Wednesday 23 July 2014

Are you being hacked?


The word 'hack', and derivatives thereof, get thrown around a lot these days.

It's a popular word that is becoming increasingly meaningless.

People use it to cover a lot of different behaviors and activities. It seems to be most commonly used these days to refer to finding an account open. It's kind of like claiming that someone broke into your house when you left the front door open.

People also use it to describe scam accounts, 'parody' accounts, and other doppelgänger (I love that word) accounts on social media sites. This isn't really hacking either. It's more of an old school con with new toys, and is pretty easy to do even if you turn your security settings up. If this does happen to you, I recommend following this link. More often than not they're used for marketing scams, but are occasionally used for more malicious activities.

As a result of all of this, the term 'hacking' is wearing a little thin. I'm all for the evolution of language (and 'hack' has done its fair share), but at some point we should restrict the number of definitions we offer up for a single word within a single arena.

I'm more on board with the 'life hack' use of the word, as it is more in line with the usage that led to the definition that I'm complaining is currently in the process of being bastardised.

There is a great history of the term in one of the books I have floating around. I did spend some time looking for it before I started writing this, but I was unfortunately unable to find it. If I find it. I will share the title of the book with you.

Hacking Facebook is very difficult, and something that Mark Zuckerberg has been known to take very seriously, but 'hacking' Facebook is very easy, and is something that is more often than not wholly reliant on somebody leaving their account open.

Look, those are the two far extreme ends of the 'unwanted access' spectrum, and there are a variety of 'hackings' that can go on in between the two. Some of these aren't really hacking, and some kind of are. For the most part we, as individual users, are only really capable of protecting ourselves from the one end of the 'hacking' spectrum, and the rest is up to the people that provide the service.

In the Facebook case, their end of the spectrum is relatively tight. They appear to be pretty good at it. I'm not privy to what's actually going on over there, which is fair, but they look like they know what they're doing.

Your end is probably another scene entirely. Maybe not yours specifically, but yours generally.

There are a few things that you should be doing, and this is by no means an exhaustive list. This is just a good place to start.


Always log out properly
Whenever you use a computer that other people might be able to access, log out of Facebook (or other service) properly. Once you have logged out, delete the history, and close the browser. Then reopen the browser, and go back to Facebook (or the other service) to make sure the password hasn't been 'remembered'.

This isn't fool proof. Actually, far from it. It is better than not doing it though.


Don't use public computers
Don't log-in to anything on a public computer. Don't check your e-mail. Don't check your Facebook. Don't check on your World of Warcraft anything. Absolutely never do online banking on a public computer. Even if you are in the habit of logging out properly, there isn't much of a guarantee that there aren't key loggers on the machine, or something else with a similar purpose.

If it is an absolute emergency, and you really need to check one of these things (not your bank account) you should change your password on a trusted computer as soon as possible afterwards.

You shouldn't be doing it in the first place though.


Don't reuse passwords across services
This is a really big problem. I'm not gong to explain it. I'm going to let xkcd explain it for you

http://xkcd.com/792/

Funny comic. Serious problem.

Even if a site isn't out to get you, you have no idea how good/bad their security is. It's that weak link in a chain metaphor that people are prone to harp on about. This same metaphor is good for talking about the one person on your network/system who has atrocious password practices. 


Don't write down your password
I wouldn't have even mentioned this one, except that it came up recently when I found out that it is being taught at my brother's expensive high school as a way of remembering passwords. No!! Bad expensive high school. Very bad! 

This is ridiculous. Don't ever do this.

This is an absurd habit to get into, and is an incredibly irresponsible thing to encourage others to do.

I could tell you stories. Crazy stories. Instead, I am going to tell you about a very dumb thing that I did.

Some years ago when I started a new job, and I was inundated with nine logins with random string passwords in two days, I wrote down three that were behind other logins. That is just an excuse, and it was still a super stupid thing to do.

