Skip to content

Computer Security 101 - Part 6 - User Permissions

I skipped ahead in Part 2 of my Computer Security 101 entries to cover passwords, or rather passphrases, despite it falling out of line with an outside-in approach to security. Entering into the actual desktop arena, I am going to skip ahead of a few items to cover the important field of User Permissions.

Assuming you have followed the best practices I have outlined previously in parts 1 thru 5, in order to gain access to a desktop a malicious person would need to either bypass your firewall, hack your wireless, plug a hard-line into your network or be sitting directly at a workstation. From there they would then need to begin cracking the various passphrases on your computer or network to do any major damage. While these are all possibilities, they fall in the realm of highly improbable; again, assuming you have followed the prior posted best practices. Instead the real threat comes from you: the user.

I'm not referring to malicious users, but rather the unintentional threats presented by your own daily activities, curiosity and, to a lesser extent, lack of knowledge. It is here that the greatest potential for attack on a computer system lies. It is here that most breaches in a system occur. Here be users.

Continue reading "Computer Security 101 - Part 6 - User Permissions"

Tutorial and Other Updates

As promised, I have finished up the Omnidirectional Tactile Whisker Sensor tutorial. Complete instructions are available in the tutorial section (linked in the main bar above). I think when all is said and done, each sensor comes out to a price of about $0.75 (yes, 75 cents) or less. I have made about a half dozen of these Whisker Sensors thus far and each has come out working quite well with little to no problems. The intention is to post this tutorial up on the Society of Robots website as well. Good stuffs all around.

Speaking of the Society of Robots (linked in the side bar over there <-- ), the website received much love in the July/August edition of Robot magazine. To be honest, it is about time the website got this attention, as there is so much information available at the Society of Robots for every level of roboticist. It really deserves a full featured article, or at the very least an interview with founder John Palmisano. Congratulations SoR! Well deserved.

I am also in the process of updating my Science Scout badges page to include my latest badge, as well as updating all the image links to the new Science Scout page. Even if you have no interest in sciencey stuff, I do recommend reading the badge page. It is quite the humorous compilation, if I do say so myself. It is linked off my About Me page (main bar above) or directly by clicking here.

The last update here is that I am hoping to have the next in my series on Computer Security up before end of week, where I will be covering User Permissions. Stay tuned...

Dead Power Supply

Following a loud pop that caused my heart to stop for a moment, my computer power supply decided to head on to greener pastures. Being who I am, I figured I would rip it apart to see the reparability of it all, thinking it was likely a blown capacitor or transformer. Capacitors that make that exploding sound usually show some outward sign of such action, where as transformers are generally more subtle. Worth a shot at the very least, right?

With no signs of capacitor damage and 16 transformers soldered into the circuitry, it was apparently a waste of my time. I suppose I could have started desoldering parts to test them individually, but even were I successful in locating the culprit (and hopefully the root cause); I would have to locate some oddball replacement component. Hardly worth the time for all of that.

Instead of jumping through all the self-repair hoops, I looked online for an aftermarket replacement... with no luck. It would seem this is a proprietary power supply specific to this model of Dell. And that just sucks. The good news is that everyone and their brother seem to carry this power supply as a refurbished unit, including Dell. That meant two things to me: first, this particular type of failure is likely a common problem with this power supply, and second, they are likely replacing the bad component with a better one. That last part is just a guess, but makes sense when you have a common source of failure.

Anyway, the moral of this story is that I am without my main computer until sometime Friday when my replacement power supply arrives. The big problem is that my life is on that computer, including all the pictures and notes for this here blog thingy of mine. I do have backups (and the hard drives are obviously still OK), but with under a weeks wait for repair time it hardly seems worth the effort to build out a computer just to restore a few files for a couple of days use. At least that is my thought.

While we wait for a real blog entry from yours truly, you can just sit back, relax, and enjoy the music. What? You can't hear that music? Sorry, the voices must be singing again. They really are getting pretty good you know. Just skip that last part about enjoying the music. I'll get something more entertaining up as soon as I can. Until then... Ciao.

Pull And Pray Is Not The Way

Oh my dear God. I found this article on birth-control from over at LICD Webcomic who got it from one of his readers, and I am just shocked. It seems every time I think there might be a glimmer of hope for the scientific community, they throw a curve ball over to the stands.

Seeing as I know (thanks to Google analytics) that most of my readers won't bother to click the above link, I will say that the article is about medical doctors wanting the withdrawal method, better known as the pull and pray method to be considered a viable form of contraceptive. And by "viable", I mean one in which the doctors should be discussing as a possible contraceptive method between partners. I will give them one tiny mark for admitting it is not a full-proof method, but just to acknowledge it is ludicrous to begin with. You know it, I know it, but apparently some doctors don't know it.

