Security Woes

Crackers are always on the lookout for new chances to access your accounts, either if you’re a private / regular internet user, or a multinational corporation like Sony who recently fell victim to several attacks affecting their flagship console, the PS3, and their Playstation Network.

It began when their PS3 private keys, that sign all data transactions and operations, got public. I won’t digress here, you can find a lot of info on Google, just look for GeoHot / Sony. The latest attack to the PSN has managed a downtime of a week by the time I’m writing this, and only today Sony has come forth with a press release on this issue, as well as a FAQ, saying that all their entire PSN user base got their data compromised, including Credit Card data.

I’m yet to believe that Sony hasn’t released the full extent of the information about the attack, so for now there are three crucial steps that PSN users should follow:

 

  • If you’re using the PSN password in any other service / account, change it. Change it everywhere. You are probably using the same email address you used on the compromised PSN account.
  • Change the password of the email address you used on your PSN account.
  • Change your credit card number, or cancel the card and get a new one. If you can’t do this, be on the lookout for strange credit card transactions and never, ever, release the confirmation code to anyone. Sony states that the cc confirmation code wasn’t stored on their database.

Read the FAQ, they have more info there, but follow these three steps and when the PSN is up again, change your password for something unique, not used on any other account / service and remove your credit card number from the account.

 

Still on Security

With the advent of social networking and connected services, we’ve witnessed a lot of centralized authentication methods. It’s now usual for us to access services that use other site’s accounts to authenticate, like “Login with Facebook” or “Authorize on Twitter”.

This can be very useful because you don’t have to memorize a ton of different passwords but, if you see your Facebook, Twitter or Google account compromised, all those services using “third-party” authentication will be compromised as well… so what to do?

 

  • Use strong passwords. Having a password like your birthday date is not secure. Having your pet name, girlfriend, mom, dad, favorite actor is not secure. Any dictionary word is not secure. Use random stuff with numbers, signs, uppercase and lower case, like “1M4ecur3!?”
  • Use a password manager like 1Password for Mac or Keepass Password Safe for PC. Not only you’ll have an encrypted and organized password safe, but these apps can also generate random passwords.
  • Use HTTPS always when possible. This will encrypt your traffic to these sites. Twitter, Google, Facebook, all of them have HTTPS options, you just have to go to your account settings and turn it on. Facebook can even warn you by email and SMS when other devices accesses your account. Google has a 2 Step Authorization process for your account, using verification codes and an app for your mobile device that works like a token, giving you real-time generated verification codes.
  • Don’t use free Wi-Fi. Sure, it’s cool to use a free hotspot, but you never know who’s listening. People using free Wi-Fi are exposed to virus and password sniffing. This can happen in your neighbors unprotected Wi-Fi or even your school’s network.
  • The usual crap: use a secure OS. Mac OS X and Linux are secure by nature. If you must use Windows, turn on the system’s firewall and get another one, as well as an AntiVirus. Be sure that they’re always updated.
  • Don’t trust your passwords to anyone.

Remember, even with all these precautions you’re never totally safe.

 

The Stolen Scream

The Stolen Scream: A Story About Noam Galai from FStoppers on Vimeo.

Via MuioMuio

Jetpack your WordPress

Jetpack is a new plugin for your WordPress (either .com or self hosted installations) from Automattic, that provides a cool set of features: Hovercards, Stats, After the Deadline, Twitter widget, shortcodes, shortlinks, easy Facebook/Twitter/WordPress sharing buttons and even LaTex.

More features will be available in the future.

You’ll need a WordPress.com account to have it working on your self hosted WordPress blog, but it’s free and you don’t even need to create a new blog.

Although most of these features are available as separate plugins from other developers, Jetpack consolidates all in one, consuming less memory (at least for me) and storing some of the data on the cloud.

Jetpack is available for free and can be downloaded here.

