October '05 Topics
Individual articles from Past Actrix Newsletters are archived in
October '05 Topics
October '05 Topics
Actrix Contact Info
Actrix Help Desk
Help Desk Hours
All I want is less to do, more time to do it and
higher pay for not getting it finished. Is that so much to ask?
Top 10 Viruses
This newsletter has been produced to help you
get the most out of the Internet,
It's been another interesting month. The Smokefree Coalition's Tobacco Control Update put things beautifully in the opening paragraph of its 21 September edition:
"On Saturday night [17 September] New Zealanders were glued to their television sets watching the unfolding drama. There were close one-on-one battles, blistering attacks, last minute victories, and bitter defeats. And once the Shield was safely back in the bag for Canterbury, we were all able to turn over and check out election progress."
We have a couple of new staff members on the help desk once again this month due to existing staff moving on the better and brighter things. We welcome Simon and Brian, and say goodbye to Steve Trayhorne and Chris Brochere. Peter Crantson has taken over from Steve Trayhorne as Support Senior Supervisor, and with Pete's experience and length of service already, we expect the high level and quality of support to continue.
As you're probably aware, the ISP market is extremely competitive, and Actrix realises that the quality of its customer support is important as a point of difference, and an opportunity to excel. We were pleased to hear from Consumer Magazine that our help desk was rated amongst the best in the country in its survey of 8377 subscribers. Their report is due out in their October edition. It should also appear on the Consumer Online web site.
We make it a policy and practice to hire people who are able to be real human beings for our help desk; people who can take responsibility for customer problems and work in a friendly and helpful manner to solve them quickly. Give them a call when you have a problem and I think you'll find that to be true. The help desk is free to all customers and open from 8 am - midnight, seven days per week (0800-228749).
...and you've got to keep changing them regularly
Most of us are probably not under too much of a threat regarding our passwords in that it's unlikely we're being actively targeted by someone who wants to steal our details. It is reasonably common, however, for customers to contact us because someone else is using their account. Sometimes the kids (inventive little persons) have worked out Mum or Dad's password and are using the computer and Internet when they're not supposed to, but in most cases unauthorised account use occurs because the password has been given to someone else in the past, and this person (sometimes maliciously and sometimes not) is continuing to use the service. Very occasionally, someone's password (either for e-mail or connectivity) has been hacked or stolen.
When it comes to robust and secure passwords, there are three important issues that should be remembered. Firstly, passwords need to be well chosen so that they are not easily guessed. Secondly, they need to be regularly changed so that if they are guessed or stolen, the potential harm is minimised. Thirdly, passwords need to be protected. This article will look at each of these issues. We'll finish up with a summary of general dos and don'ts.
But first, there are a number of generalisations about Kiwis and their passwords that could be made. Working for an ISP, I have dealt with a lot of password related issues over the years and have seen some patterns form.
1) The most common form of password is either a pet's or child's name with the letter 1 after it. I think this is because many people don't think about a password until they're setting up an account or log in. Typically they are informed that a password should have letters and numbers, and the first thing that comes into their head that they think they will remember is their child's (the firstborn, or the most recent-born is the most common) or their pet's name. The 1 gets added because they have to have a number in the password and this is the easiest number to remember. If I wanted to guess your password, then, I would try a few combinations on your kids' or pets' names first.
If that didn't work, I might also try a few combinations around anything else I might know to be important to you - your favourite singer, or something to do with your hobbies or sporting interests. If you were an Otago supporter, for example, I'd start with combinations around the word "anton" or "oliver." The very worst form of this sort of lack of thought is when a password is arrived at by simply adding the number 1 to the username.
2) It is extremely common for people to substitute letters for numbers that look like letters. The letter "o" gets replaced by a zero. The letter "i" gets replaced with a 1. The letter "s" gets replaced by a 5, and the letter g gets replaced by a 9, etc. So, if I was that Otago fan (and they're only my second favourite team, by the way) my password might be ant0n0l1ver. Anybody who knew me reasonably well and who was familiar with password trends and habits, would probably have worked this one out in less than ten tries.
