Friday, April 22, 2011

Tsunami 's, Hurricane's, Tornadoes and your data

    Are you prepared to deal if you don't have access to your computer ? I thought I was, but two weeks ago a tornado basically touched down in my front yard. We were lucky, the only trees I had down did not hit my house or cars. However many of my neighbor's were not so lucky. You think you'll have time to do something, to grab things. You don't. No one thought that we would have a tornado, just a bad storm. My fiancee and I were getting ready for bed when we heard the wind pick up a bit, so we walked to the front door to look. Seconds later we saw branches bouncing off our cars and both turned  and said "Basement!"  I opened the basement door next to us, and we began to run down the stairs. We only made it 1/2 down before the lights blew out. We just dropped and held each other sitting on the stairs, covering each others heads as the wind whipped around us and we heard the trees breaking. 

    Let's just be honest, I'm crying as I write this thinking how lucky we are and how I could have lost my family, friends or neighbors. For the next few days I just went around trying to help open up the 200+ miles of road that crisscross and wind their way though my community. I saw hundreds of power poles snapped like twigs and just as many damaged houses. We were very lucky to have no fatalities. I was without power for almost five days and part of my road is still inaccessible by car.

     Ok, enough of the sad stuff for a bit. I of course have external hard drives and flash drives and such, but all are in my home. The tornado very easily could have destroyed all of it which, while I would be happy to be alive, would have been difficult to replace. My parents live across town so I thought giving them a few important flash drives to put in their safe, would be a good idea.
   Later I began thinking about the stories I'd heard about involving data loss and Hurricane Katrina. Some New Orleans based companies did not have backups at a separate location. The ones that did were very lucky you would think. However, several of these had  unfortunately chosen Biloxi, which while 100 miles away, was also destroyed. Quite a few companies were unable to recover afterwards and went bankrupt. I wonder how Japan's data is doing after the tsunami and nuclear issues ?

   As an individual, it certainly isn't practical for me to have backups hundreds of miles away, but what about online ?  Amazon's offers a free online storage called Cloud that allows you to store up to 5 gig for free. Other companies do offer free storage online as well, like FlipDrive, but Cloud is the most widely used. This CNN money video is quite informative and interesting in describing what you can do with Cloud.

   Granted "The Cloud" is cool but there are some things to remember. Like the fact that they can access your data to make sure you have not violated their terms or conditions and they will give access to law enforcement agency's if asked. So that picture of you and Bernard Madoff surrounded by cash should probably go elsewhere. While Cloud is known to be very secure and normally have no issues, I'd be remiss if I did not mention that hordes of people who were up in arms about it being down recently for several days.
    The most important thing to remember, is that you are responsible for the security of things you put on Cloud. If a hacker gets in and grabs your data, its security is up to you. How do you go about doing that? I personally use a free cryptography program called TrueCrypt to keep my data safe and secure. Unless something changes, I plan on doing a blog on what cryptography is and how to use TrueCrypt soon. So if you want to go ahead and download it you'll be ahead of the game. As always, remember to share the knowledge so that we can make others aware.

Tuesday, April 19, 2011

Facebook users go viral demanding answers

Why is security opt in ? Why are we still seeing so many scammers and spammers ? Why are those who try to block these and warn people, banned and blocked themselves while the real problem is ignored ? Is Zuckerberg in bed with Zynga (Farmville, Mafia Wars & More) ?

These were a few of the questions posed by Facebook users all around the net yesterday and today. It raises many good questions. Why do we have to opt in for security ?  If you haven't thought about that, maybe you should. I would think making your site more secure would be a good thing. But you have to try and find it and opt in, only have it run poorly. Many believe that the errors and issues are attempts to frustrate you into opting out again.

Then there is the wave of recent bannings and blocking of those who only were helping to keep facebook secure and spam free. As mentioned in my previous blog ,The Bulldog Estate and Scam Sniper never did anything other than help users and provide blocks for these spammers. Most believe that is the reason for their blocks / bans. We have seen these scammers and spammers actually advertising with Facebook, and with the good guys providing users with a 300+ list of blocks, they interrupted the most important thing - profits. That's the only explanation any of us can come up with. Even my woefully unsuccessful first attempt to help with blocks, was made un-viewable on Facebook a few days ago. 