Look Ma, I’m on PlanetGeek

In case you didn’t noticed, I’m now part of the best portuguese Tech Blog community – Planetgeek.org

Hey guys, am I the last member of 2010 or the first one of 2011? 😉

The Art of Community – Now Free

Jono Bacon has released his book “The Art of Community” under a Attribution-Noncommercial-Share Alike Creative Commons license, which means you can download and read it legally.

If you like it, follow the author’s advice:

  • Firstly, buying a copy sends a tremendous message to O’Reilly that they should continue to publish books (a) about community and (b) under a Creative Commons license.
  • Secondly, it will encourage O’Reilly to invest in a second edition of the book down the line, which will in turn mean that communities around the world will have a refreshed and updated edition that is available to them.
  • Thirdly, aside from the voting-with-your-feet side of things, it is just a really nice book to own in print. It is really well made, looks stunning and feels great to curl up with in a coffee shop or on the couch.

Via Pedro Custódio

Google Chrome OS – Was I right or what?

Last year, when Google released Chrome I wrote this.

Some might say it was futurology, but I say it was the most logical step of evolution. The fact is, I think I was really close on Google’s plans for Chrome.

Facebook Vanity URL’s Hysteria

Facebook

Much has been said since Facebook allowed the new “vanity URL’s” (or user url’s like I rather call it, since vanity urls is purely an american expression adopted from the vanity plates they have in their cars).

Most of the posts about this are from users bitching about the way Facebook roll out this feature, allowing the users to choose any alias to be used in http://www.facebook.com/whateveryouchoose regardless of their username, unlike Twitter that has http://www.twitter.com/username. Others rant about the fact that Facebook should have provided something like http://user.facebook.com, forgeting that Facebook has milions of users and something like that would have a termendous weight in their DNSs…

But, as always, there’s something good to learn. One of the posts I read about this subject (no link, sorry, can’t find it) mentioned a cool way to give your Facebook, Twitter, Flickr, [insert your favorite social network here] URL’s to other people, that is, if you have your own domain.

In my case, my domain is odrakir.com, so I created some subdomains redirecting to the social networks I use the most:

This way, I can give an url that’s easy to memorize and always mentions my “brand name”, cool enough to use on a visit card 🙂

The Konami Code

A few months ago I wrote an article about the Konami code on 8-Bit Revolution which surprisingly is become an Internet trend / meme. If you don’t know what is the Konami Code, well, I’ll give you the light version.

The sequence of keys on the image above is the Konami Code, and is probably the most popular video game cheat code of all times. Most games from Konami have almost always a cheat or a small easter egg triggered by this code, but the most interesting is the number of publishers besides Konami that still today include this code in their games, as a “nod”, a small tribute to the Konami Code.

The Konami Code was created by Kazuhisa Hashimoto, the developer responsible for the port of Konami’s Gradius for the NES in 1986. After finding the game very difficult to play during the tests, he created a code that allowed the player to have all power-ups that would normally be acquired during the game. When the final version of Gradius was released on the market, the code was included by mistake.

The code would only become famous in Contra for the NES. The difficulty of Contra was too high but with this code the player could have 30 extra lives and playing the game became a possible mission.

Even today, all iterations Gradius react to the Konami Code, each in its own way. For example, Gradius III destroys the ship when you load the code.

Today, Konami Code is more than a simple “cheat code” is a cultural icon of a generation. A generation of retrogamers easily recognizes and identifies the code, many are proud to recite in the code by heart 😀

There are references to the Konami Code / Contra Code in music lyrics, t-shirts and even in some sites like Digg and Google Reader, and it’s becoming more and more used, to a point that Konami Code Sites was created to track all sites that use this code. So, don’t forget to enter the Konami Code when visiting a site, you’ll never know what might happen. I’ll even give you an extra tip: 8-Bit Revolution is Konami Code enabled since 2007 🙂

WordPress 2.7 FTW

Yeah, just updated to WP 2.7 and everything went smoothly 🙂 The new Dashboard is bliss and K2 works just as it did with 2.6.

WordPress is definitely the best blogging platform around!