09/14/16

In The Weeds: Money, Keyloggers, and PayPal*

I made a mistake when I purchased something for someone. Buying them something wasn’t the mistake. My mistake was that I entered in my credentials on their computer, and they had this nifty little key-logger on their machine, unbeknownst to me. A keylogger is a program that logs every key stroke made on a machine and records it for posterity and usually maliciousness. My credentials were compromised and fraudulent purchases were made by that individual before I found out. However, I was smart, because I used PayPal, and, they helped me take back my credentials, and my money. All was good. PayPal has a back door, if you will, for users where you can deauthorize purchases — especially revolving subscriptions — right on their home page and your account page with them. It’s genius and I’m so grateful for it. (If you need an explanation on how to actually access that, message me and I’ll walk you through it. I’m still learning how to do blog images sans expensive photoshop, although I think the one I did post isn’t too shabby.)paypal

 

Had I used a bank credit card, however, that may not have been the case. It’s for that reason I try to use PayPal as often as possible. When I’m purchasing online, there’s no credit card needed. However, I do have a debit/credit card attached to my PayPal account and I can use it like a bank card, but with the better security controls for the owner of the account. Recently, a friend of mine bemoaned that when they purchase something with a debit or credit card, that it takes 7 to 10 days for that return to appear on their bank statement for said card; whereas, it takes just moments for the money to disappear from their account when they purchase it. That wasn’t the case for my PayPal situation. So, good on PayPal. But, if it takes a bank nearly two weeks to clear a return on your account, can you imagine if I’d entered in my bank account card on that keylogged machine? I shudder at the thought.

Also, if the person has Google enabled where credit card information or other credentials are stored, they could potentially have stored that information on their machine and then if they are hacked or don’t have good network or physical security on their machine…well, it’s just as bad as a keylogger. Next time, I’ll just purchase the gift on my own device. Way smarter. Way safer. And if I get hacked, well there’s no one to blame but me, yes?

This post is focused on having you learn from my mistake. Unless you are the administrator on a network or own a machine with robust security software on it, you should never put in your credit card information on someone’s machine. Keylogger programs are a dime a dozen and easy for civilians and hackers alike to procure. Your credit card information is some of the easiest and most damaging information to hack. How are you paying for things? Because of the extra security, I prefer to use PayPal, especially in the cyber world.

 

 

 

*PayPal has not paid me to write this.

08/19/16

In The Weeds: 6 Reasons Why You Should Care About Digital Security

AugustInTheWeeds

I came to the digital and/or information security world in a Kevin Bacon sort of way. Six degrees of separation, if you will, got me here. In those reasons and events I found out why I should care. So as the story teller I am, I’m going to tell you stories in all my In The Weeds explorations into the InfoSec World. To begin, here are six vignettes on digital/information/cyber security that made me realize how important it is. However, they are not in any order of importance, because, as you will find, everything is important when it comes to digital security.