So how on Earth did they decide it should be a viable method of contraceptive? The answer is statistics. Many people have been using the pull-and-pray method with some success, which makes it statistically viable according to the doctor in the article. But what they never seem to teach in school is that statistics lie. Statistics are biased and opinionated and they, well, they lie. Except for the statistical correlation between the decline in Pirates and global warming. That one is truthful.

In order to see just how bad statistics can lie let's take a look at two examples of other methods of birth-control that should be thrown on the table from a statistical point of view. The first is an old wives tale that you hear from time to time and which has even made it into various movies: You can't get pregnant if you are a virgin. I will bet my life's savings that if you were to do a study on the number of teens who have practiced this method of birth-control, there would be less than a 50% conception rate. Probably somewhere below 20%. I can make that statement because of the next method of birth-control that should receive equal time with the withdrawal method.

The Just Have Sex Method of birth-control. Poll any couple who has tried to have a baby as to the frequency of their "unprotected" sexual activity prior to conception and you will be seeing averages of 30-60 days. Even on the low end of that, 30 days of "unprotected" sex, assuming an average of once per day, means that the couple had sex 31 times with one instance resulting in conception. That is a 96.7% effective rate for just having sex as a viable form of contraceptive. That's almost the level of condoms for FSMs sake. Statistically speaking of course.

Not buying it? Well, let's look at the facts then. The average menstrual cycle of a woman is 28 days. Of those 28 days, ovulation occurs around day 14, which is when the egg comes flying down the fallopian tube (the process starts around day 12). The egg is viable for about 2 days after that, meaning it can be fertilized by a sperm. Looking at the statistics for this, and being generous by allowing for 3 days of actual conception, we can see that for 89.3% of the days in a menstrual cycle conception is not going to happen.

"But Andrew," you say, "the most fertile period of a woman is from 5 days before to 2 days after ovulation. Wikipedia told me so." And you would be right. The reason for this is that sperm can actual survive inside a woman for 5-6 days or so. Meaning they can be waiting for the ovum like well trained Ninja, ready to strike at first sight. One would think that this would increase the odds of conception to something higher than 11%, right? Wrong.

Sperm are not well trained Ninja. At best they are undertrained Ninja. And Ninja are weak when compared with Pirates. Instead of swimming up to wait for the ovum to arrive, sperm, in their Ninja fashion, wander around aimlessly without a well thought out plan of attack. Most actually drip out of the woman after sexual intercourse is complete (hence the need for towels). The rest crash into each other, try to swim through the walls of the uterus, and general look like the three stooges. Basically, Ninja-like. This behavior greatly reduces the chance of conception overall.

Some do get lucky, however. This is why the human race has not died off, and the reason that there is a slight chance of conception. It is also the reason it is still called the "miracle" of life. This leads me to my last point regarding the so called withdrawal method of contraception.

When a man is sexually excited, even before intercourse, small amounts of semen are released from the penis. This helps in providing lubrication during intercourse. This semen contains viable sperm. It is just as likely that one of these viable sperm, released prior to ejaculation, could blunder upon the ovum and result in conception. Notice this little part: released prior to ejaculation. Meaning before the pull-and-pray method has even had a chance to take place.

If you put all of this together, you will see that the withdrawal method has roughly the same chances of conception (or prevention) as sleeping with only virginal women and just going for it (or the anti-withdrawal method). Stealing from my Pastafarian brothers and the Prophet Bobby Henderson, if you are going to teach the withdrawal method as a viable form of contraception, the other two methods listed here should receive equal time. Either that or some doctors need to go back to school to learn about reproduction and statistics. Thank You.

Computer Security 101 - Parts 1 thru 5 - FAQ

Using the outside-in approach to computer security, we are now at a point to begin covering the actual computer systems. Before we get to that, I thought it prudent to put up a simple FAQ covering the common questions and/or concerns from parts 1 thru five 5. Well, really 2 thru 5, seeing as part 1 was the introduction.

This FAQ mostly covers home network security and does not replace reading the actual articles in this series, or getting help from a professional if you are completely inept in the field of computers.

1. Why are passwords important?
Passwords provide a means of proving your identity to a computer system. Without having this method of identification, everyone could pretend to be anyone they wished and the world would quickly fall into chaos, until someone finally pretended to be the guy with permissions to launch nuclear missiles; at which point the world would just end. This is all very bad.

