- Tip of the Day Blog

Entries by Miguel M. de la O (1065)

Monday

Aug052013

GREAT HOME Printer

Monday, August 5, 2013 at 06:01AM

In the Universe of Printers, One Worth Talking About

The Hewlett-Packard Pro P1606dn is 15 inches wide, weighs 15 pounds and goes to sleep when you are not printing. And when you are, it has a mode that is slower but quieter than normal.

Say what you want about the evil of printer companies.

“Why, the ink costs more than the printer!” Yes, we know. “They give away the razor, and sell you expensive blades!” Correct. “They say we have to use their own brand of ink! That’s just to stop us from using other companies’ cheaper ink!” Bingo.

But that’s inkjet printers.

In the black-and-white, personal laser-printer realm, I’ve been pleasantly surprised. The one I bought in 2003, an H.P. LaserJet 1300, was cheap, compact and networkable; it served me flawlessly for a decade.

A couple of months ago, it finally gave up the ghost — or, rather, started printing lighter and lighter pages, even with fresh cartridges. I considered getting it repaired, but when I saw that I could get a much faster, much better, brand-new laser printer for around $100, I decided to leap into the future. ($100. Man. My first laser printer was an NEC SilentWriter for which a buddy and I paid $6,000 in the late ’80s.)

Now, I generally don’t review printers. The reason is simple: I’m a one-man operation, and there are hundreds of printer models to review. I’d lose that war fast.

The one I actually bought, though, deserves a special mention. It’s the Hewlett-Packard Pro P1606dn ($150 online). Fortunately, whoever names these things doesn’t design them. This is one rockin’ printer.

First, it’s shiny, black and tiny: 15 inches wide, 11 deep, 9.5 inches tall. We keep it on a bookshelf, believe it or not. It weighs 15 pounds, which is very light. (My old SilentWriter, by contrast, was roughly the size and weight of a Volkswagen Beetle.)

Keeping it in the main living area of the house is also made possible by this printer’s environmentally thoughtful narcolepsy; it goes to completely silent sleep when you’re not printing. And even when it is, it has a Quiet mode that’s slower but quieter than normal.

Second, the printer practically sets itself up. The Smart Install feature means that the drivers and software you need are built into the printer; you don’t need a CD or a download. Any computer you connect to it with a USB cable instantly grabs the software it needs, all by itself. (Smart Install is for Windows. Our Macs didn’t need it; OS X comes with the driver already built in.)

The first page pops out only a few seconds after you click Print, and then the printer absolutely blazes: 25 pages a minute. It makes inkjet printers look positively sluglike.

The printouts look fantastic, crisp and black. The input and output trays hold 150 sheets; there’s also a “priority” slot for envelopes, label sheets and other special paper. You get about 2,000 pages from each $78 cartridge, which isn’t bad.

But for my family, the P1606dn’s star features are these:

* Built-in networking. Plug an Ethernet cable into the back, and suddenly this thing is on the network, so any Mac or PC in the house can send printouts to it wirelessly. No setup.

* AirPrint. You can send printouts to this printer from an iPhone, iPad or iPod Touch — or at least any app with a Print command — without any setup. For example, we routinely use the phone as a scanner. (We use a scanner-like app, JotNot, to capture page images, then print them instantly and wirelessly on the HP. Double sided.)

* Double-sided printing. I’ve never seen duplex printing on a personal laser printer before, but it’s awesome. It saves a ton of paper and serves manuscripts and musical scores especially well. It’s amazing to watch. Each page spits out of the printer, then gets sucked back in, and finally slides out a second time, now printed on both sides.

Here’s what you sacrifice. This printer doesn’t have a screen or even a status panel — only three indicator lights — but I’ve never once missed them. No memory-card slot, either. And, like most printers, this one comes without any cables. You’re expected to supply your own USB or Ethernet cable.

Incredibly fast, superb quality, dirt cheap; no wonder this printer gets rave reviews on Amazon. Here’s one more. If you’re looking for a home laser printer, you’ll fall in love with this one — whatever it’s called.

