Sunday, October 15, 2017

What is a security hash?

When machines exchange passwords across the network or the Internet there are three basic ways the password could be sent. The first way is that it sends the password to the server in plain text form. This way should never be used for a password as a person who picks up the signal across the network can easily read the password. The second way is by sending encrypted communications. This means that what ever is sent is basically scrambled using some format and at the other end the information is unscrambled. This makes it harder for the password to be stolen while being sent but knowing the method used to encrypt the communications, the password and message can be decrypted and read. This is basically a good method and most often used and works fine as long as the code to do the scrambling or encrypting is long enough. The third way is by using a hash. This is not something that we eat. This is taking the encryption to a new level. Your credit cards that use the chip on them use a hashing method. With the hashing method the password is not actually sent (either encrypted or decrypted. The sending device used a method and key to create a hash of the password which is then sent. The hash creates a whole new code and even knowing what code and method was used to create the hash will not allow you to decode the hash and create the password (with encryption you could do this). The receiving machine knows how the hash was created and either creates a hash from the password on file (or better yet created a hash when you set up password an never kept the password) and then the receiving machine compares the hash sent to the hash it has or just created and sees if matched (similar to just sending passwords). Now there is a special code (the hash) that is created each time and compared and no way to recreate the original password (it is theorically possible but such complex math and so much work involved it would take way to long (years) to do and not worth it) You really do not need to understand how hashing works but you want to know when passwords for credit and debit cards and financial information are sent across the network that they use hashing which is a very strong security. However keep in mind the bad hackers, etc. are always trying to find ways to beat the system so constant improvements must be made by the good security people. Send me your questions about computers to me at the paper or to my e-mail dwight@dwightwatt.com and tell me you read this in this paper. I will pick a question to answer each week. Dwight Watt does computer work for businesses, individuals and organizations and teaches about computers at a college in nw Georgia. His webpage is www.dwightwatt.com His e-mail address is dwight@dwightwatt.com

Saturday, January 7, 2017

Intelligence and election fraud

We have seen in the last month charges of election fraud and reports that the government intelligence agencies have determined that the Russians were hacking things related to our electoral system. President Obama has declared that the intelligence agencies have determined it did occur and that we are going to strike back which would be a form of cyber warfare. Let’s pause and think back. For 15 years now we have been told that Bush led us wrongly into the war in Iraq because of the claim that the government intelligence agencies lied to Bush (and Clinton before him) that Iraq had weapons of mass destruction. Reports have said the stories of yellow cake in Nigeria were wrong. Obama and others have repetitively said that we should never have trusted the intelligence agencies For years anytime any bills are considered in state legislatures to combat election fraud the loud response we hear is there has only been a few isolated instances of election fraud and that laws such as securing the registration process and cleaning the voter rolls are not needed. Now consider what Obama has just told us. Government intelligence has assured him that the Russian government hacked the DNC and Hillary's campaign and that we must attack them back to prevent this from happening again. Secondly he tells us this is election fraud and we are hearing lots of people claiming the election was stolen and should be voided or changed because of this. Think about this carefully. The same agencies that supposedly lied and provided the information that Bush used to put us in Iraq war, and which information we assume Hillary used in voting for us to go to that war. Now Obama says he has seen information and will attack Russia (without Congress authorization) in cyber warfare. We have seen some stories say not an intelligence heads were on board with the Russian government charge. In addition, now we will go to cyber-war over election fraud led by the party that has told us again and again that there is no election fraud and that we do not need to do anything about it. Before we attack Russia in cyber warfare we need to consider all this more closely and whether the hacking occurred from Russia (either from there or China or a former Soviet satellite is a statistical strong possibility) and whether it was the government (under orders from Putin they claim) or was it some non-government group. We need to work to make our elections not have fraud. The voting machines are not connected to the Internet so they cannot be hacked during voting. They could have stuff planted in the software but we need to make sure it is all secure. An attack on Russia could be much more deadly for us than Iraq was. We know Russia has nuclear weapons

Do I have a Yahoo account?

