De-Bugging or Re-Bugging the Latest Hack Attacks

Much news is circulating the air waves and text waves about the latest website hacking. 

The latest hack attack is coming from, what news-folk call, “the SQL injection” or “the SQL bug”.  When I read or hear either of these terms, my eyes do that little roll back that makes you feel like the canals in your ears are spiraling shut.  I appreciate news people trying to educate the public.  I appreciate the news.  I don’t appreciate reports that scare people because the person reporting doesn’t exactly understand the subject and masks their words to indicate they are spreading very important news.

MySQL [pronounces My S-Q-L or My Sequel] is a wonderful FREE database tool web developers download for FREE to make websites do all those cool things you love--  log-ins, credit card storage to your favorite shopping site, storage of your name and address, etc.  Any site you use   where you must log-in  uses a database. 

The “SQL injection” term comes from the SQL in MySQL.   SQL means Structured Query Language.  In this case, all you need to remember is it’s referring to a database.

What does that MySQL database do?  It stores your password and all other information you provide.  Any site where you buy something has a database whether you save your information to that site or not.  It stores your purchase request so the store can send you the merchandise you ordered and stores your address so they know where to send.    It may not specifically remember you, but it will remember the purchase.  Get the picture?

MySQL ( a database) has commands it responds  to as part of its normal operation.  One of those commands is to provide a “dump”.  (I’m not trying to entertain you with teenage bathroom humor, the person who created this function may have had a warped sense of humor but this is what it’s called).   The dump command, sends a message to the database to reveal information; like someone dumping a pile of papers on your desk if you asked them to bring you all the names of the men name John is the greater Dallas/Fort Worth metroplex. 

A database “dumps” what ever request is queried.  If you have a website that offers users the ability to sign up to receive your monthly newsletter, you need a means to retrieve that information.  In simple terms, you ask the database to dump all names and addresses it has stored to be able to fulfill you offer. Get the picture?

What the “SQL injection” threat truly means:  An unauthorized person accesses a database and is able to retrieve all the information stored inside that database. 

The SQL injection, is not someone injecting anything.  They are merely asking.  The vulnerability lies in the database itself whether it’s a free MySQL or a paid My SQL subscription or another paid database system.   All databases provide means to retrieve the information they store.  Safeguarding the entry is the primary concern.  There are means for the developer to require codes to help lock down the information.  It’s just the hackers have learned the secret password and now stroll in to this pile of information like a person walking in to a store and grabbing a cart to load up. 

The travesty in this hacking lies in sites where developers have not taken the steps to secure the database.  Such was the reported chase of hacksters known as LulzSec, who waltzed in to Sony Pictures website. They reportedly tweeted, “We accessed EVERYTHING.  Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Be mindful that these latest attacks do not involve your computer unless you are running a website that contains a database USING YOUR OWN SERVER (hosting yourself).  Your hosting company should be able to provide you with information about their security if you are concerned about your data’s vulnerability.

What should you as a individual should know about SQL injections: 
IF... you have a website,  IF... it doesn’t have a database (a login of some type), you are not at risk for this kind of attack.

IF...you use websites for shopping, how much information do you provide them?  Are you a priority member, does the site know you?  Do you store your credit card with them?

IF...you use social networking, how much information do you provide?  This goes beyond your privacy settings.  How many times do you access games?  How many times do you answer those fun questions about your favorite beverage or books you’ve read? 

IF...you use the same password for everything....

IF... you answered yes to these questions, your information may be at risk.

My ongoing mantra: 
Play on the Internet as if everything you were
saying (typing) were on a billboard
on the busiest freeway at rush hour. 
People aren’t going anywhere so all they have time to do is stare. 

Cloudy With a Chance of Data?

THE CLOUD!

Beyond the fluffy white diaphanous objects floating across our skyline, ‘the cloud’ means something new.  Maybe you’ve heard words like “the cloud” or lately “iCloud” and wonder if this is something you need to embrace with giggly anticipation or with trepidation like the big needle shot that they say “won’t hurt” and is steals your breath away.

Here’s the basic primer: 

Cloud based services were once places to store data & files like a safe deposit box at a bank.  Cloud-based applications are much more than this.  Cloud computing takes away the need for your computer to install the software required to operate the application.  Simple example: In order to create a document in WORD, you must have Microsoft Word installed on your computer or your laptop.  Now with ‘cloud computing’, the cloud holds that software allowing the device you use to be much smaller, lighter, etc., because it doesn’t have to store it; it “lives” in the cloud.  [also known as “software as a service”.]

