Thursday 2nd December, the 4th day in a row that we are virtually snowed in.This morning the temperature is a balmy - 1.8 ° C and for now at least it has stopped snowing. Yesterday we made an effort to reach the Co-op and stock up on milk and other essentials. It was snowing hard and although the Co-op is only 300 yds from our home, we were both exhausted and very cold by the time we made it back home. After that experience I can empathise with the Police who are telling us all that if we really don't need to go out then stay at home.
On Tuesday, much to my surprise, the engineer from BT arrived to connect me to fibre broadband. He was wet through and frozen solid after working in the box at the end of the road for 30 mins before coming to our house. We wrapped him round a hot mug of coffee and our dogs did their best to cuddle him back to life again. Once he could feel his fingers he tested the line and found that we had indeed achieved the 40 Mbps we had been promised. There was a certain amount of re-running of wires needed to get fiber where I wanted it but it took less than an hour for me to be able to sit down and back up some websites in seconds that before took anything up to half an hour to download on ADSL. Uploads are now a breeze and files loaded into my FTP program just vanish even big ones are transferred in seconds. I have a feeling that my Internet life is going to be a lot richer from now on.
The attacks I wrote about last week are still going on but for the moment at least we seem to be able to catch them. Up to now we have dealt with the attacks by blocking the IP addresses of attackers. However this has lead to a .htaccess file of over 10,000 lines of code which is unmanageable. So we are thinking about a proactive way to cut down on the number of attacks by only allowing people from countries that we want to trade with access to the sites. You would think this would be relatively easy because as this is a UK company and all its products are in the English language then all you have to do is list the English speaking countries and job done. Not so. A lot of the UK's former colonies still follow UK teaching practices and use English language text books so orders can and do arrive from very unexpected places. At least the effort it will need to analyze the order books and see just where orders have been received from will only generate one line of code per country instead of the hundreds of lines needed to block all the individual networks as before (The UK would need 4,254 lines of code to block it properly, I shudder to think what the USA would need).
Given the weather outside I am so glad that I am offically retired. After our expedition to the Co-op I think that if I had to struggle through this weather to work everyday I would be permanently exhausted and my heart goes out to the folks I see on TV trying to carry on in very difficult circumstances. But that's the English - we moan like mad about almost everything but when the chips are down we get stuck in and the job gets done.
Thursday, 2 December 2010
Wednesday, 24 November 2010
The cost of being hacked
Before I retired to care full time for my wife, I wrote two online bookstores. A few weeks ago the owner of those stores contacted me to ask if I could help him get them back up and running again. On investigation I found that both sites had been hacked, the access codes changed and the databases corrupted. The way these sites are run there is no need to store things like credit card/bank details so apart from basic security, not a lot of attention had been paid to security in depth.
Thanks to good backup routines both sites were back up and running in hours and that was that we though - wrong !!!!
One of the two sites was re-hacked in minutes despite the access codes being changed, the other followed a couple of days later. Time for some serious thought about security. Both sites are run on a commercially available online shop package so there is a wealth of experience on the user forums. It quickly became apparent that this was not an unusual occurrence and there were plenty of examples of what can happen, what to do about it and how to increase security. After a good deal of reading this is what we decided to do;
Thanks to good backup routines both sites were back up and running in hours and that was that we though - wrong !!!!
One of the two sites was re-hacked in minutes despite the access codes being changed, the other followed a couple of days later. Time for some serious thought about security. Both sites are run on a commercially available online shop package so there is a wealth of experience on the user forums. It quickly became apparent that this was not an unusual occurrence and there were plenty of examples of what can happen, what to do about it and how to increase security. After a good deal of reading this is what we decided to do;
- Change all the passwords to the back end of the site making them as strong as we could by using all the available characters (ASCII 0 to 254) and increasing the length of the password making it much harder for brute force hacking programs to discover the username/password.
- Changing the name of the admin folder and adding extra security to that folder.
- Making the .htaccess file as inaccessible as possible.
- Changing the robots file to exclude all the folders we didn't want indexing.
