Brendan’s Blog

Do you frequently use more than one PC?  If so, you should consider using either Google Drive or Microsoft SkyDrive to share files among your different computers.  Both of these services operate in a similar manner.  Both services are free.  If you use GMail regularly, I recommend Google Drive.  If you don’t use GMail, I recommend SkyDrive.

With Google Drive, your account is tied to a Google Account (GMail or Google Apps.)  SkyDrive is tied to a Microsoft Account (Hotmail, Passport, or Outlook.com.)  Moving forward I’ll use “Drive” to interchangeably reference either service.

Once you’ve installed the “Drive” software, there will be a new folder on your PC.  When you save or copy a file to that local folder, a copy will be transmitted through your Internet connection to the “Drive” service.  If you have more than one PC running, with the same account, the file will automatically sent to each of those PCs.

An additional benefit of using a “Drive” service is that you can access your files from a smartphone, tablet, or other Internet connected device at any time.  The data you store in your “Drive” service is only visible to you.  I would be reluctant to copy any sensitive or protected information to an Internet “Drive” service like this, but for most of your data, this should be a relatively safe idea.

If one of these services stops working, or your Internet connection is interrupted, your data will still be stored on your local PC.

Did you know an attacker can get your encryption keys from your system RAM even after your computer is turned off? According to this proof-of-concept the process isn’t very difficult.

Most people don’t even encrypt their drives, but those who do should understand this potential attack vector.

Lest We Remember: Cold Boot Attacks on Encryption Keys
http://citp.princeton.edu/memory/

Abstract
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Once upon a time I frequently reused passwords. So if you knew my dogs name, or what kind of car I drove, you could easily have pretended to be me with just a little extra work. This is obviously a very bad idea, but I’m sure many people struggle with managing passwords for web sites and computer systems you access on a regular basis.

Passwords are keys to your identity.  If a malicious person were to figure out your email password, what harm could they cause?  Could they quickly gather the names and contact information for your friends and family?  Could they figure out where you bank?  Could they reset your bank password by telling your bank that your password was forgotten?

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
- Wired Magazine

Here are my tips for choosing the best passwords:

• Use different passwords for every site/application.  Do not reuse them.
• Change passwords frequently.  The more you use a password, the more you should change it.
• Keep your passwords secret.  Guard them as if they were keys to your identity — they usually are.
• Consider using a random password generator.
• Consider using passphrases (e.g. Myhouseismadeofwoodandhasyellowsiding!)
• Consider using acronyms (e.g. Mhimowahys!)
• Do not use words, birthdays, family and pet names, addresses, or any other personal information in your passwords.
• Do not use repeat characters such as 111 or sequences like abc, qwerty, or 123 in any part of your password.

I strongly recommend using a password managment tool for three important reasons.

1. Tools remember many passwords so you don’t have to.
2. Tools can type passwords for you.  This makes strong passwords easy to use.
3. Tools can create strong passwords which are complex, unique, and random.

I have previously blogged about software based password managers PasswordSafe and KeePass.  Both remain excellent ways to manage your passwords.  I have now begun using a new online password manager services called LastPass.  Why change?  The primary reason is that I can now access my password database from my iPhone.  Otherwise, KeyPass is great!

LastPass is an online service that stores your password data both on your PC and “in the cloud” so that you don’t need to carry it with you.  Remote storage means you can access your accounts from anywhere you have an Internet connection.  LastPass addresses privacy concerns by only storing data in encrypted form (256-bit AES).  They don’t have your encryption key, and the encryption / decryption is all done on your PC.   As a result, LastPass cannot actually read any of the data they store for you.  You can read the technical details here.  You can also save a copy of your encrypted password database on a USB memory key, and use standalone LastPass software to access it.

For the ultra-paranoid among us, LastPass supports multi-factor-authentication mechanisms.  Requiring a combination of something you know (a master password) with something you have (like a YubiKey) to access your data makes it very safe.

