My state-wide teaching tour took me to the Tulsa area, last week; specifically, the Will Rogers Library in Claremore on Tuesday, and the Bartlett-Carnegie Public Library in Sapulpa on Wednesday.
More libraries around the state will be added to the tour, soon. They will be announced in this column and on my website.
My class, “Fight the Internet Bad Guys and Win!” will teach you how to defeat the Internet bad guys who want to mess with your life. The class is free, one night only, and will last about 90 minutes. If you use a computer, you should attend. Visit my website for more details.
One section of the class covers how to make sure you are safely logging on to your various Internet accounts. If you are not careful, you can logon to a fake website that looks just like the real thing, and unknowingly give your passcodes to the bad guys; it happens every day. It is important that your personal information flying around the Internet is protected, so, welcome to the “S+lock” rule.
The most effective way to protect your information is to use encryption. Encryption turns your information into encoded gobbledygook that can only be read by people with a special encryption key, a key that only you can provide. Years ago, encryption was a real hassle to use, but not so anymore. There are some very easy-to-use, free encryption methods that can give you a very high level of information security.
If you are like most people, you visit websites that require you to login by providing a user name and password. Websites that provide email fall into this category, as well as banking websites, social networking sites like FaceBook and dating websites like Match.
When you visit these sites, pay attention to the website’s address at the top of your browser and observe the “S+Lock” rule. What you want to see is the address prefix “https” in front of the website address, and a little yellow lock symbol down in the corner. Sometimes, the lock will be up top in the address bar, but, if your browser is properly configured for security, it will be there somewhere.
The “s” at the end of http and the lock mean that you are logging in on a secure page that encrypts your username and password before sending this information across the Internet. If you do not see the “s” after http or the lock then you may be sending your username and password in “plain text,” meaning that this information can be easily intercepted and read, resulting in stolen login credentials. If you don’t see the “s,” try putting it in the address yourself and visiting the modified address. Website bookmarks and favorites should be changed accordingly.
Because the S+Lock rule is not 100% invulnerable (if your computer has a virus, it can be spoofed), most high-profile e-commerce website are incorporating yet another security device in the address bar called Extended Validation (EV). Landing on a very-secure website that uses Extended Validation will cause part or all of the address bar to turn green or blue. The colors tell you that website has taken extra security measures to protect your login information.
To see examples of EV colors, go to amazon.com and click the “Sign In” link. Part of the address bar should turn blue. You should also see “https” and the lock symbol. Then, go to ebay.com and click the sign in link; part of the address bar should turn green.
One glaring example of security stupidity is the social networking website MySpace. MySpace does not have a secure login page; they do not observe the S+Lock rule, and they don’t seem to care about fixing the problem. If you use MySpace, make sure that your user name and password are not the same as any other sites that you visit, as you may be giving away important information.
One worthy exception to the S+Lock rule is the Cox Internet website used by many local folks at www.oklahomacity.cox.net. The S+Lock options are embedded right into the page itself. Note the little lock inside the login box; this tells you that your username and password will be encrypted as soon as you click the “Sign In” button.
For some entertaining information on this subject, read my article from August, 2008 titled, “Busted by Defcon’s Wall of Sheep.”