- Build some custom error pages that report every time a hacking attack is stopped.
So far this has thrown up some surprising information. Hacking probes are there all the time but most of them realise a site is protected and, after a very few attempts, stop trying to get in. A lot of the attacks come from IP addresses owned by large companies but it isn't clear at this stage if the companies are mounting the attack, a disgruntled employee is using the company equipment or the company had been invaded itself by a bot net and was unaware that their computers were being used in this way.
There seems to be three distinct types of probe;
- A robot that wants to index the whole of the site - these can mostly be stopped or diverted using .htaccess
- A probe looking for databases and/or customer lists
- An attack that has recognised which shop is being used and is trying to access the specific files that will reveal the order list, the customer list, payment methods etc. This is by far the most dangerous of the three and the one we need to make most effort to block.
I'm sure some of my readers will by now recognise which company I am talking about and I want to reassure them that to the best of our knowledge none of their financial details can possibly have been lifted by the attackers because the company doesn't trade using credit or debit cards. Likewise although we know the database containing customer list and product descriptions has been destroyed more than once, there is no evidence available at this time that any names and addresses etc have been stolen. However you may find that as we have had to use backups to rebuild the database your account no longer exists. If that is so, please login and make a new one and accept our apologies for the inconvenience.
This sort of action costs business large and small a lot of money in lost time, lost orders and other fees to get sites working again. I know what the criminal hacker is after - they want personal data and bank details. But the hobbyist hacker has me baffled. What possible motive can he/she have for trying to wreck some one's lively hood?
Friday, 29 October 2010
Time to Change
Today the BBC released a story about a debate in the House of Commons concerned with just what Google collected as it drove past our homes. you can read all about it here http://www.bbc.co.uk/news/technology-11650692.
Now I have heard all sorts of tales about what Google has or hasn't done but I have come to the conclusion that it better to be safe than sorry. I am recommending to all my family and friends that they change the WiFi login details on their routers. Change the login passwords on their personal accounts on their computers and last by by no means least change the passwords on all their email accounts.
I know this means a lot of careful work needs to be done but as some of the people I know have business and financial details on their computers and they rely on them for their livelihood. I feel it is better to put in an hour now than trying to rescue all their financial details and contacts after someone has has found a way in.
Given all this, it is good general practice to change your passwords monthly and to scan your computer weekly for malware and viruses. Give the number there is about now you can't be too careful.
Sunday, 26 September 2010
Two steps forward and one back
It's been quite a few weeks since I fetched my wife home from Hospital. We did manage a few days away when the weather was kind, the food was good and we managed to relax and unwind. The fun began when we got home and found that some of the drugs being given to Jackie were not suitable to be given together so we had a week or two of chopping and changing when we were not sure from one week to the next exactly what she should have been taking. Thankfully with the aid of her CPN and our GP we think we have got the drugs about right as most of the major side effects have disappeared and Jackie is making slow but steady progress to being well again.
I also had a setback. I had a fall that dislocated two finger on my right hand. One of them went back into place perfectly but the other has lost a chip of bone where the tendon has pulled away from the joint and a third tendon is ruptured. Thankfully it doesn't need surgery but I have been warned it could take some months to heal properly. In the mean time it is slowing and restricting the amount of time I can spend at my keyboard.
Speaking of keyboards, there have been a rash recently of alerts coming from the security firms who monitor the number of viruses and malware currently making the rounds of the system. They run from the mischievous ones that just send stupid messages to your screen through ones that can delete files on your HDD and cost a lot of time and effort to get rid of. However the worst of all are those that enroll your computer to a bot net and start to send your private details to the criminal gangs that run the bot nets.
The way to keep your computers free of infections like these are as follows :-
I also had a setback. I had a fall that dislocated two finger on my right hand. One of them went back into place perfectly but the other has lost a chip of bone where the tendon has pulled away from the joint and a third tendon is ruptured. Thankfully it doesn't need surgery but I have been warned it could take some months to heal properly. In the mean time it is slowing and restricting the amount of time I can spend at my keyboard.
