Archive for January, 2014

Here’s how to solve that problem.

Exit Notes.

Locate Notes.INI. (It used to be under c:\lotus\notes\ — not under data — but newer versions install under a different location.)

Find a line with AddInMenus

If the only item listed is for Adobe Acrobat, then comment out the whole line with a semi-colon

If there are other add-ins in the line, duplicate the line, then comment it out, then modify the one still active by removing the Adobe reference

Restart Notes to confirm it’s gone.

Comments are off for this post

Each time you turn around, there’s another news story about compromised passwords and computer security. Just recently we’ve learned of massive breaches at Target, Neiman Marcus, Adobe, and Cupid Media (the OK Cupid dating site people.)

An important thing to remember is to use unique pass phrases on every web site so if one site gets compromised, the others aren’t.

For example, if the Adobe data dump revealed your password of “I-Like-CLU-in-2014″ to the bad guys, they will try to use that same password on your banking site and could rob you.

Some people resist using multiple passwords because they’re a pain to remember.

Here’s a suggestion — not perfect, but will do for the majority of sites — that will help keep things reasonably safe, while still making every password unique, yet memorable.

Given some baseline pass phrase (more than just a password) that only you know, such as the aforementioned “I-Like-CLU-in-2014″, append a site-specific suffix mnemonic to it. For example, your pass phrase for the Wells Fargo web site might be: “I-Like-CLU-in-2014.WellsFargo” while you might use “I-Like-CLU-in-2014.Target” for the Target web site.

If a “black hat” puts eyeballs on your pass phrase they may recognize the pattern, but in my opinion that is highly unlikely. When they harvest 40 to 70 million IDs and passwords at a time, they’re gonna write programs that test your credentials against other sites, not humanly scan each one individually.

As a side note,  I recommend using a different e-address for each site you access. Unless you have some technical savvy and your own domain, this might be problematic. However, you can use a service such as offered by SpamGourmet.com to generate anonymous e-addresses that are site specific.  I’ve had about 95% success with Spamgourmet.com addresses.  In only a few cases (Redbox and the City of Phoenix are two that come to mind), the vendor blocks, drops, or ignores those addresses even though they are valid.

Lastly, it’s old news but I’ll repeat it anyway: make your pass phrase long enough that it’ll be hard to guess, with a mix of letters (upper and lower case), numbers, and punctuation.

Yeah, it’s all rather a pain in the okole, but replacing your credit cards, recovering stolen funds, or trying to repair your credit history is a much bigger pain.

John

P.S. I was directly affected by the adobe.com breach. After the breach I began receiving phishing e-mail from Russia. Fortunately the messages went to my SpamGourmet address, so I just disabled that one address without affecting my other logins or addresses.

Comments are off for this post