One of the unique features of LastPass is the ability to use a PDA to store your password database.  LastPass has mobile versions for iPhone, Blackberry, Android, and other mobile platforms.  I use the iPhone version which updates my local copy every time I start the software (if an Internet connection is available.)  Now I don’t even need a PC to find a password!

LastPass has an assortment of YouTube videos that explain how their solution works, and tips for using it effectively.  I recommend you watch a few of these videos before getting started.

I was able to quickly import my existing password database from KeyPass to LastPass.   Unfortunately the two tools use different methods to auto-type your credentials, so I did need to adjust some of my entries once they were imported.

I am a mobile worker.  During a typical workday I am either working from home, visiting customers, or a combination of both.  As a result, I am a heavy telephone user and rack up lots of usage for both my home office line landline and my cell phone.  My combined cell phone and home office phone usage averages between 3000 and 4000 minutes, which is nearly 2 hours per workday as an average.

Several months ago I began using RingCentral.com as my home office phone provider.  RingCentral provides much more flexibility than my local telephone company (Verizon.)  Outbound calls via RingCentral use VOIP technology, which requries a fast Internet data connection.  Luckily I have Verizon’s FIOS service for Internet access which is very speedy.  (Note: you can check the suitability of your Internet connection for VOIP at this test page.)

This is the RingCentral package I chose.  The “1-line” designation essentially means that I have one outbound phone line.

RingCentral Office  1-Line
Unlimited calling and faxing
$49.99/month

RingCentral Office delivers everything you need for your small office phone system, with dedicated phone lines and integrated Internet fax.
With “Plug & Ring” simplicity, it delivers a virtual PBX, VoIP phone service with unlimited local calling and faxing with voicemail, auto-receptionist, call forwarding and more. 

• Unlimited calling and faxing for one user (US and Canada)
• Local direct dial number
• Toll-free or local main company number
• Dedicated fax number
• 10 Extensions

Outbound Calls

My home office line is used for both inbound and outbound calls.  I spend lots of time on long conference calls.  The RingCentral plan I chose provides unlimited calls within the US at no additional charge.  I use an Analog Telephone Adapter (ATA) to connect my standard telephones to RingCentral.  You can either use an ATA provided by RingCentral or bring your own.  RingCentral’s configuration “wizards” made the configuration of the ATA easy and painless.  Alternatively you could buy a VOIP phone that connects via Ethernet instead of using traditional phones.

Number Portability & New Numbers

One of my most important considerations was the ability to transfer my existing phone number to RingCentral.  They make the process easy, and it took only a couple weeks.  My Verizon home office telephone number was ported to RingCentral as my “main number”.  I also ported a toll-free number I had previously used with uReach.com as a secondary toll-free number.  During the porting process, I simply forwarded my current phone service to “temporary” numbers assigned by RingCentral.

You don’t have to port existing numbers, RingCentral also lets you pick new phone numbers in almost any city/state.  Extra phone numbers cost a modest $5 a month.

Caller ID

RingCentral allows you to customize your outbound calls to show any phone number you either forward to RingCentral, or have assigned to you through the RingCentral service.  You can also specify the Caller-ID name you want to show up on other people’s Caller-ID units.  This helps keep your outward appearances consistent and professional.  Additionally, RingCentral provides a mobile application for many PDAs that allows you to make calls from your mobile device using yourRingCentral service.  This allows me to make calls from my cell phone that show my office CallerID instead of my mobile phone’s CallerID.

Fax Service

RingCentral assigned a dedicated inbound fax number when I created my account.  I picked an area code & prefix local to my geography.  Inbound faxes are delivered via email for display and printing.  Outbound faxes can be sent by using software installed on your PC, or by uploading files (e.g. pdf, doc, etc.) to the RingCentral web site for transmission.

Answering Rules

One of the best features of RingCentral is the ability to customize how inbound calls are processed.  The options provided are very flexible.  You can choose to have an automated attendant answer calls and present a menu of options.  You can also choose to have calls ring a multiple telephones either in sequence our simultaneously.  My home office phone rings first for two rings, and then begins ringing my cell phone.  I can answer at either, and the caller doesn’t know the difference.  Additional rules can be created based on the caller.  If my family calls, both my work and personal cell phones will ring.

