My Password Was Hacked

This past weekend, a major website was hacked, and all the emails and passwords were posted online for the world to see.

Luckily for you, it was a network of technical websites.  So if you aren’t a tech guy, you probably aren’t affected.

Unluckily for me, my personal email and password was one of the 1.5 million stolen.

Anyone of BILLIONS of people could have gained access to my:

1.  Amazon
2.  Ebay
3.  Godaddy
4.  Myspace

And could of:

1.  Logged into amazon and bought anything they wanted and shipped it across the world.
2.  Went into Godaddy and stole all my websites and deleted some of my family’s email addresses.
3.  Went into myspace and stolen my identity.

It could of been worse.  They could of had my password to my email, bank, or paypal.  Since I keep all my email online, a thief could of done some real damage.

And just think how many people of the 1.5 million were lawyers, business owners or tech guys that have a lot of sensitive client or company information in their email accounts.

Many of you take precautions every day to keep you, your business and your family safe:  you lock your doors, you don’t put your social security number on facebook, and you don’t throw away bank statements in the trash without shredding them.

Yet, every single friend, family member and client I have given computer help to is using the same password for most websites they visit.  Even after I mention that this isn’t smart, they agree and do nothing.

I have a master list of my passwords, and a decent password policy, so it was easy for me to see which sites shared my compromised password.  Had I not had that, I would not of known which sites I needed to change and probably would of really freaked out.

As it stands, it freaked me out enough to send this email to you.

Now, I am going to tell you what I do to protect myself, and not only is it easy, but it is actually EASIER THAN WHAT YOU ARE DOING NOW.

But first, I want to clear up a few points.

Three Password Justifications I Hear All The Time

1.  “I only use the same password for some sites – not the important ones.”

If any of the sites have your personal information, there is a danger.   If the thief can discover the last 4 of your credit card, or mother’s maiden name, they can use that to access other sites.  If they can get your phone #, they can fake texts, intercept messages and get your phone records.

2.  “No one is going to try to break into my account!”

You’re right, probably no one will.  But computer’s might.  If you use a word out of the dictionary as your password, or god forbid the three most common passwords, “password”, “qwerty”, or “123456”, someone can run a computer program and log into your account in under a second.

And as the news story above shows, they don’t even need to do that.  If any one of the thousands of sites you have an account on has been compromised, you could be a victim.

And the criminals may not be so foolish as to post it online.  I had time to make sure all my accounts weren’t compromised; most of you will have no warning and no indication anything is wrong.

3.  “I can’t remember 500 passwords”.

Hence my solution…

My Awesome 5 Minute Solution

(At this point, if you want me to just “fix it” for you, just contact me directly)

Obviously, no one can remember more than a half dozen passwords that need letters, numbers, uppercase, blah blah blah.  And writing them down on a sticky note stuck to your monitor is insecure in a whole different way.

Step one is to buy or download a free trial of 1Password ($39 for Mac, $29 for Windows).  Don’t install it yet.  (Use coupon:  “MacPowerUsers” for 20% off)

What is this for?

  1. It stores all your passwords in one safe, encrypted location.
  2. It takes a master password to open it, so even if a thief is sitting at your computer, they can’t see them.
  3. Using a real cool trick, all your passwords get backed up and sync’d online so you will never lose them.
  4. When you install it the way I tell you, your passwords will be available on your iPhone, iPad, any laptop or computer you use.
  5. It can help you generate passwords so you don’t have to spend time thinking of new ones.
  6. And most importantly: it will fill out every login form automatically for now on.

For example, when I go to facebook, I just have to click one button in my browser, and I am logged in.  I don’t have to type my email, password, nothing.  It just works.

(Some of you may have your browser save your password for you.  This saves time, but if you computer crashes you will lose it, and if someone else uses your computer, they can see it and access your accounts.)

Step 2: In order to take full advantage of everything I am telling you here, you also have to download and INSTALL the free program, Dropbox.

This is an awesome program in it’s own right.

Dropbox gives you a “folder” or “box” that sits on your desktop (just like any other folder you fill with documents, images, music, etc), that you can “drop” files into.

Those files then get automatically transferred to the internet.  Additionally, you can install Dropbox on other computers, iPhones, etc, and each device automatically see’s every file the instant you put it in the “box”.

Dropbox has the added benefit that if your computer ever stops working, all the files in your Dropbox are safe and automatically downloaded back to your computer when you reinstall it.

Once you install Dropbox, you will tell 1Password to store all it’s passwords in there.  Therefore, all your passwords are backed up immediately, and can be accessed from any of your devices.  That is POWERFUL!

To sign up and download Dropbox, click this link.  It is a special link from me, so if you signup, we will both be rewarded with an extra 250 MB of space for life:

Step 3 is to install whichever version of 1Password you downloaded.  As you install it, it will ask for your Dropbox information.

