Saturday, July 23, 2016

Netiquette IQ Blog Of 7/23/16 - Password Managers - Do you Need One?







Why you should use a password manager

19 JUL 2016 

Maria Varmazis nakedsecurity.sophos.com

For years, I read many, many articles about password managers – much like this one – and despite the fact that I’ve been working in the information security field for about a decade, I still resisted trying them out. It seemed like a lot of hassle, and who needs more of that?
Instead, I kept an arsenal of passwords in my head: A few “disposable” ones for sites I didn’t care much about that I reused constantly, a couple other slightly-more complicated passwords that I used more sparingly, and for a few really crucial sites (mainly financial ones) I had long, complex, and unique passwords that I managed to remember due to sheer repetition and stubbornness.
While on a long vacation abroad a few years ago, I found myself needing to send an urgent message to family, and my email account was one of those accounts using a long, complex password. Since it had been several weeks since I’d logged in, no matter what I tried I just could not remember my password. I tried to log in so many times I locked myself out of my account.
Mea culpa.
When I got back from my trip, I knew it was time to stop this madness and use a password manager for once and for all. Now I’ve been using a password manager for several years, I can’t imagine still trying to juggle a few weak passwords in my head.
If my story about juggling a few sets of passwords in your head sounds familiar, I’m here to convince you to take the plunge and use a password manager once and for all.
Here’s why:
They’re simple to set up and easy to use
Before using my first password manager, I imagined I’d have to sit down for hours in front of a big spreadsheet, recounting every username and password for every website I frequent. Nobody would look forward to that kind of chore.
Thankfully that’s not how it works. Password managers work to capture your existing username and password credentials the first time it sees you enter them on a website, and then it stores them in a secure password vault for recall next time. The idea is that the only password you’ll ever have to remember once you set up a password manager is the vault’s master password.
As you go about your business online – for example, as you log in to your email account – the password manager will notice that you’ve typed in some credentials and will offer to save them in the password vault for you. Next time you log in, the password manager will enter your credentials for you automatically, easy as that.
And when you change your account’s password, which you really should if it’s one you’ve reused somewhere, the password manager will detect the change and update the password on file for you.
They make sure your passwords are unique and strong
I can’t emphasize it enough: you really should be using unique, strong passwords on all websites you use. Why? When a site gets hacked, hackers will often take the credential data they’ve mined – usernames and passwords – and try that data out on other websites to break in to accounts there, too. Sadly, it works because so many people reuse credential information across many websites. (You can check to see if your information has been used in an attack like this via haveibeenpwned.com.)
But as services online proliferate, creating – let alone remembering – a unique password for every single one becomes practically impossible. Thankfully, password managers can step in and help here by generating unique passwords for you.
A strong* password should be of decent length, contain a good mix of upper and lowercase letters, numbers, and unique characters. That means a good password could look something like this: Vp$lskFOyS4h^oqI.
It’s hard enough to try and think of dozens of passwords that look like that, let alone trying to remember them. Thankfully, the password manager takes care of both of these tasks for you.
So in the worst-case scenario, if your account is involved in a website breach, if you’re using a unique password, the hacker only gets access to that one account, not a treasure trove of all your other ones.
Seriously, you can’t remember all those passwords
When you use a password manager, your passwords can be mobile yet still secure. Most password managers allow you to sync your account from multiple machines (so you can have access at your home and work computers, for example). Others in addition offer a phone app (LastPass), or for you to export your encrypted key information to a secure file or to a USB key (KeePass) – either option allows you to access your secure password vault while on the go.
One of my favorite use cases is for securely sharing credentials to an account used by trusted parties. For example, while my spouse and I both have our own personal password manager accounts that we keep private, we can opt to share specific credential sets between our two accounts so we can both securely access them, and keep those credentials synced.
This makes things like accessing the monthly electricity bill or joint banking accounts much, much easier. Plus, if one of us changes the password to one of these shared accounts, since the password manager keeps track of the changes we both automatically have the updated credentials.
It might make you feel a bit wary to have all your passwords stored in one central place, but any password manager worth its salt uses heavy-duty encryption to keep your information safe. In addition, many offer two-factor authentication (2FA)!
Ready to try a password manager? Great!
If I’ve convinced you to give a password manager a try, the best way to get started is to dive right in. Most have a free version you can use, with some premium features you have to pay to unlock. Below are the four I’m most familiar with, but there are a lot of options available to you.
·         1Password
·         Dashlane
·         LastPass
·         KeePass
So how about it, are you going to give a password manager a try or are you still not convinced? Are you already a password manager fan?
================================
**Important note** - contact our company for very powerful solutions for IP
 management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
==================================================

Another Special Announcement - Tune in to my radio interview,  on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.   

