Wallpoper – offering high quality wallpapers

Maybe because it’s winter, or perhaps it’s because of “cough” professional reasons, but our time inside and our use of technology increases. Our screens become portals into another world, and a little variety is a great way to ward of the winter blahs. One quick way to spruce up your computer is to upgrade your desktop wallpaper, but often it can be difficult to find exactly what you desire in a size that meets your needs. That’s where a new service called wallpoper steps in.

Wallpoper is an online database of high quality desktop wallpapers. It offers different themes, topics, and resolutions (including mobile resolutions). If you’re anything like me, the distraction of finding a way to beautify your portal to the world is a welcome one.

Do you have other wallpaper sites you visit? Please feel free to share in the comments below.

A day in the life of an iPhone addict

You know those people who say that you shouldn’t sleep with your cell phone? I’m not one of them. My cell phone is an extension of my hand. Where I go, it goes. This addiction with technology was bad just over three years ago, but now? I don’t think addiction even begins to describe the love affairs that we have with our technology today. And guess what? It’s only going to intensify. How? I’m not sure, because I’m pretty sure I’m as addicted as I’m going to get. Want proof?

6:30 a.m. I am jarred awake by an ascending chromatic scale that just doesn’t. shut. up. until I either jab the conveniently red snooze button or just give up and get moving.

6:35 a.m. My feet haven’t even hit the floor yet, but already I’m opening my Gmail app and scrolling through the mail that was delivered overnight. But the work email? That can wait until I’ve had my coffee (just don’t tell my boss). A quick check of the weather and Facebook and it’s time to get the day started.

7:45 a.m. At my local Starbucks counter I pull out my phone and flash my Starbucks app to pay for my coffee. Quick and convenient.

8:00 a.m. At work I’m waiting for my computer to boot up and notice that my phone has started blowing up with push notifications from Foursquare. “It looks like you’re near The Ohio Society of CPAs. Do you want to check in?” it asks. I check in to OSCPA on Foursquare as well as my department (yes, we created our own Foursquare check in), and realize that I’m still 4 days away from becoming mayor. Maybe working from home does have at least one disadvantage.

8:05 a.m. Time to get to work, so now I have a choice between my downloaded iTunes music or iHeartRadio.

10:00 a.m. Time to check in with my to-do list. The Orchestra app is by far my favorite to-do list app. A quick glance at my work list tells me what I need to do next.

11:30 a.m.  Lunch time! We’re looking for new restaurant ideas, so naturally I fire up my Yelp app to see what’s nearby. This is especially convenient for looking up reviews, directions, and hours. This app is a lifesaver when I’m in unfamiliar areas.

4:30 p.m. Quitting time. Traffic is a nightmare so I check the traffic overlay on my native iPhone maps app. I get an instant visual on whether the major routes I take are at a standstill (red), sluggish (yellow) or good to go (green) and adjust my commute accordingly.

5:00 p.m. It’s time to workout some stress, so after checking in at the gym on Foursquare, I fire up the apps that’ll get me through my workout. How did people get through workouts before smartphones?? I saw somebody with a Walkman at the gym recently. Apparently Sony still sells those.

6:30 p.m. If you have toddlers, there are three apps that will get you through until dinner is on the table: Peekaboo Forest, Peekaboo Wild and Peekaboo Barn.

8:00 p.m. The little one’s in bed and now I get some time to myself. Time for some quality TV….if only I could put down my iPhone. I often annoy my husband because I’m so consumed with my iPhone that I miss good scenes on shows or movies. I proceed to check in to the television show(s) I’m watching on GetGlue, post a few photos on Instagram, scan my Twitter feeds, play my turns on Words with Friends, and finally settle in with what I tell myself will be just 5 minutes on Pinterest…. If only, right?

So, am I the only one, or does your typical day follow along with this model? Just how attached are you to your gadgets? C’mon fess up – it’s the least you could do after I just gave you a peek into my typical gadget-filled day.