With the ban of The Bulldog Estate and Scam Sniper the users gathered in numbers and let it be know that they have had enough ! The posts have been blowing up the web. My last blog is under current on the front page of Yahoo Buzz. I've seen reports posted to TMZ and WikiLeaks and MSNBC. I saw it being talked about on internet radio shows.  Graham Cluley, who is with Naked Security Sophos and was named Twitter user of the year' by Computer Weekly in 2009 and 2010, has also been trying to help on Twitter. Support pages, "Bring them Back" pages and countless other supporters and those outraged have popped up all over Twitter and Facebook , many of them blocked or banned just as quickly.

But the people have not stopped and seem to be gaining momentum if anything. They are taking it to the news in every form and state, "We shall not sit idly by as these heinous injustices are committed ! We will no longer stand for sloppy security and lack of privacy." They have opened letters, complaints, questions and have attempted to be heard on Facebook Live. Without any sort of proper response and days later, they have taken their fight to the media.  I for one, shall stand with them.

Monday, April 18, 2011

Bulldog Estate & Scamsniper Banned /Blocked by Facebook

It came as no surprise to me when Facebook disabled my page helping people in dealing with those tagging apps and made my notes un-viewable. They have now shut down Scam Sniper  and The Bulldog Estate and even several other temp pages they attempted to make ! They have never done anything other than try to help people and stop the spammers and scammers.

I have been sure for a long time that Facebook is only concerned with making money. I became certain of it awhile back when they attempted to shut down an app I play (Ghost Trappers)   Long story short, use whiskey and other drinks to catch Scottish ghosts (they all said non-alcoholic). They have 51k monthly users and do not buy ads and that made Facebook angry. FB gave them almost 0 time to remove all traces of alcohol references from the game. Luckily they were able to pull it off but we were without pics for awhile.

We have all seen that Mafia Wars has guns and alcohol references a plenty. And Pot Farm has almost 1 million users and it's all about growing illegal drugs and avoiding cops and tons of others as well. But guess what ? They advertise with Facebook as do countless similar ones so its ok.

I had already voiced that I thought Facebook was paid to look the other way or act slowly on all these tagging issues etc. I think the only ones they have deleted are the copy cats that did not pay them. Our security on FB is absolute crap and there is no reason to be. Well actually there is, it makes them money. By having crappy security (they appear to have fought tooth and nail not to get HTTPS and even now its an OPT IN service)  they attract hackers, spammers and scammers like flies on manure. Which pulls them more money from advertising due to site activity and I have no doubt they find more ways to get paid, like selling your info.

Tony, Mike and MBK please let me know anyway I can help ! Even if that means giving you admin privileges here, whatever I can do to help.

I guess big business will always try to get their way. Soon we'll see Mark Zuckerberg passing out money in Congress.

I know you've all seen / know of similar things which have happened. Share it here ! I'm going to try and draw media attention and make it viral. Maybe if we lay out Mark's "crimes" in one place we can get the word out !

Sunday, April 17, 2011

The Dangers of Geo Tags and Cylons

Sorry, had Cylons on the mind while writing this and hence the title. (Feel free to comment and tell me why you are or aren't a Cylon)

Do you own a Smart Phone or a newer digital camera maybe ? I'm sorry but Commander Adama won't allow it aboard the ship. (42 Geek Points to you if you smiled at that) (1)

All joking aside
- The smart phones and many of the new digital cameras have GPS in them that will geotag your photos with "meta data". This meta data can not be seen in the photos but computers programs available to any, can read them with ease. I'm using meta tags right now to get more blog traffic from the search engine toasters in fact.

In my last blog we talked a bit about cyber stalkers. Can you think of someone you wouldn't want to know where you are ? Due to geo tagging I could very easily go rob many nice things if I were that kind of person. It's easy to find geo tagged photos on Craigslist and many other places along with things like "I won't be home til after 5"

Don't think it will happen to you ? It's already happened to many, including celebrities. My favorite was the very tech savvy Adam Savage. If you don't know he's one of the stars of the incredibly popular (and awesome) MythBusters.

When he uploaded a picture of his jeep to twitter he did more than tell people he was going to work. He told them exactly where his house was. When asked about it he said that he was fully aware of geo tagging but had forgotten to turn it off on his smart phone. He has since disabled the geo tagging feature on his phone and has moved to a new home.

I was going to type in all the fixes for you but instead found a great (and scary site) called I Can Stalk You which has step by step instructions with pictures on how to disable it on smart phones.

By the way, if you suspect you may be a Cylon, the first test should always be to look and see if you are shiny and made of a metal alloy. 

