Nerdism at its best

September 30, 2015

Your passwords are not secure

notsecure

The majority of people use very weak passwords and reuse them on different websites. How are you supposed to use strong, unique passwords on all the websites you use? The solution is a password manager.

Password managers store your login information for all the websites you use and help you log into them automatically. They encrypt your password database with a master password – the master password is the only one you have to remember.

Don’t Reuse Passwords!

Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or PayPal account.

To prevent password leaks from being so damaging, you need to use unique passwords on every website. These should also be strong passwords – long, unpredictable passwords that contain numbers and symbols.

Web geeks have hundreds of accounts to keep track of, while even the average person likely has tens of different passwords. Remembering such strong passwords is nearly impossible without resorting to some sort of trick. The ideal trick is a password manager that generates secure, random passwords for you and remembers them so you don’t have to.

What Using a Password Manager is Like

A password manager will take a load off your mind, freeing up brain power for doing productive things rather than remembering a long list of passwords.

When you use a password manager and need to log into a website, you will first visit that website normally. Instead of typing your password into the website, you type your master password into the password manager, which automatically fills the appropriate login information into the website. (If you’re already logged into your password manager, it will automatically fill the data for you). You don’t have to think about what email address, username, and password you used for the website – your password manager does the dirty work for you.

If you’re creating a new account, your password manager will offer to generate a secure random password for you, so you don’t have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.

Why Browser-Based Password Managers Aren’t Ideal

Web browsers – Chrome, Firefox, Internet Explorer, and others – all have integrated password managers. Each browser’s built-in password manager can’t compete with dedicated password managers. For one thing, Chrome and Internet Explorer store your passwords on your computer in an unencrypted form. People could access the password files on your computer and view them, unless you encrypt your computer’s hard drive.

Mozilla Firefox has a “master password” feature that allows you to encrypt your saved passwords with a single “master” password, storing them on your computer in an encrypted format. However, Firefox’s password manager isn’t the ideal solution, either. The interface doesn’t help you generate random passwords and it lacks various features, such as cross-platform syncing (Firefox can’t sync to iOS devices).

A dedicated password manager will store your passwords in an encrypted form, help you generate secure random passwords, offer a more powerful interface, and allow you to easily access your passwords across all the different computers, smartphones, and tablets you us

Password Managers to Use

A variety of password managers are available, but three stand out as the best options. Each is a solid option, and which you prefer will depend on what’s more important to you:

Dashlane: This password manager is a little newer, but what they lack in name recognition they make up for with great features and slick apps for almost every platform — Windows, OS X, iPhone, iPad, and Android. They have extensions for every browser, features like a security dashboard that analyzes your passwords, and they even have an automatic password changer that can change your passwords for you without having to deal with it yourself.

One of the best features of Dashlane is that it’s completely free to use on a single device. If you want to sync your passwords between devices, you’ll need to upgrade to premium. But you can test it out for free.

And when it comes to security, Dashlane has another advantage, because you have the choice to keep all of your passwords locally on your computer, rather than in a cloud. So you have the benefit of something like KeePass, but with a better interface. If you do choose to sync your passwords using the cloud, they are AES encrypted.

LastPass: This is a cloud-based password manager with extensions, mobile apps, and even desktop apps for all the browsers and operating systems you could want. It’s extremely powerful and even offers a variety of two-factor authentication options so you can ensure no one else can log into your password vault. LastPass stores your passwords on LastPass’s servers in an encrypted form – the LastPass extension or app locally decrypts and encrypts them when you log in, so LastPass couldn’t see your passwords if they wanted to.

KeePass: LastPass isn’t for everyone. Some people just aren’t comfortable with a cloud-based password manager, and that’s fine. KeePass is a popular desktop application for managing your passwords, but there are also browser extensions and mobile apps for KeePass. KeePass stores your passwords on your computer so you remain in control of them — it’s even open-source, so you could audit its code if you wanted to. The downside is that you’re responsible for your passwords, and you’ll have to sync them between your devices manually. Some people use a syncing solution like Dropbox to sync the KeePass database between their devices.

