<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on MarkJacobsen.net</title><link>https://test.markjacobsen.net/categories/security/</link><description>Recent content in Security on MarkJacobsen.net</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Tue, 24 Jun 2025 12:50:00 +0000</lastBuildDate><atom:link href="https://test.markjacobsen.net/categories/security/index.xml" rel="self" type="application/rss+xml"/><item><title>Handing secrets in PHP Docker Compose site</title><link>https://test.markjacobsen.net/2025/06/handing-secrets-in-php-docker-compose-site/</link><pubDate>Tue, 24 Jun 2025 12:50:00 +0000</pubDate><guid>https://test.markjacobsen.net/2025/06/handing-secrets-in-php-docker-compose-site/</guid><description>&lt;p&gt;If you’re using a single instance server (not Docker Swarm) and Docker Compose, but want to keep your secrets out of source control it’s not too bad. First, make sure you’re excluding “.env” in your .gitignore…&lt;/p&gt;
&lt;p&gt;&lt;code&gt;.env&lt;/code&gt;&lt;/p&gt;
&lt;p&gt;Then, add your secrets to a .env file (file name must be exactly .env) in the same folder as your docker-compose.yml…&lt;/p&gt;
&lt;p&gt;&lt;code&gt;SEC_1=Something&amp;lt;br /&amp;gt; SEC_2=SomethingElse&amp;lt;br /&amp;gt; &lt;/code&gt;&lt;br&gt;
Then, be sure to expose your secrets in the “environment:” section of your docker-compose…&lt;/p&gt;
&lt;p&gt;&lt;code&gt;    environment:&amp;lt;br /&amp;gt;       SEC_1: ${SEC_1}&amp;lt;br /&amp;gt;       SEC_2: ${SEC_2}&amp;lt;br /&amp;gt; &lt;/code&gt;&lt;br&gt;
Upload both the .env and docker-compose.yml to the server, and restart docker to pick up the env vars…&lt;/p&gt;
&lt;p&gt;&lt;code&gt;docker compose down&amp;lt;br /&amp;gt; docker compose up -d&amp;lt;br /&amp;gt; &lt;/code&gt;&lt;br&gt;
And finally, use the values in your PHP…&lt;/p&gt;
&lt;p&gt;&lt;code&gt;getenv('SEC_1')&lt;/code&gt;&lt;/p&gt;
&lt;p&gt;Oh yeah, and since your .env won’t be in source control I’d still recommend finding a secure place to save it like a password manager.&lt;/p&gt;</description></item><item><title>Communication is Key</title><link>https://test.markjacobsen.net/2025/01/communication-is-key/</link><pubDate>Wed, 22 Jan 2025 11:38:00 +0000</pubDate><guid>https://test.markjacobsen.net/2025/01/communication-is-key/</guid><description>&lt;p&gt;Now that we’ve discussed &lt;a href="https://markjacobsen.net/2025/01/on-e2ee-and-foss/" data-type="post" data-id="6608"&gt;E2EE and FOSS&lt;/a&gt;, let’s start with probably the most important thing you want E2E Encrypted… your communication!&lt;/p&gt;
&lt;p&gt;Did you know that most text messages sent from your phone or chat/IM messages sent through social media companies can be seen, read, or processed in a number of ways?&lt;/p&gt;
&lt;h2 id="how-gross-is-that"&gt;How gross is that??
