Hacking Into the Past

In my youth, I would take apart various electronic games, un-soldering and re-soldering them, and taking pride in the fact that that the successful operation on the device worked. With respect to my first computer - a TRS-80, however, it would have been beyond all reason to vivisect such an investment. An old TV, a radio? Who cared. But my computer? No way.

Back then computer magazines would advertise computers that you could assemble yourself. Although interesting, I did not have the confidence that to build a computer, nor the resources.

Time jump to to the late 20th century, then an adult without any technical training, I often fixed tower computers and even built a few. Jump again to today and the advancements in technology, most computers are single-board devices. Alas, there's nothing to assemble and little that can be repaired. Not that that hasn’t stopped me.

A few years ago while browsing the web, I discovered PDP kit replicas. Intrigued by the possibility of not only building, but operating my own PDP-8, I took the bait. Thus began my new hobby into vintage computers.

Big time jump to the dawn of microcomputing, albeit through the lens of retro kits. Starting with the PiDP-8(1), I then went on to build a PiDP-11(2), an Altair 8800(3), an IMSAI 8080(4), and finally a KIM-1(5) - all computers that I had only read about were now at my fingertips.

Secure Passwords

We always here that we need to have a secure password. But how secure is your password?

Go to this website and test your password(s) out. 

https://howsecureismypassword.net/

Want to create a secure password? You can create really secure and impossible to remember passwords at:


https://www.grc.com/passwords.htm



or can go for a password that's more easy to remember, but slightly less secure at:


https://xkpasswd.net/s/



Choose  XKCD from the Presets, at least 5 words in the Settings. Choose one of  the passwords, run it through the aforementioned test and if it looks  good enough, then use it.


Of course instead of memorizing passwords, you're best using a good password vault and I recommend LastPass (www.lastpass.com). You can also use it to generate and remember passwords for you.

Anonymity and Security

Before I get into the meat of this Newsletter, I just want to ask all Microsoft Office users to please update now! There is a serious security issue with Word.

Also, if you're still using Windows Vista - upgrade! Vista is no longer being supported by Microsoft.

Ok, so now into the fire. I personally have been very fascinated and concerned about the ability to be anonymous on the web and ensure my security on the web. Although this interest has nothing to do with the latest threats from legislation permitting internet providers greater access to their customers data, it has definitely been peaked.

I wish to thank Steve Gibson for a lot of the content that follows. https://www.grc.com/securitynow.htm

Many of us have been using a VPN or TOR to enable anonymity. But there are many layers to ensuring our anonymity and security. Briefly they are:

1. IP

2. Cookies

3. DNS

4. Browsers

5. Others

The truth is almost any one of these factors can give you away. The combination of course provides merely further proof. Let's take them on one by one.

1. IP

When you connect to the internet you have a distinct IP address, particularly from your work or home. Think of this as your actual house address or work address. If I know that information, I can pretty much deduce the likely person who is currently on the web.

2. Cookies

Cookies have been around for a long time and their original intent was rather benign. But now they are used to track you. On the basis of cookies alone the cookie provide can be very sure about who you are.

3. DNS

When you connect to the internet you are provided with information as to how to obtain information about all those internet address your looking for. Think of this as the Yellow Pages of old (if you don't know what the YP's are, go ask grandma). Anyhow, in order to ask DNS how to get somewhere, they have a good idea about who you are.

4. Browsers

You browser is a conspirator in helping the former to determine who you are. Not to mention if your browser logs you into certain profiles (whether directly or through cookies - Google, Microsoft, Yahoo, Amazon, Facebook, etc.), then you're being tracked and perhaps by all.

5. Others

There are just so many means by which there are other ways to track you.

Ensuring anonymity and security is not easy, but here are some tips.

VPN's and TOR

For most people the easiest app to use would be the Tor-Browser while on the web. https://www.torproject.org/projects/torbrowser.html.en

A VPN and or Tor will at least guarantee some anonymity, but it will definitely ensure that intermediary between your device and the VPN/Tor server can be snooping into your communication, as all that traffic is encrypted.

If you opt to subscribe to a VPN provider, please be sure to verify their credibility. Do the research!