Step 4 is to just follow the install screens and allow it to install plugins for Internet Explorer, Firefox or whatever browser you are using.

That should be it.  Now the next time you type in a password, 1Password will prompt automatically save it.  And once you are comfortable with the program, you can start changing your passwords for each website.

Step 5  Help your friends and family

I originally sent this as an email to my friends and family.   If you know of anyone that might also be at risk, please have them read this – ESPECIALLY if you have ever sent them any personal information using email.

Blackberry Tour 9630 Scroll Wheel Broken

I received my Blackberry Tour 9630 about 5 days ago, and almost immediately noticed that the horizontal scrolling was either laggy or didn’t work.

After five days, I couldn’t scroll horizontally at all at normal sensitivity.  At 100 horizontal sensitivity, it will jump around a lot but will eventually scroll.

Here is a blurry video that shows the problem:

Additionally, I tested out my father-in-law’s Verizon Tour, and his horizontal scroll is how mine initially was.

I received my new Tour today in the mail – hopefully doesn’t happen again.

I really hope this is not a defect.

Update: Just received my new 9630 and the scroll wheel works great!

Sprint Blackberry Tour NOT Available

June 30, 2009: Verizon announced the Blackberry Tour would be released on July 12,2009.

July 1, 2009: Sprint also announced the Tour would be available on their network the same day.

July 11,2009: I called Sprint’s Telesales and asked when the Tour is coming out and when they would be in the stores and was told, again, July 12, 2009.

July 12, 2009: Walked into a Sprint retail store and was told that they will not be getting any Tour’s until August 2nd.  The employee there said that no stores were getting them.

I called Sprint Telesales again and ordered it over the phone.  I was told I would receive it in 2 to 5 days.

July 13, 2009: My order on the websites switched to backordered status.  When I call back in, I am told that it would ship out in 2 to 5 more days “due to increased demand”.

July 15, 2009: Sprint updated my order status to, “While every attempt is made to fulfill orders first in and first out, a system issue earlier in the week resulted in some orders being shipped out of sequence. Our shipping commitment for the Tour remains 5 to 8 business days based on date of order.”

Does Sprint really have the phones ready or did they just push the launch date to compete with Verizon?

Save Money With Your AT&T Home Phone Line

Att-logoI called AT&T yesterday to add our old phone number to our account so that I can port it over to a new VOIP account I am about to setup.

They charged me $40 for the phone activation, and $7.50 a month as the bare-bones rate to have the phone line.  No matter what I said, they wouldn’t get rid of the activation.

Today I called to cancel it when I realized that the VOIP system I am going to try out, Magic Jack, doesn’t allow number portability yet.

Without even asking, the woman offered to remove the activation charge, and when I said that I still wasn’t interested, she offered to lower my bill $5 for a year.

So, in the process of a 5 minute phone call, I got a phone line with AT&T for $2.50 a month (before taxes), with no activation fee.

Magic Jack says that they will start porting numbers sometime this year, so hopefully it will be sooner than later.

It may be smart to call AT&T and see what savings you can get…

Make Your Emails Stand Out Using Personal E-mail Certificates

Notice the red badge on each envelope and the blue lock in the image below? 

The red badge tells me that the person is who they say they are, and the blue lock tells me that the message is encrypted.

Not only is this functionally important, but it really makes their email stand out and appear important.

This is accomplished by the use of a Personal E-mail Certificate, and is pretty easy to make work once you know the basics.

1.  In order to “digitally sign” your emails going out, you first need to find a provider to issue you one.  I used Thawte, which offers one for free:

http://www.thawte.com/secure-email/personal-email-certificates/index.html?click=DoYouNeedTo-SecureMail

Look for the “Click here to get your Personal E-mail Certificate now!” near the bottom of the page to start the process.

2. You will be asked many personal questions which will set you up with your credentials to login to Thawte.  You won’t ever have to do this again once you complete this process.

3. Next, you with see a screen to start the certificate process:

When you click the red “request” button under “X.509 Format Certificates”, you will get a popup similar to the one above.

4. In order to generate a Outlook compatible certificate, it told me that I had to use Internet Explorer, but Thawte’s site wouldn’t work with IE7.  It would just give me a VBScript error 3/4 through the wizard. 

To get around it, I found a machine to use IE6, which worked flawlessly.  The rest of the tutorial is assuming you are using that browser.  If you need the certificate for Thunderbird, you can just use Firefox.

5.  Once you finish the wizard, you will see the following screen and all the certificates you created.  It only takes a few minutes to change the status from “Pending” to “Issued”.

6. Click the “MSIE” link for the certificate you just created, which will open this page:

7.  Click on the “fetch” button at the bottom of the page, agree to all the prompts, and the certificate will be installed into your IE6 browser.