Disclaimer: I was not offered any kind of compensation by these companies for the promotion of their apps. In fact, they don’t even know that I exist.

Spear phishing with public records

Ever wonder how people get fooled into identity theft on the Interwebs? I mean, you’d never get caught up in one of those goofy online scams, you can see those from a mile away right? Don’t be too confident. Many of us could quickly be fooled into becoming a victim of a targeted “Spear Phishing” attack. An attack can begin with something as simple as your address.

What does someone know about you from your address? More than you might think, and most likely more than you’re comfortable with. Collecting information about your, attackers craft stories to trick you into giving them more information. Don’t think someone can get enough information to trick you? You might be surprised what a simple public records search will turn up.

I live in Columbus Ohio, that’s Franklin County, so I’ll list my local government sites as examples.

  1. Franklin County Auditors site, property lookup - Gives the attacker information on property owners and financing companies. One normally trusts the other so this is a big target for fooling people into offering up additional information.
  2. Franklin County Municipal Court, case lookup - Gives an attacker access to traffic and criminal cases. If you’ve had a ticket, your DOB, address, and license plate are now in the attackers arsenal.
  3. Franklin County Clerk of Courts for a few more case lookups - Criminal, civil or domestic, your dirty laundry is public for all to see. In some cases the court orders are attached as PDFs. This is a treasure trove of information for an attacker to use to gain your trust.
  4. Don’t forget statistical information — where you live likely says a lot about where you work, how much money you make, whether or not you have kids, and even where they go to school. This can all be used against you.

So with these simple look-ups (without any social media or services) an attacker knows who owns a property and who finances the property. They know your birthday, any traffic violations, or domestic cases you’re involved in. If you have a domestic case, they have your children’s names and birth dates. All that is needed to craft a story that will engage you into giving up more information.

“This is XXX from XXX financial, our records show you’re 90 days past due on your mortgage, how would you like to rectify this today?” Normally this is enough to get an emotional reaction and knock people off their game. Instantly you’re focused on the billing error not your security, and then they have you. “Could you please give me the last 4 digits of your social, so I can look at what might be wrong with your payments?” Of course you will – that’s standard these days to access an account.

Now the attacker has everything they need to contact your finance company and collect even more information. It happens that fast and it happens all too often. People are more critical of email than phone, but phone is a more likely attack vector for a personalized attack. Never trust the person calling you is who they say they are, always ensure you initiate a call that requires you to validate yourself.

Most of all, know what information is available about you. While social media might be a way of collecting personal information it’s not the only method people can use.

Do you know what Google knows?

Have you ever “accidentally” done an inappropriate web search? Perhaps you found something via search a week ago and would like to revisit it on another machine. Either way, if you’re a Google user your web history is part of your account. I was wondering about figuring out what Google actually knows about me and found poof when I realized that every search I’ve done since 2007 was archived.

For me, this isn’t a good thing. This level of monitoring makes me a bit uncomfortable. I also started digging into what other information Google might have collected about me. While I know I shouldn’t be surprised, I was. Simply visiting Google Dashboard yielded information on accounts so old I’d simply forgotten them. Just like Facebook, my Google credentials has access to several other applications, and several applications had access to my Google account.

Still beyond all of this, the Web search history was the most concerning. I found myself revisiting my search history repeatedly questioning if I should delete it or not. All my searches are explainable (even if I shouldn’t have to explain them), but even more concerning is that it tracks all the links I’ve clicked. An index of this much information just doesn’t seem necessary, and honestly the risk of someone knowing my browsing habits is higher than I’d like to admit.

While I left the data intact, I do feel violated. It reminds me that nothing is actually free, and when you use a service you’re not paying for you’re most definitely not the customer. With all of Google’s recent changes (most not good IMHO) I question if I should continue to trust them with all of this data.

Tell me what you think. Visit your Google Dashboard. Did you find things you didn’t know about? Are your comfortable with the data being tracked?

