RefBan

Referral Banners

Tuesday, May 15, 2012

Gavin Smith Mystery: Family Urges Public to Join Weekend Search for Missing Executive


© 2011 The Hollywood Reporter, All rights reserved. Terms of Use | Privacy Policy

Marvel Moolah: Robert Downey Jr. 'Avengers' Pay Set to Hit $50 Million


© 2011 The Hollywood Reporter, All rights reserved. Terms of Use | Privacy Policy

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

May 15th, 2012Top Story

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

By Whitson Gordon

From Saucy Pics to Passwords: How to Share Sensitive Information Over the InternetRaise your hand if you've shared a username and password with someone over IM? Ever share a document with your SSN or other extremely sensitive information without protecting it? How about if you've sent, erm...scandalous pics to your significant other? Thanks to the internet, we share more than ever, and so quickly and easily that we do it without a second thought. That's great, but it may be time you learn a little about how to do that sharing in a more secure fashion.

Here, we'll walk through the easiest and most secure ways to share files, passwords, and other data with people you trust. There are countless other methods out there, but these are our favorites. The method you use to share data should depend on what you're sending, how secure you want that material to be, and how willing you are to take proper security methods.

Securely Share Passwords and Other Simple Information

If you're just sending a username, password, or other line of text (like a credit card number), protect your info with a few simple tricks:

Easy and Pretty Secure: Break the Message Up Into Chunks

Sometimes all it takes to increase your security is a little obscurity, and that's what this method is all about. You send the sensitive data over separate channels so that only the recipient is likely to have context for what it all means. Let's say you wanted to share a username and password with someone over the internet. Here's the basic idea:

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

  1. In an email, send the username with an accompanying message—something like "I've texted you the FTP password".
  2. Text the password separately, with no context.
  3. The recipient receives the password, saves it elsewhere, and deletes the text message.

Even if your recipient doesn't delete the message (which you can't count on), a snoop would have no context for what it applies to. The basic idea could work in any direction, as long as you're separating the context from the information. Is it 100% foolproof? Absolutely not. But it's better than nothing, which is what many of us are doing now.

If you want to get even more creative, you could send someone the first half of the password via SMS, the second half via email, and let the recipient know over IM how it's been broken up. That way, a thief would have to have access to both their email, IM account, and their phone. You get the idea.

Less Practical, But More Secure: Use LastPass

From Saucy Pics to Passwords: How to Share Sensitive Information Over the InternetPassword management service LastPass is still one of the most secure ways to create and store passwords, and if your recipient is also using it (or if you can convince them of how great it is and get them signed up), sharing passwords and other small notes securely is extremely easy. Just pop into your LastPass vault, click the "Share" link next to the password or secure note you want to share, type in your recipient's email address, and LastPass will take care of the rest—securely. If you're sharing login credentials, you can choose to share the actual password (so your recipient can learn what it is) or just share access to the credentials in question, so your friend or colleague can log without actually learning your password. For more info on how to share passwords with LastPass, check out our how-to on the subject.

Securely Send Documents and Other Files

If you need to send full documents—like paperwork for your job or a saucy photo—you'll need the help of an external service. Here are our favorite ways to securely send files.

Easy and Pretty Secure: Share it with Dropbox

Even if your recipient isn't using the popular file-syncing service Dropbox, you can still use it to securely share files with them. Here's how:

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

  1. Drag the file into your Dropbox. Anywhere in your Dropbox is fine; it doesn't need to go in your Public folder.
  2. Once your file is synced (you'll know it is once it's got that green check mark next to it), right-click on it and choose Dropbox > Get Link. This will copy its shareable link to your clipboard.
  3. Send that link over email or text message to your recipient, and they'll be able to securely download your file.

Since Dropbox encrypts everything you upload and download over a secure HTTPS connection, your file transfer should be secure from start to finish. The one notable exception: Dropbox's mobile app doesn't use an encrypted connection, so be careful not to upload the file from your phone over an open Wi-Fi connection, and if your recipient does use Dropbox (and you want to share the file with them through Dropbox's shared folders), make sure they don't use the mobile app to download it.

If you want to add a little extra security to this method (since anyone with access to your recipient's email could click the link and get the full file), you could use also employ the "half and half" method from section one: Send half the link to your recipient over email, and the other half over text message. They'll have to type it in manually instead of just clicking on it, but as long as their phone and email are secured with passcodes, this creates another level of security a thief would have to go through to get at your file.

Less Practical, But More Secure: Send It In an Encrypted ZIP File

The most secure way to send a file, though, is to encrypt it with a password. There are a lot of ways to do this, but we like to use our favorite archive utility, 7-Zip. Here's how to do it:

From Saucy Pics to Passwords: How to Share Sensitive Information Over the Internet

  1. Select the file or files you want to send, then right-click on them and go to 7-Zip > Add to Archive.
  2. In the window that pops up, stick with the default values. Under "Encryption", enter a password and choose AES-256 as the encryption method. Then click OK to create the archive.
  3. Email the resulting ZIP file to your recipient, and send them the password over text message or some other medium (don't put it in the same email as the file!) so they know how to open the archive.