Most of us know that backups are an important part of using a computer.  A backup is a complete copy of data you want to protect.  The purpose of a backup is to restore data in the event your primary copy is lost. Those who have lost data in the past are typically most diciplined about creating regular backup copies of their data. 

I recently went through a series of system failures that cost me lots of time, but didn’t ultimately cost me any data.  In addition to my desktop PC’s primary hard drive failing, the external drive that I had been using to take regular backups was corrupted.  Since I could not restore this backup, it was worthless.  This situation would have likely been catastrophic for many individuals and small businesses.  Luckily I am a believer in “defense in depth” which encourages layers of different defenses for common problems.  My multiple backup strategy paid off this time.

Why Backup?

There are many important reasons to take backups of your data.  I’ve identified a few here:

• Hard disk failure.   All computer hard drives eventually fail, so when (not if) yours does, how will you recover your data?
• File Corruption.  If you have a single file that becomes corrupted, how can you recover a previous version?
• Physical Theft.  If your laptop/PC  is lost or stolen, will your data be lost too?
• Physical Disaster.  If your home/office burns down, will your data be safe?

If any of these scenarios played out with you today, how much data would you lose?  Many companies offer hardware, software, and even online solutions to help keep your data safe.  I have picked a few that work well for me.  Your needs may be different, so you will need to evaluate your own needs, and how much time and money you are willing to spend to safeguard your data.

Personally, I consider my data to be nearly priceless.  My family photographs are stored digitally and could not be replaced if they were lost.  My music collection is mostly software now, and I have spent a small fortune on it.  My finances are mostly tracked electronically, and it would be difficult ot impossible to amend old tax returns or find an old receipt without the data on my PC.  I don’t need to place a specific value on all of my data, I just need to know that it is worth spending time and money to protect it.

Physical Backups

External hard drives have replaced tapes and DVDs as my preferred form of physical backup.  External drives hold lots of data, have fast data read/write speeeds, are physically small, and inexpensive.  These drives come in a variety of sizes and capacities, but typically connect to your PC via USB.  I keep two large capacitiy drives at home and rotate them every week or two between my primary PC and fire safe.  I also keep one in my safe deposit box at my bank, this gets updated less often.  I also keep a small external drive in my laptop bag to use when I travel.  I update this backup before long trips and before any major software changes on my laptop.

The software I use for these physical backups is Acronis True Image.  I like this product because it lets you take an “image” backup of your whole system hard disk.  A system image can be restored in one step if your PC fails completely.  Additionally I can restore only specific files/folders if required.  I don’t use the Acronis Secure Zone feature because my data takes up most of my system hard disk.

Be sure to validate your backups by performing test restores on occasion.  A backup is useless if you cannot restore it!  Also remember that all hard disks eventually fail.  Plan to replace your backup drives occasionally.  I find that I do this anyway becase size of my backups increase regularly.

Online Backups

If you are regularly connected to a high-speed Internet connection, you may consider using a service that uses the Internet to transmit your data to a secure data center.  I use Mozy which I have previously written about here.  The great thing about Mozy is that it is easy and automatic.  The downside to Mozy is that your initial backups can take a long time.  You can only backup data as fast as your Internet connection will send it.  My initial backup took weeks.  If your whole system dies, they will mail you physical media (for a fee) that will get you up and running quickly.  Home users pay only $50 a year for unlimited storage (per backed up PC.)

File Synchronization

Most people have more than one PC.  File synchronization software and online services will copy your data between your PCs so that it is stored in multiple locations.  I use Windows Live Sync, which I previously wrote about here, to copy my data through the Internet between my laptop and desktop computers.  In addition to “My Documents” it can also synchronize web browser “Favorites,” photos, and music.  Live Sync is free, but requires an active Internet connection to work.

Note that file synchronization alone is not a good backup strategy.  If you corrupt a file, the corrupt file is quickly synchronized to all of your computers!