3) Many people still use a birthdate or part of their phone number for the required number(s) in their password. These may be easy to remember, but such numbers are also easily guessed.
4) Almost unbelievably, some people still think the most obvious password is the one that will never be guessed. Some people use the word "password" or pa55word," or phrases like "letmein" and think they're being really clever. Unfortunately, they're not nearly as original as they think they are.
5) Many people go years without changing their passwords. Reasons for this would include them not finding the matter important, or just having too many passwords at all sorts of different places, so that the thought of changing each one becomes all a bit too much. Probably too, a lot of people have forgotten their passwords, and sometimes you need to know your password before you can change it.
6) People use the same password at various places. Again, this is done so that not too many passwords need to be remembered, and the same password can be used for logging onto the Internet, onto the banking site(s), the auction site(s) and the online dating site or web forum. Unfortunately, though, if your password is harvested, and the harvester knows anything about you, they suddenly have access to everything you've got.
Okay, so how can you choose a good password
A good password should be a mixture of letters and numbers, and there should also be a mixture of capital and lower-case letters. But a good password also needs to be memorable, and for most of us, remembering a string of gobbledegook (e.g. kq9Ph3I9) is not easy, especially if we have lots of different passwords to remember.
One suggestion is to think of a core password that would look like gobbledegook to anyone else, but would make sense to you because you know its key. You could then use that core at all of your different log-ins, with a variation added to it that pertains to the particular log in. Confused? Let me explain.
Think of a short phrase such as a line from a nursery rhyme (e.g "to market to buy a fat pig") and reduce it to a series of letters. The core of our password suite will thus become "tmtbafp". Next change the "to" to the numeral 2 and the b to an 8 (which looks like a capital b). Our password is now tm28afp (which isn't too hard to remember if we know how it was derived).
The next step is to think of a unique identifier for each of the sites where you log in. The main colour of a site might be an example. So, if I was logging into my National Bank (mainly green in colour) web account, I might add GR to the front of the password. As soon as I accessed the National Bank site, the main colour would remind me that my password for this site starts with GR, and because I've memorised the core password, I can remember that my password is GRtm28afp. If I was logging into an ANZ web site my password would be BLtm28afp. Actrix would be ORtm28afp because the main colour is orange.... Clear as mud? Of course, colours is just one option. Perhaps there's some other unique identifier for each site: the first or last two letters of the company's name... the first two vowels?
Next month, when I change my core password to lb15fd (london bridge is falling down), my password at the National Bank site would change to GRlb15fd. My password at the ANZ site would change to BLlb15fd, and so forth. There are probably lots of unique identifiers that could be thought of.
A simpler method for choosing passwords is to use nonsense syllables and separate them with numbers such as the following: breeN91gilB, ritT81bleeG, or fiM43drutT. Nonsense syllables are easier to remember because they are pronounceable, but they won't make sense to anyone else, and are therefore pretty unguessable. However, if you're changing your password regularly, these become harder to remember, in my opinion, because there is no system to them.
Should you use punctuation marks in a password?
Of course, including punctuation in a password makes it harder to guess, but it also has some drawbacks, and a good combination of letters, numbers and capitalisation should make your password robust enough. There are a few downsides. Firstly, not all servers on the web will accept them. Most will, but sometimes you'll come across one that doesn't, and this can throw things if you have a system. Secondly, punctuation is harder to remember, and if you're changing your password as regularly as you should, memorability becomes an issue. If you're sure the server can accept punctuation, and you'd like to go that extra step in terms of indecipherability, then use punctuation by all means, but don't use any characters that aren't found on a standard keyboard (e.g. ¥, which can only be invoked by using your keyboards <alt> key.
How often and when should you change your password?