Google Dashboard - https://www.google.com/dashboard/

How to search Google

I’ve been using computers for a long time, and during that time some things have become second nature to me so that they’re instinctual reactions and understandings akin to walking, breathing, and levitating frogs. Sometimes, I forget what it’s like not to know how to do something. The most basic thing of all? Finding stuff. You know, with Google.

Step 1: You do use Google, right? If you find yourself typing “yahoo,” “bing,” “msn,” “ask jeeves,” or “lycos” in to your web browser, you owe it to yourself to switch to what the rest of the world is using — Google. It’s faster, easier, and just better than all the rest.

Step 2: Don’t ask questions. Computers are essentially stupid. They can’t understand natural language — that is, what humans do. They actually can’t understand anything at all, unless they’ve been programmed to or have a statistical model, and even then, it’s not real understanding. Since they don’t think, you’ll lead yourself astray by typing things like “where can I find the best local pizza?”

Step 3: Understand what they have in them. Search engines scour the Internet, and download all the content they find. They don’t really understand it; rather, they just have a big index that they store and search through. So…

Step 4: Be unambiguous and exact. If you live in Cleveland, the word “nearby” isn’t going to be much help. Remember step 3? The computer is stupid. Where is “nearby?” You’ll want to use “in Cleveland” instead — or better yet, just “Cleveland.”

Step 5: Put it all together. Search for exactly what you want, being specific and concise. Below are some good and bad examples. Take a look and you’ll see the pattern (because you’re a human, not a computer). Follow it, and you’ll have much more success in your Googling. (The others work the same way, but that’s the only search engine that matters.)

  • Bad: “where is the best pizza nearby?”
    Good: “best Cleveland pizza”
  • Bad: “how can I get to New York City?”
    Good: “Cleveland to New York City directions”
  •  Bad: “what time is it?”
    Good: “time”
  • Bad: “I can’t click on the button”
    Good: “button grayed out”
  • Bad: “where to find photoshop demo”
    Good: “photoshop demo download”
  • Bad: “you shouldn’t mix Tylenol and alcohol”
    Good: “mixing Tylenol and alcohol”

Securing your Facebook login is easier than you think

Do you know who or what has access to your Facebook account? Have you considered the impact of your Facebook account being hijacked? I’m not talking about protecting your identity or privacy, just simply protecting your Facebook login itself.

With nearly 1 billion users, businesses know that potential customers most likely have Facebook accounts. It’s normally in the best interest of the business and the user to have a unified login (Login With Facebook) option on a website or application. As a user, the idea of a single click beats a long boring form any day. Over time the number of sites that are linked to your Facebook credentials grows, and before you know it hundreds of sites trust Facebook for permission to your data.

Don’t believe me? Just take a look by:

  1. Visiting Facebook
  2. Clicking on the down arrow to the right of home
  3. Selecting Account Settings
  4. Then clicking Apps from the menu on the left
This list of apps should concern you for many reasons, but for the sake of this post I’ll focus on one. Anyone who gains access to your Facebook account can quickly and easily see any applications linked to it. Having access to your Facebook account grants them access to several other accounts, and they don’t have to guess which ones. What was originally an annoyance to your friends just became access to your personal data. No worries though, you can take steps to keep people out of your account.
Just two jumps up from the Apps menu items lives Security. Find it and click it.
Facebook actually allows for some pretty cool security options. Once you’ve selected Security you are brought to a screen containing a number of tools to help protect your account from the bad guys.

Now that we know where to find the tools, let’s do a shallow dive into them:

