Sunday, January 15, 2017

Netiquette IQ Blog Of 1/16/17 - Why you should use a password manager



Buy the books at

 www.amazon.com/author/paulbabicki
====================================================





Why you should use a password manager

19 JUL 2016 
Maria Varmazis nakedsecurity.sophos.com

For years, I read many, many articles about password managers – much like this one – and despite the fact that I’ve been working in the information security field for about a decade, I still resisted trying them out. It seemed like a lot of hassle, and who needs more of that?
Instead, I kept an arsenal of passwords in my head: A few “disposable” ones for sites I didn’t care much about that I reused constantly, a couple other slightly-more complicated passwords that I used more sparingly, and for a few really crucial sites (mainly financial ones) I had long, complex, and unique passwords that I managed to remember due to sheer repetition and stubbornness.
While on a long vacation abroad a few years ago, I found myself needing to send an urgent message to family, and my email account was one of those accounts using a long, complex password. Since it had been several weeks since I’d logged in, no matter what I tried I just could not remember my password. I tried to log in so many times I locked myself out of my account.

Mea culpa.
When I got back from my trip, I knew it was time to stop this madness and use a password manager for once and for all. Now I’ve been using a password manager for several years, I can’t imagine still trying to juggle a few weak passwords in my head.
If my story about juggling a few sets of passwords in your head sounds familiar, I’m here to convince you to take the plunge and use a password manager once and for all.
Here’s why:
They’re simple to set up and easy to use
Before using my first password manager, I imagined I’d have to sit down for hours in front of a big spreadsheet, recounting every username and password for every website I frequent. Nobody would look forward to that kind of chore.
Thankfully that’s not how it works. Password managers work to capture your existing username and password credentials the first time it sees you enter them on a website, and then it stores them in a secure password vault for recall next time. The idea is that the only password you’ll ever have to remember once you set up a password manager is the vault’s master password.
As you go about your business online – for example, as you log in to your email account – the password manager will notice that you’ve typed in some credentials and will offer to save them in the password vault for you. Next time you log in, the password manager will enter your credentials for you automatically, easy as that.
And when you change your account’s password, which you really should if it’s one you’ve reused somewhere, the password manager will detect the change and update the password on file for you.
They make sure your passwords are unique and strong
I can’t emphasize it enough: you really should be using unique, strong passwords on all websites you use. Why? When a site gets hacked, hackers will often take the credential data they’ve mined – usernames and passwords – and try that data out on other websites to break in to accounts there, too. Sadly, it works because so many people reuse credential information across many websites. (You can check to see if your information has been used in an attack like this via haveibeenpwned.com.)
But as services online proliferate, creating – let alone remembering – a unique password for every single one becomes practically impossible. Thankfully, password managers can step in and help here by generating unique passwords for you.
A strong* password should be of decent length, contain a good mix of upper and lowercase letters, numbers, and unique characters. That means a good password could look something like this: Vp$lskFOyS4h^oqI.
It’s hard enough to try and think of dozens of passwords that look like that, let alone trying to remember them. Thankfully, the password manager takes care of both of these tasks for you.
So in the worst-case scenario, if your account is involved in a website breach, if you’re using a unique password, the hacker only gets access to that one account, not a treasure trove of all your other ones.
Seriously, you can’t remember all those passwords
When you use a password manager, your passwords can be mobile yet still secure. Most password managers allow you to sync your account from multiple machines (so you can have access at your home and work computers, for example). Others in addition offer a phone app (LastPass), or for you to export your encrypted key information to a secure file or to a USB key (KeePass) – either option allows you to access your secure password vault while on the go.
One of my favorite use cases is for securely sharing credentials to an account used by trusted parties. For example, while my spouse and I both have our own personal password manager accounts that we keep private, we can opt to share specific credential sets between our two accounts so we can both securely access them, and keep those credentials synced.
This makes things like accessing the monthly electricity bill or joint banking accounts much, much easier. Plus, if one of us changes the password to one of these shared accounts, since the password manager keeps track of the changes we both automatically have the updated credentials.
It might make you feel a bit wary to have all your passwords stored in one central place, but any password manager worth its salt uses heavy-duty encryption to keep your information safe. In addition, many offer two-factor authentication (2FA)!
Ready to try a password manager? Great!
If I’ve convinced you to give a password manager a try, the best way to get started is to dive right in. Most have a free version you can use, with some premium features you have to pay to unlock. Below are the four I’m most familiar with, but there are a lot of options available to you.
·         1Password
·         Dashlane
·         LastPass
·         KeePass
So how about it, are you going to give a password manager a try or are you still not convinced? Are you already a password manager fan?
================================================================== 
 Good Netiquette And A Green Internet To All!  =====================================================================
Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
sales@tabularosa.net  or 609 818 1802.
 ===============================================================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.


