Category Archives: Stiri iT & C

How to Use a VPN for Safer Online Shopping | E-Commerce


With the holidays fast approaching, are you looking to buy presents online?

The holiday season has become synonymous with online shopping. This isn’t really surprising as physical stores usually attract crowds of deal hunters. This often conjures up images of throngs of people waiting in line outside the store, some even camping out. This activity is tolerable for some and even fun for others. However, for many others, it’s not worth the hassle.

Why would it be, when there are perfectly legitimate and convenient alternatives online?

Well, for one thing, many people shop online without first thinking about their security. Most people are led to believe — or want to believe — that all e-commerce sites are secure. This isn’t completely true. With so much personal and financial information being exchanged, online shoppers aren’t the only ones enjoying the holiday rush — cybercriminals are too!

Still, it’s possible to add security to your e-commerce transactions by using a virtual private network. A VPN can help you enjoy your online shopping experience without worrying about falling prey to cybercriminals.

The Cybercrime Problem

First, here are some of the pressing reasons for securing e-commerce transactions in the first place.

As you know, e-commerce stores usually require you to register with their site in order to enjoy their services. This involves trusting them with your personal information, usernames, passwords, and credit card details — information that you’d rather did not fall into the wrong hands.

The thing is, cybercriminals know this fact. They will descend to any depth just to get their hands on such information. How exactly do they do this?

KRACK Attacks

A
KRACK (key reinstallation attack) is a severe replay attack on the WiFi Protected Access protocol that secures WiFi connections.

An attacker gradually matches encrypted packets seen before and learns the full keychain used to encrypt the traffic by repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake. This attack works against all modern WiFi networks.

Simply put, KRACK attacks can intercept sent data by infiltrating your WiFi connection, no matter which major platform you’re on (Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others). These attacks require the attacker to be within the range of the WiFi connection they’re trying to infiltrate, which means they might lurk somewhere near or inside your home, office or school.

MitM Attacks

In a
MitM (Man-in-the-Middle) attack, the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

This attack can succeed only when the attacker can impersonate each endpoint to the other’s satisfaction, delivering results as expected from the legitimate ends.

In the context of e-commerce transactions, these attacks are done on unprotected WiFi networks like the ones you find in airports, hotels and coffee shops. This is actually one of the reasons I often suggest that people stay away from public WiFi unless they’re packing some security software.

With this type of attack, you never know if the person sipping coffee at the next table is simply checking up on social media accounts or is actually sifting through the data being sent by other patrons.

Rogue Networks

Imagine yourself going to a downtown hotel to visit a friend. You wait in the lobby and decide to connect to the hotel WiFi while you wait. You find that there seem to be two networks with the same name, so you connect to the one with the stronger signal.

STOP! You may be connecting to a rogue network.

Rogue networks are ones that impersonate legitimate networks to lure unsuspecting users into logging in. This usually is done by setting up near a public WiFi network and then copying that network’s name, or making it appear that it’s an extension of the legitimate network.

The main problem with this is that you never know who set up the rogue network or what data is vulnerable to monitoring and recording.

The Green Padlock’s Trustworthiness

Now, you may have heard that HTTPS sites can give you the security you need while you visiting them. Most, if not all, e-commerce sites are certified and will have a green padlock and an “HTTPS” prefixing their URL to reassure visitors that their transactions are safe and encrypted.

Hypertext Transfer Protocol Secure, HTTPS, is a variant of the standard HTTP Web transfer protocol, which adds a layer of security on the data in transit through a secure socket layer (SSL) or transport layer security (TLS) protocol connection, according to
Malwarebytes.

The thing is, just because your connection to a site is encrypted doesn’t automatically make the site safe. Bad actors actually
can forge SSL certificates and make it appear that their site is safe. Even worse,
anyone can get an SSL certificate — even cybercriminals. The certificate authority simply needs to verify the site owner’s identity and that’s it — the owner gets an SSL certificate.

Now, bringing it all back, I’m not saying that all sites with green padlocks are unsafe. What I am saying is that you shouldn’t rely solely on the presence of these green padlocks to keep your transactions safe.

A VPN Can Provide Security

I’m now getting to the meat of the matter: using a VPN to secure your e-commerce transactions.

A virtual private network, or VPN, is software that routes your connection through a server or servers and hides your online activity by encrypting your data and masking your true IP address with a different one.

Once you activate the client, the VPN will encrypt your data, even before it reaches the network provider. This is better understood if you have basic knowledge of how online searches work.

Let’s say that you’re looking to buy some scented candles to give as emergency gifts. You open your browser and type in “scented holiday candles” and press “search.”

Once you do, your browser will send a query containing your search words. This query first goes through a network provider (your ISP or the owner of the WiFi network you’ve connected to), which can monitor and record the contents of these queries.

After going through the network provider, your query is sent to a DNS (domain name system) server that searches its databanks for the proper IP address corresponding to your query. If the DNS server can’t find the proper IP address, it forwards your query until the proper IP address is found.

The problem with this is that the contents of your query consist of easily readable plain text. This means that hackers or your ISP are able to view and record the information contained therein. If that information is your name, username, password, credit card information, or banking credentials, they’re in danger of being viewed or stolen.

These queries also can be traced (by hackers or your ISP) back to your IP address which usually is traceable to your personal identity. This is how bad actors infiltrating your connection can discover what you’re doing online.

So, with a VPN active, your online transactions and private information will get an extra layer of protection through encryption and IP address masking.

When discussing VPNs, it’s always important to consider the protocols they use. These protocols determine the security level and connection speed. As of this moment, there are five major VPN protocols:

  1. PPTP (Point-To-Point Tunneling Protocol)

    PPTP is one of the oldest protocols still in use today. It originally was designed by Microsoft. The good thing about this protocol is that it still works on old computers. It’s a part of the Windows operating system, and it’s easy to set up. The problem is, by today’s standards, it’s not the most secure. You wouldn’t want a VPN provider that offers this protocol alone.