In the Universe of Printers, One Worth Talking About - NYTimes.com

Miguel M. de la O | Comments Off |

Printing

Friday

Jul052013

Wi-Fi is about to get a lot faster and more reliable

Friday, July 5, 2013 at 11:23AM

Wi-Fi is about to get a lot faster and more reliable

Next-generation Wi-Fi routers, using 802.11ac technology, will be able to accommodate more devices and provide better coverage in a home or office space.

By Paresh Dave, Los Angeles Times

June 22, 2013

YouTube videos stopping and starting? Spreadsheets taking an eternity to upload? Connections suddenly dropping?

Many of those Wi-Fi woes could soon come to an end.

An industry group this week began certifying products capable of running on a faster and more reliable wireless network technology. It marked the unofficial beginning of the next generation of Wi-Fi.

Contrary to popular belief, many of the connection problems that home users encounter are often not related to their broadband service but rather to the Wi-Fi routers.

The new technology — 802.11ac — has the potential to be up to four times as fast as the current standard 802.11n technology. Smartphones, computers and routers with the new technology are already hitting store shelves, though industry experts don't expect average consumers to start picking up the devices until the holiday shopping season or early next year.

The technical improvements bring Wi-Fi up to par with the sweeping changes in the home entertainment industry. The number of Wi-Fi-connected devices in U.S. households has doubled during the last five years, according to Wakefield Research.

Smartphones, tablets and even appliances such as refrigerators and washing machines now compete with televisions, gaming consoles and laptops for a share of a finite network bandwidth. Increasingly, many of those devices are also displaying hours of video a day, putting incredible demand on the network.

The fifth generation of Wi-Fi tackles those problems by increasing speed limits and moving to a new highway, from the congested lanes of the 2.4-gigahertz frequency band to a more open 5-gigahertz spectrum.

The changes should mean that routers will be able to accommodate more devices at one time and provide better coverage throughout a home or office space. In apartments or areas crowded with other electronics, the new "highway" offers the promise of less interference, meaning connections shouldn't randomly drop, particularly if the consumer is using a 2.4-gigahertz cordless phone.

"We expect that the users will see a significant increase in the performance of their applications," said Greg Ennis, technical director of the Wi-Fi Alliance.

The trade association owns the Wi-Fi trademark, and it must say that a product works correctly with other Wi-Fi certified products before a device can carry the official Wi-Fi seal. Ennis said the start of the alliance's certification process would unleash a flood of products onto the market capable of running 802.11ac.

But the improvements won't come cheap, at least initially. Some uncertified routers that support the new technology are already available. Most of the 802.11ac routers cost more than $150, compared with $50 for an older device.

A second wave of "ac" routers should reach stores by early 2014, bringing the price of the earlier ones down. But the best time to buy might be the middle of next year when prices for the second batch are expected to drop to about $100. One of the key metrics consumers should look at is the number of simultaneous users a router can handle. Known by the acronym MU-MIMO, the technology allows a router to send data to multiple devices more efficiently.

Last week, Apple announced that its newest MacBook Air laptop would include the new Wi-Fi technology. The company's AirPort Extreme Base Station and AirPort Time Capsule will also notch higher speeds. The base station comes with a new feature known as "beamforming," which is an optional part of 802.11ac. Beamforming automatically optimizes a Wi-Fi signal's path to deliver faster speeds to a particular device.

Everything that's certified as 802.11ac will work with older gadgets. But to take advantage of the faster speeds and wider bandwidth, both ends of a transmission must have the new technology. Older computers can be upgraded using an 802.11ac USB adapter.

The last major Wi-Fi upgrade began in 2007, with the launch of the 802.11n technology. "N" was the successor to "a," "b" and "g." By the end of the year, the Wi-Fi Alliance expects to start certifying the more niche "ad" technology. Its optimal use is limited to small areas with dozens of devices connecting to a network, such as classrooms or a small, public hot spot.

