Look around you… I mean online. Everything you see is powered by some form of web technology. Every day, you interface, indirectly, with MySQL databases, PHP code, and HTML that makes it all show up. Almost everything you touch on the web could be created by you, too, with some time and the right education. Last week, I talked about a slew of places to learn online for free and I know a lot of you are interested in how webpages are created, what programming languages exist, and the technology that drives the web. If you’re worries about where to start or things being too technical, don’t worry. My goal is to introduce more of this kind of information on this blog and help others learn what I know.
So what does all this mean? It means I’m planning to bring you much of my regular content (reviews, guest articles, etc.) as well as new content that explains how stuff works in plain language so everyone can follow along. But first, I need to know what you want to want to learn more about. You can suggest anything, but here’s a list of example topics to get you started:
- Basic HTML
- Glossary of web terms
- How to series (create a web page, set up a form, accept payments online)
- Beginners PHP
- Working with frameworks
- Software for programmers
- How the web works
- What’s a 404 or 403?
Choose from a topic above or offer up your own idea. Give me your request in a comment below and I’ll do my best to accommodate. In addition, loyal viewers may have noticed something new on the right side of the page recently. While in Vegas last January, I met up with a company called Wizpert who connects experts with people who need help. If you ever have a programming or technology question, click the little orange “W” on the right to connect with me on Skype. I’m here to help.
Evernote, today, reported that they detected and blocked suspicious activity on their network. As a precaution, they say, they’ve implemented a password reset for all users. When I first read about this, it sounded as if they had already reset your password and you would need to have it emailed to you. Instead, an email sent out instructed users to log in and change their passwords upon login.
What Happened?
Anything I say here would be purely speculation. However, attacks are often as simple as a SQL injection. This usually happens when a website takes user input (like a contact form or blog comment form) and does not properly run it through the ringer before adding it to a database. It’s more common than you think. For anyone interested in a more technical view of security vulnerabilities, check out OWASP’s Top 10 Project. In reality, any number of things could have let in a hacker and it’s too early to say for sure.
Should I Worry?
This is a two-part answer. First, your Evernote account is fine. According to Evernote, no data stored was lost or accessed (other than your credentials, of course). Just reset your password and you should be OK. Your other accounts, may not be, however. Take a look at the most important part of Evernote’s statement:
The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)
This tells me that my username, email and encrypted password are out there in the hands of a hacker and because Evernote is a large service, it wouldn’t surprise me if a torrent file of this information shows up for download by anyone with an internet connection. “hashed and salted” means that, like they said, it’s one-way encryption. A hacker can try to encrypt a word using the same methods and see if it matches the blob of characters next to your username, but they can’t directly decrypt your password. This is important, but if your password was cracked, the hackers would now have a username/email/password combination to try on many other services. If I were that hacker, I would start with other cloud services, namely Apple’s. If you use the same username and password anywhere else, you should change your password there, too.
How To Protect Yourself
While websites and online services have legal and ethical obligations when it comes to storing your information, you should have some rules of your own.
Use a secure password that you can remember. The word “password” is sadly not only the most insecure password, but also the most popular. If it was easy for you to come up with and type in, it’s likely easier to crack. Don’t use your birthday, any word that can be found in a dictionary, or anything someone could guess with a little information about you.
Don’t write it down if you can help it. If I was in your house and wanted to get into your computer, the first place I would look is under your computer. Shockingly often, people just put their password on a sticky note and stick it to their monitor. The password is only as good as the user. Protect it like you’re protecting what it gets access to. If you wouldn’t leave your life’s savings on your desk, don’t put your password to it there, either.
Split up your passwords. This is a hard pill to swallow, but you absolutely should use a different password for each site. The cost is convenience, but the reward is not having every account you have hacked just because one site let your password get out. If this is too hard for you, use individual passwords for any site with finances, or sensitive information and another “global” password for the 150 other sites that are less critical.
Don’t just stick to one rule, either. I know from experience that thinking you’re doing so awesome with one rule (like having an incredibly hard to crack password) excuses you from the other rules is a good way to get hacked.
Have you ever wondered what the web used to look like long before the browser wars? Today, another developer in my office reminded me of how we used to see the web twenty years ago. Back then, Google hadn’t been envisioned yet and Yahoo! was just a couple hundred or so links indexed by hand. And Yahoo! wasn’t Yahoo!. It was still just “Jerry’s guide to the world wide web” at the time. The Internet was barely in use and mostly just within the walls of colleges and universities. This, my friends, was the World Wide Web in 1994.
Today’s Yahoo! in 1993′s Lynx Browser
It was just text and not many sites to browse, but my college lunch hours were spent happily discovering content from around the world. As great as it was, I was elated to welcome the SLIP and PPP connections that joined forces with the first graphical browsers so offer a WWW with images and that I could browse with a mouse. Yahoo quickly became much easier to use.
Yahoo! in 1994 in Netscape
As you’re aware, we’ve come a long way since then. We watch videos, search billions of web pages in an instant, share photos and listen to music, not only from feature-rich web browsers at our desks, but also from our phones. It’s amazing how far we’ve come and leaves me optimistic for what the future of web technology holds.
Yahoo! Today in Chrome
Do you remember your first time online. Get nostalgic and comment below with your first internet experience. What site (or news group, for that matter) was it and when? Better yet, click the Facebook share button below and include your story.