  2. L2TP/IPsec (Layer 2 Tunneling Protocol)

    L2TP/IPsec is a combination of PPTP and Cisco’s L2F protocol. On paper, this protocol’s concept actually is quite sound: It uses keys to establish a secure connection on each end of your data tunnel. The problem is in the execution, which isn’t very safe.

    While the addition of the IPsec protocol does improve security a bit, there are still reports of
    NSA’s alleged ability to crack this protocol and see what’s being transmitted. Whether the rumors are true or not, the fact that there’s a debate at all should be enough of a warning to anyone relying on this protocol.

  3. SSTP (Secure Socket Tunneling Protocol)

    SSTP is another protocol that traces its roots to Microsoft. It establishes its connection by utilizing SSL/TLS encryption which is the de facto standard for modern day Web encryption. SSL and TLS utilize setups built on symmetric-key cryptography in which only the two parties involved in the transfer can decode the data within. Overall, SSTP is a very secure protocol.

  4. IKEv2 (Internet Key Exchange, Version 2)

    IKEv2 is yet another Microsoft-built protocol. It’s simply a tunneling protocol with a secure key exchange session. Although it is an iteration of Microsoft’s previous protocols, it actually provides you with some of the best security. It requires pairing with IPSec to gain encryption and authentication, which is what most mobile VPNs use because it works well while your VPN reconnects during those brief times of connection loss or network switching.

    Unfortunately, there is also
    strong evidence that the NSA is spying on mobile users using this protocol.

  5. OpenVPN

    This takes what’s best in the above protocols and does away with most of the flaws. It’s an open source protocol based on SSL/TLS, and it is one of the fastest and most secure protocols today. It protects your data by using, among other things, the nigh-unbreakable AES-256 bit key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.

    One notable flaw it does have is its susceptibility to
    VORACLE attacks, but most VPNs already have solved this problem. Overall, it’s still the most versatile and secure protocol out there.

About Free VPNs and Jurisdictions

Now you’ve learned about the risks you may face with your e-commerce transactions and how you can avoid those risks by using a VPN with the right protocol. However, you may have heard rumors about VPNs not being as safe as they seem to be.

These rumors are partly true.

Not all VPNs can be trusted. There are VPNs that purport to be “free forever” while
you’re actually paying with your personal information. Needless to say, you should avoid these types of VPNs and instead look for trustworthy
VPN services.

Another rumor you may have heard is that trusting VPN companies with your personal data is just as bad as trusting your data to your ISP. This is only true for VPNs that log your data and are situated in a jurisdiction under any of the 14-eyes countries. This is why you should look into your VPN’s logging and privacy policy, as well as the country it is situated in.

In Conclusion

Buying online for the holidays can be an enjoyable and fulfilling experience if your transactions are secure. Protect your private information from KRACK, MitM, and rogue networks by using a VPN to encrypt your data and hide your IP address.

When using a VPN, remember to choose the most secure protocol available, and beware of free VPNs or those that log your data while inside 14-eyes jurisdictions.

Follow these steps, and you’ll be well on your way to more secure e-commerce transactions.


John Mason, an avid privacy advocate, is founder of
TheBestVPN and serves as its chief researcher.





Source link

Deepin Builds a Better Linux Desktop | Reviews


By Jack M. Germain

Dec 5, 2018 1:01 PM PT

Deepin Builds a Better Linux Desktop

Deepin 15.8, released last month, is loaded with more efficient layout tweaks that give the distribution greater functionality and maturity.

Deepin, based in China, shed its Ubuntu base when with the 2015 release of version 15, which favored Debian Linux. That brought numerous subtle changes in the code base and software roots. Ubuntu Linux itself is based on Debian.

The chief distinguishing factor that accounts for Deepin’s growing popularity is its homegrown Deepin Desktop Environment (DDE). One of the more modern desktop environments, it is one of the first Linux distros to take advantage of HTML 5 technology.

Coinciding with the base affiliation change, the developers, Deepin Technology, slightly changed the distro’s name. What was “Deepin Linux” is now “deepin.” That subtle rebranding is an attempt to differentiate previous releases named “Deepin,” “Linux Deepin” and “Hiweed GNU/Linux.”

Regardless of whether the name is rendered as “deepin” or “Deepin Linux,” this distro offers users an eloquent, modern-themed Linux OS. It is easy to use and comes with high-quality software developed in-house.

Desktop Differences

The Deepin Desktop is offered in a widening assortment of popular Linux desktops, but the best user experience is found in this distro.

Other distros running the Deepin Desktop miss much of the unique integration you get in Deepin Linux. DDE elsewhere usually lacks much of the optimization and special optimized software available through the Deepin software store.

Often, you get the software versions provided by the distro you are running. The Linux distros offering the Deepin Desktop are Archlinux, Manjaro, Ubuntu, Gentoo, Fedora, Puppy Linux, SparkyLinux, Antergos, Pardus and openSuse.

Growing Pains Over

I have reviewed earlier versions of Deepin Linux along with other distros running the Deepin Desktop Environment. This latest version is awesome.

Any new desktop environment is a work in progress. DDE started out with lofty goals but mediocre execution. The Deepin desktop is now well designed and very functional.

Desktop shells largely are valued for how simple they are to use and how functional they are for a user’s productivity. For me, the Cinnamon and the Xfce desktops get high marks for both.

DDE offers a third favorite option. I like its modern design. Using it is intuitive. A user guide presentation runs when you first load the desktop. It is very helpful in getting started.

DDE does not yet have every power user feature I would like to see included, but it is packed with enough personalization tweaks and design improvements to make it a very workable alternative.

Digging Into Deepin’s Design

The Deepin Desktop design is snazzy yet simple to use. Add its homegrown applications, and you get an operating system that is tailored to the average user.

