It’s Not Easy To Be An Expert (or Pretend To Be One)

When I first started up this blog, I had a fairly clear vision of where I wanted to go with it. Having browsed the musings of established GTD bloggers like Merlin Mann of 43folders.com and Andrew Mason of Did I Get Things Done, I wanted to follow in their mold of becoming an established voice in the field. But then along the way, it seemed that I hit a wall. You see, one of my goals has always been to have some useful, original content to post; trouble is, GTD is such a hot topic these days that original thought or advice is rather hard to come by.

Now granted I could talk about how to set up your “trusted system”, or how to maintain discipline with starting tasks, etc. But the truth is, someone has probably already written about it, and with far better clarity and experience than I could claim to have. I’ve been at this game for just under two years now; hardly enough time to call myself a guru of any kind. So what’s a disenchanted productivity geek to do?

In short, I’ve decided to take the blog in a bit of a new direction. Instead of trying to write some authoritative pieces on how you should integrate the concepts of GTD into your life, I’m going to keep it rather simple, and just talk about me. Now before you ask, this is not going to turn into some ego-maniacal diatribe on why Josh Is God or some such nonsense. No, instead, I’m just going to write as what I am: a guy coming from a world of disorganization and ADD-exacerbated messiness, trying his damndest to learn how to keep everything together (or at least keep appearances of such, but don’t tell my boss).

From now on, it’s going to be a more journalistic approach. I.e. “I read this really interesting post the other day, here’s how I’ve tried to incorporate it, here’s why it worked / didn’t work.” I’ll be happy to tell you all about my struggles and triumphs, and maybe even those of others I meet or talk to. But from now one, the one thing I’ll try not to do is tell you how to do things. If you ask (comments still encouraged), I’ll be happy to give an opinion, but outside of that, the advice column is closed.

Beyond that, I’m also going to try and expand a bit on the non-GTD topics that are holding my interest. I think a while ago I wrote a pretty decent introduction to a series on e-mail encryption… maybe it’s time to pick that up again, eh?

Here’s to a little diversity and change in focus. Hopefully it will be just the thing to help break out of a bit of writer’s block and get this blog up and running again.

How To Secure Your E-Mail – Part I

So just how safe is this?

Everyone loves the convenience of e-mail. In minutes you can instantly send pictures of your kids, travel itineraries, love notes, or any other form of written or visual (picture or video) communication to far away relatives. It’s practically instant gratification, with communicators sending notes back and forth on a whim.

Degree of Difficulty: 3(Power User) for installation, 2(Normal User) for subsequent usage

Note: All tips published will have a difficulty rating of 1 (Grandma could do it), 2 (Normal User), 3 (Power User), and 4 (Geeks only).

But what lots of people fail to realize is that e-mail is inherently a highly insecure method of communication. For instance, did you know that:

  • By default, your message is broadcast across the internet in clear text, meaning it is not scrambled or encrypted in any way.
  • During its voyage, it may spend time on computers that are a) not owned or in any way related to the sender or recipient, and b) quite possibly not running the latest and most secure version of software, and are vulnerable to being hacked.
  • In the case of (a) above, as well as on your ISP’s mail server, your e-mail can be read at any time by someone who has administrative (think super duper all-powerful) rights on that server. Imagine some poor, lonely, nerdy guy sitting at a computer terminal, busily reading your passionate love letter to your husband or wife. OK, that’s a bit of an extreme case, but you get the point.
  • E-mail is inherently “spoofable”. That is, it is extremely easy to fake the sending address of an e-mail, making a spammer’s message asking for personal information appear as though it came from your good friend or spouse.

So what are we to do? Abandon all use of the medium, and resort to folded notes, sealed with wax and delivered by pigeons?

Well, no, that’s not really necessary, but we do need to take steps to ensure that either we a) accept the insecure nature of e-mail, and make sure we don’t talk about anything we wouldn’t want our neighbors knowing over it, or b) take steps to make our e-mail readable only to those the message is meant for.

The Lock-Box Methaphor of Key-Based Encryption

We all know that to “encrypt” something means to somehow scramble its contents to the point where without knowledge of how to decode the message, it appears as nothing more than garbage.

One of the more common encryption methods is known as “Public Key Encryption”.  Here’s how it works.

Imagine for a moment that you are in possesion of the following items:

  1. An unlimited number of boxes with nearly impenetrable locking mechanisms.  These boxes can hold letters, pictures, video tape, etc, and can be sent through the mail.
  2. An unlimited number of keys that can lock these boxes; however once closed and locked, this key cannot be used to open the box and view what is inside.
  3. A single, master key, which can be used to open any of the boxes.

Let’s say you have a significant other who lives across town (or across the country, for that matter), and they have something private they want to send you: their bank account number, a steamy love letter, perhaps some rather, err, “personal” pictures? Use your imagination.

Now if you’re friend were to simply send these through the mail, your friendly-yet-nosy postal service worker could easily open the package and view its contents.  So, being a saavy and security conscious person, you instead give your SO a bunch of these boxes, as well as one of your “lock-only” keys.  Now, they simply need to put the incriminating item in one of your boxes, lock it up, and send it on its merry way.  You can both be confident that only the two of you will know what contents lie within.

As an added bonus, imagine that your friend has sealed the box with one of those old-fashioned wax stamps, using their finger as the source of the impression (ouch! that’s hot).  Now imagine that you have some fool-proof way to verify that the seal was in fact made by your friend, and not some impostor.  This is called “cryptographic signing” and is yet another benefit to using public key encryption.  But we’ll get into more detail in later parts.

Do I have your attention?

