The Actrix Online Informer is published each month to help keep Actrix customers up-to-date with what's happening on the Internet, and to help ensure they have every opportunity to benefit from it.

Questions and comments about the Actrix Online Informer can be e-mailed to editor@actrix.co.nz
Other inquiries should be e-mailed to support@actrix.co.nz.

Actrix – New Zealand's first Internet Service Provider

Welcome to the June Actrix Online Informer

Welcome to the June 2010 Actrix Online Informer, and nearly the midpoint of the year.

We hope there's something of interest for you in the month's edition, so pull the heater up next to your computer or take your laptop into the lounge by the fire and enjoy.

Rob Zorn

Does your password pass?

This is an updated version of an article we ran back in 2008. Back then we had a problem with spammers guessing customers' account passwords, and then setting up sub mailboxes under those accounts to use as e-mail addresses from which to send spam. It would appear they are at it again.

Spammers can crack passwords very quickly using programs designed to do 'brute force' username/password guessing. The software cycles through a bunch of common passwords, hoping to hit a match that works. Because a surprising number of people have poor passwords – they tend to have a lot of success.

And if they've cracked your account in order to set up a mailbox, they can also read your mail and get up to all sorts of other worrying mischief. They probably won't because they want to remain hidden, but that's hardly comforting!

In response we will soon be strengthening the minimum requirements for passwords and contacting at-risk users advising them to change their passwords. The new minimum requirements for passwords will be that each must contain at least:

• eight characters
• one capital letter
• one lower case letter
• one number.

Below we'll suggest a system you can use to come up with a password that contains all these things, is very hard to crack, but is also very easy for you to remember, and even to vary for different log-ins. We'll also tell you about how to change your passwords and settings.

But first, there are a number of generalisations about Kiwis and their passwords. We have a number of bad password habits that might make it easy for baddies to guess or 'brute force' them.

1) The most common form of password is either a pet's or child's name with the digit 1 after it. I think this is because many people don't think about a password until they're setting up an account or log in. Typically they are informed that a password should have letters and numbers, and the first thing that comes into their head that they think they will remember is their child's (the firstborn, or the most recent-born is the most common) or their pet's name. The 1 gets added because they have to have a number in the password and this is the easiest number to remember.

If I wanted to guess your password, then, I would try a few combinations on your kids' or pets' names first. A 'brute force' bot program will be able to try thousands of combinations around common pet or child names in seconds.

2) It is extremely common for people to substitute letters for numbers that look like letters. The letter 'o' gets replaced by a zero. The letters 'i' or 'l' get replaced with a 1. The letter 's' gets replaced by a 5, 'g' by a 9, etc. So using your kids' or pets' names and substituting numbers and letters isn't going to slow down the spammers' bot programs for long.

3) Many people still use a birth date or part of their phone number for the required number(s) in their password. These may be easy to remember, but such numbers are also easily guessed. Short combinations of numbers are also little problem for the bots.  

4) Almost unbelievably, some people still think the most obvious password is the one that will never be guessed. They may use the word "password" or pa55word," or phrases like "letmein" or "opensesame" and think they're being really clever. Unfortunately, they're not nearly as original as they think they are. Be sure the 'brute force' bots know about all of these!

5) Many people go years without changing their passwords. Reasons for this would include them not finding the matter important, or just having too many passwords at all sorts of different places, so the thought of changing each one becomes all a bit too much. Probably too, a lot of people have forgotten their passwords, and sometimes you need to know your password before you can change it.

There are two schools of thought on how often to change your password. Some argue that if you have a really good password, then you don't need to change it all that often. They may be right – but the key point is having a really good and uncrackable password that bears no apparent semblance to any real word.

6) People use the same password at various places. Again, this is done so that not too many passwords need to be remembered, and the same password can be used for logging onto the Internet, onto the banking site(s), the auction site(s) and the online dating site or web forum. Unfortunately, though, if your password is harvested, and the harvester suddenly has access to everything you've got.

Okay, so how can you choose a good password?

A good password should be a mixture of letters and numbers, and there should also be a mixture of capital and lower-case letters. But a good password also needs to be easy for you to remember, and for most of us, remembering a string of gobbledegook (e.g. kq9Ph3I9) is not easy.

