Subscribe: Data Doctors Alerts
http://feeds.datadoctors.com/feeds/Alerts.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
company  computer  file  files  goo  https goo  https  information  kaspersky  lsquo  make  programs  ransomware  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Data Doctors Alerts

Data Doctors Alerts



Virus, Bug & Recall Alerts



 



What should I be doing to protect myself from the new Wi-Fi hacking problem?

Thu, 19 Oct 2017 00:00:00 +0700

(image) Wireless Internet access has always been more vulnerable to unauthorized access than a wired connection because it’s a broadcast technology.

It’s essentially broadcasting a signal which only requires that a person with ill intent be in proximity of your signal.


Security Protocols

To combat unauthorized users from accessing our private airwaves, we have had various protection protocols to choose from when we setup our routers: WEP, WPA and WPA2.

WEP or Wired Equivalent Privacy was the first way of encrypting our wireless transmissions, but proved to be hackable as security flaws were discovered. Luckily, a more difficult to hack encryption was available (WPA – Wi-Fi Protected Access) when the major WEP security flaws were discovered.

As time went on, WPA became vulnerable through security flaws, but we could turn to WPA2, which is what most of us use today.

The KRACK Problem

Although WPA2 wasn’t technically “un-hackable”, it would take enough effort and time that it made random acts of hacking undesirable.

What was recently discovered by a security researcher in Belgium was a flaw that allowed this highest level of security to be compromised fairly easily.

Codenamed KRACK (Key Reinstallation Attack), actually exploited the protocol in a completely different way: it didn’t target the Wi-Fi access point, but the various devices that connect to it instead.

The website that explained this proof-of-concept compromise said that virtually every device that has Wi-Fi capabilities was potentially at risk and could become a victim of everything from stolen usernames and passwords to injecting ransomware into websites.

The Good News

As scary as this sounds, there are a few hurdles that will make this exploit more difficult to pull off.

First off, the hacker would need to be near enough to you to access your Wi-Fi signal, so it eliminates the remote hacking options that the skilled underworld prefers.

This exploit primarily takes advantage of interactions with unsecured sites (http://), so whenever you see https:// in the website you’re accessing or you use a secured app on your phone, there is yet another layer of security that they would have to break.

Most of today’s browsers automatically attempt to connect via https:// when it’s available, but if you want to play it safe, you can add a browser plug in called HTTP Everywhere (https://goo.gl/4TKCnB).

The security researcher also notified companies ahead of the public announcement, so updates from Microsoft and Apple have already created updates for the exploit.


Update Everything!

Until a new security protocol is created, WPA2 is the best we have, so continue to use it but make sure you update every device that you use for sensitive transmissions on Wi-Fi as soon as patches are made available.


A comprehensive list of technology vendors along with any information about known updates is available at: https://goo.gl/iJhJih (this is a dynamic list, so revisit it often) or check directly with your device vendor.

The Bad News

Some devices may not ever get a patch, especially older or embedded devices that have no option for updating. With the growing popularity of smart devices in the home, adding new security devices makes sense, which I’ll explain next week.




Should I uninstall Kaspersky antivirus from my computer?

Thu, 5 Oct 2017 00:00:00 +0700

(image) A recent Wall Street Journal story (https://goo.gl/awrvtG) about a National Security Agency contractor that had classified documents on his home computer and was allegedly targeted because of his use of Kaspersky Lab antivirus software has once again put the Russian cyber security company in the spotlight.

The article reports that the stolen classified files from 2015 included details on how the NSA compromises foreign computer networks, the code used for spying and how the agency defends domestic computer networks.

The theory is that hackers used the file inventory process that Kaspersky antivirus uses to discover the sensitive files and target the contractor.

Government Ban

In July of this year, software from Kaspersky Lab was removed from the U.S. General Services Administration approved list and in September, the Department of Homeland Security ordered federal agencies to stop using any software made by Kaspersky Lab because of concerns about the company's ties to Russian intelligence.

