Heartbleed: yet another security problem

You might have heard about Heartbleed, which is the name given to yet another recent security problem. Briefly, the problem was a bug in software that has been used for website security by many people.

And yes, Yahoo.com and many other common sites have had the problem, so if you have used those usernames and passwords anywhere else, pay attention.

Read it about it here:

http://news.msn.com/science-technology/how-to-tell-if-heartbleed-could-have-stolen-your-password-and-when-it%e2%80%99s-safe-to-change-it

Then come back and check the list below and read about it in today’s Portland Biz Journal:

http://www.bizjournals.com/portland/blog/2014/04/after-massive-heartbleed-security-breach-portland.html?ana=e_du_pub&s=article_du&ed=2014-04-09&u=zgSD4d+pX4SRgPIGOndEtwXfJFA&t=1397146424&page=all

I grabbed the list of over 600 vulnerable sites from the link in the first article  alphabetized it, then deleted most of the sites leaving a few examples of sites that you (I) would think they really should have known better. But it just goes to show you that really smart people from big and small companies use the “off the shelf” software that other people trust. Have a look and be shocked.

androidcentral.com.

androidpit.com.

androidpit.de.

arstechnica.com.

bittorrent.com.

breitbart.com.

cabelas.com.

cplusplus.com.

duckduckgo.com.

economist.com.

flickr.com.

fool.com.

graphicstock.com.

heritage.org.

kaspersky.com.

mail.com.

nascar.com.

resellerratings.com.

reverbnation.com.

rollingstone.com.

searchfunmoods.com.

shopzilla.com.

thestreet.com.

thewire.com.

toshiba.com.

weather.gov.

wisegeek.com.

wisegeek.org.

yahoo.com.

zagat.com.

zap2it.com.

So yeah, it looks like I’ll have to change my nascar.com password too.

If you’re not using KeePass or LastPass or another encrypted password program to make new passwords and keep track of them, it’s time to start. Many of my passwords are pure gobbledygook that KeePass created for me.

And, in the words of Han Solo, “It’s not my fault.”

A question about backup systems

I received a question from someone about backup systems. My friend says… “The guy who built my PC recommended Acronis but when I checked it out on Amazon it got raked over the coals by reviewers. Interestingly enough several of the posts recommended using the backup software in Windows 7. Any recommendations you have for me to checkout would be appreciated.”

It is a great question because it is constantly changing market. So  keep two things in mind: my comments are my opinion and other people have theirs. Second, this is not a complete review of all backup systems, but is part of my knowledge base at this time.

Given Microsoft’s history in the realm of backups, I know it seems strange, but the Windows 7 backup has some good features, such as reliability and ease of setup. It’s fine for doing a straight, simple backup. On the other hand, flexibility is a bit of a drawback.

Another drawback, is that it does not do incremental backups; which means that it works by first calculating how much space is needed to do a complete backup, then it checks the destination drive ( for the home user that is usually an external hard drive) to see if it there is enough space. If there is not enough space, it deletes the oldest backup(s) to create enough space before completing the current backup.

Which means that if your destination drive has room for only one backup, then you lose the previous backup before getting the current backup done.

And if there is a power failure or some other crash during the backup, you’re hosed.

Furthermore it doesn’t handle versions of files. So, the Win 7 backup has its drawbacks.

As for Acronis, I suspect that the bad reviews were from people who couldn’t figure out how to use it, because it is a backup that can do everything. Now I must admit that my comments here are a bit behind by a version or two, but there are two things that bother me about Acronis: one is real nit-picky, but the product key is half a mile long and it takes a couple of minutes to get it entered correctly; entering the product key is enough of a chore to drive most people crazy. My other complaint is that they over the years have changed the user interface and dumbed it down so much that they have made it confusing. Fortunately, once you find the secret hidden button, you can open up the advanced menu, and then it gets nice and geeky and comfortable and flexible and powerful and useful. But yeah, I can see how non-geeks might not like that.

For simple backups I kind of like the Seagate Backup Plus drives.

Plug the drive into USB, install the software, pick the folders to backup, and away it goes.

When it’s done, eject the drive or shutdown and remove it and put it in your fire safe box.

A week later, plug it in, and it runs a new backup for you.

When it’s done, eject the drive, or shutdown, and remove it and put it back in your fire safe box.

But let’s take a step back and look at the big picture.

The first thing to consider is: how much data do I have and how critical is it?

IF the answer is that there is not much data and it’s not very critical, then copy it to a couple of different flash drives and/or burn it to a CD and put it in a fire safe box and then repeat that process whenever there is new data that you would hate to lose.

But if you have very much data, and you would kick yourself around the block if you lost it, then you need to use a better backup system.

Ideally backups would include both a local backup and an off-site or cloud backup. Norton, Dell, Seagate, and your cousin’s uncle have all jumped into that market with their solutions. I have not tested them all, but I was out at someone’s home and found that their Norton backup had broken and wasn’t working. So I fixed it and got it going again. My point is that you can’t just get something going and then forget it about it. You have to check it occasionally to make sure that it’s working. And that means restoring a file occasionally to make sure the system works.

Then there are the cloud backups such as Carbonite, Mozy, iDrive, iCloud and iDon’tKnowAllOfThem. The advantage to those cloud backup system is the support and the fact that your data is stored in one or more data centers. If a machine crashes, or burns or is stolen, they will help you recover. Is it an expense or insurance? I would answer that question with a question. How much data can you afford to lose?

Of the cloud backups, I really like SpiderOak because it is unbelievably secure. SpiderOak has the features, like Dropbox, of synchronizing files between devices and sharing files with other people. The big advantage over Dropbox is the security and the fact that its primary purpose is the backup system.

The problem with SpiderOak is that if you forget the password that you used, you’re sunk. The SpiderOak support folks can’t retrieve it or figure it out. That password is used for the encryption key, so it needs to be a long, strong password. Just don’t forget it, or write it on a sticky on the bottom of your keyboard. (I use KeePass for keeping all of my passwords, but that’s another subject.)

Another backup system that I am using with a client is the LogMeIn Backup. After the first full backup, it backs up new files and changes; which means that it can keep track of versions of a file or document that you might be working on, such as a manuscript or doctoral thesis.

There are two reasons for using LogMeIn backup with this client. One is that they have a ton of data, which would be prohibitively expensive to store with a cloud backup service. The other reason is that it handles both local and remote backups. All of their data is backed up to a system in my office.

The bottom line to this discussion has two points.

First, backups are a crucial part of owning and using a computer.

Second, always remember that data that you don’t have in at least two places is data that you don’t care about losing – because you probably will lose it. Pun intended without apology.