Security Woes

Crackers are always on the lookout for new chances to access your accounts, either if you’re a private / regular internet user, or a multinational corporation like Sony who recently fell victim to several attacks affecting their flagship console, the PS3, and their Playstation Network.

It began when their PS3 private keys, that sign all data transactions and operations, got public. I won’t digress here, you can find a lot of info on Google, just look for GeoHot / Sony. The latest attack to the PSN has managed a downtime of a week by the time I’m writing this, and only today Sony has come forth with a press release on this issue, as well as a FAQ, saying that all their entire PSN user base got their data compromised, including Credit Card data.

I’m yet to believe that Sony hasn’t released the full extent of the information about the attack, so for now there are three crucial steps that PSN users should follow:

 

  • If you’re using the PSN password in any other service / account, change it. Change it everywhere. You are probably using the same email address you used on the compromised PSN account.
  • Change the password of the email address you used on your PSN account.
  • Change your credit card number, or cancel the card and get a new one. If you can’t do this, be on the lookout for strange credit card transactions and never, ever, release the confirmation code to anyone. Sony states that the cc confirmation code wasn’t stored on their database.

Read the FAQ, they have more info there, but follow these three steps and when the PSN is up again, change your password for something unique, not used on any other account / service and remove your credit card number from the account.

 

Still on Security

With the advent of social networking and connected services, we’ve witnessed a lot of centralized authentication methods. It’s now usual for us to access services that use other site’s accounts to authenticate, like “Login with Facebook” or “Authorize on Twitter”.

This can be very useful because you don’t have to memorize a ton of different passwords but, if you see your Facebook, Twitter or Google account compromised, all those services using “third-party” authentication will be compromised as well… so what to do?

 

  • Use strong passwords. Having a password like your birthday date is not secure. Having your pet name, girlfriend, mom, dad, favorite actor is not secure. Any dictionary word is not secure. Use random stuff with numbers, signs, uppercase and lower case, like “1M4ecur3!?”
  • Use a password manager like 1Password for Mac or Keepass Password Safe for PC. Not only you’ll have an encrypted and organized password safe, but these apps can also generate random passwords.
  • Use HTTPS always when possible. This will encrypt your traffic to these sites. Twitter, Google, Facebook, all of them have HTTPS options, you just have to go to your account settings and turn it on. Facebook can even warn you by email and SMS when other devices accesses your account. Google has a 2 Step Authorization process for your account, using verification codes and an app for your mobile device that works like a token, giving you real-time generated verification codes.
  • Don’t use free Wi-Fi. Sure, it’s cool to use a free hotspot, but you never know who’s listening. People using free Wi-Fi are exposed to virus and password sniffing. This can happen in your neighbors unprotected Wi-Fi or even your school’s network.
  • The usual crap: use a secure OS. Mac OS X and Linux are secure by nature. If you must use Windows, turn on the system’s firewall and get another one, as well as an AntiVirus. Be sure that they’re always updated.
  • Don’t trust your passwords to anyone.

Remember, even with all these precautions you’re never totally safe.

 

I Need a Wake Up Call…

I took some time to look at my blog and it saddens me to say that I my post count has never been so low, both in quantity and quality.

I still rant and have my own opinions (DUH!) but the need to share my different views with the world (the five persons who visit my blog) has changed. Don’t ask my why, maybe it’s laziness, procrastination or just the “plague” of Twitter and Facebook micro blogging… this or perhaps the excess of information available on the Internet.

Face it. It has never been so easy to get information on whatever topic you want, specially if you’re into technology and video games. There are millions of sites and blogs replicating every bit of news and info that comes up, it’s like an infinite echo of information. What value do we, as bloggers,  add to the flow of information? Our personal opinions? Rants? Sometimes we might even mislead our readers when our posts have little or no quality…

I guess the true reason I stoped blogging is because I “looked around” and found out that I’m not actually creating, I’m not adding value, I’m copying what’s being copied millions of times per second. I’m an echo…

Yup… I need a wake up call. We all do.

