Category Archives: General

Stop trying already!

Meanies! Why don’t I just replace the wp-admin URL with a fake honeypot?

I’m designing a travel & landscape photography website as my personal Instagram replacement. Coming soon…

Password Security and Digital Spring Cleaning

It’s not Spring yet, but it’s sunny outside.  With recent hacking attempts going on I’ve decided to tighten up my digital security. How am I doing this?

  1. Instead of using the same password for multiple websites, randomly generate passwords then store them in a password manager. This way, if one site gets hacked, attackers will not be able to use that login and password to access other sites.
  2. Delete accounts on websites I’m no longer using, or scramble the email, password, and all personal data so that all the information is fake. This is not recommended if you used that site for shopping, as saved invoices will still contain your real info.
  3. Activate two-factor authentication for important websites.

Step 1. Use a password manager. Is there a risk of putting all your passwords in one basket? Absolutely! There could be a keylogger on your computer (in which case it doesn’t matter anyway). Your password file might be lost to a hard drive crash — so you should probably backup the list to a cloud service of some sort.

Here are a few password managers I’ve personally used:

  • KeePass is 100% free and open source, though its usability and browser integration is not as good as the others. KeePass stores its data in a single file which can be backed up in any major cloud provider. It’s free so there is really no excuse.
  • If you use OS X, 1Password is an excellent tool. I previously used 1Password when I was in an Apple environment, however their Windows version doesn’t compare. Also, they only support DropBox as a cloud backup.
  • Safeincloud has excellent cross-platform support at a reasonable price. I previously used their Android app and it was well designed. However their browser integration on Windows wasn’t as good as 1Password and LastPass — both of which automatically detected changed passwords.
  • LastPass, which I currently use, syncs passwords onto their own server. You can also make local encrypted backups using their Pocket application. Their cross-platform compatibility is excellent, and they have a “Security Challenge” which advises you to change your duplicate and weak passwords. The downside? Many features require a Premium account at $12/year.

If you end up using an online service like LastPass or store your encrypted passwords on cloud services like Dropbox, OneDrive, or Google Drive, hackers could possibly go after those files. But they probably won’t succeed — because there are easier targets. Large companies who have a reputation to maintain spend more money on security and intrusion detection then that online forum you signed up for. Or that ebook you bought from somebody’s WordPress site that hasn’t been updated in over a year and is spitting out security errors (that actually happened.)

It’s much easier for hackers to go after a small site, and use the email logins and passwords to go after more important sites. So using your password manager, view your websites with duplicate passwords and generate new random passwords for them. These random passwords will generally be over 12 characters and have upper and lowercase letters, numbers, and symbols to minimize the success of brute-force attacks.

lastpass_dashboard

LastPass has an interesting “Security Challenge” feature which ranks your security and advises you to change all your weak passwords. These were my results when I first started, it’s much better now.

 

Step 2. Delete useless accounts. Remember that account you signed up for in 2005 for some crappy contest? No you don’t. You probably don’t even use it anymore. So delete it. Log in to that account, go to their account settings, and delete it.

What if you can’t? If there’s no way to delete the account, you can make the information useless. This is only recommended for sites that you haven’t put in personal information like address or credit cards — as generally those would have invoices and previous order data which can’t be deleted. To render an account useless:

  1. Change your name on that account to something completely random. Change your gender, birthdate, and any other information too.
  2. Change your password to something completely random (but put it in a temporary text file because you might need it for step 3).
  3. Change your email address to a temporary, disposable email such as:
    1. www.getairmail.com
    2. www.10minutemail.com
  4. Once you’ve successfully completed these steps, delete your temporary text file. You’re never logging into those sites again, because they have nothing useful there anyway.

Step 3. Safeguard important accounts using two-factor authentication. What’s the use of creating new passwords for all your websites, if someone gets into your email and resets your passwords? Therefore, you must protect your email accounts using two-factor authentication, which requires you to enter a generated code everytime you log on. This generated code is from an application you install on your mobile phone.

For more information on this, check the help section on your Google Gmail or Microsoft Outlook account (some other email providers which offer this as well.) Also check out what happens if you lose your phone — ensure you have a backup method for regaining access to your email. There are other services besides email which use two-factor authentication — generally financial sites — consider enabling those as well.

