Category Archives: HINTS & TIPS

Time to Switch From Yahoo to Gmail?

by

Yahoo’s new owner, Verizon, recently revealed that all 3 billion Yahoo accounts have been compromised, greatly upping the admission of damage that Yahoo made before its sale to the telecom giant. So if you have a Yahoo account, it’s time to find another email service provider that will better protect your email privacy and security, and yes if you tied your yahoo account to secondlife then that was also compromised. Here’s my advice on how to switch to Gmail…

Moving Yahoo Mail to Gmail

If you have not changed your Yahoo password recently, it is 100% certain that hackers have the keys to it. Not Good. The recent revelation that hackers were able to compromise all of Yahoo’s THREE BILLION accounts is mind-blowing. It’s time to leave Yahoo Mail in the digital dustbin of history, and move to a new webmail provider.

You may be loathe to leave your contacts and emails behind. But don’t worry, you can take them with you! Google’s Gmail (my preferred email service for 12+ years) makes the process of importing contacts and mail from Yahoo (and other services) as simple as it can be. That isn’t exactly “dead simple,” but most users should be able to do it in just a few minutes.

The first thing you should do is change your Yahoo password to something extremely strong. Also, enable two-factor authentication if you haven’t already done so. With these changes, hackers would need both your password and your phone to get into your Yahoo account.

You want to keep control of your Yahoo account, even if you don’t actively use it. The reason is that abandoned account names are recycled by Yahoo. A bad guy could appropriate your old Yahoo handle and impersonate you. So don’t delete your Yahoo account, just lock it up for now.

 You should also disconnect any external services that are connected to your Yahoo account. To do this, from your Yahoo inbox page, click on the gear icon (upper-right), then on Settings. Click on Accounts to see all of the email accounts, social networks, cloud services, and other services connected to your Yahoo account. Go down the list and disconnect each one. This will eliminate your Yahoo account as a bad guy’s conduit to your other accounts.

Finally, if you have been using your Yahoo password on any other services, change those passwords. And stop re-using passwords — every account should have its own, unique, and strong password.

First, create a Google account if you don’t already have one. You can sign up here.

Just like Yahoo’s inbox page, the Gmail inbox page has a gear icon in the upper-right corner. Click on it and then click Settings. Next, click Accounts and Import, then click Import Mail and Contacts. Enter your Yahoo address (include the @yahoo.com part), press Continue, then click Agree to give the app permission to access your Yahoo account.

Next, select the import options you want: import contacts, import existing mail, and/or import new Yahoo mail for the next 30 days. Finally, click Start Import.

It may take a couple of days for Google to import all of your Yahoo mail, if your Yahoo inbox is very full. Another consideration is that Google only imports the mail that’s in your inbox, not drafts, sent email, or email saved in other folders. To import such items, you will need to manually move them to your Yahoo inbox, then let Google import them. To check the status of your import, look under Settings > Accounts and Import.

Google assigns a label to each imported email; it is your Yahoo username. If you want to recreate the folders you had on Yahoo, you can import what’s in your Yahoo inbox, then delete the Yahoo inbox’s contents. Rename the new Gmail label to Yahoo-Inbox. Move the next folder’s contents to the Yahoo inbox and import to Google again. Rename the Gmail label to match the Yahoo folder name, and repeat for each folder. It’s tedious, but it works.

Are you still using Yahoo Mail? Do you have a plan to switch to Gmail or another webmail service?It’s time to really rethink your options before it’s too late.

Don’t forget our 10th year Customer appreciation party coming up, there will be 10 hours of live music,fun and prizes don’t miss out be there!

Have a great week

Deuce Marjeta and the ZI Staff.

Here’s Why Your Password is Hackable

by

Over the past two decades, password rules have become more complicated and burdensome upon users. Users have coped with arbitrary, byzantine password rules by creating the most easily remembered passwords that comply with the rules, changing them when required in minor, predictable ways, and reusing compliant passwords on multiple online accounts. The results include lots of frustration and LESS security. Here’s how to do it right…

Everything You Know About Passwords is Wrong

A typical site now requires you to create a password at least 8 characters long that includes at least three or four types of characters: upper-case, lower-case, numeral, and special characters such as !, @, #, etc. In most cases, the resulting password is exactly 8 characters long, begins with an upper-case character, and ends with an exclamation point or the numeral “1.” Often it’s a recognizable name associated with the user, such as a child’s or pet’s name. If a password needs to be changed, it’s often only the last character that’s changed, and in a predictable fashion, i. e., “1” becomes “2,” “!” becomes “@,” etc.