In the past, tasks such as word processing were not possible without the installation of software on a local computer.  New Cloud computing takes away the installation and upgrades hassles and needed for higher computing power from users and gives more control to the service providers on administration of the services.

Another analogy to explain cloud computing is to think of it as a public utility such as electricity, gas, or water. Centralized and standardized utilities freed us from the difficulties of generating electricity or pumping water. All of the development and maintenance tasks involved in bringing these commodities to us have been eliminated.  So far, cloud-folk are swearing with Cloud computing, the savings should translate to a reduced cost in software distribution.  Of course, time will tell if this is true.

The principle behind the cloud is that any computer connected to the Internet, can be connected to the Cloud, if you have assess.  iCloud, coming soon through Apple reports free connectivity.  Rumor is ‘free’ translates to mean user who own Late model Apple devices.

If you connect to the Cloud, you can store and access your personal files such as music, pictures, videos, documents and everything else you store.  If you’re like me and own several devices, I could connect to the cloud and retrieve all my latest emails, documents picture….everything from my computer or iPhone or iPad.  I wouldn’t have to worry about copying files and making sure I had the latest version of my proposal.  It would be there.  That’s in a perfect world.

We all know we don’t live in that world, so I think about the times I don’t have an Internet connection or when I visit my father who’s small miraculously and famously has  no 3G connection either unless you drive to the county hospital parking lot.  I also think about flying on planes and the “no Internet” rule.  What happens then?

Cloud computing sounds grand and exciting.  I’m still a little worried about those rainy days when you can’t find your umbrella.

Dusting off the Blog for Important Information: Facebook at it AGAIN!

I've decided to post Blog to Groote's Gaggle only when I feel there's something important to impart to my followers.

Facebook monkeyed with your settings-- AGAIN!

A great friend and techno-genius, posted to his status this very important announcement about the new Facebook sharing  device.  If you like to upload photos to Facebook and then 'tag' faces (a means of identifying people in photographs), that cute innocent action is now being used in a very public way.  

The basics: 

The privacy setting on your photo settings in regard to sharing images, got switched to a default setting of "ON" when Facebook started pushing this technology on an international level.  Read the whole article "Facebook starts rolling out facial recognition feature worldwide."

What to do: 

To opt out of this feature, you’ll need to follow these steps:

1. Go to your Privacy Settings on Facebook. (under Account)
2. Click on Customise settings at the bottom.
3. Under “Things others share” you should see an option titled “Suggest photos of me to friends. When photos look like me, suggest my name.” Click on Edit Settings.
4. Change the option from Enabled to Disabled.

If you are a Facebook account holder, it's always good to periodically check your privacy settings.  Another very good "check" to make on a regular basis is your Facebook credit. If you purchase or have purchased anything on Facebook (game credits, merchandise, advertising), your credit card information is automatically stored under payment method.  
To fix this:

1. Go to your Account on Facebook.
2. Click on Credits Balance.
3. Click on Payment Methods - manage 
4. A screen asking for your Facebook password appears.
5. If you see "You have no funding sources associate with your account", you are safe from having your credit compromised.
6. If you see your credit card information, opt to delete it.  Nothing bad will happen.  You merely have to re-enter it should you make another purchase.  Do it. Don't be lazy. Protect your credit and money.  

In closing, my standard mantra:  It's a big, bad Internet out there.  Play safe.


Peace.

Hacked Up a Dubious Connection?

Listened to the news lately?  Malcolm Riddell was a tech-savvy guy who lived on the 12th floor of a building where most of his neighbors were retired seniors. He figured he didn't need a password on his wireless router. But after an unexpected visit from the FBI, he changed his mind. Malcolm’s unprotected WIFI (wireless router) was being used by a person to collect and solicit child pornography.

If your Internet connection speed suddenly slows down or you’re constantly losing your connection, it's possible that someone has hijacked your wireless router.   First, you have to be using a wireless router (something that get’s you on the internet WITHOUT a wired connection).  Wireless is like when you go to Starbuck’s or stay at a hotel and they say FREE WIFI.  Which means you can use your laptop or smart phone or iPad to connect to the Internet for free without using a wired connection.  When you use free WIFI, some you merely click and wa-la!  You’re connected!  Hotels don’t like to share their WIFI, so you’re generally going to be issued a password and put in the code before it works. 

