Author: lakkireddymadhu

How to Be Invisible Online (Without Going off the Grid)

Header_How-to-be-Invisible-Online

Are you concerned about your online security? With more data breaches occurring daily, it’s crucial to protect yourself with these simple tips.

This infographic is a comprehensive look at how you can reduce your online visibility to protect your privacy, but still be seen by your family and friends. From browsing the internet to safety on social media platforms, you don’t need to be a technical genius to lessen your online risk.

You don’t have to leave the grid to disappear from hackers and unscrupulous businesses who exploit you and your information for their gain without your knowledge. However, it’s critical to protect your data on each platform you use.

Unfortunately, these big corporations don’t always have our best interests at heart. As we’ve seen from the multiple data breaches, there are times that consumers aren’t told about the hack until it was too late. Repairing your credit and personal information after a data hack is scary. By locking down your data now, you’ll save yourself a bigger headache later.

Design_How-to-be-Invisible-Online

Source: Barbara Davidson, Robin

How to Find Hidden & Saved Passwords in Windows 10

For years users have wanted to save time and effort when accessing servers on the network, Web sites requiring credentials, etc. So, there have been options in the operating system to save usernames and passwords for faster and easier access. I am sure you have seen this, either in a prompt or a checkbox, asking you to save the password. In Windows, you have the ability to store the credentials for resources that you access often, or just don’t want to have to remember the password.  Although this is a time-saving option, you might want to reconsider using this feature due to security issues.

Key Holder

Windows stores the passwords that you use to log in, access network shares, or shared devices. All of these passwords are stored in an encrypted format, but some passwords easily are decrypted using your Windows login password.

Windows stores the login credential details in a hidden desktop app named Credential Manager. Here is how to find this app, how to see which credentials are stored by Windows and how to manage them:

What is the Credential Manager?

Credential Manager is the “digital locker” where Windows stores log-in credentials like usernames, passwords, and addresses. This information can be saved by Windows for use on your local computer, on other computers in the same network, servers or internet locations such as websites. This data can be used by Windows itself or by programs like File Explorer, Microsoft Office, Skype, virtualization software and so on. Credentials are split into several categories:

  • Windows Credentials – are used only by Windows and its services. For example, Windows can use these credentials to automatically log you into the shared folders of another computer on your network. It can also store the password of the Homegroup you have joined and uses it automatically each time you access what is being shared in that Homegroup. If you type a wrong log-in credential, Windows remembers it and fails to access what you need. If this happens, you can edit or remove the incorrect credential, as shown in later sections of this article.
  • Certificate-Based Credentials – they are used together with smart-cards, mostly in complex business network environments. Most people will never need to use such credentials and this section is empty on their computers. However, if you want to know more about them, read this article from Microsoft: Guidelines for enabling smart card logon with third-party certification authorities.
  • Generic Credentials – are defined and used by some of the apps you install in Windows so that they get the authorization to use certain resources. Examples of such apps include OneDrive, Slack, Xbox Live, etc.
  • Web Credentials – they represent login information for websites that are stored by Windows, Skype, Internet Explorer or other Microsoft apps. They exist only in Windows 10 and Windows 8.1, but not in Windows 7.

How to open the Credential Manager in Windows:

The method that works the same in all versions of Windows. First, open the Control Panel and then go to “User Accounts  –> Credential Manager.”

Capture-1

You’ll notice there are two categories: Web Credentials and Windows Credentials. The web credentials will have any passwords from sites that you saved while browsing in Internet Explorer or Microsoft Edge. Click on the down arrow and then click on the Show link.

Capture-2

You’ll have to type in your Windows password in order to decrypt the password.

Capture-4

f you click on Windows Credentials, you ’ll see fewer credentials stored here unless you work in a corporate environment. These are credentials when connecting to network shares, different computers on the network, or network devices such as a NAS.