Well before the end of that week I had changed the passwords to something else, and left the note in my top drawer as a reminder that I am very often prone to doing incredibly stupid things, where it was found at a later date by the data manager in our office. How embarrassment!

Remembering a multitude of passwords is a good skill to cultivate, and is something that will become even more relevant in the future.

It is better to be inconvenienced by forgetting a password than to make it accessible to others. Especially in a professional scenario where there is an IT department who can reset it for you. They do have better things to do than reset your password, but I promise you that they'll be far more annoyed if they ever have a serious breech.

There is this whole problem with this too, in that I would frequently argue that the security checks used to reset a password are far too often incredibly insecure. That is a story for another time though.

There is this whole misconception about password strength anyway, which is covered pretty clearly by this xkcd comic on password strength.

http://xkcd.com/936/

I guess the real takeaway from all of this is that you should be reading xkcd. It/he is the business. You will be totally emsmartulised. Also, it is funny.

Cleverness is the wombat's cummerbund. It increases one's nattiness.

Saturday 19 July 2014

Are you rubbing your computer on complete strangers?


I am occasionally reminded that I have spent most of my professional life as some breed of 'IT guy'.

I guess, in my own head I have always imagined myself as one of the 'wise-cracking iconoclasts built for grander things' subspecies. I also sometimes like to pretend that I am a bear, but that doesn't make it so.

As one of those 'IT guy' things who isn't a bear I am acutely aware of the effects of poor computer hygiene. People just sort of switch off, and cruise around rubbing their computer on every strange thing they can find. Digitally speaking.

It's bizarre.

To me, it's pretty weird that people don't seem to pay attention to the URLs when they get search results. This really is Not Rubbing Your Computer on Strangers: 1001. When I find out about this I tend to worry about them visiting places like Tijuana, or Bangkok.

Here are the first three results I got when I Googled 'mozilla firefox'.


Clearly the first one is an ad for a Mozilla Firefox download, and then the next two are not ads, with one going to the firefox download page, and the the third going to the Mozilla homepage.

It is not uncommon for companies to advertise with the same search criteria that their sites would be SEOed towards, so the fact that it is paid isn't necessarily a give away, but the URL for the first result  is mozilla-firefox.ez-download.com/

The postcode for this address is in Scam City. You will be getting malware.

Following this link will lead you to a page that looks like this, which to most people looks pretty legitimate.


It even has a disclaimer that you won't read, just like all the safe sites.


A disclaimer that contains this little chestnut.


This sort of statement is surprisingly common. You might not expect it, but it is. Hence the surprise.

I think it comes down to them not getting in trouble with Google for duping rubes, so that they can keep their sweet advertising spot.

The fact that they've said it doesn't really matter though, because most people don't read disclaimers, and most people don't pay attention when they are installing things. It's actually a fairly standard method for getting malware and poorly designed and coded toolbars onto people's computers.

It's really common. So common in fact that the first page of results for my Google search had five opportunities to experience the thrill of installing malware:

Firefox download with bundled malware (Ad)
Firefox download
Mozilla homepage
News about Mozilla Firefox
Firefox download with bundled malware
Firefox download with bundled malware
Firefox Wikipedia entry
Firefox download for Android through Google Play
Firefox download with bundled malware
Firefox download with bundled malware
Firefox download with bundled software (I haven't looked into whether or not it is malware)
'In-depth Articles' results

This isn't unique to Google searches, or Firefox distributions. I have come across examples on most search engines that I have used. Honestly, it is probably all search engines, but I filter it out these days, and tend not to take note of them.

I know a lot of you are probably thinking that you would never be caught out by something like this, but I see the evidence of it on a lot of computers. I've seen it on the computers of IT professionals, and ICT students, and programmers, and high school computing teachers, and a lot of the more tech savvy people that I know.

It is ridiculously common.

Even if you think you are absolutely super awesome with computers, and you never use them to Google Pandas or kittens or some such, and you've got a dozen top tier raid toons, and you've finished the internet, and totally pwned the boss fight with Mark Zuckerberg's left testicle, and you don't use aim assist when CoDing n00bz on your XBone, you should heed these words.

