Claritech Solutions Corp.

As I embrace the concept of cloud computing, I’ve been asking myself if it’s possible to live completely in the cloud.  To get a picture of what I’m talking about here, imagine doing all of your computer-related work at an Internet cafe or on a diskless netbook.  And I mean “all” of your work.

My revelation that living in the cloud could be a real possibility came to me about a month ago as I was walking into one of my clients with my laptop bag strapped over my shoulder.  As I had done almost every day for the previous several weeks, I put my laptop case on the floor under my desk and proceeded to log in to my client’s computer and carry on with my day.  My email, complete with contacts, tasks, notes, sent items, etc. is all totally accessible from the cloud through my hosted Exchange account.  I very seldom need my laptop at work any longer and I’ve started leaving it in my car to be used only in case of emergency (my security blanket).

There are a number of potential obstacles that must be overcome for a complete transition to livin’ in the cloud: Read the rest of this entry »

It seems that rogue web sites will always be a part of our daily lives.  You run into them most often when searching for a particular topic and click on one of the listed sites from your search:  suddenly your browser takes on a life of its own, spawning additional browsers and taking you places you’d rather not go.  More often than not, these sites will start a fake antivirus scan and “alert” you that you’ve got multiple infections and then provide you with an easy “fix” that will not only ask you for a credit card number, but will also install all sorts of nasty spyware on your computer.

There are a number of ways to protect yourself from these rogue sites, but unfortunately none of them are foolproof.  A good antivirus product should always be your first and best line of defense.

In this article, I’m describing one of my favourite low-cost measures to protect your Internet Explorer browsing experience:  the use of Trusted sites.  Here’s how it works in a nutshell:

1. Under Internet Options/Security, crank up the security of the Internet zone to the maximum (High).  This will disable (almost) all functionality on any untrusted site you stumble across.
2. Whenever you find a site that has functional problems because it uses Flash or Javascript, and you trust that site, you can manually add that site to your Trusted Sites list under Security Options to enable (most) functionality.

The concept is simple, yet in practice it can be a bit of a pain to setup and use successfully.  Here is a good how-to article I found when searching on Internet Explorer and Trusted Sites:   http://surfthenetsafely.com/ieseczone7.htm.  It explains exactly how to set this up and includes a link at the bottom for a Power Tweaks utility from Microsoft for IE that can be used to add a “Add to Trusted Sites” menu option to IE.

Once you’ve configured your IE browser to work with Trusted Sites, there are still times that things just don’t work.  Some sites will give you a hint as to what the problem is (“this site requires you to have the latest version of Flash, or have ActiveX enabled, etc), but many other sites just do nothing, even after they’ve been added to your Trusted Sites zone.  The most common reason for this is that many sites use background services on affiliated or even third-party sites that also need to be part of your Trusted Sites zone for full functionality.  An example of this is any site that uses CAPTCHA (a challenge-response mechanism to ensure a live person is subscribing), such as Ticketmaster.

If a particular site doesn’t work even after you’ve added the site to your Trusted Sites zone, here are some of the things you can try, in increasing order of complexity and/or decreasing order of security:

1. I often add a wildcard to the trusted site, such as *.ticketmaster.com, to get all of the sub-domains of the main www site.  Sometimes you also need to add *.ticketmaster.ca, if the site has a Canadian presence.
2. If item 1 fails, try going to menu Page/ (in IE 7) or Safety/ (in IE8) and Select Webpage Privacy Policy…  In the window list that comes up, you’ll see all of the web sites that make up the page that you are viewing.  Be very careful NOT to add all of the sites that you see in that list to your Trusted Sites zone.  Many of these are just advertisement links and other tracking processes that you really don’t want to trust.   You need to look for the one or two sites in the list that can likely be causing you problems.  In the case of Ticketmaster, the sites are *.ticketmaster.ca, *.ticketmaster.com and https://api-secure.recaptcha.net, the site that provides the CAPTCHA challenge/response code on behalf of Ticketmaster.
3. If all else fails,or if item 2 above is too complicated, it’s always a good idea to have a second browser (such as Firefox) available to try on the uncooperative site.

Whichever method you choose to protect your Internet browsing experience, keep in mind that a good antivirus product is your first line of defense, that no browser and no solution is 100% secure, and that you’ve got to be constantly vigilant when it comes to online activities.

I’ve been a huge proponent of two-factor (something you know and something you have/are) authentication for several years now.  I understand that nothing is 100% secure, but I haven’t seen anything better come along. 

I’d like to see more services provide this type of authentication option.  PayPal has a feature called Security Key that allows you to add two-factor authentication to your PayPal account.  LogMeIn has a similar implementation for even their free version of the service.  They allow one-time passwords as well as the use of SecurID cards.

I’ve used PayPal’s Security Key with some success.  I only have two concerns with it:

1. It allows the user to bypass the security key for times when you don’t have your second factor available or the service isn’t working;
2. The service isn’t 100% reliable (at least not the cell phone key).

I applaud PayPal for introducing additional security to their service. A system as important and valuable as PayPal needs to be a leader in online security. 

Unfortunately, when it allows the user to bypass the security key, it effectively voids the two-factor component and just asks the user for one or more things he already knows, thereby making the first factor a little more complicated and the second factor unnecessary.  The reason they do it is because the service isn’t 100% reliable. 

Even so, I’d like PayPal to allow the user to decide whether they want the system to allow an override of the second factor.  In this way, I can force all authentication to go through my security mechanism and, if it isn’t available or not working, I’ll just have to wait until it is.  I think that is a reasonable compromise.