Merry Christmas and All the Best in the New Year 2010!
From the Sticky Password Team
Archive for December, 2009
Happy Holidays
Thursday, December 24th, 2009
The latest from the FBI(?)
Friday, December 18th, 2009I’m a window shopper as far as phishing and email scams are concerned. I like looking, but I must be a disappointment to the ‘vendors’ because I never send my private data to anyone and I don’t click any links. The fact that many of the attempts are just so funny makes it that much easier to resist sending my info to claim the ‘millions pounds’ and other currencies that they tell me is mine, ALL MINE for the asking! (evil laugh)
This week, I received a couple of new ones – at least for me. One was supposedly from UPS about some sort of card that I’m supposed to use to collect a large amount of money. Because of all the typos in the first paragraph, this one was a disappointment.
The other was from the FBI. Wow! The F B I sending me email – it must be important!
I’ll highlight just a few of the things that quickly reveal the FBI one to be a fraud.
The agency the person supposedly works for:
Anti-Terrorist and Monitory Crimes Division.
Federal Bureau of Investigation.
J. Edgar. Hoover Building Washington D.C
In the address alone, I count at least 6 mistakes! Is there really a ‘Monitory Crimes Division’ or did they mean ‘Monetary Crimes Division’?!? I’m sure the FBI are ‘monitoring’ things, but my guess is that they were trying to say that they were concerned about money. The other 5 involve punctuation in the address – why would there be a period at the end of each line and after Edgar, but not after the C in D.C ? I would hope that the FBI would know how to write their address correctly. It may sound like the address stuff is insignificant, but it’s not: official agencies and businesses sweat the small stuff. Mistakes drive away customers, so they have to get it right. Scamsters aren’t as careful!
The email address of the person sending the message is at gmail.com – a free webmail service. Doesn’t the FBI have a domain for their own email? Do their agents really use free webmail for business correspondence?
In the text, they use both ‘ATM Card Center’ and ‘ATM Card Centre’. It doesn’t really matter which form they chose, as long as they stuck with it. I remember in high school, my teachers would take off extra points when I would try to weasel my way through by spelling the same word different ways in the same essay. I don’t think the ‘FBI’ should get a pass on trying the same trick! 
For those who did not find enough in the text to STOP them from sending their info to this person, the last line of the email is one last try from the sender to snap anyone out of the daydream of what he or she will do with all that cash: ‘Final Notification from the United state Fbi’.
If you do receive an unexpected offer to receive cash or something very valuable in exchange for verifying your personal information – even if you do miss some of the trip-ups that give the culprit away – you can do some basic research of your own to see if what you’ve received is a scam. The following sites aren’t definitive, but they are a good place to do a quick check on scams that are out there – and there are a lot.
www.scamdex.com and www.snopes.com
Hey, be careful out there!
Peter L
Don’t be cute
Tuesday, December 15th, 2009I met up with a friend from college last weekend. We hadn’t seen in other in quite a while, so we had a lot of catching up to do. I listened with interest as he told me that he owns a franchise of one of those ice cream parlors where you choose the fixin’s and they mix your ice cream in front of your eyes on the freezing countertop. (Does anyone remember the NY ice cream chain Zippy’s with the little baseball and football helmets?!)
I told him about Sticky Password and what I’ve been doing in online security over the past 10 years. He wasn’t familiar with password management programs, but he did have experience with passwords. He proudly told me that he had a great system for creating passwords for email and online accounts: you guessed it – he used his favorite ice cream flavors as his passwords!
I smiled and asked if anyone knew what those favorite flavors were. He admitted that he was only too happy to share his favorites with his customers when they asked for recommendations. I suggested that he download Sticky Password and try the 30-day trial version and that he should contact me any time with questions or comments.
Of course, I’m not suggesting that all or any of his customers are going to be interested in trying to access or violate his online identity. The point is that most people are in the habit of being cute with their passwords. Whether using the names of their children or pets, or, in this case, an ice cream man using his favorite flavors, these are things that someone who knows you even very little might try if he wanted to sneak into your accounts. Using words like ‘password’ or ‘qwerty’ is even worse, because you are opening yourself up to strangers who start their hacking attempts with these standards.