Additionally, I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology market.

Saturday, January 14, 2017

Netiquette IQ Blog Of 1/14/17 - Anonymity: Cybersecurity's Double-edged Sword



Buy the books at

 www.amazon.com/author/paulbabicki
====================================================






January 12, 2017
www.scmagazine.com
Anonymity: cybersecurity's double-edged sword

Anonymity: cybersecurity's double-edged sword
The ability to remain undetected while committing computer network intrusions provides the raison d'ĂȘtre for the IT security professional.
This cat and mouse game keeps millions of professionals and hackers employed because attackers successfully cover their tracks on a daily basis, experts tell SC Media. 
It's no wonder the hacktivist collective called themselves “Anonymous” when in 2003 they started wreaking havoc on unsuspecting targets.
“Anonymous not only share their tools, tactics and procedures (TTPs), they study each other execution how they hack,” says Ondrej Krehel, founder and CEO of the New York, NY-based forensics firm LIFARS. The best way hackers achieve anonymity is by gaining credentials typically through social engineering or website with malware multimedia tactics, he points out.
“Once they have the credentials, there's no difference [within the network] than the real users. The game is over,” Krehel says, adding that most non-amateur hackers are mindful to not be detected.
“Master hackers don't get arrested and prosecuted,” Krehel points out, because they are surreptitious by nature.
How anonymity hinders the digital forensics process is a major concern to Dr. Ibrahim Baggili, founder of Cyber Forensics Research Group, University of New Haven in West Haven, Conn.
“If someone is killed and the murderer uses bleach to cover up the blood on the floor, the killer is hiding the trail,” says the computer science professor, who wrote his dissertation on the psychological aspects of anonymity.
“The same thing would apply if you're using Tor in order to download illegals videos or child pornography, or sell guns and drugs on the dark web,” Dr. Bagilli says. “The question is not whether people should be using privacy-enhancing technologies. It's really do they hinder the forensics process. Can we find ways of still finding the digital evidence that could put those bad people using these technologies behind bars if they need to be behind bars. Can we stop a bomb from exploding? Should we have access to this data? And is there a way around that for us to gain access to that data?” 
Bagilli believes the general public has become desensitized from being anonymous because they're used to being tracked on the Internet for commercial reasons. But he asks rhetorically, “How do we balance forensics with privacy?”
The leading Web browser to be anonymous is Tor, used daily by 2 million individuals, although several million Tor users more could be on Android devices.
Tor remains unapologetic for the possibility of its technology being usurped for criminal purposes, and rather emphasizes its benevolent purposes, such as providing protection for whistleblowers and political dissidents oppressed by totalitarian regimes.
“The dark web is really a way of communicating and transporting bytes of the Internet more safely,” says Roger Dingledine, co-founder of the Tor Project, whose Onion services since 2004 have allowed Tor users to remain anonymous and difficult to trace.
“There's nothing inherently new about the challenge that law enforcement authorities have,” Dingledine says.
Tor technology typically is used by systems administrators seeking added protection by setting up a secure log-in using an Onion service. “Now they can firewall the whole thing,” he explains. “Now nobody can connect to my computer from the Internet except if they're going through this Tor line I set up.”
Among Tor users, 79 percent are outside the U.S., although the most users from one country are within the U.S., with Russia being No. 2.
“[Hackers] in Russia don't need Tor to purchase malware. There are places to go to purchase malware. They're doing it just fine; they don't need Tor,” Dingledine says.
Jihadists go stealth
How do terrorist groups, many of whom engage in cyberattack activities, including the Islamic State (ISIS), remain stealth? That depends on the organizations themselves or fans who identify with the mission, according to Veryan Khan, editorial director of Washington, DC-based the Terrorism Research & Analysis Consortium (TRAC) (http://www.trackingterrorism.org/). 