  1. Secure Browsing – This option turns on SSL encryption (secure like e-commerce) while you’re using Facebook, this keeps prying eyes out of your business and protects you from simple hacks like the one I posted last week. Turn this on and keep it on.
  2. Login Notifications - Enabling this will allow Facebook to alert you when a new device connects to your account. You can choose to be alerted via email or text messages. The idea behind this is that if someone other than you is accessing your account via a machine or device you don’t trust, you’ll be notified. Again this is a good one to have enabled.
  3. Login Approvals – This goes a step beyond notifications and asks you to approve devices before log-in can occur. In this case, when you use a new computer or device to connect, a text message with a code will be sent to your phone. The device can not access your account until this text message is entered. Once Facebook confirms the code you will be asked to name the device so you can monitor it in the future.
  4. App Passwords - Certain applications like Skype use your true Facebook password to connect. This can be problematic for a number of reasons, and App Passwords allow you to create generated passwords for these outlier applications.
  5. Recognized Devices – This allows you to view and manage the devices you’ve granted access to your account. This only works if you’ve enabled Login Approvals.
  6. Active Sessions – This shows you the devices that are utilizing your Facebook account and allows you to end sessions for devices you don’t recognize. This works best when you have Login Approvals enabled but it can also be used when you accidentally login from an unknown location and forget to log-out.

The hardest part of securing your Facebook account is finding the settings. Adding layers of  protection only takes a few minutes and trust me it’s worth it. Just imagine the trouble you’ll cause for your friends when your account starts sending out phishing links. If you don’t like your Facebook friends enough to protect them, think about the harm you could cause yourself when all of your linked accounts are accessed. If these reasons aren’t enough to protect your account I would suggest selecting the last option on the security page, “Deactivate your account”.

Getting more for less (INCREASE THE SIZE OF YOUR … Internet connection)

For several years now, due mainly to the downturn in the economy, there has been a trend to keep what you have and avoid upgrading or changing things. I understand this mentality quite well – if it’s working for what you need, why bother changing? Especially if money’s as tight as it is. But, while sticking with what you’ve got may seem like a prudent move, it isn’t always the best way to get the best bang for your buck. Sometimes upgrading can actually reduce your costs, or give you more for the same cost. One such area in which this is especially true is with Internet access.

First off – it’s important to know what bandwidth is. Bandwidth is the measure of available data transmission/reception capability you have access to. (You can think of it like the top speed of a car — more bandwidth, able to go faster.) What this means to you as a consumer of bandwidth is that the more bandwidth that you have, the more data you can consume more quickly, and the less likely you are to notice slowdowns when multiple people/computers are using the same Internet connection. In the age of streaming video, online gaming, increasingly large file sizes, cloud computing, and so on, having appropriately as much bandwidth is a big deal.

For example, lets say you are in an office with five other people who share the same Internet connection. This single Internet connection probably seems fine most of the time, as you are mainly using it for email and to visit the occasional website. Sometimes, however, you notice slowdowns – like when you attempt to watch videos, listen to music, or attend a meeting online with a product like WebEx or GoToMeeting. The issue is amplified further when multiple people are trying to do these things at the same time. These slowdowns are generally caused by insufficient bandwidth on your Internet connection for what you are trying to accomplish.

So, here’s the big question: When was the last time that you looked into upgrading your Internet connection to one with more bandwidth?

Oh, I know what you are saying to yourself, “I haven’t looked because I don’t want to pay more than I already am.” But, the reality is that if you haven’t evaluated your bandwidth costs over the past few years, you are probably paying more than you should be.

Prices for bandwidth have reduced dramatically over the past five years – and speeds have increased significantly. If you haven’t looked into providers recently, it is very possible that you could double the amount of bandwidth you currently have – while reducing your pricing to half of what you are currently paying, and this is no exaggeration. It just takes a phone call or two — and remember, sales reps are eager to gain you as a customer if you’re shopping for better service and lower prices. Those few minutes on the phone could save you a bundle in the long run!

So, why are you still paying the same amount of money for the same amount of bandwidth you had five years ago? It’s time to look into an upgrade.

Lifehacker App Directory

We all have gadgets and we all get bored. One way to quickly spruce up an old device is by adding a few new apps. Lifehackers app directory offers you app advice for about any device, including good old fashioned PCs. Save yourself some money and bring new life to your devices, buy apps not gadgets.