Getting Started with Your Password Manager

The first big decision you will need to make with a password manager is choosing your master password. This master password controls access to your entire password manager database, so you should make it particularly strong – it’s the only password you’ll need to remember, after all. You may want to write down the password and store it somewhere safe after choosing it, just in case – for example, if you’re really serious, you could store your master password in a vault at the bank. You can change this password later, but only if you remember it – if you lose your master password, you won’t be able to view your saved passwords. This is essential, as it ensures no one else can view your secure password database without the master password.

After installing a password manager, you will likely want to start changing your website passwords to more secure ones. LastPass offers the LastPass Security Challenge, which identifies the weak and duplicate passwords you should focus on changing. Dashlane has a Security Dashboard built right in, that will help you figure out which passwords might need to be changed.

Password managers also allow you to store other types of data in a secure form – everything from credit card numbers to secure notes. All data you store in a password manager is encrypted with your master password.

Password managers can even help against phishing, as they fill account information into websites based on their web address (URL). if you think you’re on your bank’s website and your password manager doesn’t automatically fill your login information, it’s possible that you’re on a phishing website with a different URL.

September 29, 2015

Why Deleted Files Can Be Recovered and How You Can Prevent It

IMG_0445

When you a delete a file, it isn’t really erased – it continues existing on your hard drive, even after you empty it from the Recycle Bin. This allows you (and other people) to recover files you’ve deleted.

If you’re not careful, this will also allow other people to recover your confidential files, even if you think you’ve deleted them. This is a particularly important concern when you’re disposing of a computer or hard drive.

What Happens When You Delete a File

Windows (and other operating systems) keep track of where files are on a hard drive through “pointers.” Each file and folder on your hard disk has a pointer that tells Windows where the file’s data begins and ends.

When you delete a file, Windows removes the pointer and marks the sectors containing the file’s data as available. From the file system’s point of view, the file is no longer present on your hard drive and the sectors containing its data are considered free space.

However, until Windows actually writes new data over the sectors containing the contents of the file, the file is still recoverable. A file recovery program can scan a hard drive for these deleted files and restore them. If the file has been partially overwritten, the file recovery program can only recover part of the data.

Note that this doesn’t apply to solid-state drives (SSDs) – see below for why.

Why Deleted Files Aren’t Erased Immediately

If you’re wondering why your computer doesn’t just erase files when you delete them, it’s actually pretty simple. Deleting a file’s pointer and marking its space as available is an extremely fast operation. In contrast, actually erasing a file by overwriting its data takes significantly longer. For example, if you’re deleting a 10 GB file, that would be near-instantaneous. To actually erase the file’s contents, it may take several minutes – just as long as if you were writing 10 gigabytes of data to your hard drive.

To increase performance and save time, Windows and other operating systems don’t erase a file’s contents when it’s deleted. If you want to erase a file’s contents when it’s deleted, you can use a “file-shredding” tool – see the last section for more information.

Solid-State Drives Work Differently: None of this applies to solid state drives (SSDs). When you use a TRIM-enabled SSD (all modern SSDs support TRIM), deleted files are removed immediately and can’t be recovered. Essentially, data can’t be overwritten onto flash cells – to write new data, the contents of the flash memory must first be erased. Your operating system erases files immediately to speed up write performance in the future – if it didn’t erase the file data immediately, the flash memory would first have to be erased before being written to in the future. This would make writing to an SSD slower over time.

Recovering Deleted Files

If you’ve accidentally deleted a file and need to get it back, there are some things you should bear in mind:

  • You should recover the file as soon as possible: As Windows continues to write files to your hard drive, the chances of it overwriting the deleted files increases. If you want to be sure you can recover the file, you should perform a recovery immediately.
  • You should try to use the hard drive as little as possible: The best way to recover a deleted file from a hard drive is powering the computer down immediately after the file is deleted, inserting the hard drive into another computer, and using an operating system running on another hard drive to recover it. If you try to recover a file by installing a file-recovery program on the same hard drive, the installation process and normal use of the hard drive can overwrite the file.