One suggestion is to think of a core password that would look like gobbledegook to anyone else, but would make sense to you because you know its key. You could then use that core at all of your different log-ins, with a unique variation added to it (also easy to remember) for each separate log in.

Confused? Let me explain.

Think of a short phrase such as a line from a nursery rhyme (e.g "to fetch a pale of water") and reduce it to a series of letters. The core of our password suite will thus become "tfapow". Next change the "to" to the numeral 2 and the letter o to a zero. Our password is now 2fap0w (which isn't too hard to remember if we know how it was derived).

The next step is to think of a unique identifier for each of the sites where you log in. The main colour of a site might be an example. So, if I was logging into my Westpac banking site (mainly red in colour), I might add RE to the front of the password. As soon as I accessed the Westpac site, the main colour would remind me that my password for this site starts with RE, and because I've memorised the core password, I can remember that my password is RE2fap0w. If I was logging into an ANZ web site my password would be BL2fap0w. Of course, colours is just one option. Perhaps there's some other unique identifier for each site: the first or last two letters of the company's name... use your own creativity to find a pattern that works for you. 

Next time I change my core password to hd50aw (Humpty Dumpty sat on a wall), my password at the Westpac site would change to REhd50aw.

Another simple method for choosing passwords is to use nonsense syllables and separate them with numbers such as the following: breeN91gilB, ritT81bleeG, or fiM43drutT. Nonsense syllables are easier to remember because they are pronounceable, but they won't make sense to anyone else, and are therefore pretty un-guessable. However, if you're changing your password regularly, these become harder to remember, in my opinion, because there is no system to them.

How and why should you protect your password?

It is one thing to choose a good password that is not easily guessed, but the best password in the world is of little value if you are careless with it.

The most obvious thing that comes to mind here is phishing scams. We've all had those e-mails turn up that purport to come from our ISP, or from PayPal, or Trade Me, or eBay, or our bank warning us that we're about to be cut off or that something has gone wrong with our account, and could we please go to a special page to log in and stop this terrible thing from happening. Of course, behind the scenes, this web page only looks like the authentic one, and it is really designed to capture your log in details for some hacker's nefarious purposes.

Most people are probably aware of phishing scams by now, and are less likely to fall for them, but hackers and web-tricksters are always finding new ways to part people from their passwords, and a high level of suspicion regarding any request for your password is appropriate. Reputable companies have a policy never to request your password in an e-mail, so anyone who does it is highly suspect.

Writing your passwords down is a bit of a tricky one. If they're written down on a piece of paper (and some security advisors recommend this instead of storing them electronically), then they are not vulnerable to a hacker who may have compromised your computer. They are, however, vulnerable to anyone who might be looking through your drawers or papers.

It's generally good practice, too, not to have your user name and password (e.g. dialup or browser-based log-ins) remembered automatically by your browser. If you do this, and your computer is stolen, make sure you contact your online providers immediately to have the password(s) changed.

Lastly, exercise extreme care in choosing who you share any password with. I have been surprised on more than one occasion to find that customers have complained someone else has been using their account and it turns out to be an ex-boarder, or someone with whom they've had a relationship break-up. Our terms and conditions state that your account is for your use alone. Understandably, couples etc will be sharing accounts and we don't mind that, but you give your password out to anyone else at your own peril, especially if you forget to change it once they've moved on.

Some general dos and don'ts by way of summary

• Don't use a password that involves anything you're well-known for being enthusiastic about. This includes your pets, kids and hobbies.
• Don't use a birth date for the numbers in your password. This is one of the first things a hacker will experiment with.
• If you do substitute numbers for letters in your password, make sure that isn't the only variable you use and include some capital letters.
• Never use a word that can be found in the dictionary. One hacking trick is to use what's known as a dictionary attack. This involves firing potentially every word in the dictionary at a web log-in password field, and remember, computers can do things very fast. Anyone with a normal word as their password is much more vulnerable to such an attack.
• Don't use the same password at multiple sites or log-ins. If you do, someone only has to hack you once and your whole life is theirs.
• Find a way to make your password meaningful and memorable for you, but apparent gobbledegook to anyone else.
• Be sensibly paranoid about handing over your password in response to any e-mail asking for it. Reputable sites and companies will not ask for your password in an e-mail.
• If you must write your passwords down, keep whatever they're written on well-hidden, and preferably behind a lock.
• Don't share your password. If you do, remember to change it immediately if you no longer want the other person to have access.
• Use at least eight characters, and more if you can.
• Never store your passwords in a document on your computer, and never, ever, ever put them in an e-mail.
• Be familiar enough with your password that you can type it quickly. This makes it harder for someone to steal your password by watching over your shoulder.