(1) - Geek points are non-transferable and are only used to purchase my love. See FDA warning for side effects of my love.

Saturday, April 16, 2011

Who really views your profile? How to fix and hide from hackers, spammers and scammers

If you don't want people calling you, sending you e-mails and IMs or even showing up at your door. Then I would not put that information on Facebook to be sure. It's not even that hard to retrieve. Just as an example I used a Yahoo mail account. A sad sad account with 0 friends :-(
I'm so very lonely..... I know ! I'll use Yahoo mail's import from Facebook feature that searches all my friends Facebook pages, ( I used a FB page with 1040 friends) and brings their e-mails to my yahoo.
Whew, now I have friends. 905 separate contacts, some with multiple e-mails associated with their name. Yay ! And it only took 3 minutes.

Hmm I wonder how many cell phone numbers and home addresses I can find ?

For this one I could have used a simple program to find and download them but that is actually against the terms of use by Facebook. Unlike getting all those e-mails which is perfectly ok. I personally don't want to get banned, but the guy who hacked your friends Facebook doesn't seem to mind, because he had lots of time to get all the info first and then spam any ads and scams he wanted to before getting shut down.

For my sanity's sake at having to manually go to each page, I'm going to use an account with 139. These 139 are personal friends who have been listening to me preach for two years to make themselves more secure and how to do it. Lets see if they listened.

Well the results are in. I'm pleased to say that all 16 of my Facebook family members gave no info other than e-mail. So that leaves my 123 friends, lets see how they fared. I collected 31 cell phone numbers. Of those 31 only 2 were guys. Leaving 29 women who (let's be honest) are for the most part, young and quite attractive. 5 of these 29 women also listed their home/street address. I don't think I need to stress how bad an idea this is. ( By the way - I also collected 114 new e-mails and 43 instant messenger IDs)

Well, now that I've frightened you, how do we fix this ?

The fix is to go into your "edit my profile", on the left side you'll see privacy settings.
After which you once again look on the left for "Custom" and then the little blue "customize settings"

You'll see many things that you can change who views. When you click one of the grey locks on the right and click custom it'll pop up a small window.

Click the drop down option beside 'These People' and change to "Only Me" on many things. I would recommend at the very least the address and phone #. Personally I have every thing from religious views down checked "only me" on mine. I understand that e-mail is not a big deal, but keep in mind that you will receive a lot of spam mail so it may be a good idea to designate one e-mail address as your possible spam receiver and share it.

I'm sorry if you want your friends to see, if they need to they can message you. It's way too easy to be have an account compromised on Facebook. Can you really tell me you've never seen a friend that appeared to have been hacked ?

I also really dislike the "check in" and "allow my friends to check me in" features. I swear that I saw someone post that they were loving their new 64" plasma TV, then the next post from them was of foursquare checking them in somewhere across town. I just remember thinking "Hmmm I could use a new TV. " Granted I'd never do that, but you see my point.

I've shared this to Facebook several times and even directly messaged people about it and yet I can still see half of their numbers. Oh well, I guess they are in for some, " I saw your number on Facebook, whatcha doin' ? " 2 am text messages from me.

Fake Tech Support Calls from Microsoft Security or names I mention

A facebook friend asked me this question :

Hello, I have a quick question for you, I just had a phone call, they informed me that they were from the Windows Security sector and they reckon that I had sent them a report stating that I had infections on my computer, but I didn't send them anything. Does this sound like a scam to you? I told them nothing and told them I thought it was a scam and he hung up on me... What do u think???

You did the right thing. I would never give out my information out over the phone to someone who had called ME.

I found little at first searching but I was able to link more and more together from social network posts and forums and eventually found a few blogs. After I figured out the various names these company's go by I was able to find much more info.

So far these are some of the names I've found them using around the world: comantra, unifyinfocom, supportonclick, thenerdsupport, securesecurityinfotech, thesupportonline, go4isecure, thesparksupport, winpctech, compstep, ordinateurassist, advpccare, techisonline, techonsupport, fixonclick, Log4Rescue, PCTechnosupport, onlinepccare, teamviewer, mypctreat, (adding more as I find them)

They have been also using logmein123 which is itself a real legit site but is sadly being used by these hackers.

DO NOT - Give them any personal info or money or anything like that.

