Ideas for safe browsing in an unsafe world

Last few weeks there have been numerous reports of various hacks, tools, apps, malwares, privacy policy violation that etc that make it easy to steal our identity, gain access to our personal information, or to otherwise profile and compartmentalize us.

This relentless assault on safely and security of online browsing, let me to device an scheme that would help me feel somewhat secure in this insecure world. Here is the idea. I would love your feedback or to know more about how you make online experience more secure.

I divide my online browsing into 4 major categories:

1. Sites where I do financial transactions My Bank, Broker, Credit card provider etc.
2. General Browsing News Sites, Various Blogs, Online research, where I dont have enter a password.
3. Sites which know a lot about me These sites are usually protected by password Mail, social sites.
4. Hi Risk sites Shady sites which I know try hard to install malware.

My major concern was that one “bad” or a “poorly” implemented site should not compromise other sites or my computer. If a site is inherently unsafe, or easily hijackable or breachable, It should not give the keys to the kingdom to the hackers.

My plan essentially involves using a different browser for each of the above categories with some simple rules. All the major browsers are free and they are keeping up with each other. Specially since IE has caught up . I have 3 different browsers installed and I use all of them.

1. Financial sites : I use following rules. you should only ever have one financial sites open at a time. Use a clean browser to open the site. The browser used for financial purposes should not be used for anything else. Its ONLY used for conducting a financial transactions, that too only one site at a time. I never remember passwords, use “incognito/private browsing” for visiting these sites, so that I am not impacted by cookies etc. I use Safari for this.

2. General browsing : This is how I browse the web. I have a separate browser for general browsing. This browser needs to be fast, capable of syncing bookmarks and fun to use. This where I spend most of my time. I use chrome for this.

3. Social sites : I use firefox for this. These sites specially facebook and twitter try to “track” the browsing habit, I make it a point to do my main browsing on a different browser all togather. I don’t do single signon or connect my friends from one social network to another. eg. Dont give facebook the password for gmail, yahoo etc. and have them access my mails etc. No matter what their privacy policy says, they all have rotten apples.

4. Suspect/unsafe sites : These are the riskiest sites. I browse them on a “dedicated disposable computer”, or a virtual machine, never on the main computer ever. I use firefox and use its various plugins to asses the risk and minimize the impact.

The main idea for this process is to make sure that one shady site should not compromise my browser or my computer and thus hack into other sites that I do business with.

Strong Passwords

some of the common mistakes made by users when using passwords for web sites

1. using same password for all sites. even if this password is very strong. It exposes you to a very simple trick. Hackers create a simple website to give away something for free. recruit people to sign up. get their user ids/email at signup and then try the email/userid at other sites using the password provided to gain access. Very simple but effective.

2. Using weak password. every one knows this is open to dictionary attack. Also its easy for anyone standing over your shoulder to guess

3. Using “public” knowledge questions/answer for “Forget my password reminder”. we all live in world of facebook, where every minute detail of your life is public knowledge. If your password reminder questions are just a facebook search away, your strong password is of no use.

4. Using same easy to guess algo for sites. Anyone getting hold of one of your password gets the keys to kingdom for all your sites. Thus in your yahoo password os oohay, its easy to guess what your amazon & gmail passwords are

5. Happily typing in your passowrd to random apps/sites to pull your “contacts” in to app. We all live in world of apps. We have no idea who made these apps. They encourage you to type in your passwords for various sites yahoo, google, facebook to automaically pull in your data from these sites. They might be a password collection trick too.

How to create strong passwords

1. Use a auto generated passwords held under one password program like [lastpass], [1password]. These programs are available for all OSes, smartphone etc.

2. Use a password algo. Like one suggested by “mozilla” [mozilla]

3. use a commonworld phrase but exchange the letters with the letters physically next to the original one on the keyboard. example instead of myamazonpass becomes ,us,sxpm[sdd

Thoughts on “back to the mac”

Apple sent out the invitations for an media event on 20th. It invitations are notoriously brief but show a lion peaking through a slightly jar apple logo with the caption “Back to the Mac”

The blogosphere is alit with speculation that the new mac os version will 10.7 code named “Lion”. Most blogs also are saying (quoting the recent Apple patent applications) it will bring the convergence of ios with mac os and will mark the new touch capable hybrid macs capable of running ios & macos

I do agree that this will be next in the macos X series. The Lion is an strong indication that this is the continuation of the feline scheme. So I do think that it will be macos 10.7. I am just not buying the “Lion” name. its too non-appley. The lion is just too pedestrian a name. I think it might be called Leo.

Also merging of MacOs with iOS will be a huge step. I thnk i t deserves its own version jump rather than just an dot release bump. Apple has made very incremental upgrades fot its dot releases in the X series named after felines. Merging two different Oses into a single hybrid OS seems to call for an entire new version. As this is clearly an Feline Os and thus an incremental release.