Here's a good place to start: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/

Also I should note that there is little doubt, however, that security agencies are watching exit nodes of Tor networks.

Cookies and Browsers

Cookies are ubiquitous in browsers. It's hard to live without them, but it's probably a good idea to scrub and not to access 3rd-party cookies. Find out how to do that for your particular browser.

On top of that Google has an interesting way of tracking you, when doing a Google search. Have you ever clicked on a search link and then the browser kind of flicks a few times before opening the webpage? Check out the link to any site and you'll see that it's not actually the link to the site, but to Google, which then forwards you over to the page. They've just tracked you.

There are ways to avoid this. DuckDuckGo is a simple solution. https://duckduckgo.com/

There may also be an extension for your browser that disables this functionality.

DNS

Although you have to use DNS, you don't have to use the ones provided to you by your Internet provider. Your queries are definitely subject to harvesting. There's a neat little service called DNS-Crypt which will connect you to a DNS through an encrypted connection. Check them out at: https://dnscrypt.org/

Ok, now you've tried using some of these methods, but how can you be sure. Here are some websites that will help you.

IPLeak will tell you a lot of information about where your computer and DNS are located.

https://ipleak.net/

Whoer will provide information that you never imagined was leaked by your browser.

https://whoer.net/

Finally, check out your cookies at the following website. If you tried to protect against third party cookies and they show up here, you haven't done it right.

https://www.grc.com/cookies/forensics.htm

Backups and Recovery

This is a letter about lessons learned the hard way. Perhaps one of the most important things to remember in computer administration is to never assume, as I have been. This concerns backups and recovering data.

Whatever backup strategy you have - ALWAYS check that in such an event where you to accidentally deleted a file or renamed it, or it became in some way corrupted, that you can recover that file. In other words, do test recoveries!

As an avid user of Google Drive I know that whenever I work I on a file, I can see the revision history for that file and can recover it to any prior change in the past. What I had assumed was that this applied to all files and not just Google's own docs, sheets, etc. After contacting Google concerning the need to recover a bunch of non-Google files stored on Google drive, they informed me that they are not a backup solution and that those files cannot be recovered.

Currently I'm looking into backup solutions that have revisioning (the ability to recover a file to any prior change). One of the cheapest and well-known solutions seems to be Carbonite, but I would be interested in what other people use and suggest.

Final note. The proper backup solution is the 3-2-1 rule.

You should have 3 backups,

You should have backups on at least 2 types of media,

You should have one backup off-site.

In other words, you could have one backup on your computer, a second backup on a USB Drive, and a third backup in the cloud.

Auto Form Completion Issue

I just found out about a very disturbing issue.
If you use the auto form completion when visiting web pages, it is very possible for any site to get all of your auto form completion information: e.g., your complete name, full address, but also credit card information!!!
Even if the site is, say, a blog that is asking only for your name, could have invisible fields that accept any or all of the other form data, and you wouldn't know that you just gave that information away.

Don't believe me. Although for security reasons you shouldn't do this, but the non-malicious hacker who discovered this has made the following website where you can test what information you browser is giving out.

Prior to filling out the form, though, I would go into my browser's setting and turn off the auto form completion option. You are giving him all your auto fill information. We can only assume he is not storing any of this information.

This form is very simple. It just asks for your name and email address. But after you hit submit you will be presented with all the information, for which your browser was queried.

https://anttiviljami.github.io/browser-autofill-phishing/

The effected browsers are: Chrome, Safari and Opera. I would advise turning off the option in any browser you use.

Spoiler Alert

Spoiler Alert

Every election season I am confronted with the pernicious ‘spoiler’ argument. Democratic Party supporters renew their zombified pursuit, eating away their protagonist’s morality to leave only a fear-infested brain.

Vote for the nominee or else. Vote for the anointed one or you are voting for the spawn of hell. Leftists must support the pre-ordained party nominee - he/she who has been anointed by the people, for the people and of the …. Well, no one goes that far (unless you work for MSNBC).

The sole purpose of the spoiler argument is to kowtow the “ignorant” ones into the herd. Shame on you for your vain thoughts!