Facebook Vanity URL’s Hysteria

Facebook

Much has been said since Facebook allowed the new “vanity URL’s” (or user url’s like I rather call it, since vanity urls is purely an american expression adopted from the vanity plates they have in their cars).

Most of the posts about this are from users bitching about the way Facebook roll out this feature, allowing the users to choose any alias to be used in http://www.facebook.com/whateveryouchoose regardless of their username, unlike Twitter that has http://www.twitter.com/username. Others rant about the fact that Facebook should have provided something like http://user.facebook.com, forgeting that Facebook has milions of users and something like that would have a termendous weight in their DNSs…

But, as always, there’s something good to learn. One of the posts I read about this subject (no link, sorry, can’t find it) mentioned a cool way to give your Facebook, Twitter, Flickr, [insert your favorite social network here] URL’s to other people, that is, if you have your own domain.

In my case, my domain is odrakir.com, so I created some subdomains redirecting to the social networks I use the most:

This way, I can give an url that’s easy to memorize and always mentions my “brand name”, cool enough to use on a visit card 🙂

Why So Silent?

Those who know me and follow me on the web might have noticed my “silence” in the last weeks. It all started in Codebits, I attended the first day and got a very ugly flu. I still managed to check some presentations and hang arround with the Prt.Sc crew, but I left around 19:30 or something with a heavy fever.

It took me a week to kill the flu and return to a decent state, lowering the fever from almost 40º to a regular body temperature. Excused to say that I didn’t follow Codebits the remaning days, nor did my usual blogging / twittering / feed reading. I barely had any interaction with the web (actually even with my computer) and this made me slow down and reduce the amount of time I dedicated to the social web.

I noticed that Twitter was consuming most of my online time, diverting my attention from other information that actually mattered, so I decided to make a “Twitter diet”. I first began to use Twitter to get updates on people and topics I was interested, but Twitter mutated drastically into IRC 2.0, not only you feed it a lot of info that is unnecessary, you also get back the same amount crap or more. I noticed that if some info worth of notice hit Twitter, it was also mentioned on blogs a few minutes later. The only difference was getting the info now or later.

All this allied to my heavy work load made me change the way I get info from the web.

Sure I miss Twittering with the usual crowed, getting the “gossip” and always being on top of the action, but it’s too much time and resource consuming… that really had to change. I’m now getting lighter on my work load and having more time to dedicate to my blogs. This “time off” was also useful to plot some plans to make 8-Bit Revolution evolve, you’ll have more info in a few weeks. Right now, I have to check WordPress 2.7 and see if upgrading is going to be bliss or hell 🙂

EventBox – Dreams Come True

I confess that I’m a little addicted to social networking. I often try new social networks and apps but sometimes I wish that there was only one or only one way to use them all. The ones I use the most are Twitter, Flickr, Jaiku, Digg and the usual gazillion RSS feeds if you can count them as social networking tools.

One of the blogs I follow about Mac applications is UsingMac and in today’s “daily fix” of posts I came across EventBox.

EventBox is like a dream come true for me. It gathers 7 of the most used social networks: Twitter, Facebook, Flickr, Digg, Pownce, Reddit and last but not least RSS aggregation all in one application.

The interface is bliss and pure integration with Leopard. Still in Beta, EventBox features high quality features for each social network service you use, like public and private replying in Twitter, section filtering on Digg, multiple file uploading on Flickr and everything gets to use Growl for notifications.

While very good, there’s still a lot of room for improvement in EventBox. A wide preview pane for RSS to better use widescreen space would be welcome as well as adding more social networks to the list like Jaiku. Adding search, groups and user profile information options in Twitter like Tweetdeck has would be very useful as well. EventBox is not free though, it costs $20 which is not much, specially when you can optimize your usage of social networks, getting rid of 5 or 6 different apps or browser tabs.

Recommended!