- monthly subscription or
- one time payment
- cancelable any time
"Tell the chef, the beer is on me."
Despite all the concerns and discussion out there over cloud usage by legal professionals, Dropbox still remains one of the most popular applications among lawyers. I am not going to discourse on whether or not that should be the case – the internet is rife with the opinions of very capable commenters on the subject – just remember that there are Bar rules out there about lawyers employing reasonable measures to ensure security when using the cloud. My personal use, however, takes into account the potential risks as well as rewards of using this free and cheap multi-user, cross-device sync app that a majority of cloud users have embraced. That means I enable security features whenever possible and store documents I have no fear of others potentially having access to. While that may limit others’ use of the service, I still find plenty of utility in Dropbox when I need to collaborate or share with someone else – and I have chosen not to use my other favorite sharing / storage service, Google Drive.
First, as with any other online service, make sure you have a very secure password – please, no 1234567! Did you know that is one of the most popular passwords out there? No duh! Make it hard to crack with letters, numbers, symbols and mixed caps. Also, disable automatic user log in on your computer and log out on your devices when not using the service. And, now that they offer it, enable two-factor verification – I have it on all services that allow for it, like Facebook, Twitter, Google, etc. Dropbox has it too – all this means is that when you (or anyone) attempts to log into your account on Dropbox, you will get a text message on your phone with a verification code that you will also need to enter to get into your folders. Dropbox also encrypts files on its side of the fence and you can too – check out Boxcrypter, which I wrote about here in the Studio, for an extra level of encryption on YOUR side of the fence. Some content creations applications, like Microsoft Office and Adobe Acrobat, let you password protect at the document level. You also can set Dropbox to selectively sync only certain files, thus limiting unwanted access where syncing isn’t really necessary. No guarantees that these steps will prevent any and all security breaches, but it certainly improves your odds in keeping your data intact.
Besides syncing, sharing and backup, there are some pretty cool uses for Dropbox. Automatically upload your photos from your devices to Dropbox by enabling the auto upload feature in the app. Set up remote printing by creating a print queue folder, and setting up a script that will look to the folder and print locally at home anything you add to it while on the road (thanks Amit Agarwal at Digital Inspiration Blog). If you use 1Password for your secure password storage, you can use Dropbox as a password backup application. Backup your WordPress blog to Dropbox using plug ins such as WordPress Backup to Dropbox, WP Time Machine andBackupBox. Use Wappwolf to automatically share, convert files, sync, zip, unzip, encrypt, decrypt and employ actions in other applications such as Evernote, Facebook, Flickr using Dropbox. There is little doubt that Dropbox’s popularity is one of its benefits – there are plenty of very smart users out there who create applications to extend the reach and utility of Dropbox because they use it too.
One last little gift to you: MakeUseOf has a cool chart showing off some of Dropbox’s tips, tricks, keyboard shortcuts, and tools and plug ins. Check it out – this really only scratches the surface of what you can do with the service. And remember, always sync responsibly!
But it may be indicative of the lurking loss of privacy and security we seem to freely exchange for the convenience of connectivity.
There are search engines out there specializing in all sorts of online information. I have highlighted some here, for example search tools that delve into the deep web. Shodan is different. Shodan searches for devices connected to the Web. Like servers. Printers. Routers. Webcams. Security cameras. Control systems for water parks. Really? Yup, really. And it can see what is secured out there and what is unsecured. From a CNN Money article that ran the rounds yesterday:
A quick search for “default password” reveals countless printers, servers and system control devices that use “admin” as their user name and “1234″ as their password. Many more connected systems require no credentials at all — all you need is a Web browser to connect to them.
Search parameters include location by city or county, latitude or longitude. Or search by hostname, operating system or IP address. It also allows you to export your search results by XML, so you can take it with you, with the IP and physical location associated with the result. And, if you don’t want to do the heavy lifting, let some other hackers users do the work for you with shared searches.
Even scarier, use Shodan Exploits to search for known vulnerabilities and exploits lurking out there.
I can hear you now – “Oh.Em.Gee. How long has this been out there?” Three years. When you search one of their shared searches for, say, video web servers, you will see results from 2010 forward. Shodan is celebrating its three year anniversary with a decent flurry of press activity. Great. Now more hackers users will know about this means of tapping stuff.
I totally understand that being fore-warned is to be fore-armed, and that the principle purpose of this is to enhance security rather than shake up that fragile concept, but my pessimistic self can’t help but consider all the nefarious uses such a tool could promote. It is all great if device owners take heed and actually start securing these devices. FWIW, SHODAN (Sentient Hyper-Optimized Data Access Network) apparently is a name used for a fictional AI antagonist in the cyberpunk action role-playing video games System Shock and System Shock 2. Take from that what you may/will.
Shodan invites you to register using your social logins, but I had no problem running some searches without registering. Check it out. And be chilled.
USB drives are so pervasive in today’s world of technology, but when they first debuted, they revolutionized data exchange. The first USB flash drives had an 8MB capacity, which isn’t much by today’s standards, but a far cry better than the alternatives – the 1.44MB floppy or the CD that required permanent burning. Nowadays we have USB drives that are larger than traditional hard drives. But for all the convenience and power of the USB drive, there are some serious USB drive danger to be wary of.
The ubiquity of the USB drive has made us overly trusting of the technology. We plug them in, pull them out, and plug them in again without a second thought to issues of security and protection. And I’m not just talking about “safe ejection” to prevent data corruption. I’m talking about viruses, malware, and all of those pesky nuisances that love to infect every corner of our systems.
Unfortunately for us all, we need to be diligent about USB security just as much as we are about hard drive and network security. Keep reading to learn more about this problem and how you can adequately guard yourself against it.
When we hear about network and computer safety, we often hear tips and tricks that are somehow related to the Internet. Don’t click random email links. Don’t visit shady websites. Keep your firewalls up and your antivirus databases updated. Use safe passwords and stay vigilant against keylogger infections.
Now consider this scenario: a high-security headquarters where lots of confidential work with sensitive data is being done. Places like this are often isolated from the Internet, instead relying on a closed-circuit intranet for data sharing and communication. And when you consider a place that’s completely severed from the malice of Internet hackers, you’d think the security would be top-notch.
And in reality, the security is good. It’s near impossible to hack or corrupt an internal network like that without performing the kind of impressive stunts that you’d see in the next Mission Impossible. Yet even so, hackers were clever enough to find ways to infiltrate secure compounds from a distance: by infecting the very USB drives that employees would use to transfer files from outside to inside the building.
There are plenty of cases where viruses piggybacked onto USB devices in order to spread like wildfire across the world. Remember the dreaded Conficker worm? The United States military ended up having some trouble with the agent.btz worm that was brought in through an infected USB drive. And more recently, there was the cyber-weapon Stuxnet worm.
And so, USB drives are like mosquitoes. They have the potential to pick up infections when plugged into an infected computer and they can spread those infections almost instantaneously as they’re plugged into other devices. This is why it’s so important that you keep not only your computers clean but your USB devices as well using regular scans and antivirus programs.
USB Disk Security is a tool from Zbshareware Lab that is as close to an all-in-one USB protection suite as you can get. It provides a whole host of features and safety options to keep you as protected as you can be in all things related to USB drives. Most USB security tools will focus on the USB drives themselves, but USB Disk Security goes way beyond that.
USB Disk Security has the following features:
USB Disk Security supports Windows XP, 2003, 2008, Vista, and 7, but it may interfere with other antivirus programs already installed on your system. It’s free with limited features. A lifetime license will cost you $55 USD which unlocks all features and includes all future updates to the software.
As you might have surmised from the description of USB’s dangers, most viruses depend on automatically running when the USB drive is plugged into a computer. This is in large part determined by the presence of an autorun.inf file which, as the name suggestions, automatically runs upon connection.