8.  Now we need to export the certificate.  First, go into your IE6 options, and click the content tab:

9. Click “Certificates…”

10.  And finally, highlight the certificate and click “Export…”.  I just put “C:\scott-key.pfx”.  It will append the “pfx” to the end if you don’t add it.

In this wizard, make sure you select to export your private key, and to delete it once you have successfully exported it.  It will ask for a password at one point, and you will use that same password when importing later.

11.  Now we need to install the certificate into Outlook.  For Outlook 2007, click on Tools > Trust Center > E-mail Security:

 

12.  Click both the “Add digital signature to outgoing messages” and “Send clear text signed message when sending signed messages” checkboxes.

13.  Now click “Import/Export”, browse to where you saved your certificate, and it will ask you for the password you used while exporting it.

14.  Try sending an email, and it should ask you to confirm the association between the certificate and your email.  Agree to the dialog box.

15.  Once you send some email, look at your sent folder to make sure they are all signed!

 

Now that this is complete, you also have the ability to easily encrypt your messages if the person you are sending to also has a certificate.  I will go through that process soon.

Save Money – Get DSL Without a Phone Line

Here is a great tip that could save you over $500 a year:  You no longer need to keep a home phone just for internet access.

Costs and Savings

Historically, DSL or “Digital Subscriber Line” worked over your home phone line, which forced us to have to pay for basic phone service in order to get DSL.

Not only is this no longer true, but you would be astounded how much money you could save by eliminating the phone cost.

For example, my wife and I never use our home phone – it was a number we gave out to people that we didn’t want to talk to.  For this ability we were paying the BARE MINIMUM $9 a month.  But after scrutinizing our bill each month, we were actually paying $22 with all the surcharges and taxes added in.  FOR BARE MINIMUM SERVICE AND NO PHONE PLAN.

If you add a phone plan and long distance, you can easily be paying $40 or $50 a month.  And most of you don’t realize that you are paying probably another $10 a month for Caller ID, *69 and other product.  My mother-in-law pays over $60 a month!

Here are the current published rates for AT&T DSL with Phone:

AT&T Normal Rates

and then for just DSL:

AT&T Naked DSL Rates

So although you will pay about $10 extra for the naked DSL, you should be saving $20 – $40 in phone charges.

My Experience

I found out about this last year when I saw a story about Naked DSL from Arstechnica, and then went about figuring out how to make it work.  I called my carrier, AT&T, and asked for “Naked DSL”.

The representative was surprised I knew of the term and proceeded to ask me how I knew of it and even told me of the savings.

At one point in the call, he tried to “do his job” by telling me that I could get basic phone service for “just” $9 a month.  I replied, “After all the fees it was more like $20”, and he laughed and agreed. (Pretty funny he said that.)

All in all it took a solid thirty minutes where I learned the following:

  1. Instead of a phone number, I would have a “Dry Loop Number”.  So when I call in and they ask for my phone number, this is what I give them.  DON’T EVER LOSE THIS NUMBER – TRUST ME.
  2. To switch over to my new “number”, I needed to schedule a day for it to happen where I can be without internet service for a bit.

I scheduled the switch-over to happen while I was out of town for Independence day, so when I would get back it would just be magically working.

But then we started getting bills from AT&T with my old phone number for 0 dollars two months in a row.

Then our internet just stopped working.

When I called AT&T, they asked for my phone number, and not knowing that I had to remember my Dry Loop Number, they couldn’t help me.  They told me to look at my bill, but it only showed my old number.

After about two hours of holding, screaming, and talking to supervisors, someone finally found my number.

Apparently my account was not transferred correctly over, so for the last month I was still using my old internet account, which just got shut off.

They fixed the problem, and then after I rebooted my modem, internet was back on.

Caveats

I have found that the main way the carriers will scare you into keeping your phone is by telling you that you won’t have 911 access.  So be aware that if you really want this ability, you need to keep your phone.  We have several cell phones, so as long as one is always near us, it isn’t that important.

Secondly, if you have a home security system that relies on having a home phone, you will either have to upgrade it to to use a wireless module (which is safer anyway), use a service that can communicate over the internet, or turn it off.

In Conclusion

With people looking for many ways to save money, this could be a simple action, with minimal impact to do so.

While it is not for everyone, it is a no-brainer for those willing to try it.

A Parent Must Have: Flip Video Camcorder

Every parent goes through a video phase where they want to document their kids life. Most realize pretty fast that their $1,000 HD video camera purchase was a waste since:

  1. It’s a pain carrying around the video camera
  2. Extemporanous moments don’t happen because to catch it you would be forced to shoot ALL the time.
  3. No one wants to watch two hours of videos
  4. Editing two hours of video takes a LONG time

So after the first video session, the video camera is forever left in the box.  And if it is ever used, the video it produces just sits on a disc never to be edited.