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.


I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
=============================================================

Friday, July 22, 2016

Netiquette IQBlog of 7/22/2016 - TheDarkOverlord Steals Medical Records








Cybercriminal TheDarkOverlord stole more patient records and medical images than originally thought, InfoArmor reports
The hacker broke into organizations on the HL7 network, the security firm has found, and has since put those records up for sale on the dark web. The security firm also said TheDarkOverlord is actively looking for more servers to hack in healthcare.
http://www.healthcareitnews.com/
July 15, 2016
01:25 PM
Cybercriminal ‘TheDarkOverlord’ has gained access to more than 10 million healthcare records and posted them for sale on the dark web, security firm InfoArmor confirmed.
This number has increased from the 9.3 million estimate originally reported at the end of June.
What’s surprising is that he or she has not just stolen personally identifiable information, but medical imaging obtained from exploiting security vulnerabilities in email software that supports HL7 and also organizations connected to the HL7 network, according to InfoArmor’s CIO Andrew Komarov.
The concern is many organizations believe this type of data cannot be monetized, Komarov explained. But the hacker is merely looking for the right illicit customer, which can use contact information from the patient data to deceive the victim.
Bad actors, in fact, have attempted to sell more three terabytes of stolen healthcare data, according to Komarov, and the perpetrators have moved from exploiting healthcare organizations - to targeting vendors.

“On all compromised systems, on traditional network encryption, there are no access control mechanisms,” Komarov said. “It looks like the healthcare industry doesn’t understand the full risks in regards to cybercrime.”
In some cases, the hackers also gained access to all data stored in local files or on Microsoft Access desktop databases without special user access segregation and once the host was compromised, the cybercriminal gained widespread access.
To make matters worse, ‘TheDarkOverlord’ named two specific victims on his Twitter account, while thanking an Oklahoma City organization for what appears to be compliance with his or her terms. And this morning, he threatened that data of another SRS EHR database from California will be on the market soon.
“We know he is actively looking for new servers from the healthcare world,” Komarov said, and employing tactics such as mass scanning of servers every day to exploit vulnerabilities and find specific healthcare information to monetize.
“He’s not stopping with five or seven victims,” Komarov added. He has more and has consulted with other bad actors for advice for further distribution. That’s what we expect from him.” 



 Good Netiquette And A Green Internet To All! 

Special Bulletin - My just released book

"You're Hired. Super Charge our Email Skills in 60 Minutes! (And Get That Job...) 

is now on sales at Amazon.com 

Great Reasons for Purchasing Netiquette IQ
·         Get more email opens.  Improve 100% or more.
·         Receive more responses, interviews, appointments, prospects and sales.
·         Be better understood.
·         Eliminate indecisin.
·         Avoid being spammed 100% or more.
·         Have recipient finish reading your email content. 
·         Save time by reducing questions.
·         Increase your level of clarity.
·         Improve you time management with your email.
·        Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.

 =================================

**Important note** - contact our company for very powerful solutions for IP
 management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
==================================================

Another Special Announcement - Tune in to my radio interview,  on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.   

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.


I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
=============================================================

Thursday, July 21, 2016

Netiquette IQ Blog Of 7/21/2016 - In Our Wi-Fi World, the Internet Still Depends on Undersea Cables




In Our Wi-Fi World, the Internet Still Depends on Undersea Cables
Posted: 11/03/2015 3:46 pm EST Updated: 11/03/2015 4:59 pm EST

Recently a New York Times article on Russian submarine activity near undersea communications cables dredged up Cold War politics and generated widespread recognition of the submerged systems we all depend upon.
Not many people realize that undersea cables transport nearly 100% of transoceanic data traffic. These lines are laid on the very bottom of the ocean floor. They're about as thick as a garden hose and carry the world's Internet, phone calls and even TV transmissions between continents at the speed of light. A single cable can carry tens of terabits of information per second.
While researching my book The Undersea Network, I realized that the cables we all rely on to send everything from email to banking information across the seas remain largely unregulated and undefended. Although they are laid by only a few companies (including the American company SubCom and the French company Alcatel-Lucent) and often funneled along narrow paths, the ocean's vastness has often provided them protection.

Telegeography
Far from wireless
The fact that we route Internet traffic through the ocean - amidst deep sea creatures and hydrothermal vents - runs counter to most people's imaginings of the Internet. Didn't we develop satellites and Wi-Fi to transmit signals through the air? Haven't we moved to the cloud? Undersea cable systems sound like a thing of the past.
The reality is that the cloud is actually under the ocean. Even though they might seem behind the times, fiber-optic cables are actually state-of-the-art global communications technologies. Since they use light to encode information and remain unfettered by weather, cables carry data faster and cheaper than satellites. They crisscross the continents too - a message from New York to California also travels by fiber-optic cable. These systems are not going to be replaced by aerial communications anytime soon.