The new desktop screen is prettier and less cluttered. Annoying desklets, like a weather module and volume sliders, are gone — either removed or relocated.

I really like the new docking tray and boot theme. In-house developed applications have been a key ingredient in Deepin’s growing popularity. This latest release has some 30 improved native applications that should bring a more beautiful and efficient experience.

Another strong point in Deepin’s design is the new collapsible dock tray. Deepin uses a dock bar instead of the traditional bottom bar. When the dock is set in the macOS-style mode, a button appears that toggles a new dock tray element — embed tray icons in the dock.

The Dock offers a choice of fashion or efficient modes. Fashion mode adds a hide/show button in the dock tray. Click it to hide the icons in tray area and save the dock space. The power button is separated from the tray area to reduce the clicks and avoid function confusion.

In the Efficient mode, the right corner is set to show desktop. The previous ‘Show Desktop’ icon disappears.

Beyond Gnome

At first glance, you might think that DDE is a remake of the refashioned GNOME 3 desktop design. Looks can be deceiving. Click the first icon at the left end of the dock bar to open the applications menu.

That is what starts to look like GNOME — or Android. You see a full-screen spread of rows of applications. Click the second icon to see the multitasking view, aka “virtual workspaces.” In DDE that panel drops down from the top center of the screen, unlike GNOME’s right screen panel.


Deepin multitasking feature thumbnails of virtual workspaces

Deepin’s multitasking feature shows thumbnails of virtual workspaces via a display panel that hides along the top edge of the screen. The main view displays mini images of open windows on the current workspace.


Deepin lets you set a different background image for each virtual workspace These display in the panel view as well. You can drag a running application’s mini image from the multitasking view to another workspace. You also can right-click on the top window border of a displayed app to move it to another virtual workspace.

Clicking the gear icon on the Dock bar slides out the settings panel from the right edge of the screen. The left vertical border of this panel holds a column of icons, one for each settings category.


Deepin Desktop slide-out control panel

The Deepin Desktop has a slide-out control panel that makes finding settings effortless. It uses a dock bar instead of a traditional panel at the bottom of the screen.


Click a vertical icon to open a settings display for the selected category. Or you can click in the panel and scroll down or up for a continuous scrolling through all settings.

Stuffed With Software

Deepin-specific applications separate this distro from most others. The developer has an impressive inventory of in-house generated applications. This release expands that inventory with more new titles and revamps of many others.

Here is a brief selection of what Deepin provides:

  • Deepin File Manager has a new Recent bookmark in its sidebar. The latest release also offers an optional dark theme.
  • Deepin Boot Maker has a simple interface to make a deepin boot disk easily.
  • Deepin Editor is a lightweight text editor with some customized functions for composing text and writing code.
  • Deepin File Manager is an optimized revision with added features.
  • Deepin Font Installer is a new tool for adding/removing font files with simplified operations. It shows font information, such as style, type, version, copyright and description.
  • Deepin Repair is another new tool to fix some issues in Deepin quickly, including hard disk detecting, disk cleaning, DPKG repairing, boot repairing, privilege repairing and password reset.
  • Deepin’s Graphics and Driver Manager app is introduced in this release. It includes graphics card hardware detection, graphics driver installation, graphics driver solution switching, graphics driver automatic recovery, and other functions.
  • Deepin Clone is yet another new tool that makes it safe and easy to backup and restore the system. It supports to clone, backup and restore disk or partition. It works with Deepin Recovery to fix the boot, partition and other problems.

The community-sponsored software store offers about a thousand applications. Also available is a new Deepin Store.

Deepin Store is a high-quality application store to display, download, install, review and rate applications. It includes the selections of popular apps, new updates and hot topics. It supports one-click installing, updating and uninstalling.

Getting It May Be Troublesome

One of the great advantages of many Linux distros is the ability to test the distro in a live session. This lets you try out the distro without making any changes to your hard drive.

Unless you have a spare computer to perform a full installation for testing, not being able to run a live session is very risky. Glitches happen when installing something untried.

That is an issue with Deepin Linux. The ISO does not boot into a live session. It is strictly for installations only.

However, you can download a special boot tool to allow you to install a live-session-capable version of this release to a USB drive. Look for the live session download option on the download page.

However, you also will have to download the installation ISO. That poses yet another inconvenience.

Time Factor Fail

The download time directly from the Deepin website is horrendously slow. Download times posted take as long as 18 hours. I checked back numerous times with no faster delivery times.

A better option is to use one of the streaming mirror sites. The download times are literally minutes instead of hours.

You will find these alternative download sites at the bottom center of the download screen. Hover your mouse pointer over the half-dozen symbols and look at the URL displayed.

Tip: You’ll only find the installation ISO on these secondary download sites. The boot tool is available only from the Deepin website.

Installing It

The installation routine is modern and classy. The process is GUI-based (graphical user interface) rather than text-based or command line-based.

The installer moves right into the desktop environment with a blurred version of its desktop wallpaper overlayed with centered, translucent menus. This creates a pleasant visual effect.


Deepin installer screen

The Deepin installer is a class act. It has a smooth progression of setup steps displayed against a blurred background image of the Deepin Desktop Environment. It provides an easy guide that new Linux users can follow with confidence.


The next screen presents a mandatory End-User Agreement. Its wordiness seems to exceed the usual open source licensing requirements.

It is lengthy to read and has numerous references to intellectual property. Ho-hum! Just scroll to the bottom of the display window to activate the ACCEPT tab to continue the installation process.

Unlike other Linux installation routines, Deepin Linux does not test for an Internet connection. You can install it without an online connection.

Bottom Line

Deepin Linux 15.8 is a solid performer. The developers have not yet provided language support for many languages. This limits who can use this distro.

In Deepin’s earlier years, the only available languages were Chinese and a few related dialects plus English. This latest release has expanded that list to a dozen or so.