Why are letters being doubled up now? The Institute of Electrical and Electronics Engineers, which oversees wireless standards, used "o" through "z" to denote minor technical changes since the launch of "n."

Wi-Fi is about to get a lot faster and more reliable - South Florida Sun-Sentinel.com

Miguel M. de la O | Comments Off |

Networking,

Wireless

Wednesday

Jul032013

Two-factor authentication: What you need to know (FAQ)

Wednesday, July 3, 2013 at 11:21AM

Two-factor authentication: What you need to know (FAQ)

Twitter just got it. Apple recently got it, too. Google, Microsoft, Facebook, and Amazon have had it for a while. But why's two-factor authentication important, and will it keep you safe?

by Seth Rosenblatt

Twitter announced Wednesday that it has started supporting two-factor authentication, joining a growing list of major Web services that offer the more secure log-in method.

Two-factor authentication, or 2FA as it's commonly abbreviated, adds an extra step to your basic log-in procedure. Without 2FA, you enter in your username and password, and then you're done. The password is your single factor of authentication. The second factor makes your account more secure, in theory.

How to enable two-factor authentication for:

"Twitter made the decision to use SMS [to deliver its second factor] because it makes sense from their position," said Jon Oberheide, chief technology officer of Duo Security, which uses apps to prove identity. SMS is "universal in some respects, all you need is a mobile phone."

But Twitter has faced some backlash, he said, because many of the highest-profile Twitter hacks have been against corporate Twitter accounts.

"Two-factor authentication does help, but Twitter is a high-value target, and it needs to be protected like one," said Jim Fenton, chief security officer at OneID, an enterprise password replacement system.

Here's a rundown of what two-factor authentication is, how it can work for you, and what its limitations are.

What is two-factor authentication?
Two-factor authentication adds a second level of authentication to an account log in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account. The three types are:

Something you know, such as a Personal Identification Number (PIN), password, or a pattern
Something you have, such as an ATM card, phone, or fob
Something you are, such as a biometric like a fingerprint or voice print

How old is two-factor authentication?
Older than life itself.

OK, not really. But 2FA is nothing new. When you use your credit card and you must enter in your ZIP code to confirm a charge, that's an example of 2FA in action. You must provide a physical factor, the card, and a knowledge factor, the ZIP code.

But just because it's been around for a long time doesn't mean that it's easy to set up and use.

Wait, it's hard to use?
It definitely adds an extra step to your log-in process, and depending on how the account vendor, such as Twitter, has implemented it, it can be a minor inconvenience or a major pain. Much also depends on your patience and your willingness to spend the extra time to ensure a higher level of security.

Fenton said that while two-factor authentication makes it harder to log in, it's not "hugely" more so.

"An attacker might be able to collect a cookie or an OAuth token from a Web site and essentially take over their session," he said. "So, 2FA is a good thing, but it does make the user experience more complicated...It's done when you're logging into an account on your device for the first time, for example."

Will two-factor authentication protect me?
Well, that's a loaded question when it comes to security.

It's true that two-factor authentication is not impervious to hackers. One of the most high-profile cases of a compromised two-factor system occurred in 2011, when security company RSA revealed that its SecurID authentication tokens had been hacked.

Fenton explained both sides of the effectiveness problem. "The thing that concerns me as a security guy is that people don't look at what the cause of the threats might be. 2FA mitigates the problems, but a lot of awful attacks can run on 2FA."

At the same time, he said, two-factor offered more protection than logging in without it. "When you make an attack harder, you're disabling a certain subset of the hacker community," he said.

How is 2FA vulnerable to hackers?
To hack two-factor authentication, the bad guys must acquire either the physical component of the log-in, or must gain access to the cookies or tokens placed on the device by the authentication mechanism. This can happen in several ways, including a phishing attack, malware, or credit card-reader skimming. There is a another way, however: account recovery.

An RSA SecurID key fob.

(Credit: Via Wikimedia Commons)

If you remember what happened to journalist Mat Honan, his accounts were compromised by leveraging the "account recovery" feature. Account recovery resets your current password and e-mails you a temporary one so that you can log in again.

