Skip to main content
Minnesota State College Southeast

Updates from the Web

MSC Southeast's computer and Web chronicles

We don't have your password

(Tech Tips) Permanent link

Neither does anyone else - if they are legitimate.

The news about user accounts being stolen from Google, Home Depot, and others, it can be very unnerving. However, good sites don't actually store passwords. They only store a representation of them. Even if your information is stolen, it doesn't mean your password is exposed.

How it works

 

 

Digging Deeper

There are a number of techniques used, but they all use the same basic premise. Here is one of the most common techniques.

When you put in your password into an online account, the password is run through an algorithm. That is, a mathematical calculation is performed. The result is what is saved in the database instead of your password.

The cool part - (getting a bit geeky here)

The result of these mathematical algorithms (you should drop that phrase at your next party), is called a hash. If you use the same type of technique very time, then the same string of characters will always result in the same hash.

For example, using one technique, the password "qwerty123" will always be converted to the hash "2qrW5WBOjhe9nxCNkeJq/mKB2sj9oAkQQKem172bQ7U=". If you use a better password, like "Five5For5Fighting!Google", you get the hash "gsOnlRB5/7LGOSyNTnQjjolSpqumI9UsT5/uNYgnM6A=".

It is this longer string that is saved in the database. If a hacker steals the database information, they can't tell by looking at the hash what your password is. Hashes can't be reversed.

To find out if you used the right password, the website simply runs the same algorithm to check the password. If it matches the hash in the database, you used the right password.

Putting the hash in the password field would result in a completely different hash, so it wouldn't work. So, if you were to put in the qwerty123 hash (2qrW5WBOjhe9nxCNkeJq/mKB2sj9oAkQQKem172bQ7U=) in the password field, you actually get "G4AAO88pl0kITda+I20eX69Pxk6lHGFzfC3l53NF2Ew=" back. It doesn't match, so the hacker can't get in.

Getting a bit more secure

To make things even more difficult for hackers, websites use what is called a salt. This is a string of random characters only the site/database owner knows. This is added to your password before it is turned into a hash. Even if the hacker knows what algorithm is used, without the salt, the hacker can't figure out what the hash should be.

With the salt, the whole thing is really pretty sweet.

What we do at MSC Southeast

More robust systems, such as ours, don't use this technique specifically. We have the benefit of our StarID system. We don't store your password, or its hash. Instead, we have a connection that validates your StarID/password with the State's StarID system.

This is a similar technique used by other government agencies. It allows us to greatly insulate your information from hackers.

Final thought

The techniques outlined above are used by professionals in the Web and security industries. Some, less professional, sites don't use these techniques at all.

It is hard to tell what sites use these techniques and which do not. This is why you should never reuse passwords. If they get your password in one place, it shouldn't work anywhere else - they will certainly try!

Extra links

Find out if your Gmail has been hacked by reading 3 Ways to Check if Your Gmail is Hacked.

Learn about Google's Security Settings (you need to log in first).

Avoiding Common Online Mistakes

(Tech Tips) Permanent link

Die Laptop, Die!Man, are you lucky! You live every day with things that could easily ruin your day, week, or decade. One slip and you are toast.

I'm not talking about your shower or the main stairs in your house. I'm talking about all that living you do online. Facebook, Google, Amazon - you could be running with scissors and not even know it!

A recent article from LifeHacker.com outlines "The Stupid Things You Do Online (and How to Fix Them)". I highly recommend giving it a careful read. Here are the "stupid things" in order.

  1. You Undervalue Your Personal Data
  2. You Submit Sensitive Information Over an Insecure Connection
  3. You Feed Trolls
  4. You Leave Private Information in Your Web Browser
  5. You Don't Keep a Backup of Online Data
  6. You Assume Your Posts and Comments Are Anonymous
  7. You Let People Track Your Whereabouts
  8. You Use an Insecure Password That You Rarely (or Never) Change

Truly, these are the critical aspects of living online that need serious attention. Evaluate your own behavior and see where you can improve. It will keep you from getting into some fairly serious trouble.

While you are reading, I'll be backing up my Google Docs.

The Stupid Things You Do Online (and How to Fix Them)

 

Windows 7 Tips

(Tech Tips) Permanent link

Windows 7 Tips

Windows 7 logoWindows 7 has quite a few handy features. Most of them are fairly obscure unless you do a bit of digging.

Fortunately, we don’t have to. An article featured in InfoWorld.com outlines 20 of these tricks for IT professionals. However, many of these tips can be helpful to even those with a normal outlook on life. Here are just a few for every user.

Shortcut keys for the taskbar
Each icon in the Windows 7 task bar can be accessed by holding down the Windows Key (the one with the logo between Ctl and Alt on most keyboards). Just hold down the Windows key and press the corresponding number. For example, Internet Explorer is the third icon in my taskbar. Pressing Windows > 3 hides, opens, or select IE, depending on what the program is doing.

Ribbon in Paint and WordPad
The Microsoft Office ribbon now appears in both programs. While this has not been the most popular change for longtime MS Office users, adding it to the sorely lacking Paint and WordPad programs has made them far more usable.

Quickly add features or uninstall programs
Try this; click the "Start" orb in your task bar. In the instant search, type "features" and hit the enter key. Bango! The "Uninstall or change program" menu comes up. That save a lot of clicking.

Find missing Windows programs
One of the biggest complaints I hear about Windows 7 is that a user's favorite program is missing. If your favorite seems to be gone, try checking out Windows Live Essentials. Most of these programs are found there.

You can read the full article - and all 20 tips in the article 20 Windows 7 quick tips and tricks for IT admins.