In the English language version, it is annoying to see Chinese words and phrases in some of the system displays and software store catalogs. I assume that issue may exist in other language releases of Deepin as well.

Unless you are used to distro hopping, save yourself from the pain of trial-and-error usage discovery. Deepin is easy to operate. However, if you are not familiar with most things Linux, do yourself a big favor and first familiarize yourself with the Deepin Manual that comes with the preinstalled applications.

If security concerns you, especially when using an operating system from a foreign developer, use the full disk encryption feature now available with this release.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

Please
email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!


Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.





Source link

IT Resume Dos and Don’ts: Formatting for Readability | Developers


In my career as an IT resume writer, I’ve seen a lot of IT resumes cross my desk, and I’d like to share some common of the most common formatting problems that I see regularly. Of course, an IT resume requires more than great formatting. It requires well-written, targeted content, and a clear story of career progression. It needs to communicate your unique brand and value proposition.

Still, if the formatting is off, that can derail the rest of the document and prevent your story being read by the hiring authority.

I’ll start with a few IT resume formatting “don’ts.”

1. Don’t Use Headers

This is an easy fix. Headers and footers made a lot of sense when an IT resume was likely to be read as a printed sheet of paper.

In 2018, how likely is it that a busy hiring authority is going to take the time or the effort to print out the hundreds of resumes that are submitted for every position?

Not terribly.

Your IT resume is going to be read online.

That’s why using a header for your contact information is a bad idea.

It takes a few seconds to click on the header, copy and paste your email and phone number, and then click again in the body of the resume to read the text.

A few seconds doesn’t seem like much, but for someone who is looking through a lot of resumes, every second really does count. A hiring authority who is REALLY busy may just decide it’s too much trouble to get your contact information from the header.

That means your resume may well end up in the “read later” folder.

That’s not a good outcome.

There’s another problem with using the header, related to the one I just discussed.

Headers just look old fashioned. Out of date.

Old fashioned is not the brand you want to present if you’re looking for a job in technology — whether you’re a CIO, an IT director, or a senior developer.

Again, this is an easy fix. Just put your name and contact information in the body of the resume. I suggest using a larger font in bold caps for your name. You want to be certain that your name will stick in the memory of the reader.

2. Don’t Over-Bullet

This is probably the most common mistake I see in the IT resumes that cross my desk.

In my trade, we call it “death by bullets.” The job seeker has bulleted everything.

Everything.

That’s really hard to read. Beyond the fact that it’s just not clear, there’s another big problem with over-bulleting.

To paraphrase The Incredibles, if everything is bulleted, nothing is.

The goal of using bullets — sparingly — is to draw the reader’s eye and attention to your major accomplishments.

If you’ve bulleted everything, the reader doesn’t know what’s critical and what’s not, which defeats the purpose of using bullets in your resume.

In my own work as an IT resume writer, I make a clear distinction between duties and responsibilities and hard, quantifiable accomplishments. I write the duties in paragraph format, and bullet only the accomplishments that demonstrate what my IT resume clients really have delivered.

It’s a clear, straightforward approach that I recommend.

3. Don’t Get Colorful

Happily, this particular problem doesn’t seem as common as it was a few years ago, but every once in a while, I’ll still see a resume with lots of color.

The idea behind that, of course, is to make the resume “eye-catching.”

Rather than catching the reader’s eye, however, a lot of color is just confusing.

“Why is this section blue? Is blue telling me it’s really important? And yellow? Why is this person using yellow? Because it’s mighty hard to read…”

I’m sure you see my point. The colors, rather than giving the reader a map of what to look at first — what to prioritize — just end up looking, well, busy.

That makes your resume harder to read. And if it’s harder to read?

Yeah. As I mentioned above: It’s likely to go into the “read later” folder.

You really don’t want that to happen.

4. Don’t Lead With Education

This is another easy fix, but it’s important.

The only time you want to lead with education is when you’re a new grad. If you’re a professional — whether senior, mid-career or junior — you want to highlight your experience on page one, and not take up that valuable space with your degrees or certifications.

Of course, degrees, training and certifications are important, but they belong at the end of the resume, at the bottom of page two or three.

5. Don’t Use Arial or Times New Roman

I’ll end the “don’ts” with another simple one.

Arial and Times New Roman are, well, so 1990s. Yes, they’re good, clear, readable fonts, which is why they’ve become so popular.

Probably 90 percent of all IT resumes are written in these two fonts. There’s nothing negative in that, but it’s a little boring.

Now, I’m not suggesting you use Comic Sans or Magneto, but there are some great, clean fonts that aren’t as common in the IT resume world.

Personally? I like Calibri for body and Cambria for headings.

So, that gives you a number of things to avoid in formatting your IT resume. I’ll now suggest a few “dos” to concentrate on to ensure that your document is as readable as possible.

1. Keep Things Simple

I’m a strong believer that an IT resume needs to tell a story. The formatting of the document should serve only to clarify that story, and not get in the way.

When the document is finished, take a look. Does the formatting lead your eye to the most important points? Is the formatting clear and clean? Or does it distract from the story you’re trying to tell?

2. Think Mobile

This point gets more important with each passing year. These days, the odds are that the hiring authority will be reading your story on a phone, tablet, or other mobile device.

That’s changed the way I’ve formatted the IT resumes I write for my clients.

I’ve never gone beyond minimal design, but I’ve scaled things back. For example, I used to use shading to draw attention to critical sections of the document.

But now? I think that can be hard to read on a mobile — and readability, to repeat a theme, is the only goal of resume formatting.

3. Use Bold and Italics Sparingly

This point follows directly from the previous one. We don’t want to bold or italicize everything. Bold and italics, used consistently and sparingly, can help signal to the reader what is most important in your IT resume, and provide a framework for a quick read-through.

That enables the hiring authority to get the gist of your career fast, without distracting from a deeper second read.