A vulnerable system?
The biggest problem with cable systems is not technological - it's human. Because they run underground, underwater and between telephone poles, cable systems populate the same spaces we do. As a result, we accidentally break them all the time. Local construction projects dig up terrestrial lines. Boaters drop anchors on cables. And submarines can pinpoint systems under the sea.
Most of the recent media coverage has been dominated by the question of vulnerability. Are global communications networks really at risk of disruption? What would happen if these cables were cut? Do we need to worry about the threat of sabotage from Russian subs or terrorist agents?
The answer to this is not black and white. Any individual cable is always at risk, but likely far more so from boaters and fishermen than any saboteur. Over history, the single largest cause of disruption has been people unintentionally dropping anchors and nets. The International Cable Protection Committee has been working for years to prevent such breaks.

An undersea cable lands in Fiji. Nicole Starosielski, CC BY-ND
As a result, cables today are covered in steel armor and buried beneath the seafloor at their shore-ends, where the human threat is most concentrated. This provides some level of protection. In the deep sea, the ocean's inaccessibility largely safeguards cables - they need only to be covered with a thin polyethelene sheath. It's not that it's much more difficult to sever cables in the deep ocean, it's just that the primary forms of interference are less likely to happen. The sea is so big and the cables are so narrow, the probability isn't that high that you'd run across one.
Sabotage has actually been rare in the history of undersea cables. There are certainly occurrences (though none recently), but these are disproportionately publicized. The World War I German raid of the Fanning Island cable station in the Pacific Ocean gets a lot of attention. And there was speculation about sabotage in the cable disruptions outside Alexandria, Egypt in 2008, which cut 70% of the country's Internet, affecting millions. Yet we hear little about the regular faults that occur, on average, about 200 times each year.
Redundancy provides some protection
The fact is it's incredibly difficult to monitor these lines. Cable companies have been trying to do so for more than a century, since the first telegraph lines were laid in the 1800s. But the ocean is too vast and the lines simply too long. It would be impossible to stop every vessel that came anywhere near critical communications cables. We'd need to create extremely long, "no-go" zones across the ocean, which itself would profoundly disrupt the economy.
Fewer than 300 cable systems transport almost all transoceanic traffic around the world. And these often run through narrow pressure points where small disruptions can have massive impacts. Since each cable can carry an extraordinary amount of information, it's not uncommon for an entire country to rely on only a handful of systems. In many places, it would take only a few cable cuts to take out large swathes of the Internet. If the right cables were disrupted at the right time, it could disrupt global Internet traffic for weeks or even months.
The thing that protects global information traffic is the fact that there's some redundancy built into the system. Since there is more cable capacity than there is traffic, when there is a break, information is automatically rerouted along other cables. Because there are many systems linking to the United States, and a lot of Internet infrastructure is located here, a single cable outage is unlikely to cause any noticeable effect for Americans.
                                                   
Surfacing.in is an interactive platform developed by Erik Loyer and the author that lets users navigate the transpacific cable network. CC BY-ND
Any single cable line has been and will continue to be susceptible to disruption. And the only way around this is to build a more diverse system. But as things are, even though individual companies each look out for their own network, there is no economic incentive or supervisory body to ensure the global system as a whole is resilient. If there's a vulnerability to worry about, this is it.
by Nicole Starosielski, Assistant Professor of Media, Culture and Communication,New York University
This article was originally published on The Conversation. Read the original article.
+++++++++++++++++++++++++++++++++++++++++++++=++++++ 
For a great email parody, view the following link:
=======================================================
https://www.youtube.com/watch?v=HTgYHHKs0Zw
scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618



==============================================

Special Bulletin - My just released book

"You're Hired. Super Charge our Email Skills in 60 Minutes! (And Get That Job...) 

is now on sales at Amazon.com 

Great Reasons for Purchasing Netiquette IQ
·         Get more email opens.  Improve 100% or more.
·         Receive more responses, interviews, appointments, prospects and sales.
·         Be better understood.
·         Eliminate indecision.
·         Avoid being spammed 100% or more.
·         Have recipient finish reading your email content. 
·         Save time by reducing questions.
·         Increase your level of clarity.
·         Improve you time management with your email.
·        Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.

 =================================

**Important note** - contact our company for very powerful solutions for IP
 management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

In addition to this blog, I maintain a radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and  PSG of Mercer County, NJ.


I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services.  Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.

Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.

If you have not already done so, please view the trailer for my books below. 
=============================================================
Netiquette IQ quote for today:

"Teach Your Children To Create Strong Passwords At An Early Age"
- Paul Babicki

=============================================================