This method is very secure, but it has one downside: this method requires that your recipient have a program that can open encrypted archives. Windows' native ZIP handling does not, so they'll need to download something like 7-Zip, PeaZip, or another good archive utility to open it up. And, if one of you is on a Mac, there are some other good compression apps that will let you password-protect your files, though most cost a bit of money.

For the Sexting Crowd: Nothing Is Foolproof; When In Doubt, Give It to Them In Person (or Don't Send It at All)

The methods above assume that you trust the person you're sending information to, and that that information isn't saucy enough to tempt them to spread it around. Your boss probably isn't going to start passing out your Social Security number, but a password to your Facebook account or a sexy photo is a lot riskier. Even if you trust the someone now, there's no telling what may happen in the future.

From Saucy Pics to Passwords: How to Share Sensitive Information Over the InternetA lot of apps have popped up over the years that "self destruct" messages after sending them, the latest of which is SnapChat—an iPhone app that automatically deletes your photo from a recipient's phone after they've seen it for a few seconds, but keep in mind that these are far from secure. Anyone could take a screenshot of their phone within those seconds to create a version of the photo that lasts forever, and then you're really in trouble. Besides, do you really want to trust a third party app you've never heard of with your drunken sexts?

The fact is, if something can be seen, it can be copied, and security extends only so far as you trust the recipient of that private info—whether it's a password or a picture.

In the end, for most exchanges of sensitive data, nothing's more secure than the tried and true in-person hand-off. It reduces the number of servers your data is duplicated on or spread across, it decreases the vulnerabilities that a snoop might try to exploit, and it ensures that the person you intended it for is the recipient.

If you have to send sensitive information into your office, hand it to them in person if you can. If you don't like a paper copy, encrypt your file on a thumb drive and hand that off in person. If it's something you don't have to send (e.g., things on the saucy end of the spectrum), you'd better have a lot of faith in the person you're sending to—or you're better off not sending it at all. After all, everyone has a camera or scanner these days, and if it's tempting enough, there's nothing to keep your recipient from spreading it around on the internet. Keep your private stuff close at hand and you'll never end up like [insert latest celebrity with a sex tape].


As we said before, these are only a few ways to securely send information over the internet, but there are countless others. If you have a favorite method that we didn't mention, share it with us in the comments.

Title image remixed from Mayer George Vladimirovich and mkabakov.

Number of comments

Last Night's Diablo III Debacle Demonstrates The Problem With 'Always-Online' Games

May 15th, 2012Top Story

Last Night's Diablo III Debacle Demonstrates The Problem With 'Always-Online' Games

By Kirk Hamilton

Last Night's Diablo III Debacle Demonstrates The Problem With 'Always-Online' GamesWe were all excited last night. After a 12-year wait, Diablo III, Blizzard's much-anticipated action-fantasy loot-fest, had finally arrived. It was sitting there installed on our hard drives, waiting for midnight to come, for Blizzard to unlock the game so we could play it.

The midnight hour arrived, and Blizzard's servers were overwhelmed. Too many people were trying to play at once, and most of us wound up locked out.

Diablo III requires a constant internet connection to play. Not just to start a game or activate a new copy, but to play. Always. An hour and a half after I had started trying to log in from the title screen, I gave up. I couldn't play Diablo III, even the single-player portions of the game, because Blizzard's servers weren't working.

This is a problem.

It wasn't the end of the world. Not even close. I'm not going to climb up here and holler about what a travesty this is, or how angry I am, or anything like that. It's not, and I'm not. The servers are mostly stable as of this morning. When I woke up, I made a groovy monk character and had a lot of fun blasting a ton of shambling corpses into bloody bits. All the same, last night's logjam neatly demonstrates the single greatest problem with any single-player game that requires an internet connection to play.

There will likely always be server problems with the launch of any popular, ambitious online game. Something like this happened recently with Star Wars: The Old Republic, for example—players had to wait a good chunk of time to get onto the server of their choice and start playing.

The thing is, The Old Republic is expressly intended as a massively multiplayer online game. That's the point—the game exists only as a multiplayer experience. But I don't really play Diablo games with other people. I like to click and plunder, to level up my guy and get lots of great loot. I can tell I'm going to have a complicated critical relationship with Diablo III, but I value the refreshing simplicity of its feedback loop.

I don't really play Diablo games with other people.

But the game I play doesn't need to be online. With Diablo III, Blizzard has melded the classic Diablo formula into something of an MMO/Single-player hybrid. That's an experiment that I'm very interested to watch unfold, even while I'm not sure that I personally want to be a participant.

I remember last year when another hotly anticipated PC game came out, Valve's Portal 2. The build-up felt very similar to last night—we'd all pre-loaded the game on Valve's distribution client Steam, and anxiously awaited the midnight unlock. And when midnight came, there were some issues—the game took a while to decrypt, and twitter-grumpiness ensued.

Twitter-complaining about Portal 2 was met with plenty of sarcasm and good-natured derision. "Oh, you have to wait an extra ten minutes to play your video game? Poor you! Let's keep things in perspective! These things happen."