DO - If you're nervous just hang up. If you want to try and see that they get caught one day do the following : Try and get as much info on them as possible, Who are they calling for ? ( Is this name uniquie to one of your credit cards or something ?) I use false names alot for security reasons and thus am able to tell where they got my name from by which one is used. What is their name, company, how much do they know about you ? And anything else you can think of.

Or you can do what these guys did and just string them along. This first one has a hard time holding the laughter in as he strings them along for over AN HOUR. (some language)

I love the "Ello" bit in this one and how he reads the letters back too.

How/who do I report this too with the information I've managed to glean from them ?
You can help worldwide by commenting on this blog and any others you may find. However I do have some links to some 

 This is a forum for the phone scams In the US 
 I found an actual government funded one  In the UK  to inform.

I'll be trying to find more but here's a great blog with good info and videos and recordings. Best one I found.

Friday, April 15, 2011

I've seen people posting Updates/Comments etc about "Working Free FB credits" on various groups and status updates

The status update /post on pages / on groups , says something about a working way to receive 100 ( or 1000) or something free FB credits and gives you a link to go to. Folks-- you will NEVER find anything like this that is legit. STOP CLICKING it.

DO NOT CLICK THESE, just ignore them or comment on them saying " With all due respect, these things will NEVER work and will only spam people. PLEASE do not re-post things like this. Thank you "

HOWEVER, if you HAVE clicked it you'll be taken to and will see a page that looks like this :

Since these appear to be outside sites I guess the thing to do ( IF you have already clicked on the site) is, don't click anything else but instead - RIGHT-click page > view page info > Click the Permissions tab at top > Un-Check ALL of the default settings and block them all that way. You'll not see any confirmation or anything so just close page.

It WILL have given you cookies. So, very top left of your screen (at least with Modzilla Firefox) click  Tools tab,  if you only want to delete these cookies I guess hit clear last hour (or how ever long) Under "details" you'll see options, make sure cookies is checked and then click "Clear Now"

I'm sure there is a better / easier way but I'm not savvy enough to make a 1 button block for these things. I'll let you know if I find someone who is.

Do you play Farmville, Mafia Wars, YoVille or other Zynga games ? Tired of the scams ?

Once again this site  has many of your blocks and fixes.

My solution would be this however, stop supporting Zynga. Scams and spam surround Zynga games like flies on manure. I'd not be suprised if they are taking kickbacks to act slowly or look the other way when it comes to these scams. Zynga and it's CEO have proven time and time again (language warning in vid) that they are only concerned with profits. And once they have your money, good luck getting it back. Just ask the mom of the preteen who took her credit card  and spent $1,400 on FarmVille.

Zynga games : FarmVille, Café World, Mafia Wars, Texas HoldEm Poker, Fishville, PetVille, YoVille, Vampire Wars, Street Racing, CityVille, FrontierVille, TreasureIsle, Fashion Wars, Pirates, Special Forces, Warstorm, Pathwords, WordTwist and more....

Hmmm... I think I'll get in on the action and make my own app (link to come soon)

Tired of seeing "Your Stalkers", "See what this girl did" etc and being tagged in photos?

There are some sites you should check out. The best one I've found with up-to-date blocks. I've made many blocks myself which are on their list now. (Not necessarily added by me but they have the ones I did now in some way) And you can also add the ScamSniper on facebook to help.
The Bulldog Estate also turned me on to an incredible way to open several pages at once to make blocking faster. You simply paste the links in there, summit and then open em.

WARNING - this will open new tabs for each. So you decide if you can handle it. The over 250 (and growing) blocks for these sites would probably not be a great idea to do all at once. The site has them broken into groups that are manageable.

They also have much more info on various apps/games that you play on facebook and such and the scams that surround them like flies.

If you have been the victim of one of these scams you can watch this video telling you how to clean it up.

The "Do not add this person" and Amber Alert fakes

I was asked on facebook this by the wonderful Heidi McSexiness (name changed to protect identity) :

A friend just posted this:

Is this true or just a hoax?

Hoax : It's the first one on this list. These and similar are always fake that I'm aware of. To begin with, adding someone on a social networking site will not give you a virus. In order to get a virus you'd have downloaded and opened something. Generally speaking these are usually some jilted ex trying to get back at his now Ex-GF and her new BF or some other similar "I want to see them suffer" type of thing.