This fall Yahoo has announced two data breaches with 500 million and a billion accounts stolen. There are a large number of people hacking in various business, government and individual accounts all the time. There is no way to have a server connected to the Internet that is completed protected from breaches. You can make it securer and the data securer but you cannot stop a break-in from possibly happening. In addition, the more you make your material available to people the more openings to break in. So be assured there are break-ins and attempted break-ins of all systems all the time. Think of t like a store. If you allow people to touch merchandise, then shoplifting will occur. You may have accounts at yahoo that may have been stolen and not realize it. The media has played it up like it was email accounts stolen, but yahoo is lots more than that. Any account at Yahoo is in the breaches. Accounts that may have been stolen (Yahoo has not been clear yet) include Yahoo email accounts, email accounts that Yahoo administers, Flickr (Yahoo’s photo service), their fantasy sports programs, their blogging service Yahoo Groups and others. Email accounts run or administered by Yahoo include most of the former Bell telephone accounts like AT and T, BellSouth and others. When you go in your email look at the top and see if says powered by Yahoo. If so it is probably in breach. Google also administers accounts for others and Microsoft does so also. A lot of college email accounts are administered by Microsoft. What should you do if think you have a Yahoo account? Change the password on the account. If you have other accounts that use the same password and username change their passwords. I would encourage you to use different passwords everywhere. Easy way to do that is use something about site in the password (but not just that). CNN was saying to delete your old emails but that makes no sense. If they were stolen they already have them so doing does not stop them.

Strange election

It is a strange race. Everyone seems voting against not for someone. Republicans say how horrible Clinton is and democrats say how horrible trump is. And then you hear lots of Democrats saying Clinton not liberal enough and lots of republicans saying trump not conservative enough. And trust of both candidates really low.

Sunday, November 6, 2016

The election

We have watched a wild election for the USA presidency this year from the primaries to the final election day next Wednesday. Candidates have run campaigns in ways that always have been said to not work but won primaries. Both final candidates have a large dis-like number Everyone who is a USA citizen needs to vote. You can early vote in most states (37 is last count I saw on states with early voting). Whether you like either of the two major candidates or like just one or dislike both or do not like any of the major 2 and the Libertarian and Green, you need to vote. It may be choosing the best or choosing the least of the worst, but vote. I voted Friday in early voting Friday. If you vote (no matter how) you can complain about what the person elected does for next four years. If you do not vote you chose to not participate and you can't complain until after 2020 (which will be the year we all have perfect vision in selecting a president and everything else). All this campaign cycle we have heard Hillary would win the primaries and the general election in a landslide. Of course we hear the same thing 8 years ago until someone named Obama appeared. We have also heard the whole time that Trump had absolutely no chance and would lose substantially in primaries and lose election in landslide. Sanders challenged Hillary thru the primaries and was in that much later than expected (he was predicted to be gone after 2 or 3 primaries). Since winning nominations the claims have been Hillary will have biggest landslide in popular vote ever over Trump and he has stayed close all the way to now. Things to consider about 2016. First Trump and Sanders ran sas outsiders. Brexit was essentially same issues in Great Britain and was expected to fail all the way and in the end it passes to surprise of establishment and polls. I suspect there is a lot of information being given wrong or not given to pollsters and the polls here may be off as there. Polls show close but could turnout a rout by one of them. The fallout on both sides (mud is flying thick) with emails continuing and sex tapes, etc. In addition the independent conservative (never Trump movement) and the libertarian may win electoral votes. What will be the outcome at the end of November 8, 2016, who knows. It may be weeks until settled and even possibly go to House. Remember Electoral College electors are only pledged and can change their votes. One did in a Nixon election. The important part is that your vote is in there too.

What program stops ransom ware?

I just learned about this program this week after helping a business who was hit by ransom ware. Unfortunately they lost all their Word documents and picture files but some other critical information survived. My hope is a way will be found to break the encryption key and get the rest back. Traditionally there has not been programs to stop ransom ware. There have been a few techniques to slow down at firewall or catch time bomb versions with anti-malware such as anti-virus programs. However there is now at least one program out there that claims will stop ransom ware, Malwarebytes which has been a leading anti-virus program for a long time has come out with an anti-ransom software program (my only problem with it is that the free version requires people to run a manual scan regularly, which most people will forget) I do not know if this works as I do not have ransom ware to try against it but some leading publications have tested it and claim it catches 98% of ransom ware. The program is still beta software (although up to version 0.9.xxx currently which means the ninth version of beta) which means they are still testing it and not gotten to the first release they see as fully reliable. However some software tends now to stay in beat phase. Google kept the term on Gmail as beta software for a extra long time as it became very popular to let people know it is continually improving. Malwarebytes anti-ransom ware is available at https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware-beta/ the link to the program is on that page. If you decide to search via Google or another search engine make sure you spell malwarebytes.org correctly or you may instead get ransom ware appearing as the program. I have it running on my computer and a couple others and will see what happens. Since malwarebytes has found a way to prevent I assume other anti-virus companies will come out with soon similar products and some build in the anti-virus program as when anti-spyware programs appeared. However even if you have this or another program be careful clicking on links in emails and in ads as remember the ratings are only 95% effective and not 100% and you don’t want to be in the 5%. Dwight