The founder of the company, Eugene Kaspersky has long had a cloud of uncertainty over him because of his early ties to the KGB and its replacement (the FSB).

As a teenager, he studied cryptography in school and by his mid-20’s, he created an anti-virus program to protect his own computer that eventually led to Kaspersky Lab.

This most recent allegation certainly makes using the company’s software even more disconcerting.

Should You Remove It?

Despite the companies repeated denials of any connection to the Russian government, with the plethora of security programs that don’t come with the ‘Russian baggage’, switching to another program is the safest way to go.

To be realistic, the likelihood that you would somehow become the target of Russian government hackers just because you are using a Kaspersky program is pretty slim, but there’s no reason to take the chance.

Alternative Programs

The vast majority of security programs on the market are actually from companies outside of the U.S.

For example, popular programs such as AVG & Avast (Czech Republic), Bitdefender (Romania), ESET (Slovakia), F-Secure (Finland), Panda (Spain), Sophos (UK)  & Trend Micro (Japan) are all controlled by companies outside the U.S.

Many in our country, because of on-going concerns about our own government’s overreach have proclaimed their preference to using a program based in another country, especially allies like Finland, the UK and Japan.

Removing Kaspersky Lab Products

The standard way of removing programs in Windows is via Start Control Panel Add\Remove Programs or you can use Kaspersky’s removal tools for either Windows (https://goo.gl/apf43E) or MacOS (https://goo.gl/2wJMMk).

Advanced Windows users may want to take the additional step of manually scanning the Registry to a make sure that all Kaspersky related keys have been removed (https://goo.gl/ZyH5h9).

Mac users can also use the free DrCleaner app (https://goo.gl/VLJLKm) to ensure that it’s properly removed as simply dragging it to the Trash does not properly remove it.

Some programs like Trend Micro Worry-Free Business Security can automatically remove other programs, which makes converting a large number of computers more efficient (https://goo.gl/nXq1qv).




Is it true that if I enroll in the free Equifax protection program that I can't be part of a class action lawsuit?

Fri, 8 Sep 2017 00:00:00 +0700

(image) In what may be one of the most damaging data breaches to date, Equifax - one of the big three credit bureaus, announced that 143 million US based consumers may be affected by a data breach that occurred between May and July of this year.

What makes this breach so damaging is that the most sensitive personal information including Social Security numbers, birth dates and home addresses was part of the breach.

Equifax TrustID Premier Enrollment

In an effort to provide some level of protection to impacted consumers, Equifax has launched a special website (https://equifaxsecurity2017.com) to explain what has happened and to offer their ID theft and credit monitoring service for free to anyone that wants it.

Many have pointed out the irony of going to the very organization that couldn’t keep its data secure to protect you from further damage.

These types of ‘free’ services typically only last for a year, which doesn’t really do you any good in the long run since you can’t change your social security number very easily.

The ‘Terms of Use’ for TrustID Premier has a pretty common arbitration clause that includes:… A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION.  (You can read the entire statement at https://goo.gl/1ZtvgD.)

UPDATE: Equifax has updated their FAQ on this question with the following: The arbitration clause and class action wavier included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.

Enrollment for the free one year subsciption ends on November 21, 2017

‘Pretexting’ Concerns

One of the most disconcerting aspects of this breach is that the sensitive information that was stolen is extremely useful for a form of ‘pretexting’ that could have nothing to do with your credit file.

Pretexting refers to the act of pretending to be someone in order to gain access to private or sensitive information.

In this case, your information could allow a perpetrator to pretend that they are you to convince your bank, utility, cellular provider even the IRS to change something like an email address or physical address because the typical information required to prove your identity is in the hands of the bad guys.

Tax Filing Concerns

Another big area of concern will be for the tax-filing season next year. The filing fraudulent tax returns has become a billion dollar problem and this breach just made it easy for this problem to grow.

Make a note in your calendar to file your tax return as quickly as you can next year to avoid the mess that’s created if a fraudulent return is filed before you file your real tax return.