4. Use Hard Page Breaks

This is pretty simple, but it is important. I always insert hard page breaks in every finished IT resume I write. That helps ensure that the document is going to look consistent across devices and across platforms.

It’s not 100 percent foolproof — Word is a less-than-perfect tool. With hard page breaks, though, the odds are very good that your resume will look the same to each reader — and to the same reader when reviewing the document on different devices. That consistency reinforces the sense of professionalism you’re striving to convey.

5. Write First, Format Later

Professional IT resume writers disagree on this, but I’m going to suggest what I’ve found effective in my practice.

I always write the resume first. I personally use a plain text editor, to make certain that Microsoft Word doesn’t add anything that I’ll have to fight to remove later.

It’s only when I’ve got the text completely finished that I copy and paste into Word, and then add the formatting that I think best supports the client story I’m trying to tell.

If I try to format as I’m writing, the formatting may take over. It’s tempting to insist on keeping the formatting consistent, even when it’s not best supporting the story.

So think about it. I’d strongly recommend writing first, and formatting later, when you’re completely clear on the story you’re trying to tell.

I know that many people struggle with formatting their IT resume, so I hope that these simple ideas will help make the process a little easier and less painful.

Stay tuned for future articles that will dig a bit deeper into the IT resume process, covering content structure, writing style, and branding.


J.M. Auron is a professional resume writer who focuses exclusively on crafting
the best possible IT resume for clients from C-level leaders to hands-on IT professionals. When he’s not working, he practices Fujian Shaolin Kung Fu and Sun Style Tai Chi. He also writes detective fiction and the occasional metrical poem.





Source link

How to Protect Your Online Privacy: A Practical Guide | Privacy


Do you take your online privacy seriously?

Most people don’t. They have an ideal scenario of just how private their online activities should be, but they rarely do anything to actually achieve it.

The problem is that bad actors know and rely on this fact, and that’s why there’s been a
steady rise in identity theft cases from 2013 to 2017. The victims of these cases often suffer a loss of reputation or financial woes.

If you take your online privacy seriously, follow this 10-step guide to protect it.

1. Beware of Internet Service Providers

You may not be aware of it, but your ISP already might know
all about your online searches.

Each time you search for something online, your browser sends a query to a DNS server. Before the query reaches a DNS server, however, it first has to go through your ISP. Needless to say, your ISP easily can read and monitor these queries, which gives it a window into your online activity.

Not all ISPs monitor your browser queries but the ones that don’t are the exception and not the rule. Most ISPs will keep records of your Web browsing for a period of a few months to a year. Most ISPs don’t record your texts, but they do keep records of who texted you.

There are two ways to protect your privacy if you don’t want your ISP monitoring your browser queries: 1) Switch to an ISP that doesn’t monitor your online data, if practicable; or 2) Get a VPN to protect your data (more on this later).

2. Strengthen and Protect Your Login Credentials

One thing most people take for granted is the login credentials they use to access their many online accounts. Your username and password are the only things keeping your information and privileges from getting into the wrong hands. This is why it’s important to make them as strong as possible.

Choose a strong username that is simple and easy to remember but can’t easily be linked to your identity. This is to prevent hackers from correctly guessing your username based on your name, age, or date of birth. You’d be surprised just how cunningly hackers can find this information. Also, never use your Social Security Number as your username.

Next, pick a strong password. There are many ways to do this, but we can narrow them down to two options: 1) Learn how to make strong passwords; or 2) Use a password manager app.

Learning how to make a strong password requires time and imagination. Do you want to know what the most common passwords are? They are “1234,” “12345,” “0000,” “password” and “qwerty” — no imagination at all. A password combining your name and date of birth won’t cut it. Nor will a password that uses any word found in the dictionary.

You need to use a combination of upper and lower case letters, numbers, and even symbols (if allowed). Complexity is what matters, not length, since a complex password will take centuries for a computer to figure out. In fact, you can
try your password if you want to see just how long it will take to crack.

If you don’t have the time and imagination to formulate a strong and complex password, you can use one of the
six best password managers. These apps not only save you the hassle of memorizing your complex passwords but also auto-fill online login forms and formulate strong passwords for you.

Whether you want to learn how to make strong passwords or choose to install a password manager app is up to you. What you should never neglect, though, is 2FA (2-factor authentication). 2FA adds an extra layer of protection for your passwords in case someone ever does learn what they are. In fact, you may already have tried it when logging into an account on a new device.

The app or service requires you to key in the access code sent to another one of your devices (usually your phone) before you are given access to your account. Failing to provide this access code locks you out of your account. This means that even if hackers obtain your login credentials in some way, they still can’t log into your account without the access code.

Never use the same usernames or passwords for different accounts. This prevents hackers from accessing multiple accounts with just one or more of your login credentials. Also, never share your login credentials with anybody —
not even your significant other.

3. Check the WiFi You’re Using

Have you ever heard of a
KRACK attack? It’s a proof-of-concept cyberattack carried out by infiltrating your WiFi connection. The hacker then can steal information like browsing data, personal information, and even text message contents.

The problem is that not even WPA2 encryption can stop it. This is actually why The WiFi Alliance started development of WPA3, which it officially introduced this summer.

Do you need WPA3 to defend against KRACK attacks? No. You just need to install security updates when they become available. This is because security updates ensure that a key is installed only once, thereby, preventing KRACK attacks. You can add additional layers of protection by visiting only HTTPS sites and by using a VPN.

You also can use a VPN to protect your device whenever you connect to a public network. It prevents hackers from stealing your information via a MitM (Man in the Middle) attack, or if the network you’ve connected to is actually a rogue network.

4. Watch Your Browser

If you read through your browser company’s Terms of Use and Privacy Policy, you might find that they actually track your online activities. They then sell this information to ad companies that use methods like analytics to create a profile for each user. This information then is used to create those annoying targeted ads.

How do they do this?

Answer: Web cookies.

