Blog

Fifteen simple ways to protect your privacy online

Wed, 07 Mar 2012 19:54:39 GMT

With the explosion of online community websites and the recent privacy policy changes from Google, online privacy has never been such a hot topic than now. If you find yourself with the feeling that someone is watching you, you might be right. Your social media websites are watching you, learning what you like, what you wear, what you eat and what you drive. Your search engine is watching you, learning what you want to buy, what you are searching for. Your phone might be watching you. Learning where you live, where you work, and where you are at every moment of the day. Hackers might be watching you as well. Trying to find out how to log onto your bank account, how use your social security number and so on.
In short, our lives have never been so open and inviting to our friends and business partners, but, also to advertisers, hackers and our employers.
To help us protect our identity and information better in this new environment I have decided to write a short guide. It’s not a guarantee that your information will never end up in the wrong hands; still, following the fifteen points below will minimize the risk of your personal information being public domain.

Set your browser to clear its history when you close it
Clearing your browser’s history can be done automatically, eliminating the possibility you might forget clearing your history when you are done browsing.

Do not accept third party cookies
Third party cookies are cookies that do not belong to the website you are currently viewing. They usually belong to another website that serves as a tracking domain. When multiple websites you visit use the same tracking system, they are able to track you across multiple domains, making it easy for the tracking system to compose a complete profile including whatever personal details you have saved on the participating websites. Luckily it is easy to disable 3rd party cookies from within your browser’s settings.

Make sure to only use a computer with a dynamic IP address
If you use your home computer, chances are you already have a dynamic IP address from your Internet Service provider. If you use the network at your workplace, in most cases it has a static IP. A static IP never changes, when a website tracks you by IP address, as long as your network uses the current IP address your internet usage profiles will be tracked. Odds are your coworkers usage is tracked as well from the same IP and might end up connected to yours. Avoid going online at your workplace unless absolutely necessary. Try and use your smartphone instead.

Set all of your instant messengers to never remember history
Instant messengers remember your conversation history by default. The history archive is stored in text files on your hard drive. In the event of a hacker, or even your network administrator or coworkers accessing your hard drive either from the network, or from your own keyboard, private conversations and conversation information can be accessed. Remember to set your messengers to disable creating any conversation archives.

Never upload your pictures to Facebook. Use a dedicated photo hosting service
Facebook does not delete photos, only the link to the photos. There have been reported cases where photos where still available three years after the users deleted them. If you want to show photos on Facebook, use a dedicated photo sharing service. Be sure to read the privacy agreement before you upload any personal photos.

Protect your tweets
Unlike Facebook’s privacy settings, Twitter’s settings are simple. Don’t forget to protect your tweets unless you want them to be visible to everybody.

Use strong passwords
Hackers can crack every password. Still it’s a good practice to use a strong password. Don’t use passwords that are too short or that are easy to guess. A good practice would be to simply start typing random keys until a password is created. For example: 6^%kjhglIUGI is a valid strong password. If you need to easily remember a password, start with a word or a phrase for example: RaceCar. Now change some of the characters to create a string password: ~RaC%C@r3. This is a string password that is easy to remember.

Never email yourself passwords
People that use a password they cannot remember tend to email themselves that password. In that case, when your computer is infected with a virus, a hacker can read your emails and can potentially have the passwords for sensitive accounts such as your bank or investments accounts. There are programs, some of them free, that can help you store passwords safely. Password Safe for example is a free program. Try and use them.

Use multiple passwords for different providers
If you use the same password for your email, bank account and a dating website, a hacker can gain access any of the above accounts and simply log onto the rest. Use different passwords for each account.

Always generate per transaction credit card numbers
Never type your debit card into any online page. Try and use a credit card that generates per transaction numbers. ShopSafe® from Bank of America is a free credit card fraud protection service that allows you to create a temporary card number each time you make an online purchase. Most E-Commerce websites hold on to your card number long after the transaction has been done and the numbers are kept in a database. Secure or not, databases are hacked daily. Most recently I found that an old number I used in an online transaction was used and declined in Paris France. The website I bought from had all the security seals displayed neatly on their web pages, yet I had no idea they held on to my card number and that their database has been hacked.

If you have a search engine set as your home page, make sure to read and understand the privacy policy
With the recent changes to Google’s privacy policy it is time to shop around. I use DuckDuckGo. It is a search engine that does not track me and does a pretty good job at getting me the results I need.

Protect your wireless network by MAC address
Wireless networks can be hacked easily. Hackers simply jam them. As your computer tries to reconnect by sending its credentials, hackers pick up the network password from the wireless request. MAC address is almost impossible to duplicate. Every computer has one. To find out yours type ipconfig /all to a DOS command window. The physical address is your MAC address. Make sure your wireless router is set to only allow connections from your MAC address.

Turn off your phone GPS when you don’t need it
Cell phone privacy is a real concern with the new generation smartphones and various applications can and do track your location. Most recently Google was forced to explain why location data is tracked on their servers. Turn your GPS off when you don’t need it. You don’t need your location data tracked by an application you don’t trust.