Children’s Credit Files

ID thieves covet the Social Security number of children because it’s a lot less likely that anyone is monitoring the credit of a young child.  Whatever you decide to use to monitor your own credit files, don’t forget your children as well.

Credit Freeze

One of the best ways to lock down your credit file is to put a freeze on it with all 3 credit bureaus: https://goo.gl/kfKWw2




Should I be concerned about ransomware attacking my Mac?

Wed, 28 Jun 2017 00:00:00 +0700

(image) Ransomware continues to grow in popularity as a sort of ‘gold rush’ has been underway in the cyber underworld.

Hundreds of millions of dollars have been generated over the past couple of years with one security firm reporting that 64% of the victims they surveyed paid to get their files back.

Enterprising criminals are even posting ‘ready-to-go’ ransomware kits on the underground marketplace known as the ‘dark web’ with offers to split the revenue with users of their code.

The complexity of these attacks continues to grow as the security world and cyber-criminals face off in a high stakes game of ‘cat and mouse’.

The Bad News For Mac Users

All of the high profile ransomware attacks you’ve likely ever heard of have targeted Windows users, but some of the more recent code being made available via the dark web specifically targets all of the versions of the MacOS as well.

Since ransomware takes advantage of the user more than the operating system, there are few technical barriers to creating a Mac specific attack because the point of entry is getting the user to do something they shouldn’t do.

The most common attack vector for Macs so far has been through infected programs that are designed to bypass Apple’s built-in security (Xprotect and Gatekeeper).  These pre-made ransomware packages also claim to be able to bypass detection by at least 50 different anti-virus programs for both Mac and Windows.

The Good News

Unlike many of the Windows ransomware exploits that can compromise users through unpatched back-doors, clever phishing scams as well as rigged downloads, Mac users currently can only be exploited via a rigged download.

Despite the growing popularity of Mac computers, they still only account for roughly 7% of computers worldwide, so they still benefit from ‘security through obscurity’.

To further illustrate the difference in malware focus in general, one security firm puts the number that target Macs at roughly 450,000 while Windows has 23 million known threats.

From a practical standpoint, cyber thieves are always going to focus on the largest opportunity as they’re in it for the money.

Don’t Let Your Guard Down

Having said all that, everything is subject to change and having the ‘I have a Mac, so I don’t have to worry’ attitude is a bit misguided – there’s a reason why Apple stopped running the ‘we don’t get PC viruses’ commercials back in 2012.

Making sure you only get programs and apps from reputable sources, install the updates when Apple alerts you and keeping all your other Internet tools, such as your browser, Java and Adobe programs updated are important ongoing tasks.

Every computer user should also have a solid backup process - using an automated online backup service such as Carbonite (https://goo.gl/XKum9f) provides an extra layer of security that will save the day whether it’s ransomware, viruses, fire, flood or theft.

Cyber criminals know that Mac computers are more expensive and that Mac owners statistically tend to be on the higher end of the socioeconomic scale, so keep your guard up!




Q: Is it true that color laser printers print invisible dots to ID the printer on every page?

Wed, 7 Jun 2017 00:00:00 +0700

(image) The leaked top secret document that led to the arrest of government contractor Reality Winner has caused a long running privacy issue to resurface.

The hidden yellow dot ID pattern technology on some color laser printers has actually been around since Xerox developed it in the 90’s.

The primary reason for the dots is purportedly to help the Secret Service in counterfeiting cases.  Color copiers and laser printers became so good at reproducing colors that they become a tool for counterfeiters some time ago.

Not all color copiers and laser printers print the dots, but for obvious reasons, the printer manufacturers and law enforcement don’t generally acknowledge which printers do and which ones don’t.

Privacy Concerns

Privacy advocates such as The Electronic Frontier Foundation have been calling attention to this for almost a decade (https://goo.gl/4g8XGk). Their position is that your printer shouldn’t be another tool for government surveillance.

In the Reality Winner case, it’s believed to be what led to her arrest because the dots were easily viewed on the document published online by the Intercept (https://goo.gl/b3KlN9).


What Gets Tracked?