Lifehacker’s App Directory is a constantly maintained and updated directory of the best applications and tools for computers (Windows, Mac, and Linux) and smartphones (Android and iPhone). Want to make sure you’ve got the best of the best installed on your system? Simply click on your platform-of-choice below to get started.

via Apps News, Videos, Reviews and Gossip – Lifehacker.

Do you know of links to good App collections? If so post them below!

I made it rhyme. :)

Disclaimer: Kristen did not have a chance to review this, the above content or lack thereof is no representation of her skills. This was all me (Chris) and I’m sure I will pay dearly when she sees I posted without review again.

Warning: Using WiFi Protected Setup Could Kill You!

Okay, maybe not kill you exactly. But I had to get your attention somehow. Sorry. Please don’t stop reading. I promise1 I won’t do it again.

Here’s the thing: Your router may not be as secure as you think it is, which could mean nothing… or it could mean that people steal your Internet access, documents, and identity.

Yeah. I know.

In the tight-knit community of white-, black-, and grayhat hackers, security professionals, cryptographic experts, and intelligence officials, a cryptographic “break” means something somewhat different than the colloquial use of the term. See, a security thingy (might be a standard, might be an algorithm, might be a combination lock) is either secure or it isn’t. Anything that degrades the security of the thingy such that it becomes more vulnerable than it would be otherwise is considered a “break,” and the thing itself is now considered “broken” — the assumption being, it’s only a matter of time before it affords no real security at all as the break is advanced upon and improved.

In the world of WiFi, we’ve got open networks and closed networks, the latter of which can be further subdivided into, broadly, ones secured with WEP, WPA, and WPA2 (ignoring the more technical subdivisions of those, too). The reason you care about your WiFi network’s security is that if you’re going to check your work email at the airport or look at, uh, secret engagement rings in private browsing mode at home, you don’t want some weirdo with a laptop and bad facial hair laughing manically while he rips off your information.

If you were looking at places safely to store a hundred dollar bill, an open network would be like the sidewalk outside a bank, WEP would be like the floor just inside the bank’s public foyer, WPA would be like the outside of the teller’s counter, and WPA22 would be like the bank vault.

Or so we thought.

You see, there’s a niggling detail: Generally speaking, “good security” and “easy to use” are concepts at odds. Sure, it’s possible to make something safe and easy to use, but it’s usually hard… really hard. That’s why bank vault doors are so damn heavy and good passwords are long and hard to remember. Because people — with good intentions, mind you! — wanted to make it easy for home users to set up secure WiFi networks, a little protocol called WPS, or WiFi Protected Setup, was developed. With WPS, all you have to do is push a button or type in a short PIN, and your network kinda “sets itself up.” It’s brainless, you never need to know a password, and it’s secure.

Oh yeah, I’ve got a bridge in Brooklyn for you. Honest. Cash only. Prepay. Come alone. Unmarked, non-sequential, small-denomination bills.

It turns out that WPS is a gaping hole in the security of an otherwise good, WPA2-secured network. See, if the only entry point to your house is a door, WPA2 is like the lock (and it’s a really good one), but WPS is like putting that lock on a glass door. It just kinda makes the lock irrelevant. Just like the only fix for your security conundrum is to pick a less translucent entryway, the only fix for WPS is never using it and disabling it from being used in the future.

The takeaway is this: WPS bad, evil; make panda sad. Disable it or you’re at risk. EOF.

Technical note for the curious on how this all works: The PIN for WPS is 8 digits, the last of which is a checksum, leaving 107 (10,000,000) combinations. Turns out when the wireless router is communicating during the PIN process, it tells the client about the validity of the first and second half of the PIN separately. The first half of the PIN has 4 digits (104 = 10,000 combinations), and the second half has 3 active digits (1,000 combinations), which means that keyspace is reduced to 10,000 + 1,000 = 11,000 combinations. PLUS, not times. Because it’s not really an 8-digit PIN, but more like two separate 4- and 3-digit ones. That’s a security reduction of 99.89%! Ouch. Brute forcing the PIN for entry can therefore be done in just an hour or two. Sure, access points could be modified to slow down or lock out too many bad attempts, but right now they’re sitting ducks. And the tools to do it are live and in the wild right now:

1: No I don’t.
2: In non-compatibility mode, i.e., CCMP, not TKIP. Hey, acronyms are fun!

