10 Funny & Thought Provoking Videos on Social Media & Technology

by Ian Anderson Gray Posted on May 17, 2012

Zuckerberg: The Musical

As it’s almost the end of the week and I am on a roll (what, three blog posts on the same day?!), I thought it was time for a lighter post. We some­times need cheer­ing up and to see the lighter side of tech, social media, seo and the inter­net. I love videos that have a bit of fun or make you think about tech­no­logy. It’s some­times easy to lose sight of real­ity, espe­cially when it comes to enga­ging with people (yes, people) on a social net­work. I find it inter­est­ing to dis­play how people act on a social net­work in real life– and then you see how daft we can all get.

So without fur­ther a do, here are my ten funny or thought­ful videos on social media, the inter­net or technology…!

1. Zuck­er­berg: The Musical

If you sub­scribe to any major social media news site, then you’ll prob­ably already have seen this musical take on Face­book founder Mark Zuckerberg’s life. As it was the Zuck’s 28th birth­day last Monday and Facebook’s IPO fast approach­ing, a musical com­edy on his life was cre­ated by CDZA. CDZA are an ensemble who cre­ate “musical exper­i­ments”, and I have to say I love this– espe­cially being a singer myself.
 

2. Face­book in Real Life

Ever wondered what writ­ing on someone’s wall, or pok­ing or friend­ing someone would look like in real life? This is a clas­sic par­ody video now, and one that many of you will have seen before. It still makes me laugh though… a lot!
 

3. Pin­san­ity– Pin­terest Serial Killer

Pin­terest is all the rage at the moment. It is a social shar­ing site of things you like. You can pin pho­tos, videos and quotes to your board, and re-pin other people’s “pins”. It is hugely pop­u­lar amongst women (so much so that “manly” ver­sions have sprung up, like Gen­tle­mint). Here’s what Pin­terest in real life could look like… and it doesn’t look good…!
 

4. Some Grey Bloke: What Twit­ter is For

Some thoughts from “Some Grey Bloke” on what Twit­ter is. Sums it all up really.
 

5. Fol­low Jesus on Twitter

How would the Gos­pel story be told if social media was around at the time of Jesus? This video tracks the story of Jesus through social media.
 

6. My Black­berry is Not Working

Brit­ish comedi­ans Ron­nie Corbett and Harry Enfield in this just won­der­ful sketch about a Black­berry, Orange and an Apple in a green­gro­cers. Just so funny!
 

7. Not Google+

Want a reason not to join Google+. Join, Not Google+…
 

8. Matt Cutts Par­ody Mashup: How to Rank #1 on Google

UK based SEO Con­sult­ant, Sam Appleg­ate, put this won­der­ful mashup video of Matt Cutts together. Taken from his Google Web­mas­ter videos, Matt Cutts tries to answer a ques­tion from 1 mil­lion people from the Phil­ip­pines…
 

9. The Social Net­work Par­ody Movie: You­Tube The Movie

Seen “The Social Net­work” the movie? Ever wondered what “You­Tube” the Movie would look like? Thought not. Well, here’s a par­ody on what it could look like…!
 

10. The Onion: All Data Lost After Inter­net Crash

Finally, a won­der­ful video on the day the inter­net crashed. Be afraid, very afraid! ;-)
 

Posted in Internet | Tagged , , , , , | Leave a comment

Tools to Display Tweets at an Event

by Ian Anderson Gray Posted on May 17, 2012

Twitter BirdA friend of mine recently asked me if I knew of any tools that would allow him to dis­play tweets on a dis­play (on a TV screen, digital pro­jector or mon­itor). I knew there must be many tools out to this as I have seen tweets dis­played at quite a few events I atten­ded in the past. I told him I would have to do some research.

Unsur­pris­ingly (when it comes to Twit­ter) there are indeed many tools to do such a job. Unfor­tu­nately, each have their set of pros and cons. As I think this might be of interest to other people out there, I thought I’d post my find­ings here.

There are a few factors you will need to take into consideration:

  1. Price. Do you want some­thing for free or low cost, or are you happy to spend a little more?
    It really depends on the event and who is organ­ising it. If it is a char­ity event or some­thing more per­sonal (like a party) then you may not want to or have the funds avail­able to spend much money. If it is a lar­ger event with some spon­sor­ship back­ing, then per­haps you could jus­tify the cost of a paid tool.
  2. Mod­er­a­tion.
    Are you happy to let any­thing go? Per­haps you can trust the people who are likely to use a par­tic­u­lar hashtag (although I’d def­in­itely be cau­tious of that approach!) Do you want swear words and pro­fan­ity auto­mat­ic­ally filtered out, or do you want to accept or deny each Tweet manually?
  3. Dis­play– Look & Feel.
    How do you want each tweet dis­played? Do you want one tweet at a time? Are you happy with a long list of tweets? Do you want a cus­tom background?

Now that we’ve thought about those points, let’s delve into some of the tools out there. Remem­ber, this isn’t an exhaust­ive list. If you feel I’ve missed a really great Twit­ter dis­play tool, then please men­tion it in the comments!

1. Twit­ter Wid­gets — Free

Twit­ter wid­gets enable you to put a twit­ter stream on your web­site. They offer a bit of cus­tom­isa­tion and they are free. You’ll have to host this on a web page, and it may need a bit of tweak­ing so it can go full screen.

Twitter Search WidgetFirstly, head over to the Twit­ter Search Wid­get page.   Put you hashtag in the search query field and choose your title and cap­tion. You can also choose your colours/colors in the appear­ance tab and make sure you have a look at the set­tings in the pref­er­ences tab (in par­tic­u­lar make sure you check “poll for new res­ults”. In the dimen­sions tab, check the “auto width” tab and then click “fin­ish and grab code”. You’ll get some­thing like the following:

<script charset="utf-8" src="http://widgets.twimg.com/j/2/widget.js"></script>
<script>
    new TWTR.Widget(
    {
      version: 2,
      type: 'search',
      search: '#socialmedia',
      interval: 30000,
      title: 'Social Media',
      subject: 'Tweets on Social Media',
      width: 'auto',
      height: 600,
      theme:
        {
           shell:
             {
               background: '#8ec1da',
               color: '#ffffff'
             },
 tweets: {
 background: '#ffffff',
 color: '#444444',
 links: '#1985b5'
 }
 },
 features: {
 scrollbar: false,
 loop: true,
 live: true,
 behavior: 'default'
 }
}).render().start();
</script>

Then, post the above in a web page and you should be good to go. Here is an example that I cre­ated for the hashtag #social­me­dia. You’ll have to have a play with the height to get it to dis­play in your browser win­dow. I changed mine to 600 pixels. The text is a bit small and not overly pro­fes­sional, but it’s quick and easy and free!