  1. No One Is Safe. As with any kind of security, it is not absolute. You can only do your best to follow guidelines for protection; but, absolute safety is a misnomer. Even if you have tons of resources, as I found out the hard way, you are at risk. I’m a former soldier and federal government employee. It’s one of the places I learned about cyber security because I worked for a branch of the military. It’s also where my most private data, to include security clearance paperwork that included other people’s information was hacked. This wasn’t my fault. I couldn’t have prevented it. However, the government set up a monitoring program and I log into it weekly to make sure that my private data hasn’t been compromised.p1169723902-11
  2. If It’s On The Internet, It’s Not Private. Personally, I’m an open book for the most part. I’ve gotten better about not wearing my emotions on my sleeves, but many people who navigate in the online world, have their heads, or rather, their data in the cloud(s). That Instagram photo, or Snapchat, or even your device photos automatically sync’d to Google or iCloud are at risk. One of my children’s classmates had an issue where a compromising photo was snapped in a fit of hormonal teenage impulsiveness. It was deleted off the device, but then the cloud app was hacked. The image they thought was gone forever was not. There’s unending news stories about celebrities or politicians doing the same. No one is immune.
  3. Don’t Pass On Updates. During my freelance life I dabbled in web design and web content. It’s an ugly tennis-match role to play, especially for small businesses. Twice I advised small businesses that their security on their web site was either weak or non-existent. Both of them had very embarrassing pay-for-click hacks attached to their sites seemingly moments after I warned them the software wasn’t up to date, or the site had ZERO security. No, I wasn’t responsible. Sure, it can be annoying, to have automatic updates turned on. They don’t always come at the most convenient times; but, if you’re a person who uses computers or the internet like a toaster, it might be your best bet. Or if you’re like me and constantly get interrupted by teenagers, pets, or the good-idea fairy, you might want to turn auto update on. Granted, that can be a vulnerability, too. But, that’s for another article.
  4. Back Ups Are Paramount To Breathing. I’m not talking about a document you have – although, if you don’t back up to the cloud or a secondary thumb drive or encrypted drive for something like say, a short story, or a letter to your local municipality, you may be sorry. However, little harm is done. I’m referring to those that deal in data. Spreadsheets, inventory, and the like. Individuals may not deal with that heavily, but we do sometimes store sensitive information on our machines, that maybe we should back up elsewhere. My friend’s laptop was hacked and ransomware was put on it (her son used her machine and wasn’t careful online). She had a document on it that had ALL her information, passwords, account numbers, etc. It was there so that if something happened to her, her executor could access her online presence. She thought she was being smart. If she had that document on an encrypted drive, she’d be better off. Password management tools are available, but refer back to item number one on this list. Again, that’s another article. Friend’s identity was compromised, and it was a long six-plus months before she got everything straightened out. But, the amount of time and resources to straighten it out could have been saved if she’d had an encrypted thumb drive to store it on and placed it in the family’s safety deposit box (the latter suggestion is awkward when passwords change, however. But that’s another post).cyber-attacks-hicube-infosec
  5. Computer Systems Control Just About Everything. Power Grids. Satellites. Air Traffic. Smart Homes. Smart Phones. Smart Cars. Heck, we pay our bills online, and order our coffees online. And every computer system is hackable. Every one. Protecting the vulnerabilities (because with every hardware or software update, new ones are discovered) is a full-time job for many a IT geek. I often think back to my days on the ground at the Pentagon following the 9/11 attack. Nothing worked. No cell service. Electricity was out for a good chunk of the Pentagon. Air Traffic was stopped. Communication reverted at moments to old-school military hand signals, or radio waves. It was spooky. Then in the winter of 2006, my family and I lived through The Big Blow. A wind storm so powerful here in the Pacific Northwest that millions of people were without power, for longer than anyone could have imagined it. We enjoyed 15 days without power. Five kids in the house not being able to watch tv, play video games, even chat with their friends (we are a household that hasn’t had a house phone since about 2005) was not a pretty sight. I remember my husband commenting that this is what would happen if someone hacked the power grid. It was an eye opener. At one point I drove into a section of Seattle that got power before the rest of us slobs so my oldest girl could charge her cell phone and I could do laundry. It’s an experience I won’t soon forget. Sure it was a first-world problem, but it was a problem all the same.

    famous-spies-mata-hari-lying-down

    The famous German Spy Mata Hari

  6. Intellectual Property and Industrial Espionage is a Thing. As a former soldier, I was trained to recognize espionage. On a national level it’s such a concept I viewed as rather Hollywood initially, especially since I never witnessed it outside of the example cases the Department of Army or Defense used for training (those whose main mission is to prevent such a thing would say their programs and strategies work). When my spouse and I got together one of the main focuses of his job at the time was to protect the company he worked for from those who would steal its design and operational secrets. I was a bit befuddled that the same tactics on both sides (bad guy/good guy) were used in the corporate world, too. He wore khakis and Hawaiian shirts at the time, and not fatigues. But the fight was the same.

Most list-articles you find online have an air of authority that sometimes is difficult to vet. These are just my stories, but I can tell you they are truth with great authority. Now tell me your stories. What event in your own history made you realize that digital security is important? Are you currently dealing with something? Write about it here. Who knows? Maybe your story will provide a new In The Weeds exploration.

08/11/16

Harvest Creations: Oodles and Oodles of Zoodles

3zoodles

I can’t eat pasta any more. My DNA is skewed towards diabetes; therefore, carbs are like a silent killer ninja in my bloodstream. Although I’m in no danger currently, if I were to continue to eat now as I have my whole life, I would be there very soon. Getting Old Ain’t For Sissies. Just sayin’. So, to the rescue are things like spaghetti squash, ribbons of butternut squash, and the easiest of all: zoodles, which as one might guess is Zucchini + Noodles = Zoodles. However, no carbs here. You make the “noodles” out of the zucchini and replace them in your favorite pasta dishes, and then wa-la! Squash, diabetes! The beginning of 2016 we made a no-sugar life a priority. That means that this years crop of squash will help us with any “carb” cravings we have. 1zoodles

My microfarm is having a weird year because our summer weather has been waves of mini-hot followed by the weather that the greater Seattle area is known for:  cool and rainy. But the zucchini are really starting to come in and I’m in dehydration mode with the zoodles. You can make long-flat lasagna-style noodles (easily done with just a regular vegetable peeler or mandolin slicer), or you can grate and make like a broken spaghetti style (great to make zacaroni and cheese!), or if you have a fancy spiralizer, you can have curly fettuccine and the like. I don’t have a spiralizer yet (I had one, but its design lacked what I needed, so we returned it).