Speaking of keyboards, there have been a rash recently of alerts coming from the security firms who monitor the number of viruses and malware currently making the rounds of the system. They run from the mischievous ones that just send stupid messages to your screen through ones that can delete files on your HDD and cost a lot of time and effort to get rid of. However the worst of all are those that enroll your computer to a bot net and start to send your private details to the criminal gangs that run the bot nets.
The way to keep your computers free of infections like these are as follows :-
- Make sure you have the latest version of a good anti virus program (I use Avast Free) and ensure that it updates at least daily.
- Likewise download and install at least two malware programs and run a full scan weekly, the favourites for this are Adaware and Spybot both of which are free for home use.
- A favourite way of getting malware (Worms) onto your computer is via a round robin purporting to be a warning about a new virus. One came to my notice this week. It was titled 'There is a Muslim in the white house'. It tried to tell you that if you received an email like this it would contain a virus that would put a flaming torch on your screen while it destroyed your HDD. I can find no trace of this virus in the database of any of the major Antivirus companies but there is plenty of evidence of round robins like this being used to sneak worms onto your computer. If you receive an email that is addressed to a lot of people and it asks you to pass it on to all your friends. Break the chain. Delete it from your computer preferably unread and don't send it on. You should also do a full scan of your computer to make sure you haven't been infected.
- I use an email program that catches about 99% of the spam and infected email that arrives in my mailbox. It is called MailWasher and you can download it for free from here http://www.mailwasher.net/ It is free for personal use but if, like me, you have multiple mail boxes and accounts, then the pro version is worth every penny.
Just as a last aside, I was asked to look at a computer that was behaving 'oddly'. I had been asked to configure this computer when it was new and had loaded all the necessary antivirus and malware software. All the new owner has to do was register the software to activate it for a year. They didn't and the machine had been running on the web unprotected for about three months. The computer was slow because it was too bus running malware to be bothered to do what the owner wanted and it had enough viruses to keep a bacteriologist happy for months. It several days of hard work to get rid of them all and clean up the system and the owner's plea that it didn't seem important fell on deaf ears.
I have bought myself a Sony e-book reader. They are not all they are cracked up to be but they can contain a lot of books both e-books and audio books or music. For people like me who find it difficult to sleep they are a boon because with the addition of a small LED light, you can read in the dark or by plugging in a set of head phones (ear buds will do) you can listen to soothing music and read at the same time. I can also imagine that for long haul flights they could be an essential accessory as they have a long battery life (7,000+ page turnings) but I haven't yet had chance to find out how many songs/audio books they can play before the battery runs out. As they are recharged by the 5 volt USB system and only need a 4 hr charge from fully exhausted then there are many ways a traveller can find to refresh the charge in his reader's battery.
I have been offered some holly logs and that has spurred me on to clear all the rubbish out of my workshop. I am hoping I can disinter the two lathes that are in there and try to re-learn how to turn wood. There is nothing that cheers me more than something I have made giving pleasure to someone else so watch this space to see how I get on.
Thursday, 8 July 2010
Home Again
Yesterday I brought my wife home from the hospital ending what seems to have been the longest loneliest period of my life. My next task is to take us both away for a few days for a bit of pampering in a hotel by the sea. This time I have two new toys to play with. The first is a CamCorder which I haven't had before - I used to use my SLR to record videos. The second is a 3G dongle that should allow me to keep in touch with the world from my hotel room without incurring sky high charges for using the hotel's WiFi connection.
While she was in hospital, my wife used the dongle and her notebook to keep in touch with me in real time using Yahoo Messenger. It made the world of difference to how she felt and to how she was able to keep in touch with the world outside. When you are in hospital for any length of time, you crave for contact with the outside world. These dongles make it possible AND cost less than a mobile phone to run. From the other patients point of view there are no annoying ring tones or someone talking. Typing on a laptop is almost silent so it annoys no one.
