CCTV

Decided to add some decent CCTV to the front area of the house covering the doors and the car. Just can’t be sure that whoever stole the keys won’t come back and try to see if they work. Saving to a DVR and wifi streaming to an iDevice is good.

And I await the owner of Bosworth Homecare to call me and demand I remove the last post. That’s when I find out just how well my webhost protects my ability to complain and should they fall short I’ll move that post to WordPress.com where it will live forever……

A trail for facebook

I go to facebook to increase my security and I choose to be sent a text each time my account is accessed. I have this at Namecheap as just one example. Anyway, get to the page, tick the box and get shown this:
fb-one
They are perfectly capable of sending those texts without me having to turn on cookies being saved. But no, they do have to spy…

(and no, of course I didn’t change cookie behaviour. On Firefox everything gets deleted when the browser quits. It saves nothing and I prefer it that way)

Password compromised.

I got 4 emails from Ubisoft earlier. 2 in French, 2 in English. Here is the one that matters:

Hey Mark,

It looks like you recently made changes to your Uplay account. For your protection, this notification has been sent to the email address associated with your Uplay account.
Our records indicate that you changed the following information:

Email address

If this was you, you can ignore the rest of this message.

If you didn’t change these fields, someone may be accessing your account without your permission.
We strongly recommend that you change your account password on ubisoft.com or through any Uplay enabled game.
If you no longer have access to your account, contact Ubisoft customer support to confirm your identity and reset your account.

Thanks,
The Ubisoft team

That message was sent to me and to alavaldi@gmail.com

My Ubisoft password was GE2djRIYRgq. It had been generated using LastPass and is not used on any other account. I’d count that as a lucky guess.
So I go to the UPlay site, login, change the password and log out.
Then I see that it is possible to login with Facebook or Live or Playstation Network. I doubt Ubisoft will ever tell me how this person logged in so I go to each of their sites and change the passsword.

Live won’t let me use more than 16 characters which is just plain stupid. But they do have 2-factor which I have been using.

So I have 4 changed passwords now. But I do wonder how they guessed that password.

Playing with connections

Decided to play with different connections for my machines (The inspiration was in part this post at The Register): [Edit: added what they do]

1. SSH Tunnel using TunnelerX. Really easy to get going and just in case I forget what to do I have a screenshot of their page on the laptop. [Encrypts all data sent from your machine so no-one can eavesdrop]

2. Chicken of the VNC. Again easy to get up and running. My eldest is no slouch though – I installed it on her MB and from upstairs logged in to her machine, opened Textedit and started typing. She typed “Hi Dad” before I’d finished. Only have this running locally though. [Login to another machine and control it as if you were in front of it]

3. HamachiX. Still not difficult. I looked for some docs before just clicking New Connection and going for it. [Establish private network to link 2 or more machines anywhere on the net. I could let you browse my machine and take what you wished for instance.]

4. LogMeIn. Remote desktop. Free. Super easy to get working. [Login to another machine and control it as if you were in front of it]

As to what to use them for …
TunnelerX. I really should use all the time on the laptop and when J goes to the MB I’ll probably set hers up. Our home network is not encrypted at all – access to the router is by MAC address – so some sort of encryption would probably be wise.
Chicken of the VNC. I can better show J what to do with some apps probably and can use the laptop to see this screen I’m looking at right now but otherwise, no idea.
HamachiX. I could have done with this last weekend at my sister-in-law’s house. It was wanting that connection that made me look again at Hamachi.
LogMeIn. Reading IRC when I’m not in the house maybe…

I was pleasantly pleased with how easy these were to get working but the ability to spy on someone using Chicken was surprising. I would never ever check what the girls are doing on the net and I disagree with any parent who feels they need to spy so it was very odd when I did log in and saw her Facebook page, saw the IM client open, saw the background on her laptop changing – and she’ll not have known. That I could have sat and watched felt strange, very uncomfortable.

Anyway, it was all something I’d meant to get around to setting up and today I decided to play and see what happened – for once I’m not ending it frustrated.

An excellent password widget

I give out passwords daily when they have been lost. I used to just make them up when I started and the event was rare, then I started using a dashboard widget. I forget the name of it, but I had to click generate on the widget, then ctrl-a (or double click) then ctrl-c (or right-click > copy). It’s only a few keypresses but I’m all abut saving clicks where I can these days. And now I have RPG (Widget Edition). What I did in several links I now do in 2. Excellent. And I can change the number of letters, exclude o 0 1 l and that makes it more excellent.

To av or not av

Do I install av software on the reinstalled machine?

Yes:
– viruses are bad
– its expected that you do

No:
– malware is much worse
– av eats more resources than it ‘gives back’ in results
– safe practice is most of the battle against virii anyway

So right now I’m veering to No.
I do have spybot installed and hijackthis available. Clamwin is a purely on-demand solution which sounds okay but I have yet to dig around for reviews and comparisons.

Got av?

Secure cake

I have a directory on this site which is linked from nowhere and I know that for an absolute fact. There is no way it has been indexed. I could put it’s name into robots.txt but then you could look there and see what I don’t want the search engines to see. For the curious, here is my robots.txt

User-agent: HenryTheMiragoRobot
Disallow: /

User-Agent: OmniExplorer_Bot 
Disallow: / 

User-agent: *
Disallow: /images/
Disallow: /catch/
Disallow: /gallery-ink/
Disallow: /nota/
Disallow: /stats/

Of those, /images gives you a 403, /catch no longer exists, /gallery-ink is renamed, /stats is really old and the /nota directory will ban you. Really it will – it’s there to catch bad bots. Anyway, the point is that the directory I mean is fairly secure. You can’t find it.

Now to my point. I have a lot of information I need to keep and keep safe. It’s backed up here but I’m thinking of an online backup too. A wiki. But how to keep that safe given there may well be a link somewhere – it would take just the one for the bots. So if I have cpanel information and blogs logins for people – which I do and it’s a lot of people (and no, its not FreshlyPressed clients) – how can I keep them safe?
I like .htaccess file and passwords like g&unbj8[_1-7Xa but I regularly see some people claim that such files are easy to crack/bypass and they offer little security. Do they?
If I was to store your cpanel / blog logins on a site of mine what would be your chosen method of protection? It’s got to be easily usable should I need too. If I said here is the link and cracking it would get you information how would you want that protecting? How would you protect it?

I’m forever telling people that once it’s on the net should must assume it’s there for the world to see and you cannot whinge if that actually happens so I suppose I want to see if I can have my cake and eat it.

What’s the best way I can protect my information?