I dehydrate because like many garden veggies, zucchini hold a lot of water – again one of the reasons its healthy for us to eat for our 75-percent-made-from-water bodies. So it’s important that before freezing for future use, a bit of dehydration is a good thing. Unfortunately I haven’t found a way to store like you would dry pasta in the cupboard/larder. But, if I do, you’ll be the first to know.

I initially followed this recipe: Preserving Zoodles . I did find a few things I needed to change for my particular set up. Also, I haven’t tried the oven method. If you plan to do it that way, please tell me how it goes.

I have a decade-old Ronco 5-tray dehydrator. It’s nothing fancy and was first procured for dehydrating foraged mushrooms. I also use it for fruits and herbs and things like siracha salt. So, I can only speak for how I have to do it with my dehydrator. Your mileage and dehydrator may vary.

2zoodlesIngredients/Supplies:

As much zucchini as you can handle (about one garden-variety zucchini per tray – not the wimpy sized ones you buy at the store), washed, ends cut off, dried (I always soak my produce in a sink of cold water after a gentle scrub in running water with a tablespoon of white vinegar).4zoodles

A grater (I used the one on my food processor)

A dehydrator

Paper towels or cloth napkins

Time (mine took 7-9 hours; so be sure you are going to be puttering around the house and have time to do this).

Instructions:

Dampen cloth napkins or paper towels and line your dehydrator trays. Grate your zucchini. Put in large chunky handfuls into your dehydrator trays with the zoodles. Do not do too thin; but, also beware that if you have a dehydrator like mine, you’ll need to stack trays on top and they need to stack level and securely.

5zoodlesOpen the dehydrator top to open (see photo). After an hour being on, you’ll want to toss the zoodles and rotate the trays. At seven hours I had to up it to about every 30 minutes to toss the zoodles and rotate the trays. The point is to make sure they dry evenly and don’t get too crisp. When the zoodles are no longer wet to the touch and feel like an al dente pasta, remove and put into freezer bags or food saver bags and store in freezer. To use, toss straight from freezer in boiling salted water and cook about two minutes. Add your favorite sauce, and you have guilt-free pasta.

Alright, hope you can enjoy doing this, too. Right now I need to go harvest more zucchini. Hope farm stand folks want some zucchini this week.

 

 

08/10/16

In The Weeds: Taking The Digital Path Less Traveled

3defcon

My husband just got home from Def Con. It’s this mysterious place he’s been going to many a summer that I couldn’t (mostly because we have five children between the two of us and one of us had to keep the home network safe). Before the annual conference — that this year attracted a record number of people, 22,000 — he gets all geeked up and works on hacker puzzles, and bones up on the latest and greatest in the information security world. It’s clear to me that this is his Mecca, and these people, his tribe.

1defconWhen he returns, he’s just as amp’d up and full of new tricks of the trade, as well as tools to keep the digital world safe. The first year he came home with a lock-picking set and that’s when I learned that it isn’t all 1s and 0s when it comes to digital security. Because of his interest and sharing of said interest, I was able to break into my bedroom when I’d accidentally locked myself out. I ruined two insurance cards doing it, but the feeling of badassness of being able to hack the door knob – oh, and learn it’s weaknesses still sticks with me today. Oh, and changing the locks to something more secure and wondering why it bent to my will thrilled me beyond measure. It wasn’t criminal – it was my own property, but the unraveling of something meant to keep me out just made me excited to learn more.

Over the years married to my spouse, my interest in digital security has only heightened. But, it was only in the recent weeks leading up to Hubby’s departure to DefCon 24 that I realized my interest was deeper than just being an observant writer/journalist and a supportive spouse. I wanted to learn more. Hubby’s a good teacher, but he also works full time in the digital security world and has been for nearly 20 years. I started following certain InfoSec folks on twitter (and they followed me back!) I have Google Alerts to bring me information about vulnerabilities and other key words in the hacker world. I have been reading articles for years and continue to do so. My InfoSec bookshelf is beginning to rival that of my writing and farming shelves.2defcon

Clearly, I’m on a quest and journey to delve deeper into this subject matter, world, culture, and tribe. Like everything I do, I’ll write about it. Not that stepping off the precipice of the “civilian” cliff into the world of InfoSec isn’t scary. I am anxious about things like DDOS attacks, the whole GamerGate attitude flying into my face because I’m a woman, to potentially putting my husband’s work in jeopardy, for there is some not so nice aspects to this world  — think MR. ROBOT, or ZEROES, or LITTLE BROTHER, and the like.