BitDefender, a security software company that I’ve praised in the past, has a free tool called the USB Immunizer that immunizes your chosen USB device against malicious autorun.inf files by creating its own special autorun.inf file that cannot be deleted or replaced.
BitDefender USB Immunizer works on Windows XP, Vista, and 7 on USB devices that are formatted with FAT, FAT32, and NTFS file systems.
The USB Dummy Protect program has an interesting theory behind the way it protects your USB devices. Long story short: viruses and malware require available memory space in order to exist on a USB drive, therefore, if you fill up a USB drive entirely and leave no space whatsoever, then viruses and malware can’t get on no matter what.
So that’s what USB Dummy Protect does. It creates a dummy.file file on your USB device that takes up every last bit of free space. When you want to remove that protection, you just delete the file. Easy. If you tend to transfer files to and from your USB drive frequently, this may not be the most elegant solution, but if you have a USB drive whose contents rarely ever change then this could be fantastic for you.
However, due to the way that FAT file systems are designed, this method will not work if your USB device has more than 4GB of free space (since file sizes in FAT systems have a maximum of 4GB). For NTFS drives, you shouldn’t experience any problems.
USB drive dangers require constant vigilance. You might use the same USB drive for years without a hitch, then one day you could grab a file off of your friend’s computer and end up infecting your home network with something serious. USB security is not often on the minds of computer users, even the tech-savvy ones, but as long as you are aware and take proactive steps against the potential spread of viruses that piggyback on USB devices, you’ll be all right.
If you have any other suggestions for software aimed at USB-related security, please share them with us in the comments.
Image Credits: Virus USB Via Shutterstock, Secure USB Via Shutterstock
The post Why USB Sticks Are Dangerous & How To Protect Yourself appeared first on MakeUseOf.
Don’t feel overwhelmed by passwords, or simply use the same one on every site just so you’ll remember them. Instead design your own password management strategy. MakeUseOf’s Password Management Guide, from author Mohammed Al-Marhoon, outlines tips and tricks you need to know to stay both secure and sane.
We are all overwhelmed by passwords. Everyone has an account for Google, Facebook, Twitter, LinkedIn, Outlook/Hotmail, Dropbox… the list goes on. Unfortunately, most of us use either one password or a group of passwords for all of our major accounts. That’s dangerous.
It doesn’t matter if the individual password is unique, or if it’s a long mix of numbers and letters; if you only use one password it won’t matter. When one account is compromised, all of your accounts will likely follow.
This guide aims to educate you about the importance of proper passwords without overwhelming you. Check it out today and lock down your files properly.
READ or DOWNLOAD The MakeUseOf Password Management Guide
This manual will show you how to:
READ or DOWNLOAD The MakeUseOf Password Management Guide
The post READ or DOWNLOAD The MakeUseOf Password Management Guide appeared first on MakeUseOf.
Mac, iPhone and other Apple ID users can now enable two-step verification on their Apple ID accounts. The security measure was introduced by Apple on Thursday, and the system is virtually identical to that used by online banks and Google, requiring a password and access to a trusted device or failsafe recovery key in order to gain access.
You can opt-in to the new service right now by heading over to the Apple ID management website, logging in, choosing Password & Security and answering two security questions. The option to enable two-step verification is then presented, and warns users that Apple will no longer manually reset Apple ID passwords under the new system.
In order to secure account access, at least one trusted device like an iPhone or iPad, as well as an SMS-enabled mobile number is required. For the moment the service is only available in the US, UK, Australia, New Zealand, and Ireland. The move sees Apple account security moving into line with Google, Facebook, PayPal and Dropbox, to name a few.
The system is fairly straight-forward, and each login attempt also requires a verification code. This removes the reliance on one password alone, and anyone who wants to hack into your account requires access to your trusted device as well as your password. Verification codes are delivered to iPhones and iPads as a system notification which is not visible until the device has been unlocked.
The news come hot on the heels of an iOS update and a brand new security threat reported by The Verge that enables anyone with a user’s Apple ID email address and date of birth to reset the password using a simple URL. Users who have already enabled two-step verification are said to be safe from this latest discovery — yet another reason to enable the security feature as soon as possible.
Have you enabled two-step verification yet? Glad to see the feature, at last?
Source: CNET
The post Apple Introduces Two-Step Verification for Apple IDs, Enable It Now [Updates] appeared first on MakeUseOf.
The hacker group AntiSec recently posted online the details of 1 million Apple iOS Unique Device IDs. They claim this set of IDs is just a fraction of nearly 12 million such IDs they have in their possession and some of the data includes other details like usernames and addresses. Allegedly, the IDs have been stolen from a hacked FBI laptop belonging to a senior agent.
Apparently, the intention of the group was to bring attention to privacy concerns amidst their claims that the FBI is using personal information to track people. The FBI has declined to comment so far. Users can check their device IDs against the ones provided by AntiSec via the download link in their release.
AntiSec announced their “breakthrough” in a tweet…
12,000,000 identified and tracked iOS devices. thanks FBI SSA Christopher Stangl. #AntiSec
— AnonymousIRC (@AnonymousIRC) September 4, 2012
They also posted a more descriptive statement on Pastebin –
During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ”NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.
Source: Mashable
Here’s a fun thing I like to do: buy an old hard drive on eBay, then run recovery software on it. It’s a little data treasure hunt, and you’ll be amazed at what you can find. Even more amazing though are people who don’t even bother to delete data first; they just sell the phone or throw away the machine as is. You might as well put family photos, bank documents and your passport in a box, then leave it outside your house with a giant “steal me” sign on it.
If you don’t want to be one of those thousands of people who fall prey to privacy invasions and identify theft every day, then read on. Here are 3 essential steps to take before getting rid of a device.
Even if you think you’ve copied everything you need, there’s probably something you’ve forgotten – your bookmarks, or application settings, for instance.
The best backup to is therefore a complete disk image of the computer you’ve selling or giving away. Use SuperDuper on a Mac, or read Tina’s excellent tutorial for Windows.
For iOS devices, the computer you’re synced to would have automatically made backups. When you buy a new phone, you can simply restore your applications and purchases. To check if you’ve been backed up, connect the device to iTunes and open it up from the sidebar (you don’t even need it connected if you’re on the same network and latest versions); the Summary tab includes a Backup section as well as the last backup taken.
Android devices vary greatly, but Ice Cream Sandwich version 4 and up automatically back up purchases and settings to your Google Play account. Check if this is working from the Android Devices section of your Google Dashboard. For older devices and the more intrepid hacker types, Titanium Backup (rooted only) is apparently the prefered method.
A lot of people know as much as delete their data first, but many don’t realise that deleted data can still be accessed using recovery software. That’s right, all I need to do is plug your drive into my computer, and click Go: the software will extract everything it can find, combining little bits into images files, documents, and music. You can buy this software for less than $100.
This method of extracting data – even when it’s supposedly been deleted – works because “deleting” data doesn’t actually remove it from the drive – merely, it marks that area of the drive as available for use, and deletes the index of the file. The data itself – the 0s and 1s that make up that file, are still there.
This is where secure deletion comes in, in various levels of complexity. The basic principle is the same though: you need to write over the area of the disk where the file was stored. The most basic method is called “single pass” because it passes over the data and once and writes 0s all over it.
For most situations, a single pass is sufficient, but deeper recovery scans can still identify this data. For very sensitive data, multiple passes are required that not only zero out the data but also write random data over it a number of times. The US Department of Defence standard for securely erasing data specifies a whopping 7 passes; that is well and truly unrecoverable.
So, do you need elaborate and complicated systems to do this kind of secure formatting? Nope.
In OS X, head over to the Disk Utility and select the drive -> Erase tab -> Security Options.
In Windows, you can use the command line DISKPART utility to “clean” a drive, securely formatting it.
Note that in both cases, you cannot securely erase the system drive, because that would be erasing itself; in this case, use a boot disk designed specifically to perform secure erases such as DBAN on PCs, or insert your OS X install CD and boot as if you were going to install a new system – Disk Utility is available from the Tools menu.
