Wed, 7 Dec 2016 00:00:00 +0700
(image) The trend toward shopping online has seen a big jump in the last year with spending in 2016 predicted to be up by 45% over 2015.
There’s no question that online shopping is much more convenient than going to brick and mortar stores but during the holiday shopping season, getting your hands on what you want as early as possible is important.
More of the large retailers are adopting the ‘clicks and bricks’ approach which allows you to buy items online and pick them up at a nearby store if you want that peace of mind.
Don’t Use Your Debit Card
The first thing I’d recommend is avoid using your debit card for online purchases. You’ll still have the same fraud protection that covers credit card transactions, but since it’s tied to your checking account, it can tie up your money while you are sorting things out.
Only your credit line gets tied up when a credit card gets hit with a fraudulent transaction while the money to make your mortgage or car payment gets tied up with fraudulent debit card transactions.
Every major browser offers the ability to create private browsing sessions, which keeps things out of the ‘History’ log and removes any cookies that get placed on your computer when you close the browser.
Using the private browsing option helps with two things that are commonly used these days; Dynamic Pricing and Remarketing.
Dynamic pricing which is also called demand pricing or time-based pricing is an automatic algorithm used by some websites that can provide different prices to different people at different times.
One of the many data points used in dynamic pricing is how many times you’ve looked at the item, even if it was on different websites. Private browsing eliminates this data point as a factor.
The biggest reason to use private sessions is when your computer is shared by your whole family. We’ve all experienced the situation where you went looking for a specific product only to have ads featuring the item then follow you around the Internet and on social media.
This process is called remarketing and it too relies on the cookies that get deposited on your computer. It can become a major spoiler when the rest of your family sees the glaring hints whenever they go online using the same computer.
Money Saving Tips
Once it’s installed, a small ‘h’ will appear in the upper right hand corner of your browser that turns yellow when you visit a site that has an available coupon code.
Another website popular with avid online shoppers is called Ebates because you get cash back for purchases, but unlike many others you can also get cash back from some in-store purchases as well.
Price comparison sites like Price Grabber and Froogle (now Google's shopping engine) – can help you find the best deals but don’t forget to calculate in shipping and handling fees and delivery dates before you click on ‘Buy’!
Wed, 30 Nov 2016 00:00:00 +0700
(image) In the tech industry’s ongoing attempts to create better tools to protect consumers, they often come up with software that focuses in specific areas.
Trusteer Endpoint Protection (a.k.a Rapport) is a legitimate program that is specifically designed to help fight financial fraud and is often recommended by various banks for reducing the chances of fraud and identity theft when it comes to online transactions.
Originally developed in Israel in 2006, Trusteer was acquired by IBM in 2013 for an estimated $800 million so any concerns about it being a malware program can be put to rest.
Why Banks Recommend It
The program is specifically designed to prevent many known banking Trojan malware such as ZeuS, Silon, Torpig, SpyEye and others from attacking its users.
Malware designed to attack online banking transactions will attempt to steal login credentials so cyber-thieves can access online accounts or steal the identity of its victims.
They tend to use keyloggers, screen grabbing and phishing as a means of exploiting users, which is what Trusteer is specifically designed to help protect against.
As such, many banks recommend the free program as an extra layer of protection, because the banks have installed the protection on their side and it works best when both sides are using the same security system (thus the name ‘Endpoint’).
Banks are interested in both security and regulatory compliance, which the Trusteer platform provides, which is why so many have partnered with IBM to promote the program.
The Real World
If the only thing your computer needed to do was interact with your bank, Trusteer would be a no-brainer, but for most of us that’s not the real world.
Despite the fact that it’s designed to work as an added layer of protection to your primary security program, many users have reported a multitude of issues over the years.
Online complaints range from the initial installation process to incompatibility with other programs to a noticeable degradation in performance as well as a complicated removal procedure.
As with any security program, it can prevent you from operating your computer in a normal way because it blocks access to anything it perceives as a threat (false positives), which can be very frustrating.
Should You Use It?
