Header
---

BLCOMP Newsletters

August 2015

In This Issue...

1) Are BitCoins Secure??? Or our we Wasting our Time???
2) Bitstrips Very Popular, Very Fast. Why?!?
3) FireSheep - Your Still Not Safe in those Coffee Shops
4) CryptoLocker Ver 2 - Terrorism, Ransom-ware and Hijacking
5) BAS and Why You Should Have It

---

(1)

Are BitCoins Secure??? Or our we Wasting our Time???

Are BitCoins Secure???
Or our we Wasting our Time???

It seems everyone who thinks they know everything about BitCoins (but know nothing, except reading a few online articles) think they can say anything about it. The first thing we have to accept when dealing with an electronic digital currency is it’s a digital file, and as a digital file it has to be stored somewhere and hopefully secured as well.

For comparison sake, lets stay with a document you designed that you cannot be without (maybe it has finance data on it).

Now are you going to leave this document anywhere where is can get lost? Or in the open where someone can alter or copy it??? I don’t think so...

Also you would think you would back it up somewere… you know maybe it gets deleted and you lose your hard work. So you back it up securely.

Ok so it's backed up and very secured (by password?!?). Now are you going to promote it online so anyone can get the file??? No. If they got the file (even password protected), they could then go about opening the file with other software (at their own time) and still get the information in the document.

So why is it any different with a digital wallet?!? I don’t think people know how important the digital wallet is and how secure it needs to be… also where it has to be stored... Not in the open, that's for sure!!!

Let's also not forget about the Viruses, Trojans, Ransom-ware, File Corruptions, Hard-Drive Failures, ect... There are so many things out there trying to get access to your files or corrupt them either by accident or by intended... It just makes so much sense to back up your important files today... When you need it it's there...

So it dawns on me when I see an article like this one (If BitCoin Is So Secure, Why Have There Been Dozens of BitCoin Bank Robberies And Millions In Losses?) did they know about digital files???

BitCoins (and the like) of today are a complicated structure of digital files that are mathematically created on the network of choice (the Internet) securely and should be stored somewhere securely until needed (hmmm sounds like a wallet or purse on someone's person). These digital files contain representation of usable currency of today's markets. Being a digital file it can get moved and modified from one computer / network to another computer / network very easily in today's technology environment. That being said I would not like to loose my BitCoins... THEY ARE SECURED OFFSITE and I only bring it online when needed. IT IS NOT STORED IN A DIGITAL WAREHOUSE just waiting to be plucked by a black hat person. I know it will be with me until I get rid of them in my method, not by someone stealing them behind my back.

There is also a point of digital Fraud... Let's say you have a few unsavory people and they get together to form a digital warehouse with all the promotions and lowest handling fees (if any) and I'm sure they promote security with interest... They prey of the greed (and foolishness) of people to build up their warehouse only to steal the amounts when their ready... The fools they stole from have no recourse due to lack of checking out the so-called company.

Just be forewarned about digital dollars... It's a great idea but you need to be secured with them. No mater how you make the digital dollars you don't want to lose them insecurely.

 

When I rectified my BitCoins back in the early years the value of the BitCoins were 1 BTC = $0.15 US. At the time of this article 1 BTC = $506.84 US. That's over 3000 times increased in 3-4 years... Wow!!! Let's say I had only 4 BitCoins back in the day, their value as of today is $13,514.67 US..... Yikes... I know people who have 50 BTS ($168,933.33)...

With this amount of dollars at risk you don't want someone comes around remotely and steals some if not all your BitCoins...

In recap... If you want to use the latest technology in currency of today then please use all the steps in securing it... Otherwise you get what you deserve in losing it... Maybe it might wake you up and either stay away or do the proper thing to hang on to your currency.

Read more.

---

(2)

Bitstrips Very Popular, Very Fast. Why?!?

Bitstrips Very Popular, Very Fast. Why?!?

 

Well it seems that this thing called Bitstrips came out of nowhere and everyone seems to be using it. Did they check around the history of this company before accepting it blindly and giving away all security info to who ever the company is?!?