Capture-3

In the same way, I’ll also mention how you can view Google Chrome saved passwords. Basically, each browser has the same feature, so you can do the same thing for Firefox, Safari, etc. In Chrome, click on the three dots at the top right and then click on Settings. Scroll down and then click on Passwords.

Under Passwords, enable Offer to save your web passwords. You can view the saved passwords.

Capture-5

History of the Credential Manager:

According to a 1996 Network Applications Consortium (NAC) study, users in large enterprises spend an average of 44 hours per year performing login tasks to access a set of four applications. The same study revealed that 70 percent of calls to companies’ Help desks were password-reset requests from users who had forgotten a password.

Single sign-on (SSO) is an approach that attempts to reduce the time users spend performing login tasks and the number of passwords users must remember. The Open Group, an international vendor and technology-neutral consortium dedicated to improving business efficiency, defines SSO as the “mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords”

SSO solutions come in two flavors: solutions that deal with one set of user credentials and solutions that deal with multiple sets of user credentials.

A good example of the first type of solution is a Kerberos authentication protocol-based SSO setup.

A good example of the second type of solution is the Credential Manager. Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP. It’s based on a secure client-side credential-caching mechanism.

The Windows 2000 (and earlier) requirement that users must re-enter the same credentials whenever they access resources on the same Internet or intranet server can be frustrating for users, especially when they have more than one set of credentials. Administrators often must cope with the same frustration when they have to switch to alternative credentials to perform administrative tasks. Credential Manager solves these problems.

Conclusion:

Browser-stored passwords make it easy for hackers to get inside your network

allowing a browser to “remember” passwords can pose a major security risk because:

  • Password recovery tools can easily find these passwords.
  • Browsers typically do not use strong encryption for these passwords.
  • Users do not monitor and rarely change these passwords once they store them in their browser.

DO NOT USE THE “REMEMBER PASSWORD” FEATURE ON APPLICATIONS SUCH AS WEB BROWSERS (Google Chrome, Mozilla Firefox, Safari, Internet Explorer etc.)

For IT Admins:

Get your FREE Browser-Stored Password Discovery Tool from Thycotic to quickly and easily identify risky storage of passwords in web browsers among your Active Directory users. You get reports that identify:

  • Top 10 common machines with browser-stored passwords
  • Top 10 common users with browser-stored passwords
  • Top 10 most frequently used websites with browser-stored passwords

The Browser-Stored Password Discovery Tool is free. You can re-run the Browser-Stored Password Discovery Tool at any time to identify browser password risks and help enforce compliance with web browser security policies.

Source: online-tech-tips, digitalcitizen, techgenix,

 

How to Send Self Destructing Emails from Gmail

Google’s Gmail Confidential Mode lets an email sender set a message to automatically expire anywhere from 24 hours to five years after itis sent.

Gmail Final

Remember Hollywood movie series Mission Impossible (MI), in that the agent used to receive his assignments through self-destructing messages that usually detonating itself.

Confidential mode on Gmail adds access restrictions to emails that you sent using the mode. Designed to protect sensitive information, it enables you to set time limits and passcodes. The mode blocks certain actions, forwarding, copy and paste, downloading of the email, and printing as well automatically.

Here disappearing emails may not actually detonate, but they do vanish after a certain amount of time. The tool is part of Google’s efforts to beef up privacy and cybersecurity for Gmail users. It will be available to corporate accounts as well as personal Gmail account holders, you can enable it and use it right away.

Here’s how.

Open Gmail on your computer and tap the compose/reply button.

Now select this icon on the bottom of the screen. It’s a tiny lock with a clock on it.

 

Picture1

A click on the icon opens the confidential mode configuration overlay which gives you two options:

  1. Set an expiration date for the email. Available options are 1 day, 1 week, 1 month, 3 months and 5 years. The expiration date is displayed next to the selection menu so that you know immediately when the email expires.
  2. Enable the SMS passcode Recipients to need a mobile phone for that and Google will be sent recipients a passcode text message which they need to unlock the email.