For these reasons, I vowed to never carry one until I ran across the the Flip Video Ultra 60 Minute Camcorder.  I bought it two weeks ago and am loving every minute of it.

It handles every single complaint and makes it a joy to take videos:

  1. It is incredibly small – about the size of a large cell phone.
  2. It only holds 60 minutes, so it trains you to shoot shorts videos
  3. The USB dongle pops out the side, so all you do is plug it into your computer, edit the video (if you need to) and save it to your computer, then simply browse to YouTube or Flickr and upload your video.
  4. There is only like three buttons, so if an event is about to happen, you turn it on, then press the big red “record” button all in about 5 seconds.
  5. And best of all, it’s only $130!

It was so cheap in fact, I also bought the waterproof case so that I can use it during swimming lessons.

The funny thing is, after I tell people how awesome it is, they ask me, “Does it shoot in HD?”.

It’s like we are so ingrained as consumers to buy the most tricked out gadget, we forget about real-world-ease-of-use.

“NO it does not do HD. This camera is all about FAST, CHEAP & EASY.”

And after they use the camera and upload their first video in under a minute, they agree. HD would unnecessarily complicate a perfect device.

Here is an example from one hour ago.  Because it is so small, I just always have it on me so that when a funny moment is about to occur, we are ready (I can’t figure out how to embed from flickr):

http://www.flickr.com/photos/scottelkin/2484457911/

A definite 5 out of 5 stars in my book, and is now a staple next to my cell phone on any outing – no matter how mundane.

Now playing: ElbowFriend Of Ours

Ebay’s Paypal Shipping Is Raping You

I just sold an old video camera on ebay for $203. The buyer paid via paypal, and normally my next step is to go into paypal to print the shipping information.

This time instead of presenting me with the buyers shipping information, Paypal prompted me to try to their new UPS Shipping solution.  Paypal said they had worked out a special deal for their users, so I decided to try it.

For my 5 lb, 10” x 10” x 8” box, Paypal told me it would cost $21.40.  I paid it, thinking I would just verify how much it should cost at the shipping place down the street.

I printed out the UPS label from Paypal.com, taped it to the box, and took it to the drop off.

I asked the guy there how much this *would* of cost if I had shipped it through him.

His answer?  $14.40!

I called my buddy who does a lot of UPS shipping and he let me know of UPS shipping calculator of UPS.com that will tell you how much it *should* cost to ship.  This way, he told me, you can find the exact amount you should pay if you went straight to a UPS center with no middle men.

So I found my UPS account (I have a UPS account?) and created a shipment.

After all my configuring, UPS said it should cost $12.62!

To compare apples to appeles, I was able to save $2.70 because Paypal automatically declared $203 of the package, which wasn’t necessary when you are insured for $200 for free on every shipment.

But at least UPS tells me the breakdown of the payment, so I can intellegently figure it out.

But even still, the fact that paypal is raping me almost $7 on a $15 shipment makes me want to puke.

Now playing: Juliette and the LicksKiller

Google Reader Broken In Firefox

Google unveiled their new “Notes” feature yesterday, and ever since I can’t use it in Firefox 2 (even Safe Mode).

This is what I see:

Google Reader

The errors below it are:

in file 1104796821-en-scr… (line 205)
missing } after function body
var Zs=”entry-via-link”;Qs.prototype.gC=function(a,b){if(!a||a.length==0)return;…

in file reading-list (line 111)
_FR_scrollMain is not defined
var userId = “GR-” + parseInt(_USER_ID, 10).toString(16);

Now playing: Nine Inch NailsLetting You

Blackberry Dead Battery Problem

Since I bought my Blackberry 8830 from Sprint, I have been on and off having a dead battery half way through my day.  In fact, just last week I thought of taking it back.

I had noticed that I would take my phone out of my pocket and it would be slightly warm, like it was working while I thought it was off.  That still didn’t lead me anywhere productive.  I would just pop my battery out and in, and it seemed to fix it.

Then yesterday, when I was closing my Sprint Navigation, I wondering if that was the cause.  I called my friend Alan, and asked him how he exiting out of it.

“I hit the ‘Back’ button, and it asks me if I want to exit.  Why, what do YOU do?”

With the Treo 700, the way I would exit a running application would be the red hangup button.  That was the only way to “close” it.

But the Blackberry also gives us the “Back” button, which sits next to the hangup button.

I told Alan that I had been using the hang-up button to exit.  It was then that I realized that this was just closing it allowing it to run in the background. When I would click back on the icon, it would start where I left off.

The back button, on the other hand, backs you completely out of the program and actually asks you “Do you want to Exit this program?”.

This was why my battery was dead half way through the day.  The GPS would run the entire day, and drain the battery.

So remember, use Back to exit – not the Hang Up!