As with any protection system, there is no ‘one-size-fits-all’ solution, so determining whether you should use the program or not requires some homework.
If your bank is pushing you to install the program, before doing so, I’d strongly recommend that you research the specific issues with whatever Internet security program you have installed by doing a search for ‘Trusteer issues with XXX” (where XXX is the name of your program).
Not only will you get information specifically from the support resources of the Internet security company, you’ll likely get user feedback on their experiences as well.
As an advanced search tip in Google, if you include –trusteer.com
at the end of your search query, the results will be filtered to exclude anything from Trusteer’s website so you’ll only get feedback from third parties.
Business users should do their experimenting on non-mission critical computers to avoid any compatibility disruptions to workflow.
Wed, 23 Nov 2016 00:00:00 +0700
(image) Google’s newly designed smartphones known as the Pixel (5” display) and Pixel XL (5.5” display) are creating quite a buzz in the tech world.
Most reviewers are hailing it as the most complete Android competitor to the iPhone 7 with some exclusive features that no other smartphone in the Android world currently offers.
Pixel’s Unique Features
The Google Assistant is a more advanced virtual assistant that’s much more conversational than Apple’s Siri.
It allows you to ask a question and then a follow-up question as we do in natural conversations because the app is able to determine context over multiple interactions.
Another great feature is the ability to setup multiple users on one phone, making it easy to create limited use profiles for children that won’t have access to your email, apps and other personal information.
They come with free unlimited cloud storage for photos and 4K videos in their original quality, so there is no reduction in resolution.
They also incorporate ‘Smart Storage’, which automatically clears storage space by deleting items that are already stored in Google Photos and split-screen multitasking for most apps.
24/7 voice and chat support are built into the phones, so any time you have a problem, you can get help including an option to share you screen with the support person and OS updates are now performed seamlessly in the background.
The fingerprint scanner is located on the back of the phone in a natural position when you’re holding the phone.
USB On-The-Go allows you to plug USB storage devices, keyboards and even a mouse into the phone much like you can with your computer.
Based on various tests of the batteries, the Pixel out performs the iPhone 7 in two areas: battery life and recharge times.
Pixel’s higher capacity battery also allows quick charges; a 15-minute rapid charge can provide an additional 7 hours of battery life.
Unlike the iPhone 7, Pixel phones are not water-resistant, so if you want that type of protection, you’ll need to buy a waterproof case.
Image Capture Surprise
Apple’s dominance in smartphone cameras is being challenged with the sophisticated offerings in the Pixel phones.
Many head-to-head tests have shown the Pixel to have better low light image capture as well as truer colors and the wider angle lens on the front facing camera can capture more people for selfie fanatics.
It’s important to understand how what you’re currently using could play the biggest role in deciding which phone is best for you.
If you’ve had an iPhone for a long time and have purchased lots of apps, music, videos and games, porting those over to an Android handset can get complicated.
In some cases, you’ll have to re-purchase items because they are locked in the Apple ecosystem or it may not exist on the Android platform at all.
To a lesser extent, the same holds true if you’re going from an Android device to an iPhone.
Assessing what you have on your current phone that you’ll want on your new phone and doing a little homework to see what it will take to get it to ‘the other side’ should help you determine if you want to switch platforms or not.
Wed, 16 Nov 2016 00:00:00 +0700
(image) This election cycle dramatically elevated the use of fake news sites that in the past were generally used to spread malware by infecting unsuspecting visitors.
There were a variety of reasons for creating these sites that ranged from the obvious political influence to making money from the world-wide interest in our candidates.
Savvy Teens in Macedonia
BuzzFeed News reported that they were able to identify at least 140 fake political news websites being run from a single town in Macedonia.
Despite the sites being overwhelmingly pro-Trump, the young tech-savvy creators of the sites said they didn’t care about Trump’s campaign.
Earlier in the year, they claim to have researched the various candidates to see which ones would generate the most traffic as their incentive was purely economic.
Any website that can generate a lot of traffic, can use global marketing platforms like Google’s AdSense to monetize that traffic.