For Android devices, securely delete the SD card if you have one using the Windows method described above. Although there is a factory reset method built into Android OS, it is apparently not secure. For devices with a system partition, I suggest first enabling encryption from Settings -> Security -> Encrypt; then doing a factory reset. This is only available on Ice Cream Sandwich and above though, so you’ll need to search for a specific method if you’re running older versions of Android.
For an iOS device, data is automatically encrypted so recovery is incredibly difficult; go to Settings -> General -> Reset -> Erase all content and settings to effectively nuke everything before you sell it.
Depending on who the computer is intended for, reinstalling the OS is basic courtesy. Most brand name PCs and laptops come with restore CDs which will put your PC back to the way it was when you purchased it; use the license key that’s indicated on a sticker on the machine when prompted.
If you don’t have or can’t find these restore CDs, Linux is probably your best option; Ubuntu has a wealth of information out there – including a few of our own guides, which a really nice person would download for the future owners and place on the desktop (hint, hint). You could of course just specify “no operating system supplied”, but some users will have no idea what this means and it may come back to bite you in the form of bad eBay ratings or unwanted phonecalls.
Whatever you do, don’t install something that you don’t have a license for. It could land you both in serious trouble when they take it for repair or phone up Microsoft to get support.
A lot of media comes with DRM nowadays; like iTunes. iTunes allows your own purchases to be downloaded to up to 5 of your devices; these can quickly add up though if you have a Mac, an iPad, iPhone and are regularly upgrading them.
Luckily, there’s a quick an easy way to deauthorize all your currently regisered devices at once – however, you can only do this once per year. To do this from iTunes, click on the iTunes Store from the left hand sidebar; then sign in to your account and view your account details. From there, you can select Manage Devices.
(Oddly, I have 6 devices authroized right now; Apple maintains the maximum is 5, but perhaps this only applies to computers and not mobile devices)
You can also authorize and deauthorize a single machine from the iTunes Store menu on that machine. The iTunes account can only be changed once every 90 days though.
Obviously, iTunes isn’t the only DRMed service out there, so check up on your own services to see if you need to deauthorize anything.
Do you have a checklist of things to do when selling or giving away a device? Let us know in the comments, and we shall be eternally grateful!
Image credit: ShutterStock: Computer Hacker
If you’ve not yet decided to use a password manager for your myriad logins online, it’s time you took a look at one of the best options around: LastPass. Many people are cautious about using a password manager, while others are often just undecided about which services are safe enough to use. LastPass is one of the safest password managers around and it is made especially useful by being available as a plugin for a wide variety of browsers.
Today, we’ll take a detailed look at LastPass for Firefox and how this tool can give you peace of mind in regards to password safety, make your browsing simple and to actually make it easy for you use more complicated passwords. Read on if your online security is ready for an overhaul.
LastPass is available free for most browsers, covering every operating system including smartphones (with LastPass Premium). Get started by installing the LastPass Firefox browser extension, creating a LastPass account and slowly adding all your login information to LastPass with daily usage. It can be used for anything you need to remember a password for, thus eliminating the need to remember it any more. Social networks, online shops, banking passwords and more can all be stored securely within LastPass. You can also store basic information, such as name and address, that often need to be entered into forms online.
There is no button within Firefox to use LastPass. The LastPass extension hides away until needed, only offering its services when it realises you’re on a login page or some other form that needs filling in, such as addresses or credit card information. Then it will pop up at the top of your page and ask you if you’d like to store these details in LastPass or not.
Or, if you have previously stored details, it will offer to automatically fill in the form for you. If you have multiple logins, you’ll be able to pick from a list of stored login details with the username as an indicator of which one to choose.
If you access LastPass via the Firefox Add-ons Manager or the LastPass website, you can tweak your settings further to suit your needs. By logging into the LastPass website, you can also import or export all of your passwords to or from Firefox. In the LastPass website, you can also access your Vault and view any password information you may have forgotten.
If you also use another computer or browser, you can install LastPass for that device or browser too and your details will be synchronised across systems for you. Your local passwords in Firefox can be imported to LastPass and exported back to Firefox at any time as a backup. If you do this, it’s a good idea to ensure Firefox is protected with a strong master password so that you don’t compromise your security this way.
For $12 per year (yes, $1 per month) you can upgrade to LastPass Premium, which allows you to install LastPass on your smartphone and do all sorts of other nifty tricks. Premium users can set up multifactor authentication using a USB key and much more. MakeUseOf often has LastPass Premium available as part of MakeUseOf Rewards and giveaways, so keep an eye out for it!
LastPass encrypts and decrypts your password information locally, so it’s never being transferred in an unencrypted format. LastPass uses SSL and encypts using 256-Bit AES, so the data stored at LastPass is unusable to LastPass staff and anyone snooping on the network while data is transferred.
Because all of your login information is stored in LastPass, you’re logging in with one mouse click rather than typing, which is added protection against Wi-Fi snooping and keystroke logging.
An added benefit of having your passwords stored and recalled for you is that you can choose very strong passwords. LastPass will even offer to generate a very strong random password for you. If you’re using LastPass on all your devices, you’ll never have to remember it anyway, so you can take advantage of this extra security.
The very security-conscious users can set up their LastPass master login information using a USB device, use an on-screen keyboard to avoid keystroke logging, set up one-time master passwords for dubious networks and more.
Rather than sharing passwords with friends via email, you can share them with LastPass.
There are plenty of alternatives to LastPass out there, including creating a good Password Management Strategy, KeePass, Roboform, 1Password, Dashlane, Mitto and Clipperz. Although these have many great features too, thorough comparisons (such as this one by Dave) will often leave LastPass as the clear winner in terms of utility, security and price. It only falls down when considering offline usage, however a Firefox user could backup LastPass to Firefox and ensure everything is available when offline.
LastPass is easy to use, secure and will actually improve your online security by allowing you to set up stronger passwords that you don’t have to recall yourself. LastPass for Firefox is free, so there’s no reason not to give it a go right now!
Our smartphones carry a lot of personal information. All of your text messages, emails, notes, apps, app data, music, pictures, and so much more are all on there. While it’s a very great convenience to have all of these on your phone, it’s also a major security risk if all of this data is easily accessible. The best way to prevent simple unauthorized access is by setting some sort of lock on your phone.
Two popular choices, especially on Android phones, are passwords and pattern locks. However, which one is the most secure to use? In order to answer that, we’ll have to use our brains and some math.
Passwords are a bit harder to use than pattern locks because you actually have to type out your password. They are, however, still plenty easier than some desktop authentication methods available, such as multifactor authentication. But just how safe are they? In order to figure out how safe a method is, you’ll have to look at the number of possibilities.
No method is completely safe if an unauthorized user knows your password or pattern, but if they don’t know, they’ll have to keep guessing. If there are more possibilities, the person will have to make more guesses, which makes it safer and more secure.
For our experiment, we’ll compare 5-character passwords with 5-point patterns. Passwords can contain any character on your keyboard, including a-z, A-Z, 0-9, and all special characters, such as !, @, #, $, and so on. In total, that’s about 90 different possibilities with a US English keyboard. Each character can use all possible entries, so each character can be any of those 90 possibilities. In mathematical permutations, we have to multiply them together.
So for a 90 character password, 90*90*90*90*90=5,904,900,000. That’s almost 6 million different passwords you can make if it’s only 5 characters long! No one will manually try to type in 6 million different passwords in order to guess the right one. Of course, for each additional character in your password, you multiple that number by 90. So upgrading to just a 6 character password gives you 531,441,000,000 possibilities. That’s a lot.