I only use a fraction of what one of these dongles can do as they can easily allow you to browse the web, download and watch streamed programs, use iPlayer or spend a fortune on eBay. When I am away from home I can collect my email, check my bank accounts and talk on yahoo with anyone I need to (a friend looks after our animals while we are away and calls to reasure us that all is well).
The learning curve for the CamCorder is going to be a steep one as mine is not sophisticated with anti shake and all sorts of other twiddly bits. I'll let you know how I get on when we come home.
While she was in hospital, my wife used the dongle and her notebook to keep in touch with me in real time using Yahoo Messenger. It made the world of difference to how she felt and to how she was able to keep in touch with the world outside. When you are in hospital for any length of time, you crave for contact with the outside world. These dongles make it possible AND cost less than a mobile phone to run. From the other patients point of view there are no annoying ring tones or someone talking. Typing on a laptop is almost silent so it annoys no one.
I only use a fraction of what one of these dongles can do as they can easily allow you to browse the web, download and watch streamed programs, use iPlayer or spend a fortune on eBay. When I am away from home I can collect my email, check my bank accounts and talk on yahoo with anyone I need to (a friend looks after our animals while we are away and calls to reasure us that all is well).
The learning curve for the CamCorder is going to be a steep one as mine is not sophisticated with anti shake and all sorts of other twiddly bits. I'll let you know how I get on when we come home.
Friday, 25 June 2010
Another scam
This week I was sent a copy of a warning issued to all their customers by AOL. It is about a new way to try to trick you into revealing your credit/debit card details. It works like this;
- You receive an email that asks you to ring a number because there is a problem with your PayPal account. If you do, a recorded voice asks for your credit/debit card details
- You may receive a phone call where the caller already knows your credit/debit card details but wants you to give them the security number on the back of the card
What you should do is this;
- Delete any email that asks for financial details. No reputable company would work like this and certainly not a bank, credit card company or PayPal.
- If you receive a phone call asking for any of your card details hang up immediately then ring the telephone number on the back of the card. If the first call was genuine then your card company will be able to tell you what the problem is. However it is much more likely that they will be able to confirm that you have received a vishing call and will tell you what to do next.
If any of you want to read the original warning you will find it at AOL Warning
This warning does make you wonder where these crooks are getting your card numbers from. My wife and I were so concerned about this that we decided to set up an account that is only used for shopping on the web and eBay. With the help of our Bank, we opened an account that does not have a cheque book, has no overdraft facilities at all, can not accept any direct payments such as Standing orders, Direct Debits etc and has only a Debit Card as the way to access any funds. We keep the balance of the account below £10 and only move money into the account when we have made an online purchase. So far it has worked just fine but if anyone does get hold of the card details the most they will get is £5 and it will flag up on the Bank's computer that this is an unauthorised transaction and we will know that account has been hacked.
Our Bank were so impressed by how it has worked (we have been running it for a year now) they have started to offer it to all their online customers for use as an online shopping account.
Saturday, 12 June 2010
A shocking tale
One of the nurses looking after my wife in hospital was notorious for crashing electronic equipment as soon as she touched it. Her colleagues thought it was a hoot but not her boss and he banned her from even going near his computer. I thought the tale was a bit far fetched till I watched her take a blood pressure reading. As soon as she put her hand on the machine it crashed.
My mind went back a number of years to an incident when I was a newly qualified computer technician just starting off in business. A firm I looked after had a typist/secretary who couldn't use a computer. Before they dispensed with her services they asked me to have a look at what she was doing to see if there was a simple solution to the problem because apart from this, she was a very good worker. I detached a computer from their network and set her off typing a letter. In less than 10 seconds the monitor went funny with the picture distorted and the computer froze. The lady dissolved in tears and fled to the toilet. I switched the computer off and rebooted it and all worked properly again so the problem was either static electricity or a stray magnetic field. I eliminated magnets as I could find no trace of a gauss field but where was the static coming from?
When the lady returned red eyed from the loo I was about to give up and confess myself beaten when I heard a sharp crack as she sat down.
"It's always doing that" she said as she shook her hand where a spark had jumped from her to the metal of the chair.
