Free Shipping | Micro Accessories Auto Charger

Hopefully by now, most people have heard about Heartbleed. No need to panic (“*click here*”:http://blog.smalldog.com/article/heartbroken-about-heartbleed/ for steps to take if you haven’t already), but it was a serious issue in the tech world. If nothing else, it’s really shone a light on all sorts of computing security practice vulnerabilities. Many experts have suggested now is a great time to update passwords you use online.

When I started studying computer science in college, the older students often talked about this “hacking challenge” that one of the professors liked to do in his course on operating systems. It didn’t seem real…a challenge where the goal was to hack into a system? When I finally found myself in the operating systems course, I discovered just how real the hacking challenge was.

There were two parts: In the first part, we students took on the role of the defenders. In real life, most of us are defenders trying to keep hackers away from our private data. For this challenge, we were defending a system from attacks by the professor. In the second part, we assumed the role of the attackers. We were the bad guys trying to get into a system that the professor was defending.

In the defending role, the only thing at stake was pride and bragging rights. In the attacker role, in addition to pride and bragging rights, a hefty number of bonus points were offered up as added incentive. We were successfully able to defend the system against the professor’s attacks, but only barely. We underestimated his deviousness, and a key logger was nearly our undoing.

The more interesting part was when we assumed the ‘attackers’ role. As in love and war, nothing (within the rule of law) was off limits. There were a number of “checkpoints” we could reach in compromising the system, and we received points for each unencrypted password we were able to successfully identify. Each identification was met with exasperated groans from the professor as we called him to report it. The ultimate prize was an encrypted file that we needed to find and decrypt. Ultimately, we were able to compromise the entire system including the root password, and given more time, we were on our way to recovering and decrypting the encrypted file.

What did I learn from this challenge? I was taken by complete surprise how devious and clever we all became trying to break into that system. I also learned just how easy it was to break reasonable length passwords. Dictionary words? Might as well just hand your data to us on a silver platter. Proper nouns? No problem. Numbers added in? No problem. Weird characters? Slight inconvenience, but still doable. In many cases, we didn’t even bother being clever at all. Computational power and speed has become so ubiquitous and cheap, “lazy” brute force attacks on some more common hash and encryption algorithms are almost trivial. Just three or four of us requisitioning about 15 computers in a lab to do our bidding for a few hours was all it took.

Full disclosure: We had physical access to the machine in this situation. No one wanted to be responsible for us picking locks or otherwise trying to get into a locked office. Physical access allows attackers to bypass many of the network security speed bumps. The machine was also running a version of Linux, which uses similar security features and technologies to OSX. Windows is (or was) theoretically even easier to compromise. I expect newer versions don’t use the easily breakable hash algorithms of versions past.

*So what would I recommend?* Good complex passwords are important, but if it’s so complex you’re just going to write it on a post-it and stick it to your monitor, it’s too complex. There are tools to help keep track of your passwords, and I’ve used things like Keychain Access to help with that, but ultimately, the longest, or most complex password you can memorize is the best policy. Many companies and organizations use a password expiration policy, but these policies are somewhat outdated. They cause frustration for users and admins, and discourage people from memorizing passwords (more post-its on monitors). Nowadays if someone gets your password, they aren’t going to wait. They’re going to start looking for where it will work immediately. I know I would.

My personal recommendation is to go for the longest password you can, as that’s what I do. The web comic XKCD had a great strip about “*long passwords*”:http://xkcd.com/936/ a while back. Another good idea is to check if your favorite password shows up in any “*password leak*”:http://www.darkreading.com/risk/phpbb-password-analysis/d/d-id/1130335 or “*common passwords lists*”:http://gizmodo.com/the-25-most-popular-passwords-of-2013-god-help-us-1504852434.

??Disclaimer: The hacking exercise described here is an example of “*white hat hacking*”:http://en.wikipedia.org/wiki/White_hat_(computer_security). We were authorized to hack into the system as part of a learning exercise. You should never willfully hack into any system or attempt to steal passwords from anyone. For one, it’s highly unethical, and in many cases, it’s also illegal and could result in heavy fines or jail time. Even “*grey hat*”:http://en.wikipedia.org/wiki/Grey_hat or activist hackers often find themselves on the “*wrong side of the law*”:http://www.theguardian.com/technology/2013/nov/15/jeremy-hammond-anonymous-hacker-sentenced.??

Small but Powerful! Charge your iPhone, iPod or iPad on the road with the Belkin Car Charger with included Lightning to USB cable. Get unlimited play and standby time with the low-profile design that sits flush in your dash.

Enjoy *$10 off* for the next week!

Emily has been down here in Key West working with our team and taking conference calls by the pool. Actually, she has been working really hard, but we are taking her up to Bahai Honda state park this afternoon for a swim in the ocean.

Thank you so much for reading this issue of Kibbles & Bytes. We know it is really you, our most loyal customers, who make our business viable!

Your Kibbles & Bytes Team,
_Don, Kali & Stephanie_

_Dear Friends,_

They say that winter is not really over until the April snowstorm has hit Vermont, and we had that this week with a reported five inches up at my house on Prickly Mountain. Hopefully, the roads will now dry out and the rivers get back in their banks!

