Category Archives: Security

10 Unusual Things I Learned From Mr. X – Altucher Confidential

Ep. 265 – 10 Unusual Things I Learned From Mr. X – Altucher Confidential

You can find all my shares on my Facebook Page

Find the Members of an Active Directory Group

The simplest way to get the list of users in an Active Directory group is to use the following command right from the command line:

NET GROUP "my_group" /DOMAIN

And yes, that is the work “DOMAIN”, not the domain you are in. The only value to change in the command is my_group

Ref: Is there a way to view the members of an Active Directory group if you aren’t a domain admin and can’t log into a domain controller?

Apple vs FBI

So my mom asked my opinion on the current standoff between Apple and the FBI over their insistence on building a back door into the iPhone “just this once” (wink, wink, nudge, nudge). As I said to her…

I completely agree with Apple’s stance. Once they create such a method to circumvent the security on the phone, I guarantee it will be ordered to do so from now until eternity. That is unless you believe everything the government and law enforcement tell you. In that case, then yes it will be just one time (wink, wink, nudge, nudge).

Let’s also address certain politicians insistence on “opening up” security and “using our heads”…

START: Sarcasm and Contempt
Yeah, let’s open up security all over the place. In fact, then no one will ever be able to transmit anything securely ever again. Hint: “open up” just means lets build in a vulnerability, a bug – intentionally!! You didn’t want your credit card info submitted securely now do you? Probably should let the gov’t be able to scan all your photos and financial documents, and travel plans, and basically anything that’s stored digitally. Not like that’s everything now a days.

Not that hackers or “bad guys” would take advantage of that or anything. Gahh!!

END: Sarcasm and Contempt

Heartbleed and the Importance of Two-Factor Authentication #1aDay

With the recent announcement of the Heartbleed vulnerability it’s more important than ever to consider your security precautions. Of particular importance you should be…

  • Using a password manager like LastPass or KeePass
  • Using Two-Factor Authentication wherever you can
  • Using strong passwords wherever you can’t use Two-Factor Authentication

So now a few details…

What is Heartbleed and why do I care?

For those who are not server administrators, Heartbleed made it possible for attackers to steal information from servers memory. Of importance to you, that information may have included usernames and passwords. Should an attacker have your username and password I’m sure you can figure out that they could do not nice things with that information.

What can I do?

Use a password manager like LastPass or KeePass

Tools like LastPass and KeePass are great because they give you a secure and central place to store your usernames and passwords. Plus a service like LastPass includes additional tools and can provide valuable services like they did with Heartbleed to let you know where you should be updating your passwords. Concerned about using a service like LastPass? Here’s a good article on why you may not need to worry.

Use Two-Factor Authentication wherever you can

As that article above pointed out, you should be using Two-factor authentication wherever you can. Two-factor authentication requires an additional step in addition to entering your password, usually by sending a message to your mobile phone or using an app on your smartphone. Basically, with 2 factor authentication, logins require something you know (your password) and something you have (your phone). In short, two factor auth prevents Heartbleed because should an attacker have your password, they still don’t have your phone and thus would not be able to login as you.

You can find a good site with lots of places that allow two factor authentication here. My suggestion, support companies like these with take security seriously.

Use strong passwords wherever you can’t use Two-Factor Authentication

If a site does not allow two factor authentication, I would highly recommend that you use a strong password. Here’s another place where a service like LastPass or KeePass come in handy because they can generate strong passwords for you.

Change your Passwords

Keep an eye on this list for when and where to update your passwords. Even if a site sends you an email saying they weren’t affected, it wouldn’t hurt to change your password and add it to your password manager. Chances are you weren’t using a secure one to being with.

Missed a call? ‘One-ring’ cell phone scam could cost you money

Take a quick look at this article from NBCNews.com, and then remind yourself that return calls should be handled just like email… If you don’t know who or what it is, just ignore it and delete it. Do NOT click on it or call back!