Those chiders had a point. In under 30 minutes, we who had been complaining were all happily messing around in Portal 2.

I saw some of those same chiders online last night, but their tut-tutting felt more misguided. This was a different scenario, and so people were reacting differently. Portal 2 simply required an internet connection to unlock the pre-loaded game, but due to Blizzard's always-on internet requirement, there was (and will forever be) no way for us to play Diablo III without their servers up and functional.

Right then, during the launch hour, Blizzard's servers couldn't handle the truth. I tried for an hour and a half to get in and play the game to no avail. "Error 37" after "Error 37" after "The operation has timed out" after "Error 37."

Last Night's Diablo III Debacle Demonstrates The Problem With 'Always-Online' Games

If it had been a simple matter of activating my game, I would have been fine—time and again I logged in for long enough to shake hands with the server before getting kicked because, presumably, the server couldn't handle the increased load that came from letting me actually play the game.

I'm sure there are lots of reasons that Blizzard has decided to require a constant internet connection, and fighting piracy is only one of them. Certainly the in-game trading economy, which will be hugely engaging for a subset of players and hugely profitable for Blizzard and their parent company Activision, also factors. Doubtless there's also a desire to cajole single-player guys like me to dip into multiplayer, a game-mode that will engage and retain players for much longer than single-player.

But I don't want to get sidetracked making guesses about the ins and outs of Blizzard's online strategy. The important thing to note is that last night, a game was rendered unplayable for a large amount of time entirely because of server failure on Blizzard's part. Maybe it'll never happen again. But maybe it will.

We always knew that by demanding a constant internet connection, Blizzard was taking away a portion of the consumer's ownership of their game. Last night, as the starting gun fired, we got a reminder of what that really means. It means that we play at their pleasure, and that we no longer have the power to decide when our game starts and when it doesn't.

Number of comments

Your body's internal clock is at war with society

May 15th, 2012Top Story

Your body's internal clock is at war with society

By Robert T. Gonzalez

Your body's internal clock is at war with societyJust because you sleep later than your early rising friends doesn't mean you sleep longer than they do; nor does it make you lazier. And yet, the association between the time of day that a person wakes up and how proactive or driven they are is just one example of the many preconceptions that society upholds regarding sleep and productivity.

But here's the problem: these expectations might actually be working against us.

In his recently published book, Internal time: Chronotypes, Social Jet Lag and Why You're So Tired, German chronobiologist Till Roenneberg provides numerous examples of how social expectations surrounding time may be having a detrimental effect on large sections of the human population. Over on Brain Pickings, Maria Popova walks us through one of Roenneberg's examples, wherein he examines the clash between adolescents' sleep cycles and the starting times of typical school days:

Roenneberg points out that in our culture, there is a great disconnect between teenagers' biological abilities and our social expectations of them, encapsulated in what is known as the disco hypothesis - the notion that if only teens would go to bed earlier, meaning not party until late, they'd be better able to wake up clear-headed and ready for school at the expected time. The data, however, indicate otherwise - adolescents' internal time is shifted so they don't find sleep before the small hours of the night.

Here, we brush up against a painfully obtrusive cultural obstacle: School starts early - as early as 7 A.M. in some European countries - and teens are expected to perform well on a schedule not designed with their internal time in mind. As a result, studies have shown that many students show the signs of narcolepsy - a severe sleeping disorder that makes one fall asleep at once when given the chance, immediately entering REM sleep.

In other words: our culture's tendency to associate early rising with an ideal sleep pattern may be clashing with the biological needs of teenagers. On one hand, studies like this are troubling, because they suggest that we're standing in the way of our students' success. At they same time, however, they seem to point to a straightforward solution: simply tailor start-times to better fit the teenagers' biological clocks:

"Teenagers need around eight to ten hours of sleep but get much less during their workweek," writes Roenneberg. "A recent study found that when the starting time of high school is delayed by an hour, the percentage of students who get at least eight hours of sleep per night jumps from 35.7 percent to 50 percent.

"Adolescent students' attendance rate, their performance, their motivation, even their eating habits all improve significantly if school times are delayed."

Of course, teenagers aren't the only ones who feel the ill effects of a disconnect between biological time and social time. Evidence continues to pile up that the late-night schedules of shift workers clash so violently with their internal biological clocks that they actually increase their risk of obesity, diabetes, and a long list of other nasty health effects. Researchers have linked these adverse effects to discordance between the timekeeping mechanisms within our own bodies (the molecules that control the daily cycle of fat production and storage in your liver, for example) and our odd-hour work schedules.

Click to view Researchers who study metabolism call this "circadian misalignment." Roenneberg calls it "social jet lag" (a concept he explains quite succinctly in the video featured here). Whatever you call it, a growing body of evidence suggests that the disconnect between our internal clocks and societal clocks could be informing aspects of our daily lives ranging from metabolic disorders, to suicide rates, to alcohol consumption, to why older men marry younger women.

You can read more about Roenneberg's book, Internal Time: Chronotypes, Social Jet Lag, and Why You're So Tired, and his research over on Brain Pickings.

Top image via Shutterstock
Number of comments