In The Weeds: Weekly InfoSec Round-Up

Follow Casz's Fiction Farm on WordPress.com

I decided to share with you the things I’m reading during the week with a small bit of commentary about what I find interesting about them or what I learned from them. These are links to articles, books, videos, what have you that all relate the the hacker culture or digital security world that I’m newly diving into. Self-taught FTW.

  1. On the heels of the article I posted regarding Last Pass, Tech Republic posted this gem about cyber-security basics — even though I’m learning that people in the #InfoSec biz hate the word cyber. I’m still getting through all the YouTube videos, but they are some great ones: http://www.techrepublic.com/article/learn-cybersecurity-basics-with-these-essential-youtube-videos/?ftag=TREe09998f&bhid=26093227954548321669490942282653
  2. Net Neutrality is under attack from within our government again. I can’t believe we have to protest this shit… http://money.cnn.com/2017/02/28/technology/fcc-net-neutrality/
  3. This article is from January. But, I’m still learning, so there will be articles and books that are not new that I’ll be reading/exploring. Secure apps, however. Something we all should be concerned about learning more about:  http://www.techradar.com/news/top-10-best-secure-messaging-apps-of-2017
  4. On my Google Play this week. So many books, so little time:  https://play.google.com/store/books/details?id=d4BMCgAAQBAJ&source=productsearch&utm_source=HA_Desktop_US&utm_medium=SEM&utm_campaign=PLA&pcampaignid=MKTAD0930BO1&gclid=CNHji4DKx9ICFZddfgodnEMEfg&gclsrc=ds

It’s a short round-up this week because I just started pulling this together. But, there’s some good info in there. Information overload is as deadly as no information. So, keeping it simple works for now. If you’ve read some interesting information, articles, papers, watched a cool video, or show about #InfoSec, please leave a comment here about it. The more you know…the more we all know.

 

 

 

One Minute of Zen: Birds of a Feather

Follow Casz's Fiction Farm on WordPress.com

Last spring we had a broody hen that would not subside until she could hatch a clutch of eggs. We only had fertilized duck eggs on our small microfarm; so, she became momma to four ducklings. She was the best momma and none of the “clucklings” as we called them seemed to notice that momma was different from them. Win, win. Enjoy your One Minute of Zen: Birds of a Feather.

 

Inkster Update: Taking the Patreon Plunge

Follow Casz's Fiction Farm on WordPress.com

If you’re a regular reader here, you know that in June 2011, I left a corporate 9 to 5 to be a full-time #LifewithAutism parent and do freelance work and focus on my own writing. It’s been six years of ups and downs. But, it’s mostly been good in hindsight. However, now the call for my own work is stronger than my ability to support myself (and my contributions to my family’s homestead). I don’t have the time to churn out as much fiction as I like because my freelance stuff keeps me busy most work days. Our intentional living on a rural homestead the others.

Two years ago, several folks suggested I do Patreon. But it wasn’t until last month when I launched Wilderness Rim:  Echo Falls, Book One that it seemed like the right time to do such a thing. The reception to this particular work of mine has been so great and I’d like to keep churning out more for my readers, for my future readers. But, I need time. Paid time. Enter Patreon.

Patreon works off the old-school method of benefactors supporting individual artists. Michelangelo, Bach, heck even Shakespeare, had people who supported their artistic endeavors, so they could work and still live. Not sure why we got away from that method of supporting the arts, but I’m grateful that Patreon exists and is bringing that sanity to working as an artist, in my case an author. 

So today, another launch in my life as a full-time author. I’m hoping to add more rewards and stuff than what’s listed here, but this is only the beginning. Just like in June 2011, we were just beginning the journey that brought us to Book One in the Echo Falls series.

If you’d like to support weird fiction, especially stories that focus around bigfoot, aliens, ghosts, demons, and all manner of odd, then click on my Patreon, and get in the fun. If you have suggestions for rewards for any level of tiered support, please don’t hesitate. I can alter and edit my Patreon as it grows and matures. Like I said above, I hope to make being a regular monthly supporter of my work worth it in whatever way possible.

Thanks for reading.

Trust your story,

~Casz

One Minute of Zen: Owls At Night

Follow Casz's Fiction Farm on WordPress.com

In my family lore, owls are not a good omen. When I moved to the Pacific Northwest, hearing and seeing owls became a regular thing. It spooked me. Couple that with my beloved Twin Peaks and “The Owls Are Not What They Appear” and you’ve got a negative visceral reaction. However, I’ve been trying to combat that knee-jerk reaction and come to terms and live in peace with the magnificent creatures. Listening to their songs at night has been a part of that. Enjoy this One Minute of Zen video:  Owls At Night. 