&lt;/h2&gt;&lt;p&gt;&lt;strong&gt;&lt;span style="text-decoration: underline;"&gt;Very!&lt;/span&gt;&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;So what to do? Use an end to end encrypted messaging service like [Signal][1]. Signal is cross platform (no blue/green bubble shaming) so works on iOS and Android, but also has desktop apps that work on Windows, Mac, and Linux! Add in rich media (photo/video support) as well as calling (including video calling), and you shouldn’t need any other communication tool (other than email – which we’ll get to)&lt;/p&gt;
&lt;p&gt;Note: Please don’t be fooled by the titans saying they have E2EE too. It may be “technically” true, but usually there are manual steps or other “gotchas” involved, and often the titan has a copy of the key to read your messages. Save yourself the research and just use [Signal][1].&lt;/p&gt;
&lt;p&gt;Think Apple’s iMessage is special? [Think again][2].[1]: &lt;a class="link" href="https://signal.org" target="_blank" rel="noopener"
 &gt;https://signal.org&lt;/a&gt;
[2]: &lt;a class="link" href="https://www.forbes.com/sites/zakdoffman/2024/12/15/fbi-iphone-warning-why-you-should-stop-using-imessage/" target="_blank" rel="noopener"
 &gt;https://www.forbes.com/sites/zakdoffman/2024/12/15/fbi-iphone-warning-why-you-should-stop-using-imessage/&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Is it time to quit social media?</title><link>https://test.markjacobsen.net/2018/10/is-it-time-to-quit-social-media/</link><pubDate>Sun, 21 Oct 2018 18:45:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/10/is-it-time-to-quit-social-media/</guid><description>&lt;p&gt;As I read &lt;a href="http://nymag.com/intelligencer/2018/04/an-apology-for-the-internet-from-the-people-who-built-it.html" rel="noopener" target="_blank"&gt;this article&lt;/a&gt; what was running through the back of my mind was, “is it time to quit social media?”, and to be honest… but for being involved in real estate and a large bulk of that requiring being “engaged” I’m not sure I have much use for it. Never before has it been easier for marketers to target and connect with their “target audience”. You do realize that’s what social media has become right? The proverbial barrel where the fish are to shoot.&lt;/p&gt;
&lt;p&gt;So, is it possible to take back the social networks? I’m not sure it is – at least with the current companies. Built from the ground up, or under a completely different model – maybe. But as the article linked to above points out it would be to the detriment of the “bottom line”.&lt;/p&gt;
&lt;p&gt;Would I like a feed where I only see posts from my family, and maybe some other groups at my leisure? Of course, but unless I’m paying for that the only recourse I have is to a platform that has the resources to provide it based on the party that is willing to pay for it – the marketers.&lt;/p&gt;
&lt;p&gt;So what would this “social media” service of the future look like? Number one, it should be built on a privacy, no-advertising first model. Second, I believe it should be decentralized, but speak a standard protocol – just like how email service is provided. Then, organizations like companies, teams, or even families could manage their own little groups and individuals could determine what they want to see or who they want to connect with…&lt;/p&gt;
&lt;p&gt;And yet, as I sit here writing this, I wonder if it’s even possible or needed. After all, I’m able to run my own little blog right here. You can share it on social media if you so choose. In fact, I’ll probably post it to my account – and try not to look at the “likes” or “comments” that fuel the FB “engagement” engine.&lt;/p&gt;
&lt;p&gt;So, while I may have just rambled for a number of paragraphs, let me finish by encouraging you to consider your use of social media, and at a minimum strongly consider turning off your notifications and moving the app to a sub-folder on your phone (just those two things alone have made a huge difference in my life). I would also encourage you to look into downloading and using &lt;a href="https://signal.org/" rel="noopener" target="_blank"&gt;Signal Messenger&lt;/a&gt; in place of text messaging and especially in favor of the social media messaging platforms.&lt;/p&gt;
