LastPass Breach and Tips from Steve Gibson

With the latest breach at LastPass I was eager to listen to Steve Gibson on his latest Security Now Show #512 and see what he advised.

  • What may have been lost were email addresses, password reminders, per user salts, and authentication hashes. None of the bulk encrypted data was lost.
  • lastpass-01
  • Under Password Iterations (Advanced Menu)  – change it from 5000 to a random number of five or six digits with no zeroes and the first digit should be greater than two – like 59463. Note – even though you get a message from Lastpass not to go above 20000, I didn’t experience any significant delay.
  • Lastpass also adds a per user random SALT – which makes the account even more secure.
  • Lastpass is also protecting us by preventing anyone from logging in from a new computer or IP address and will require confirmation via email.
  • Steve still recommends changing your Lastpass password in case everything was stolen and you had a weak password to start. It’s interesting that Steve changed his password even though I know he had a very secure password.
  • Steve still recommends using Lastpass.
  • Two factor authentication  would help if somehow they did figure out your password.
  •  Steve also recommends writing down you Master Password and keeping it somewhere safe – like your wallet, but make a change to it so that it’s not exactly the same.
  • Leo LaPorte also adds a long number to his password to make it even more secure or you can also just add extra characters to the end of your password to make it harder to crack.
  • If you haven’t already, setup two-factor authentication in LastPass.
Posted in LastPass | Leave a comment

Blackout Bag Review

blackout-bag

If you have a newer car and park car on the street or a public area, there is a new threat that is coming to the streets. Steve Gibson of GRC has alerted us that criminals are using electronic devices that will amplify your cars key fob signal so much that your car can be opened even if your keys are in the house or restaurant.

What you need to prevent this is a bag which will block any signal from the keyfob.

I have tried out a couple of cheaper options to see if they work:

Altoids tin – No.
Amazon – $7.99 Rfid Signal Blocker Pouch – No.

The bag which has worked for both my Honda car keys and my phone is the $40 Blackout Pocket Level 11 – bag from Scottevest It costs $40 + shipping.
Right now you can save $8.00 with the coupon code SAVE20.

I haven’t heard of this type of crime in St. Louis as of yet, but it’s probably only a matter of time til it comes to our streets.

Here’s a couple of news videos of the problem.

Posted in Security | Leave a comment

Minilock File Encryption

Since Steve Gibson of GRC likes the Minilock program, I thought I’d test it out and try to make sense of it. After working through all the steps, I’ve discovered that Minilock allows you to send sensitive information, like your Social Security Number, credit card information etc. to anyone that your trust. Both parties have to use the Minilock program and have created Public ID numbers. Even if a 3rd party gets the file and your ID, they would still need an email address and very long password to open up the file.

I downloaded it from the Google Chrome Store and I noticed that it installed in my Chrome App Launcher on my Desktop Toolbar.

minilock-01

I then started it up and got the message below. It wants an email address and a password/passphrase. You don’t have to enter your real email address, you can use one that is just for this app. I entered a 27 character password with lower and uppercase and a number and it wouldn’t let me use it. When I changed it to a 50 character password, it allowed me to move on. Note – make sure you write this password/passphrase down somewhere – I keep mine in LastPass.

minilock-02

This does two things. First if gives you a Minilock ID and secondly it allows you to encrypt a file. The Minilock ID is a public number that you can share with anyone.

minilock-03

You can encrypt a file by selecting a file – then you get the options below.

minilock-04

You will notice that you can save the file with a random file-name in case you want to obfuscate what the name really is. Another interesting feature is that you can add other people’s minilock ids so they can also open these files. This way you can send a file via email and know that it can only be opened by the recipient.I chose to save the original name. It then encrypts the file, but doesn’t automatically save it.

minilock-05

Notice that it adds a .minilock extension at the end. You then have to click on the Down Arrow to actually Save the file.

At this point it would be nice if this program was integrated with Windows Explorer, so you could easily open the file from Explorer – hopefully that might come later.

To open/decrypt you need to start the Minilock app and enter your email address and password/passphrase. This gets you back to the main screen where you can select your file, save it and then open it up.