Nice try Steve, Scam Bastard

Some people in life are just scumbags. Avoiding them is half the battle, but when you can’t, knowing how to deal with them effectively is the other half. Just like you shouldn’t trust the smelly slob with the weirdly-stained AC/DC t-shirt at the bus stop with your credit card (even though he tells you he’s a “mage wizard” who can protect your credit report from “bad spells”), you shouldn’t trust Nigerians named Steve with your electronics, either.But I’m getting ahead of myself.The other night, I put on Craigslist an older camera of mine. I researched a fair asking price, took some photos, confirmed the listing, and after obsessively checking my email for a while for immediate offers, shut my laptop for the night. The next morning, I found a new email about the listing sitting in my inbox:

From: steve (peterform9@gmail.com via craigslist.org) To: Omitted

I am interested in buying your item.Get back to me with your firm price

Something about it rubbed me the wrong way. Maybe it was his insistence on haggling right off the bat, but without even making an offer. Maybe it was his abrupt and brief writing style, devoid of any questions or niceities. Maybe it was someone named “steve” having a “peter” email address. I googled the email address, and variations on his username, but nothing turned up, so I decided to look the other way and write him back:

From: Omitted To: steve (peterform9@gmail.com)

Hi, I’m asking $500, as both the camera and the lens are in perfect condition aside from normal usage. There is no damage to either.

In almost no time, I got a response, and the alarm bells in my head started ringing louder than a drunk frat boy’s ears after doing keg stands next to the bass at a house party:

From: peter scott (peterform01@hotmail.com) To: Omitted

Thanks for your reply toward my request to your item.i am very happy to hear that the item is still Available,i am buying it as a gift to my son, please send me a paypal invoice to enable me make the payment asap. I am paying you both the shipping cost and your cost price. and i will be happy if i made the payment to you, you go immediately to mail out the package to my son using USPS Express mailing to his address i am going to give to you after the payment. get back to me cause i need this item as soon as possible. Please do consider the item as sold as I will be sending out the payment immediately I received the requested information for the payment.I wait to hear from you soon.. Regards Steve

Where do we begin? Oddly enough, while the original email — to which I replied — came from peterform9@gmail.com, the response came from peterform01@hotmail.com. Did you catch that? Better yet, the name associated with the first account was “steve,” and the second was “peter scott.” Yes, from a “peter form” address. I knew something was wrong before I even opened the message. To the message itself: The first message was at least legible. This one was criminally infected with grammar, the writing equivalent of a bad decision with Tara Reid. And then the promises. What do you take me for, Steve? A drunk Las Vegas bridesmaid? I’m not an idiot. Sure, let me go ahead and just mail that to you. Never mind that you just tried to haggle me — I’m sure your promsies of a PayPal payment will come true. I would never dream that you would try to steal my account information, and take my camera too, to boot. I had a hunch. A hunch I could only confirm through the most devious and advanced hacking. That’s right, only through the application of my Mad Computer 5killz could this trail be taken to its fruition. Someone start the techno and break out the cube animations and TV station cassettes. L0pht, are you hiring?

More

That's right, I clicked "More."

Much More

Then I found out much more.

See, when you send an email, you transmit a whole bunch of other information along with it — like your IP address, crushed childhood dreams, and mail server. You just have to know how to find it. I found it:

X-Originating-IP: [41.206.11.15]

Because I know a bit about the Internet, the start of the IP range (the 41, that is) set my spidey sense tingling. But I pulled another trick out of my bag just to make sure. You see, every IP address resolves to a physical location somewhere. This one just happened to be the sunny seaside town war ravaged wasteland of Owerri, Nigeria. Nice try, Steve.

Follow

Get every new post delivered to your Inbox.

Join 1,871 other followers