&lt;p&gt;Until we figure something out, you can always find me right here.&lt;/p&gt;</description></item><item><title>Stop Using WhatsApp If You Care About Your Privacy</title><link>https://test.markjacobsen.net/2018/05/stop-using-whatsapp-if-you-care-about-your-privacy/</link><pubDate>Thu, 10 May 2018 14:46:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/05/stop-using-whatsapp-if-you-care-about-your-privacy/</guid><description>&lt;p&gt;Yet another reason to use [Signal][1]…&lt;/p&gt;
&lt;p&gt;&lt;a href="https://lifehacker.com/stop-using-whatsapp-if-you-care-about-your-privacy-1825719172" target="_blank" rel="noopener"&gt;Stop Using WhatsApp If You Care About Your Privacy&lt;/a&gt;[1]: &lt;a class="link" href="http://markjacobsen.net/signal/" target="_blank" rel="noopener"
 &gt;http://markjacobsen.net/signal/&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Don’t Give Away Historic Details About Yourself</title><link>https://test.markjacobsen.net/2018/04/dont-give-away-historic-details-about-yourself/</link><pubDate>Wed, 25 Apr 2018 14:17:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/04/dont-give-away-historic-details-about-yourself/</guid><description>&lt;p&gt;Please be safe out there&lt;/p&gt;

 &lt;blockquote&gt;
 &lt;p&gt;Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.&lt;/p&gt;

 &lt;/blockquote&gt;
&lt;p&gt;&lt;a href="https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/" target="_blank" rel="noopener"&gt;Don’t Give Away Historic Details About Yourself — Krebs on Security&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Why We Should All Ditch Other Messaging Apps for Signal</title><link>https://test.markjacobsen.net/2018/04/why-we-should-all-ditch-other-messaging-apps-for-signal/</link><pubDate>Wed, 18 Apr 2018 13:55:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/04/why-we-should-all-ditch-other-messaging-apps-for-signal/</guid><description>&lt;p&gt;If you’re already on Signal you can find me there too. If not, I’d like to suggest it…&lt;/p&gt;
&lt;p&gt;&lt;a href="https://www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal/" target="_blank" rel="noopener"&gt;Why We Should All Ditch Other Messaging Apps for Signal&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;And here are [my reasons][1].[1]: &lt;a class="link" href="http://markjacobsen.net/signal/" target="_blank" rel="noopener"
 &gt;http://markjacobsen.net/signal/&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Facebook Lockdown</title><link>https://test.markjacobsen.net/2018/04/facebook-lockdown/</link><pubDate>Sat, 14 Apr 2018 14:00:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/04/facebook-lockdown/</guid><description>&lt;p&gt;Warning: I may get slightly snarky below. I’m not intending to belittle anyone’s intelligence, but to forcefully promote the importance of privacy and security.&lt;/p&gt;
&lt;p&gt;So… recently I know a number of people’s Facebook accounts that have been “hacked”, and since I don’t want to bore you with the technical details I do want to provide some basic security advice and show you how to lock down your account.&lt;/p&gt;
&lt;p&gt;First the basics… While I know it may be super tempting, or you “just weren’t thinking”…&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;&lt;span style="text-decoration: underline"&gt;NEVER&lt;/span&gt;&lt;/strong&gt; click on a link you don’t recognize &lt;strong&gt;&lt;span style="text-decoration: underline"&gt;and&lt;/span&gt;&lt;/strong&gt; have a reason to click on. I don’t care if it’s unicorns and rainbows or will create world peace. Stop clicking on links for no reason. What’s a reason? Ex, your friend messages you and says, “Hey [what they would normally call you], here’s a great recipe we tried last night and [some family member of theirs] really enjoyed it [link]”. Notice how actual identifying information was included in that and it was targeted?&lt;/li&gt;
&lt;li&gt;But what about all the great articles on Facebook? Do you recognize the domain? Do you have a real reason to be going there? Maybe you should log out of Facebook and delete your account? But anyway, same rules apply… unless you recognize where the link is going to and you have a real reason – **&lt;span style="text-decoration: underline"&gt;don’t&lt;/span&gt;**click on the link!&lt;/li&gt;
&lt;li&gt;Here we’re going to get a little Facebook specific, but &lt;strong&gt;NEVER&lt;/strong&gt; install apps, games, or allow third party access to any part of your profile unless you are 100% sure of the legitimacy. In fact, delete all apps with access to your account. Ready, for a real link? [Here’s where you can delete apps with access to your account][1]. You’ve heard of Cambridge Analytica, right? If not, go delete your Facebook account right now and never log back in.&lt;/li&gt;