Do not allow contact syncing between applications
My LinkedIn contacts are kept separate then my Facebook contacts. Allowing my phone to connect them might propagate online and make my business contacts aware of my personal Facebook account.

Lock your phone screen
Locking your phone screen is good security habit. Not only that it will prevent your phone from making calls while in your pocket, it will also prevent unauthorized people from looking at sensitive information while the phone is away from you.

Conclusion
With online privacy laws lagging behind technology, following the guidelines mentioned here will help you avoid any personal information leaks to parties you don’t wish to share information with or might be selling your information to the highest bidder. Remember: if you upload it to a website you don’t own, you essentially lose control over your data. Next time before you upload or share your status with your friends, remember, is this information safe?

About the Author
Mr. Gal Ratner is the owner and CEO of Inverted Software a leading software development and consulting company located in the Los Angeles area.

Google Wallet flaws let attackers view card info

Fri, 10 Feb 2012 17:24:16 GMT

A security researcher has found a serious flaw in Google Wallet's PIN protection that, in seconds, could enable an attacker to view everything in the owner's digital wallet, including credit card numbers and transaction history.

Later on Thursday, another Google Wallet flaw came to light. A posting and video at The Smartphone Champ blog showed how to access the Google Prepaid Card balance on a secondhand or stolen phone.

Employees From Yahoo, Google, And Facebook Are Flocking To These Start-Ups

Thu, 22 Dec 2011 22:26:37 GMT

Startups working on a technology called Hadoop have become talent magnets in Silicon Valley, hiring top engineers away from the likes of Google, Yahoo, Microsoft and Facebook.

And they've become a popular investment for ex-Cisco execs turned VCs, too.

Nine Trends Affecting the Future of Exploitation

Tue, 01 Nov 2011 20:55:04 GMT

John Lambert talks about nine trends that will affect exploitation over the next decade. A number of technological, social, and environmental trends will change the world of exploitation as we've known it in the 2000s. This has lessons alike for defense, attack, and customers in the middle.

Deep dive into the LinkedIn API: Use C# to search for your dream Job

Thu, 20 Oct 2011 13:41:17 GMT

LinkedIn has an extensive API designed to access almost every aspect of the site. Developers can access People and Connections, Groups, Companies, Jobs, Social Stream, Communications and more. There are two types of LinkedIn APIs: JavaScript based and REST based with the ability to connect the two. For example: you can log in with a JavaScript button and monitor your social updates using server based code. You can then send yourself summary emails with the updates.
This is a deep dive into both APIs. We are going to be using the JavaScript login button, showing the user’s name using HTML. LinkedIn’s REST API uses OAuth authentication which we will utilize in order to get a new REST token. We will then re log in on the server and invoke the REST API, perform a jobs keyword search, return the results as JASON and show them to the user.

How to record Skype voice conversations

Sun, 28 Aug 2011 18:46:20 GMT

First let’s start at the end. If you are looking for free software to record Skype voice conversations, please skip to the bottom of this page and download the attached file. It contains a Windows Installer msi file and should install a recorder on your machine.

Skype uses a public API to listen and transmit messages to all programs on your computer. Messages are being transmitted via the native windows API and will require us to use some external method calls.
In this article we are going to build a WPF client that will communicate with Skype, detect voice calls, redirect the incoming and outgoing streams into files and finally, create a complete conversation file.

Search for flight information with the Bing API

Tue, 16 Aug 2011 20:15:50 GMT

The Bing API allows developers to query the Bing Engine. Queries can be sent using JSON, XML or SOAP.

In order to query Bing you will need an Application ID available on the Bing Developer Center. You will also need to agree to the terms of service.
The Bing API includes support for Images, Answers, news, Phonebook, related, Spellcheck, Translation, Video and web results.

Security Firm Says It Found Global Cyberspyin

Wed, 03 Aug 2011 16:55:17 GMT

SHANGHAI — An American cybersecurity company issued a report on Wednesday saying it had identified cyberattacks that lasted up to five years on a wide range of governments, American corporations and even United Nations groups.

Spreex to be featured on the Google Analytics Application Gallery

Mon, 18 Jul 2011 16:09:34 GMT

Spreex, Inverted Software’s Google Analytics application is now featured on Google’s official Application gallery.

Spreex is designed to help you develop better understanding of your website’s traffic. Spreex uses the matrix collected by Google analytics in order to paint a clear picture of basic and advanced visitor’s statistics.

See Spreex on Google here

Download Spreex here

Secure user authentication with one way password hash

Mon, 11 Jul 2011 15:06:24 GMT

Keeping users passwords in your database is a part of almost every application, yet securing passwords is rarely being done correctly.

I recently read an article by Coda Hale about the ineffectiveness of password salts. Coda Suggested using bcrypt to store passwords. He reasoned his argument by explaining bcrypt is extremely slow to compute, therefore making it slow to hack.

I completely agree, however, I wanted to add another way of safely storing passwords in a more conventional way by hiding the salt in the hash. The idea wasn’t mine. It belongs to a DBA named Scott Hulberg. It’s pretty simple and for the sake of this blog post I am not going to implement it completely. I am going to prepend the salt to the password hash, making it invisible to a hacker. You can go further by writing an algorithm to plant the salt in the hash array as you see fit.