For the most part, Web cookies are harmless. They’re used to remember your online preferences like Web form entries and shopping cart contents. However, some cookies (third-party cookies) are made specifically to remain active even on websites they didn’t originate from. They also track your online behavior through the sites you visit and monitor what you click on.

This is why it’s a good idea to clear Web cookies every once in a while. You may be tempted to change your browser settings to simply reject all cookies, but that would result in an overall inconvenient browsing experience.

Another way to address the monitoring issue is to use your browser’s Incognito mode. Your browser won’t save any visited sites, cookies, or online forms while in this mode, but your activities may be visible to the websites you visit, your employer or school, and your ISP.

The best way I’ve found so far is to replace your browser with an anonymous browser.

One example is TOR (The Onion Browser). TOR is a browser made specifically to protect user privacy. It does this by wrapping your online data in several layers of encryption and then “bouncing” it for the same number of times before finally arriving at the right DNS server.

Another example is Epic Browser. While this browser doesn’t run on an onion network like TOR, it does do away with the usual privacy threats, including browsing history, DNS pre-fetching, third-party cookies, Web or DNS caches, and auto-fill features. It automatically deletes all session data once you close the browser.

SRWare Iron will be familiar to Google Chrome users, since it’s based on the open source Chromium project. Unlike Chrome, however, it gets rid of data privacy concerns like usage of a unique user ID and personalized search suggestions.

These three are the best ones I’ve found, but there are other alternatives out there. Whatever privacy browser you choose, make sure it’s compatible with your VPN, as not all privacy browsers are VPN-compatible — and vice-versa.

5. Use a Private Search Engine

Presenting risks similar to popular browsers are the search engines many people use. Most browser companies also produce their own search engine, which — like the browser — also tracks your online searches. These searches then can be traced to your personal identity by linking them to your computer, account, or IP address.

Aside from that, search engines keep information on your location and usage for up to several days. What most people don’t know is that persons in the legal field actually are allowed to use the information collected by search engines.

If this concerns you at all, you may want to switch to a private search engine. These private search engines often work in the same way: They obtain search results from various sources, and they don’t use personalized search results.

Some of the more popular private search engines include DuckDuckGo, Fireball, and Search Encrypt.

6. Install a VPN

What is a VPN, and why do I strongly recommend it?

A VPN (virtual private network) is a type of software that protects your Internet browsing by encrypting your online data and hiding your true IP address.

Since you already know how online searches are carried out, you already know that browser queries are easily readable by your ISP — or anyone else, for that matter. This is because your online data is, by default, unencrypted. It’s made up of plain text contained in data packets.

You also already know that not even built-in WPA2 encryption is good enough to protect against certain attacks.

This is where a VPN comes in. The VPN courses your online data through secure tunnels until it gets to its intended DNS server. Anyone intercepting your browsing data will find unreadable jargon instead.

You may hear advice against trusting VPNs with your security. I’m actually inclined to partially agree — not all VPNs are secure. However, that doesn’t mean all VPNs are not secure.

The unsecured VPNs I’m referring to are the “free lunch” types that promise to be free forever but actually use or sell your data to ad companies. Use only the safest VPN services you can find.

A VPN is primarily a security tool. While you may enjoy some privacy from its functions, you will want to pair it with a privacy browser and search engine to get the full privacy experience.

A VPN can’t secure your computer or device from malware that’s already present. This is why I always recommend using a VPN together with a good antivirus and firewall program.

Some popular browsers run WebRTC protocols by default. You have to turn off this protocol. This protocol compromises a VPN’s security by allowing your true IP address to be read.

7. Watch Out for Phishing

You may have the best VPN, anonymous browser, and private search engine on the market, but they won’t do you much good if you’re hooked by a phishing scam.

Phishing employs psychological analysis and social engineering to trick users into clicking a malicious link. This malicious link can contain anything from viruses to cryptojackers.

While phishing attacks usually are sent to many individuals, there’s a more personalized form called “spearphishing.” In that case, the hackers attempt to scam a specific person (usually a high-ranking officer at a company) by using information that’s available only to a select few people that the target knows.

So, how do you avoid being reeled in by phishing attacks?

The first option is to learn how to identify phishing attempts. Beware of messages from people you don’t know. Hover over a link before clicking it to make sure it navigates to the site it portrays. Most importantly, remember that if it’s too good to be true, it most likely is.

The second option is to install an antiphishing toolbar. This software prevents phishing by checking the links you click against a list of sites known to host malware or those that trick you into disclosing financial or personal information.

It then will prompt you, once it determines the link to be connected to one of those sites, and provide you with a path back to safety.

The best examples I’ve found are OpenDNS, Windows Defender Browser Protection, and Avira Browser Safety.

8. Encrypt Your Communications

If you’ve been following tech news in the recent months, you may have found an item about the FBI wanting
to break Facebook Messenger’s encryption. Say what you will about the social network giant, but this news reveals one thing: Even the FBI can’t crack encrypted messages without help.

This is why you should always use “encryption mode” in your messaging apps. Apps like Signal, Telegram, and Threema all come with end-to-end encryption and support for text, calls, and even video calls.

If you require constant use of emails, ProtonMail, Tutanota, Mailinator, and MailFence are great alternatives to popular email services that actually monitor your email content.

9. Watch What You Share on Social Media

Social media has become one of the best ways to keep in touch with important people in our lives. Catching up to everyone we care about is just a few clicks away. That said, we’re not the only ones looking at their profiles.

Hackers actually frequent social media sites as they hunt for any personal information they can steal. They even can circumvent your “friends only” information by adding you as a friend using a fake account. I don’t think I need to mention the problems hackers can cause once they’ve stolen your identity.

This is why you should exercise caution about what you share on social media. You never know if hackers are using the photos you share to target you for their next attack. You may want to skip out on filling out your profile completely. Avoid giving your phone or home number, and perhaps use a private email to sign up.

