If you ever encountered an IT (Information Technology) related issue, maybe with your PC (Personal Computer) not working as expected or your application not doing what you’d expect it to do or maybe your company provided mobile phone doing odd and unexpected things, you may have taken to find out where your IT administrator is located in your office and maybe you’ve even gone to see your administrator in person to ask for support.
There, sometime referred to as Service Desks or IT Support Centre, a friendly and service oriented person may have offered you the support and advise you needed and enabled you to happily continue your daily endeavour with a well working device.
Now, with PCs and Smartphones having entered also many homes, you may at some time miss such support option when encountering some strange things happening, or not happening, with your personal gadgets.
It is always recommended to ensure authenticity of an application file downloaded from the internet before installing.
Of course, we still also run our antivirus to scan any downloaded file as well.
There are different methods in use – here’s what to do if the download site provides a MD5 checksum file as reference.
Some websites simply display the MD5 checksum, others offer the MD5 file (a file often with .md5 extension) to download which we can open with e.g. Notepad.
First, we open a command shell by pressing the Windows-Key + X-Key at the same time and select Windows PowerShell from the menu. Now, change to the directory where the downloaded file is stored with the cd command, e.g. cd Downloads.
Tip: using the TAB-Key will auto-complete and you don’t have to type the complete file name.
Type certutil -hashfile Name-of-Downloaded-File MD5
(see image above) and wait for your PC to calculate the MD5 checksum of the file.
Finally, compare the MD5 checksum calculated in your command shell with the one displayed on the website or in the file opened with NotePad.
If they’re identical, the file is unaltered, not corrupted and it’s ok to install (after having run a scan with the antivirus protection).
Should the numbers be different, the file is most likely not identical to the file intended to download and should not be installed.
It’s better to check the download process from origin of the file
https in use on the website?
Lock sign displayed and confirming the website is identifying itself correctly?
Download path correct and still with correct https/ssh?
Size of downloaded file same as information shown on download page?
Correct checksum file / information used for comparison?
once again to make sure to not endanger your system.
In context of setting up a new device, more on this in a separate post, several handy applications had to be re-installed and configured.
Sync your documents
Extract from Syncthing webpage: Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers and replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it’s transmitted over the internet.
We like and support the open source concept. We especially like the focus on data privacy and security and being empowered to decide where our data resides.
Syncthing is a natural fit to keep our work in sync across various devices, i.e. a Linux powered Server, a workstation PC running on Linux, a portable 2-in-1 PC (aka convertible laptop/tablet computer) running Window 10, several Android based mobile phones and tablets.
It helps productivity tremendously when you can work on the way and then continue seamlessly in the office on a different device.
It also gives you peace of mind to know that your important documents are not only on one device but on several devices and therefore you’ll worry less about a sudden device failure or harddisk crash. It’s an extension to a good backup strategy, however, we’d not recommend to use it as a replacement for it.
Click on the correct file, and select Save File.
For our Windows 10 device – the example used here – download the 32-bit version labelled windows-386-vXXXX.zip, not the amd one under the amd64 label by following the Download button from https://syncthing.net/.
Alternatively, choose the Native GUI implementation.
At the time of this writing, the latest version is 1.2.0 and is packaged as a zip file.
As always, first thing after downloading any application or file from the internet is a scan with the Antivirus protection, e.g. the Windows Defender, by right-click with the mouse on the freshly downloaded file. With result showing no thread, we feel more comfortable.
Quickly also download the sha256sum.txt.asc file from the download area and save it.
Validate the download
Now let’s ensure the file is indeed the correct one. From the Synthing security page we learn how to use the command line to import the GPG key or we can use the graphical to Kleopatra to search for the two mentioned keys via the Lookup on Server function. (We installed Kleopatra as part of the GPG4Win installation.)
With the keys now known to our GPG system, we can right-click on the previously downloaded checksum file and select the Verify function within the More GpgEX options menu and Kleopatra should inform us in a friendly green colour that the checksum file is genuine an offer an option to save the verified file (Save All button), a text file (with .txt file extension) which we then open.