However my need to explore and gain knowledge really trumps that anxiety. I’m interested to answer questions like: How much stronger are passwords with numbers? Or how do criminals use stolen credit cards without leading cops right to them? Why do nerds prefer command line over a GUI? Why is curiosity a crime? When you buy hardware, is it yours to tinker with? Take apart? Replicate? Improve? Why is (insert tactic) important? How does it work? What are its hidden assumptions that lead to unintended flaws? Regardless the subject, the hacker community is much more about the mindset than any technical detail and I intend to peel that metaphoric onion. Right here on this farm that has a server in the garage. Can you straddle the analog and digital world successfully? I intend to find out.

So, from one nerd/noob to another, you can follow along and maybe you’ll learn something. I know I will.

 

08/9/16

Harvest Creations: That moment when your ketchup turns into BBQ sauce

 

image-20160806_093619 (1)

A typical farm stand week…

My goal this year is that I take what I need from the farm beds when I need it – for current meals, that is. Then everything else gets sold at the farm stand on Saturdays. Whatever I don’t sell on Saturday, I “put by” as they say. In other words, preserve. This past Saturday there was some confusion about whether or not I was open. I took the last weekend in July off for a writing retreat, but opened this past Saturday, Aug. 6th. Some folks thought I was still closed. Nope, the Thrasher Studios & Microfarm Stand will be open on Saturdays through to the last possible harvest, and then some. So that meant I had a TON of leftovers – kale, herbs, zucchini, carrots, cucumbers, and squash.

It’s been a rough year on the microfarm. We had super warm weather in April and then super rainy in late May and June. And it’s been super cool the rest of the time (yesterday’s high was 66 degrees, much the same forecasted for today). Not a good season for tomatoes and peppers. However, my cucumbers have been doing phenomenal. But, there’s only so many pickles and dill relish I can make. So, I found this recipe for cucumber ketchup. Of course I can never just leave a recipe as is. I have to add my own touches to it. So I added a tablespoon of smoked paprika and a pinch of saffron to this. I added other things, but I’ll get to that.

IMG_20160807_150827

All ready to go in the pot.

Now, cucumbers have a high water content. One of the reasons they are healthy to eat, along with their low caloric count. Plus straight from the farm they taste so incredible. So I followed the recipe’s guidelines on adding just the tiniest bit of water to keep the cucumbers from burning on the bottom of the pan. Clearly even the tiniest bit was too much. Because when it was time to cook down to thicken, it was too watery. To combat that, I added a dollop of tomato paste to help thicken it up. It did so, but not enough to give it the consistency of ketchup. So I added some crushed dried peppers from last year’s garden, let it cook down a bit more and wa-la! Cuke Nuke BBQ Sauce was born.

Next time I will put a bit of white wine instead of water. That way it will cook off when the cucumbers cook down and release their own water. I also may try to cook it in the crock pot and see what happens. In the end this recipe netted me quite a bit of small-batch BBQ sauce. I got 7 half pints canned, one for the freezer, and one for the fridge, plus a bit left over to cook our turkey cutlets for dinner last night.

Here’s the recipe if you want to make Cuke Nuke BBQ Sauce:

Ingredients:

Ripe cucumbers, peeled, chopped and seeded (makes 8 cups)

Small amount of water (like just enough to cover the bottom of your pan with water)

1 red pepper, chopped

1 cups sugar (original recipe called for 2 cups. We live a no/low sugar life and our sauces don’t need to be this sweet)

1 teaspoon cinnamon

1 cup chopped onion (I used red onion, adds sweetness to replace the taken out refined sugar)

4 cups vinegar (I did two cups red wine vinegar and two cups white)

1 teaspoon salt

After blending.

After blending.

1 teaspoon cloves

1 teaspoon pepper

1 tablespoon smoked paprika

1 pinch of saffron (optional)

1 dollop (about two tablespoons) of organic tomato paste

2 tsp. of crushed dried chili peppers

 

Instructions:

Peel enough cucumbers to make 8 cups after seeds and soft centers have been removed. Add chopped onion, red pepper, and enough water to prevent sticking. Cook slowly, stirring frequently, until tender. Add remaining ingredients. Cook slowly, stirring frequently, until thick. Use an immersion blender to blend smooth, or slightly cool and put in blender to make smooth. Strain to insure no cucumber or pepper seeds are in final product. Return to pan and heat to boiling, and then decrease to simmering. Prepare to can in water bath. Process in water bath for 20 minutes. Makes up to 9 half pints.

Enjoy your cuke nuke bbq sauce. Hopefully next time we’ll actually make ketchup.

IMG_20160808_164103

Up next time on Harvest Creations:  dehydrating Zoodles!