Pattern locks, however, are quite different. Although they look quite confusing and complex, they’re actually not. In order to explain why not, we’ll need to look at the maximum number of permutations. When you first start with your pattern, you have nine points to choose from. This will be our first factor. Let’s take the choice which gives us the most amount of options: the middle point. From here, you can pick any of the eight others as your second point. This will be our second factor. Whatever point you picked will give you the number of available neighboring points. A corner point leaves only two options, while a side point gives you four — the two corners and the adjacent side points.
But lets ignore the fact that you may (or may not) have to pick a neighboring point. If you can go to whichever point you’d like next, you’ll only have seven available options left as you can’t pick a point twice — the reason why each factor’s value is declining. This is our third factor.
The fourth and fifth factors would, ideally, be six and five. Therefore, under ideal conditions, the maximum amount of permutations you can get with a 5-point pattern is 9*8*7*6*5=15,120. Even if you went ahead and used a 6-point pattern, you’d only get a total of 60,480 permutations. Compared to what passwords offer, that’s absolutely nothing.
Admittedly, no one with a reasonable mind will want to manually try out 15,120 different possibilities, but the ratio of permutations of a 5-character password compared to a 5-point pattern is almost 390,536:1. Insane.
Clearly, the obvious choice for staying secure is to use a password instead of the pattern lock.
While the pattern lock may be fun to use, there’s plenty of data on your phone which you don’t want others to have. Now that I’ve done the math myself, I’ll be sure to use a password from now on, as it’s a whopping 390,536 times more secure when comparing 5-character passwords to 5-point patterns, and that number increases when you compare 6 vs. 6, 7 vs. 7, and so on. Additionally, using the pattern lock places some pretty unique smears onto your phone, which other people can look at to narrow down the possible choices for your pattern. Password users are less susceptible to this because it gets blurred with other typing activities such as texting.
Don’t feel too safe however by using the password method. You’ll still want to use a good password in order to stay safe, and only then can you truly use the mathematical advantage over pattern locks. Check out these articles for creating good passwords you can still remember, creating a seriously hard password to break, testing your password for strength, and managing your passwords on your Android device.
Which locking mechanism do you use on your Android device? Does your password’s strength stack up? Let us know in the comments but please don’t share your passwords.
Image Credit: Internet background with binary code via Shutterstock
Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card, but also a PIN, a signature, or an ID. With 1FA becoming increasingly unreliable as a security measure, two-factor authentication is rapidly gaining importance for logging into online accounts.
Per default, almost all online accounts use password authentication, i.e. a one-factor authentication method. The problem with passwords is that they are easily hacked. A further problem is that many users still use one and the same password for all their accounts. While being a bit of a hassle, 2FA significantly increases security by asking for an additional authentication factor, thus making it much harder to hack an account.
As mentioned in the introduction, 2FA is a login method. The two authentication factors can be one of the following:
Everyday examples where 2FA is employed are drawing money from the ATM (card + PIN), paying with a credit card (card + signature OR card + PIN OR card + security code), or entering a foreign country (passport + biometric data).
Imagine someone hacked into your email account. What kind of information would they gain access to?
Here is an idea: user names of other accounts, passwords to other accounts, alternative email addresses, personal data, personal photos, scanned documents, information about your friends, family, and other contacts, credit card numbers, bank account numbers, insurance numbers, anything else?
Would this information potentially help them to hack into some of your other accounts, for example Facebook? And at how many places have you logged in using your Facebook or another social media account?
When you think about it, you will find that most of your online accounts are interlinked. Hacking one of them probably gives a smart person access to several other of your accounts. In other words, if someone manages to hack into one of your key accounts, your identity has practically been stolen and the potential consequences are madness.
Ideally, you should use 2FA for all accounts where you store any type of personal information, as well as accounts that have payment information linked to them. This includes, but is not limited to:
Unfortunately, not all online accounts or services offer 2FA or are clear about it. Often, it’s a matter of poking around their website to find additional security options.
Two key online services that do offer 2FA and for which you should definitely enable it are Facebook (login approvals) and Google (2-step verification). You can read more about their respective 2FA features here:
2FA is an indispensable security measure for your key online accounts, such as email, banking, or social networking. While two-factor authentication doesn’t mean your accounts are immune to attacks, it does make your accounts more resilient as a hacker needs to crack more than a simple password. Whether or not a second authentication factor is worth the hassle depends on the account and what type of information is stored in it.
Where are you using two-factor authentication and do you think it’s worth the hassle?
Additional Reading
How To Create A Security Question That No One Else Can Guess
How To Use Facebook Login Approvals & Code Generator [Android]
Get Secure: 5 Firefox Addons For Serious Password Management
Image credits: Fingerprint via Shutterstock, SIM Card and Lock via Shutterstock, Identity Theft via Shutterstock, Login Windows via Shutterstock
Over the last few years, Microsoft has expanded the Hotmail/Windows Live services to include a dazzling array of browser-based services.
Beyond email and instant messaging, the software giant now provides free, browser-based versions of Office, a cloud service called SkyDrive, a calendar and address book service, and Live Mesh, a system for syncing files between mobile and desktop devices.
With so many features offered for free you might think that this is a pretty good deal – and it is. But what happens to your emails and data when your account is blocked? How might this happen, and is there a way of overcoming it?
There are many ways in which a Windows Live/Hotmail account might become blocked. However, with one exception these are all due to end user misuse, which typically only occurs by ignoring or misreading the terms of use issued by Microsoft when you sign up for an account or start using a new service.
As causes for blocked Hotmail accounts go, there are three common reasons. The first is attempting to play pirated Xbox 360 games on your console. While you might retain any previously acquired DLC, access to the Gamertag and Gamerscore will be blocked, and eventually deleted. Not a great way to end months or years of hardcore gaming!
The second is the storing of material that breaks the terms of use for SkyDrive. Adult photos, for example, are not allowed, while family photos of breast feeding might also be the cause of a blocked account. In addition data that is deemed to be pirated will also lead to a blocked account. As Microsoft employs a scanning system to check for inappropriate usage of SkyDrive, there is little chance that you will get away with misuse for long.
Finally, your account may become blocked if it has been hijacked by scammers. This can happen from time to time, resulting in spam emails being sent from your account.
If your Hotmail or Windows Live account is blocked, the implications of this could be wider than you think. Rather than simply preventing you from accessing your messages (perhaps you might think it is easier to setup a replacement account), a blocked account will also thwart your attempts to use other services that are related to Windows Live.
Some of these include:
Other services such as TechNet and MSDN that have been linked to your Hotmail or Windows Live account would also be blocked.
Furthermore, the new Windows 8 operating system requires a Microsoft account in order for the owner to use some of the cloud features. A blocked Hotmail account – interchangeable with a Windows Live, Xbox Live, Outlook.com and any other Microsoft account – would prevent you from getting the most of the new Windows OS.
Is there a way back from a blocked Hotmail/Windows Live account?
Fortunately, yes there is. It involves jumping through a few hoops and answering your original security question correctly, but once you have successfully done this then Microsoft will restore access to your account and you can carry on using it – legally, and within their terms, of course!
The first thing to do is attempt to restore access to your account by signing in. Here you will find that you have to provide information that can be used to verify your identity. This should be straightforward – your alternative email address might be used, for instance, or you might have to provide the answer to a security question.
If neither of these options is possible (for instance you might have forgotten the question or no longer have access to the old address) then you will need to provide alternative information, such as your credit card number if you use Xbox Live.
Hopefully you should get a favourable resolution, but if you have misused your account, don’t be surprised to find that your data is lost forever…
If your account has been hijacked, it is far easier to get things back on track. Start by attempting to log in to your account. At this stage, a blocked account will be diverted to a new page, headed Your account has been blocked, which basically explains why the account has been blocked and what you will need to do to restore access. Alternatively, if you’ve noticed odd behaviour or can’t sign in because you have suspicions about your account, click the Can’t access your account? option on the login screen and follow the appropriate options. This process begins by Microsoft sending a verification code to your mobile phone or alternative email address.