View this article on its own... 

Facebook and your privacy

Facebook has been in the news a fair bit lately, mainly for the way in which it has altered users' privacy settings without adequately explaining to them how and why. Many users have had enough or see this as the last straw and are quitting Facebook for good. In fact, 31 May was international Quit Facebook Day. If quitting altogether is too radical for you (who could live without Facebook anymore?) then here is a round up of blogs and articles you may find helpful.

• A guide to Facebook's new, simpler privacy controls
• How to return Facebook's privacy settings to what you signed up for
• Scan your Facebook settings for privacy loopholes
• The evolution of privacy on Facebook
• Facebook bows to privacy pressure
• In defence of Facebook
• Five essential Facebook privacy tips
• "Kill your Facebook page" backlash gains speed
• How to quit Facebook without actually quitting Facebook
• Eight ways to protect your privacy on Facebook
• How to delete your Facebook account (and other social networking accounts).

Broadband troubleshooting

While your Actrix broadband connection should work continuously and without interruption, there may be the odd occasion where things just don't work as you'd expect. Our friendly helpdesk staff are happy to assist with these sorts of issues, but quite often simply restarting your modem (powering it off and then back on) is all that's required to get you up and running again.

It's important to remember, however, that your modem will take a minute or two to restart (some older models may take up to five minutes). It has to negotiate with various servers to get connected back to the Internet, and this can take time, so it's best to give it a few minutes before trying the connection again.

With a lot of broadband modems, the easiest way to tell if it's back online after a restart is to look at the lights on the front panel. Most modems will have a light labelled "DSL" or "ADSL"; if this light is lit up and steady it means your modem has synchronised with your local telephone exchange. Your modem will then try to authenticate and get online; again most modems will have a light labelled "PPP" (or possibly "Internet" or "WAN") which will be steady when this authentication is complete and the modem is online ready for you to use.

If you find that your DSL or PPP lights aren't lighting up as expected, or that your connection is still not working a few minutes after restarting your modem, please contact us on 0800 ACTRIX (228-749) and our friendly helpdesk staff will be glad to assist you over the phone.

Readers' forum 

If you'd like to ask a question or request some help on any Actrix or Internet-related matter. Simply send us an e-mail with the word "Forum" in the subject line. I'll try and get an answer to you by return e-mail, and will also post the answer here for the benefit of others who may have a similar question or problem. By the same token, if you read something here and think you may have something to suggest, feel free to contribute. Please also note that questions and answers may turn up under the Helpful Tips section on the Actrix home page (www.actrix.co.nz).

--

Colin writes: I live in a rural area and am wondering whether broadband can be received here. How do I go about this?

Hi Colin, There can be problems getting ADSL broadband to work in rural areas. This is mainly due to the quality of the copper network out in the country and the distance between you and your local telephone exchange. Our help desk staff have a line checking tool that they can use to get an indication of whether ADSL is possible for you or not, though sometimes a "likely" is the best indication the tool can give, as there are so many variable. Definitely worth a look though. Give the help desk a call on 0800 228749. They can also answer other questions you may have.

These questions and answers may also be of help.

--

Patrick writes: Later in the year I am to spend three months or so in the USA. I am thinking of buying a laptop over there rather than lugging one over. I'm assuming the institute at which I'm staying will have some Internet connection. Could you please tell me how I can continue to use my Actrix connection there to receive and send emails. I suspect it will be somewhat like your advice about using a mobile phone, but with some differences.

Hi Patrick, Yes, you can continue to use Actrix email and your Actrix email address when overseas. You don't need to connect through Actrix to access your incoming mail, so the Internet connection provided by your institute there will be fine. That Internet provider should also have no problem with you using your Actrix email address to send email.

