Oh, boy. It seems like there’s some new information leak every day, and there’s probably even more than you or I realize. But this one is a big deal. Equifax, being such an important company to the structure of credit in the modern world, is privy to all kinds of personal information. This includes address, date of birth, Social Security number, tax ID, credit card numbers, etc. The works. And all of this data was leaked for 143 million Americans. What does this mean for you? It means that anyone can buy this information about you and use it to open up accounts in your name or take loans with zero intent of paying them off. This can and will destroy your credit. We at BendyComputers would always recommend that you have a high credit score, as it is not only necessary but imperative when it comes to important aspects of life such as renting an apartment, buying a car, or financing a home, just to name a few. One way you can go about protecting yourself is via freezing your credit, but this has its downsides, too. You can read more about that in your spare time.

Okay, but how did this happen? Well, it would appear that a high-ranking executive in charge of the databases used to secure all of your personal information used the default login credentials rather than changing them to something more secure. That’s right, the hacker merely had to be on the same network as the database and type in “admin” “admin” for the username and password and POOF! Everyone’s valuable information at his fingertips. Perhaps Equifax should have read my post on Password Security!

You may hate your chip card.  Constant confusion over chip or swipe.  Card read errors.  Longer authorization times.  But trust me, it’s worth it.  Chip cards are not as easily skimmed or cloned as magstripe cards.  You can buy a magstripe reader and blanks for less than $50 on ebay.  Chips can’t be cloned as easily, since the data on the card is better encrypted, and some of it changes with each transaction, rendering any potential clone useless.  In addition, the liability changes with the use of the magstripe when the card is also equipped with a chip, but the chip is not used.

After Oct. 1, 2015, in-store counterfeit fraud liability shifted to the party who had not adopted chip technology.  So it you use one of those phone card reader dongles, you need to have both magtripe and chip versions, and use the magstripe version only as a last resort.

 

Let’s say you want to make a website.  Here are a few things you should know / look for when getting hosting and a domain.

•  cPanel.  cPanel is an web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site.  This makes it easy to setup WordPress or any other content management suite.
• Who-is privacy.  When you register a domain, you must provide personal information such as your name, address, and phone number.  Unless you buy who-is privacy, people can look up your who-is record and spam you.
• A good price in exchange for a one year fully paid up front contract can save you big time.  You may be able to pay less than $50 for the whole first year!
• Unlimited storage and bandwidth.  You should get these in case your website becomes huge and needs it.

Bendy Computers is here to walk you through this process at a fair price, from finding the right service provider, to helping with web design.

Everyone’s heard that they need more RAM in their computer. “It’ll help things run faster!”, “Chrome tabs eat the stuff for breakfast….”, “Dedotated WAM”, whatever it is, you’ve heard it too. But you might not know what it is. Here’s a crash course on RAM.

RAM, or Random Access Memory, is a form of high-speed storage that your computer needs in order to process tasks quickly. When you open a Chrome tab, for example, a basic version of that page goes to RAM so that system resources can access it in quick succession. RAM has two main advantages over other types of storage that make it capable of running such demanding tasks at high speeds; it is wired to connect directly to the CPU, and it uses a simple and fast technology to store data. The latter point has an imaginary asterisk next to it because there are faster types of RAM than your desktop RAM, but you likely won’t run into this, so we can ignore the asterisk and move onto that technology in question. The chips you see on your DIMM actually hold the information, and each bit of information gets its own capacitor and transistor. That’s it. This simplicity lends itself to high speed and high density, which is what you want in a consumer computer. High speed is achieved by sending electrical signals billions of times per second (most DDR3 RAM operates between 1333MHz and 2133MHz, but DDR4 can reach speeds of over 3200MHz)*. Uh oh, asterisk time. [*As the frequency of the RAM increases, so does CAS latency. This largely negates the high speeds, but some chips can maintain high speed and low latency.] That ties in nicely to the connection with the CPU. When your CPU is performing 3.5 billion operations per second and your RAM is getting up there in speed as well, your entire computer runs more seamlessly. Tasks are able to be completed fasted due to this direct link, whereas they would take longer if there were some intermediary between the RAM and the CPU.

Odds are, you do actually need more RAM. If your computer seems sluggish, this is a great way to give it some more life. Don’t let the most simple of upgrades hold you back!

You’ve probably heard a bit about encryption on the news; ISIS is using it to thwart international governments’ attempts to shut down their communication network, the NSA is breaking it to spy on you and me, all that kind of shifty-sounding junk. That may leave some of you with the impression that encryption is a tool for malicious entities to use and exploit. Yes, they do use it and exploit it, but the purposes of encryption as a whole are very positive. Don’t let one bad apple spoil the bunch.