Hackers know these official rules, and the de facto rules that users have created to comply with the least effort. They have hundred of billions of stolen passwords from which to figure out the rules, and they incorporate the rules in password-cracking software to make it more efficient. They also have massive computing power that can try billions of possible passwords per hour. The upshot is that most passwords actually in use can be cracked in a matter of hours.

One solution to human predictability is password-generating software that produces longer, more random passwords, and password-management software that remembers what site a password goes with. These functions may be combined in one software package, such as Roboform, Dashlane or LastPass.

But many sites deliberately thwart the use of password managers, either by forcing users to enter usernames and passwords on two separate screens or by adding code that blocks auto-filling of passwords. Apparently, the admins of such sites think a password encrypted and stored on a hard drive is as insecure as one written on a Post-It Note.

Another solution to remembering strong passwords is mnemonic – a sentence that’s easily remembered because it makes grammatical sense, and which contains the characters of a password that can be extracted by applying a simple rule. For instance, a password might be the first letters of the sentence, “My horse knows how to use 2 pink staple guns.” In fact, that whole sentence would make a virtually impenetrable password, if the official rules allowed spaces.

This geeky cartoon from XKCD.com illustrates the difference between passwords as they are and as they could be, if sysadmins allowed it. Following the official rules results in a password that’s easily cracked in 3 days, while the phrase, “correct horse battery staple” takes 550 years, far longer than any hacker cares to spend.

What About Those Password Strength Meters?

Research has found that users will create stronger passwords if they receive feedback about password strength as they create a password. But so-called “strength meters” often measure only compliance with rules instead of statistical strength, according to researchers at Carnegie-Mellon University. The CMU geeks have created a strength meter that uses a powerful neural network to calculate the true strength of a hypothetical password on the spot, and even explains what’s wrong with your password creation strategy. The rules they recommend are:

  • At least 12 characters per password
  • Capitalized and special characters in the middle of the password, not at ends
  • No names associated with pets or sports teams
  • No song lyrics
  • Avoid the word “love” in any language
  • Avoid patterns such as “123,” including keyboard patterns (“qwertyasdfg”)

I advise using a password generator/manager wherever possible. They’re getting better at circumventing the security-limiting roadblocks that some website owners think are important. If you prefer not to use password software, a memorable phrase is the next best thing. In the past, I’ve used the first sentence from the first paragraph of a certain page in an old book. For example, on page 67 of “The Autobiography of Benjamin Franklin,” I found the phrase “There are Croakers in every country.” It’s memorable, and it makes for a strong password. Or as mentioned above, you can apply a formula of your choosing to such a phrase.

What’s your password strategy? Do you use a password manager, a sticky note, or keep it in your head?

Have A Great Week

Deuce Marjeta and the ZI Team

Exciting Newness in the Works for Second Life from Linden Lab

by

So today upon doing my daily email check I noticed a new one from Second Life, it looks like some exciting changes are in the works for this new along with added support from our friends at Linden Lab.

 

Dear Second Life Residents,

It’s been an exciting summer at Linden Lab. Second Life celebrated its 14th anniversary, and shortly thereafter we also opened Sansar’s creator beta to the world. In addition, we are thrilled to announce a set of investments into Second Life and its communities that will include enhancements to our engineering support, customer support, billing systems and upgrades, and customer acquisition outreach. In all, we’ve budgeted many millions (USD, not L$…) in the coming year to make SL even better, and we’ll keep everyone up to date on improvements as they roll out (or sooner).

This summer’s milestones have given us all another opportunity to reflect on just how strong the Second Life community is, what an incredible history SL has had so far, and what an amazing future lies ahead for the virtual world and its Residents.

For more than 14 years, you’ve created memorable experiences, diverse communities, close relationships, thriving economies, engaging art, exciting events, and amazing creations of all kinds. You’ve made the world, and we’re proud to provide the platform and tools that help you to do so. We at Linden continue to be impressed by what we witness from Residents every day, and we want you to know that we share that commitment to and love for Second Life.
Here are a few of the things you can look forward to soon:

• We are hard at work upgrading all of the SL infrastructure and moving it to the cloud, which will bring a wealth of opportunities to Residents near and far, and allow us, among many other things, to make SL more performant for Residents across the world from us. It may also allow us to introduce new products with more flexible pricing.
• We’re working on several features to increase the value of Premium subscriptions. Most recently we gave Premium members priority access to near-full events, and shortly, we’ll be ready to unveil another bit of exciting news for subscribers.
• We’re building out a series of great extensions to Windlight (code name: EEP!), which will give value, flexibility, and new marketability to land, and will make Windlight settings tradeable assets.
• We have an extension to the animation system in the works (code name: Animesh) that will allow non-avatar objects to use more powerful and efficient skeletal animations the way avatars can today, and even more changes planned for creators and merchants later in the year.
• We’ve also got new experiences and events coming. An exciting new grid-wide gaming experience is coming soon! The team can’t wait to share the details with you in just a few days. Also in the works for this fall is an updated Halloween Haunted Tour, with new spooktacular events to celebrate. Not to mention, we’re turning 15 next year – SL15B, baby! That’s an incredible milestone and we are looking forward to collaborating with you to produce an amazing celebration.