In The Weeds: Password Management For The Win

Follow Casz's Fiction Farm on WordPress.com
Sorry for the poor photo quality, I was just so amazed this was a thing I think I was shaking.

I want you to look at that photo. This is an actual thing sold in stores.

But, friends, I’m here to tell you, that’s not how you keep your passwords secure. As someone who has too many passwords to remember, too, I understand the desire to write them down. However, that is bad. Very bad. As bad as having ‘password’ as your password.

Maybe you’re saying, “I’m not that stupid, Casz.” Perhaps you’re like I was and have a rotating grouping of passwords for your various accounts and it’s got to be one of those or it isn’t easily accessible to your memory. That’s bad, too. Not as bad as having a gold-plated book on your desk for anyone to find, but it still leaves you vulnerable to compromise. If your passwords are always variations on your pet’s name or your favorite sports team, it won’t take much work to guess that your password is “fluffy2017” or “GoWings34.”

Or maybe you were also like me and thought you upped your game by having an encrypted spreadsheet. Ha! If an attacker has access to the location where the passwords are stored (whether physically or through malware), then your spreadsheet’s password will not offer any meaningful resistance. Additionally, you have no protection in this scenario should your machine be stolen or suffer a hard-drive malfunction. “But, Casz,” you say: “backup is paramount to breathing…” Sure it is. But storing extra copies increases your risk of one of them being exposed to nefarious characters (doodle your favorite hacker drawing here). Not to mention managing multiple backup versions, which all might have different passwords for the same account. Because you do rotate your passwords regularly, right? (That’s a topic for another blog post)

Regardless of how you look at it, lack of secure password management is bad. It leaves you vulnerable in multiple ways. Maybe you’re not compromised today, but security is all about managing risk. Wherever you can reasonably reduce being exposed to risk, you should do so.

The inside of the no-no password management system.

Why? Easy answer = hackers. That includes phishers, scammers, phreakers, breakers, and all manner of people who try to exploit vulnerabilities for profit or pleasure.

Passwords are a pain, and until recently there haven’t been a lot of good solutions available, leaving people to develop some really risky habits. So how do you ease the pain of passwords, while keeping them secure and still have access to them?

Enter password management applications. These are much better than the pictured journal above, encrypted spreadsheets, or sticky notes under your mouse pad, because they offer things like two-factor authentication (another blog post), security challenge questions, and you can sync your passwords between computers and even to your phone.

You can pay for such software, and PC Mag did a recent review of those available for purchase:  http://www.pcmag.com/article2/0,2817,2407168,00.asp

But I have chosen LastPass, which has a free version that works easily and intuitively. I am able to share my list with my spouse in case something happens to me and he has to handle my internet presence.

I recently adopted it and am thrilled with how easy it was. Go to a website and a popup message alerts you to add it to LastPass. Or you can manually log everything into the application. I like the popup window because there are sites I go to infrequently and don’t always think about if I need to include them in my password management. The quick answer to that is: yes you do. Add it all in.

You have your own separate “vault” and you can share one password or all of them. Syncing to your phone is a small fee. I’m using the free version of LastPass.

But, wait, Casz, you say: What happens if LastPass fails somehow? Good question! As long as you have logged into the plug-ins you would be able to export all your passwords, even with LastPass completely gone – this is possible because a locally-cached copy of your data is stored by default when you use the LastPass plugin or LastPass mobile apps. To use any of the exporting options you can go to your LastPass extension Icon > More Options > Advanced > Export.

LastPass Pocket is also offered for backup access on your USB/portable drive.

You can also re-import your passwords back into the Internet Explorer and Firefox password managers.

That being said, LastPass is spread across two data centers, two countries, and have a team of people who can each run the service individually. Plus LastPass tells me (us) that they don’t plan on going anywhere. Besides in the world of security, there are no absolutes. You can only limit your vulnerability. LastPass, and programs like it, do that.

It certainly beats the above leather-bound journal or a spreadsheet on your machine or phone, or the unbelievable ‘password’ as your password.

Stay secure out there.

Editor’s Note:  As stated in former IN THE WEEDS posts, I’m brand new to this world of #infosec and #digitalsecurity. I’m allowing you to learn as I learn. I am no expert. Your mileage may vary.