The last step to validate, we have downloaded the correct and uncorrupted Syncthing zip file is to right-click on the downloaded syncthing-windows-386-v1.2.0.zip file and select SHA-256 from the CRC-SHA menu and compare it with the checksum from the validated text file. (The CRC-SHA menu is part of the 7-zip tool, we installed earlier.) It may need some moving and adjusting to be able to see both at the same time.
It may look cumbersome to go through all those steps, just to ensure the authenticity of the downloaded application, however, we prefer safe over sorry before we allow a downloaded application to install on our PC and gain access to our files.
Now, finally, double-click the downloaded zip file and unpack it to a suitable location and double-click the syncthing.exe file to start the installation process.
Once completed, you can select which folders you intend to sync and you can introduce your other devices running syncthing to start synchronization.
You may want to consider what files you need on which device and e.g. not synchronise all your files with your mobile phone.
There’s also some caveats when trying to synchronize e.g. your photos taken on the mobile phone to your PC as not all Android versions allow access to an external MicroSD memory card that you may use to store your photos on.
Having our KeePass e-wallet containing all important passwords in sync across your devices is certainly a huge value-add.
Thunderbird is my preferred email client. Various email accounts can be included into Thunderbird, basically all IMAP standard following email providers, and it has some powerful extensions like Lightning for calendar, utilizing the open CalDAV standard, and CardBook for contact management with the open CardDAV standard.
Email is one of the key modern-times communication media, so important that for some companies you simply don’t exist if you don’t have an email address. Scary but true. So let’s make sure Thunderbird is up-to-date with all safety and security fixes and improvements so we’re not suddenly kicked out of existence by some malicious attacker and that we don’t contribute unwillingly, maybe even unknowingly, to the ever increasing spam issue.
Not only does your mobile device require regular maintenance and update of some apps to get the latest enhancements and security relevant fixes, your PC, laptop or tablet computer does appreciate some care as well.
Browsing the internet is most likely part of your regular routine when using your computer. Thus, making sure your interface to the internet, your web browser, is safe to use and has all the security relevant improvements and fixes.
There’s certainly different web browsers around and everyone has their favourite. I’d always recommend Firefox from the Mozilla foundation due to their open source affinity and advocation for privacy.
If you’re not yet using Firefox, have a look at their webpage(Click on the link will open in a new window or tab, depending on your browser settings.)
To encrypt emails, and maybe also files on the local harddisk, GPG (the GNU Privacy Guard) is the Open PGP tool of choice. And keeping applications up to date is safety relevant and important, especially for security related applications, so let’s cut the cake and get to it and let’s update GPG4win, the Windows variant, to the latest version.
Here’s the 2nd part to the secure password considerations – MFA, multi-factor authentication.
Traditionally, the access to your online bank account looks like this:
you type your
and in you are and ready to go about your business.
Account in the following is not limited to a bank account but can be the personalized access to any webpage, web-service, online-store or similar.
Now, if you’re like the majority of internet users that only use 5 different passwords for all their online activities, you could unconsciously create a domino effect that allows hackers to take control over several of your accounts after just cracking one password.
In the digital world, passwords are used and required for many applications and services.
Access to your PC or to your email account will require a password, as will access to your favourite online shop or the web access to your bank.
Passwords are the digital version of our traditional door keys, and yes, there are already possibilities to replace traditional door keys also with a digital lock or even your mobile phone.
Passwords help to protect your data and your privacy.
It is strongly recommended to use different passwords for different applications.
This, to avoid granting access to all the digital services you use at once if ever one of your passwords should be compromised, be it accidentally from your side or from the service provider side.
Just as a reminder, see what recently happened at Cathay Pacific and the privacy breach.
The tricky thing with passwords is that on the one hand the password shall be strong, i.e. as random as possible to avoid guessing or easy password cracking, but on the other hand you shall be able to remember the password.
Here are some tips for creating a safe and secure password.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.