The yellow dots when decoded can indicate the make, model and serial number of the printer and in some cases, include the date and time.

With this information, law enforcement can potentially track down the owner of the printer by following the serial number from the manufacturer to the reseller and then to the purchaser.

Making The Dots Visible

By design, it’s nearly impossible to see the dots with the naked eye, so you’ll want a way to magnify any page that you want to inspect.

Using a microscope or magnifying glass with magnification power of 10x or better to view a blank part of a printed document should allow you to see the dots if they exist.

If you want to make it easier, use a bright blue LED flashlight in a dark room, which should turn the yellow dots a dark blue or black.

If you have a good quality scanner and a graphics program that can zoom and invert the colors, you can also find the pattern, which should repeat itself throughout the page.

List of Known Printers

The EFF has published a list of printers that they say do and do not display the tracking dots (https://goo.gl/UV3q9K), but it’s not up-to-date nor is it a complete list.

In some cases, the printer manufacturer will acknowledge the use of the tracking information in their documentation, but it’s not easy to find even if they do.

What Can You Do?

Technically speaking, setting your color laser to print in black and white won’t allow the yellow dots to be printed.

If you have to use color and are concerned about the tracking dots on a known printer, there is nothing you can do to stop them short of getting rid of the printer.

If you are overly concerned, switching to either a color inkjet or any type of black only printer will ensure that the tracking dots won’t be included. 




If I got hit by ransomware, should I pay the ransom?

Wed, 24 May 2017 00:00:00 +0700

(image) Ransomware is one of the fastest growing cyber-crimes because it’s one of the most profitable.  Unlike other malware that a hacker may or may not be able to monetize, ransomware is a direct path to getting paid through extortion.


The Ransomware Business Model

Today’s sophisticated ransomware scams are based on a proven business model that often times will even come with tech support websites to make sure you get your data back.

The criminals know that if word got out that paying the ransom did not result in getting your files back, no one would ever pay. 


There is no guarantee, however, that if you pay the ransom, you will get your files back as we don’t have any credible data to work with.  Most companies that have been hit with this attack don’t want the word to get out, much less admit that they paid the ransom but didn’t get their data back.

A couple of things are certain: paying the ransom is risky and absolutely encourages them to continue attacking others.

Before You Consider Paying

There are a number of steps you can take before you have to decide whether you should pay the ransom or not.


The easiest way to avoid having to pay the ransom is by having a solid backup that isn’t connected to your computer or company network.

If you do have an uninfected backup that can be restored, removing the infection and the encrypted files is pretty easy to do by anyone with even moderate technical skills.


Which Ransomware Do You Have?

If you don’t have a current backup, there may be tools available that can break the encryption if you were hit with one of the older or less sophisticated strains of ransomware that have been cracked.  


A website called https://NoMoreRansom.org has created a repository of keys and applications that may be able to decrypt your files.

To help determine which strain you’re infected with, you simply upload a couple of the encrypted files along with some of the details within the ransom demand note.

For security reasons, make sure to choose files that don’t contain any sensitive personal or corporate information (picture files are usually a good choice to use for the upload test).


Protection Tip

First and foremost in protecting against this growing threat is the proper backup strategy.

Unfortunately, a traditional external backup drive isn’t good enough because anything that’s connected to your computer or is available through a network share will be encrypted as well.


Even if you routinely disconnect your external hard drive when you aren’t backing up, you’re still not fully protected as this malware runs silently in the background so you could unknowingly overwrite your good files with encrypted files.


The best backup solution physically stores your files separate from your computer and incorporate ‘file versioning’, which means it keeps multiple copies of the same files as they are changed.


Incorporating a cloud-based backup such as Carbonite (https://goo.gl/XKum9f) provides the best protection against not only ransomware but fire, flood, theft and even employee sabotage. 




How can I check to see if my HP laptop has the key tracking problem?

Wed, 17 May 2017 00:00:00 +0700

(image) A recent discovery by Swiss security firm Modzero exposed a major security problem in a large number of HP laptops.  They found that an audio driver that was ‘listening’ for specific ‘hotkeys’ was also recording every keystroke and storing them in an unprotected log file.