Encryption is a vital technology when it comes to security on the web. Every time you buy something on Amazon or ebay, your credit card information and address are encrypted so that nobody can just pop in, grab your information, and deplete your bank account. If you want to register for classes at college, your traffic is encrypted so that there’s a smaller chance of data corruption and you don’t end up registering for Art 101 instead of Thermodynamics. Emails between you and your boss are encrypted for the sake of confidentiality. Encryption is a tool of security. It just so happens that some terrorist organizations are also reaping the benefits of this technology. As much as we despise terrorist organizations, their operation remaining intact is a ringing endorsement for the security benefits of encryption. And, yeah, the NSA is building in backdoors so that they can bypass encryption on your devices, but there are ways around that.

Encryption is the way you should be keeping yourself safe. If you aren’t concerned about encryption, pay a visit to DEF CON one year with an unprotected device and see what happens….

I touched on deep packet inspection in my post about VPNs, but I never really went into the details of it because it’s not something you or I will have to worry about in the foreseeable future (hopefully things stay that way). It’s mostly used by authoritarian governments (think China from here on out) to keep an eye on their citizens. If someone were to use a VPN to bypass a firewall or location-locked content, DPI would see this, deny the web service, and tell the government to “pay a visit” to the user.

But how does it work? A packet is a piece of information that contains data about your current internet usage. It contains the web data that you are passing between you and the server, a source and destination IP address, a source and destination MAC address, and a whole bunch of other stuff that doesn’t matter in terms of this explanation. All of this is packed up layer by layer (imagine an envelope inside another envelope inside another envelope and so on) into what we call a packet, which is passed over the web. The Great Firewall will see these packets and take a look at the destination MAC address; if it’s not approved, it gets rejected. This is where a VPN works; it disguises the destination MAC address so that the Great Firewall will let it by. The government caught onto this and has started implementing DPI. They look through all the layers and see what the web data is so that it can’t be disguised. Imagine they receive an envelope and open it. It contains another one. Previously, they would put this envelope back in and let it through. With DPI, they tear into the second one. Which contains a third one, which they open. This goes on until they see unapproved web traffic, they get angry, they throw the VPN user in jail or worse.

The way around this? Disguise your VPN traffic. The current solution is to use stunnel, but they’ll catch onto that soon enough, and someone will find another way to get around.

So you read my last post on safe passwords and now you want to be even more secure. How do you do that? The easiest way (which just so happens to be the solution that most of the tech world uses nowadays) is multi-factor authentication. This is an idea that allows you to combine different types of login credentials so that you and only you can log into your accounts.

Multi-factor authentication largely depends on the existing password infrastructure. You have a password, you put it in, the website counts that as the first factor. Then, it’s up to the web developers as to what other kinds of factors they use. Some could use fingerprint or iris scans, others might send a one-time password to your phone, and others might require a second password, but this is less secure. The point is that if some malicious entity has your login credentials, they can only get so far. They can put in your username and password, but when they have to check your phone for the one-time password, they’re out of luck. Let’s say, hypothetically, that they do have your phone and put in the one-time password. They’re prompted for your fingerprint and are foiled. Your data is behind many walls. You’re safe.

This can use as many steps as you or the developer chooses. The most common today is two-factor authentication, but places that require more security can use four, five, or even six layers of this. It works because it assumes that even if the hacker or thief has all of the information that they think they need, there’s something along the chain that they’re missing. Of course, if they have your unconscious body and can use your fingerprint they can get in, but I think you have other things to worry about at that point.

With the internet as big as it is, there are quite a few bad fish in the sea. They’re out to take advantage of anyone they can, and that may be you. How can you mitigate this? One of the easiest ways to protect yourself and your online presence is to keep your passwords diverse, complicated, and secure.

By having a different password for each site you use, you eliminate the vulnerability that exists in having one password for everything. Although you may be able to keep it in your head and never written down anywhere, the websites you log into have a database of logins – and yours is in there. If one of your favorite websites were to be hacked, your password would be out there. The hackers can then make educated guesses as to other sites you might log into, put in a similar or identical username, and try your password. By using a different password for every login, you ensure that they can’t access anything else.

A complicated password is also critical for your security. pass1234 is easy for hackers to crack. FJ#82_9’2;@6f.W//`dv” is not easy for hackers to crack. It would take thousands of years for a decently powerful computer to brute force its way through that password. And if you’ve followed my advice to diversify your passwords, you’ll have a bunch of different complex strings of characters, symbols, and numbers that no computer or human can crack. If there’s anyone out there who’s really dedicated to hacking specifically you, they’re going to have a hell of a time.

Okay you’re secure, but how are you supposed to remember all these passwords? Well, there’s a few methods. The most secure would be to remember them all, but that’d be near impossible. You could be like my mom and write them all down in a notebook, but that can be lost, stolen, or forgotten on a road trip. How could she check Facebook if her password is at home? The method that I recommend is that you find yourself a secure password management service. Do your research; make sure they’re using the latest encryption techniques and haven’t had security breaches in the past. Some even come with nifty features like sharing, autofill, and cross-device compatibility.

Stay safe, people. Protect your  online presence with the best passwords you can.