Long live Second Life and long live the creative process in the amazing worlds that you’ve trail-blazed! Thank you for filling SL with your creations and communities all of these past 14+ years, and here’s to many, many more together.

Best,
Ebbe Linden, CEO & the Second Life Team

DoublePulsar: The Undetectable Backdoor

by

Second Life as we know seems to be hard to hack, But is becoming more evident it’s an open source for hacks and Malware as much as just surfing the Interwebs. Our advice is, NEVER EVER click on links sent to you In World! Sure your friends could send you a seemingly harmless link they found and just have to have you see it, and BAM! you are now paying a ransom to get your computer back.! So folk’s just DON’T!

While everyone was preoccupied with the Wannacry ransomware epidemic that began in mid-May, a bigger threat was secretly spreading through tens of thousands of computers. It locks up files and demands a ransom, too, but that’s just a smoke screen designed to distract victims from what this sneaky malware is really up to. Here’s what you need to know about DoublePulsar…

What is DoublePulsar?

There are lots of movies that deal with the theme of “lab experiment gone wrong.” In Jurassic Park, for example, the dinosaurs created by well-meaning scientists escape from the lab and wreak havoc on the outside world. A similar thing has recently happened, but in the digital world this time.   

The U.S. government’s premier spy agency created a program called DoublePulsar that enables undetectable infiltration of a target computer. Then someone stole DoublePulsar and a bunch of other NSA spying tools. A hacker group known as the Shadow Brokers posted the NSA tools online, and they were immediately exploited.

Before encrypting an infected computer’s data, this malware scans documents, email, browser histories, and other targets looking for login credentials. With credentials, hackers can infiltrate an entire enterprise network and work all sorts of mischief. Data can be stolen; operations disrupted; and computers turned into slaves to hackers’ other projects.

NSA DoublePulsar hacking tool

For consumers on home networks, being enslaved as part of a botnet is the most serious danger. Some bots are being used to launch spam campaigns. Others are being exploited to “mine” cryptocurrency like Bitcoin, creating wealth for hackers from the computing resources of others.

The galling thing about this malware is that it uses a sophisticated hacking tool developed by the National Security Agency (NSA). DoublePulsar allows malware to enter target systems undetected by 99% of commercial security software. The malware can be injected into the kernel, the heart of an operating system, where the malware will have the highest system privileges.

Conscientious consumers can protect themselves. Microsoft has issued two sets of Windows patches designed to ward off the stolen NSA hacking tools. But the NSA has not been forthcoming about all of the Windows vulnerabilities it has discovered, prompting Microsoft president Brad Smith to blast the NSA and other government agencies that don’t share knowledge that could improve everyone’s security.

Undetectable malware is on the rise. In mid-June, 2017, a new technique called “fileless malware” was used to infect the point-of-sale systems of several hundred restaurants. This type of malware is never written to a disk; it is injected into RAM and does its dirty work there. Most anti-malware software scans for “signatures” in executable files, and overlooks fileless malware.

In the past, only governments had sophisticated hacking tools like these. But now, Shadow Brokers is offering subscription access to NSA tools, and a user interface called Metasploit that makes child’s play of plotting and executing a global ransomware or credential-stealing attack. Anyone with a few hundred bucks can wreak global havoc.

The biggest fear among security experts is that DoublePulsar and other NSA tools have been used to compromise the computers that run critical infrastructure such as power grids, hospitals, railroad systems, traffic lights, and so on. Lives could be at risk.

The best that consumers can do is keep their systems up to date with security patches. I mentioned earlier that Microsoft has issued Windows patches designed to ward off the stolen NSA hacking tools. Those patches were released back in March. So it was failure to apply security patches in a timely manner that allowed WannaCry and DoublePulsar to attack and spread widely.

If you’re not already configured for automatic Windows updates, you really should be. Here’s how to do it:

In Windows 7, click the Start button and enter “windows update” in the search box. Open Windows Update from the search results list. In the left sidebar, select “change settings.” Under “Important updates,” select “Install automatically” from the drop-down menu. Pick a convenient time for Windows to install updates and restart your PC, if necessary. The default is 3:00 a.m.