Since the only way to match a one way hashed password is to use the salt we used to generate this hash, if a hacker cannot get to the salt, they cannot retrieve the original password.
Let’s begin by composing the method to create our hash and prefix it with the salt:

Ciphertex's handy five terabyte carry-it-with-you RAID storage

Tue, 05 Jul 2011 16:08:46 GMT

Smart marketing in the era of agile commerce

Tue, 05 Jul 2011 16:00:19 GMT

Today’s consumers possess more digital devices than ever, which feed them more data than ever and, in turn, fuel more informed and nuanced purchasing decisions. As a result, your marketing efforts need to extend to include all of the points your company interacts with current and potential customers. And those efforts must be executed with sufficient speed to keep pace with the connected consumer.

Display your top selling products in ASP.NET using a Bubble Chart

Tue, 05 Jul 2011 15:27:42 GMT

System.Web.DataVisualization contains 34 types of charts. The most common of them is the Column chart on which I already blogged about in Display a sales chart with ASP.NET Chart control and Linq to SQL.

Today I am going to take our sales chart one step further and display the top selling products for the year. Since we have multiple products for each time span, I chose a Bubble chart.
First let’s look at the data model:

Shopping Cart .NET 1.6 has been released

Tue, 21 Jun 2011 05:25:07 GMT

Release Notes
New for this release are:
Support for Authorize.Net
Support for downloadable products: You can now sell products along with one time expiring keys or use a non expiring key. Customers will be given a download URL along with a key.
Support for product sales: You can now set a sale price on a product. The store will indicate that the product is on sale.
Product reviews: Customers can now review products they have purchased from your store. You can set product ratings in configurable rating categories.
There was some minor performance tuning and bug fixing done for this release as well.

Download Shopping Cart .NET here: http://shoppingcartnet.codeplex.com/

Application Lifecycle Management End-to-end

Wed, 08 Jun 2011 17:57:29 GMT

Open Workspace

Fri, 03 Jun 2011 21:44:11 GMT

Sharing memory session between servers

Fri, 03 Jun 2011 17:34:50 GMT

Session variables hold per user information. Unlike cookies, sessions store information on the server rather than on the client. The client holds a session cookie with the client’s session ID and at the time of an HTTP request, the server accesses the client’s session ID and retrieves the session data. The default implementation of session has the web server holding the information in memory. This implementation as fast as it is has some drawbacks: Recycling your app pool or restarting IIS will abandon all of the sessions currently in memory. Sharing sessions between web servers is also not possible and when load balancing traffic between servers we need to resort to “sticky sessions”, a method in which all client requests will be redirected to the same physical server as the first request. This would enable us to still use default sessions, however, it will not solve the first issue I mentioned and we are still running the risk of overloading a server’s memory under heavy traffic load when some of our servers are slow to respond.

Oracle Database 11g vs. Microsoft SQL Server 2008

Sun, 15 May 2011 16:01:06 GMT

This report is the latest in a series of Comparative Management Cost Studies (CMCS) comparing Oracle Database with database management systems offered by other leading enterprise software vendors. This edition of the study compares Microsoft SQL Server 2008 with Oracle Database 11g.

Following the same approach taken in the earlier studies, Edison Group set up a laboratory environment to analyze a suite of standard RDBMS administrative tasks, and measured their respective management efficiency (time taken to complete tasks) and their complexity based on a proprietary manageability metric. Using the management efficiency results, Edison Group calculated the annual savings for businesses due to the enhanced DBA productivity that would result from using the product with superior manageability.

Spatial Search made easy with Google Maps API and SQL Server 2008

Sat, 14 May 2011 19:57:19 GMT

Spatial search is the process of searching locations nearby to a position in space. A good example of a spatial search would be finding all of the restaurants near your present location. With Google’s Maps API and SQL Server’s Geography data types we can build a quick spatial search in no time.

In this little exercise I will be detecting the user’s location, displaying it on a map and suggesting nearby restaurants. Since not all browsers support the W3C standards I will also allow manual input of the user’s address.
Spatial search relies on latitude and longitude which are the global position coordinates. The process of turning an address to a set of latitude and longitude coordinates is referred to as Geocoding.

Facebook Security Flaw Exposed User Accounts

Thu, 12 May 2011 16:46:00 GMT

A security vulnerability on Facebook Inc. for years gave advertisers and other third parties a way to access users' accounts and personal information, according to security firm Symantec Corp.

But Facebook said Tuesday it had fixed the problem and found no evidence of the issue resulting in private information being leaked.

The issue, which Symantec described as accidental, centers on Facebook applications, the third-party programs that allow users to play games, shop and do other tasks on the Facebook website. In some cases, those applications shared with advertisers and analytics companies so-called access tokens, which act like spare keys (originally intended for the apps) to access or post information on a user's account, including reading wall posts, accessing a friend's profile, posting to a user's wall and mining personal information.