Tag Archives: IT Security

Who’s Zoomin’ Who?

First of all. I do not hate Zoom. I may still be a little tired from having to (professionally) deal with their major Mac Client vulnerability in 2019. They are a company that makes a product that a newly huge user base is suddenly dependent upon. I do not envy them.

However, their products still have security issues and the company does not have a good track record of responding to security issues with their products (my opinion).

So WELCOME folks, to my latest attempt to help during these crazy times.

Also, don’t read further until you’ve watched the entire video. Because Aretha deserves that time.

Done? Good. Thanks.

Here’s the latest iteration of my exploration of video conferencing solutions…..

https://sejm.chat

This is a video chat system running a instance of Jitsi – “…all our tools are 100% free, open source, and WebRTC compatible.” My limited review of this product, in combination with my professional training and experience in evaluating IT security solutions, has been a positive experience.

Jitsi is simple to use, employs and enforces good basic security principles, has an active community of builders and maintainers (devs), and is relatively inexpensive to run as a service (your mileage may vary).

I setup https://sejm.chat in my Amazon Web Services (AWS) test account. Utilizing Debian as the base operating system, I was able to have an instance of Jitsi up and running within about 40 minutes. This system included full TLS end to end encryption. It was successfully tested with the following client (end user) platforms –

  • Chrome on Linux, Windows
  • Android Jitsi app
  • Firefox on Windows, Linux
  • iOS Jitsi app

Doing these initial tests cost me nothing but my time.

Now, I know this isn’t all the platforms that people will need to use. I know my testing methodology is sparse and faulty. I have not tested for scale.

This brings me to the ask (wow, I buried this WAY to far down) –

Help me test this. Please.

If you have a group that would like to hold a group chat, let me know. Want to talk to a couple of old friends? Let me help.

Right now, I’ve spent $13 USD to reserve the sejm.chat domain and $20 to setup a server that I have direct control over. That is the entire sum of my costs.

I hope this message finds all of you well.

Stay safe, stay HOME, and take care of each other.

Sincerely,

Matt

Team Ucky-Zoom-y and Can We Not

At my first job post college, I was having a conversation with one of the systems administrators (sysadmins) regarding a customer issue and as part of our exchange was told, “No technology is absolutely secure”.

Those words have provided the basis to my technology career. That phrase has put a roof over my children and food in their bellies. Every single business around the globe is affected by these words.

Our world is now a place where keeping distance is the clear and correct choice. Technology conference software is now something we have to use.

I will not recommend any of them. You and I have to use them, and I want to provide the information to help you make an informed choice as to what, when, and how you utilize these solutions.

I also want to make an important declaration of understanding and support –

I know. I know the software/application/program is horrible. They all are frustrating, flaky, unreliable, and entirely exasperating. They are made by humans and we are all also all of those things. I’m not blaming or trying to shame anyone (even MOST tech companies). I want to offer my experience as a source.

I have also had conversations with teachers and IT staff at schools in recent days and they know too.

The educational professionals that are essential to our current and future existence are performing miraculous transformations to our system with broken and unreliable tools. They have made essential choices for the future of our existence in a vacuum (yet under pressure) and for the long term (yet in a second). They are angels and heroes and deserve every ion of support we can muster for them.

All of this is prep to another QUICK list with some details. As always, PLEASE contact me if you have (as my old math teacher in Mt. Lake – Mr. Marty Skow used to say) “Questions? Comments? Nasty remarks?” please let me know. All are welcome.

  1. Zoom – Track record on security is BAD. Apple (MAC) clients had major security flaw a couple of years ago. Communication via Zoom is also NOT encrypted during the entire process. This lack of “end-to-end” encryption is lazy and dangerous on Zoom’s part. And, it is likely the source of “Zoom-bombing“. People are using Zoom because it is free. Those users are receiving exactly what they are paying for. BUT, I understanding that Zoom IS and will continue to be used. Please be careful. Make sure the Zoom client/app/program is stopped and/or closed when you are done using it. If you use it in a browser, reboot your computer after a Zoom meeting.
  2. Microsoft Teams/Skype – Security is better than Zoom. As with everything, these products are NOT free from security issues. But they have a better track record on things like identify and responding to security issues with these applications. Microsoft has, in my opinion, absolutely botched their opportunity in this space. Teams is a superior product but expensive and immature. Skype works but scales poorly and is unreliable. They both do voice and video well but cost WAY too much for educational institutions.
  3. Google Groups/Hangouts or whatever it’s called today – Security on par with Microsoft products. Cost is comparable, may be slightly less. Google (Alphabet at large) profit model is not from software licenses etc. They make money on us. Our information and digital identity. Google is probably the most technically flexible and secure of these options. I have not used their platforms as much as I have used Skype, Teams, and Zoom.