The logic in the argument rests solely on “peer” pressure. Who wants to be a part of that peer group! In a society that trumps (no pun intended, not that there was one) individuality, the liberals want to crush it. Conform or be outcast.

Well, outcasts unite!

Every quadrennium should have proven that voting with the “liberal” crowd has achieved little, if nothing. The argument of gradual change has only resulted in the rapid restructuring of society for the ‘haves.’ Economic policies have eviscerated the poor and middle classes.

Us spoilers didn’t vote for the candidate that:
Pushed for trade agreements that destroyed jobs, democracy, the environment at the mercy of unaccountable trade courts;
Deported the highest number of immigrants EVER, terrorizing communities and breaking up families;
Continued endless wars, while starting new ones through air strikes, drones attacks and now deploying troops;
Has overseen the further destruction of the environment by not only failing to act, but exporting coal, increasing fracking operations, and permitting drilling in previously closed areas like in the Arctic and the Gulf of Mexico.
The list can go on and on….

In contrast our candidates stood for:

Increased wages;
Investments into job development;
Universal education;
Single Payer health care;
Eradicating poverty and homelessness;
Revitalizing unions and extending political, social and economic justice and democracy.


If anything the Democratic Party needs to be taught the lesson that we are not to be ignored anymore and that we, the people, have decided to ignore it. By voting with your conscience, whether it be for the Green Party, Nader, an independent, you are sending a signal to others that there is another option. You are building an alternative for the future, instead of letting things get worse. If anything, leftists should be shaming ‘democrats’ and ‘liberals’ for voting for the Party’s nominees.

As a liberal are you not aware of the fact that you are merely choosing whatever name has a “D” next to it? Demand a better candidate and better platform!

And please don’t succumb to the fear mongering and buy into the argument that the alternative will be worse. One can easily point out that the Democrats are not the lesser evil, but the more effective evil. During Democratic administrations fewer people protest the heinous actions of the government. Liberals and their media outlets ignore the knife in their back and state that it’s ‘the best we can do’. Even our unions encourage members to support candidates that will ultimately outsource jobs. Environmental groups support candidates that then expand fossil fuel production. And antiwar groups go silent and pass on mobilizing demonstrations when the ‘peaceful’ democrats are in the White House. How can you make a better future when the methods of protest and change are silent in complicity?

So to all you ‘liberals’ out there, shut the fuck up with your fear mongering. I for one will be voting with my conscience - casting my vote for a better world. A world that can be, should we so choose. I’ll be voting for the Green Party. AGAIN!

IoT Considerations

This newsletter is long overdue as devices belonging to the Internet of Things (IoT) are becoming more and more commonplace in people's homes and places of work. To be sure that everyone knows what an IoT device is, consider one as pretty much any device that connects to the internet. In this newsletter, however, the attention is on any device that connects to the Internet, but is not a personal computer. These may be such devices like thermostats, fire and other alarms, doorbells, video surveillance equipment, light bulbs, garage door openers, etc. There are surely many other devices of which I'm not even aware.

Ok, so we have some idea as to what I'm talking about. The "Consideration" is not to advise which devices to purchase. What the user must take into "Consideration" is how that device connects to the internet. There have been many instances when an IoT device has been shown to have serious security issues. In fact probably all IoT devices have some security issue. None of them should be trusted.

So don't buy any? No. But the last thing you want to do is to connect any of these devices to the same network your personal computers are on. A lot of these devices are made by companies that have no clue about computer security, about the security of their devices, and have no plan or means of patching their devices. In the event any IoT device in your network were to become compromised you may as well publish all you personal, financial, medical information on social networks.

Without going into a lot of detail here are the options to protect your network. If you are going to install IoT devices in your home or place of work be sure to put them on a separate network. The easiest way to do this would be to install 2 separate wifi adapters within your house, each with a separate IP address subnet. Ok, too much information.... Another simple option that should work would be to purchase a wireless router that supports a guest network and put all the IoT devices on the guest network. My only issue with the guest network feature is that I have found some wireless devices do not truly isolate the guest network from the primary network.