Cyber Security, Computer Maintenance, and YOU

In seminary we were to clean our rooms every Saturday morning.  I still am in the habit of doing cleaning chores that day.  I also do routine work on my computers: back ups, clean ups, virus scans, tidy up the registry, drivers, etc.

Maintenance is important.

Today I am doing a little more: I am changing all my passwords on all my major… things.

I read about a new threat today that I took seriously.  Also, it was time.

May I recommend that you all get a big external hard drive to back up everything that is important to you?  Critical things should be kept on a USB drive, maybe even offsite, such as a bank box.

Moreover, get uninterruptible power sources (UPS) for your important equipment.  Big TVs and that sort of thing should also have gizmos to clean up the electricity.

Some ideas.

An IronKey, a flashdrive that is rugged and can be encrypted.

Click

IronKey is more expensive, but it won’t fail you.  Keep images of important documents, files you must not lose.  We all have them.

And external drive with 1 TB.  That sounds big but it really isnt’ anymore.

Here is one that is portable.  Once you use a link you can shop around.

Click

Remember two things:

1) It is not a matter of IF your drive will fail you, it is a matter of WHEN.  It will happen.  Do you want to lose all your photos?  Music? Documents?  Records?  You will.

2) Jesus saves.  So should you.  Make backups and, if you are like me, backups of the backups.  I am not a huge fan of these “cloud services”. Who has access to my data?

When the power is interrupted, as in a storm (when the EMP hits we will have bigger problems and you need Faraday cages for that… but I digress) your equipment can be damaged, not to mention the work you can loose.

Uninterruptible power sources.  I have a bunch of them.  I think size matters.  If you are running something simple, go small.  But I think bigger is better.  They protect from larger surges, they can run more things for longer.  I like APC products because of the super customer service I have had with them.  When I was in the countryside where the power grid was susceptible to storms and surges, these things saved my bacon several times and each time APC replaced my batteries or units.  A couple other companies did nothing for me.  BAH!

Again, use the link and shop around.

Click

Like with all disasters, they always happen to someone else…. until they happen to you.

Prepare.

Semper parati!

Some of you will have your own practical hints and horror stories, as well as disasters averted tales.

UPDATE 11 April:

From xkcd:

About Fr. John Zuhlsdorf

Fr. Z is the guy who runs this blog. o{]:¬)
This entry was posted in "How To..." - Practical Notes, Semper Paratus and tagged , , , . Bookmark the permalink.

12 Comments

  1. CrimsonCatholic says:

    Before you change your passwords, I would check if the website has been affected by Heartbleed. If it is already affecting the website and the website has not been patched, then changing your password will do little good. You can check to see if the website has been patched at lastpass.com/heartbleed/.

  2. wmeyer says:

    I second the recommendation for APC. I have used others; APC UPS products are more robust, in my experience, and as Fr. Z says, larger ones offer more protection features. On my big one, I have replaced the battery, which was simpler than I expected. The first one lasted 5-6 years. Cheap protection.

  3. Will D. says:

    CrimsonCatholic beat me to it. Change the passwords after you’ve verified that the site has been updated. If you use lastpass (which is excellent and I highly recommend) their “Security Challenge” page will tell you which of the sites you use have been affected and whether they’ve updated the server yet.
    The other huge advantage of using lastpass (or some other secure password manager) is that it makes it much easier to use a UNIQUE password for each site. That way, if one is compromised, the hackers can’t take advantage of the fact that most people use the same or similar passwords at sites all across the web.
    There are cloud services that are, as Steve Gibson put it, TNO (Trust No One). If only you have the keys, and everything is encrypted and decrypted locally before going to the cloud, then it is TNO. Me, I use OneDrive. I value the ease of use and basic security over the potential that MSFT and/or the NSA is prowling through my old photos.

  4. The Masked Chicken says:

    One problem is that people use the same password for many different sites. One easy way to stop this is to use a perturbative password scheme: passw1ord, passw2ord, etc. that way, you lose only one password per site and if you forget the password for a particular site, it is easy to reconstruct.

    I do not sign up for much social media, so no Facebook, etc., for me. Only my very local e-mail provider and my college have my e-mail addresses. Oh, and Apple :(

    The Chicken

  5. CGPearson says:

    If you don’t want to invest in an encrypted hard drive, there is also great free software out there like Trucrypt which allows you to create an encrypted repository to place files into.

    Also, if you have trouble remembering all your passwords, there’s free software like KeePass which allows you to create an encrypted database of your passwords which you protect with one password. Just be sure that when you create the password to encrypt the database that it is a VERY long and unguessable password that you use no where else…and for the love of all things holy, DO NOT WRITE IT DOWN.

  6. Bosco says:

    I live in the West of Ireland where we were utterly savaged by storms from November last through this February. No electric. No well water for a potable drinking supply or for toilet flushing. Only had our solar powered radio and torch (which each could be cranked to activate the battery), candles, and a small propane heater to cook our food.
    Lived off our store of canned goods for almost a week.
    Can any of the devices suggested above by Father Z. adapt for use in Ireland?

    [I think you are looking for a hardened portable power system. In these USA we have options such as the impressive JuiceBox which also can be charged with foldable solar panels. You might consider a gas power generator as well.]

  7. Ben Kenobi says:

    Excellent advice, Father Z. I recently had to restore from backup. I now have a portable hard drive and a larger backup. To make a quick and dirty faraday cage, I wrapped up a small drawer with two layers of aluminum foil. Cheap, quick and dirty.

  8. eiggam says:

    The portable hard drives mentioned above are less than $100. Windows 7 control panel has options for setting one up and it is not very difficult.