2. Twit­ter Foun­tain — Free/€24.95 for 3 months

Twitter FountainThere are quite a few great things about Twit­ter Foun­tain. Firstly there is a free ver­sion which still gives you loads of fea­tures and levels of cus­tom­isa­tion. You can set up lots of dif­fer­ent advanced search options such as words, people (includ­ing fil­ter­ing out cer­tain words) and even by loc­a­tion (for example only include Tweets within a cer­tain radius of a location).

The down side with the free ver­sion is that you will get the odd mes­sage say­ing “This visu­al­isa­tion is brought to you by Twit­ter­foun­tain, the original”.

To remove this and to get mod­er­a­tion you’ll need the paid ver­sion, which is very reasonable- €24.95 for 3 months. This will prob­ably cover you for your event, or per­haps for a couple if you have more than one close together.  If mod­er­a­tion is import­ant to you, then this prob­ably is the best option for you.

Here is a demo that I cre­ated using the free ver­sion of Twit­ter Foun­tain with the same hashtag– #social­me­dia. Find out more at Twit­ter Foun­tain.

3. triqle - €250 per event

triqle- Twitter on ScreensIf you have more funds avail­able, you might want to check out triqle who have some very pro­fes­sional and high end tools. Their Twit­ter on Screens product has an impress­ive array of func­tion­al­ity including–

  • Mod­er­ate tweets
  • Cus­tom­ise design includ­ing adding your logo
  • Dis­play mul­tiple hashtags/search terms

This isn’t going to fit every­one, but for medium to large events, €250 per event, isn’t too much for such a pro­fes­sional display.

 4. visibletweets.com — Free

Visible TweetsThe dis­play of Tweets on vis­ib­letweets isn’t to everyone’s taste, but I actu­ally quite like it. It dis­plays one tweet at a time, which I think is prefer­able at an event. There aren’t many lay­out and design options– you have three anim­a­tions and can search by hashtag or by using any Twit­ter search oper­at­ors. Here is a visibletweets.com demo, again using the hashtag, #socialmedia

You can’t mod­er­ate any tweets or fil­ter out any dodgy words, so you might want to think twice about it depend­ing on how much you can trust the people using your hashtag. You can how­ever use another ser­vice, TidyT­weet with vis­ib­letweets. TidyT­weet works in con­junc­tion with vis­ib­letweets and allows you to mod­er­ate your tweets before they appear. Unfor­tu­nately it’s quite pricey at $100 per month. I am sur­prised that’s described as “reas­on­able” for per­sonal and busi­ness use, but, depend­ing on your event, this might be justifiable.

5. Twit­ter­fall — Free

TwitterFallTwit­ter­fall gives you lots of search options, and a full screen dis­play. It’s use­ful if you want to dis­play a list of tweets in real time. It won’t work if you want to dis­play tweets in a large font one at a time. You also need to log in to your Twit­ter account for it two work. There aren’t any mod­er­a­tion options, so all tweets will show, although you can set keywords to exclude.

6. Tweetwally.com — Free

TwitterWallyTwit­ter­wally is sim­ilar to Twit­ter­fall in that it gives a list of recent tweets depend­ing on your search cri­teria. In my opin­ion it gives a nicer look and feel than Twit­ter­fall and you have the option to save your dis­play as a link to use later. Again, you don’t have any mod­er­a­tion options.

7. Tweet­Beam — Free/Commercial

Tweet BeamTweet­Beam gives a really pro­fes­sional look­ing dis­play to your Tweets includ­ing a back­ground of the pho­tos of the people doing the Tweet­ing. It’s free for private and non-commercial use.

You can fil­ter out words using the “block words” field in the fil­ter sec­tion although this may require quite a few words if you want to block out all pro­fan­ity you could think of! These fil­ters are applied in real time, so there would be noth­ing stop­ping you adding an extra word to the block list if you see a Tweet on the dis­play with a rather unwel­come word!

There appears to be more advanced fea­tures for the com­mer­cial ver­sion, but I have yet to find out whether this includes mod­er­a­tion. The founder of Tweet­Beam, Yousef El-Dardiry, men­tioned in the com­ments after I ori­gin­ally pos­ted this art­icle, that they are able to provide more advanced cus­tom­isa­tion includ­ing logos.

You can see a demo of a present­a­tion powered by Tweet­Beam using the #social­me­dia hashtag here.

8. Make Your Own! — Free

You could always script your own, or at least base it on someone else’s work. Mel­bourne freel­ance web developer, Rohan Latimer, came up with his own script for a friend’s party called Twit­ter Party. You can see the demo here and find out more about how to build it using his tutorial. I’m sure it’s quite easy to tweak, and even build in your own pro­fan­ity fil­ter if you know some Javas­cript. Have a peak on how Tom Scott did it for his fun app, Klouch­bag by look­ing at the source code. There are some naughty words in there, so beware!

I’m in the pro­cess of build­ing my own, and I’m look­ing at hav­ing mod­er­a­tion and offens­ive word fil­ter­ing. I’ll let you know how I get on!

Con­clu­sions

Make sure you check Twitter’s guidelines on dis­play­ing Tweets. This gives inform­a­tion on how you should be dis­play­ing the tweets on your screen. It’s par­tic­u­larly import­ant to show the Twit­ter logo or bird logo and to include the Twit­ter handle for the tweet.

There are also a num­ber of options on how you could dis­play the tweets. If it is dur­ing a talk or debate you can pro­ject them on the main screen (or a sec­ond­ary one) live at the event using a digital pro­jector. Another way is to use a desktop or laptop com­puter plugged into a large monitor.

As always, if you have any ideas, tips or ques­tions, be sure to leave it in the com­ments below.

Posted in Guides, Social Media | Tagged , , , , , , , , | 4 Comments

WordPress Hacks and Tips #1

by Ian Anderson Gray Posted on May 17, 2012

WordpressFor many years, I res­isted mov­ing over to Word­Press. The truth is, I have a tend­ency to be a bit of a con­trol freak– lik­ing con­trol over every aspect of the code that powers the web­sites I build! How­ever, with Word­Press becom­ing more and more power­ful and adop­ted by so many round the globe as well as the exist­ence of fant­astic starter themes such as Roots, it came the time to bite the bullet.

I thought it would be use­ful to doc­u­ment some of the things I have learnt along the way, and this is the first in what I hope will be a num­ber of short posts with some tips and hacks that I have learnt. I hope you find them useful.