&lt;li&gt;Ok, back to the basics… Never use the same password for sites. Hint, your Facebook account getting hijacked isn’t usually because of a bad password, it’s usually for one of the reasons above which I why this is listed forth. Still… don’t use the same passwords.&lt;/li&gt;
&lt;li&gt;Ok, ready for probably the most important thing you can do other than following the items above? &lt;strong&gt;[Enable two factor authentication EVERYWHERE][2]&lt;/strong&gt;. In fact, go back and read that article I wrote 4 years ago.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Ok, now I’m getting tired as this may be one of my longest posts ever. So, to wrap it up, here’s how to enable two factor authentication on your FB account (note, even 2FA won’t protect you from clicking on stupid links and installing apps).&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Install an authenticator app on your phone like Google Authenticator.&lt;/li&gt;
&lt;li&gt;Go to your Facebook security settings: &lt;a class="link" href="https://www.facebook.com/settings?tab=security" target="_blank" rel="noopener"
 &gt;https://www.facebook.com/settings?tab=security&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Under “Setting Up Extra Security” enable “Use two-factor authentication”&lt;/li&gt;
&lt;li&gt;Under “Code Generator”, click the “third party app” link to generate a QR code you can scan w/ the Google Authenticator app.&lt;/li&gt;
&lt;li&gt;Follow the instructions.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Now, go enable 2FA for your other important accounts like banking and Google/GMail.&lt;/p&gt;
&lt;p&gt;But most importantly, stop clicking on links!&lt;/p&gt;
&lt;p&gt;PS: Again, apologies for any snarkyness. It’s interesting because in the wake of the cambridge analytica, #DeleteFacebook, and other campaigns I’ve been thinking of what it would take to create a distributed, secure, no ads based, non-profit social network. If you know of one already I would be interested. If not, and you’re a developer who might be interested in working on such a project, please let me know.[1]: &lt;a class="link" href="https://www.facebook.com/settings?tab=applications" target="_blank" rel="noopener"
 &gt;https://www.facebook.com/settings?tab=applications&lt;/a&gt;
[2]: &lt;a class="link" href="http://markjacobsen.net/2014/04/heartbleed-and-the-importance-of-two-factor-authentication/" target="_blank" rel="noopener"
 &gt;http://markjacobsen.net/2014/04/heartbleed-and-the-importance-of-two-factor-authentication/&lt;/a&gt;&lt;/p&gt;</description></item><item><title>The Matador Defense – TWiT</title><link>https://test.markjacobsen.net/2018/04/the-matador-defense-twit/</link><pubDate>Thu, 12 Apr 2018 11:14:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/04/the-matador-defense-twit/</guid><description>&lt;p&gt;I would strongly recommend listening to the segment on Facebook&lt;/p&gt;
&lt;p&gt;&lt;a href="https://twit.tv/shows/this-week-in-tech/episodes/658?autostart=false" target="_blank" rel="noopener"&gt;This Week in Tech 658 The Matador Defense | TWiT.TV&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Scary Chip Flaws Raise Spectre of Meltdown — Krebs on Security</title><link>https://test.markjacobsen.net/2018/01/scary-chip-flaws-raise-spectre-meltdown-krebs-security/</link><pubDate>Thu, 11 Jan 2018 14:10:00 +0000</pubDate><guid>https://test.markjacobsen.net/2018/01/scary-chip-flaws-raise-spectre-meltdown-krebs-security/</guid><description>&lt;p&gt;Please be sure to update/patch every device you have. On most Windows machines, you should be able to do a manual reboot (Start -&amp;gt; Power -&amp;gt; Restart) and have the updates applied. On iOS you want to go to Settings -&amp;gt; General -&amp;gt; Software Update&lt;/p&gt;