“There are a million and one handbooks available [online] on how to stay under the radar with everything from operating VPNs to creating false Google telephone numbers to getting up a Twitter page,” Kahn says. Manuals exist on how to evade all kinds of security problems everything from not using browsers, logging onto the dark web, she notes. TRAC assists counter-terrorism efforts, tracking jihadists “of every ideology in every region across the globe.”
ISIS used to be very active on Twitter, but now its favorite way of disseminating information anonymously is through Telegram, the Berlin, Germany-based messaging service (http://www.telegram.org).
Like Tor, Telegram, which emerged in 2013, insists its encrypted technology is designed for good purposes. A Telegram app is available for mobile phones or desktop computers.
And although Telegram states on the FAQ portion of its website that it “block/s terrorist (e.g., ISIS-related) bots and channels,” Khan presently follows 100 dedicated Telegram channels by ISIS alone, as well as scores of others set up by extremist organizations such as The Taliban (Afghanistan), Al Shabab (East Africa) and Hezbollah (Lebanon). Official and quasi-official media arms of such terrorist organizations espouse constantly propaganda 24/7 via Telegram, as do their fans. 
“They're not as easily identifiable [by language or name] as they were before,” explains Khan, of the invite-only Telegram groups. “Now the names are like long strings of numbers or something that doesn't make any sense at all.”
Not only can no one other than the Telegram two parties see the conversation, there are also features such as setting up parameters to self-delete text, which helps with money laundering or child pornography, for example, and other nefarious activity, points out Khan. Accounts can be scheduled at specific times to self-destruct.
In September 2015, Telegram introduced a feature that is “essentially a Twitter feed on steroids,” Khan says, noting Twitter messages are limited by 160 characters.
Telegram “supergroups” can host 25,000 people at a time, each whom can download files up to 1.5 GB. One such terrorist group channel Khan followed within a few days had 25,000 unidentified followers, and offering versions in 13 different languages. “You can tell how much propaganda is reaching people and at what times.”
Telegram set up an infrastructure that was easy to follow, according to Khan, whose article about the operation in December 2015, she says, resulted in the service taking down 80 channels in one day. “That was just a tip of the iceberg; they didn't take down any of the Russian channel,” she says.
Telegram's creators also created VK, the largest European online social networking service, known as the Russian Facebook. “The Russian government forced out the creators and took over VK,” Khan explains.
Telegram relocated from Russia to Germany, incidentally the European country with the strictest consumer privacy laws.
Khan notes fans of terrorist groups put up Telegram channels in private chat rooms that can hold up to a thousand people. You can see who's in there but everybody operates with an alias.”
Invitation links typically get passed along around Telegram and are only usable for a few hours, and passwords are texted to a real mobile phone that often is stolen. Both administrators and members operate completely anonymously within Telegram channels, on which official organizations sometimes claim responsibility for particular terrorist actions.
 “I found out about the [Bastille Day] terrorist attack on Telegram before I could see even a single news article or tweet about it yet,” says Khan, of the July 2016 attack that a single truck run over and killed 80 people in Nice, France. She first saw “citizen-journalism” selfies on Islamic State-affiliated Telegram accounts. “They knew about it. They knew it was coming,” she says, although ISIS never claimed responsibility for the attack.
“I've seen jihadists who don't get along with each other operating on Telegram,” Khan says, adding that they do a lot less to hide themselves on Facebook and Twitter.
Terrorist organizations' recruiters often find potential members on social media and then move communication onto private platforms such as Telegram.
================================================================== 
 Good Netiquette And A Green Internet To All!  =====================================================================
Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
sales@tabularosa.net  or 609 818 1802.
 ===============================================================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.


Additionally, I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology market.