Daisy National BB Gun Match

During the 4th of July weekend I participated in my 23rd Daisy National BB Gun Championship Match (DNBBGCM) or at least by my count. The match was previously known as the International BB Gun Championship Match (IBBGCM) and used to also be sponsored by the US Jaycees. Back in 1987 I think I was asked at a Swainsboro Jaycees meeting if I would go to the shooting education class that week to help watch the kids 8-15 years old learning about gun safety. There were about 60 kids in the program. I went and helped and continued going and doing whatever. We picked seven children to go to the state Jaycee BB match and it was a fun but hot day and we made it through the match. In about two years I was at another state match (and we had started also shooting in the 4-H matches) and the state program manger came up and asked me to be state program manger in 1991-92. It was a state level Jaycee office. I took the position and highly promoted the program all year and traveled to many towns, wrote newsletters at least once a month, gave out coffee mugs and helped start programs. I was chosen as state program manager of the year by the US Jaycees and was selected as a national representative for the program with the US Jaycees. Ten of us served the first year and I traveled to about 5 states promoting shooting education. My emphasis had become the education apart of the program to make kids gun safe and I encouraged everyone no matter their views on guns to train their kids as they will encounter guns and I was hoping we prevent accidents. Of course until I get to heaven I will not know how many children’s lives were saved. The next year I kept my position but there were only 5 reps and I traveled from Florida to Pennsylvania to North Dakota to California and in between. The following year I was one of 3 representatives and did more traveling and promoted each year also at the US Jaycees convention. I also got to attend some neat state matches in West Virginia, the Dakotas and run the state Jaycees match in Georgia. In the process the NRA trained and certified me as a home firearms instructor. I also remained active in the Swainsboro program and helped coach several teams to the IBBGCM in Bowling Green Kentucky. In the early 1980s I also created a Lotus 1-2-3 program that scored the match and gave the rankings in all the categories we gave metals in which made the record keeping easier faster and more reliable and much quicker to be ready for the closing awards ceremony. The last few years we have now move to electronic scoring of targets by scanning them which is more consistent in scoring that Orion supplies us with. I then was aging out of Jaycees and changed jobs and did not do anything in the program for about 3 years. Then in 1999 I read the match was coming to Atlanta and I called John Ford at Daisy to offer my assistance in February and quickly realized they had a location and 400 kids plus families coming and nothing else done. I heard train whistles blowing each day talking to John and I volunteered (may have been in Army way) to head it. I got a crew of leaders in the Georgia Jaycees together and we pulled off the match successfully with less than 5 months planning. I am still proud of that whole team and also John for all the work they did. The rest of my leadership team had never been to match and most had never shot a gun and we had air rifle also, so it was interesting teaching and doing all the skills to do this big production. We made $12,000 I think which we gave to several charities the Georgia Jaycees sponsor, but were scared we would lose money all the way to the match. We put two of the match committee in each motel room to safe money and a couple slept in hospitality suite. Georgia was then awarded the match in 2000 and the same team planned it but we now had experience and 12 months to prepare. I dropped to co-chair and Larry MacQuirter who had been treasurer moved to co-chair with me and we did a successful match again at the Olympic shooting sports site from 1996. In 1999 as the match got close I realized everyday as I went home and listened to answering machine that people were calling with same questions from all over the country and I started a web site just for the FAQ to cut calls I had to make each evening. At the end of the match in 2000 Daisy asked me to keep doing the site and they would take me to the match each year as pay. I had started adding pictures and more stuff (since Larry was co-chair I had a little more time to take pictures) and added stuff. The site is http://www.dnbbgcm.com/ I have now been doing the website for 18 years and continuously make better. This year I took 1376 pictures at the match. Since about 2006 my intention is to get a picture of every child shooting and to take pictures of all the events. For the new teams it gives them a chance to realize how the range is (we used to shoot outside on a football field to today we shoot in a convention center in air conditioned comfort and don't worry about heat, wind and rain), and how opening ceremony is (lots like an Olympic ceremony) and what a barter bar is. For the teams that attended a chance to remember memories and also get pictures of them shooting. I served as treasurer of the match in Atlanta in 2002 with Larry as chair. In 2002 the match was in Colorado Springs at the Olympic training site which was really neat but they are not set up for that large of event. Since it was in Wilmington NC, Bowling Green Kentucky and for the last 6 years or so it has been in Rogers Arkansas the home of Daisy. 2016 was the 50th annual match and we had some really neat celebrations. The match is growing and adds things each year. We had BB church this year for the first time. I would encourage you to support your local gun safety programs for children. They are sponsored by a number of organizations. 4-H is the most popular, but the Jaycees, Lions, Royal Rangers, Boy Scouts and others also sponsor programs. Dwight