"One of the biggest problems that's not adequately solved is recovery," said Duo Security's Oberheide.

Account recovery works as a tool for breaking two-factor authentication because it "bypasses" 2FA entirely, Fenton explained. "Just after [the Honan story was published], I created a Google account, created 2FA on it, then pretended to lose my data."

Fenton continued: "Account recovery took some extra time, but three days later I got an e-mail helpfully explaining that 2FA had been disabled on my account." After that, he was able to log back into the account without 2FA.

Account recovery is not a problem without a solution, though. Or, at least, solutions are being worked on.

"I see biometrics as an interesting way to solve the recovery problem," Oberheide said. "If I lost my phone, it would take forever to go through each account and recover them. If there's a very strong biometric recovery method, a passcode of my choosing, and a voice challenge or something like that, it becomes a very reasonable and usable recovery mechanism."

Basically, he's suggesting using one form of two-factor for logging in, and a second, different two-factor combo for recovery.

What's next for 2FA?
As two-factor authentication becomes more commonplace, it's more likely that attacks will be more successful against it. That's the nature of computer security. But by virtue of being more commonplace, it will become easier to use, too.

Oberheide said that many of his customers start off thinking that implementing 2FA will be expensive or hard to use, but often find that their experience with it is the opposite.

"I think that will come faster in the consumer space because they're not dealing with all this cruft from the legacy of 2FA from the '80s," he said. But he noted that older systems can have a hard time getting 2FA going. "A few months ago, we published the bypass of Google's two-factor scheme," he explained. "It's not a ding against two-factor in general, but against Google's complicated legacy system."

Fenton noted that increased adoption could create opportunities to refine the technology. "Should we be planning now on designing something that can scale to large numbers of sites? It seems that 2FA is really exploding right now," he said.

Despite its problems, Oberheide sounded an optimistic tone for two-factor authentication. "If we can increase the security and usability of 2FA at the same time, that's a holy grail that's often difficult to achieve," he said.

Two-factor authentication: What you need to know (FAQ) | Security & Privacy - CNET News

Miguel M. de la O | Comments Off |

Security

Monday

Jul012013

DASHLANE RememberS YOUR Passwords

Monday, July 1, 2013 at 10:37AM

Remember All Those Passwords? No Need

60 Seconds With Pogue: Dashlane: David Pogue on the convenience and security of Dashlane, a free password manager.

By DAVID POGUE

“If you want to avoid having your identity stolen, use long passwords that contain digits, punctuation and no recognizable words. Make up a different password for every Web site. And change all of your passwords every 30 days.”

Have these security pundits ever listened to themselves?

That advice is clearly unfollowable. I currently have account names and passwords for 87 Web sites (banks, airlines, blogs, shopping, e-mail, Facebook, Twitter). How is anyone — even a security professional — supposed to memorize 87 long, complex password strings, let alone remember which goes with which Web site?

So most people use the same password over and over again, and live with the guilt.

There are solutions. Most Mac and Windows Web browsers now offer to memorize passwords for you. But that feature doesn’t work on all Web sites, and is generally of little help when you pick up your phone or tablet. At that point, the only person you’ve locked out of all your online accounts is you.

The only decent solution is to install a dedicated password memorization program (like Roboform, KeePass, LastPass, 1Password, and so on). Last week, one of the best was just improved: Dashlane, now at 2.0. It’s attractive, effective, loaded with timesaving features and available for Mac, Windows, iPhone and Android — and it’s free.

Installation is quick. Dashlane works in Safari, Chrome, Internet Explorer and Firefox. It can import existing password “vaults” from rival programs.

Dashlane has two primary features. First, yes, it’s a password memorizer. Every time you type your account name and password into a Web page and press enter, Dashlane pops up, offering to memorize that information and fill it in the next time.

In fact, it also offers to log you in — not just to enter your password, but also to click “log in” for you. In effect, Dashlane has just removed the login blockade entirely. When you go to Facebook, Twitter or Gmail, you just click your bookmark, smile at the briefest flash of the login screen and arrive at the site.