1) Short­codes

Short­codes are really use­ful. They enable you to insert extra func­tion­al­ity in posts and pages from a plu­gin. It could be a Google map or an audio player. I have come across some great plu­gins, but some­times I want to hard code a short­code into the theme. For example, the rather fant­astic Event Organ­iser plu­gin by Stephen Har­ris allows you to insert a Google map of the venue for an event. In the doc­u­ment­a­tion they give you a list of short­codes one of which is one to insert a Google Map. I could get my hands dirty and work out the code to achieve this, but this is Word­Press and there is a short­cut– the do_shortcode() com­mand. To use it you just put the short code in and there you go. For example:

<?php echo do_shortcode('[eo_venue_map height="300px" width="600px"]');?>

I came across this from the CSS Tricks web­site. Thanks!

2) Hid­ing the Word­Press Admin Bar

I really like the Word­Press Admin Bar, but there are times when it would be bet­ter to dis­able it. For example, if you have sub­scribers access­ing mem­bers only con­tent, you don’t really want them access­ing the admin area, and to be hon­est, you want to hide the fact that you are using WordPress.

There are a num­ber of options. Firstly, you can hide the links to Word­Press (the first option in the admin bar). Just add this to your css file:

#wp-admin-bar-wp-logo {display:none;} /* remove WordPress bit of admin bar */

This won’t actu­ally remove this from your code, but it will at least remove it from your dis­play using css.

Joost de Valk, in this post, goes one fur­ther and details how you can remove the admin bar com­pletely by adding code to your theme’s functions.php file:

/* Disable the Admin Bar. */
add_filter( 'show_admin_bar', '__return_false' );
function yoast_hide_admin_bar_settings() {
?>
<style type="text/css">
.show-admin-bar {
display: none;
}
</style>
<?php
}
function yoast_disable_admin_bar() {
add_filter( 'show_admin_bar', '__return_false' );
add_action( 'admin_print_scripts-profile.php',
'yoast_hide_admin_bar_settings' );
}
add_action( 'init', 'yoast_disable_admin_bar' , 9 );

This dis­ables it for all users, which might not be quite what you want. In my case, I wanted to dis­able it for all users except admin­is­trat­ors and edit­ors. You can do this by adding the fol­low­ing check:

if(!current_user_can('editor') AND !current_user_can('administrator')){

So, the above becomes:


function yoast_hide_admin_bar_settings() {
?>
 <style type="text/css">
 .show-admin-bar {
 display: none;
 }
 </style>
<?php
}
function yoast_disable_admin_bar() {
 if(!current_user_can('editor') AND !current_user_can('administrator')) {
 add_filter( 'show_admin_bar', '__return_false' );
 add_action( 'admin_print_scripts-profile.php',
 'yoast_hide_admin_bar_settings' );
 }
}
add_action( 'init', 'yoast_disable_admin_bar' , 9 );

I also use the auto hide admin bar plu­gin for edit­ors and admins so that the admin bar is hid­den unless you move the mouse up to the top of the page at which point it grace­fully appears.

3) Redir­ect to Home Page after Login and Hide the Admin Area

Once you’ve removed the admin bar for non-admins, there’s no point dir­ect­ing them to the dash­board. So, how do you redir­ect vis­it­ors to the home page after log­ging in? You need to add this code to your functions.php file:


add_action("admin_init","redirect_fromdashboard");
function redirect_fromdashboard()
 {
 if(!current_user_can('editor') AND !current_user_can('administrator'))
 {
 header( 'Location: /' ) ;
 }
 }

There is also Peter’s Login Redir­ect plu­gin which I’ve used which does a sim­ilar thing.

4) Redir­ect to Home Page after Log­ging Out

I wanted to redir­ect the vis­itor to the home page once they logged out (so they don’t get greeted with the WP login form). A really simple plu­gin that achieves this was developed by Daan Korten­bach and can be found here.

5) Cus­tom­ise Login Screen

There is an awe­some art­icle on how to cus­tom­ise the Word­Press login screen without affect­ing core files which I highly recom­mend read­ing. I decided on using a simple option and am using the pop­u­lar plu­gin Theme My Login. It allows you to match the login and logout screen to match the design of your web­site. The prob­lem, as the author  poin­ted out, is that you can still access the Word­Press login by enter­ing the nor­mal wp-login.php page in the address bar. How­ever, with a bit of code added to your functions.php file we can redir­ect people to the cor­rect url:

if ( !is_user_logged_in() && strpos($_SERVER["REQUEST_URI"],"wp-login.php" )) {header( 'Location: /login/' );}

All this does is check that the user is not logged in and then checks if they are try­ing to access wp-login.php, and if so, it will redir­ect them to the login page. Make sure you change /login/ in the code above to the page on your site that you are using for log­ging in with Theme My Login

Posted in Web Development, Word Press | Tagged , , , , , | Leave a comment

10 Tips to Make Your Computer More Secure

by Ian Anderson Gray Posted on April 18, 2012

Security Fence
Photo by woodleywonderworks

In con­trast to just ten years ago, com­puters and smart­phones are inter­gral to almost everyone’s lives. We use them in our work­place and at home– and often there are mul­tiple com­puters in all our houses. Then there are our smart­phones which are basic­ally computers.

With every­one using com­puters on a daily basis they are becom­ing more and more vul­ner­able to cyber crim­in­als and hack­ers. It can poten­tially affect all types of com­puters whether your run­ning Win­dows, Mac OS, Linux or a smart­phone equivalent.

The prob­lem is that most people either don’t have the time or are just not inter­ested in mak­ing their com­puters secure. It doesn’t have to be this way, it’s just that the inform­a­tion out there about com­puter secur­ity is just too com­plic­ated or con­fus­ing to under­stand. There are some good art­icles such as this art­icle on Shaan Haider’s blog entitled “Keep­ing Your Per­sonal Com­puter Secure : 7 Secur­ity Ques­tions You Need to Ask”.

I hope to make a start at sim­pliy­ing things. I say “make a start” because, com­puter secur­ity is a huge topic, and one that many large com­pan­ies spend mil­lions of pounds or dol­lars on each year.

1. Do you need to be con­nec­ted to the inter­net all the time?

The answer to this for me (and I sus­pect more and more people) is a resound­ing “yes!”, but if you have a com­puter run­ning for long peri­ods of time and you don’t need to be con­nec­ted to the inter­net, then it’s prob­ably quite prudent to switch your inter­net router off. Hack­ers tend to prefer to exploit “always on” con­nec­tions, and if your inter­net con­nec­tion is more sporadic, you’ll be less attract­ive to them.

How­ever, for most people this just isn’t going to be prac­tical. More and more of the stuff we do these days requires an inter­net con­nec­tion. With Win­dows 8 com­ing later this year and new ver­sions of the Mac oper­at­ing sys­tem, our com­puters will be demand­ing “always on” con­nec­tions. It’s not just com­puters either– it’s our digital TV boxes and even our fridges and dish­wash­ers (assum­ing you have an inter­net ready one!). If this is the case, you’ll need to ensure that you pro­tect your con­nec­tion to the inter­net at it’s entry point– usu­ally your router.