If you don't know yet Bitstrips is another Facebook Plugin people are using to give themselves a cartoon look on their Facebook postings. I always thought it was odd that it's popularity took off way too fast.

It seems I was right, at least from the Security leak files.... According to the leaked files, Bitstrips is another NSA Trojan designed to get one's contact and personal info to the Federal SPY Agency's (you know, the GOOD GUYS)...

 

The company is called Bitstrips Inc. and like I said before the Security Leak Files and Snowden say this is an NSA front.

If they weren't spying enough on us already... It seems that the owner of the Facebook account has to agree to the usage of the plugin (on Facebook) which now makes it legal for the spy's to spy on us. Isn't that nice of them?!?

I think there are more that the fair share of apps out there to draw oneself in to a cartoon rep and not to give the spy's an edge... Your call and your privacy!!!

I for one WILL NOT USE THIS PLUGIN / APP. I like my privacy!

Read more.

---

(3)

FireSheep - Your Still Not Safe in those Coffee Shops

FireSheep - Your Still Not Safe in those Coffee Shops

 

What is it?!?
FireSheep is an add-on extension for Firefox. It was made for the purpose to prove that login credentials are obtainable via hijacking. By using this very simple extension anyone who runs it on a shared network can grab 90-99% of social media login credentials to be used as an imposter login. In this day of security consensus people you would think this extension would be useless... But that statistics prove it is still usable and is Still Running!!!

Targeting?!?
Most Users of social media after logging into their areas keep themselves logged into the site thus keeping a cookie in their web browsers in open view and not encrypted.

Potential Example?!?
A hacker enters a coffee shop to look like a normal person working on a notebook drinking their coffee Secretly running FireSheep in the background. The hacker can grab all the social media login credentials they ever needed per session with no programming experience necessary while looking innocent and store the data for later reference. An hour or two later the hacker exits the coffee shop and saves the captured data.
Once the social media login credentials are obtained by the hacker the hacker can now login to the social media site to do whatever they want to. They can grab more info from the captured logins like email addresses, friends lists, hidden pictures, user comments between friends and a lot more that the social media site stores on its sites.

How to Protect Yourself?!?
The simplest way is to use https web-based protocol every time when using social media.
On most sites in the settings areas you can force https...
If you have to login to the network (via WPA/2) then that should protect you against FireSheep. Remember 98% of free networks don't use this however.
The best way is to use a VPN (Virtual Private Network). No data will be leaked when using a VPN. Your network connection endpoint to endpoint is protected. Harder to set up but well worth it... It protects you against this and many more issues not covered in this article.

Final Thoughts?!?
FireSheep can be used on a shared network. Because of this wired, wireless and both type used at the same time are at risk. When someone is impersonated via this issue lots of problems can arise. Types of social media sites are Facebook, LinkedIn, dating sites, twitter and many more. A lot of users reuse the same passwords on many sites and the hacker can retrieve this info for their own needs (usually up to no good)...
A quote from the creator of FireSheep is "I Released FireSheep to show that a core and widespread issue in Website Security is being Ignored"... And it will force people to login via a higher security concern hopefully.

Read more.

---

(4)

CryptoLocker Version 2 - Terrorism, Ransom-ware and Hijacking on the Internet Gone MAD

CryptoLocker Version 2 - Terrorism, Ransom-ware and Hijacking on the Internet Gone MAD

 

Seen in the wild recently for the last three weeks, be Very Careful.  Some firms have confirmed the technical details of both CryptoLocker versions (1 & 2) and have come to some conclusions:

Area Compare Version One Version Two GUI Interfaces Similar Styles Similar Styles Files Encrypted *.doc, *.docx, *.txt, *.bmp *.doc, *.docx, *.txt, *.bmp, *.gif, *.jpg, *.jpeg, all type of videos and music files Public Key Encryption (pki) 2048 bit pki clams to use 4096 pki, but uses 1024 pki Cipher Used AES Rijndael Triple Des Written in C++ C# Payment Accepted Bit-Coin, Money Pal, U-Cash and Cash-U Bit-Coin Only Format for Hiding the Encrypted ID Keys Appends to the Encrypted File Header Uses the same file name with ".k" file ext and stores the encrypted ID numbers in this separate key file Transmitted Media By Email Attachments the User Must Open Free Fake software activators / cracks for commercial software (i.e. Windows 7, 8, Photoshop, Office 2013 and many more) seeded all over the web

In conclusion CryptoLocker Version 2 is a Completely different written look-a-like program / virus which some people have speculated that version two was started by the big software company's like the original viruses written so long ago to demote software illegal copying.  Be Very Careful when downloading Free Software on the Internet Today.