Picture2

No SMS passcode – if the recipients don’t use Gmail, they’ll get a passcode by email.

SMS passcode – Recipients will get a passcode by SMS (text message)

Picture3

Gmail highlights confidential mode by adding a “content expires” message to the email. You can edit the requirement or click on the x-icon to remove it again before you hit the send button.

Picture4

What happens when you hit send? If you selected the passcode option, you are asked to type the phone number of the recipient.

Picture5

That’s it. Now the email will automatically delete itself after your predetermined self-destruction time period ends. Recipients can open the email until then, which means the clock starts right when you send it, not when they open it.

Also, if you want to revoke access sooner, you can do that by opening Gmail, selecting “Sent,” opening the confidential email you just sent and then selecting “remove access.”

The email that you receive does not contain the message. Google uses the selected subject and shows the sender of the email, but instead of displaying the content, it informs you that you have received a confidential email which you can only open.

Picture6

In other words: Google sends you a notification by email that a confidential email was sent to you and that you may click on the link to open it.

No SMS passcode– if the recipients don’t use Gmail, they’ll get a passcode by email.

SMS passcode– Recipients will get a passcode by SMS (text message)

But, before you start emailing friends the juicy details of your diary, there are a few important limits on confidential emails you might want to keep in mind. Erased emails may fade away from receivers’ inboxes, but they’ll still show up in your “sent” file if you don’t manually delete them. Keep in mind as well that Mac OS and Windows OS both allow the taking and saving of screenshots of anything that appears on a screen. It’s also not clear how long the messages stay on Google’s servers.

There is another issue that needs to be addressed. Recipients get an email with a link asking them to click on the link and even sign in to a Google account if they are not already to view it. If that does not sound a lot like phishing I don’t know what does.

Recipients may not want to click on the links. Ironically, attackers who use phishing as an attack vector may exploit the new functionality to steal user credentials.

Closing Words

Gmail’s Confidential mode feature is not the right option when you need to send confidential messages to others. Email is not the right format for confidential messages unless you use Pretty Good Privacy (PGP) or another secure form of communication.

email inventor

Source: computer.howstuffworks, ghacks, cnbc, downloadsource,

 

World Kindness Day

World Kindness Day is an international observance on 13 November. It was introduced in 1998 by the World Kindness Movement, a coalition of nations’ kindness NGOs.

During the 1999 World Kindness Movement conference in Tokyo, the cosmos bipinnatus was adopted as the official flower for the organization.

World Kindness Day

“Kindness is a universal language.”

I know, I know, every day should be World Kindness Day. But the reality is, between an out of whack work-life balance, losing patience in traffic jams, and feeling stressed over the upcoming holiday season, smiling at a stranger is often the last thing on people’s minds. So maybe we need a day to reinforce the importance of niceness, reminding us to let go of any anger and perhaps soften our too-hard exterior.

Besides, the mental and physical benefits of kindness are plenty, which should make us want to smile more and frown less. Author David R. Hamilton, Ph.D. writes that kindness has positive side effects including healthier hearts, better aging, and improved relationship bonds.

WKD

 

Source: Wikipedia, Randomactsofkindness, HuffingtonPost

 

HTTP/2

HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google.

HTTP/2 was developed by the Hypertext Transfer Protocol working group httpbis (where bis means “second”) of the Internet Engineering Task Force (IETF).

HTTP Timeline pic
                                                                                                                                                   ~ HTTP Timeline

What is a Protocol?

A protocol is a set of rules that govern the data communication mechanisms between clients (for example web browsers used by internet users to request information) and servers (the machines containing the requested information).

Protocols usually consist of three main parts: Header, Payload, and Footer.

The Header placed before the Payload contains information such as source and destination address as well as other details (such as size and type) regarding the Payload.

The Payload is the actual information transmitted using the protocol.