2. Make sure your router has a decent firewall

A fire­wall is a piece of soft­ware or hard­ware that (simply speak­ing) lets the good stuff in and the bad stuff out. Most inter­net ser­vice pro­viders offer a free router and modem when you sign up with them. Make sure that it has a decent fire­wall. If you are a tech-savvy per­son then you can even upgrade the firm­ware (using the likes of Tomato or DD-WRT) on many routers to improve the secur­ity amongst other things. This Life­hacker art­icle gives some good tips on how to do this.

3. Make sure your Com­puter or Device has a decent firewall

Most com­puters these days have an inter­grated fire­wall built in to the oper­at­ing sys­tem. Win­dows has the ima­gin­at­ively titled “Win­dows Fire­wall” and Mac OS X has an inter­grated one too (see here for more inform­a­tion on how to enable the Mac OS X fire­wall in Snow Leo­pard). For Linux, it depends on your fla­vour, but this art­icle from Tech Radar gives a list of decent fire­walls you could consider.

4. Install Decent Anti-virus Software

I know some people believe the con­spir­acy the­ory that some of the soft­ware houses that pro­duce anti-virus applic­a­tions actu­ally gen­er­ate the vir­uses in the first place. The thought is that they do this in order to whip up some hys­teria so that more people will buy their product. Although it’s tempt­ing to believe this, I don’t think there is much truth in it. This art­icle from Com­puter Hope gives some excel­lent points against the view. There are some people that say hav­ing anti-virus soft­ware is a waste of time as long as your care­ful and that all they do is slow down your computer.

The truth is, anti-virus soft­ware is a must for almost every­one. Yes, they will slow down your com­puter a little, but I think that is a pill worth swal­low­ing as opposed to being infec­ted by a virus. You don’t need to spend any money on it either. One of the best anti-virus applic­a­tions for PCs is Microsoft’s own Secur­ity Essen­tials which will be built in for the first time to the forth­com­ing Win­dows 8.

It’s a com­plete myth that Mac users are exempt from vir­uses as the recent Mac Flash­back virus out­break shows. There aren’t many free anti-virus applic­a­tions for the Mac, as this art­icle from the Guard­ian recom­mends, you could always try ClamXav.

Finally, anti-virus applic­a­tions have to be updated reg­u­larly– I’d recom­mend at least twice a day. Make sure you check the set­tings. Also if you use USB thumb drives or external hard drives, do scan them for vir­uses– par­tic­u­larly if the drive belongs to someone else. I know of many friends whose com­puters have been infec­ted by using an infec­ted drive belong­ing to a friend.

5. Keep Your Com­puter Up to Date!

I know it’s annoy­ing, but make sure you check your com­puter for updates! I’ve seen so many cases of com­puters that have never had any updates done to the oper­at­ing sys­tem. Both Microsoft and Apple roll out updates reg­u­larly to their oper­at­ing sys­tems. These can be import­ant secur­ity patches and you may be com­prom­ised if you don’t install them!

6. Don’t Visit Porn Sites (or any other dodgy or affected site)!

Did I really write that? Erm, yes I did. The prob­lem is, that there are sites out there that are out to get you. They may have been effected by a worm that mod­i­fies the web­site with the inten­tion to infect your com­puter with a virus. Some sites are there to delib­er­ately get you. Things are a little bet­ter these days, but there are still plenty of cases of infec­ted sites.  Be care­ful where you’re brows­ing– and again make sure you’re anti-virus soft­ware is up to date.

7. Keep Your Pass­word Safe and Hard to Guess.

I wrote an art­icle before about how easy it is for your pass­word to be com­prom­ised. The truth is you can’t trust any site that you give your pass­word to because you don’t know how they store it. It’s best to use a dif­fer­ent pass­word for each web­site your sign up to. I know that sounds hard, but it’s quite easy to do– more inform­a­tion in my earlier article. 

I’d also highly recom­mend the pass­word man­ager– Last Pass. This man­ages all your pass­words securely so that you never have to type it on your com­puter (in case you are infec­ted by a key­board sniffer) or store them any­where insec­urely. It also has a pass­word gen­er­ator, so you can effect­ively have a dif­fer­ent strong com­plic­ated pass­word for each site you visit. It is highly recommended!

Finally, be care­ful about sav­ing pass­words on applic­a­tions on your com­puter. Fam­ously, the FTP cli­ent Filez­illa stores your pass­words in plain text. Not great for security.

8. Use a Decent Web Browser

google chromeMost people still use Inter­net Explorer or Safari for brows­ing. They’ve come on in recent years– espe­cially Inter­net Explorer. Still, my per­sonal recom­mend­a­tion is to use Google Chrome as your browser as it’s been hailed as the most secure of browsers again and again.

 

9. Don’t Trust Pub­lic Wifi

WifiIf you surf the web whilst sip­ping your latte in your local cof­fee shop beware! Did you know that much of your inter­net con­nec­tion (web brows­ing and email) is being sent over the con­nec­tion unen­cryp­ted? Any­one mali­cious in the cof­fee shop could be listen­ing in and steal­ing your pass­words. If you have a 3G con­nec­tion then use that, but if not, you’ll need to secure your con­nec­tion. Web­sites that use https (Face­book and Twit­ter for example) encrypt your data, but most web­sites won’t. For this, you’ll need to use a VPN or vir­tual private net­work. This encrypts your con­nec­tion by con­nect­ing to a secure server in the middle. You can build your own (as this Life­hacker art­icle tells you), but it’s prob­ably easier to use a VPN ser­vice. Again, Life­hacker comes to the res­cue with a list of the best VPNs.

10. Never Leave Your Com­puter Unattended

I know this is obvi­ous, but don’t leave your com­puter on if you’re not around. I sup­pose it depends where the com­puter is. I have a server at home that is on all the time, but I do trust my wife not to hack in to the com­puter and install a virus! It’s not enough to go to the lock screen either, as someone could just con­nect a device to your com­puter and steal your data or even your whole com­puter. It’s prob­ably a good idea to look at encrypt­ing your hard drive, but that’s for another time…!

Con­clu­sion

These 8 tips are only the tip of the ice­berg. There are many other things you can do to pro­tect your­self. I haven’t men­tioned anti-spyware scan­ners, com­puter clean­ers (such as CCle­aner) and of course there is the whole chest­nut of encrypt­ing the data on your com­puter and whether you can trust cloud pro­viders like Drop­box with your data. That’s for another post. David Haslam makes some great posts below about mak­ing secure you use decent secur­ity set­tings on your wifi con­nec­tion, and in par­tic­u­lar to use WPA or WPA2. Looks like I’ll be adding that one to the next post too!