On your new laptop your email settings should all be the same as they are here except for the outgoing mail server setting. It is normal for any Internet provider to require you to connect only to their mail server when you are sending email. So when you get your new laptop in the States, set up your email program as follows:

Email address: your Actrix email address
POP server: pop3.actrix.co.nz
SMTP (outgoing mail server): check with your internet provider over there.

There are instructions for setting up various email programs at http://www.actrix.co.nz/page.php?id=125 (just remember to replace the outgoing [SMTP] mail server settings with those of your American provider).

I hope that helps.

View this article on its own...

Interesting sites 

Please note: Actrix supplies links to these sites for your interest and possible use. We cannot endorse or take any responsibility for their contents.

Got a site you think would be neat to share with other readers? Click here to e-mail and let me know!

I found your camera http://ifoundyourcamera.blogspot.com/ – I would be quite devastating to lose your camera. All those holiday snaps or pictures of friends and loved ones gone forever. I found your camera is a website set up to help re-unite people with their lost cameras. People who find them email in a few pictures downloaded from the camera and a description of where it was found. What a great idea! The site is updated three times a week. Must be a lot of people finding cameras out there!

Your face in 20 years http://in20years.com/ – "In20years uses advanced face detection and morphing technology to predict what your face would look like in 20 or 30 years from now. Our magical engine turns your face old automatically. All you have to do is upload your photo. You can also see what future holds for you if you were a drug addict... Oh, yeah - and it's FREE!

Unusual words http://users.tinyonline.co.uk/gswithenbank/unuwords.htm – "A by no means exhaustive list of rare, obscure, strange and sometimes funny words and their meanings that only seem to crop up in crosswords and dictionaries. Words that are used so seldom, you wonder who invented them and why."

Moon Zoo www.moonzoo.org/about – "The Moon is perhaps the most familiar object in the night sky, but it still has its mysteries. Following the excitement of the Apollo Moon landings in the 1960s and 1970s, a new flotilla of spacecraft is exploring the Earth's nearest neighbour. The images from NASA's Lunar Reconnaissance Orbiter which you're invited to explore with Moon Zoo show the lunar surface in remarkable detail, including features as small as 50 cm across."

Clever, geeky Windows tricks http://lifehacker.com/5543354/the-cleverest-geeky-windows-tricks-everyone-should-know – Anyone can sit down at a Windows PC and get along fine, but with the right tips and tricks, you can get around much faster. Here's a handful of clever tricks to help you boost your Windows skills (and show off to friends).

Have these allusions eluded you? http://blog.oup.com/2010/05/allusions-eluded/ – Have you ever wondered where the titles of novels, plays, films and the like come from? Some are obvious, at least after you’ve read the book or seen the movie, as with Star Wars and The English Patient, but many titles are not transparent and leave you wondering just why the author chose them.

The 48 laws of power http://www2.tech.purdue.edu/cgt/courses/cgt411/covey/48_laws_of_power.htm – In the immortal words of Jock Ewing: "Power isn't something given to you, Power is something you TAKE!" This list is from an actual course at Purdue University. It doesn't make powerful people look very attractive.

How autistic are you? www.wired.com/wired/archive/9.12/aqtest.html – Psychologist Simon Baron-Cohen and his colleagues at Cambridge's Autism Research Centre created the Autism-Spectrum Quotient, or AQ, as a measure of the extent of autistic traits in adults. In the first major trial using the test, the average score in the control group was 16.4. How will you score? Note the test is not a means for making a diagnosis, and many whose scores meet the diagnostic criteria for mild autism or Asperger's report no difficulty functioning in their everyday lives.

Really crazy business cards http://dotcommogul.net/branding/really-crazy-business-cards/ – Are you struggling with how to present your business credentials in an interesting and memorable way, or do you just enjoy collections of pictures that show how creative others can be? Here's a collection of interesting, and often amusing, business card ideas..

Cyberspace news snippets

What's been happening in the online world?

New Zealand

Social site use rising as privacy fears grow: New Zealanders' use of social networking sites such as Facebook and Twitter is soaring amid growing public concern about privacy on the web, a new poll shows. Click here for more.

E-therapy to chase away blues: Mental health patients could soon be receiving treatment over the web under plans to launch a national e-therapy programme. Click here for more.