If you are going to be cute, then I suggest being cute with your login or username. That way, at least, you’ll be able to show off your great login to the world – rather than hiding your idea in a password. Passwords need to be something that can’t be easily guessed. While strong passwords may be hard to remember, they are even harder to be guessed by others! By using a password manager you’ll have strong passwords and the tool to manage them for you (so you don’t have to remember them all).
I’ll let you know how it turns out with my ice cream man friend in 30 days!
Peter L
Taking basic precautions
Thursday, December 10th, 2009Not so long ago, I was VP at a rapidly growing anti-virus company. I was in sales and marketing, but I liked hanging out with the anti-virus gurus. Their jobs seemed so exotic and exciting as they were on 24-hour call saving the world! The more I talked with them, the more I understood that while the bad guys are very good at what they do, much of their success depended on average people NOT taking even basic precautions. The head of the anti-virus lab showed me a very simple slide that he used for his presentations. It showed that the major viruses in the early 2000’s spread only AFTER Microsoft announced the security patches that would protect customers. So, if customers acted reasonably quickly (meaning weeks and not months!), much of the damage that was created by viruses in the first half of this decade could have been avoided. (We can debate the pros and cons of the necessity of software security patches some other day.)
The following article reminded me of the importance of each computer user taking responsibility for his or her own security – nothing that would require huge technical knowledge, just taking care of the basics. Computer software and hardware are tools that can help keep you secure; we each need to use these tools appropriately, and not just forget about them and hope that everything will be OK. As is stressed in the article, basic precautions are necessary even with passwords:
“The statistics showed many people still using “admin,” or “administrator” as their username, suggesting that default usernames and passwords are still being used. Similarly, easy to crack passwords were being used “I23456″ was common as well as the simple phrase “password.” Default and easy to crack usernames and passwords combined with automated account credential tools make the process all too easy, Microsoft said.”
Peter L
Thank you to all of our beta testers!
Tuesday, December 8th, 2009A hearty thank you to all of the Sticky Password 4.0 beta version testers! Whatever the level of involvement, we couldn’t have gotten Sticky Password 4.0 ready without your help – more than 250 of you. Some of you were involved in the testing process from the beginning and provided detailed feedback on the alpha version as early as May – you know who you are: THANK YOU! Others of you downloaded the software and used it, simply letting us know that you were satisfied: to you, we also say thank you! We look forward to continuing the relationship we’ve built up with you. With your help, Sticky Password will continue to offer more and more of what a password manager and form filler should be.
Without further ado, we introduce the Sticky Password 4.0 testers (for the most part in alphabetical order):
1bryan, adam_b_brown, aemassi, ageuzaine, ajrandall106, alan.phillpot, alan, alcc, alee65, alex.horan, allwebco, amarks9, ammarmalhas, amperednia, andre.saegerman, andrew, andycr, anilkott, antal, antonio_grazioli, arinen, ashish.lampuse, ashngabe, avilchinsky, brucieboy, b_draper, bakosandras, belinda.marino, bert.kornet, bgaede, bill, bill_koenig, blars, blbulli46, bluehole1960, bob, brad, brian, bruce.verner, brendanrcarpenter, brownster, brustigian, bubby, c_o_o_p, cam1947, carlos.garcia, cbogan, certman56-buy, charles-bell, chr.schultz, chriscomzippy, christoph, ciscokidd22, ckennedy, clay, coen99, col_of_mar_ret, colinlewis648, cricko, ctray, danrey, dave, david-knight, david.mcintyre, david773, davidr, dcuc, ddesoto, dennisniven, djaufre, dla-inc, dniven, Doc.Go2, drey, e.boerma, eastcoastblues, emawyer, emperorofthemind, ericfdaly, ericsevans, esko.tantarimaki, firefly, flavio.alon, foxfyr1, fred, freddy, fredmac, fsijben, fuller1026, genady, ggroff, ghaines, glenn.paskow, glslagle, gmvigilante, greatdeals, greg.spencer4, gregw, gromit, gross, hafield, harding_david, heiko.lauterbach, henryalmeida, howard_smithuk, hugh, husker_dude, ian, iangcumming, phonecontrol, jandboneal, jiri, jraymer, j.richard, j.schladot, jamie_stephy, jamiepope, jaroslav, jason.young, jclark823, jeffkent, jfs06473, jgmathe, jhorton, jim, jimbrownlpc, jlgarciax, jmadden, jmaisey, jmerhi, jn.poulet, jnmbrink, joekimbel, joesomellow, johan.de.mulder, johnmerle, jpicard, j-pierre.renard, jrpeh, jspaulding22, juanpablo, jwfrank, k_ozawa, kc0ahj, keeeith, keepdad2, keiffer, keith.burley, keith, kensowton, kevin, layn, lesm, lewrose, lnorah, lockwizard, maigaard, mantle88, marc, mark.borin, marktmanning, markus, matthews, mcdonald43, me@vov