Once per month my online banking site tells me it has been thirty days since I have changed my password and suggests it might be a good idea to update. Generally I use this as a cue to change all my passwords everywhere. I have about half a dozen or so sites or places online that require a password, and it usually takes me 15-20 minutes to do the lot. Yeah, it's a hassle, but I always feel pretty good after it's done. Because I use a system similar to the one above, it doesn't take a great deal of thought to come up with a set of passwords that I can remember at the various places, and I only have to think a bit to remember them the first time or two at each site.
If you don't have such a site that suggests regular password change times to you, perhaps you could make a mental note to yourself to change your passwords at the start of each month or something similar that suits you.
How and why should you protect your password?
It is one thing to choose a good password that is not easily guessed, but the best password in the world is of little value if you are careless with it.
The most obvious thing that comes to mind here is phishing scams. We've all had those e-mails turn up that purport to come from our ISP, or from PayPal, or Trade Me, or eBay, or our bank warning us that we're about to be cut off or that something has gone wrong with our account, and could we please go to a special page to log in and stop this terrible thing from happening. Of course, behind the scenes, this web page only looks like the authentic one, and it is really designed to capture your log in details for some hacker's nefarious purposes.
I think most people are aware of phishing scams now, and are less likely to fall for them, but hackers and web-tricksters are always finding new ways to part people from their passwords, and a high level of suspicion regarding any request for your password is appropriate. Reputable companies seek to combat phishing by making it their policy never to request your password in an e-mail, so anyone who does it is highly suspect. The general rule of thumb is to never give it out unless you are sure you someone isn't trying to hoodwink you. If in doubt, get on the phone to the company in question, or call our friendly help desk for advice (0800-228749).
Writing your passwords down is a bit of a tricky one. If they're written down on a piece of paper (and some security advisors recommend this instead of storing them electronically), then they are not vulnerable to a hacker who may have compromised your computer. They are, however, vulnerable to anyone who might be looking through your drawers or papers. The general rule of thumb here is to never store your passwords electronically (e.g. in an e-mail or WORD document). If you can't remember them or must write them down, make sure you lock them in a filing cabinet or somewhere else no one will have access to.
It's generally good practice, too, not to have your user name and password (e.g. dialup or browser-based log-ins) remembered automatically by your browser. If you do this, and your computer is stolen, make sure you contact your online providers immediately to have the password(s) changed.
Some sites allow you to retrieve your password by means of a question and answer if you have forgotten it. Usually there will be a series of standards such as what is your mother's maiden name, or your city of birth, and you can lodge an answer to one of these questions when you first set up your log in. If you forget your password, the sites will give you the question, and e-mail your password to you if you can answer it correctly. Sure, they only e-mail it to you, they don't just give it out, but most people's security is breached by people who already have access to their computer, and therefore won't have too much trouble getting access to any e-mail containing your password sent to you by the site. Generally, this whole process is a good idea, but you really need to make sure you choose a question and answer no one will no the answer to but you. If at all possible, use a question and answer of your own, and make it a hard one!
Lastly, exercise extreme care in choosing who you share any password with. I have been surprised on more than one occasion to find that customers have complained that someone else has been using their account and it turns out to be an ex-boarder, or someone with whom they've had a relationship break-up. Our terms and conditions state that your account is for your use alone. Understandably, couples etc will be sharing accounts and we don't mind that, but you give your password out to anyone else at your own peril, especially if you forget to change it once they've moved on. This is even more serious a risk when it comes to your banking password.
Some General Do's and Don'ts by way of summary
If you'd like to ask a question or request some help on any Actrix or Internet-related matter. Simply send me an e-mail with the word "Forum" in the subject line. I'll try and get an answer to you by return e-mail, and will also post the answer here for the benefit of others who may have a similar question or problem. By the same token, if you read something here and think you may have something to suggest, please feel more than free. Please also note that questions and answers may also turn up under the Helpful Tips section on the Actrix home page (www.actrix.co.nz).