10. Update Early and Often

You may have heard this before but it’s worth repeating now: Don’t ignore system updates. You may not be aware of it, but updates fix many vulnerabilities that could jeopardize your online privacy.

Most people put off installing updates since they always seem to come at inopportune times. Sometimes we just can’t put up with the dip in performance or Internet speed while updates are being installed.

It’s usually best to suffer what minor inconvenience they cause early rather than risk getting caught in the whirlwind of problems hackers can cause if you should get targeted. Most software and apps now come with an auto-update feature, so you won’t have to manually search and download them.

In Conclusion

Privacy is a human right, and our online privacy should be taken seriously. Don’t neglect to take the necessary steps to protect yours.

Beware of your Internet service provider, and always protect your login credentials no matter how strong they are. Remember to check the network you’re connecting to before you log in.

Watch what your browser and search engine are doing, and consider replacing them with more private ones. Prepare against phishing by learning to identify attempts and installing an antiphishing toolbar.

Always use encrypted messaging, and watch what you share on social media. Finally, never ignore system updates when they become available.

Follow these steps and you’ll soon be on your way to a more private browsing experience.


John Mason, an avid privacy advocate, is founder of
TheBestVPN and serves as its chief researcher.





Source link

$34B Red Hat Acquisition Is a Bolt Out of Big Blue | Deals


The cloud computing landscape may look much different to enterprise users following the announcement earlier this week of IBM’s agreement to acquire Red Hat.

IBM plans to purchase Red Hat, a major provider of open source cloud software, for US$34 billion. IBM will acquire all of the issued and outstanding common shares of Red Hat for $190 per share in cash, under terms of the deal. That stock purchase represents a total enterprise value of approximately $34 billion.

Once the acquisition is finalized, Red Hat will join IBM’s Hybrid Cloud team as a distinct unit, preserving the independence and neutrality of Red Hat’s open source development heritage and commitment, current product portfolio, and go-to-market strategy, plus its unique development culture.

Red Hat president and CEO Jim Whitehurst will continue in his leadership role, as will the other members of Red Hat’s current management team. Whitehurst also will join IBM’s senior management team, reporting to CEO Ginni Rometty. IBM intends to maintain Red Hat’s headquarters, facilities, brands and practices.

Following the acquisition, IBM will remain committed to Red Hat’s open governance, open source contributions, and participation in the open source community and development model.

IBM also will foster Red Hat’s widespread developer ecosystem. In addition, both companies will remain committed to the continued freedom of open source via such efforts as Patent Promise, GPL Cooperation Commitment, the Open Invention Network and the LOT Network.

The acquisition was a smart business move for both IBM and Red Hat, said Charles King, principal analyst at Pund-IT.

“It seems possible or likely that other vendors would be interested in purchasing Red Hat,” he told the E-Commerce Times. “By making a deal happen, IBM is bringing in-house a raft of technologies, solutions and assets that are both familiar and highly complementary to its own solutions.

Partnerships and Financial Oversight

Both IBM and Red Hat will continue to build and enhance Red Hat partnerships. These include the IBM Cloud and other major cloud providers such as Amazon Web Services, Microsoft Azure, Google Cloud and Alibaba. At the same time, Red Hat will benefit from IBM’s hybrid cloud and enterprise IT scale in helping expand its open source technology portfolio to businesses globally.

Partnerships between the two companies span 20 years. IBM served as an early supporter of Linux, collaborating with Red Hat to help develop and grow enterprise-grade Linux and more recently to bring enterprise Kubernetes and hybrid cloud solutions to customers.

These innovations have become core technologies within IBM’s $19 billion hybrid cloud business. Between them, IBM and Red Hat have contributed more to the open source community than any other organization, the companies noted.

“For Red Hat, IBM is an ideal partner to help the company scale its business to the next level. Really, no other vendor comes close to having IBM’s reach into and credibility among global enterprises,” said King.

IBM intends to close the transaction through a combination of cash and debt in the latter half of next year. The acquisition has been approved by the boards of directors of both IBM and Red Hat.

The deal is subject to Red Hat shareholder approval. It also is subject to regulatory approvals and other customary closing conditions.

IBM plans to suspend its share repurchase program in 2020 and 2021. The company expects to accelerate its revenue growth, gross margin and free cash flow within 12 months of closing.

Moving Forward

“The acquisition of Red Hat is a game-changer. It changes everything about the cloud market,” said IBM’s Rometty.

Most companies only progressed 20 percent along their cloud journey, renting compute power to cut costs, she said. The next chapter in cloud usage — the next 80 percent — involves unlocking real business value and driving growth.

“It requires shifting business applications to hybrid cloud, extracting more data and optimizing every part of the business, from supply chains to sales,” Rometty pointed out.

Eighty percent of business workloads have yet to move to the cloud, according to IBM. Instead, they are held back by the proprietary nature of today’s cloud market. This prevents portability of data and applications across multiple clouds, data security in a multicloud environment, and consistent cloud management.

IBM and Red Hat plan to position the company to address this issue and accelerate hybrid multicloud adoption. Post-acquisition business will focus on helping clients create cloud-native business applications faster.

That will result in driving greater portability and security of data and applications across multiple public and private clouds, all with consistent cloud management. IBM and the absorbed Red Hat division will draw on their shared leadership in key technologies, such as Linux, containers, Kubernetes, multicloud management and automation.

Business Imperative

Red Hat/IBM is the second-largest computer software deal ever recorded globally, according to
Mergermarket data. In terms of computer software mergers and acquisitions in the U.S. alone, the sector already has hit a record high value of $138.3 billion this year, having surpassed all previous full years on record.

IBM/Red Hat accounts for nearly a quarter of total U.S. software deal value in the year to date. Red Hat is IBM’s largest transaction ever.

“IBM has been in need for some time of catching up with other tech giants, such as Amazon and Microsoft, in making a sizable investment like this in the cloud,” noted Elizabeth Lim, senior analyst at Mergermarket.