Once the code is received, enter it in the appropriate space – you will then be asked to reset your password, specifying the old password as you do so.
While email accounts can be hijacked without your knowledge, it is important to take steps to avoid this from happening. Indicating on the Hotmail password reset page that you wish to reset your password every 72 days is a good start, as is providing the name of your Windows PC and your mobile and alternative email address.
As far as blocked Hotmail accounts are concerned, meanwhile, only responsible use of your Windows Live account can prevent it from being disabled. Microsoft’s policy of restoring accounts that have been blocked seems to depend on the provision of accurate data so that the operatives can make a decision about your account. Information can be misinterpreted and security questions and answers can be forgotten, so it is best to avoid any problems here by using your account responsibly.
One last thing – note that if you receive an email informing you that your account has been blocked, you should disregard this as it is more than likely part of a phishing attempt. A link in the email will be provided for you to enter your personal details which can then be used by a criminal to borrow money or buy goods in your name. Should you receive such an email, don’t click any links, delete the message, and then open a new browser window and try to login to Hotmail to check the account status.
Image Credit: Hotmail via Cloudbound, SkyDrive via Cloudbound, Gamer via Shutterstock
Anonymity is a new big kick online. It’s a good thing that a piece of software like CyberGhost VPN exists, as it makes the entire anonymous experience a cinch when using the Internet. If you care about your privacy online, you need this kind of software. If you want to swerve around blocked websites and other filters, you need this. If you do things online that you don’t want being associated with your identity, you definitely need this.
CyberGhost VPN is very simple on the user and flexible in terms of what it’s going to cost you. Along with their free plan, CyberGhost offers Classic, Premium, and Premium Plus packages that scale up in realms of server availability and bandwidth allowance. You can even buy months of prepaid traffic on the side. None of that matters this week though, as we’ll be giving away 25 1-year subscriptions for CyberGhost Premium Plus VPN valued at almost €3,000 (USD $3,700) in total!
1 gigabyte of free traffic is included in CyberGhost’s free VPN plan every month. Additionally, it only connects to free servers, forces a disconnection every 6 hours and has a limited bandwidth of just 2 Mbps. If you’re looking for faster transfer speeds and more traffic allowances, you should consider one of their premium plans.
Where forwarding ports and piping SOCKS proxies through certain applications can seem like a nightmare to your web-surfing laymen, CyberGhost VPN makes it a set-it-and-forget-it type of affair. CyberGhost completely simplifies the entire process of connecting to a virtual private network (VPN) and makes sure that every little byte and packet that you’re sending out to the net is encrypted and anonymous.
The Connect tab, shown in the screenshot above, is the first screen you’ll see when installing and launching the VPN software. It shows you your current IP, connection status, and billing information. It will also show you the remaining traffic you have left available on your subscription plan. By default, clicking the Connect to VPN button will connect you to a recommended server.
The next tab, Server list, shows all available servers that you can connect to. If you’re not interested in having a recommended server automatically suggested for you, you can manually connect to one here. CyberGhost has servers in the US, Germany, Italy, China, Poland, Denmark, and more. Their options are very wide and flexible.
The Server map will allow you to visualize where you are in correlation to the available CyberGhost VPN servers. It’s a neat little feature that doesn’t serve too strong of a purpose, but it’s one I haven’t seen in many other VPN clients. It’s nice to be able to visualize the distance.
When you’re ready to connect to a server, you can go back to the Server list or Connect tabs and click that nice, big button. It will take a moment, and then you’ll see that you are connected.
You’ll notice your IP immediately changes. If you’d like to verify that you’re actually connected to the VPN, go ahead and start up your browser and search up an IP-to-location service. Compare that IP and you’ll see the difference.
I’m not in Brooklyn and that isn’t my ISP. I’m connected to one of CyberGhost’s servers, and the VPN is working just as it should be. All traffic is now anonymous and encrypted.
CyberGhost continues on with more options and configurations though, as you can see by checking the Antispy tab.
Antispy will basically allow you to configure how the CyberGhost VPN network interacts with your local machine, in just about every way. You can click through each header to customize the options for your media, network, browser, and more. This is another example of CyberGhost going above and beyond most other VPN clients.
CyberGhost is one of the best VPN clients that I’ve had my hands on for Windows. These 25 copies of CyberGhost VPN will go fast, so enter the giveaway below while you can! You can purchase your own subscription to CyberGhost VPN by clicking here to get to their official website.
Please fill in the form with your real name and email address so that we can get in touch if you are chosen as a winner.
The giveaway code required to activate the form is available from our Facebook page, Twitter stream and Google+ page.
You’re almost done. Now, all that’s left to do is to share the post!
(Note: no points will be awarded.)
Exchange your MakeUseOf points for an entry into the competition. First, create a MakeUseOf account, earn points and exchange your points for an entry! Learn more about our Game system and Rewards program.
To exchange your points for quick entry, you must be logged in
By participating in this giveaway, you agree to the giveaway rules.
This giveaway begins now and ends Friday, August 24. The winners will be selected at random and informed via email.
Spread the word to your friends and have fun!
Interested in sponsoring a giveaway? We’d love to hear from you. Get in touch with us via the form at the bottom of this page.
In the anonymity of the web, lie all the dangers. Hyperlinks as we all know are the strands that make up the web. But just like the spiders, the digital web can trap the unsuspecting. Even the more knowledgeable among us click on links which are potentially harmful. You really cannot control you clicking, because that’s how the whole business of browsing happens.
What you can control is making sure that the link or webpage you are clicking through to is as safe as a mother’s lap, and not a malware infested demon lying in wait.
My friend Aaron recently told you how to browse safely with your own Internet bodyguard called WOT. I would say it is a must install browser extension. But what are the other secure browsing tools out there? Do click these links that take you to eight ways to ensure that a link is safe.
The Google Safe Browsing Diagnostic tool was released quite a few years back. The advisory tool from Google gives you a detailed report on domains and web links. You can trust Google for its comprehensiveness because its Safe Browsing API is a part of the search engine infrastructure. To use the tool, you have to append the site’s URL at the end of the http://www.google.com/safebrowsing/diagnostic?site=. The report gives you four points of information. Do note that all information available with Google only goes back historically over the last ninety days.
URLVoid is a web reputation scanner that analyzes a website address with multiple reputation engines (around 30) and domains blacklists, such as Google SafeBrowsing, Norton SafeWeb and MyWOT to detect any potentially dangerous website. You have to manually insert a link and scan the domain in question. URLVoid lists the positive or negative detection status against the engines used. You can check the threat log for more details as supplied by each engine.
Unmask Parasites as the name suggests is a simple security tool that scans a site and lets you know if it is carrying spam links, malicious scripts, or redirects. Very often, websites are hijacked and malicious code inserted even without the knowledge of the webmaster. Unmask Parasites downloads the link (webpage) you give it, analyzes its HTML code, especially external links, iframes, and JavaScript’s. Webmasters can do this manually too by looking into their own code, but that’s laborious. UnMask Parasites one-click audit is a speedier check.
For an experienced web surfer, phishing is relatively easy to detect with a glance at the URL. Banks and other sensitive sites also usually implement anti-phishing measures. But even then it pays to be careful. One of the ways is to use the index of blacklisted phishing sites maintained at PhishTank. You can also submit your own suspects to the list. Do remember that PhishTank is not a security tool as such, but more of an informational aid. Founded by OpenDNS, PhishTank is a free service.
Also read:
Dr. Web Anti-Virus Link Checker is a browser add-on for both Chrome and Firefox, and also Opera and IE. It uses the Dr.Web online anti-virus engine to scan a download link for malicious content. It also automatically scans downloaded content and performs an automatic scan on all Facebook, Vk.com, Google+ Social Network links. It works from the right-click context menu of the browser on any link. The scan report tells you if the link if clean or compromised. The service has been there since 2003, and as it is still going strong with constant updates, it says something about its trustworthiness.