 

Nonetheless, if you buy one of these cool little gadgets for your home; even it merely allows you to sit in your lounge chair in front of your flat-screen and play solitaire while watching CSI,  or use your printer in your bedroom while sitting at the kitchen table, you have a WIFI connection.  If you never needed a password to initiate this connection, your WIFI is NOT PASSWORDED.  And I say, “what are you thinking?!”

Yes, we live in a world where passwords are really taking over our lives, with our ATMs codes, logins to social networks, logins to our online banking, our favorite online shopping, and on and on.  Encyption/pass words for your home or business WIFI is a precaution you should take if you have not done so at this time.  After creating a password, write it down, use it to connect to your devices, store it in the memory. Store the password in a safe place if you need to retrieve and the, forget it.  It’s that simple.  

Do it.

..unless you’re lonely and would welcome a knock at your door from the FBI.

-peace.

Dear Facebookers

If you not a person who uses Facebook, then read no further. 

Yep.  Changes on the FB.  Did you know according to “The Social Network”, Mark Zuckerberg originally called it “The Face Book”.  Enough trivia.

The SCOOP:  New settings on your news feed automatically set to show only posts from people who you’ve recently interacted with or those with whom you interact the most. Apparently, you only see and read posts from friends/fans who have interacted with you within the few weeks of this setting change.  It reports the fear, “you are now invisible to them and they are invisible to you”.

The FIX:  Scroll down to the bottom of the newsfeed on the homepage and click “Edit Options”.  It should be on the right-hand side.  Click on “Show Posts From” and change the setting to “All of Your Friends and Pages”.  Done. I’ve had reports some Friends have noticed a difference; me- none.

On another note, I have created a VTG Enterprise page on Facebook.  My goal is to create a forum  in the discussion area on website expectations, usage, content, and other subjects surrounding our interaction with this media tool.  

Please go to Facebook.com/pages/VTG-Enterprises and “like”.  Here’s a link to discussion topics currently available for comment.

http://www.facebook.com/topic.php?topic=105&post=332&uid=153067524746583#!/board.php?uid=153067524746583

Oh, it's You?

Falling…
     off the face of the Earth?

Failing….
     to keep up?

Wondering if your efforts….
     are inspiring or advancing your cause?

Terminal…
     boredom or ennui?

I’ve asked myself all these questions when I see the true time span of vacancy in Groote’s Gaggle. 

Reality lives somewhere between all of this and the fact that again I have been uprooted from my permanent digs to a new location.  I sit in transition in north Tarrant County outside of Fort Worth, TX as my hoped for, final address, is materializing brick by brick.  Most of us have that perpetual desire to set down roots and build a foundation of longevity in a place.

Over this sea of vacancy, I have been gathering in new clients, saying goodbye to some, and continually and constantly learning new avenues and turns in the roads of the World Wide Web.

Clean, easy to use, functioning websites are more and more in demand.  Video, imagery, networking your site to have conjunctive links, and updating, updating, updating!  rule.  Google is the 300 pound gorilla in the room who controls search engines across America.  Jump through their hoop if you wish to show up on a search.  What do you need to do?
Invest in your creation.  This requires some work.  Listing your site on Google, placing their “special code” in your home page, and adding a few extra “Google requested” pages help your site become recognized.

(In my opinion, we’ve googled and oogled ourselves crazy and Google has become the Microsoft bully who in spite of this, is still loved liked the prodigal son.  Even Microsoft’s  new search baby Bing is admitting it uses Google technology to retrieve searches.  Pretty sneaky. So face it, Google rules.)

The other item important to Google is HOW OFTEN DO YOU UPDATE YOUR SITE? Yep.  Google is watching when no one else may be visiting your pages.  Google is looking and calculating to see if you have anything new to say.  If you don’t, Google begins to ignore you.  Chances are everyone else does as well. 

Falling, failing, wondering?  Don’t’ become terminal.

Peace.

Facebook Updated and So did I

Timing is everything.  Last week I posted privacy directions for Facebook and the interface was completely changes two days later.  This was obviously was not my best timed moment.

Never fear!  A new Facebook privacy tutorial is here!

This tutorial is available in a PDF format for download  usage.  Please feel free to share this information.

Download the Tutorial