Hardening your Android Device, Part-3

Securing your Android Phone can be accomplished in many different ways, and by catering to many different tastes, so no single way is correct, or best for everyone. I do recommend at least the following as a minimum spread on your device.  There are three main areas for security on your device, those settings which left in default mode can be a serious security risk, those apps and programs which help secure your device like AntiVirus and AntiMalware, and AntiTheft apps which can lock-down and secure your information should your device be lost or stolen.

Continue reading

Hardening your Android Device, Part-2

Part-2: Take Control of your Google Account
We’ve all heard the old axiom that building a good house requires a good foundation.  I prefer the Engineer’s version of that saying: “To build a stable house requires a square, true, and level foundation.  Well, ensuring your sole control over your account is the equivalent first step in our endeavor. Actually, you can have any kind of account as your primary account for your Android phone, but we’re presuming for the purposes of this article that you have a Google Account.  If you have a Microsoft or Yahoo account, you’ll need to do some of your own research to find these kind of equivalent settings. 

And while it might sound counter-intuitive to securing your device, we actually need to take control of your Google account before we can harden your device.  This is to ensure that you are the only person with access to your Google Account.  Even if you are certain that you never shared your account password with a good friend, or significant other, your account could still have been compromised.  This is the perfect opportunity to confirm that your account is still entirely yours.

Continue reading

Why you need a Password Manager

My biggest and best argument for using ANY Password Manager is this: passwords are by definition a security measure meant to ensure that your accounts are kept as secure as possible by being as complex as reasonably possible.  However, making a password as easy to remember actually runs counter to the entire idea of security.  So why bother challenging yourself to remember any password at all when a Password Manager could do this part of the job for you.  And if a Password Manager performs the “manage” portion of the job correctly, then they can actually make your life a whole lot easier by automatically inputting the username and password at the appropriate times.

Continue reading

Hardening your Android Device, Part-1

There are many steps that should be taken in following the general strategy of hardening one’s mobile device.  For the purposes of this article, I’ll be hardening a Samsung Galaxy S7.  This process will be divided into three parts: Preparation Work will be Part-1,  Take Control of your Google Account Part-2, and finally Part-3 will be the actual Hardening of the Android Phone.

Part-1: Prep Work
Let’s get some housekeeping chores done first, prior to attempting to harden your Android Device. We’ll begin by actually doing some updates on your PC if you have one.  If you don’t have a PC that you use any of your current phone services from, then you’re find to move on to Part-2.

Continue reading

So Your WordPress got Hacked…

I’m a geek, and I love technology, so it’s not surprising that I have several websites for my different audiences: multiple public facing websites, private family websites, and local community websites.  I consider “In My Mobile World” to be one of my public facing websites.

Unfortunately, as a result of a vulnerability found in a PHP sub-routine called “Tim Thumb” (used in the WordPress Theme called “The Morning After…”), a hacker was able to gain access to my WordPress PHP code.  This particular Theme was used on one of my local community websites, so over the course of time the hacker also gained access to ALL of my websites since they are all accessible with root privileges on my hosting account.

I believe that I have now corrected all of the known “vectors of attack” in my websites by plugging all of the known vulnerabilities. Of course, only time will tell, and hackers may find additional new vulnerabilities with my websites in the future, so this is going to be an uphill battle.  So let’s see what we can do to prepare you for the same battle.

Depending on the cloud? Are you crazy?

Converting to the Cloud
Do you now own a Windows Phone 7 device, and are confused about how to proceed?   Does the concept of the cloud confuse you? 

I have to admit, it can be a bit daunting to convert over to using the cloud for storage.  There is some physical work to be done on your part in preparation to beginning to use a Windows Phone 7 device.  But in my opinion, the biggest aspect of the conversion is really actually a psychological one. 

So I’ll talk about the physical part (Installing Outlook Hotmail Connector) in another article in the near future.  For now, let’s talk about the cloud and why it represents such a scary proposition for most folks.

The scary Cloud
I mean, depending on the cloud sounds like a really bad idea, right?  Keeping all of your personal and private information in the cloud?  Aren’t we just asking for problems?

Well, there are actually a lot of good reasons to make this kind of change.  What’s more,  you may already be utilizing the cloud on a daily basis without really considering it as “using the cloud”. 

Defining the Cloud
The cloud, as a term, is something of a misnomer.  First and foremost, your data is not held in an infrequently accessed vault like your parents old safe deposit box.      The use of the term “the cloud” actually refers to any network outside of *your* network, where your data is stored.   So by connecting your Outlook on your home computer to to an Exchange Server via your DSL connection?  That’s a cloud connection.   Or connecting Outlook to your ISP to download your e-mail?  That’s a cloud connection too.  

The obvious conclusion is that you are probably already using a cloud connection on a daily basis, but just never thought about it as a transaction through the cloud.  Take a minute and let that sink in…

So why use the cloud?
Ok, now the reason as to why this “synchronizing with the cloud” process is utilized: most of the average consumer’s life (at least the primary demographic target audience of WP7 device users) is spent online on Facebook, Twitter, FourSquare, etc.   So it makes sense to utilize a phone that has integrated Facebook support built right into the OS. 

As such, the contacts on a WP7 device are actually an aggregation of your Facebook contacts, merged or “linked” with your contacts contained within your Windows Live or Hotmail accounts.   Both sets of information originally reside in the cloud prior to synchronization.  That is, the FB contacts reside on the FB server.   The Windows Live contacts reside on the Windows Live server.   Then after the sync, they are downloaded to your WP7 device and merged when the names (first and last) are the same.  Similarly, your Calendar items on your Google account, Hotmail, or Windows Live accounts will synchronize down to your phone.

Security of the cloud
There are those who state that their data is more safe when it only resides on their computer, and I’m here to say that they are only partially correct.  The overal security of the cloud is entirely dependant on how well you choose to protect your privacy.   If you let everyone see all of your personal info on Facebook, then you really cannot expect your data residing in the cloud to be safe. 

Likewise, if you have your PC setup with little or no protection from the outside world in the form of a Firewall and AntiVirus software, then your PC data residing on (only) your PC isn’t very safe either.

Catastrophic issues
Catastrophic problems occur on both platforms (PC vs the Cloud).   Your PC could become infected with a Virus or Trojan, or it could be hacked or your harddrive destroyed in a fatal drop from the countertop.  I suspect that there is a higher degree of such an occurence compared to breaches in the cloud (an ISP getting hacked and your e-mail accessed, etc), but I’m afraid that I don’t have any statistics to quote to back up my theory.   However, most security breaches of security in the cloud causing the unintended release of personally identifiable information on Facebook are due to user ignorance of FB privacy settings, but I’m sure a great deal of personal data has also been released to third parties due to the constantly changes privacy rules on Facebook.   I’ll leave that particular issue for Facebook to discuss publicly with it’s users.

In Conclusion…
I would like to sum up the entire article thusly: since you already allow your e-mail, Facebook account, Twitter account, Google Calendar, etc to live out in the cloud, then why not aggregate all of them into a single point?

And that one point, ladies and gentlemen is a Windows Phone 7 device!