If you have any top tips, then please feel free to leave them in the com­ments below.

Posted in Internet, Tech | Tagged , , | 10 Comments

Refresh FM — discussing Social Media

by Ian Anderson Gray Posted on April 2, 2012

refreshFMI’m going to be on a local radio sta­tion, Refresh FM, tomor­row (3rd April, 2012) to chat about social media. RefreshFM runs in the run up to Easter each year from Manchester and is run by Chris­ti­ans from local churches. Although avail­able on FM in the Manchester area, it’s also avail­able online to listen­ers worldwide. 

I’ll be on the break­fast show, which is hos­ted by a very cool and tal­en­ted guy indeed– Rob Kates (he should be on Radio 1!) and we’ll be talk­ing about social media and it’s pos­it­ives and neg­at­ives, what’s new on the scene and how we can best use them. It’s going to be quite informal and a bit of chat really. Look­ing for­wards to it, but I have to say I’m a bit nervous too. The break­fast show airs tomor­row between 7am and 9am UK time. You can fol­low Rob Kates on Twit­ter here– @gooddeposituk.

UPDATE — Pod­cast is now available!

I’ll be writ­ing a post shortly on this, but for those keen people who want to listen to it now, you can– it’s on Sound­Cloud! I have removed all the music from the show for copy­right reasons.

Posted in Social Media | Leave a comment

You’ve been Framed– how to break free!

by Ian Anderson Gray Posted on April 2, 2012

I star­ted build­ing web­sites in around 1997. The web was a fun tool to play with, but we were all learn­ing and not really think­ing about the con­sequences of what we were doing. Frames were used across the board– it was a con­veni­ent way of show­ing mul­tiple pages and con­tent on one page. From around 2003 frames star­ted to be frowned upon. They were bad for SEO (search engines would spider each frame sep­ar­ately), bad for access­ib­il­ity and just, well, bad. CSS had star­ted to become much more pop­u­lar and sup­por­ted by the major browsers and so it became easier to place con­tent on the page in a sim­ilar way to what frames offered.

It’s 2012, so you’d have thought frames had long gone. But no– they’re back and I’m start­ing to see them pop­ping up every­where. It’s frus­trat­ing because you can spend so much time on mak­ing your web­site look beau­ti­ful and then someone frames it in another page– all that work down the drain. StumbleUpon and Vis­ib­ili are the most not­able cul­prits here.

How to break out of a frame

I’m not say­ing any­thing new here. This method has been around for more than 15 years! How­ever, since frames are becom­ing more com­mon, I think it’s time for a refresher. It is really easy to do, but I’d like to spend a bit of time explain­ing how it works. If you’d rather not know, just scroll down to the bot­tom of this article…

We need to detect whether our web page has been put in a frame or not. The only way to do this is by check­ing using Javas­cript. Since Javas­cript runs on the visitor’s com­puter, it can tell us this inform­a­tion eas­ily. Server side lan­guages such as PHP and ASP can’t give us this inform­a­tion because they run on the server.

Top O’ The Mornin’ to ya…

Javas­cript has a spe­cial prop­erty called “top”. This can tell us the loc­a­tion of the “top” win­dow in the browser. If the page is not in a frame, then this will be the url of the page, if it is in a frame, it will return the par­ent page (the hor­rible nasty page that is fram­ing us!). The loc­a­tion can be found by using window.top.location or top.location for short.

There is another prop­erty called “self” which can tell us the loc­a­tion of the cur­rent win­dow in the browser. So by ask­ing if top equals self we can find out whether we’re framed or not:

if (window.top.location!=window.self.location)
{
alert("Agggh, I\'ve been framed!")
}
else
        {
alert("Ah, I feel as free as a bird...")
}

If you’re not famil­iar with Javas­cript or other pro­gram­ming lan­guages then all you need to know is that “!=” means “not equal to” and the “alert()” bit opens an alert win­dow in the browser with the text.

So, how do we actu­ally break out of the frame? This sounds like it could be the com­plic­ated part? We could redir­ect the page to the loc­a­tion of the top, and this is in effect what we need to do, but it is really simple. All we need to do is make window.top.location = window.self.location. Javas­cript then takes care of the rest. Also, you don’t need to include the word “win­dow”, so you can just say top.location = self.location and you’re done!

Here is the fin­ished script:

if (top.location != self.location)
{
top.location = self.location;
}

All you need to do is add this to your javas­cript file and you’ll be as free as a bird. If you use Word­Press there are plu­gins to do this for you– check out the WP Frame Breaker.

Posted in Javascript, Web Development | Tagged , | Leave a comment

How to find out when you joined a Social Network

by Ian Anderson Gray Posted on April 2, 2012

Facebook JoinI’ve been look­ing over the social net­works that I am a mem­ber and check­ing the details of each one. I’m mak­ing a note of the user­name and pass­word (using the fab­ulous pass­word ser­vice, Last Pass), check­ing that my details are cor­rect and updat­ing and optim­ising my profile.

I’ve signed up for so many social net­works over the years, and I became inter­ested in find­ing out when I actu­ally signed up for the ser­vices. Not all social net­works make find­ing this inform­a­tion out easy. So, here is a “how to” for find­ing out when exactly you signed up for a social network.

When did I join Twitter?

This used to be very easy if you had the Twit­ter mobile app– it told you this inform­a­tion on your pro­file page. Sadly, Twit­ter removed this inform­a­tion when they updated their app. Appar­ently Tweet­deck also gave this inform­a­tion but this no longer does. So, we have to fall back to using a 3rd party app called When Did You Join Twit­ter?! Basic­ally it does “what it says on the tin”- you put in your user­name and it tells you when you joined. I knew I signed up to Twit­ter fairly early on (with my per­sonal Twit­ter account @baritoneuk) and it told me I joined on Novem­ber 14, 2006. You can also drag this book­mark­let to your browser’s book­mark bar which allows you to find out the date of a Twit­ter account any­where– just by select­ing the text of a Twit­ter user­name and click­ing the button:

Twit­ter Join Date

It’s a shame that Twit­ter make look­ing back at your old Tweets dif­fi­cult, I might pub­lish a post on ways to find your old Tweets and how to archive them. You can try a couple of ser­vices such as My First Tweet and My Tweet 16 but I had some dif­fi­culty with these as Twit­ter doesn’t play ball if you’ve pos­ted more than 3,200 Tweets. There is always the inter­net archive of course…!

When did I Join LinkedIn?

LinkedIn Join DateLinkedIn Make find­ing out when you signed up a lot easier. All you need to do is log in, and go to your set­tings page (just click on your name at the top and then click set­tings). There, just under your name is the date you joined! Easy! I joined on Decem­ber 27, 2004. Wow, I feel old.