Often referred to as ‘keylogging’, this type of activity is usually associated with nefarious programs that try to steal passwords or other sensitive credentials by recording all your keystrokes.

In HP’s case, there’s nothing indicating that anyone was remotely capturing the keystrokes contained in the log files; It’s more of a major mistake made by the company that provided HP with the software.

Who’s At Risk?

Conexant is a primary supplier of audio componentry to most of the major laptop manufactures as well as devices like Amazon’s Echo (Alexa), but this particular issues appears to be isolated to specific HP laptops.

They inadvertently left special debugging code active in the final driver provided to HP, which can potentially be exploited in a number of ways because every keystroke you make – even if you can’t see the character as you type – is being captured to this unprotected file.


It’s the digital equivalent of your computer ‘talking in its sleep’; any program that cares to ‘listen’ could make use of this extremely sensitive information.

Owners of any of HP’s Elite, EliteBook, ProBook or ZBook models from 2015 and 2016 should check their computers for the bug.


How to Check Your Laptop

The following steps may be a bit technical for some, but it’s too important to ignore, so make sure you get help from a trusted technical resource.

Different model laptops exhibit different behaviors, but many of the most common models will have created this log file in the following location: C:\Users\Public\MicTray.log.

If your computer has this log file and you can see data in it when you open the file, your computer has the problem.

If you see the file with no data in it, you’re still not in the clear as the debug output could still be exposing your keystrokes to other programs or it will be empty if you just logged into your computer.


To check for leaking keystrokes, you can run Microsoft’s DebugView while typing random characters on your keyboard to see what is being captured.  If you see any lines in DebugView that refers to ‘Mic target’, your computer is operating with the defective audio driver.


How to Kill the Keylogger

Both HP and Microsoft have released updates to fix the problem, so if you regularly keep your computer updated, you may have already fixed the problem.

HP laptop owners that want to make sure they have the updated audio driver can go to HP’s driver download page in the ‘Support’ section of their website.

This logging behavior goes back to October of 2016, so even if you have fixed the problem, your old backups could contain old log files. Make sure you search for and delete any instance of the MicTray.log file in any of your backups as well.




Should I be concerned about using Kaspersky's antivirus software since it's a Russian company?

Wed, 1 Feb 2017 00:00:00 +0700

(image) Choosing a solid security program to protect your computer and personal information has always been a challenge because there are so many options that get high marks.

Now, with all of the global issues and growing concerns about nationalism, there’s an additional issue that many users are contemplating when making a choice: where is the security software made?

Russia is just one of the many prominent players in the global security software industry, with many of the most popular programs from countries around the world:

AVG & Avast – Czech Republic, Bitdefender – Romania, ESET – Slovakia, F-Secure – Finland, Kaspersky – Russia, Panda – Spain, Sophos – UK  & Trend Micro – Japan for example.


Does It Matter?

In general, just because a security program is owned by a company in another country does not mean it shouldn’t be trusted, especially since countries like Finland, Japan and the UK are clear allies.

In fact, in light of recent national security disclosures, some users are proclaiming that they are more comfortable with using a security program controlled by a foreign company.

It’s highly unlikely we’ll ever know what relationship or working agreement a particular company has with its own government, so you’ll have to decide if the lack of transparency is disconcerting or not.  

We’ve been using and installing Trend Micro’s products for years and have no issue with it being a Japanese company (it was originally created in California and relocated when it acquired a Japanese firm in 1992).

Keep in mind that all of these companies are global players and any evidence that they are working with their own government to disclose user information would all but destroy their businesses.

Trust Matters

Since we rely on our security programs to protect us, we have to allow them full access and control over our computers.

This means that they can scan every file we have and keep logs of those files and in some cases, send information back to the ‘mothership’ if you choose to participate in their ‘security networks’ as a contributor.

If for any reason you don’t trust a company with that level of intimacy, you shouldn’t use their software.