Depending on how many logins you have, it make take quite some time to update them all. You don’t have to do it all at once — a few websites a day will help your security over time.

Gluten-free Tortilla Pizza

pizza

I’m currently running an experiment where I’m reducing the amount of carbohydrates I normally eat, and eliminating gluten from my diet. The big problem: pizza. One of my favorite foods, it has all the major food groups: cheese, meats, vegetables, and well…wheat bread. While I could start going for thin-crust instead, I felt that I could do better. Although Domino’s does have gluten-free crust available, it only comes in 10-inch sizes, and there is a $3 surcharge, so it’s not something I choose very often.

My original plan was to follow a recipe for gluten-free pizza crust found on a pancake mix box. You would think it would turn out soggy and “pancake-like” but as long as you spread the batter very thin, it’s acceptable.”Acceptable” isn’t good enough!

Randomly digging through stuff in the refrigerator, I found a solution which tastes surprisingly good.

Corn tortilla pizza!

Ingredients:

  • Corn tortillas
  • Tomato sauce (about 2 tablespoons or more per tortilla)
  • Shredded mozzarella cheese
  • Pepperoni (or other meats / vegetables)
  • Italian seasoning

pizza1

1. Put the corn tortillas in the oven* under high heat. Leave them there until they are slightly crispy. If a uncooked tortilla was 0% and a crispy tostada was 100%, cook it to 75%. In my experience this took about 5 minutes, but it varies depending on your oven. *A convection or toaster oven is recommended as the top part of the tortilla will need to cook as well as the lower part.

I'd personally cook a little longer than this, but it turned out fine

I’d personally cook a little longer than this, but it turned out fine

2. Spread tomato sauce, sprinkle cheese, and add meat or vegetables.

pizza3

3. Place again into oven until cheese has melted. In my experience this took 4 minutes, but it can vary.

4. Remove from oven, sprinkle seasoning.

5. Eat!

Redbox Has Major Quality Control Problems

First of all, I love the concept of Redbox. After a busy day, you can visit a kiosk outside a grocery store or other retail establishment–which you would already visit anyway for other things–and pick up a movie or game rental for prices cheaper than your movie theater or buying a used game online. However, there is a huge problem with this, which has unfortunately hit me twice in a row while trying to rent Xbox 360 games, the most recent being this afternoon.

The first time I rented a game, I received a photocopy of a bar code on a piece of paper. The second time, I received a Blu-ray instead of a Xbox 360 game. (Redbox customer service confirmed that somebody transferred the bar code to a different disc). As I said, this has happened to me twice, and appears to be a problem while renting video games. A newly released video game is around $60, and new DVD’s are $20 or less. Obviously, there’s more of an incentive for fraud.

black_ops_2

Does this LOOK like Black Ops 2 to you? How can Redbox be so stupid? Being put on hold wasn’t exactly my idea of Saturday night entertainment 🙂

Nope, this is NOT Tomb Raider for Xbox 360. I don't know what kind of movie Prometheus is but I don't own a Blu-ray player so I'll never know.

Nope, this is NOT Tomb Raider for Xbox 360. I don’t know what kind of movie Prometheus is but I don’t own a Blu-ray player so I’ll never know.

In order to get any sort of satisfaction, you have to call the Redbox customer service line, get put on hold, then return the game. They’ll offer you some free rental codes for your trouble (or claim they will, I’ve only received them the first time), but if you’re going to rent another game there’s no guarantee you’ll end up with the same problem again.

In case anybody from Redbox stumbles upon this post, here are some free suggestions. I won’t even charge you a consulting fee 🙂

  1. RFID tags embedded into the DVD itself during its manufacture – cannot be photocopied or removed without destroying the disk
  2. Built-in DVD reader inside the Kiosk – read a file (or sector) from the disc every time a disc is returned, if the data doesn’t match the previously read values it’s either scratched or fake

Time is valuable, and I could have been playing exciting new games instead of dealing with customer service and ranting online. I guess I’ll have to read a book instead :O