I did a review of the Firefox add-on back in 2009 – Dr.Web LinkChecker – Scan Files Before Download (Firefox)
Short URLs are all over the web these days. There is just one problem – you don’t really know what’s hiding behind that almost undecipherable short URL. You can use a short URL expander, but how do you know that the long-form of the URL itself is safe. UnShorten.it combines both functions as it expands the short URL and also sends it through the scanners of WOT (Web of Trust) to give you the trustworthiness scorecard. Paste your short URL and the service returns the direct URL of the destination website, its description, and its WOT ratings along with a thumbnail preview of the target website. Unshorten.it also gives you browser extensions for Chrome and Firefox.
VirusTotal give you two tools – an upload tool with which you can scan suspicious files, and a link scanner for verifying a site before you click through to it. VirusTotal also uses a series of anti-virus engines, website scanners, file and URL analysis tools that analyze the link and give you a detailed report – for instance, some engines will display additional information explicitly stating whether a given URL belongs to a particular botnet. These tools are updated every 15 minutes.
Some people have objections against the Comodo firewall for its seeming complexity. No such complaints exist for the Comodo Site Inspector…it is as simple as they come. The online scanner is a free malware and vulnerability detector which you can use to check out a single URL or webmasters can use to set up recurring, daily checks on any 3 pages of a domain. The check takes a little amount of time because apparently Comodo downloads all specified pages and runs them in a sandboxed browser environment.
These eight URL scanners represent a small but important number of link checkers which can form another barrier of safety. I have avoided browser toolbars because quite a few of our readers have been allergic to them, and personally I am too. We have a whole archive of posts on security tips when it comes to safer browsing. Here are samples of a few:
Which is your preferred URL scanner? Do you really on common sense, a browser based tool, or your own anti-virus for protection from unsafe links?
Imagine this – you wake up one beautiful morning, pour yourself a cup of coffee, and then sit down at your computer to get started with your work for the day. Before you actually get stuff done, you go over to your favorite browser and type in http://www.makeuseof.com. Within seconds, you’re looking at our website and all of our latest posts.
But hold on, how the heck did your computer even know where to find MakeUseOf? How does it even know what http://www.makeuseof.com even means? It finds out by using a core technology which exists throughout the Internet called DNS, or Domain Name System.
DNS is a backbone component of the Internet which helps in name resolution. In layman’s terms, DNS helps turn a web address, also known as a URL, like http://www.makeuseof.com into an actual location, called an IP address. IP addresses are in the form xxx.xxx.xxx.xxx, where all the x’s are a bunch of different numbers. Your computer knows how to reach those IP addresses, but it doesn’t directly know what to make out of URLs, which were created to make it easier to remember websites. DNS servers are there to help with this so that we can browse without having to think about what’s actually happening.
The thing is, there isn’t a single, central DNS server which everyone has to access in order to resolve a URL. There are many, many different DNS servers in the world, which can be found at places such as your ISP or third-party services such as OpenDNS. In fact, you’re most likely using your ISP’s DNS servers right now if you haven’t changed any of your computer’s or router’s settings. Although you’d like to trust your ISP, their servers are most likely simple. Simple in that they literally only resolve URLs, and nothing more. They usually don’t focus on increasing security, because these servers can be at risk of cyber attacks as well.
When a DNS server is attacked, there’s a few different things that could happen. First, the server could just simply crash or otherwise go offline, so you won’t be able to browse around as you would normally do until your ISP fixes the issue. Second, the attacker could change DNS records on the server, and point certain URLs to false lookalike pages. This is an especially dangerous attack because phishing attacks are usually recognizable by a weird URL, but with a tainted DNS server, the URL will appear exactly what it should be, but you’d still be on the false page.
Therefore, the best safety practice is to switch to a more secure DNS server which is better supported. There’s a good number of DNS services you can choose from, but there are two I highly recommend. If you want a no-gimmick DNS experience that you can trust, you should try Google’s Public DNS servers. These are run by the search giant itself and are highly maintained, so you won’t have to worry about any issues or attacks. For a more feature-rich DNS experience, I’d recommend OpenDNS, which has special options to prevent certain types of attacks and even includes a customizable web filter.
Once you’ve settled on the DNS server you’d like to switch to, you’ll need to change your system’s settings in order to use them. The methods of changing these settings vary greatly depending on the operating system.
Issues that can exist with DNS servers are a bigger issue than a lot of people think, because rarely anyone ever talks about them and mentions switching to different ones. Plus it’s a “confusing” backbone component of the Internet, which makes people even more reluctant to talk about it. Consider switching as a precaution so you know you’ll be safe.
Which DNS server(s) are you using? What made you choose it over other options? Let us know in the comments!
Image Credits: Xeni Jardin, Katy Levinson
Bitdefender Sphere 2013 is total protection for all the devices in your household. Instead of purchasing a different security product for Windows, Mac, and Android – and managing individual licenses – you can buy Bitdefender Sphere 2013 for $99.95 and install the included products on an unlimited number of devices.
Bitdefender Sphere 2013 also includes a MyBitdefender account. MyBitdefender is an online dashboard where you can remotely manage your devices, track them with anti-theft features, securely store files, and use parental controls to keep track of your kids’ online activities.
This week we’re giving away 25 one-year subscriptions of Bitdefender Sphere, worth a total of $2500! Plus, we’ve also got a $300 ASUS netboook up for grabs! Read on to find out more.
Bitdefender Sphere 2013 includes Bitdefender Total Security 2013 for Windows PCs and Bitdefender Antivirus for Macs. Bitdefender Total Security 2013 offers everything you’d expect from a security product – and more. If you don’t want to worry about the individual features, you don’t have to – the Autopilot option is on by default and it will select the best settings for you.
Bitdefender Total Security 2013 includes:
This is the same Bitdefender Total Security that we recently gave away – if you’d like a more in-depth look at Bitdefender Total Security 2013, check out our Bitdefender Total Security 2013 review.
Bitdefender Sphere also includes Bitdefender Mobile Security & Antivirus for Android smartphones and tablets. Bitdefender Mobile Security includes a variety of features:
This is the same Bitdefender Mobile Security & Antivirus that we recently gave away – check out our review for a more in-depth look at all its features.
MyBitdefender is a web-based security dashboard that bring together all the devices you use Bitdefender Sphere with in one place.
MyBitdefender’s features include:
Bitdefender offers a free trial version of Bitdefender Sphere – just open the Bitdefender Sphere page and click the “Try it FREE” link in the sidebar. The trial gives you 30 days of Bitdefender Sphere and its associated applications.
Want more than 30 days of Bitdefender Sphere2013 ? You’re in luck – this week we’re giving away 25 one-year subscriptions of Bitdefender Sphere 2013 worth a total of $2500!
Lastly, we’re also giving away an ASUS 1025C-MU17-WT 10.1-Inch EeePC Netbook valued at $300!
This beauty is fitted with:
So, would you like to win it? Everything you need to be in the running is right below!
Please fill in the form with your real name and email address so that we can get in touch if you are chosen as a winner.
You’re almost done. Now, all that’s left to do is to share the post!
(Note: no points will be awarded.)
Tweet to enter the competition. Each tweet constitutes a single entry. You may submit multiple entries but the tweets must be unique (cannot be identical). Each tweet must contain a mention to @bitdefender and @makeuseof. Competition open to participants in the United States, United Kingdom, India, Canada and Australia only.
(Note: no points will be awarded.)
By participating in this giveaway, you agree to the giveaway rules.
This giveaway begins now and ends Friday, August 17th. The winners will be selected at random and informed via email.
Spread the word to your friends and have fun!
Interested in sponsoring a giveaway? We’d love to hear from you. Get in touch with us via the form at the bottom of this page.