Windows doesn’t include a built-in tool that scans your hard drive for deleted files, but there are a wide variety of third-party tools that do this. Recuva, made by the developers of CCleaner, is a good option. Recuva and other utilities can scan a hard drive for deleted files and allow you to recover them.

Preventing Deleted Files From Being Recovered

If you have confidential, private data on your computer, such as financial documents and other sensitive pieces of information, you may be worried that someone could recover your deleted files. If you’re selling or otherwise disposing of a computer or hard drive, you should exercise caution.

You can use a utility that automatically wipes your hard drive’s free space – by writing other data over the free space on your hard drive, all deleted files will be erased. For example, CCleaner’s integrated Drive Wiper tool can do this.

To make sure that a single file can’t be recovered, you can use a “file-shredding” application such as Eraser to delete it. When a file is shredded or erased, not only is it deleted, but its data is overwritten entirely, preventing other people from recovering it. However, this may not always protect you – if you made a copy of the file and deleted the original at some point, another deleted copy of the file may still be lurking around your hard disk.

Note that this process takes longer than deleting a file normally, so it’s a bad idea to delete every file this way — it’s only necessary for confidential ones.

To really prevent someone from recovering any of your data, you can use a disk-wiping program, such as DBAN (Darik’s Boot and Nuke.) Burn DBAN to a CD, boot from it, and it will erase everything from your hard drive, including your operating system and all your personal files, overwriting them with useless data. This is very useful when getting rid of a computer — it helps you ensure all your personal data is erased. While some people think that files can still be recovered after they’re overwritten, the evidence shows us that one wipe should be good enough.

You should now understand why deleted files can be recovered and when they can’t. Remember this when getting rid of a computer or hard drive – your confidential files may still be present on your hard drive if you haven’t properly erased them.

September 12, 2015

What’s a Miniature

I have been asked what are miniatures a lot here recently since I have been posing my work I have been doing on Facebook and around the internet. I am no pro when is comes to painting these things. Maybe you don’t even own any miniatures maybe you do. Maybe you know what they are but are too afraid to start or not sure where to start. so they just sit there collecting dust in a box somewhere. First of all, they’ve come a long way from the old pewter days on unpainted sculpts used almost exclusively for Dungeons and Dragons. Modern manufacturing methods are creating some fantastically detailed sculpts from an ridiculous array of genres, and from a variety of new plastics and resins.

There’s a tiny little world out there. It even makes me want to get a 3D printer and create my own. Part of my impetus for giving this a shot was that I needed something to get me away from my computer screen that was also very relaxing and fun. It was very intimidating at first because noting i seemed to do was turning out good, but through a little research plus trial and error I have started to get better at it.

Again, I am a complete novice at this, so I was hesitant to invest much money into it, but I’m really glad that I did. But I have spent most of my time trying to find a brush that I like I have a pile of brushes now, but only a few do I really like. the two brushes I have enjoyed using thus far are a 10/0 loew-cornell 7300 shader and a 12/0 Master’s Touch Mini Kolinsablon Round Brush.

I use primarily Reaper Paints and Vallejo paints that I get from hobby lobby. I prefer Reaper’s. there are other I have use like Citadel paints but I do not like them at all. Some people will swear by them. I have not used them but i am told that you can also use the cheaper tubes of acrylic paints just fine so long as you thin them up first.

Painting miniatures is relaxing and enjoyable. In a way, it’s a nerd’s version of meditation. I turned on my desk lamp, played some music quietly in the background, and had a really peaceful time painting my figures. I made the mistake of looking online at miniatures painted by pros. (Never compare your beginning with someone else’s middle.) Mine aren’t even in the same league, but I’m pretty pleased with my first effort and I’ve had a GLORIOUS time doing it.