&lt;p&gt;&lt;a href="https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/?utm_content=buffer5c04c&amp;utm_medium=social&amp;utm_source=facebook.com&amp;utm_campaign=buffer" target="_blank" rel="noopener"&gt;Scary Chip Flaws Raise Spectre of Meltdown — Krebs on Security&lt;/a&gt;&lt;/p&gt;</description></item><item><title>10 Unusual Things I Learned From Mr. X – Altucher Confidential</title><link>https://test.markjacobsen.net/2017/10/ep-265-10-unusual-things-i-learned-from-mr-x-altucher-confidential/</link><pubDate>Wed, 25 Oct 2017 00:41:00 +0000</pubDate><guid>https://test.markjacobsen.net/2017/10/ep-265-10-unusual-things-i-learned-from-mr-x-altucher-confidential/</guid><description>&lt;p&gt;&lt;a href="https://buff.ly/2gJRXtz" target="_blank"&gt;Ep. 265 – 10 Unusual Things I Learned From Mr. X – Altucher Confidential&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;_You can find all my shares on my &lt;a href="https://www.facebook.com/markjacobsen.net" target="_blank"&gt;Facebook Page&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Find the Members of an Active Directory Group</title><link>https://test.markjacobsen.net/2017/08/find-members-active-directory-group/</link><pubDate>Mon, 14 Aug 2017 20:21:00 +0000</pubDate><guid>https://test.markjacobsen.net/2017/08/find-members-active-directory-group/</guid><description>&lt;p&gt;The simplest way to get the list of users in an Active Directory group is to use the following command right from the command line:&lt;/p&gt;
&lt;pre&gt;&lt;code&gt;NET GROUP &amp;quot;my_group&amp;quot; /DOMAIN
&lt;/code&gt;&lt;/pre&gt;
&lt;p&gt;And yes, that is the work “DOMAIN”, not the domain you are in. The only value to change in the command is my_group&lt;/p&gt;
&lt;p&gt;&lt;a href="https://serverfault.com/questions/22182/is-there-a-way-to-view-the-members-of-an-active-directory-group-if-you-arent-a" target="_blank"&gt;Ref: Is there a way to view the members of an Active Directory group if you aren’t a domain admin and can’t log into a domain controller?&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Apple vs FBI</title><link>https://test.markjacobsen.net/2016/02/apple-vs-fbi/</link><pubDate>Thu, 18 Feb 2016 17:39:00 +0000</pubDate><guid>https://test.markjacobsen.net/2016/02/apple-vs-fbi/</guid><description>&lt;p&gt;So my mom asked my opinion on the current standoff between Apple and the FBI over their insistence on building a back door into the iPhone “just this once” (wink, wink, nudge, nudge). As I said to her…&lt;/p&gt;
&lt;p&gt;I &lt;strong&gt;completely&lt;/strong&gt; agree with Apple’s stance. Once they create such a method to circumvent the security on the phone, I guarantee it will be ordered to do so from now until eternity. That is unless you believe everything the government and law enforcement tell you. In that case, then yes it will be just one time (wink, wink, nudge, nudge).&lt;/p&gt;
&lt;p&gt;Let’s also address certain politicians insistence on “opening up” security and “using our heads”…&lt;/p&gt;
&lt;p&gt;START: Sarcasm and Contempt&lt;br&gt;
Yeah, let’s open up security all over the place. In fact, then no one will ever be able to transmit anything securely ever again. Hint: “open up” just means lets build in a vulnerability, a bug – intentionally!! You didn’t want your credit card info submitted securely now do you? Probably should let the gov’t be able to scan all your photos and financial documents, and travel plans, and basically anything that’s stored digitally. Not like that’s &lt;strong&gt;everything&lt;/strong&gt; now a days.&lt;/p&gt;
&lt;p&gt;Not that hackers or “bad guys” would take advantage of that or anything. Gahh!!&lt;/br&gt;&lt;br&gt;
END: Sarcasm and Contempt&lt;/p&gt;</description></item><item><title>Heartbleed and the Importance of Two-Factor Authentication #1aDay</title><link>https://test.markjacobsen.net/2014/04/heartbleed-and-the-importance-of-two-factor-authentication/</link><pubDate>Wed, 16 Apr 2014 11:28:51 +0000</pubDate><guid>https://test.markjacobsen.net/2014/04/heartbleed-and-the-importance-of-two-factor-authentication/</guid><description>&lt;p&gt;With the recent announcement of the Heartbleed vulnerability it’s more important than ever to consider your security precautions. Of particular importance you should be…&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Using a password manager like &lt;a href="https://test.markjacobsen.net/apps/lastpass/" target="_blank"&gt;LastPass&lt;/a&gt; or &lt;a href="https://test.markjacobsen.net/apps/keepass/" target="_blank"&gt;KeePass&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;Using Two-Factor Authentication wherever you can&lt;/li&gt;
&lt;li&gt;Using strong passwords wherever you can’t use Two-Factor Authentication&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;So now a few details…&lt;/p&gt;
&lt;h2 id="what-is-heartbleed-and-why-do-i-care"&gt;What is Heartbleed and why do I care?