Nick writes: Hi Rob, I really appreciate your articles. They're written in layman's language, I can follow them easily. A question regarding web sites. I understand how I can get to site directly by entering it's URL. The bit of the puzzle I don't understand is, say, I have a web site about Widgets, how do I arrange for the word "widget" to be picked up by a search engine? Thanks Nick
Hi Nick, Thanks for your kind words, and for a very good question. The best site in the world isn't worth a great deal if no one can find it. One of the ways to get your site known is by getting it into a search engine. Search engines work in two ways. They crawl the web all by themselves using programs calls spiders or robots that follow every link they can and report their findings back to the search engine's database. Eventually, a search engine will find you, but only if some other site somewhere on the web links to your site. otherwise there will be no way to find you. So, the first thing you should do is try and get your site linked to by somewhere else, and a good suggestion would be to lodge your site with some NZ based search engines like www.nzsearch.co.nz and www.searchnz.co.nz.
Secondly, you should register your site directly with the search engines. Most search engines, such as Google, will have a page where you can enter details about your site. This will speed up the process of the search engine finding you, but it could still take days or weeks for your site to be returned in a search.
Thirdly, you need to optimise your site for search engines. A whole lot more could be said here, and you are encouraged to do your own web-research, but two things are vital. The first is meta tags which are bits of code added to the header section of your web page (behind the scenes and a web browser won't see them). A description meta tag should be added which provides a short description of your site (say 50 words or so). A search engine will return what's in your description tag as the descriptor for your site. You should also add a key-words meta tag which will alert the search engine as to which words you think describe or summarise your site. When a search engine knows this, it will return your site to people who enter those keywords.
The last trick is to design your site so that it gets returned high in the search engine's collection of returned sites. Keeping your text on each page reasonably short, and having the keywords repeated in the text up to three times is ideal. Too many inclusions of keywords has the opposite effect and the search engine starts to lower your ranking because it thinks you're cheating.
There will be lots of information on the web about optimising, meta tags, and so forth. If you'd like to do more research, use a search engine, of course!
Bert writes: Hello Rob I went to a tutorial on Google search engine and a question of viruses in O.E. came up. We were told that we should remove our pre-view panel in order to avoid a virus opening in there. I have noticed that when I right click on an unopened e-mail so I can delete it the message does come up in the pre-view, but I have never heard about disabling that panel. What is your opinion? Regards, Bert
Hi Bert. This isn't something I would recommend as being necessary provided one has up-to-date software. A year or two ago there were a couple of viruses that would automatically activate the minute they were viewed in the preview panes of (mainly Microsoft, I think) e-mail programs. Of course this was a real danger at the time, but the situation was temporary in that Microsoft (and any others) quickly issued updates to their software that prevented this sort of thing from occurring. The latest versions of these e-mail programs will all now refuse to run any malicious code found in an e-mailed virus, so it is no longer necessary to disable your preview pane.
Now, if you haven't updated your software for a long time, then you may still be in danger. Click Help and then About, and you should be able to see which version of Outlook or Outlook Express you have. I think, if I remember correctly, that this problem was fixed in version 5 or version 5.5 of Outlook Express, but if you don't have version 6, then your software is still a bit obsolete and you should update by going to http://windowsupdate.microsoft.com/, and downloading whatever updates are available.
If you want to be doubly sure about things and disable your preview pane anyway, you can do this in Outlook Express by clicking View, and then Layout. Untick the box that says "Show preview pane".
Judith writes: Hi There, I have a person in Finland who I correspond with. She has suggested I install Skype, so that we can actually talk to each other.....for free. Sounds too good to be true! Is it? Do you know anything about it? I would appreciate your help. Thanks, Jude
Hi Jude, I've pretty much only heard good things about Skype so far, and a lot of people use it without problems. It's freely downloadable from: www.skype.com. You'll need speakers and a microphone (and a soundcard) for it to work, however it's significantly better to use either headphones and a microphone, or a proper headset, as using a microphone together with speakers may lead to echoing and feedback etc.