 

When did I Join Google+?

This is harder, as Google+ don’t tell you, and they haven’t released a pub­lic API to help. Prob­ably the easi­est way is to find out when your first Google+ email came through– either an invite or a sign up email. I was invited when it was back in beta and so I got an invite email on July 1, 2011. If you haven’t got your emails (per­haps you deleted them) then you are going to find it more dif­fi­cult– per­haps one way (if you haven’t got too many posts) is just to scroll down until you find your first post. Hmmm, not a great way to spend your time. If any­one has any other ideas, please leave them in the comments.

When did I Join Facebook?

Joined FacebookIf you are good at keep­ing your emails then it’s just a case of find­ing your Face­book wel­come email. I received my Face­book Regis­tra­tion Con­firm­a­tion on March 21, 2007.  How­ever, Face­book actu­ally puts when you joined Face­book on your timeline. Just scroll down to the year you think you joined and you should see the date.

Other Net­works

I’ve not dis­cussed newer net­works such as Pin­terest because, well, they’re new, and you prob­ably know when you signed up (check your inbox for your wel­come email). I’ll update this post in the future to include ways of find­ing out when you signed up for StumbleUpon, You­Tube, Flickr etc. If you know how, then please let me know in the comments?

Posted in How To, Social Media | Tagged , , , | Comments Off

Podcasting for Small Businesses

by Ian Anderson Gray Posted on March 19, 2012

Do you ever feel there are just not enough hours in the day or enough days in the week? Des­pite so many tools to make our life easier, our lives have become busier and this isn’t helped by the immense amount of mater­ial to read on the inter­net every day!

I love read­ing posts on the many blogs I sub­scribe to, but like many people, I just don’t have the time to read them all on a daily basis. How­ever, I do sub­scribe to a few pod­casts. This way I can fol­low what is hap­pen­ing in my areas of interest whilst I am driv­ing my car, or when read­ing isn’t always pos­sible. I’ve been a massive fan of Paul Boag’s Boag­world pod­cast for example (listened since he first star­ted doing it) and also the more recent Daily Dose from The Next Web. So many of us now have MP3 play­ers or smart­phones or even inter­net radios and so pod­cast­ing is becom­ing more and more pop­u­lar. It also reaches people who find read­ing dif­fi­cult such as people with dislexia or who are par­tially sighted. It’s a great way of get­ting your mes­sage out to a wider range of people, and it’s not as dif­fi­cult to pro­duce as you think.

As a small busi­ness, you’re prob­ably not not going to have a huge amount of time and money at your dis­posal. The good news is that it doesn’t have to take up too much of your time or money to get a pod­cast going. 

I have four simple rules for you:

  1. Keep it simple
    It’s easy to have grand ideas, and per­haps you’d love to pro­duce an “all singing all dan­cing” pod­cast with a live band, live inter­views with celebs! I’d advise keep­ing it simple and to the point. Remem­ber, as with the web, con­tent is king!
  2. Keep it short
    Remem­ber, people don’t have time to listen to overly-long pod­casts. I’d recom­mend keep­ing it to 5–10 minutes. It’s going to be easier for you to pro­duce and people are more likely to listen– espe­cially in this world of short atten­tion spans…
  3. Keep it reg­u­lar
    Like blogs and web­sites it’s import­ant to keep your con­tent updated reg­u­larly. If it’s not pos­sible to pro­duce a weekly pod­cast, then make it fort­nightly or even monthly. I recom­mend releas­ing it on the same day or same day of the month each time. That way people know when the next one is going to arrive.
  4. Do your research
    Spend some time research­ing what you’re going to say. This is the same as pro­du­cing a blog post, but some people can fall into the trap of just waff­ling on a pod­cast because they’re good at talk­ing! Make sure you do your research and pro­duce a plan of what you’re going to say. Make bul­let points and keep to them. This will help when you put up your “show notes” on your website

What Pod­cast­ing Ser­vice Should I Use?

There are many pod­cast­ing ser­vices you could use– in fact I’d be inter­ested in ones that I haven’t lis­ted– so please do men­tion this in the com­ments. How­ever, I am going to stick with 3 ser­vices– ones that I have had exper­i­ence with or been highly recommended.

libSynLib­syn

Paul Boag recom­men­ded Lib­syn to me as he uses it for his pod­cast. It cer­tainly is a com­pre­hens­ive ser­vice and not too expens­ive to start you off at $5 per month. They offer a smart­phone app for iPhones and Android if you go for their plans $20 per month and up.

You can embed your pod­casts using their Flash and HTML5 play­ers and they offer RSS feeds which will let people sub­scribe in their pod­cast applic­a­tions includ­ing iTunes. 

One of the big issues with Lib­syn, is that their stand­ard plans are not suit­able for busi­nesses. You can sign up with their stand­ard plans, but I was told in an email that busi­nesses should sign up for Lib­syn Pro although they do have busi­nesses using the stand­ard ser­vice. If a busi­ness signs up for the stand­ard plans and use a lot of band­width they could be forced to use the Pro pack­age. In prac­tice, if the pod­cast becomes so pop­u­lar that upgrad­ing to the Pro account becomes a neces­sity, you will prob­ably be in a pos­i­tion to afford the fees. You’ll need to con­tact Lib­syn dir­ect for prices for Lib­syn Pro, but expect $100+ per month. This won’t be an issue for medium and large busi­nesses, and if you’re a small busi­ness then you’ll prob­ably get away with their stand­ard packages.

AudioBooAudio Boo

AudioBoo isn’t just a pod­cast­ing ser­vice– it’s an online audio and pod­cast­ing social net­work, which allows users to upload, listen and share short audio tracks called “boos”. On the free plan, each boo can be up to 3 minutes long, and up to 30 minutes with the plus account. People can sub­scribe to a user’s boos as a pod­cast by pod­cast­ing soft­ware such as iTunes. Indi­vidual and mul­tiple tracks can be embed­ded on external web­sites. There are iPhone and Android apps that allow users to eas­ily record their Boo and upload to their account.

AudioBoo was developed by a UK based com­pany, Best­Be­fore and par­tially fun­ded by Chan­nel 4 and was launched in March 2009. 

Other users can com­ment on your pod­casts and can share with their friends. On the whole this is a good thing, but I was con­cerned that you couldn’t mod­er­ate these before they were pos­ted. You can delete com­ments, but you can only do this after­wards. They have smart­phone apps for iPhone and Android. I can only talk of the Android one– it’s not the greatest user exper­i­ence, but it works– and it’s very easy to use.