The Internet is often thought to be a place of great information, and because of this, our guard can be easily let down assuming that all places are safe. Although it is true that the Internet is an excellent place for information and researching, not all places can be trusted. All kinds of threats are possible online – viruses and malware, phishing, scams, unsatisfactory shopping experiences and untrustworthy content.
These are growing rapidly throughout the Internet. We’ve all heard stories about someone, maybe even yourself, who visited a website without realizing beforehand what it was and having something downloaded onto your computer without your permission. Thankfully, there is a tool to help guide you a little safer around about the Internet. That tool is called Web of Trust, otherwise abbreviated as WOT.
Based out of Finland, Web of Trust has been helping people have the best online experience possible since 2006. And due to being downloaded over 30 million times during the spring of 2012, it has become the leader of the safe browsing tools on the Internet.
It works by allowing users to rate their experience in four different categories: trustworthiness, vendor reliability, privacy and child safety. It then calculates the reputation for the rated websites and displays them through a traffic-light style rating system which is displayed next to links in search results, social networks, webmail and several popular websites. Like you might assume, a green sign indicates the site is trustworthy and safe, yellow represents caution and red tells the user that the site may be dangerous.
WOT is available for all the popular browsers: Firefox, Chrome, Internet Explorer, Safari and Opera. If one of these listed isn’t the one you have, you can also use the WOT bookmarklet, which has all the same features as the browser extension. Most of all Web of Trust is free.
To download WOT, head over to mywot.com, click on the download tab and choose the appropriate one for your browser. Again, there is also a bookmarklet available as well. Once you’ve downloaded it, you’ll be asked to give it permission to your data on all websites, and your tabs and browsing activity. Click “Add” to continue. Once you do, a tab will automatically open displaying a message for the initial settings.
One thing that is great about WOT is the colorblind feature. You can learn more about it by clicking “What is this?” next to the option. After you have chosen your setting and clicked “Finish,” there will be a settings page where you can adjust WOT. The first page, which you’ll automatically be on, is a guide. I recommend quickly walking through this. It can be quite beneficial and give you a good idea how WOT works.
There is a row of tabs at the top of the page. Once you’ve finished the guide, become familiar with each of the options that WOT has. Typically this is a one time set up and you shouldn’t have to go back in and change anything, unless you want to later on. You’ll be able to access this page again any time by going to the extension’s options.
Under “Ratings” you have the option to choose any or all of the additional ratings. They’re all selected by default, which shouldn’t be changed unless you for sure know you won’t need one, like “Child Safety” for example.
Next there’s “Warnings.” The options here depend entirely on how sensitive that you want WOT to be. I recommend starting out with “Normal” and then going back and changing it depending on your own personal experiences.
Each website has its own scorecard too. On this, the ratings are displayed, as well as site information and comments by other WOT users.
After “Warnings” there’s “Searching.” By default, all the websites listed are selected, but you can uncheck any of them if you want. You also have the option of only showing negative ratings. This is nice because although WOT is great, a bunch of green circles all over the page are often annoying, especially on social networks and webmail.
Below is an example of how WOT might look in your search results.
Then there is the “Popup” page which allows you to toggle the popup feature of WOT.
Lastly, there’s the “Advanced” page where you are given the options to enable a color-blind accessible version and also set it to automatically log in.
Setting up an account is the next step. Of course, you can use WOT without registering, but it becomes more useful to you if you do. For example, if you’re logged in, it will remember your previous ratings of sites. To register, click the extension to display the dropdown menu. At the bottom right corner, you’ll see “Register”. Click on that and follow the steps.
Once you have an account, you can also connect WOT to Facebook. This means that you’ll always be logged into WOT as long as you’re logged into Facebook – and who isn’t always logged into Facebook?!
The photo above is an example of what a rating on Facebook would look like and how the popup is displayed if the circle next to the link is clicked.
Another reason to register with WOT is to have the ability to leave comments about a particular site. This may not directly impact you, but it does help other WOT users and without people who did this, there wouldn’t even be a WOT community, and without a community, WOT wouldn’t be anything at all. So each person and rating is essential to the accuracy and usability of WOT.
There you have it – your online bodyguard, ready to serve you. One thing I do want to acknowledge that is important to remember is that Web of Trust doesn’t replace logic. You shouldn’t ever rely completely on a program for your security and privacy. Just like you shouldn’t rely on antivirus software to prevent infections, you shouldn’t rely on WOT to prevent clicking on “bad” links. Your own discretion is your ultimate Internet bodyguard, WOT is just a nice, reliable sidekick to have along.
Are you a current user or a newcomer to WOT? If you’re a current user, how has WOT changed your browsing experience? If you are just finding out about WOT, what about it attracts you the most?
It seems like all the apps we use on our computers are migrating to the cloud these days. Email, chatting, editing documents and pictures – increasingly, we’re using cloud-based solutions for almost everything.. There are even cloud-based antivirus solutions that run in your browser. Online antiviruses can be useful, but they’re no replacement for an installed antivirus program – antivirus is one area browser-based apps just don’t cut it.
Nevertheless, cloud-based antivirus applications offer a number of benefits and can be very useful for quickly scanning a PC for malware. Just don’t make them your only form of protection!
When you use a cloud-based antivirus, you navigate to the antivirus’s web page – for example, ESET Online Scanner or Bitdefender QuickScan – and click the Scan button on the webpage. The antivirus will download to your computer and run. In some cases, the scanner may use ActiveX (for Internet Explorer) or Java to run in your browser after a confirmation message.
In other cases, such as with the ESET Online Scanner, you may be prompted to download an application and run it on your computer. Bitdefender QuickScan installs a browser extension.
After you launch the cloud-based antivirus, it will scan your system for potential threats and alert you to them. Depending on the cloud-based antivirus, it may not remove viruses it finds, or it may only perform a quick scan for viruses and other malware, not an in-depth one.
Browser-based antivirus programs have actually been around for a long time – you might remember Trend Micro’s HouseCall, which used ActiveX and only supported Internet Explorer.
All online antiviruses have one significant limitation – they can’t run in the background. The importance of background scanning cannot be overstated, and is the reason why antiviruses like ClamWin just don’t cut it. An antivirus that runs in the background scans every program before it runs. While no antivirus is 100% successful, this on-access scanning should ideally prevent viruses from running in the first place.
If you’re using a cloud antivirus instead of an antivirus installed on your system, the malware will execute and run on your system. In the time between when the malware starts running and when you scan with your online antivirus, the malware can sit in the background, steal your credit card numbers and other important data from you, and send it to unscrupulous people over the Internet.
It can also download new pieces of malware from the Internet, cramming your memory full of malicious software. Once a virus is installed, it’s also harder to remove and can potentially disguise itself from antivirus applications.
Some people think they don’t need antiviruses because they’re careful online – the truth is that, while being careful online does help a lot, antivirus applications are an important layer of security. You could be compromised by loading a webpage in a fully-patched browser with fully-patched plugins if your browser or the Flash plugin has a zero-day vulnerability that isn’t patched yet. In other words, you can become infected through no fault of your own.
You shouldn’t let this stop you from exploring the web, as it is very rare, but this shows that antivirus applications play an important role, even for the most careful of web users.
Some online antiviruses don’t even perform the functions you might expect from an antivirus. For example, ESET Online Scanner can scan your entire system for malware and quarantine it. However, Bitdefender QuickScan just scans your system’s startup files and memory for viruses – it doesn’t look for dormant viruses hiding elsewhere on your system. If Bitdefender QuickScan finds a virus, it won’t remove it for you – it will recommend you download a full Bitdefender product to remove the virus.
Nevertheless, online antiviruses offer some important benefits:
There’s good news: You don’t have to spend any money to have a high-quality antivirus running on your system. There are quite a few great antivirus applications you can download for free. Popular ones include Microsoft Security Essentials, avast!, and AVG.
Check out a full list of the free antivirus software we recommend on our best Windows software page.