While on the subject, Amber alerts seen in e-mail, twits and on social networking sites are sadly hoaxes 99% of the time. Normally its some jerk trying to get that person arrested or harassed over nothing. This type of cyber-bullying has been around since the early days of the net and on party lines and such.(1)

If it's an amber alert check . They have a search engine and if its remotely similar it will pop it up. Be sure to actually read the alert if it does pop one up, people quite often use real ones and just change it a bit to suit their needs.

Common false amber alerts will contain some nice sounding details including maybe the tag # or name of the person they want harassed. Also they will generally end with something like : " Please Copy & Paste this as your status. Imagine if this was YOUR child. You'd want help"

(1) There was an incredible article I read many years ago in Rolling Stone I think it was (and again later in my Computer Security classes) about a blind little kid who could hear the tones in a phone and tell the number. He would "swat" (sending swat teams to people homes) people who would not do as he wanted IE - phone sex etc. He's a perfect example of advanced cyberbullying. This is not the very long article I was thinking of, but it will due. Go to (currently) the 2nd article down on the site. Be sure to check out the 911 recordings to hear how this boy would "punish" those who disobeyed him. 

My beef with major name computers

Sadly most major brands of PCs are made to fail within 1-3 years.

There is a dual purpose in doing so. First and foremost, people want small little PCs and laptops even though in doing so, it can't cool properly and doesn't have room for powerful enough fans. Secondly, now your PC is dead and just after the 1 year warranty as well (even if you could get them to properly honor it).

Chances are you don't have a spare and need a quick cheap replacement because you probably haven't been saving for one and thus, have a good chance of buying one of the major name pre-made ones.

Most people don't realize they can get a nice desktop made for about the same price as a "Pre-made" store one. It'll probably be significantly better with better quality and have about three times the lifespan ~ IF~ done by trustworthy, reliable people.

I know that many of you have "Nightmare" stories involving these companies who pump computers out like crazy without proper testing. Feel free to share them !

In the photo you'll see the new CherryPal. OMG it's so cute !!! (no joke it really is) and for $249 it can be yours. But for $50 more and obviously a bit larger I can show you ones that kick it to the curb ! (The CherryPal only has 256 ram and it's hard drive is actually a 4 gig flash drive .... that's right, 4g "Hard Drive")

- Information from various sources such as: The New York Times and and of course, myself.

Making your sites (including Facebook) more secure with ONE LETTER

 FIREFOX USERS - There is a free plugin that will give you https wherever it is supported. (I have had some issues with it. Doing more testing and research atm )

I've said this before but there is a way to help make most sites you visit more secure with ONE LETTER. Simply add " s " after http in your address bar. This forces the site to run in secure mode like you see on pay pal and many other areas. Granted this doesn't work in a lot of places such as apps but it will give you a little piece of mind and reduce your chances of being compromised.

Best thing to do is, hit Ctl+Shift + Del . When all your cookies and stuff are deleted ( yes I know its nice to have your PC save your fav sites etc) but this time make sure you type in https before all your favorite sites and bookmarks. This way it should remember your preference for "secure"

One fellow blogger collected 20-40 identities within 30 minutes at a Starbucks using a simple program available to anyone. That's including facebook logins, twitter, and credit cards I believe.

Thanks all for helping make us more secure !


 A question was posed to me on facebook:

Jess McSexypants ( names changed to protect identities) -  Is there any way of having the 's' there all the time?

If she was referring to on FB the answer is yes and no.

The reason the answer is yes and no, is that when a person connects to a website via HTTPS, the website encrypts the session with a digital certificate. You can tell if they are connected to a secure website if the website URL begins with https:// instead of http://  When a site wants to be more secure or maybe just get more traffic(1) They apply for a digital certificate from a CA (Certificate Authority).The CA will issue an encrypted digital certificate that contains the applicant's public key and a various other identification info. Yada yada basically what happens is a "digital handshake" and confirmation that this is indeed the site it claims to be and is secure. The digital cert has to be leased on a yearly basis from the CA. Prices vary dependent on many factors but the fact remains that it costs money. This might not be a cost they can afford or maybe the cert has expired and has not been renewed/updated yet. Many sites including this one cannot be made https. This does not mean that we aren't trustworthy, just broke.

Facebooks's Q/A involving their security OPT IN features and https.

(1)  Why secure equals more people. This is due to not being " questionable " by anti-virus / web-security programs such as Norton. It will instead come up with a green check-mark or something similar instead of a gray ? mark.

 (Props to my computer security professor ) And one of the millions of "Security Now" podcasts that I think I heard all of this on originally.