Windows 10 installs updates automatically by default. To fine-tune Win 10 updates, enter “windows update settings” in the search box on the taskbar, and click on that phrase in the search results. Next, click the Advanced link, and check the box next to “Use my sign-in…”. This allows Windows 10 to complete the installation of updates that require a restart. When this option is checked, Win 10 will log you out, restart and install updates, then log you back in.

If you use Microsoft products such as Office, check the box that enables updating of those as well as Windows. The rest of the options should be left as they are unless you have a compelling reason to change them.

I’d like to Thank Bob Rankin for Sharing his expertise in computer security and how to stay safe.

Have a Happy And Safe 4th of July

Deuce Marjeta

Linden Lab Special Interactive Gift for 14th Birthday

by

To celebrate, Linden Lab has put together a special (and somewhat mysterious) gift set.

We’re not entirely sure what a Sananok is, but the Moles assure us they are friendly creatures that tend to keep to themselves and need a good home. Each Sananok avatar comes with a mysterious egg, which is  in fact so mysterious, not even the Moles know what it will hatch into.

Sananok Avatar

SL14Blog.png

A wearable avatar that includes a shape and an alpha layer.

Mysterious Egg  (Rezzable or wearable)

Egg.png

Things you can do with the egg:

  • Rez it out your parcel, make it feel at home.
  • Add it to your avatar to carry it around with you (perhaps for a night on the town?).
  • Have a tea party with it, it’s all good.

Keep an eye on your Egg as it will, from time to time, tell you things (like when it’s getting ready to hatch!).

Stop by the SL14B Birthday Regions and grab this gift from any of the gift kiosks available!

8 Things You Should Know About Support Tickets

by

8 Things You Should Know About Support Tickets

No one wants to have to deal with issues in Second Life, but we all face them. It is the nature of the game. All kinds of things pop up here and there and luckily, with ZoHa Islands, you have Support on your side to help with these things. By following the list below, you will find you can get your issues taken care of very quickly, and move on to the real reason for being in SL… to have fun!

1. YOU MUST OWN ZOHA LAND.

This might sound a little obvious, but you would be surprised at the number of people that submit tickets each day, that are no longer ZoHa residents. They have moved to another estate that does not provide support, so they come to us asking for help. Sorry, we only have time for our residents. Best of Luck to you.

2. DOUBLE CHECK YOUR USER NAME.

Use your USER NAME. Again, you would be amazed at the number of tickets we get that either use a display name or have a typo in the user name. There is no way to search for display names especially when special characters are involved. While we are good at quite typonese in writings, we simply have no way of finding you if you don’t spell your user name right. By the way – These same people, generally speaking, are the ones who jump in group chat and complain about not receiving a response to their ticket. We don’t have a database of “possible variations” of your name. Please take a moment to double check your name, so we can find you.

3. EXPLAIN THE ISSUE IN DETAIL.

If all you have in your ticket is “I need help.” or “I have questions” then your ticket falls to the bottom of the list – we need details to better assist and investigate prior to contact. When we get over-loaded with tickets we take the highest priority first.  You are going to have to type out an explanation/question sooner or later. By explaining in the ticket, you only have to do it once and we can be ready with answers when we contact you.

4. YOU ARE NOT THE ONLY TICKET.

ZoHa Islands has approximately 4500 residents at any given time. Please, please, please do not assume you are the only one that is having a problem. We have several tickets running at all times. Long-term residents that remember the old way of getting support simply did not know how many times people sent an IM directly to an Estate Manager and never asked in group for help. The group chat has ALWAYS reflected a mere small percentage of the support issues we address each day.

5. GRIEFER:

If you have a griefer, you do not need a ticket. Simply say so in group. “I have a griefer on White Marsh” we will come running. Starting off with “hello” or “can I speak to someone?” will not get you the attention you need quickly. Tell us what you need!

6. LAND SALES DO NOT REQUIRE A TICKET.

We have Sales Agents on duty 24/7 with that being their responsibility. Just say in group that you want to get new land. Whether it be additional land, or upgrade/downgrade.. just say so in group. “I need a Sales Agent” or “I want to buy new land” anything like that you are comfortable saying.

7. NO RESPONSE!!

If you do not get a response to your ticket by the time you log off, please be careful of your incoming IMs the next time you log on. Many times people are not online when we respond. Usually, it is due to them crashing about the time we respond. Please do not assume you were ignored. If it has been several HOURS, you may want to resubmit your ticket. See #2 and #3 above!

8. ADD SUPPORT TO YOUR ORB:

Support ZoHaIslands is the user name of the support avatar. Adding Support to your orb is not mandatory, but it is helpful to quickly address issues.

Please remember, we are coming to help YOU. We want for you to have an enjoyable SL experience. We are on your side.

 

Thank you for your Valued Business

ZoHa Islands Support