meyer.rainer, mhabk, mi6.007, michaelk73, mick, miguel.ceballos, mike, mlrochellesr, muriuki33, mwa, nestor, neverforget, nickb01, nigel, nigel_khan, nori, olegvg, olo1979, pacomputerguy, paulm7777, pavi58, pedavis, phil, phil52743, phyrejuice, plyj, purchasemrnajafali, qdesign, r.morris, ravi.canadian, rebird, ricklesh, r_manning, robbyvmi, rod, rodandlana, ron.loxton, rpcob, rs904c, rubyjack, s.sisti, sabonin, scott, sergeim19, silvrstreek58, sjpeel, skfann, lafredo, Spartacus, spickard11, starceo, steveb, steven.winograd1, steyen, sticky, stopopub-stickypassword, t.kelley, tbruno, teachmagic, terrylen, tim, tjander, tmott, tomordor, tsajtos, tytoprox, vivier, v.marek, vrowe, wa6cas, watkins.greg, wigdahl, wildmanjmatt, wileyeng, will, william.bruce, williamf, willrun247, wstamps, wymanjr, ylevintoff, zibulim
Thank you!
The Sticky Password Team
Welcome to the Sticky Password blog!
Tuesday, December 8th, 2009With the launch of Sticky Password 4.0 on November 24, and with the encouragement of a good many customers, we are launching the Sticky Password blog. Welcome to the inaugural post!
The blog will focus on passwords, password management and form filling, and online security in general. As I scan the daily headlines and listen to computer users locally and on my travels, I am often surprised by the fact that many people still do not seem to appreciate the importance of password security. Our hope is that this blog will get people thinking about basic precautions that will help keep them safe. Online security is important and we take it very seriously, but we will also use humor as food for thought and to bring attention to the latest news in the area of password security.
For those of who haven’t seen it yet, the Sticky Password forum has been available since the summer. While we do not put limitations on topics, it is probably natural that the threads have held pretty closely to support and technical issues. In addition to the FAQ section, the online forum is also a good place to check out for help with technical questions.
We look forward to blogging with you!
The Sticky Password Team
Banks that can’t spell
Sunday, December 13th, 2009Walk into any café, deli, or just about any place where you can sit down (for instance, the salon where my wife gets her hair cut), and you’ll probably be able to connect to a Wi-Fi hotspot or a wireless network. From my desk at home, I can detect 6 wireless networks. Including mine, only two of them are secure. If you wouldn’t allow someone into your home without introducing himself, then why would you give him access to your wireless network without having him at least get the password from you?
Just like the author of the recent article in Wired magazine, I really enjoy reading phishing emails. I like finding as many spelling and grammar mistakes and other abuses of the English language as I can. Do people really think that their bank was in such a rush to get the important email to them (contrary to popular belief, email is not a intended as real-time communication!) that they would misspell words and make other really, really basic mistakes?! Would you really do business with your bank if they couldn’t even send you a letter without making spelling mistakes? Even if you do miss the spelling mistakes and the more sophisticated tip-offs (such as the email of the sender and others that can be difficult to detect), simply follow the rule that no legitimate business is going to ask you for your login and password information in an email! If you have any doubts about a suspicious email, or anything that asks you to ‘confirm’ your private data, simply call the company to confirm that the message came from them. If the communication is legitimate, they will work with you to ensure that you are satisfied that the interaction is legitimate.
The way technology seems to permeate everything we do these days makes it very easy to forget about being careful. The latest posts in the news section emphasize nicely the importance of being aware (or alert or conscious) of what is and isn’t reasonable in terms of basic security.
Tags: passwords, security
Posted in General, News and Commentary | No Comments »