You can use their wid­get to embed your latest Boos on your web­site (or use your own). Here is an example of their wid­get using the Boag­world mini podcasts:

 

The free account changed last year, when users had their max record time shortened from 5 minutes to 3 minutes. On the AudioBoo FAQ page, they explain:

When Audioboo ori­gin­ally launched, the gen­er­ous five minute record­ing time that was used dur­ing beta test­ing mode was avail­able to all users. How­ever, our long-term plan has always been to move to a three minute upload model. With the intro­duc­tion of a num­ber of new options for users and the rapid growth of our com­munity, we felt that the time was right to make the change. The aver­age boo uploaded to the Audioboo site lasts less than three minutes, so we anti­cip­ate that this change will not affect the major­ity of users and uploaded boos.

The Plus account gives you up to 30 minutes which is suf­fi­cient for most busi­nesses– this costs £60+VAT per year, but again there is a prob­lem with terms and con­di­tions. The free and plus accounts are only for indi­vidu­als. After an email from AudioBoo, they con­firmed that busi­nesses would need to sign up for their Pro account. AudioBoo did say that there was a fine line between what con­sti­tutes busi­ness use, but it does look like small busi­nesses are going to find it dif­fi­cult. The Pro plan fees are avail­able from AudioBoo dir­ect, but are likely to cost sev­eral hun­dred pounds per year.

How­ever, do not fear, I do know AudioBoo haven’t for­got­ten small busi­nesses. The Plus and Pro plans are still very new, and they have iden­ti­fied a middle ground between them. The AudioBoo team are very help­ful and friendly, so my advice to you would be to drop them a line at pro@audioboo.fm or on Twit­ter @audioboo to find out more.

soundcloudSound­Cloud

Sound­Cloud is sim­ilar to AudioBoo in that it is more than just a pod­cast­ing tool. It allows sounds (includ­ing music and spoken words) to be hos­ted and shared on a social net­work. It also allows col­lab­or­a­tion and com­ment­ing. Although cur­rently used primar­ily by people to share and col­lab­or­ate on music, there is a beta pro­gramme for pod­casters which is gen­er­at­ing a lot of interest. This will allow the shar­ing of RSS feeds and the abil­ity to add the pod­cast to the iTunes store.

The free ver­sion is great and allows you to upload up to 2 hours worth of mater­ial. How­ever you will prob­ably want to opt for at least the “Lite” or “Solo” options which give you 4 hours and 12 hours respect­ively with the lat­ter giv­ing you pri­vacy options. For more options see here.

Sound­cloud have excel­lent smart­phone apps– for Android and iPhone. This makes record­ing your pod­cast very easy indeed.

Sound­Cloud was ori­gin­ally formed in Sweden, but was later estab­lished in Ber­lin, Ger­many in August 2007.

One good news for those who get on the beta pro­gramme, is that Sound­Cloud is fine with busi­nesses using it as long as you com­ply with their terms and con­di­tions. Mod­er­a­tion of com­ments is not cur­rently an option but they are look­ing into it. On some of the more expens­ive plans you do have exten­ded pri­vacy options, so busi­nesses may want to opt for some of these.

One of the other great things about Sound­Cloud are there audio play­ers– they look great, HTML5 friendly, and on some of the more expens­ive plans you have more to choose and can even cus­tom­ise them. Here is an example of one which is a record­ing of the composer’s Eric Whitacre’s Vir­tual Choir 2.0 stretched to an hour long (interesting!):

 or this one from the Next Web:


It’s really easy to embed in your web­site or blog– just paste in the code, and if you have a Word­Press based site, Sound­cloud have even got a plu­gin for you.

Con­clu­sion

So, that’s it for now. What are your thoughts on pod­cast­ing? Let me know in the comments.

Posted in Social Media | Tagged , , , | 4 Comments

Have you tried these Social Networks and Tools?

by Ian Anderson Gray Posted on February 24, 2012

Phew, what a month. It’s been a busy one that’s for sure! Not that I’m com­plain­ing, it’s just I’ve been work­ing on so many pro­jects and learn­ing so many new things that I haven’t had much time to blog, tweet or update my vari­ous social net­works. I’m so grate­ful to Buf­ferApp, Google Reader and ifttt which has enabled me to update and con­nect over the past busy month des­pite being so busy.

So much has changed in social media over the past year, but par­tic­u­larly in the past couple of months. It’s very hard to keep up with all the new stuff that is hap­pen­ing, but I do my best. I tweet about any import­ant updates on my Twit­ter feed– @iagdotme and you can see all of these on my funky Twy­lah page. 

This post is a bit of a depar­ture from my nor­mal posts, in that I’m just going to list a set of net­works and tools that I have just star­ted using or about to start. I’d be grate­ful for your thoughts on these and whether you are using them. If it’s a social net­work, then do con­nect with me on there– I’ve given the link to my pro­file for each net­work I’m on.

  1. Pin­terest. There’s been so much hype about this image shar­ing site which enables you to pin an image to your board. You can re-pin (or share) someone’s pin to one of your boards, “like” a pin and com­ment on it. It’s def­in­itely a must for social media savvy brands. The demo­graphic data show that it’s a big hit amongst women which is a good thing when the data shows that Google+ is still mainly used by men. Pin­terest have recently been try­ing to tackle the issue of people post­ing por­no­graphic images and then there is the issue of copy­righted mater­ial. For the lat­ter, Pin­terest has pub­lished code that you can add to your web­site so that people will not be able to pin your con­tent. In order to do this you need to put the fol­low­ing code in the head part of your web page: 
    <meta name=”pinterest” content=”nopin” />

    Find me on Pin­terest here.

  2. Gen­tle­mint. So, Pin­terest is for women? Enter gen­tle­mint which describes itself as “a mint of manly things”. Unfor­tu­nately I’m not able to testdrive it fully as des­pite ask­ing for an invite, I’ve still not received one (and in fact it seems many people are in the same boat). (Edit: I have now received an invite. You can find me on Gen­tle­mint here.) 
  3. Fancy. If you like Pin­terest, then Fancy might be of interest. It com­bines a blog, store and a wish­list. You can browse through other recom­mend­a­tions and buy some­thing of interest. I’ve only just signed up, so I’ll let you know what I think once I’ve had a play.  Find me on Fancy here.
  4. StrawberryJ.am. I’ve not had much of a play with this yet, but it aims to com­press down all the zil­lions of links and social media updates into the stuff that really mat­ters. It sounds like Sum­mify, but in some ways it looks more com­pre­hens­ive with more net­works and tools. 
  5. Buf­ferApp. Buf­fer lets you queue updates to your social net­works  and will post them at sched­uled times through­out the day. You get 3 social net­works and up to 10 posts in your buf­fer in the free account. With the pro (only $10 per month) you get 6 social net­works and 50 in each buf­fer. I love Buf­fer, it enables me to queue posts in all my social net­works through­out the week. They still allow me to be per­sonal and not like a robot too. They’ve just added a LinkedIn fea­ture this week too!
  6. Chill. Think of it as Pin­terest for videos. It has had some pub­li­city this month, in par­tic­u­lar from the guys at Mash­able. I’ve not signed up yet as it looks like you are forced to sign­ing up via Face­book. I’m very very picky on which Face­book apps I install. I’m going to think about this one…!
Posted in Social Media | Leave a comment

Your password is not safe

by Ian Anderson Gray Posted on February 3, 2012

Password
Image: Sal­vatore Vuono / FreeDigitalPhotos.net

So, you think your pass­word is secure? Per­haps you’ve got a sys­tem to remem­ber your pass­word that allows you to use a com­plex pass­word? Well, good for you. Unfor­tu­nately, your pass­word is still not secure.