For now, all you need to know is that by the end of the series, you’ll be able to securely send and receive e-mail with your friends and family, without spending so much as a penny.  You can do this on just about any computer, with any e-mail client from AOL to GMail (though as we’ll see, some are easier than others).  For the difficulty of this task, I will give a hybrid 3 (Power User) / 2 (Normal User) rating, as the installation process is a bit tricky.  If you’re not comfortable with the instructions I give, you may want to have someone computer friendly and trustworth carry them out for you (note: do not let some anonymous Geek Squad employee do this for you, as you will essentially give them the keys to your e-mail).

Tune in next week for Part II of our series, when we’ll be talking about the first steps in installing the software necessary to undertake our operation.

Keep Your Windows XP Computer Up To Date Automatically

While I am not a fan of Microsoft Auto Update due to a little piece of, ahem, semi-spyware it installs, for those who are less technically inclined it still gives you an easy and safe way to ensure your computer is kept up to date. This is extremely important as Microsoft releases updates monthly (more frequently these days) which help prevent hackers and other malcontents from taking advantage of your computer’s generosity.

Degree of Difficulty: 1 (Grandma)

Note: All tips published will have a difficulty rating of 1 (Grandma could do it), 2 (Normal User), 3 (Power User), and 4 (Geeks only).
Auto Update and Install

To access the screen shown above, click on Start, then select Control Panel, and Automatic Updates. Then, select the button titled “Automatic”. You can then choose when you want Windows to download and update your system. Hint: pick a time in the early hours of the morning, when you can leave your computer running overnight. Wednesday at 3:00AM is a good time, as Microsoft routinely releases patches on the second Tuesday of the month.

Most of the time, the update process should be completely transparent to you, and your computer should be ready for you to check your e-mail with the morning coffee. Occasionally however, you may run into an update that requires you to accept a user agreement, or requires a restart of your PC. If this is the case, you’ll see some kind of on-screen notification, usually in the form of one of those little bubbles in the bottom right corner.

Block annoying ads with AdBlock Plus (and protect yourself in the process)

For my inaugural “Information Security Made Easy” post, I’ll give a quick and simple tip.  While perhaps more of a convenience and usability tweak than a true security tip, it nonetheless will help keep excess garbage from being downloaded and displayed on your computer, which is always a good thing.

Degree Of Difficulty: 1 (Grandma)
Note: All tips published will have a difficulty rating of 1 (Grandma could do it), 2 (Normal User), 3 (Power User), and 4 (Geeks only).

You know those incredibly annoying rollover ads common on websites these days?  Sure you do.  They’re the ones where if your mouse happens to move over a tiny corner, it explodes in flashy glory over your entire screen.  The only way to get rid of it is to click a tiny “x” in the corner of the screen, which sometimes seems to move about randomly, taunting you.

Well, fear not, there is an easy and effective way to be rid of these once and for all, using the excellent Firefox add-on “AdBlock Plus”.  It installs in minutes, and instantly will block a high percentage of these ads without any user input.

Should you still find something being shown that you wish to block, you simply have to right click on the image, and select “Adblock Image”.

Taken from Adblock Plus Addon Page

Taken from Adblock Plus Addon Page

One of my favorite sites to browse, Sports Illustrated, was downright loaded with these kind of annoyances.  Now that I’m using AdBlock, I’m able to browse freely with no interruptions.

Adblock Plus is available here: https://addons.mozilla.org/en-US/firefox/addon/1865.

Why you should care about computer security

Here are some sobering quotes to consider:

  • “As the global financial crisis continues, we expect criminals to take advantage of the panic and fear among consumers worldwide and increase their targeted phishing attacks in the coming months.”
  • “Phishing attacks spiked significantly following the announcements of various bank failures in late September. While there was no strong trend towards using any one specific bank or failure, overall increases in phishing activity in the days following each major announcement were recorded.”
  • “Acquisition of innocent machines via email and Web-based infections continued in Q3 at about the same pace measured in Q2, with over 5,000 new zombies created every hour.” Note: a “zombie” is a computer which has been infected by viruses or other bad programs, which allows hackers to remotely manipulate or control the machine and use it for their own purposes. A Very Bad Thing to say the least.
  • Source: http://www.securecomputing.com/pdf/SCC-InternetThrtRprt-Oct08.pdf

There is an enormous amount of malicious content out on the web, just waiting to be installed on an unaware user’s computer. In the best case scenario, you may only see some annoying pop up ads for sites touting items such as Viagra knock-offs or pornography. In many cases, however, the result may be far less obvious, but far more nefarious.

I do not pretend to be any kind of true expert in the world of computer security. What I am is someone who is highly security conscious (some would say bordering on paranoia), who would like to help those who are less technically savvy to reduce their risk of being a victim of cyber-crime.  With computers  becoming more and more a part of our daily lives, keeping your computer safe is every bit as important as locking your doors at night.

This post is the first in a new weekly series I’ll call “Information Security Made Easy”. Every Tuesday or thereabouts, I’ll be posting tips or short how-to articles containing steps that normal users can take to better defend themselves against this new breed of crime. Every post will have a difficulty rating, ranging from “Grandma” to “Geek”, indicating how hard the recommended action is. In many cases, the tips I’ll be writing about may make your ability to freely browse the internet a little more difficult; if that’s the case, I’ll tell you so, frankly and clearly. Only you can decide if the trade-off is worthwhile.

If anyone has tips they think are worthwhile, please feel free to e-mail me at josh at awanderingmind dot com.  On that note, here’s your first tip: use a dedicated e-mail address whenever signing up for a website or entering your information.  That should help prevent your normal address from being bombarded with spam.