 

Read more.

---

(5)

BAS and Why You Should Have It

BAS and Why You Should Have It

 

BAS in short stands for Building Automated Systems. It makes smart buildings smarter by integrating multiple devices to be controlled by a common interface that can log and excel what the building needs to be the most efficient system to help the owners and operators.

If done correctly the BAS will work in the most efficient way producing less cost on building costs and maintainance. The operators responsible could have remote operation or remote alerts to decrease down time of the building and thus improve building efficiently.

There are many types of BAS environments out in the world today calming to be the best. Many such systems are too costly with way too much overhead to ever get back an ROI. The trick is to choose correctly of have a trusted consultant match your building with the correct system. The main goal is to have the most efficient system that does the best job and having your ROI come back to you in the fastest way. Like the saying goes: "Having your Cake and Eating it to".

There are lots of factors when updating an existing BAS or adding a BAS. The trick is making everything talk to each other. Great examples could be the chiller system (cooling plant) able to tell if the building is occupied. Or why light the building on all floors if the 3rd floor is only in use. Is the heating system needed in all areas of the building or can we minimize the heat load to who is there? Setbacks, setups, load shifting, load sequencing, load balancing, BACnet, web integration, short stroke timeout, delays, logging data, charting data are all many factors making a BAS what in needs to be today. The Graphics Package also needs to be top of the line in response time as well as reporting time. Truth be told it doesn't need to show the exact hardware installed but a true graphical system of the whole system connected to that device with sequence of operations to be used at that time to reduce the learning curve and not having to find a system manual in a time of emergency. The BAS is there to help / aid you and not hinder you!

A common mistake found by designers are the cooling plants. They start off as a working design to test and commission the chillers. They fill up the screens with data then need only to only delete them after they are done. Then they add the extra info the customer wants to an all ready very busy screen. When done the graphics are too slow or not showing the correct system, they will show the chiller and reference connected systems but not the whole cooling system. A good consultant will not only work with the engineers but also with the designers and after the commissioning is done and the correct programming is completed then the correct system graphics are installed with sequence of operations linkable to be brought up if needed. It will include the full cooling plant including pumps, flow directions, automatic and manual cutoffs, valves, temperatures and schedules and many more. The trick is to include how the system looks and works with being useable but not to much overbearing. Seeing the big picture not just a corner of it can keep problems in hardware with down time at a limited amount and thus saving the owners money.

Everyone always asks why have a likable sequence of operations and not the full text on the screen at all times??? The answer is it take up valuable real-estate and is not needed by the main operator who already knows how the system should work, it is only needed when a temporary operator is using the system in covering vacations. It is very handy to have in PDF format to be able to print out and follow with system graphics. It should always be updated with the current sequence of operations and any changes to the system or it becomes very useless very fast.

You could have the heating systems, cooling systems, VAV systems, lighting systems, security systems, door systems, fire systems and video systems all integrated. They could be controlled individually or grouped by systems and controlled by the main BAS. They all could be monitored and trended for data retrieval at a later time. Power monitoring with load shedding can be introduced for cost savings. Heat loads and cold loads can be ruled out through the building and controlled with no overshooting. Systems could be scheduled and / or algorithms could be used to control devices based on sequences of operations with set points.

Types of useful additions to plants could be an eviction plan due to an emergency alarm. Shutdown of HVAC as well as lighting systems to light the way out. Heat treating modes for plants could also be used with BAS, no lighting needed but monitoring of systems with no people involved in such conditions can be very useful.

Read more.

---