  9. Andrew says:

    I make notes with pencil on paper and I hide them under my bed. But I am concerned that a heavy rain might wet the paper and make it illegible. Perhaps I should wrap them in plastic bags and burry them. And I have to leave some instructions for my family in case a lightning strikes me. But the instruction must be encrypted. And the key to the encryption must be hidden somewhere … in a different colored plastic bag … yes … the bags must be color coded and the coding of the bags must be encrypted and hidden, but it must remain somewhere where those whom I trust can get to it in case of my sudden departure … see … when I go – everyone will want to see my pictures, but the Authorities must not get to them first. I have to camouflage them, they have to look like … like regular junk mail that was just left on the kitchen table: I will have two pages of adds and one picture and again two pages of adds … no, it has to vary, there mustn’be a pattern, it has to be random: that is, it has to appear random, but there will be an encrypted key, which will provide the sequence. And the key will be hidden … where should I hide the key? … this is a difficult process. I think the authorities are watching. They have spies everywhere. They even use children as spies. I wonder if my grandchildren are spies. Some of them look like they might be from a different genetic pool. I am troubled by what is happening. There is a man on a bicycle riding down the street. What is he doing in my neighborhood? I have never noticed him before. He looks like he could be a Mexican. None of my neighbors are Mexicans. The corner house is a strange bunch. They might be from Asia somewhere. Last night I could swear I heard a goat bleating, right around midnight. I fell asleep deeply. And I woke up to a distant bleating. It was very windy and I wasn’t sure what I heard. I took all my passwords, the whole box with the encrypted directory down to the basement. Then I heard a whisper, it was near me, a distinct whisper: “protect yourself at all times” – but it wasn’t a human voice speaking. It was the goat bleating: “proooot ect yoooours elf” like that.

  10. yzerman123 says:

    Backups are a great idea. However, don’t use a USB stick as a backup. They’re not good for long-term storage. The data on them will get erased or corrupted over time. USB sticks were designed to transport large files from one computer to another, not for long-term storage. Use an external hard drive for long-term backups.

    Take care!

  11. scribbly says:

    Not all cloud backups are the same or as ‘safe’. Personally I use SpiderOak as even they are not able to decrypt my data. SpiderOak has saved my bacon a number of times (and makes sharing safely super easy): read one experience here: SpiderOak Saves the Day #2. SpiderOak keeps all my documents safe in the cloud (which also means I can access them from any computer connection ;) )

    If you’re wanting simple fast backup to external devices, there are lots available, but my current favourite is bvckup2. It keeps my 145Gb of photos in safe sync in only a couple of seconds a week!

    I’m moving away from cloud password or usb based password generators. Like we’ve seen, everything can be compromised. I hacked my own personal version of 1Pass4All which basically generates the password each time (so by definition is not remembered anywhere and therefore can’t be found).

    Of course UPS is a no-brainer…

  12. The Cobbler says:

    I think there’s a problem with the password manager (LastPass, KeePass etc.) advice.

    First off, you don’t need everything to have a unique password. What you need is not to have the same password for any two sites/accounts one of which does and the other does not have a given piece/type of sensitive data (bank info, social security, etc.) or access (email accounts tied to other accounts that have sensitive data, accounts that have access to company systems, accounts associated with any “whistleblowing activity”, etc.).

    Now, a password manager’s key is less likely to be stolen because it is unlikely to be intercepted across the internet, only the passwords it manages are. But it still can be stolen: if viruses on your computer can’t watch you type it in, they can pull it out of processing memory as it’s being used. And viruses, like this encryption vulnerability, happen sooner or later, no matter what we do to reduce the probability that they’ll catch us. (The only exception being never connecting your computer to the outside world, mind you.) What’s more, viruses can hit people at random, even if you aren’t specifically targetted.

    And if your password manager’s key is stolen, all the passwords using that account are in the same situation as if they’d been the same password to begin with. So, unless you only want the improved odds provided by having the passwords sent over the internet be different even though on your end they’re all tied together still, you’d need a different password manager account for accounts with banking info, accounts with social security info, accounts with both banking and social security, email accounts tied to these others so on and so forth… and what do you know, if you want to be completely safe you need as many different password manager keys as you’d have needed passwords in the first place.

    To reiterate: the important thing is to separate passwords for accounts that have and don’t have different pieces/types of sensitive data or access, and a password manager does not actually make these separate, it merely makes it a less likely for the non-separate level to be compromised.

    In comparison, what of the advice not to write passwords down physically? Frankly, the most obvious way to steal someone’s accounts is to break into their house to get their passwords. In my opinion no criminal who isn’t an idiot (by which we mean one who gets tracked down easily) is going to do it that way unless they’ve already tried and failed to put a virus on your computer, because viruses can delete themselves and never be noticed much more easily than a burglar can avoid detection. Relatively speaking, when you consider the commonality of computer exploits, writing a password down and keeping it someplace inobvious (creative, not commonly looked in for stuff to steal) at home is, if you ask me, probably one of the safer ways a password can be stored. Exponentially more so if you’re not a public figure, a company executive, a whistleblower, independently wealthy, or otherwise likely to be specifically targetted. (I suspect this advice is leftover from the days when the internet was new and little used, if not from the days when there was no internet. Back then, people couldn’t break into your computer without your passwords, so they had to steal you passwords from you first. Plus the average, unlikely to be targetted individual was also unlikely to even have a computer in the first place. All in all, those days have been long gone for at least a decade, at latest since whenever the first internet virus spread via the first infectious spam email.)

    And if you are likely to be specifically targetted? Then let me remind you that you, not any computer, not any piece of paper, are the weak link: http://xkcd.com/538/ Just sayin’.

    Overall, The Masked Chicken’s advice about having one password system from which you can derive many different passwords is probably the most helpful thing you’ll hear about managing different accounts.

    And don’t get me started on what constitutes a “secure password”… This is tangential enough as it is!

Comments are closed.