2. How do passwords help protect me?
As mentioned in item 1, passwords provide a means of identifying you as you, rather than someone pretending to be you. Secondly, passwords are used in some systems to encrypt data so that if someone were to look at a file without the password it would appear as gibberish.

3. What is a complex password?
While the exact measurement of a complex password is system specific, the general rule requires that a password contain at least eight (8) total characters. Of those eight characters at least one must be an uppercase letter, at least one must be a lowercase letter, and one must be a number or other non-alphabetical character. This is the base guidelines, and to be honest are quite antiquated. Realistically, a password should contain at least 13 characters, with the other rules staying the same.

4. How often should I change my password?
Passwords should be changed at least once every three months, depending on what the password is for. Passwords used for more sensitive information should be changed more often than passwords used for nonsense; as an example the password to your online bank account should be changed at least once every two months, while the password for your Netflix account would not be as critical and could be changed every three months (unless you save credit card information in your Netflix account at which time it becomes more critical). Your passwords should also be changed anytime you suspect any of your accounts to have been hacked or your computer becomes infected with a virus/spyware (once the virus has been completely removed).

5. Can I write down my passwords?
Do you leave the keys to your car dangling from the door handle in the bad section of town? That was a rhetorical question. The answer is NO.

6. How do you expect me to remember all these complex passwords that change so often?
I don't. I expect you to use passphrases instead.

7. What is a passphrase?
Passphrases are sentences, phrases, exclamations or questions that are used in place of complex passwords. Passphrases are easier to make complex and are generally much easier to remember. "My6catsareallSiamese!" Often passphrases can include spaces, making them even easier to type. "My 6 cats are all Siamese!"

8. What is a firewall?
A firewall is a device (hardware or software based) that restricts certain types of traffic from entering or leaving a network.

9. Why do I need a firewall?
There are bad people in the world who think it is fun to screw up other people's lives. There are also people who want to steal from you. And then there are people who are just nosey and want to snoop. If these people can get to your computer they can do all sorts of bad things such as deleting all your files, stealing your bank account and credit card information, stealing incriminating files from your computer (nude photos, etc), or just using your computer to send out spam email messages. Firewalls can help keep these people from getting to your computer from the Internet.

10. Why should I restrict outbound traffic on my firewall?
There are many ways for bad people to get to your computer and firewalls do not stop all of them (i.e. malware and viruses). Once your computer is infected with a simple piece of malware it can be used to download more dangerous software from the Internet. The malware can also turn your computer into a tool for the bad guys, such as by using your computer to send out spam email messages or attack other computers. If you have ever wondered why it is so hard to catch the bad guys on the Internet, it is because they use "innocent" people's computers to do their dirty work. Restricting outgoing traffic across a firewall can help stop these things from happening.

11. What ports do I need to allow for email?
Some ISPs use alternate, or nonstandard, port numbers for their email, but for most you will need to allow outbound traffic on port 25 for SMTP and port 110 for POP3 (both are used, the first to send, the second to receive emails). You should also restrict which external Internet addresses (IP Addresses) these ports are allowed to connect with, so that you don't inadvertently allow the bad people to use your computer to send out spam emails (see question 9 above).

12. My wireless router came with WEP enabled, isn't this secure?
No. WEP is not secure. WEP is akin to locking the screen door on your house and thinking no one can break in.

13. What security option should I use on my wireless router?
WPA2 (Wi-Fi Protected Access 2) with AES (Advanced Encryption Standard) is currently the most secure wireless option. If you have a very old wireless device that does not support WPA2, your next best option is WPA, although you should check with the manufacturer for firmware updates to bring it up to WPA2, failing that you should replace your wireless device.

14. What is the SSID?
Service Set Identifier. The SSID is a nice friendly name used to identify a wireless network. This allows you to connect to "MrMoms Network" instead of some long convoluted string of hexadecimal characters.

15. Why should I turn off SSID broadcasting?
In order to connect to a wireless network, you have to know the SSID. When the SSID is broadcast, everyone in range is told what it is. By disabling SSID broadcasting you have added an additional level of protection to your wireless network and helped to prevent nosey people from "just browsing" through your network.

16. My son/daughter/niece/nephew/neighbor's kid said I don't need to do X.
Not really a question, but if X is something I said to do above or in one of the related articles: your son, daughter, niece, nephew or neighbor's kid is an idiot. If they happen to be a CISSP and have a better alternative solution to put into place, then by all means listen to them. Otherwise, I stand by my calling that precious little bundle of joy an idiot and adamantly state that you should not listen to them.