Since Dashlane is now storing and auto-entering your passwords, you’re now free to follow the security experts’ advice. You can make up long, unguessable passwords — a different one for every Web site, since you don’t have to remember any of them. In fact, each time you sign up for a new account, Dashlane offers to make up such a password for you, and then, of course, to memorize it.

Dashlane’s second huge feature is even more amazing. It can also fill in other kinds of Web site forms: your name/address/phone number, and even your credit card information.

When you’re buying something online, and you click into the credit card number box, Dashlane displays pictures of your credit cards: Visa, MasterCard, American Express or whatever — even PayPal.

When you click the one you want to use, Dashlane instantly fills in the long card number, your name, the expiration date, even that accursed security code, in the right boxes. Every time you order something online, you save between 30 seconds and five minutes, depending on whether you have your card information memorized or have to go burrow through your wallet.

When you make a purchase, Dashlane even offers to store all the details in a digital receipt that you can call up later, along with a screenshot of the Web site where you shopped. This feature makes online shopping so frictionless, every dot-com retailer on earth ought to be promoting Dashlane as if its profits depended on it.

In fact, Dashlane can fill in all kinds of forms automatically: phone numbers, job titles, tax numbers and so on. If you’ve ever recorded multiple answers — you have two different Twitter accounts, say — two tidy buttons appear beneath the name box, bearing the account names. Click the one you want.

Unlike some rival programs, Dashlane doesn’t require you to associate one set of personal information to each “profile.” If you have three addresses, for example, you’re always offered those three when filling in a form. You don’t have to create three personalities’ worth of personal information.

So far, Dashlane probably seems designed for convenience, and that’s true. Behind the scenes, of course, its ultimate goal is security.

No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency. Your entire Dashlane universe is protected by a master password. It’s intended to prevent a laptop thief from heading online with your missing computer and going on a shopping spree.

In version 2.0, furthermore, you have the option of using two-factor authentication — fancy lingo for an extra layer of security. To unlock Dashlane, you have to enter your master password as well as a code that Dashlane texts to your phone. It’s a pain, yes, but it effectively ruins the day of any ne’er-do-well who was hoping to guess or steal your master password.

Version 2.0 also introduces a convenient security dashboard, which identifies reused and weak passwords. It also eliminates the baffling points system of 1.0, which rewarded you for logging into Web sites. Thank goodness. There are iPhone and Android phone versions of Dashlane — also free and also fantastic.

The other big change in Dashlane 2.0 isn’t quite so joyous. True, Dashlane can wirelessly synchronize all your passwords between your computer and phone, so that the phone, too, automatically enters them as you surf. But in 2.0, that feature now costs $20 a year. (It used to be free, and still is if you used earlier versions of Dashlane. The company does urge the earlier Dashlane fan to make a one-time contribution — $40 seems to be its favorite suggestion.)

An annual fee? Really? That seems a steep charge by a company that, until now, seemed remarkably customer-friendly. Alas, that seems to be the model these days. Dashlane’s archrival LastPass is also free for Mac and Windows computers, and also stores your credit card and other information. But to use LastPass on a phone, you have to pay $12 a year.

Still, Dashlane is much better looking, better designed and easier to use. To fill in credit card information, for example, LastPass requires you to choose a “Choose Profile and Credit Card” command from a menu. Dashlane saves you one step and six pounds of terminology.

It’s not perfect. Each time Dashlane stores a password for you, it also nudges you to put it into a category (e-mail or social media, for instance) and associate it with one of your e-mail addresses. The company says that all of that paperwork is only a convenience — you can click right past it — but it’s still a befuddlement every time.

Now and then, I found a Web site that Dashlane couldn’t auto-log into, too.

And Dashlane doesn’t work in the built-in browser on the iPhone. (No password keeper can, Dashlane says, thanks to Apple’s rigid programming rules.) Instead, it offers its own little iPhone browser. (The Dashlane app for Android also has its own built-in browser now.) It’s fast, it’s almost exactly like Safari and it auto-fills all the Dashlane-ish stuff, but it’s more trouble to find and open.