It's purported to work reasonably well, even on dialup, but obviously the more bandwidth available the better. If both parties have broadband, you're probably going to get the best results, but there would be no harm in trying it on dialup. It works with Mac systems, Windows and Linux.
Your voice is converted into data which is then sent over a P2P network to the other person. It is supposed to be encrypted so it should be secure, but I still wouldn't use it to talk to the bank or to discuss other sensitive data. If you just intend to chat with friends and family it should be fine.
It is very easy to use. Finding people is as simple as searching, or having them give you their Skype name. You can also hook up conference calls on it with multiple participants. It has chat (a la MSN/ICQ) function, and file transfer tools built in. There are also add on services you can pay for which will allow Skype to call out to landlines etc but that's probably getting a bit more technical. There are heaps of reviews and good info on their site as well.
Interesting sites (Click the picture links to access the sites)
Please note: Actrix supplies links to these sites for your interest and possible use. We cannot endorse or take any responsibility for their contents.
Got a site you think would be neat to share with other readers? Click here to e-mail and let me know and receive a free Norrie the Nerd chocolate bar courtesy of Actrix!
Online help for Maori: A High Court decision has reinforced New Zealand's censorship law, the Internal Affairs Department says. Click here for more.
High Court backs decision on internet offending: An online registration service for Maori will be launched on October 8 by Tuhono, which describes itself as an advocate for, and contributor to, networks of Maori individuals, iwi organisations and other entities. Click here for more.
Maturing net growing more slowly: After years of huge increases, the rate at which net traffic is growing is slowing down, say analysts. Click here for more.
Naked internet chatting 'threat to morality': "At first, we thought it was merely a game for a few mentally abnormal people. But as our research continued... Click here for more.
Kazaa ruling: teach youngsters not to share: The Kazaa file-sharing service, used by millions of people to swap songs online every day, has been ordered to stop the flow of illegal music on its system within two months. Click here for more.
Web inventor: Online life will produce more creative children: Since he invented it more than 15 years ago, Tim Berners-Lee has watched the Web change the way the world communicates, works and learns. Click here for more.
Internet the ultimate resource for music lovers: Fans now have a worldwide resource to track down recordings by their favourite artists and to discover new artists. Click here for more.
Mother's Web warning after suicide: The mother of a teenage girl who hanged herself after looking at suicide Web sites has warned of the dangers they pose. Click here for more.
Angry women sue doctor for online dating lies: A Manhattan fertility specialist has been sued by two women who say he broke their hearts after meeting them through an online dating site on which he pretended to be single. Click here for more.
TV to become web-like: IPTV - TV that's beamed over the net - is set to become the next big thing for boggle-eyed couch potatoes everywhere. Click here for more.
Google unveils blog search site: Google has unveiled a website that lets people search web journals or blogs. Click here for more.
eBay cancels sale of human kidney: Internet auction site eBay has cancelled the sale of a human kidney after it attracted bids up to US$800,000 ($1.14 million) in a single day. Click here for more.
Women rule the internet roost: Suspension of internet privileges has become the new way to discipline a unruly children, AOL UK has found, following a six month anthropological study of five British families. Click here for more.
Internet maps reveal Roman villa: Latest technology proved an unexpected aid to unearthing the past when an Italian man decided to look at internet maps of his home. Click here for more.
Researchers snoop on keyboard sounds: If spyware and key-logging software weren't a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard. Click here for more.
Computer terms 'confuse workers': Most office workers find computer jargon as difficult to understand as a foreign language, a survey suggests. Click here for more.
Kids to teach elderly net skills: Young people are being encouraged to take on the role of internet trainer to help their grandparents get online. Click here for more.
Webcam used to 'babysit kids': Police are questioning a Cambridgeshire mother who allegedly used a webcam to keep an eye on her three children while she went on a jaunt to Germany. Click here for more.
