's WEP encryption. To those who are not tech savvy, this sounds like it must have been done by a technology genius. To those familiar to WEP, you know that cracking WEP is as simple as playing solitaire. WEP stands for Wireless Encryption Protocol, and was the first popular encryption method for wireless networks, but is obsolete do to vulnerabilities in the encryption algorithm. To those who think I know Greek, basically the math that WEP uses does not scramble the information well enough to keep some one from seeing what is transmitted.

Now if your wireless router or access point is fairly new, it should have available several versions of WPA2, which you can choose from, and you will be significantly better protected. I won't recommend one protocol over the other because standards always change, and each wireless device is different in what is available, what I do suggest is that when you set up your home wireless access point, you do some research and see what the difference is. Now if your at home thinking "Wireless security is a hassle, I don't want to mess with pass phrases etc, etc" just remember what happened to the family in the above article.

So once you set up your wireless encryption, are you done with security? The answer is no. That is the same as locking your front door, but leaving your windows open. When you go to websites where you enter sensitive information, make sure that the that the address bar starts with https, not just http, and if you get a message that the certificate has an error, don't ignore it unless you know exactly why it has an error. Often times the web browser will tell you why it flagged an error or will allow you to view the certificate. If you don't understand what it is saying, email the people that run the site and let them know, especially if you are planning to spend money there. Web administrators often put an e-mail address in the contacts link at the bottom of a web page.

Firewalls are also important. When buying a home router, look for one known to have good firewalls. A home router isn't going to protect you from a dedicated attack, but a decent one will protect you from random people on the internet who scan for open networks to get into. I personally like linksys, as most models they sell are easy for me to configure, and they have a lot of nice features, but I encourage people to do their own research.

Passwords. Annoying things to most, but they are admittedly the best defense a computer or online account has, as long as good policies are enforced. When you try and come up with a password, industry standards recommend a combination of capitol and lower case letters, numbers, and symbols, and be at least 8 characters in length (P@ssw0rd is an example of the format, but heavens sakes don't actually use that one in particular.) Now for the hard part, don't use the same password for everything. Reason is if one website gets hacked, a now common tactic for hackers is to try user names and passwords they pick up on other related sites. If you just can't remember a lot at once, try grouping less critical ones like Face Book and myspace together, but do not use the same password for your banking and e-mail. Also, keep in mind, your not trying to keep out some geek typing in what he thinks your password is, but it is his computer that keeps making educated guesses until either it gets locked out, or it succeeds.

Now I often get asked, which is the safest operating system to use, the answer is, they are as all save as you make them. Some are inherently safer out of the box, but if you don't keep up with updates, and use the above methods (that includes passwords) then the only safe system is the one still in the box. Windows has many well known exploits, but it is also the OS that is on most home computers, hence it is the biggest target. I have had people I know have there Mac's attacked because they were complacent, because they thought "Mac's never get viruses", which is not true, there are just fewer designed for them, Linux and Unix are the same way, more so if you really don't understand what makes your computer tick.

So when it comes to security, instead of me recommending products or technologies that will be obsolete next year, I suggest you practice security techniques. First is try and understand something about the products you buy, and what they really offer, same as you would when buying a car or an appliance. Second, look for odd things like e-mails you know you did not send being sent to your buddy list, or certificate errors on web pages you go to.

I tried to keep this high level so that people do not get lost in technical jargon, in future I plan on have some more detailed blogs on specific security technologies and why they work the way they do, but try and keep it simple too.

Until the next time I am motivated...


Madhat