Thanks folks. Stay safe, stay HOME. And let’s all help take care of each other.

Week 1 – Working and schooling from home

It’s Wednesday, we’re all maxed out on almost everything, and so I’m going to keep this simple. Two separate top three lists.

The top three things you can do to make your home internet access more secure.

  1. Change the default password on your home router.
  2. Update the router firmware/software on your home router
  3. Install ad filtering/blocking

The top three things you can do to improve your home internet access performance.

  1. Plug in – utilize a physical (non WiFi) connection as often as possible
  2. Tune up – call your internet service provider and tell them you need more bandwidth. If cost is an issue, ask them to help.
  3. Drop out – turn off and unplug devices you don’t need. Smart televisions, dishwashers, audio equipment, game consoles, smart home devices

Passwords

Topic number one – PASSWORDS

We all have them, we all use them, most of us don’t like them very much. Those of us who work in technology have even more complex relationships with them.

My opinion is that we’ve not handled passwords very well. And, that their value as security mechanism is continuing to diminish.

All sorts of “worst password” lists are compiled annually. Here’s a link to one that I do NOT vouch for or control the content on – https://www.teamsid.com/100-50-worst-passwords-2019/

Passwords I still see at least once a month being used for something technology related –

– password
– password123
– default
– letmein
– football
– 123456789

If you utilize any of these passwords for any of your devices, accounts, email addresses, etc. I implore you to stop. It’s not even a speck of security.

Without trying (and absolutely failing) to explain mathematical principles like entrophy, I can offer this MOST important piece of advise about passwords –

“The longer the password the better/more secure it is”

There are obviously exceptions to this. An 18 character password that is all the character x is NOT secure, for example. Common phrases or well know quotes will be easy to break.

But, if you choose 4 or 5 words that are not normally associated with each other AND are easy for you to remember then you have a MUCH more secure password. Here’s a visual aid from the excellent online comic xkcd –

https://xkcd.com/936/

Other suggestions are to include things like words from another language, portions of an old locker combination, etc. Avoid public data like SSN, date of birth, high school graduation year, and so on.

We could talk for days about passwords. Usage, theory, how often to change, how to store, etc. This article is meant to provide a basic starting point for people to understand how to choose good passwords to protect things, people, and resources.

Remember – Longer is better and something unique that you can remember!

Thanks!

Technology Times, They Are A Changin’

Phew!

Everybody doing ok? I know the answer. Not all of us are OK. Not all of us are going to be OK. The world and all of our lives is changing at an incomprehensible pace right now. I’m not sure what to do, or where to be, or how to act, or what to say.

Some of us have kids, all of us have people we love and who love us. I’m a 46 year old, bald, overweight husband and father of 4 boys. I’m lucky. I know others who are not as fortunate as I am. So, I’m going to do what I can to help.

I’ve been paid to deal with technology since 1997. Half my life officially. I know a VERY small slice of this world and some of it not very well. But I know people I can ask, and I’ve ALWAYS liked asking questions.

So, I’m going to start taking about basics in technology. Passwords, wifi, online shopping, security, etc. These are important topics to understand at a basic level in order to protect you, your money/assets, and your family. The current resources I am aware of are boring, outdated, and generally dis interesting to me.

I’m not sure how often I’ll post about things, but I’ll do as many topics as I can. And I promise to do the best job I can in explaining things.

I’m going to leave comments off for now on these posts, but may consider turning them on if I have time and energy to deal with them.

If you have suggestions for topics, questions about posts, or other information I may be able to provide, please contact me via email at the following address:

mpankratz@gmail.com

Thanks, stay safe, and be good to each other!