Posted on Leave a comment

Validate a downloaded file on Windows 10 with MD5

It is always recommended to ensure authenticity of an application file downloaded from the internet before installing.
Of course, we still also run our antivirus to scan any downloaded file as well.

There are different methods in use – here’s what to do if the download site provides a MD5 checksum file as reference.
Some websites simply display the MD5 checksum, others offer the MD5 file (a file often with .md5 extension) to download which we can open with e.g. Notepad.

First, we open a command shell by pressing the Windows-Key + X-Key at the same time and select Windows PowerShell from the menu.
Now, change to the directory where the downloaded file is stored with the cd command, e.g. cd Downloads.

Tip: using the TAB-Key will auto-complete and you don’t have to type the complete file name.

certutil -hashfile Name-of-Downloaded-File MD5
(see image above) and wait for your PC to calculate the MD5 checksum of the file.

Finally, compare the MD5 checksum calculated in your command shell with the one displayed on the website or in the file opened with NotePad.
If they’re identical, the file is unaltered, not corrupted and it’s ok to install (after having run a scan with the antivirus protection).

Should the numbers be different, the file is most likely not identical to the file intended to download and should not be installed.
It’s better to check the download process from origin of the file

  • https in use on the website?
  • Lock sign displayed and confirming the website is identifying itself correctly?
  • Download path correct and still with correct https/ssh?
  • Size of downloaded file same as information shown on download page?

to checksum

  • Correct checksum file / information used for comparison?

once again to make sure to not endanger your system.

Posted on Leave a comment

Awareness for online privacy and security – Email

Our contribution to help increase the awareness on privacy and security issues related to new technologies and communication tools:

Simplified summary:

Email = Postcard
Letter = encrypted email

More information may be found also at Mozilla, maker of Firefox, the web-browser that takes your privacy seriously and Thunderbird, our email application of choice.

Posted on 1 Comment

Update Thunderbird

Thunderbird is my preferred email client. Various email accounts can be included into Thunderbird, basically all IMAP standard following email providers, and it has some powerful extensions like Lightning for calendar, utilizing the open CalDAV standard, and CardBook for contact management with the open CardDAV standard.

Email is one of the key modern-times communication media, so important that for some companies you simply don’t exist if you don’t have an email address. Scary but true. So let’s make sure Thunderbird is up-to-date with all safety and security fixes and improvements so we’re not suddenly kicked out of existence by some malicious attacker and that we don’t contribute unwillingly, maybe even unknowingly, to the ever increasing spam issue.

Continue reading Update Thunderbird

Posted on 3 Comments

Update Firefox web browser

Not only does your mobile device require regular maintenance and update of some apps to get the latest enhancements and security relevant fixes, your PC, laptop or tablet computer does appreciate some care as well.

Browsing the internet is most likely part of your regular routine when using your computer. Thus, making sure your interface to the internet, your web browser, is safe to use and has all the security relevant improvements and fixes.

There’s certainly different web browsers around and everyone has their favourite. I’d always recommend Firefox from the Mozilla foundation due to their open source affinity and advocation for privacy.
If you’re not yet using Firefox, have a look at their webpage
(Click on the link will open in a new window or tab, depending on your browser settings.)

Here’s how to update your Firefox browser.

Continue reading Update Firefox web browser

Posted on Leave a comment

Email Encryption – Update GPG4Win

To encrypt emails, and maybe also files on the local harddisk, GPG (the GNU Privacy Guard) is the Open PGP tool of choice. And keeping applications up to date is safety relevant and important, especially for security related applications, so let’s cut the cake and get to it and let’s update GPG4win, the Windows variant, to the latest version.

Continue reading Email Encryption – Update GPG4Win

Posted on Leave a comment

Multi Factor Authentication (MFA) – secure your accounts

Here’s the 2nd part to the secure password considerations – MFA, multi-factor authentication.

Traditionally, the access to your online bank account looks like this:
you type your

, your

and in you are and ready to go about your business.

Account in the following is not limited to a bank account but can be the personalized access to any webpage, web-service, online-store or similar.

Now, if you’re like the majority of internet users that only use 5 different passwords for all their online activities, you could unconsciously create a domino effect that allows hackers to take control over several of your accounts after just cracking one password.

In comes MFA, multi-factor authentication.

Continue reading Multi Factor Authentication (MFA) – secure your accounts

Posted on 2 Comments

Create a strong yet memorable password

In the digital world, passwords are used and required for many applications and services.
Access to your PC or to your email account will require a password, as will access to your favourite online shop or the web access to your bank.
Passwords are the digital version of our traditional door keys, and yes, there are already possibilities to replace traditional door keys also with a digital lock or even your mobile phone.
Passwords help to protect your data and your privacy.

It is strongly recommended to use different passwords for different applications.
This, to avoid granting access to all the digital services you use at once if ever one of your passwords should be compromised, be it accidentally from your side or from the service provider side.
Just as a reminder, see what recently happened at Cathay Pacific and the privacy breach.

The tricky thing with passwords is that on the one hand the password shall be strong, i.e. as random as possible to avoid guessing or easy password cracking, but on the other hand you shall be able to remember the password.

Here are some tips for creating a safe and secure password.

Continue reading Create a strong yet memorable password