The Footer follows the Payload and works as a control field to route client-server requests to the intended recipients along with the Header to ensure the Payload data is transmitted free of errors.

 

Protocol
                                                                                                                                                     ~ Mail HTTP/2

The system is similar to the postal mail service. The letter (Payload) is inserted into an envelope (Header) with destination address written on it and sealed with glue and postage stamp (Footer) before it is dispatched.

What is SPDY?

SPDY (pronounced SPeeDY) is a networking protocol developed by Google with the purpose of speeding up the delivery of web content. It does this by modifying HTTP traffic which in turn reduces web page latency and improves web security.

HTTP, while powerful in its day, cannot keep up with the demands of today’s digital world, which is the reason SPDY was introduced to help meet those demands.

What is HTTP/2?

HTTP/2 is the second major version update to the HTTP protocol since HTTP1.1 which was released more than 15 years ago. The HTTP/2 protocol was developed due to the ever-evolving digital world and the need to load more resource intensive web pages.

SPDY was also implemented to help reduce web page latency users experience when using HTTP1.1. HTTP/2 is based off SPDY, however, contains key improvements that have led to the deprecation of SPDY in February 2015.

How does HTTP/2 work?

Whenever you click on a link to visit a site a request is made to the server. The server answers with a status message (header) and a file list for that website. After viewing that list, the browser asks for the files one at a time. The difference between HTTP 1.1 and HTTP/2 lies in what happens next.

Say you want a new LEGO set. First, you go to the store to buy your LEGO. When you get home, you open the box and look at the instructions, which tell you what you have to do: one brick at a time. So for every brick, you have to look at the instructions to see which brick to use next. The same for the next brick, and so on. This back-and-forth keeps happening until you have finished the entire LEGO set. If your set has 3,300 bricks, that’ll take quite a while. This is HTTP1.1.

With HTTP/2 this change. You go to the store to pick up your box. Open it, find the instructions and you can ask for all the bricks used on one section of the LEGO set. You can keep asking the instructions for more bricks, without having to look at the manual. “These bricks go together, so here they are.” If you want it really quickly, you could even get all the bricks at once so you can build the set in an instant.

Picture7

Differences from HTTP1.1

Similar to SPDY, using HTTP/2 does not require any changes to how web applications currently work, however, applications are able to take advantage of the optimization features to increase page load speed.

Differences between the HTTP1.1. and HTTP/2 protocol includes the following:

  • HTTP/2 is binary, instead of textual
  • It is fully multiplexed, instead of ordered and blocking
  • It can use one connection for parallelism
  • It uses header compression to reduce overhead
  • It allows servers to “push” responses proactively into client caches instead of waiting for a new request for each resource.

Is it HTTP/2.0 or HTTP/2?

The Working Group decided to drop the minor version (“.0”) because it has caused a lot of confusion in HTTP/1.x.

In other words, the HTTP version only indicates wire compatibility, not feature sets or “marketing.”

Similarities with HTTP1.x and SPDY

HTTP1.x SPDY HTTP2
SSL not required but recommended. SSL required. SSL not required but recommended.
Slow encryption. Fast encryption. Even faster encryption.
One client-server request per TCP connection. Multiple client-server requests per TCP connection. Occurs on a single host at a time. Multi-host multiplexing. Occurs on multiple hosts at a single instant.
No header compression. Header compression introduced. Header compression using improved algorithms that improve performance as well as security.
No stream prioritization. Stream prioritization introduced. Improved stream prioritization mechanisms used.

Conclusion

HTTP/2 is without a doubt the direction the web is moving towards in terms of the networking protocol that is able to handle the resource needs of today’s websites. While SPDY was a great step forward in improving HTTP1.1, HTTP/2 has since further improved the HTTP protocol that has served the web for many years.

According to W3Techs, as of November 2018, 31% of the top 10 million websites supported HTTP/2.

Source: kinsta, wikipedia, yoast, github, keycdn,