Especially if you are any of those things.

Thursday 10 July 2014

Alien: Isolation


I am sure that I have at some stage previous to this one that is happening made clear that I far prefer Alien to anything that has been made subsequently. I would go so far as to say that it is the one that I like it the most of them, which isn't really going any further than the initial statement.

I might even go so further as to say that it is one of the most exquisite films ever made.

I do like the series as a whole, but not in the same way that I like the first one, and not on the same level.

There is something terrifying and real about the first one. Something that comes after you on the most basic levels.

There is nothing you can do. The alien is dangerous, predatory, and apparently unkillable. In the later movies they are clearly very killable, but in that first film it is apparently an entirely different beast.

The creatures in the second film appear to be so unlike the one in the first that I've often argued it should've been made as a part of a different franchise. It's an action, shooty, farce, thing with a number of plot points copy and pasted from the original, which is why they have made so many video games about it.

They haven't ever really made a game that was based on the first film. Not really. Mostly because the general wisdom in the industry is that shooty-shooty, kill, kill is the most surefire way to ensure that people spend money on your thing that you made.

Apparently running and hiding from something you can't kill is an unappealing way to spend an evening.

Until now!

People love this shit. This is actually a popular sub-genre in the contemporary interactive digital entertainment landscape, which is why The Creative Assembly got the go ahead to make Alien: Isolation.



If you have ever watched the original Alien, and thought, 'me too!', then this game might be for you.

If the idea of trying to get some series of tasks completed so that you can get the hell out of wherever you are all the while being stalked by an eyeless, indestructible, monstrosity from the depths of space (and H. R. Giger's imagination), then this might very well be your scene.

As someone who has really enjoyed hiding in storage cupboards for indefinite periods of time while playing System Shock 2, I'm looking forward to the opportunity to do some cupboard hiding in one of the great cinematic cupboard-hiders of all time.

Sunday 6 July 2014

Timey-time, time, time


It is coming up on that time of year again.

Doctor Who time!

Which is, this time, also a new Doctor time.

Timey-time, time, time.

Time.

The time will actually be in late August. Kind of just after the 23rd.

I think.

I don't rightly know, to be honest. I haven't checked. It'll go out on the 23rd in the UK, and then everyone else gets it after, which is fair. He's their toy.

I like a new Doctor, which isn't to say that I didn't like the old ones, but I've seen enough now to know that this is the reason I like the show. I like that it is always different, but in a way it is always kind of the same too.

I tend to favour the incumbent. That appears to be the general rule for me. They will be my favourite until they are gone. It's part of the adventure.

This has meant that in my life time I have adored some of the much less popular Doctors, but I am okay with that.

But, that's what it's all about. It's all about change. The show endures because of it. Not just the cast, but 'everything changes': the tone; the genre; the style. It is a show about change. That's what's going on.

And, here we are again; time for more change.

I'm excited, and I like that there will be a carry on companion. They're always fun. Not always. That isn't true. When the Fourth passed to the Fifth he bequeathed a small legion of teens, which didn't go so well.

Their were too many, and they all had to be doing things, and each episode was only 25mins, and there were more than a few times that you thought, 'it might be nice if a couple of them would just stay on the TARDIS and have tea for just one story', but it never happened.

As a result of all of this they killed Adric, the maths kid. The Doctor actually made one of the other companions kill him in the TARDIS to conserve oxygen when it was shrinking. It used to be a pretty dark show. Actually, only some of that is true. Adric died. That is the true bit.

He died, and he took the dinosaurs with him.

It's odd, though, because the First Doctor had just as many pets, but didn't have the same pacing issues with his stories. They tended to operate in pairs and groups more I suppose.

Anyway, I've heard things about the new season that I don't really feel the need to talk about, but it all sounds exciting.

Here are the teaser trailers that were built to betease you into committing subconsciously to some sort of viewing arrangement.