De-Bugging or Re-Bugging the Latest Hack Attacks

Much news is circulating the air waves and text waves about the latest website hacking. 

The latest hack attack is coming from, what news-folk call, “the SQL injection” or “the SQL bug”.  When I read or hear either of these terms, my eyes do that little roll back that makes you feel like the canals in your ears are spiraling shut.  I appreciate news people trying to educate the public.  I appreciate the news.  I don’t appreciate reports that scare people because the person reporting doesn’t exactly understand the subject and masks their words to indicate they are spreading very important news.

MySQL [pronounces My S-Q-L or My Sequel] is a wonderful FREE database tool web developers download for FREE to make websites do all those cool things you love--  log-ins, credit card storage to your favorite shopping site, storage of your name and address, etc.  Any site you use   where you must log-in  uses a database. 

The “SQL injection” term comes from the SQL in MySQL.   SQL means Structured Query Language.  In this case, all you need to remember is it’s referring to a database.

What does that MySQL database do?  It stores your password and all other information you provide.  Any site where you buy something has a database whether you save your information to that site or not.  It stores your purchase request so the store can send you the merchandise you ordered and stores your address so they know where to send.    It may not specifically remember you, but it will remember the purchase.  Get the picture?

MySQL ( a database) has commands it responds  to as part of its normal operation.  One of those commands is to provide a “dump”.  (I’m not trying to entertain you with teenage bathroom humor, the person who created this function may have had a warped sense of humor but this is what it’s called).   The dump command, sends a message to the database to reveal information; like someone dumping a pile of papers on your desk if you asked them to bring you all the names of the men name John is the greater Dallas/Fort Worth metroplex. 

A database “dumps” what ever request is queried.  If you have a website that offers users the ability to sign up to receive your monthly newsletter, you need a means to retrieve that information.  In simple terms, you ask the database to dump all names and addresses it has stored to be able to fulfill you offer. Get the picture?

What the “SQL injection” threat truly means:  An unauthorized person accesses a database and is able to retrieve all the information stored inside that database. 

The SQL injection, is not someone injecting anything.  They are merely asking.  The vulnerability lies in the database itself whether it’s a free MySQL or a paid My SQL subscription or another paid database system.   All databases provide means to retrieve the information they store.  Safeguarding the entry is the primary concern.  There are means for the developer to require codes to help lock down the information.  It’s just the hackers have learned the secret password and now stroll in to this pile of information like a person walking in to a store and grabbing a cart to load up. 

The travesty in this hacking lies in sites where developers have not taken the steps to secure the database.  Such was the reported chase of hacksters known as LulzSec, who waltzed in to Sony Pictures website. They reportedly tweeted, “We accessed EVERYTHING.  Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Be mindful that these latest attacks do not involve your computer unless you are running a website that contains a database USING YOUR OWN SERVER (hosting yourself).  Your hosting company should be able to provide you with information about their security if you are concerned about your data’s vulnerability.

What should you as a individual should know about SQL injections: 
IF... you have a website,  IF... it doesn’t have a database (a login of some type), you are not at risk for this kind of attack.

IF...you use websites for shopping, how much information do you provide them?  Are you a priority member, does the site know you?  Do you store your credit card with them?

IF...you use social networking, how much information do you provide?  This goes beyond your privacy settings.  How many times do you access games?  How many times do you answer those fun questions about your favorite beverage or books you’ve read? 

IF...you use the same password for everything....

IF... you answered yes to these questions, your information may be at risk.

My ongoing mantra: 
Play on the Internet as if everything you were
saying (typing) were on a billboard
on the busiest freeway at rush hour. 
People aren’t going anywhere so all they have time to do is stare. 

Cloudy With a Chance of Data?

THE CLOUD!

Beyond the fluffy white diaphanous objects floating across our skyline, ‘the cloud’ means something new.  Maybe you’ve heard words like “the cloud” or lately “iCloud” and wonder if this is something you need to embrace with giggly anticipation or with trepidation like the big needle shot that they say “won’t hurt” and is steals your breath away.

