Kibbles & Bytes Blog

Emily has been down here in Key West working with our team and taking conference calls by the pool. Actually, she has been working really hard, but we are taking her up to Bahai Honda state park this afternoon for a swim in the ocean.

Thank you so much for reading this issue of Kibbles & Bytes. We know it is really you, our most loyal customers, who make our business viable!

Your Kibbles & Bytes Team,
_Don, Kali & Stephanie_

This Apple MFI Certified Cable was designed with aluminum ends for durability and a flat design for zero tangles. Sync or charge any of your lightning devices!

Enjoy *free shipping* for the next week!

Give your iPod, iPhone or iPad some juice while your on the road! Equipped with a LED power indicator
and sleek and compact design! Does not include a power cable so be sure to grab one of those. And check out our Lightning cable’s below!

Enjoy *free shipping* for the next week!

Small but Powerful! Charge your iPhone, iPod or iPad on the road with the Belkin Car Charger with included Lightning to USB cable. Get unlimited play and standby time with the low-profile design that sits flush in your dash.

Enjoy *$10 off* for the next week!

The new Beats Studio is lighter, sexier, stronger, and more comfortable, with precision sound, Adaptive Noise Canceling, a 20-hour rechargeable battery, and RemoteTalk. It has all the energy and excitement you expect from Beats, plus a powerful, reengineered sound. Available in black, red and white.

*Purchase Beats Studio 2.0 and Receive a $50 Small Dog Gift Card!*

*Hurry! Our trade-in promotion is ends Monday!*

Have an old computer that’s just not working for you anymore? Don’t go crazy — trade it in!

*From 4/7 – 4/21, you’ll get an extra $100 in trade-in credit on your old Mac or PC when you purchase a new Mac!* That’s right — you’ll receive at least $100 for your old computer, and in most cases, much more. Just bring your computer in, and we’ll get you a competitive trade-in value. See an associate for details!

Plus, if you buy any new Mac along with AppleCare (same invoice), we will transfer the data from your old Mac to your new one for *FREE*! There’s no need to stress, fret, or worry about how you’ll get all of your important documents and pictures to your brand new Mac.

??*Transfer promo requires a working Mac with OS X 10.5+.??

Hopefully by now, most people have heard about Heartbleed. No need to panic (“*click here*”:http://blog.smalldog.com/article/heartbroken-about-heartbleed/ for steps to take if you haven’t already), but it was a serious issue in the tech world. If nothing else, it’s really shone a light on all sorts of computing security practice vulnerabilities. Many experts have suggested now is a great time to update passwords you use online.

When I started studying computer science in college, the older students often talked about this “hacking challenge” that one of the professors liked to do in his course on operating systems. It didn’t seem real…a challenge where the goal was to hack into a system? When I finally found myself in the operating systems course, I discovered just how real the hacking challenge was.

There were two parts: In the first part, we students took on the role of the defenders. In real life, most of us are defenders trying to keep hackers away from our private data. For this challenge, we were defending a system from attacks by the professor. In the second part, we assumed the role of the attackers. We were the bad guys trying to get into a system that the professor was defending.

In the defending role, the only thing at stake was pride and bragging rights. In the attacker role, in addition to pride and bragging rights, a hefty number of bonus points were offered up as added incentive. We were successfully able to defend the system against the professor’s attacks, but only barely. We underestimated his deviousness, and a key logger was nearly our undoing.

The more interesting part was when we assumed the ‘attackers’ role. As in love and war, nothing (within the rule of law) was off limits. There were a number of “checkpoints” we could reach in compromising the system, and we received points for each unencrypted password we were able to successfully identify. Each identification was met with exasperated groans from the professor as we called him to report it. The ultimate prize was an encrypted file that we needed to find and decrypt. Ultimately, we were able to compromise the entire system including the root password, and given more time, we were on our way to recovering and decrypting the encrypted file.

What did I learn from this challenge? I was taken by complete surprise how devious and clever we all became trying to break into that system. I also learned just how easy it was to break reasonable length passwords. Dictionary words? Might as well just hand your data to us on a silver platter. Proper nouns? No problem. Numbers added in? No problem. Weird characters? Slight inconvenience, but still doable. In many cases, we didn’t even bother being clever at all. Computational power and speed has become so ubiquitous and cheap, “lazy” brute force attacks on some more common hash and encryption algorithms are almost trivial. Just three or four of us requisitioning about 15 computers in a lab to do our bidding for a few hours was all it took.

