Sunday, October 15, 2017

What is a security hash?

When machines exchange passwords across the network or the Internet there are three basic ways the password could be sent. The first way is that it sends the password to the server in plain text form. This way should never be used for a password as a person who picks up the signal across the network can easily read the password. The second way is by sending encrypted communications. This means that what ever is sent is basically scrambled using some format and at the other end the information is unscrambled. This makes it harder for the password to be stolen while being sent but knowing the method used to encrypt the communications, the password and message can be decrypted and read. This is basically a good method and most often used and works fine as long as the code to do the scrambling or encrypting is long enough. The third way is by using a hash. This is not something that we eat. This is taking the encryption to a new level. Your credit cards that use the chip on them use a hashing method. With the hashing method the password is not actually sent (either encrypted or decrypted. The sending device used a method and key to create a hash of the password which is then sent. The hash creates a whole new code and even knowing what code and method was used to create the hash will not allow you to decode the hash and create the password (with encryption you could do this). The receiving machine knows how the hash was created and either creates a hash from the password on file (or better yet created a hash when you set up password an never kept the password) and then the receiving machine compares the hash sent to the hash it has or just created and sees if matched (similar to just sending passwords). Now there is a special code (the hash) that is created each time and compared and no way to recreate the original password (it is theorically possible but such complex math and so much work involved it would take way to long (years) to do and not worth it) You really do not need to understand how hashing works but you want to know when passwords for credit and debit cards and financial information are sent across the network that they use hashing which is a very strong security. However keep in mind the bad hackers, etc. are always trying to find ways to beat the system so constant improvements must be made by the good security people. Send me your questions about computers to me at the paper or to my e-mail dwight@dwightwatt.com and tell me you read this in this paper. I will pick a question to answer each week. Dwight Watt does computer work for businesses, individuals and organizations and teaches about computers at a college in nw Georgia. His webpage is www.dwightwatt.com His e-mail address is dwight@dwightwatt.com

Saturday, January 7, 2017

Intelligence and election fraud

We have seen in the last month charges of election fraud and reports that the government intelligence agencies have determined that the Russians were hacking things related to our electoral system. President Obama has declared that the intelligence agencies have determined it did occur and that we are going to strike back which would be a form of cyber warfare. Let’s pause and think back. For 15 years now we have been told that Bush led us wrongly into the war in Iraq because of the claim that the government intelligence agencies lied to Bush (and Clinton before him) that Iraq had weapons of mass destruction. Reports have said the stories of yellow cake in Nigeria were wrong. Obama and others have repetitively said that we should never have trusted the intelligence agencies For years anytime any bills are considered in state legislatures to combat election fraud the loud response we hear is there has only been a few isolated instances of election fraud and that laws such as securing the registration process and cleaning the voter rolls are not needed. Now consider what Obama has just told us. Government intelligence has assured him that the Russian government hacked the DNC and Hillary's campaign and that we must attack them back to prevent this from happening again. Secondly he tells us this is election fraud and we are hearing lots of people claiming the election was stolen and should be voided or changed because of this. Think about this carefully. The same agencies that supposedly lied and provided the information that Bush used to put us in Iraq war, and which information we assume Hillary used in voting for us to go to that war. Now Obama says he has seen information and will attack Russia (without Congress authorization) in cyber warfare. We have seen some stories say not an intelligence heads were on board with the Russian government charge. In addition, now we will go to cyber-war over election fraud led by the party that has told us again and again that there is no election fraud and that we do not need to do anything about it. Before we attack Russia in cyber warfare we need to consider all this more closely and whether the hacking occurred from Russia (either from there or China or a former Soviet satellite is a statistical strong possibility) and whether it was the government (under orders from Putin they claim) or was it some non-government group. We need to work to make our elections not have fraud. The voting machines are not connected to the Internet so they cannot be hacked during voting. They could have stuff planted in the software but we need to make sure it is all secure. An attack on Russia could be much more deadly for us than Iraq was. We know Russia has nuclear weapons

Do I have a Yahoo account?

This fall Yahoo has announced two data breaches with 500 million and a billion accounts stolen. There are a large number of people hacking in various business, government and individual accounts all the time. There is no way to have a server connected to the Internet that is completed protected from breaches. You can make it securer and the data securer but you cannot stop a break-in from possibly happening. In addition, the more you make your material available to people the more openings to break in. So be assured there are break-ins and attempted break-ins of all systems all the time. Think of t like a store. If you allow people to touch merchandise, then shoplifting will occur. You may have accounts at yahoo that may have been stolen and not realize it. The media has played it up like it was email accounts stolen, but yahoo is lots more than that. Any account at Yahoo is in the breaches. Accounts that may have been stolen (Yahoo has not been clear yet) include Yahoo email accounts, email accounts that Yahoo administers, Flickr (Yahoo’s photo service), their fantasy sports programs, their blogging service Yahoo Groups and others. Email accounts run or administered by Yahoo include most of the former Bell telephone accounts like AT and T, BellSouth and others. When you go in your email look at the top and see if says powered by Yahoo. If so it is probably in breach. Google also administers accounts for others and Microsoft does so also. A lot of college email accounts are administered by Microsoft. What should you do if think you have a Yahoo account? Change the password on the account. If you have other accounts that use the same password and username change their passwords. I would encourage you to use different passwords everywhere. Easy way to do that is use something about site in the password (but not just that). CNN was saying to delete your old emails but that makes no sense. If they were stolen they already have them so doing does not stop them.

Strange election

It is a strange race. Everyone seems voting against not for someone. Republicans say how horrible Clinton is and democrats say how horrible trump is. And then you hear lots of Democrats saying Clinton not liberal enough and lots of republicans saying trump not conservative enough. And trust of both candidates really low.