Kaspersky’s Credentials & Controversies 

Anyone in the information security world knows Eugene Kaspersky and his very impressive credentials.

As a teenager, he was studying cryptography in school and by his mid-20’s, he created an anti-virus program to protect his own computer.

His company has also been responsible for uncovering some major cyber-threats over the years.

Unfortunately, since he is a Russian citizen with early ties to the KGB and its replacement (the FSB), he’s always had a cloud of uncertainty over him

Most recently, a Kaspersky executive Ruslan Stoyanov, head of their investigation unit and a liaison to Russian security services was arrested and accused of treason by the Russian government. This has added more questions for some users that have the company’s software installed.

While Stoyanov himself is being accused, not the company, you’ll have to decide for yourself if you’re comfortable using their software based on your own evaluations.




Where can I see if my HP laptop is part of the recall?

Fri, 27 Jan 2017 00:00:00 +0700

(image) HP has extended it's massive recall of laptop batteries that was first announced in June of 2016.

In a statement from their recall notice, they explain: "HP continuously monitors issue reports and reported problems. Our monitoring showed that additional batteries should be included in the recall program. These additional batteries were sold with the same notebook products as communicated in the June 2016 battery recall. It is essential to recheck your battery, even if you did so previously and were informed that it was not affected. However if you have already received a replacement battery, you are not affected by this expansion.HP customers affected by this program will be eligible to receive a free replacement battery for each verified, recalled battery."

You can check to see if your HP laptop is part of the recall in one of two ways: using their utility or manually checking at this link: https://h30686.www3.hp.com/#tab=id2




What tax scams should I be watching out for this year?

Wed, 25 Jan 2017 00:00:00 +0700

(image) Many in the cyber-security business refer to tax season as ‘Christmas for Criminals’ because of the amount of sensitive personal information that will be in circulation.

The IRS reported a nearly 400% surge in phishing and malware incidents in the 2016 tax season and you can bet that number will be as high, if not higher this year.

Fraudulent returns continue to top the list of scams because electronic filing makes it so easy to file returns when a thief acquires your Social Security Number.

In fact, the problem has gotten so big that the IRS will be delaying refunds for all taxpayers until February 15th this year in order to give them more time to screen for fraud.

Start With Your Computer

One the easiest ways for thieves to steal your personal information is directly from your computer if you aren’t paying attention.

Programs designed to sneak in and silently monitor your keystrokes (a.k.a. keyloggers) or steal your e-mail credentials won’t announce themselves.

If your computer takes forever to startup or seems to be ‘stuck in the mud’ when you try to use the Internet, these are clear signs that unnecessary processes are running in the background of your computer.

Since you’ll be working with a lot of sensitive information via your computer, whether you’re preparing your own return or gathering info for a tax preparer, make sure your computer is free of any potential malware.

If you aren’t comfortable running through the various processes yourself, make sure you find someone you trust to do a thorough checkup/cleanup before you get started.

Don’t Send Sensitive Info Via Email

Email has replaced the fax machine for sending documents, but it’s one of the least secure methods of transferring sensitive information to your tax preparer.

Not only can your unprotected information be intercepted by others, a record of your sensitive information gets stored in your email program unless you remember to delete all your sent items.

Check with your tax professional as they should have a more secure method for you to share electronic documents.

Watch For Phishing  and Phone Scams

One of the many known phishing messages pretends to be from the IRS asking you to update your e-file account to make sure you get your refund.

The IRS will NEVER send you an e-mail message or call you; they only communicate with taxpayers via U.S. Mail.  You can report any IRS phishing scams by forwarding the message to [email protected]

File Early To Beat Fraudsters

Fraudulent tax returns continue to be a billion dollar expense for the Treasury Department, but one of the ways you can avoid becoming a victim is file as early as you can to beat them to the punch.

If they file a fraudulent claim before you, it can take an average of over 300 days for you to get the mess straightened out. If you believe you’re a victim of ID theft, the IRS Identity Protection Specialized Unit phone number is (800) 908-4490