Portals to give parents look into schooling: Parents will be able to check their children's school attendance and test results through online portals that will soon be provided by at least 250 schools. Click here for more.

Google cars gathered home internet data without telling: Google has collected personal wireless internet data from New Zealand homes through cars sent around the country for its Street View project. Click here for more.

GST rise will give overseas web firms edge say retailers: Retailers say the looming rise in GST will give online merchants overseas an even bigger price advantage. Click here for more.

Adultery site aims to hook New Zealanders: Typical male: no commitment and lots of sex. That's one of almost 3000 taglines used by Kiwis who have signed up to a website designed to help people have extra-marital affairs. Click here for more.

Social web use best protected via education: Published this week, the survey of Individual Privacy and Personal Information shows that 43 per cent of us now use a social networking site such as Facebook or Twitter. Click here for more.

Internet abuzz with Budget chatter: Kiwis took to the internet to react to the release of Budget 2010 - with the majority believing they are better off after the announcements. Click here for more.

Kiwi broadband speedier: Broadband speeds have improved in New Zealand but are slower outside of Auckland and vary considerably between internet providers (ISPs), the Commerce Commission says Click here for more.

Revised copyright bill still flawed: InternetNZ seminar: Termination of internet accounts as a penalty for persistent copyright infringement through music and movie downloading could put people in peril of breaking the law in more serious ways, lawyer Rick Shera has told a seminar on the Copyright (infringing File-Sharing) Bill, now before Parliament. Click here for more.

General

Judge orders Facebook truant groups shut: A judge in the Argentine province of Mendoza has ordered Facebook to shut groups created by minors to organise mass truancy from school. Click here for more.

Will social media ruin reality TV?: Facebook, Twitter and YouTube are threatening to spoil reality TV by spilling its secrets before they can air. Click here for more.

Webby Award winners announced in New York: The 14th annual Webbys, which celebrate internet achievement, were announced overnight by the International Academy of Digital Arts and Sciences, a 550-member group of web experts. Click here for more.

Judgement Day: Website lets peers review you: It used to be that a potential employer would call your references to see whether you'd be a good fit. But what if you showed up for an interview and the employer already knew you blew an important project at your current job, just by checking on the Web? Click here for more.

Facebook users reject illusion of privacy: As many as four out of five Facebook users accept that the site offers no privacy, unlike the majority of the general population who consider it a private space. Click here for more.

Facebook must evolve or wither, say analysts: In the fickle world of social networking, Facebook is ubiquitous. But will you still love it tomorrow? Click here for more.

Internet Explorer losing grip on browser market: IE remains dominant today. But, compared to its heights in the early 2000s, it's slipping. This week, the market researcher NetApplications released a report saying IE has fallen to less than 60 percent of the browser market. Click here for more.

Facebook page that led to block removed: A Facebook page that was considered offensive to Islam and led to a Pakistani ban on the site has been removed, possibly by its creator. Click here for more.

Being yourself online: Author Adam Singer says "analysing, taking sides and causing controversy" are great for a blog's popularity and that walking on eggshells gets you nowhere. Click here for more.

Google bans 'cougar' dating site ads: Google is being accused of double standards after a decision to censor the placement of ads for a dating site catering for cougars - older women who seek the company of younger men. Click here for more.

'Rogue' internet firm 3FN shut down: A net firm that actively 'colluded' with many net criminal groups has been dismantled by US authorities. Click here for more.

Virtual life after death: When you die, what happens to your online life? Click here for more.

The net is not just for the young: Helping older people get online is vital, and part of a wider transformation, says Bill Thompson. Click here for more.

Director: Firefox 4 will be 'fast, powerful': In a presentation to Firefox developers, Mozilla's Mike Beltzner said that the planned version 3.7 of the browser will now become Firefox 4.0 - a revamp clearly designed to close ground on Microsoft's Internet Explorer and stay ahead of competitors like Google's upstart Chrome. Click here for more.

Do you get e-mail rage?: It happens without warning. You're scanning e-mails and suddenly you're triggered by someone's words or a tone you sense – or even see; the e-mail is filled with "ALL CAPS" or "Exclamation points!!!" or bold formatting. Click here for more.

