Tag Archives: safety

Internet Security

Given my recent post discussing the flood of online attacks recently making the news, I thought it might be nice to follow up with some safety tips for your online adventures.

  1. When a site asks for information, always ask yourself why they need it.  If your signing up to receive a free enewsletter about knitting, do they really need your birthday, full name, and home address?  
  2. At the same time, keep in mind who is asking for the information.  Is it a site you trust?  Do they have a strong reputation?  
  3. Use a SPAM filter.  Most of it is just junk mail, but some of it can be an actual threat if you open it up.
  4. Never open attachments from email addresses you don’t recognize and trust.  
  5. Never give out secure information over an email.  This includes links in emails.  If there is a link in an email, make sure it takes you where you think it should – check the URL or even the IP address to confirm that it is part of the correct site – one you can trust.
  6. In fact, always take a look at the URL before submitting information.  Malicious sites often use very similar web addresses to the sites they are impersonating.
  7. If you get an email request for anything secure, you may want to contact the company directly to confirm its legitimacy.
  8. Use security software.  Anti-virus, anti-malware.   This does not need to be something you pay for.  My free antivirus of choice is Avast.
  9. Check the URL to see if the site utilizes Hypertext Transfer Protocol Secure.  This means the site uses encryption, and can be confirmed if the URL uses https:// instead of http://
  10. Get creative with passwords.  Make them long, use numbers and letters, use special characters, use capitalization.  And make them unique – don’t recycle.  If one account gets broken into, you don’t want every other account to go down with it.  (ie – Do not use your birthday.  Ever)

Rebels Without a Cause: Lulz Sec

Most people have heard of Anonymous.  They are a mostly-political activist group of hackers, or hacktivists. Anonymous has gained a fair reputation in the last several months for being powerful enough to take down what sites they like, for supporting file sharing, and for activities supporting revolution in the Middle East.

Aside from these morally motivated pursuits, Anonymous is also responsible for several less defensible attacks and pranks, such as bombarding YouTube with porn disguised as family-friendly film.

Lately, a new hacker group has been making headlines: LulzSec.  LulzSec, or Lulz Security, is a grey hat hacker group committed to revealing and making fun of embarrassing security flaws.  Grey hat in this case means neither malicious hacking for personal gain (black hat), or paid hacking meant to test security features and reveal gaps before they are exploited (white hat).  Big name hacks include PBS, Sony, Bethesda Games, pron.com, Infragaurd (affiliated with FBI), and CIA.

These attacks range from just-for-fun, pointing-out-a-problem-cause-we-want-to-help, on down to the government attacks, motivated by a statement made by the Pentagon that hacking could be considered an act of war.  LulzSec considers it a game, not war, and seemed upset by the comparison.  In retaliation, they hacked the Senate website, releasing some non-crucial data along with  taunting statement (previous link is to an article by LulzSec, contains profanity).

LulzSec’s main message breaks down into a few points:

  1. Don’t everyone be so serious.
  2. Be more careful with your security (don’t reuse passwords).
  3.   It’s a game.  We’re winning.
Personally, I’d say the first two are fairly good advice.

Tricky Terms, part two: CPSIA

Earlier this week, we discussed RoHS, the Restriction of Hazardous Substances directive, as well as what that means for you and for us.  Today, I’d like to take a bit of your time to take a look at another acronym you will find on most Chester Creek products: CPSIA.

CPSIA stands for Consumer Product Safety Improvement Act.  This act was passed in 2008 in the wake of several recalls and scares involving faulty toys and products with high lead content.  It authorizes a higher budget for  the Consumer Product Safety Commission, creates stronger restrictions, imposes deadlines, and calls for increased penalties for failure to comply.

Lead
The CPSIA calls for reduction of lead in children’s products to fall first to 600 ppm, then 300 ppm, then 100 ppm, and sets deadlines for these standards.  The standards apply retroactively to everything on store shelves.

Testing
The CPSIA also make testing of all products meant for children mandatory.  Products must be tested for restricted substances and must have certificates of compliance that provides standard information, including applicable rules, dates of manufacture, etc… in English.

Chester Creek diligently ensures that all of it’s children’s products meet or exceed requirements set out by not only the CPSIA, but RoHS as well.

Tricky Terms, part one: RoHS

On just about every page on the Chester Creek website, you’ll see this phrase: RoHS Compliant.

Now, most people shrug that phrase off, assume it means something good, and move on. To be honest, before I started working at Chester Creek, I had never heard the acronym, either. In fact, most people in the US probably have either not heard of RoHS or haven’t paid any attention to it.

This is because RoHS stands for “Restriction of Hazardous Substances Directive,” (the D must be silent) and directive doesn’t sound much like a US law term, that is because it’s not.  The RoHS directive is a European Union directive that took affect in mid-2006 in all the member states of the EU.  While Chester Creek is not based in the EU (think Minnesota), and our keyboards are not made in the EU, CCT has chosen to make it’s products available to EU countries.  Moreover, while RoHS is not law in the states, it does provide strict guidelines that Chester Creek has chosen to adhere to.

Ahh, now we come to the heart of the matter.  Just what are those guidlines, you ask?  Probably a good question, since we’re three paragraphs in, with nary a hint of the actual, practicable meaning of the term.

RoHS restricts use of:

These are substances that are found or have in the past been found in a large number of consumer electronics across a broad spectrum of devices, including batteries, lamps, paints, and vinyl.  Heavy metals like lead and mercury are widely known to be dangerous, but low-level toxicity results from use of the other restricted materials.  Chester Creek strives to produce only the highest-quality computer accessories, bringing you the safest, sturdiest, and funnest (if you know what I mean, how is it not a word?) products on the market.

Careful Where You Click

Every computer owner’s nightmare: a virus.  While more popular operating systems – especially Windows – are more frequently targeted, any user can catch a virus or be infected with malware.  The world’s first virus, Creeper, was relatively harmless.  Active on the ARPANET in the 1970′s, it was an experimental and self-replicating program that displayed the message “I’m the creeper, catch me if you can!”  Now-a-days, infections can be much more damaging, even getting financial information from the victim’s computer.  Recently, the LizaMoon SQL injection attack has infected the code of over four million websites.  LizaMoon redirects victims to a new site and asks them to install an antivirus.  This “antivirus” actually does no good, by the way.

The good news is that most legitimate virus protection and internet security programs will defend against LizaMoon.

There are some things you can do to protect yourself against malevolent programs.

  1. Make sure you have good anti-virus, anti-spyware, and firewalls.
  2. Don’t open email attachments unless you know and trust the sender.
  3. Keep your anti-virus and anti-spyware software updated.
  4. If a virus alert pops up on your screen, don’t even touch it.  Not even to close it.  Instead use ctrl+alt+del to open the task manager and close it that way.
  5. Likewise, don’t trust pop-ups advertising anti-virus software.  They’re usually up to no good.
  6. Avoid suspicious websites, and don’t download from questionable sources.
  7. Be incredibly careful about to whom you provide credit, debit, or other financial information.
Happy surfing, people.  Just wear a life vest.