 

 

 

Posted in Security | Leave a comment

Windows 10 Upgrade Date – July 29th

Paul Thurrott reports that July 29th that Windows 10 will be the release date for Windows 10.

Unfortunately, it looks like you will have to “reserve your copy” when you get a notice from Microsoft and make a 3 GB download for each computer.

windows10-01

I’m hoping they change this stupid requirement in the future and allow you to make one download for all your computers.

Since you have a year to make this free download, there is not rush to get this new installation and as I’ve heard of numerous problems with this new version, it makes sense to let the early adopters go through all the headaches.

Note – just today, June 1, I got a notice that I could reserve a copy of Windows 10 for my regular laptop.

Here is a FAQ about Windows 10 from Microsoft.

Posted in Windows 10 | Leave a comment

HooToo Tripmate Nano Review

HooToo-01

Since I’m primarily going to use this device when I travel, that’s the functionality that I’m testing. They call this Bridge Mode. Security is hard enough when I’m at home, so I’m hoping this device will a measure of security when I travel and have to use a hotel’s WiFi. At only $19.00 on Amazon it’s a bargain.

There is a nice User Guide online which is easier to follow then the one page that comes in the box. http://www.hootoo.com/downloads-HT-TM02.html

1. After taking everything out of the small box, I connected it to a USB cable from my laptop.

2. Disconnect my current wireless connection.

HooToo-02

3. Connect to the TripMateNano wireless connection using the default password of 11111111

4. Open browser and log in 10.10.10.254

HooToo-03

You will then get a popup which will walk you through the rest of the process.

Choose Wireless – then Scan for Networks and then select the blue arrow and choose your wireless setup. Enter your password and choose DHCP.

HooToo-04

You then need to wait while the router reboots.

Re-enter your password and you are now online behind your HooToo router.

******************************************************************

Using the website Speedof.me I got these internet speeds using HooToo.
Download – 13.5 Mbps
Upload – 3.5 Mbps

Using my standard wireless I got these speeds
Download – 17 Mbps
Upload – 3.5 Mbps

Looks like there is 25% reduction in speed using HooToo.

******************************************************************

Summary – for only $19.00 on Amazon this is a bargain which is going to go into my travel suitcase. You could just as easily take this to Starbucks or anywhere there is free WiFi. You could also use this as a guest Network at home or in a hotel. This would be a way to share one internet connection with a number of people.

 

 

Posted in Review, Reviews, Router, Security | Leave a comment

Finding Saved Passwords

passwords

I’m helping a friend who doesn’t know his password to a site, but miraculously is able to login to the site at any time. The answer to this conundrum is that his browser is logging him into the site every time.

To find your saved passwords in Chrome, go to

Settings – Show Advanced Settings – Passwords and forms – click on the Manage Passwords button.

You’ll notice that I don’t have any listed in my Chrome account since I use Lastpass to manage my passwords. Most people can find their passwords listed using this method if you use Chrome.

If you use other browsers, click here to find their solutions.

Below is option #2 – which will show you the password hidden underneath the asterisks.

http://www.cnet.com/how-to/reveal-saved-passwords-from-under-asterisks-in-your-web-browser/
Posted in Passwords | Leave a comment

Moto E – Short Review

MotoE

I am initially very impressed with the Moto E. I have used Lollipop on a Nexus 4 and a Nexus 7 and they been slow and a bit aggravating. On the new Moto E it runs like a race car. For $150 it’s a bargain. I particularly like that it fits in my front jeans pocket. At 4.5″ it’s a perfect size for me.

However there is one caveat – the camera. Here is a picture below of what the camera can do.

MotoE-picture

All I have done to the picture is crop it and reduced the size. The picture quality might be good enough for a web picture, but that is not good enough for what I like to do. I usually carry a camera around with me on a daily basis and I wanted to have a phone/camera which will be good enough to take its place.

The Moto G with Lollipop should be coming out soon and I’m look forward to seeing how it might compare.

 

Posted in Phone | Leave a comment