Google official reaffirms HTML5 readiness: Despite concerns that it is far from being finished, HTML5 is ready for use, at least for most platforms and for most duties, asserted a Google developer. Click here for more.

Youngsters rein in Facebook use: It might go against conventional wisdom, but a new report from the Pew Internet & American Life Project is adding fuel to the argument that young people are fast becoming the gurus of online reputation management, especially when it comes to social networking sites. Click here for more.

Farmville, Mafia Wars stay on Facebook: Quelling rumours of a breakup, Facebook and the company behind many of the most popular games on the social network say they've signed a five-year partnership that will keep Farmville, Mafia Wars and Cafe World on the site. Click here for more.

South Africa mulls porn ban: A South African government official is proposing a complete ban on digitally distributed pornography and has approached the country's Law Reform Commission to ask whether a change in the law is possible. Click here for more.

Most of us Google ourselves, survey finds: Web search engines make our lives easier: They connect us with what we're searching for in a matter of seconds, and sometimes they bring us to places we didn't even know we were looking for. Click here for more.

Mom Uses Facebook To Find Kids: A California woman whose children were kidnapped 15 years ago located them in Central Florida -- by using Facebook. Click here for more.

Security and Safety

Child abuse 'big business online': There are 450 gangs around the world making money from images of child sex abuse, a UK-based internet watchdog says. Click here for more.

How to stop becoming phish food: Safeguards to stop people falling for phishing scams are not working, says Bill Thompson. We need a different approach. Click here for more.

Online sex predators on rise: Victoria Police have confirmed that organised criminal networks and individuals in and outside Australia have been grooming children for illegal sex and the number of predators is rising. Click here for more.

Sites caught sharing secret data with advertisers, report says: A report in the Wall Street Journal indicates that Facebook, along with MySpace, Digg and a handful of other social-networking sites, have been sharing users' personal data with advertisers without users' knowledge or consent. Click here for more.

Mainly Microsoft

Microsoft unveils free web version of Office 2010: Gone are the days when Microsoft could simply unveil a new version and know the market would rush to adopt it. Click here for more.

The Weird, Wide Web

Student on Trade Me mission: The teenage creator of the "invisible ute" Trade Me auction has launched her next cyber project after the success of her tyre sale. Click here for more.

Long-lost brothers reunite via Twitter: We've heard of musicians finding collaborators via Twitter and reporters finding sources, but what about long-lost brothers finding each other? Well, that's what happened to Matthew Keys, online news producer for KTXL FOX40 News in Sacramento, California. Click here for more.

Hacker steals 22,000 email address, demands Astley tune: Dutch hacker Darkc0ke hijacked a radio station database containing 22,000 email addresses and threatened to publish them unless the station play Rick Astley's Never Gonna Give You Up, a variation of an internet meme known as "rickrolling." Click here for more.

It was five years ago today

Each month we dredge through our archives to pull out stories from the Actrix Newsletter of exactly five years ago. Sometimes these stories will show just how much the net has changed in such a short time, and sometimes they'll be included just because they're interesting.

Net-illiterate 'failing children': Internet-illiterate parents could leave their children on the wrong side of the digital divide, researchers have said. Click here for more.

The Internet, ranked No. 1, changed the world: Today, with a couple of clicks, you can go anywhere in the world without leaving your computer. Click here for more.

Children drive home internet use: Children rule the roost when it comes to home net access, a survey has found. Click here for more.

One in 20 'fall for online fraud': One in 20 UK internet users say they have lost money through online scams, research into spam emails suggests. Click here for more.

E-mails 'hurt IQ more than pot': Workers distracted by phone calls, e-mails and text messages suffer a greater loss of IQ than a person smoking marijuana, a British study shows. Click here for more. 

Bringing it all back home

Thanks again for reading the Actrix Online Informer. Feedback can be sent to me via the e-mail address listed below. Please limit this to comments/suggestions regarding the newsletter. Non-forum requests for support should go to the Actrix Help Desk (support@actrix.co.nz) or to the Accounts Department (accounts@actrix.co.nz).

Have a great month!

Rob Zorn
editor@actrix.co.nz
http://editor.actrix.co.nz 

Copyright © 2010 Actrix Networks Limited | Contact: editor@actrix.co.nz