Full disclosure: We had physical access to the machine in this situation. No one wanted to be responsible for us picking locks or otherwise trying to get into a locked office. Physical access allows attackers to bypass many of the network security speed bumps. The machine was also running a version of Linux, which uses similar security features and technologies to OSX. Windows is (or was) theoretically even easier to compromise. I expect newer versions don’t use the easily breakable hash algorithms of versions past.

*So what would I recommend?* Good complex passwords are important, but if it’s so complex you’re just going to write it on a post-it and stick it to your monitor, it’s too complex. There are tools to help keep track of your passwords, and I’ve used things like Keychain Access to help with that, but ultimately, the longest, or most complex password you can memorize is the best policy. Many companies and organizations use a password expiration policy, but these policies are somewhat outdated. They cause frustration for users and admins, and discourage people from memorizing passwords (more post-its on monitors). Nowadays if someone gets your password, they aren’t going to wait. They’re going to start looking for where it will work immediately. I know I would.

My personal recommendation is to go for the longest password you can, as that’s what I do. The web comic XKCD had a great strip about “*long passwords*”:http://xkcd.com/936/ a while back. Another good idea is to check if your favorite password shows up in any “*password leak*”:http://www.darkreading.com/risk/phpbb-password-analysis/d/d-id/1130335 or “*common passwords lists*”:http://gizmodo.com/the-25-most-popular-passwords-of-2013-god-help-us-1504852434.

??Disclaimer: The hacking exercise described here is an example of “*white hat hacking*”:http://en.wikipedia.org/wiki/White_hat_(computer_security). We were authorized to hack into the system as part of a learning exercise. You should never willfully hack into any system or attempt to steal passwords from anyone. For one, it’s highly unethical, and in many cases, it’s also illegal and could result in heavy fines or jail time. Even “*grey hat*”:http://en.wikipedia.org/wiki/Grey_hat or activist hackers often find themselves on the “*wrong side of the law*”:http://www.theguardian.com/technology/2013/nov/15/jeremy-hammond-anonymous-hacker-sentenced.??

Last week, I experienced a scare when I couldn’t find my -right hand- iPhone after a series of stops in Burlington. At the point at which semi-panic set in, I found myself digging through my car, desperately trying to locate it, for the better (nope) part of half an hour. To my dismay, it wasn’t there, and I had to plan my next steps.

I made my way back to the S. Burlington store to get online to use Find My iPhone with the hope that it would show me exactly where it absconded to (sorry for ending this sentence with a preposition — I couldn’t resist the opportunity to use the word “absconded.”) Anyway, I logged into “*iCloud.com*”:https://www.icloud.com and got to sleuthing.

I clicked on Find My iPhone, and it located it within a minute. It was in car, moving swiftly down the highway. __Not my car.__

I’ll spare you the details since this was likely the result of a misunderstanding and get to the part that you’ll need to know/have if this ever happens to you. Everyone knows that the Find My iPhone app/technology is cool, but until you have to use it, you never realize just how much, and that the process of retrieving your phone if it’s actually with someone else rather than lost in your couch cushions requires certain info.

Here are my tips to protect yourself:

*Register your phone when you buy it.*
This not only protects your warranty, but it also provides a way for you to look up your serial number if it’s ever stolen. The police ask for this as part of their report, and you have access to your serial number no matter where you are — so even if your receipt is stored at home or you’ve thrown it (or the original box) out, you can get that crucial (and time-sensitive) data to the authorities when they need it.

*Set up Find My iPhone.*
Duh. I’m so glad I took the time to do this because it let me know exactly where my phone was once I accessed it in iCloud. There are three options once you locate it: Play Sound, Lost Mode, and Erase iPhone. It’s important to note that the latter two will render your phone untrackable; I chose not to select those because I wanted to still see where my phone was headed. Whether you choose to use those or not depends on your situation. Playing the sound would also potentially alert the person with the phone to the fact that you know it’s gone, so evaluate that as well. Find My iPhone also displays your battery’s charge, which was extremely helpful for me because I knew that its time on was numbered. Once the battery goes dead, it’s also (obviously) not trackable.

*Bookmark* “*this site.*”:http://supportprofile.apple.com
Log in to Apple’s Support Profile page with your iCloud information, and there, you will be able to view all of your (registered) Apple devices and computers. This was my saving grace, since I didn’t have my serial number accessible any other way when I was at the store. (Note: We record a device’s serial number on the original invoice, but I had swapped out my iPhone 5 for another model recently, so the data wasn’t accurate.)

All’s well that ends well, and I got my phone back that day. It was a great lesson in why registering your valuables is essential!