Money motive drove virus suspects: The arrest of two men suspected of being behind the Zotob virus has give a rare insight into the lifestyle and motivations of criminal hackers. Click here for more.
New Trojan swaps porn for Koran: A new Trojan horse program circulating around the internet this week appears to be on a moral mission to stamp out adult websites, according to security research firm Sophos. Click here for more.
Security and Safety
The cost of online anonymity: Dan Simmons examines whether it is possible to be totally anonymous and asks if this is really a desirable thing. Click here for more.
Unraveled Web fraud reveals inner workings of Internet theft: The illicit haul arrived each day by e-mail, the personal details of computer users tricked by an Internet thief: a victim's name, credit card number, date of birth, Social Security number, mother's maiden name. Click here for more.
Businesses face 'explosion' in bot armies: Education and small business could be the unwilling pawns of organised crime and their growing bot armies, Symantec's latest internet security report says. Click here for more.
Microsoft talks to the enemy: Microsoft's main eye on the open source community says the software giant wants to shake off its image of "stomping" on new ideas and be more open to talking with Linux developers. Click here for more.
Gates gives $40m to old school: School fund-raisers selling raffle tickets will be looking enviously at the donation from a former pupil to a school in Seattle in the United States. Click here for more.
Firefox and Mac security sanctuaries 'under attack': Symantec has renewed its assault of the perceived security advantages of Apple Macs. "Mac users may be operating under a false sense of security..." Click here for more.
Unix, Linux and Open Source
Wainui backs Linux: Wainuiomata Training Centre hopes to raise $2 million from the Government and private sources to turn the suburb into a hotbed for open-source software development by late next year. Click here for more.
Linux users warned over Firefox flaw: Security researchers have discovered a new vulnerability with Firefox that might allow hackers to seize control of Unix or Linux machines running vulnerable versions of the popular alternative browser software. Click here for more.
The Weird, Weird Web
Whining American eBays 'devil doll': Yup, you've guessed it: devil doll appears from nowhere, resists all attempts at disposal and gradually subjects target family to a spine-tingling litany of terror. Click here for more.
Pizza firing wins online contest: A computer engineer who lost his job because he ate two pieces of pepperoni pizza has been named the winner of an offbeat Internet contest that solicited stories about outrageous firings. Click here for more.
Oz email catfight secretaries walk plank: Top Oz legal outfit Allens Arthur Robinson has been "rocked" by an email flame war provoked by a missing ham sandwich which has resulted in two secretaries being given their marching orders... Click here for more.
Yet more help desk humour
A woman called the help desk with a problem with her modem. The tech asked her if she was "running it under Windows." The woman then responded, "No, my desk is next to the door. But that is a good point. The man sitting in the cubicle next to me is under a window, and his is working fine."
Customer: "Hello? I'm trying to dial in. I installed the software okay, and it dialed fine. I could hear that. Then I could hear the two computers connecting. But then the sound all stopped, so I picked up the phone to see if they were still connected, and I got the message, 'No carrier,' on my screen. What's wrong?"
Customer: "I'm having a problem installing your software. I've
got a fairly old computer, and when I type 'INSTALL', all it says is 'Bad command or file
At our company we have asset numbers on the front of everything. They give the
location, name, and everything else just by scanning the computer's asset barcode or using
the number beneath the bars.
A user called to say that she was having problems with her computer. Fortunately, she had already analysed the problem, and announced confidently, "I have a short in my mouse pad".
Help desk: What's on your monitor now ma'am?
Customer: My keyboard is not working anymore.
A customer couldn't get on the Internet
Help desk: How may I help you?
Helpdesk: What kind of computer do you have?
Thanks again for reading the Actrix newsletter. Feedback can be sent to me via the e-mail address listed below. Please limit this to comments/suggestions regarding the newsletter. Non-forum requests for support should go to the Actrix Help Desk (firstname.lastname@example.org) or to the Accounts Department (email@example.com).