Beware of Voice Phishing Scams

If a scam can fool the likes of Matt Haughey, creator of MetaFilter, it can happen to anyone. He got three calls with the caller ID of his credit union and picked up on the third. After some smooth talking they convinced him to provide his ATM card’s PIN (a huge red flag) then stole $3,400 from his account.

Brian Krebs’ blog post has the details. Bruce Schneier (a renowned security expert) echoed Brian’s recommendation.

“never give out any information about yourself in response to an unsolicited phone call.” Always call them back, and not using the number offered to you by the caller. Always.

How Secure Are Password Managers?

The idea of a password manager can seem insecure initially, because it means that a single password will reveal the gleaming treasure of all your passwords. But using a password manager is the recommendation of experts.

And if you use the same password everywhere, like many folks do, all of your passwords would be exposed if even the weakest link was broken. (Note: The weakest links are broken with morbid regularity)

I had some concerns when I first heard about using a password manager, but I have been using KeePass for years and rest easy at night. Let’s dig a little deeper so you can too.

Alternatives

  • Same password for everything – one site is exposed and the gig is up
  • Try to memorize dozens of long, hard to remember passwords – nearly impossible
  • Password card – not bad, but tedious
  • Saving passwords in your browser

None of these alternatives work as well as a password manager, or scale to hundreds of passwords. It’s not to say you should never use them, just that for the balance of convenience and security, a password manager wins out.

Attack vectors

  • A web site you use is hacked, revealing your password
  • Keylogger
  • Physical access to your machine

The first attack vector is depressingly common. LinkedIn, eHarmony, Gawker media, Sony Playstation Network and plenty more have all had their passwords exposed. When this happens I can change my password to another random password quickly and easily. The longest part of the process is finding the option in the account settings.

A keylogger is pretty much game over if you’re typing your passwords in. But password managers make an effort to be resistant to key logging. And if someone has physical access to your machine, a password manager has your passwords encrypted. If you use a relatively short inactivity timeout, your passwords would still be safe from prying eyes.

While no solution is perfect, a password manager gives you strong, random passwords for every login. I use KeePass, but there are plenty of options.

  • KeePass – Standalone application, free and open source
  • LastPass – Web site with browser extensions, free and paid plans
  • BitWarden – Apps save encrypted passwords to the cloud, free and open source (can be self-hosted)
  • 1Password – Paid plans only

Christmas Desktop 2017

I fear blogging has fallen by the wayside thanks to a variety of other draws on my time. But I can still post my new Christmas desktop for the holiday season.

Christmas Desktop 2017

Photograph from Pixabay.

Changing Motherboard from RAID to AHCI with Windows 7

I don’t even remember making this decision, but I recently discovered my motherboard’s storage controller was set to RAID for my SSD and spindle hard drive. I was trying to see how much life was left on my SSD after seeing a friendly reminder on Reddit. But SSDLife couldn’t see either drive. They were hidden behind a RAID configuration I didn’t even want.

When I switched from RAID to AHCI in the BIOS, Windows 7 wouldn’t boot. Fortunately, changing it back to RAID fixed that.

If you can believe it, I fixed the not-booting issue with two lines. They were registry edits I found on Microsoft’s answers site.

Here they are:

REG ADD HKLM\System\CurrentControlSet\Services\msahci /v Start /d 0 /f /t REG_DWORD
REG ADD HKLM\System\CurrentControlSet\Services\atapi /v Start /d 0 /f /t REG_DWORD

I’ve heard people claim commands like these are magic. I know better than to make that claim myself, but I have to admit, going from not booting to a fully working system without RAID enabled felt magic. I love it when a plan comes together.

It could be my imagination, but even after a day of having switched over to AHCI, the SSD and the spindle drive both feel much snappier. I didn’t run any benchmarks, but everything on my system feels lighter and faster. I like it.

And the good news is, at least according to SSDLife, my SSD has another 8 years left (taken with a large grain of salt of course).

SSDLife results for my SSD

I was surprised to see it’s only been powered on 58 times in 5 years. That’s probably due to monthly Windows updates reboots. Windows reliability has come a long way.

Christmas Desktop 2016

As I’ve done in previous years, here’s my Christmas desktop for this year.

Christmas Desktop 2016

I used DesktopSnowOK, which is nowhere near as good as Xsnow on Linux, but it’s something.

The falling snow blends so much with the background it’s hard to even tell it’s there.