The penny dropped. The young lady was wearing a silky looking blouse and a pencil skirt. I asked her if she had a slip on and with great trepidation asked her what her undies were made of. She told me that both her slip and undies were silky man made material like her blouse.
Now those among you that have done physics at school will remember the demonstration of rubbing a glass rod with a silk handkerchief and then picking up scraps of paper using static electricity. What was happening was the young lady's undies were rubbing against her slip and blouse and having the same effect. Her plastic soled shoes were insulating her till she sat down in the metal chair and the electrical potential was high enough to generate a spark to jump the gap.
I asked the young lady to wear cotton clothing and undies the following day and we repeated the test. No sparks and the computer behaved itself. A neat and cost free solution.
Now back to our nurse. Her uniform is mostly made of polycotton and there is no way to change that so I had to do a bit of oblique thinking. Every computer technician will be used to using a wrist strap to earth themselves while handling electronic components so maybe this was the answer. I took a wrist strap with me on my next visit to the hospital and showed the nurse how to use it. Two days later when I took my wife for her regular treatment session the nurse wasn't on duty but all her colleagues were full of the story about how she could use a computer and the other electronics in the unit without something horrible happening.
The moral of this tale is that if ever you have to open the case of your computer, before you touch anything inside, put your hand on a radiator or metal sink for a few seconds and make sure you have drained away all the static electricity we all carry as part of our daily lives. Not everyone carries as much as the nurse or the fashion conscious secretary in the story but you may be carrying enough to seriously damage some of the parts inside your computer and you could land yourself with a big bill to put things right.
My mind went back a number of years to an incident when I was a newly qualified computer technician just starting off in business. A firm I looked after had a typist/secretary who couldn't use a computer. Before they dispensed with her services they asked me to have a look at what she was doing to see if there was a simple solution to the problem because apart from this, she was a very good worker. I detached a computer from their network and set her off typing a letter. In less than 10 seconds the monitor went funny with the picture distorted and the computer froze. The lady dissolved in tears and fled to the toilet. I switched the computer off and rebooted it and all worked properly again so the problem was either static electricity or a stray magnetic field. I eliminated magnets as I could find no trace of a gauss field but where was the static coming from?
When the lady returned red eyed from the loo I was about to give up and confess myself beaten when I heard a sharp crack as she sat down.
"It's always doing that" she said as she shook her hand where a spark had jumped from her to the metal of the chair.
The penny dropped. The young lady was wearing a silky looking blouse and a pencil skirt. I asked her if she had a slip on and with great trepidation asked her what her undies were made of. She told me that both her slip and undies were silky man made material like her blouse.
Now those among you that have done physics at school will remember the demonstration of rubbing a glass rod with a silk handkerchief and then picking up scraps of paper using static electricity. What was happening was the young lady's undies were rubbing against her slip and blouse and having the same effect. Her plastic soled shoes were insulating her till she sat down in the metal chair and the electrical potential was high enough to generate a spark to jump the gap.
I asked the young lady to wear cotton clothing and undies the following day and we repeated the test. No sparks and the computer behaved itself. A neat and cost free solution.
Now back to our nurse. Her uniform is mostly made of polycotton and there is no way to change that so I had to do a bit of oblique thinking. Every computer technician will be used to using a wrist strap to earth themselves while handling electronic components so maybe this was the answer. I took a wrist strap with me on my next visit to the hospital and showed the nurse how to use it. Two days later when I took my wife for her regular treatment session the nurse wasn't on duty but all her colleagues were full of the story about how she could use a computer and the other electronics in the unit without something horrible happening.The moral of this tale is that if ever you have to open the case of your computer, before you touch anything inside, put your hand on a radiator or metal sink for a few seconds and make sure you have drained away all the static electricity we all carry as part of our daily lives. Not everyone carries as much as the nurse or the fashion conscious secretary in the story but you may be carrying enough to seriously damage some of the parts inside your computer and you could land yourself with a big bill to put things right.
Subscribe to:
Posts (Atom)