Being scammed – twice! Fake anti-virus software

(Tech Tips) Permanent link

Being scammed – twice! Fake anti-virus software

Virus Protection ScamA tale of woe

A couple years ago, a friend of mine asked me to look at his computer. He was having some trouble getting it to run correctly. It was slow, popped up strange windows, and gave him all kinds of strange alerts. He said this was odd because he just spent $50 on some software he downloaded to protect the computer.

As soon as I saw his computer, I realized he had been scammed – in a very bad way.

My friend had been surfing the Web when a window popped up saying that he had a computer virus. It offered to fix it free. He then downloaded the software. A week later, the computer locked up with a message saying he needed to pay the $50 cost of the software to proceed, or his computer would no longer be protected.

He paid the $50.

The anti-virus software he downloaded was actually scamware. It loaded software designed to take over his computer – and charged him $50 for the privilege! That is tough news to break to a good friend.

While I was able to clean his computer, and set him up with some legitimate virus protection, this is not always possible. Often, it is necessary to reformat the computer’s hard drive to free it of the virus. This means losing all of the data and files on the computer.

Not alone

According to McAfee, scamware affected nearly 70,000 people in the first quarter of 2009 alone, and the number is rapidly rising. The tricks scammers use to get people to download the software are becoming increasingly tricky. They give even a well-seasoned Web developer a pause now and again.

The problem is that the pop-ups look very much like a message from your computer, rather than a Web page. The even mimic an entire virus scanning process. Recently, I had to go into my Task Manager (hit Ctl+Alt+Del to get there), to shut down my browser in order to stop one of these sites.

Spotting the foe

A McAfee Security Insights Blog post has some excellent tips (and a great video), on how to spot these scams. I recommend reading it thoroughly.

In short, if you did not ask for a virus scan, your computer should not be performing one. If it starts to run a scan, and it does not look exactly like it does when you ask it to, go to the Task Manager (Ctl+Alt+Del), and shut down your browser.

Never download anything (virus protection, screensaver, etc.) unless you specifically looked for the program yourself. Take the same tactic I take with telemarketers; if you did not ask for it, do not buy it.

One last tip - if the grammer/spelling is poor - it isn't legitimate.  It is hard to see in the graphic above, but the first sentence says "Warning!! Your system might be at risk!!" Never trust anyone who uses too many punctuation marks.

Finally. PDF editing software - for free!

(Tech Tips) Permanent link

Finally. PDF editing software - for free!

PDF-XChange ViewerPeople stop by my office all the time - have for years - wanting to edit PDFs. Without having to shell out several hundred dolloars ($300 at last count), for the full Adobe Acrobat software, there was really no way to do this. Worse, even if you had the software, simple tasks such as filling out forms was still a pain.

Enter PDF-XChange Viewer from Tracker Software Products. This light, easy to use, and free software does exactly what you've always wanted to do to a PDF. Better, it allows you do make edits and add text in a way that makes sense. It is at once easy to use and powerful.

If you want to upgrade to the full version, you only have to shell out $34.50 - less if you buy more than 2 licenses at a time.

I rarely recommend software, but in this case, it fulfills a need I see all the time... in that chair... right there.

 

Please Rob Me... of my sanity

(Tech Tips) Permanent link

Please Rob Me... of my sanity

Please Rob Me logoI love blogging, and I am not just saying that because this is a blog. I like the concept. It is great that people can voice their feelings, opinions, and occasional expertise online - with minimal effort.

Twitter is another matter. Why someone would wish to post random thoughts as they go about their day is beyond me. I understand the interest in celebrities (my hero, Neil deGrasse Tyson tweets), but it is not for the majority of us - without agents or interns.

Here is why it is a bad idea - no edit mode. It is too easy to post just anything that comes to mind without giving it some thought. There have been cases of people losing their jobs over bad tweets, and people have even divorced their spouse over Twitter. It is not a good thing.

Witness Please Rob Me. This Web site posts a listing of people giving their location – and they are not home. Why is this a bad idea? As the site explains,

"The danger is publicly telling people where you are. This is because it leaves one place you're definitely not... home." (http://pleaserobme.com/why)

Do not think that you have to be a technical guru to find this information. It only takes a simple search on Twitter to come up with this information.

Fortunately, sites like Please Rob Me are raising this kind of awareness.

"…The goal of this website is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc. Because all this site is, is a dressed up Twitter search page. Everybody can get this information." (http://pleaserobme.com/why)

Do yourself a favor and do not follow in the blind footsteps of these people. Tweet, if you must. Tell us too much if you will, but do not tell us you are not at home. You have trees. We have toilet paper – and lots of it.

 

AdBlock Plus - Another Firefox bonus!

(Tech Tips) Permanent link

Adblock Plus - Another Firefox bonus!

Adblock Plus LogoI have mentioned before just how much I like Firefox. While some techies shun it for its slightly slower speed (compared to other browsers such as Chrome or Safari), developers have long loved it for its remarkably handy plugins. I am not quite sure how I would get along without Web Developer.

Today, I just installed Adblock Plus in an effort to get rid of contextual ads – which I loathe. It worked perfectly!

For those of you who are new to the term “contextual ads”, these are advertising links found in the text of some pages. Often, they have a double underline. They usually open a pop-up when you hover over the link. Kontera and Intellitxt are two versions of contextual advertising.

The problem with many unscrupulous ads is that they distract from the content. This is especially true with contextual advertising. The text in the pop-ups they generate have absolutely nothing to do with the page content. Links inside Web content is already distracting enough. Contextual advertising ironically has nothing to do with the context of the page.

The Adblock Plus add-on nixed this, and all of the rest of the advertising on the page, beautifully. I was left with exactly what I wanted to see.

Here is an example of a page before and after I used Adblock Plus.

Adblock Plus Comparison

If you are not using Firefox and its plethora of add-ons, I recommend giving it and them a shot. It can make your Web browsing so much more pleasant.