“It makes sense that IBM would pay such a large amount for a company like Red Hat, to try to outbid any potential competition,” she told the E-Commerce Times.

The deal with Red Hat marks a transition for the company toward hybrid cloud computing, after years of seeking growth with mixed results. For example, IBM made big bets on its artificial intelligence system Watson, but its traditional IT business has shrunk, Lim said.

“It is clear that CEO Ginni Rometty intends, with this deal, to try to propel IBM back into the ranks of the industry’s top players after falling behind in recent years, and that the company also felt the need to acquire outside tech instead of spending years trying to develop it in-house,” she explained.

The question now is how successfully IBM will integrate Red Hat, said Lim.

Smart Business

The acquisition comes as a surprise, but it is a smart move that makes a lot of sense, said Tim Beerman, CTO of
Ensono.

IBM has been a big supporter of open source and the Linux operating system, so Red Hat’s open source software portfolio, supported by value-added “paid” solutions, is the perfect investment, he told the E-Commerce Times.

“It is a big win for IBM, Red Hat and their customers. IBM gets to modernize its software services by adopting Red Hat’s technology,” Beerman noted.

“Red Hat gains IBM’s financial backing and the ability to scale its capabilities and offer a hybrid IT approach, and its customers receive the ability to go to market faster with the assurance their providers have the investment they need to excel in a hypercompetitive market,” he explained.

This acquisition reinforces the concept that open source tools are part of the answer to hybrid cloud solutions, added Beerman. IBM’s investment will allow the companies to increase their security profiles in open source systems.

Over the years, IBM’s technology portfolio, particularly on the software side, has dried up or been sold off, according to Todd Matters, chief architect at
RackWare. IBM really needs some of its own technology in their portfolio, so the Red Hat acquisition makes a lot of sense in those terms.

“Red Hat brings a long list of very good software products. Linux — and Red Hat in particular — has been able to purvey to the enterprise very successfully, and that is the sort of thing that IBM needs for its typical customer portfolio,” Matters told the E-Commerce Times.

IBM had little choice but to acquire Red Hat, observed Craig Rosenberg, chief analyst at research and advisory firm
Topo.

The deal is a “huge move for IBM and the industry,” he told the E-Commerce Times.

“In the multicloud market where AWS, Google and Microsoft have a clear head start, IBM had to make a move or risk being left behind. By acquiring Red Hat — and more specifically OpenShift — IBM becomes a major player, with a compelling developer-centric, open source offering and business model,” Rosenberg explained.

Deal Ramifications

With the Red Hat acquisition, IBM will get the industry’s premiere enterprise Linux distro and its most dynamic container platform, along with myriad other valuable assets, noted King. For Red Hat, the acquisition cements an alliance with one of its oldest strategic partners.

“IBM has also been among the industry’s staunchest and most generous supporters of open source projects and initiatives. Frankly, it is hard to think of similar deals that would have been as beneficial for both IBM and Red Hat,” said Pund-IT’s King.

That rosy view is not supported but some other onlookers, however.

IBM has committed to pay a huge price for the agile growth company, but it is far from a sure bet that the deal will transform IBM into a nimbler player, according to Jay Srivatsa, CEO of
Future Wealth.

“It paves the way for Amazon, Microsoft and Google to get stronger. IBM is counting on open source to cement the company’s credibility as a cloud player, but the train has left the station,” Srivasta told the E-Commerce Times.

“The risk of Red Hat simply becoming as irrelevant as IBM has in the cloud computing space is greater than the probability of IBM/RedHat becoming a leading player in this space,” he added.

One big stumbling block, according to Pete Sena, CEO of
Digital Surgeons, is the risky business of integrating Red Hat’s culture adequately. IBM has not matched Red Hat’s stewardship of open source.

“If IBM does not integrate the cultures effectively, Red hat employees may want to take their money and run,” Sena told the E-Commerce Times.

However, if IBM can deal with Red Hat’s proven successful open source format, the potential upside is nearly guaranteed, he noted.

“If you are a salesperson at either company, once this integration is rolled up together, then you have the ability to sell across various business units. The business implications point to IBM and Red Hat now having a ton of connected offerings,” Sena said.

Cloud Competition Impacted

Red Hat’s OpenShift container platform is being used or supported by virtually every major cloud vendor, noted King, and it’s likely those partnerships will persist.

“In fact, IBM emphasized that the deal would not disrupt any Red Hat customers,” he said, “but it is likely that the acquisition could spur interest in other container technologies by cloud companies.”

At the end of the day, though, mass defections are unlikely. It behooves service providers to support the technologies their customers prefer. For hybrid cloud customers, OpenShift is at or near the top of that list, according to King.

Because Red Hat will maintain its independence through the early part of the transition, it’s likely that things will remain relatively the same with respect to the e-commerce space relative, at least in the short-term, suggested Jonathan Poston, director of technical SEO at
Tombras Group.

“My guess is that IBM’s motive in the first place was less about controlling market supply and raising prices by buying out smaller, more competitive alternatives,” he told the E-Commerce Times, “and mostly about injecting vigor into a product inventory to extend the average life cycle through a classic strategic innovation acquisitions approach. An altruistic perspective, I know — but again, at least for the short-term, I suspect this will be the case.”

Open Source Reactionaries

The sudden unexpected announcement will no doubt produce some minor objections from the ranks of Red Hat workers. However, open source today is more commercial and institutionalized than it was even five years ago, so major turmoil over the business decision will not occur.

“Overall, I do not expect the deal to have any significant impact on open source culturally or as a practice,” said King. “IBM is too experienced and invested in open source to allow that to happen.”

However, the deal could spur interest in Red Hat’s competitors, like Suse and Canonical, as well as alternative container solutions, he suggested, and even might lead to other acquisitions in those areas.


Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.





Source link