Image Credit: Cloud computing via Shutterstock
Cloud storage services like Dropbox, Google Drive, and SkyDrive are slick and easy-to-use, but security is always a concern. If someone gained access to your account, they could view all your files. Encrypting your files protects them from prying eyes – if your account gets hacked or one of the service’s nosy employees snoops around, they won’t be able to view your files without your encryption password. Encryption can be hard to use, but BoxCryptor makes it easy.
BoxCryptor is a convenient encryption solution for any cloud storage service, and it runs on Windows, Mac, and Linux. BoxCryptor also offers Android and iOS apps, so you can easily access your encrypted files on-the-go.
Interested? Good news, this week we’re giving away 25 copies of BoxCryptor’s Unlimited Business edition – that’s $2500 worth of software licenses! Better yet, everyone can download BoxCryptor and get most of its features for free — read on to learn more!
When you install BoxCryptor, the wizard will walk you through creating a new BoxCryptor folder in your cloud storage folder (for example, your Dropbox folder) and selecting a drive letter for your virtual BoxCryptor drive.
To add a file to your encrypted cloud storage, place the file inside the special BoxCryptor drive. You can also access the encrypted files you’ve stored in the cloud here. Using BoxCryptor is that simple! BoxCryptor takes care of the encryption dirty work so you don’t have to think about it. The encryption and decryption all takes place on your computer – your encryption password is never sent over the network.
BoxCryptor stores the encrypted versions of the files in the BoxCryptor.bc folder you created. You don’t need to worry about this part – Dropbox, Google Drive, SkyDrive (or any other cloud storage service you use) will sync the encrypted versions of the files. Only people with your password can access the files.
You’ll probably want to create a backup of your BoxCryptor configuration file, though – if you lose your configuration file or your password, you’ll lose access to all your encrypted files.
Cloud storage allows you to access your files from anywhere with mobile apps. However, if you encrypt files, you’ll need to use BoxCryptor to decrypt and view them. This is where BoxCryptor’s mobile app for Android and iOS comes in. It supports Dropbox, Google Drive, and Microsoft SkyDrive — just fire up the mobile app and select the service you use. You can even have the mobile app connect to a WebDAV share or load encrypted files off an SD card.
After authenticating, you can navigate to your BoxCryptor folder and decrypt it with your password. You’ll be able to view the decrypted versions of your encrypted files on the go. You can upload files to your encrypted storage from here, too. The encryption and decryption take place directly on your device – your password is never sent over the network.
You can also set a PIN to prevent people from accessing the app and your files if your phone is stolen.
Good news: All the features mentioned above are completely free to everyone. You can encrypt an unlimited number of files (or as much as your cloud storage service can hold) and access them from all your devices.
The Unlimited version of BoxCryptor we’re giving away also offers some additional features:
If you’re interested in the Unlimited Business version, be sure to enter our giveaway this week – we’re giving away 25 BoxCryptor Unlimited Business licenses worth a total of $2500!
It’s simple, just follow the instructions. Please note that we’ve included a new entry method which utilises your MakeUseOf points.
Please fill in the form with your real name and email address so that we can get in touch if you are chosen as a winner. Click here if you can’t view the form.
The giveaway code required to activate the form is available from our Facebook page, our Twitter stream and Google+ page.
You’re almost done. Now, all that’s left to do is to share the post!
(Note: no points will be awarded.)
If you don’t have a Facebook, Twitter or Google+ account, you may exchange your MakeUseOf points for an entry into the competition. It’s really simple: create a MakeUseOf account, earn points and exchange your points for an entry! Learn more about our Game system and Rewards program.
To exchange your points for quick entry, you must be logged in
By participating in this giveaway, you agree to the giveaway rules.
This giveaway begins now and ends Friday, August 10th. The winners will be selected at random and informed via email.
Spread the word to your friends and have fun!
Interested in sponsoring a giveaway? We’d love to hear from you. Get in touch with us via the form at the bottom of this page.
Malware that attempts to part victims from their money is nothing new. Some viruses attempt to discover credit card information that can then be used or sold. Other threats look to steal passwords to important accounts. And phishing, which isn’t a virus at all, tries to trick users into providing login information to a fake website.
All of these tactics are behind the scenes, however. The victim doesn’t know when they work well. There is another threat, called ransomware, that attempts to leverage the authority of some well-known organization to extract money directly from victims. Here’s how it works and what you can do to avoid it.
The concept behind ransomware is simple. When the virus infects a computer it prevents the user from opening any programs or accessing any important system functions.
The simpliest examples of this threat will only over-ride the normal Windows shell. It may even modify the master boot record, which will send the user directly to a payment screen every time they attempt to boot their computer. All the user’s files are intact but they cannot be accessed through the operating system because of modifications to the interface.
Other threats will take matters a step further by encrypting files on the victim’s hard drive. This makes them unreadable even if the victim attempts to extract them from another, uninfected computer. Files that are encrypted are often effectively destroyed, since they cannot be read. This is yet another reason to use a backup solution.
If you’ve ever watched a Mafia movie before – or perhaps a few episodes of the Sopranos – you’re probably familiar with extortion. A mob boss wants to have a building torn down so he can build a new strip club, so he suggests that bad things might happen to the building’s owners if they don’t sell. Bad stuff can happen to good people, you know?
Some of the more recent examples of ransomware have begun to use extortion as an element. Instead of making criminal threats, however, they make reference to legitimate organizations such as law enforcement.
One recent virus, called FBI Moneypak, informs victims that they have been found guilty of copyright violations and therefore need to pay a fine of $100 in order to unlock their computer. A similar virus has targeted citizens of the United Kingdom since 2011. It claims that the Metropolitan Police have connected the victim’s computer with child pornography and other crimes and the victim must pay 100 pounds to unlock their computer.
Some other recent viruses use established movie and music trade organizations instead of law enforcement and claim that the victim must pay to avoid further prosecution for copyright infringement. In all cases, posing as an authority gives the virus extra leverage because victims fear they will receive jail time or be sued if they don’t pay.
The people who want to take your money via a virus aren’t dumb. They’re always coming up with new and inventive tricks, the most of recent of which is the clever use of phone charges.
Ransomware that makes money in this way won’t ask you to input payment information on your computer. Instead, you’ll be asked to call or text a certain number. In today’s wireless world many people forget that long distance calls still exist and can become extremely expensive.
A virus rolled out in 2011 used this trick. It claimed the victim’s version of Windows had to be re-activated and provided a long-distance phone number. When a victim called, they were placed on hold to rack up charges.
Don’t assume that a message is legitimate just because it asks you to make a call or send a text message. You can be sometimes charged ludicrous sums for these every-day actions if you contact the wrong number.
There are no special steps that must be taken to avoid this threat. It is different from other viruses because of its payload (the damage it causes to your computer) instead of the way it spreads. You should protect your computer by installing an anti-virus and firewall. You should also become familiar with best security practices such as avoiding malicious websites and email attachments.
If you are in doubt about a message that appears on your computer, leave your computer and look for information on another PC. Never use a computer that you think has been infected by ransomware to find additional information about a virus. It’s not difficult for a virus to re-direct your web searches.
Remember, no law enforcement agency or company will take your computer hostage, so it’s safe to assume any message asking that you pay to unlock your computer is the result of a virus. Even Microsoft will not lock your computer if you do not pay for the operating system.
Ransomware does not always unlock a system once the ransom is paid. You also have no way of knowing if the infection has been entirely removed. Recovering your system from backup may work. If it does not, you should re-format your drive and re-install your operating system.
Image Credit: Mike Renlund, Christian V, 401(k)
"Tell the chef, the beer is on me."
"Basically the price of a night on the town!"
"I'd love to help kickstart continued development! And 0 EUR/month really does make fiscal sense too... maybe I'll even get a shirt?" (there will be limited edition shirts for two and other goodies for each supporter as soon as we sold the 200)