The prob­lem is, you simply can’t trust the web­site that you give your pass­word to. What type of encryp­tion do they use to store your pass­word (if any)? Encryp­tion (as I will talk about later) is a way to turn your pass­word into a secret code that is more dif­fi­cult for hack­ers to crack.

I’ve lost track of the num­ber of web­sites that send you your pass­word in plain text with their wel­come email. I pos­ted about this some time ago on a Google+ post. This isn’t just bad prac­tice, this is almost crim­inal! They’ve shown no regard to the stor­age of your per­sonal data by stor­ing your pass­word in plain text in their data­base. Not only that, but they’ve sent your pass­word in plain text in an insec­ure email. When an email is sent, it can pass through many dif­fer­ent serv­ers through­out the world, and be poten­tially “seen” at any point as it goes on it’s way. If someone mali­cious sniffs out your email, they could poten­tially get access to your account for the web­site you signed up for.

But, it doesn’t stop there. I’m sure you’re not one of the many people who use the same pass­word for mul­tiple accounts are you?! Of course not! How­ever, just think about the many people who do use the same pass­word across all their accounts. If this mali­cious per­son has gained access to that one account, they could also poten­tially get access to your email account. Now that’s when the very bad news starts. Once they have access to your email account, they can change the pass­word and lock you out and start to reset your pass­words for all your other accounts. This could include Face­book, Twit­ter, Google, PayPal and per­haps even your bank. If this doesn’t scare you, then I don’t know what will.

So, how do you guard against this? Well basic­ally, you can’t trust the web­site you sign up with. When you sign up, you should sign up with a tem­por­ary pass­word– you can always change this later. If you do receive your pass­word back in plain text, then at least you know all your other pass­words are safe.

If you do use the same pass­word for all your accounts, then don’t! I know it sounds really com­plic­ated, but there are plenty of ideas to get you star­ted. Here is one sys­tem… come up with a sen­tence and your favour­ite num­ber. For example “I like salted pea­nuts” and 15. By using the first let­ter of each word and the num­ber you could get 15Ilsp. Then put the first 5 char­ac­ters of the web­site you are sign­ing up for at the end. For example, for Amazon, your pass­word could be: 15IlspAmazo. You could even put another char­ac­ter at the end, for example, a hash– 15IlspAmazo# for extra security.

Even with this method, your pass­word isn’t neces­sar­ily secure– it might be obvi­ous to a hacker how your pass­word sys­tem works. Of course, a pass­word man­ager can help here, one like Last Pass. Here, all you need to remem­ber is one pass­word, and you can get Last Pass to auto­mat­ic­ally gen­er­ate fiendishly com­plex pass­words for all your accounts.

What should sites do to beef up their security?

One of the main reas­ons for me writ­ing this blog post is because I came across another site this morn­ing that sent my pass­word in plain text. I was furi­ous! Of course, it’s best to let your anger die down and think logic­ally about this. This is the real world, and we’re all human. Not every­one knows about secur­ity, except you’d have thought the people devel­op­ing these web­sites would. My advice is to send them a polite email, noti­fy­ing them of the major secur­ity issue on their web­site. Kindly explain to them the issues that I have men­tioned above– that poten­tially their cus­tomer’ accounts could be open to hackers.

Pass­words should NEVER NEVER NEVER NEVER NEVER be stored in plain text. That’s just inex­cus­able. Pass­words and other sens­it­ive data should be encryp­ted at a bare min­imum. How­ever, even that is not enough. Encryp­ted pass­words are sur­pris­ingly easy to crack with the right soft­ware. Take the pass­word ‘passw0rd’. When this is encryp­ted it can then be stored as a ‘hash’. The encryp­tion method changes this into a string of let­ters and num­bers which is called a hash. The res­ult­ant hash is depend­ent on the encryp­tion method used. There are in fact many encryp­tion meth­ods. Here are some examples:

Method The hash of ‘passw0rd’
md5 bed128365216c019988915ed3add75fb
sha1 7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53
sha512 e0469addd8d57a3623494096dabc19bebca1a038c9da696940b3f853d106a6ecfa5bd60ce8e72884efa3bd92b930da178fd616f40facad654212d7c2f8817dd4

So, as you can see from the above, sha512 is more secure than md5 because of it’s sheer length. The prob­lem is that hack­ers have lists of com­mon pass­words and their encryp­ted equi­val­ents. That way they can find out your pass­word from the hash quite eas­ily. There is also the “brute force” method, in which a hacker will try thou­sands of pass­words over a period of time in order to try and guess the pass­word. So, how do you up your security? What you need is a bit of salt…

What is a salt?

saltWell, you could con­sult Wiki­pe­dia’s entry, but to be hon­est I wouldn’t bother, as you’ll end up more con­fused (well it con­fused me). I’m not going to go into huge detail here.

You add salt in cook­ing to enhance or change the fla­vour. Salt, when used in encryp­tion, changes or enhances the hash. When you encrypt a pass­word, you can use a salt string to add a bit of fla­vour and modify the hash. This means that it is very dif­fi­cult for a hacker to work out what the pass­word is, because they need to know the encryp­tion method and the salt. 

This still isn’t per­fect, as hack­ers with enough time and pro­cessing power can try and get your pass­word by using tech­niques involving rain­bow tables and the like. The best advice I can give is to make sure pass­words are long and com­plex and to invest­ig­ate more advanced encryp­tion meth­ods such as bcrypt. I’ll be updat­ing this post with more inform­a­tion on these meth­ods in due course.

So, What next?

If you do con­tact the web­site owner to men­tion the secur­ity issue only to dis­cover they really don’t care, what do you do? I’m not really into “nam­ing and sham­ing”, but I do believe some­thing needs to be done. If you have any ideas, then please leave them in the com­ments below. I’d love to know!

 

Posted in Internet | Tagged , , | 3 Comments