Hapy, who has been waiting very patiently for his new “*Mac Pro,*”:http://www.smalldog.com/product/84464 is now sporting the diminutive powerhouse on his desk. I really do not know what he will do with all that freed up desk space, but I am sure it will be covered soon. I hope I can twist his arm to write a review next week for Kibbles!

Normally, this time of the year Jason and/or I are in China for the trade shows, but we decided to skip the spring shows this year as there were no compelling new products for us to source. I have heard, however, that some of the manufacturers over there are already showing cases for future, unannounced products. That is always risky as specifications (and more importantly, dimensions) frequently change at the last minute.

We have three job requirements of all Small Dog employees that help us to manage the business. Each employee writes a weekly report to their manager and copies Hapy and myself. In these reports we are looking for a report of work accomplished, work planned for the next week, obstacles encountered, resources needed and any general commentary. With sixty employees, sometimes it takes me awhile to read them all but I find them incredibly valuable.

The second job requirement is that each employee, whether they are sales people, shippers or accountants, takes the series of Apple online training modules and achieve the designation of Apple Product Professional. We may be the only company that has 100% of our staff with this designation. I really want whomever answers your call or email to be very well-versed on the products we sell.

The third job requirement is that employees take a paid day off each year to perform community service. The only requirement here is that they send me an email describing their work. Community service has run the gamete from helping with the clean-up from hurricane Irene to working the Special Olympics or helping a neighbor stack wood.

My Kibbles & Bytes special for this week is the MacBook Air 11-inch model featuring a 1.3GHz Intel i5 processor, 4GB of RAM and 256GB of solid state storage. This is the ultimate in portable Macs! Weighing in at only 2.38 pounds, it is the lightest Mac you can buy. I am bundling this MacBook Air with AppleCare, of course, so that you have the protection for three years instead of just one, and three years of technical support from Apple instead of just 90 days. Two more items in this bundle provide more protection for you. The Hammerhead 11-inch Leather Envelope is a great case for this Mac and you need backups (yes, you NEED backups!) so I am including a Seagate 500GB Backup Plus Slim drive that will make it easy with Time Machine to have all of your data backed up! This lightweight portable bundle is available exclusively to Kibbles & Bytes readers for only $1,449 for this week (while supplies last).

“*Purchase this bundle here!*”:http://www.smalldog.com/wag900001372

The new Beats Studio is lighter, sexier, stronger, and more comfortable, with precision sound, Adaptive Noise Canceling, a 20-hour rechargeable battery, and RemoteTalk. It has all the energy and excitement you expect from Beats, plus a powerful, reengineered sound. Available in black, red and white.

*Purchase Beats Studio 2.0 and Receive a $50 Small Dog Gift Card!*

Last week, I experienced a scare when I couldn’t find my -right hand- iPhone after a series of stops in Burlington. At the point at which semi-panic set in, I found myself digging through my car, desperately trying to locate it, for the better (nope) part of half an hour. To my dismay, it wasn’t there, and I had to plan my next steps.

I made my way back to the S. Burlington store to get online to use Find My iPhone with the hope that it would show me exactly where it absconded to (sorry for ending this sentence with a preposition — I couldn’t resist the opportunity to use the word “absconded.”) Anyway, I logged into “*iCloud.com*”:https://www.icloud.com and got to sleuthing.

I clicked on Find My iPhone, and it located it within a minute. It was in car, moving swiftly down the highway. __Not my car.__

I’ll spare you the details since this was likely the result of a misunderstanding and get to the part that you’ll need to know/have if this ever happens to you. Everyone knows that the Find My iPhone app/technology is cool, but until you have to use it, you never realize just how much, and that the process of retrieving your phone if it’s actually with someone else rather than lost in your couch cushions requires certain info.

Here are my tips to protect yourself:

*Register your phone when you buy it.*
This not only protects your warranty, but it also provides a way for you to look up your serial number if it’s ever stolen. The police ask for this as part of their report, and you have access to your serial number no matter where you are — so even if your receipt is stored at home or you’ve thrown it (or the original box) out, you can get that crucial (and time-sensitive) data to the authorities when they need it.

*Set up Find My iPhone.*
Duh. I’m so glad I took the time to do this because it let me know exactly where my phone was once I accessed it in iCloud. There are three options once you locate it: Play Sound, Lost Mode, and Erase iPhone. It’s important to note that the latter two will render your phone untrackable; I chose not to select those because I wanted to still see where my phone was headed. Whether you choose to use those or not depends on your situation. Playing the sound would also potentially alert the person with the phone to the fact that you know it’s gone, so evaluate that as well. Find My iPhone also displays your battery’s charge, which was extremely helpful for me because I knew that its time on was numbered. Once the battery goes dead, it’s also (obviously) not trackable.

*Bookmark* “*this site.*”:http://supportprofile.apple.com
Log in to Apple’s Support Profile page with your iCloud information, and there, you will be able to view all of your (registered) Apple devices and computers. This was my saving grace, since I didn’t have my serial number accessible any other way when I was at the store. (Note: We record a device’s serial number on the original invoice, but I had swapped out my iPhone 5 for another model recently, so the data wasn’t accurate.)

All’s well that ends well, and I got my phone back that day. It was a great lesson in why registering your valuables is essential!