I do agree that Apple has to eventually release a hybrid OS. Apple would save it for an much bigger event may be the next ADC. It will herald a new macos era. It just make sense. The OS being announced next week will be just another incremental update

Techstars : Presentations

Vacation Rental Partner

1. saves time and organize the rental, like booking a hotel.
2. same ad on multiple sites
3. various tools, mobile stuff

why : into travel, love start up
what : front end (jquery), social media(facebook, twitter)

Rezora
email marketing system. corporate sales team.
templates for advertisement
have a business model
work out of home, geo disperse
national brand name client

look for : Mobile Developer:
backend developer, front end developer, sales, Account manager
paul@rezora.com


statsmix

dashboards, data scattered everywhere. aggregates data and builds dashboard. REST api. works with tons of data form different apis. areound teh web
Visualize the data. in various graphs. and tehn generating reports, automated analyze the data

why work : define the product

looking for : designers, front and back end developers : Ruby & JQuery, MySql and nosql
(cassendara , mangodb)

looking for people who can do multiple things.
tom@statsmix.com

graphicly
looking to change comic industry
air/iphone/ipad/windows7 app

looking for dreamers. can you impage? can you believe ?

looking : Ruby developers, designers,

micah@graphicly.com
@micah

scriptpad
liam@scriptpad.net

mobile apps for doctors iphone/ipad
3rd app : for prescriptions coming soon

40% of handwritten prescriptions lead have errors

final stages of federal approval

looking for iphone developer & android developers
mono, monotouch
artist : ui uix developer
bizdev : sells to drs

use .net for writing crossplatform native apps


liam@scriptpad.net

orbotix

robotic balls controlled from your smartphone

new game platform.

looking for : firmware engineer, api designer, android & iphone developers

jobs@orbotix.com


snapabug

snap engage: live chat with website visitors as they visit the site.

work from home ok.
self funded and profitable

looking for sales partner.

sendgrid
email delevery

raised $6millon
12,000 clients, growing from 18 to 30 by year end

need : support engg, web engineer, marketing director, inside sale rep

omniar
"we make real world clickable"

visual search api for smartphone.
best at recognizing 3d objects.

software engg : build and scale apis, clould experience, visual recognition
founders@omniar.com, zach@omniar


blipsnips
social + video = blipsnips

web and mobile platforms.

engineer: ruby , hadoop
marketing


spotinfluence
reach + relevance + = influence

searching teh social media for finding people that influence on any topic
apis to lots of company to make money. search free

need: front end developers, PR, marketing/sales,

people@spotinfluence.com

onetruefan
84% traffic comes back one a month or less, only 6% weekly
that 6% does majority of page views
objective : to make websites more engaging by integrating social media
-> auyto checking in people

need : UX engineer.

nextbigsound
online music analytics. work with massive amount of data. quick iteration.
great angel investor. self starter.

passion of music and java

looking for front end developer.

jobs@nextbigsound.com












sendgrid.jobscore.com

Techstars: Demystifying working of start ups

1. Panel discussion : eric (founder and ceo onestart), Alex (founder and ceo next big sound), Paul (ceo or orbatics)

Paul : personality type: (no 9-5 job), ready for abuse, underpaid, overworked and should love it

Eric : "starting a startup is mental illness".

Alex: Should live with your coworkers. work life balance is zero


Q. Why is your product disruptive ?
Alex 1. speed , 2. quality :
Eric: core mental illness is optimistic. world issues dont matter. you have an idea that you keep working on it. no matter what happened.
Paul: Changed direction for raindance from voip to video conferencing to meet impossible revenue target

Q. what can new employee expect
Eric : over work, underpay, no benefits :
- every employee can redefine what the company does. employees learn the ropes so that they can fulfil their dream. you get to employee # 1-50, not employee #13232. you can make a difference. gauranteed to fail in big company
Paul : autonomy , drive and purpose is the main motivation

Q. what kind of jobs for the non technical
Paul :business developer, sales, product manager after technical
Alex: first 3 hire technical then sales ( tech first and then sales
Eric : core team : technical+product , but also need a UI skillset, it matters

Q. what type of mentoring activity does startup provides
Paul : no handholding, might go to conference, no training
- what you learn : how to prioritize, how to work togather,

Q. what should student, FTE expect, why should they join startup
Paul : startup should be attached to your life. startup shuld become your life and that way they would be happy. its a different lifestyle, its not 8 hr job. if you want to put in 8 hrs and then do something else. startup is not for you
Eric: if you are in abig company couple of levels above you have no idea of whats going on in your life. a=in startup you knhow everything. you know how much money is in bacnk, its all transparent
Alex: the earlier you join, the bigger your equity stake will be.

Geeks Guide to CWG 2010

1. Official web sites : www.cwgdelhi2010.org/
2. twitter hash tags : #delhi2010, #cwg
3. follow official twitter account : @commonwealthdel
4. Smart phone apps : Zoomi (iphone, android, black berry etc) :
5. Best place to watch it online : BBC iPlayer
6. Watch Live TV coverage on wwii
7. Check Justin.TV for possible live streaming
8. In US TV Asia will show one hr highlights every day