Still, complaining more than briefly about Dashlane’s drawbacks is like grumbling about the taxes when you win the lottery. It saves you infinite time and hassle, it’s (mostly) free, and it belongs on your computer and phone this very day.

Remember All Those Passwords? No Need - NYTimes.com

Miguel M. de la O | Comments Off |

Security,

Utilities

Friday

Jun282013

Email VIRUS Infections

Friday, June 28, 2013 at 09:55AM

HTG Explains: Why You Can’t Get Infected Just By Opening an Email (and When You Can)

Email viruses are real, but computers aren’t infected just by opening emails anymore. Just opening an email to view it is safe – although attachments can still be dangerous to open.

Past security problems with Microsoft Outlook resulted in a lot of damage, and some people still believe that just opening an email is dangerous. This isn’t true.

Why Opening an Email is Safe

Emails are essentially text or HTML documents (web pages). Just like opening a text file or web page in your browser should be safe, opening an email message should also be safe. Whether you are using Hotmail, Gmail, Yahoo Mail, Outlook, Thunderbird, or another web-based or desktop email client, opening an email – even a suspicious looking one – should be safe.

However, some emails may try to infect you after you open them. They may contain malicious programs as attachments or have links to malicious websites full of malware and scams. You should only run trustworthy attachments – even if someone you trust sends you file attachment with a .exe file or another program file, you probably should not open it. They may be compromised.

As with everything on the web, you shouldn’t run programs that try to automatically download onto your computer after you click a link.

Why Opening Emails Was Once Unsafe

In the past, Microsoft Outlook had a serious security problem. Emails – which were once just plain text – are also allowed to contain HTML code: the same code that web pages like this one are written in. An Outlook vulnerability allowed emails to run JavaScript code and infect your computer. For this reason, just opening an email was potentially dangerous.

However, this vulnerability was fixed. Emails cannot use JavaScript. Modern email clients don’t even automatically display images in emails. As with web browsers, operating systems, and other computer programs, security holes are occasionally discovered and patched.

As long as you are using up-to-date software – including your mail client, browser, browser plugins, and operating system – you should be able to open email messages and view them without fear.

Email Safety Tips

File attachments and links in email can still present danger. Follow these best practices to stay safe:

Keep Your Mail Client, Web Browser, and Operating System Updated: Software updates are important, as the bad guys regularly find holes and try to exploit them. Software updates close these holes and protect you. If you are running an outdated browser and email client, you could be compromised. (If you have Java installed, you should uninstall it or at least disable the browser plugin to protect yourself, too.)
Use Antivirus Software: On Windows, antivirus software is an important layer of protection. It can help protect you from both mistakes and software bugs that allow malware to run without your permission.
Don’t Run Dangerous Attachments: If you get a PDF file from someone, it’s probably safe to open (especially if your PDF reader is up-to-date). However, if you suddenly get an email with a .exe file or another potentially dangerous type of file you aren’t expecting – even if it’s from someone you know – you probably shouldn’t run the attachment. Exercise extreme caution with email attachments – they are still a common source of infection.
Be Careful of Links: Clicking links should be safe, just as loading a website in your browser should be safe. However, if the link looks like it leads to a site packed with malware and acai berry scams, you probably shouldn’t click it. If you do click a link, don’t download and run any potentially dangerous files. You should also watch out for phishing – if you click a link in an email that appears to be from your bank and end up on a similar-looking website, it may not actually be your bank’s website, but a clever imposter.

For more information about dangerous phishing emails, read Online Security: Breaking Down the Anatomy of a Phishing Email.

There are a variety of problems you could encounter with email: dangerous file attachments, scams that try to take your money, phishing emails that attempt to steal your personal data, and links to dangerous websites. However, just opening an email shouldn’t cause any problems.

Miguel M. de la O | Comments Off |

Email,

Security