Monday, October 22, 2012

Security: PwnedList: Find Out If Your Accounts Could Have Been Comprimised

There is a site called PwnedList that can check if your email address is contained in public data that has been taken from computers and web sites that have been compromised by hackers.  The site started out as a research project to find out how many compromised accounts could be harvested programatically in just a couple of hours.

To use the site all you have to do is put in your email address and it will check it against its database.  If it finds a match in the database it will let you know.

First I need to say I am not a legal expert, so you will have make your own decisions on what is best for you. If I found there are any results returned from this site, here is some basic few things that I would do to protect myself.

The first thing you should do is change the passwords on the compromised accounts.  The next thing you should is consider your options depending on what information was stolen.  If this was site that could have impact an on you (financial, personal, etc.), contact the company and let them know you found your account was compromised, and ask them if they have any advice.  If the site could have contain any financial or personal data make sure to check and monitor your credit report.

Now for an important question is how do you know that this site is legitimate.  If you're not asking that question, then you should.  Generally before I ever even try a site like this, I will do a search to see what others say about it.  For example, here is a general search, and here is a news search.

Wednesday, October 17, 2012

YouTube: Video Discovery Services

YouTube offers two video discovery services that can help you find new music and other types of videos.  The Disco service is for finding, mixing, and watching music.  The Leanback service is for finding new videos that you might enjoy.

Privacyfix - Locking down your privacy settings (Facebook, Google, and More)

Information that you share publicly on social networking sites like Facebook, Twitter, Google+, etc. can sometimes be used against you (such as embarrassing photos, what you think of someone, etc.).  The general rule of thumb is "if its too personal don't post it", but its also good to make sure that only the people you want to see your posts can.

Social networking sites in the past have made it difficult to make your information private, but over the last few years they have gotten better about allowing you to lock down your data.  Although, the problem is that these settings are not always that easy to understand what they do.

There is a new extension that I heard about recently called "Privacyfix", its supposed to help you lock down your privacy setting on Social networking sites like Facebook, Google, and others. So far I have used it to lock down my settings on Facebook, Google, but I have not used it on other sites except to block cookies.

The company claims, "We don't collect any data from your use of Privacyfix, unless you choose to send it to us. We don't store IP addresses and we cannot and do not see or save your web browsing."

Monday, October 15, 2012


End User License Agreements (also known as EULAs) are the bane of most computer users. These EULAs can be several pages long filled with legalese that seems next to impossible to understand unless you're a lawyer, and to make matters worse they put it all into a small window that requires a lot of scrolling.

Most user might skim through them at best, then press will press the accept button to install the application.  Without reading these documents you could possibility signing away certain privacy rights (such as tracking you, how they use your data and more) or something even worse (e.g. such as bundled components that may put advertising on your desktop).

EULAlyzer works by analyzing the text of the EULA, and highlights a detailed listing of potentially interesting words and phrases that you should read.

Wednesday, October 10, 2012

Protecting Your Digital Presence

Every day we are putting more of our data and connecting our computers and devices to the "cloud" because it offers conveniences and features that are not available by other means. For example, you can have your data automatically backed up to a remote service provider, or access your home or office computer from any location with an internet connection. Although by doing this, we are also making it easier for criminals and hackers to steal our data remotely in ways that were not possible in the past.

For example a tech reporter name Mat Honan had his "digital presence" deleted by a criminal using social engineering. The attacker took over several of Mat's accounts (including Gmail, Amazon and Twitter), and even convinced Apple's iCloud customer support to reset his Apple ID password. Then proceeded to remotely wipe all his devices (e.g. iPhone, iPad, and MacBook). The attacker even used Mat's twitter account to post racist comments.

The summary only offers a very high level overview of what happened, but it does demonstrate some of the dangers of using "cloud" services and what could happen. This article is not intended to warn you against using cloud services, but to offer advice on how you can protect your "digital presence" .

To read the full account of what happened to Mat Honan you can read the following Wired article entitled "How Apple and Amazon Security Flaws Led to My Epic Hacking".
  • Be careful not to share too much personal information online that can be used against you like your mother's maiden name, your physical or mailing address, personal email address, etc. 
  • Be careful about which online accounts are link together.
    •  For example, if an attacker obtained a person's Facebook account password, they would have access to any site that used that account for authentication. 
  • Use two a factor authentication when offered by different sites, such as: eBay, PayPal, Google, Facebook, etc. Also call your financial institutions to find out what extra security measures they offer to help protect your accounts. 
  • Create a secret (e.g. unknown to others) backup email and voice account and use it for resetting your passwords across your different online profiles. 
  • Strengthen the answers for your "security questions" which are used to reset your password to your online profiles to use information that is not known about you by others or posted on the internet. 
  • Don't share your passwords with anyone; use strong and unique passwords for every site; and use a password manager to track everything. 
  • Keep an up-to-date local and cloud backup of your data, just in case one the backup fails there's an alternative. 
  • Portable devices that support a remote wiping service need to have an up-to-date backup of the data. If an attacker can access the user profile that associated with that feature they can remotely wipe that device. 
  • Make sure to set your desktop computer, laptop, tablet, and smartphone to auto-lock with a PIN or password when they're inactive. Even if they're in your home, and you're the only one using them. What happens when you have company, or if a criminal broke into your home.
More resources:

Troubleshooting: Fixing Shutdown/Hibernation Problems

Are you having problems with the hibernation or shutdown feature on your computer not working?  Sometimes  these issues can be caused by a process or application running in the background.

To help fix this issue from an administrator command prompt, type "POWERCFG -REQUESTS".  The output of this command will show any processes or drivers that are making power requests that could prevent your computer from sleeping or shutting down.
C:\Windows\system32>powercfg -requests 

Monday, October 08, 2012

Software: Cliplets from Microsoft Research (Free)

Product description: "Microsoft Research Cliplets is an interactive app that gives users the power to create "Cliplets" -- a type of imagery that sits between stills and video, including imagery such as video textures and "cinemagraphs". The app provides a simple, yet expressive way to mix static and dynamic elements from a video clip."

The video below is a tutorial on how to use the software:

Monday, October 01, 2012

Windows 7: Create a Flip3D Launch Icon

In Windows Vista they created a more sophisticated version of the Alt+Tab feature and called it "Windows Flip", it supports live previews of the applications.

They also created a more enhanced version called Flip 3D that allows you flip through a stack of your open application windows?  To access it press the WinKey+TAB. (Note: Windows Aero user interface needs to be enabled to use Flip 3D).

You can create a taskbar icon to access the Flip 3D functionality, just follow the instructions below:
  • Right-click an empty area on the desktop and select New > Shortcut
  • In the "Type the location of the item" field, type RunDll32 DwmApi #105, press the Next button.
  • In the "Name" field, type Flip 3D, press the Finish button.
  • Right-click on the new shortcut and select Properties
  • Click the Shortcut tab, then click the Change Icon button
  • In the "Look for icons in this file" field, type or browse to c:\windows\explorer.exe
  • Select the Flip 3D icon (looks like a stack of windows) and click OK
  • Drag the new shortcut onto the taskbar and pin it there. 
Use the arrow keys to move through the application windows.