Here’s the basic primer: 

Cloud based services were once places to store data & files like a safe deposit box at a bank.  Cloud-based applications are much more than this.  Cloud computing takes away the need for your computer to install the software required to operate the application.  Simple example: In order to create a document in WORD, you must have Microsoft Word installed on your computer or your laptop.  Now with ‘cloud computing’, the cloud holds that software allowing the device you use to be much smaller, lighter, etc., because it doesn’t have to store it; it “lives” in the cloud.  [also known as “software as a service”.]

In the past, tasks such as word processing were not possible without the installation of software on a local computer.  New Cloud computing takes away the installation and upgrades hassles and needed for higher computing power from users and gives more control to the service providers on administration of the services.

Another analogy to explain cloud computing is to think of it as a public utility such as electricity, gas, or water. Centralized and standardized utilities freed us from the difficulties of generating electricity or pumping water. All of the development and maintenance tasks involved in bringing these commodities to us have been eliminated.  So far, cloud-folk are swearing with Cloud computing, the savings should translate to a reduced cost in software distribution.  Of course, time will tell if this is true.

The principle behind the cloud is that any computer connected to the Internet, can be connected to the Cloud, if you have assess.  iCloud, coming soon through Apple reports free connectivity.  Rumor is ‘free’ translates to mean user who own Late model Apple devices.

If you connect to the Cloud, you can store and access your personal files such as music, pictures, videos, documents and everything else you store.  If you’re like me and own several devices, I could connect to the cloud and retrieve all my latest emails, documents picture….everything from my computer or iPhone or iPad.  I wouldn’t have to worry about copying files and making sure I had the latest version of my proposal.  It would be there.  That’s in a perfect world.

We all know we don’t live in that world, so I think about the times I don’t have an Internet connection or when I visit my father who’s small miraculously and famously has  no 3G connection either unless you drive to the county hospital parking lot.  I also think about flying on planes and the “no Internet” rule.  What happens then?

Cloud computing sounds grand and exciting.  I’m still a little worried about those rainy days when you can’t find your umbrella.

Dusting off the Blog for Important Information: Facebook at it AGAIN!

I've decided to post Blog to Groote's Gaggle only when I feel there's something important to impart to my followers.

Facebook monkeyed with your settings-- AGAIN!

A great friend and techno-genius, posted to his status this very important announcement about the new Facebook sharing  device.  If you like to upload photos to Facebook and then 'tag' faces (a means of identifying people in photographs), that cute innocent action is now being used in a very public way.  

The basics: 

The privacy setting on your photo settings in regard to sharing images, got switched to a default setting of "ON" when Facebook started pushing this technology on an international level.  Read the whole article "Facebook starts rolling out facial recognition feature worldwide."

What to do: 

To opt out of this feature, you’ll need to follow these steps:

1. Go to your Privacy Settings on Facebook. (under Account)
2. Click on Customise settings at the bottom.
3. Under “Things others share” you should see an option titled “Suggest photos of me to friends. When photos look like me, suggest my name.” Click on Edit Settings.
4. Change the option from Enabled to Disabled.

If you are a Facebook account holder, it's always good to periodically check your privacy settings.  Another very good "check" to make on a regular basis is your Facebook credit. If you purchase or have purchased anything on Facebook (game credits, merchandise, advertising), your credit card information is automatically stored under payment method.  
To fix this:

1. Go to your Account on Facebook.
2. Click on Credits Balance.
3. Click on Payment Methods - manage 
4. A screen asking for your Facebook password appears.
5. If you see "You have no funding sources associate with your account", you are safe from having your credit compromised.
6. If you see your credit card information, opt to delete it.  Nothing bad will happen.  You merely have to re-enter it should you make another purchase.  Do it. Don't be lazy. Protect your credit and money.  

In closing, my standard mantra:  It's a big, bad Internet out there.  Play safe.


Peace.