&lt;/h2&gt;&lt;p&gt;For those who are not server administrators, Heartbleed made it possible for attackers to steal information from servers memory. Of importance to you, that information may have included usernames and passwords. Should an attacker have your username and password I’m sure you can figure out that they could do not nice things with that information.&lt;/p&gt;
&lt;h2 id="what-can-i-do"&gt;What can I do?
&lt;/h2&gt;&lt;p&gt;&lt;strong&gt;Use a password manager like LastPass or KeePass&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Tools like &lt;a href="https://test.markjacobsen.net/apps/lastpass/" target="_blank"&gt;LastPass&lt;/a&gt; and &lt;a href="https://test.markjacobsen.net/apps/keepass/" target="_blank"&gt;KeePass&lt;/a&gt; are great because they give you a secure and central place to store your usernames and passwords. Plus a service like &lt;a href="https://test.markjacobsen.net/apps/lastpass/" target="_blank"&gt;LastPass&lt;/a&gt; includes additional tools and can provide valuable services like they did with Heartbleed to let you know where you should be updating your passwords. Concerned about using a service like &lt;a href="https://test.markjacobsen.net/apps/lastpass/" target="_blank"&gt;LastPass&lt;/a&gt;? Here’s a good article on why &lt;a href="http://lifehacker.com/is-lastpass-secure-what-happens-if-it-gets-hacked-1555511389" target="_blank"&gt;you may not need to worry&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Use Two-Factor Authentication wherever you can&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;As that article above pointed out, you should be using Two-factor authentication wherever you can. Two-factor authentication requires an additional step in addition to entering your password, usually by sending a message to your mobile phone or using an app on your smartphone. Basically, with 2 factor authentication, logins require something you know (your password) and something you have (your phone). In short, two factor auth prevents Heartbleed because should an attacker have your password, they still don’t have your phone and thus would not be able to login as you.&lt;/p&gt;
&lt;p&gt;You can find a good site with lots of places that allow two factor authentication &lt;a href="http://evanhahn.com/2fa/" target="_blank"&gt;here&lt;/a&gt;. My suggestion, support companies like these with take security seriously.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Use strong passwords wherever you can’t use Two-Factor Authentication&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;If a site does not allow two factor authentication, I would highly recommend that you use a strong password. Here’s another place where a service like &lt;a href="https://test.markjacobsen.net/apps/lastpass/" target="_blank"&gt;LastPass&lt;/a&gt; or &lt;a href="https://test.markjacobsen.net/apps/keepass/" target="_blank"&gt;KeePass&lt;/a&gt; come in handy because they can generate strong passwords for you.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Change your Passwords&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Keep an eye on &lt;a href="http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/" target="_blank"&gt;this list&lt;/a&gt; for when and where to update your passwords. Even if a site sends you an email saying they weren’t affected, it wouldn’t hurt to change your password and add it to your password manager. Chances are you weren’t using a secure one to being with.&lt;/p&gt;</description></item><item><title>Missed a call? ‘One-ring’ cell phone scam could cost you money</title><link>https://test.markjacobsen.net/2014/02/missed-a-call-one-ring-cell-phone-scam-could-cost-you-money/</link><pubDate>Fri, 07 Feb 2014 07:00:22 +0000</pubDate><guid>https://test.markjacobsen.net/2014/02/missed-a-call-one-ring-cell-phone-scam-could-cost-you-money/</guid><description>&lt;p&gt;Take a quick look at [this article from NBCNews.com][1], and then remind yourself that return calls should be handled just like email… If you don’t know who or what it is, just ignore it and delete it. Do NOT click on it or call back![1]: &lt;a class="link" href="http://www.nbcnews.com/technology/missed-call-one-ring-cell-phone-scam-could-cost-you-2D12044967" target="_blank" rel="noopener"
 &gt;http://www.nbcnews.com/technology/missed-call-one-ring-cell-phone-scam-could-cost-you-2D12044967&lt;/a&gt;&lt;/p&gt;</description></item></channel></rss>