They also learned that the best way to generate traffic to their sites was to use Facebook to spread stories, especially if they were in some way pro-Trump.
The latest word from both Google and Facebook is that they cracking down on fake news sites that attempt to use their advertising platforms from now on.
Google said sites that “misrepresent, misstate, or conceal information about the publisher, the publisher’s content, or the primary purpose” will be kept out of their ad platform.
Facebook said that it already banned apps and sites with “illegal, misleading, or deceptive” content but they updated their policy to “explicitly clarify that this applies to fake news.”
This by no means will be the end of seeing questionable news sites in your Facebook News Feed or in Google search results, so we all need to sharpen our skills.
Sniffing Out Fake News Stories
The first thing to pay attention to is the web address of the site that is reporting the story, especially if a two-character country code is added to the end (Example: abcnews.com.co)
With the speed at which news travels across the Internet, doing a quick Google search by using the headline as the search parameter should provide plenty of help.
If the story only appears on sites you’ve never heard of, it’s the first sign that you should be suspicious.
Questionable headlines will likely have search results that include sites like Snopes and HoaxBusters that provide some context to the lack of credibility.
Web tools such as Web of Trust can also quickly provide warnings of questionable sites.
What Else Can You Do?
Both Google and Facebook will be using various algorithms and machine learning to help with the task, but Facebook users can help by posting fact-checking links that debunk stories in the comments section, which will help the algorithm.
Facebook users can also click on the v-shaped icon in the upper right corner of any post to hide all posts from that source or unfollow the person that shared the story to prevent future junk posts from appearing in your news feed.
News aggregators like News360 present news stories and includes how many news organizations reported on that specific story with an easy way to read the story from any or all of the sources.
Wed, 9 Nov 2016 00:00:00 +0700
(image) Ransomware is one of the fastest growing cyber-crimes because it’s working so well for organized crime rings around the world.
Victims of ransomware are essentially locked out of their own private files unless they are willing to pay a ransom to get the key that will unlock them.
Alarming Ransomware Statistics
According to one estimate, $209 million was paid in ransomware attacks in the first quarter of 2016 alone.
Another survey found that nearly 50% of professional organizations were victims of a ransomware attack in the past 12 months.
The average ransom demanded is just under $700, but as more businesses are being targeted, the ransom amounts are increasing.
To provide some perspective, the average ransom demand in 2015 was around $294
59% of infections come via email as either a malicious link or an infected email attachment.
Malicious social media links don’t account for a large percentage of the current attacks, but cyber security experts expect this approach to grow.
Protecting Yourself From Ransomware
Since this form of attack larger relies on tricking a human into clicking on a link or opening a malicious attachment, educating everyone in your household or business on ways to spot questionable email messages is a good start.
Since cyber-criminals have the ability to use Internet searches and social media to figure out who’s who in just about any business, it allows them to create very clever spear-phishing email messages that can fool employees that aren’t paying attention.
Bad grammar, missing punctuation and strange salutations are just a few of the things that everyone needs to be looking for in just about any message that prompts you to click on a link or open an attachment.
There is a free phishing security test business can use to test and educate their employees from a company called KnowBe4 (https://goo.gl/PGsyHz)
Parents need to understand that cyber-criminals set their traps where they know teenagers go to download free music, games, movies and programs that usually cost hundreds of dollars.
Make sure you have all your security updates installed and have a good off-site backup like Carbonite so you don’t ever have to pay the ransom to get your files back.
Options For Victims
If you become a victim of a ransomware attack, your options depend on what type of backup you employ.
Traditional backup devices that are attached to your computer when you’re attacked are also attacked, so unless you have a disconnected or off-site backup, you’ll either have to pay the ransom or lose everything and start over.
Fortunately, getting rid of the infection that allowed your files to be held hostage is pretty straight forward, but decrypting your compromised files is nearly impossible for most of today’s attacks.
If you do have a clean backup, you can either disinfect the system by booting to an uninfected device, like a flash drive or CD/DVD to run a scan with anti-virus/security programs or wipe the drive completely and reload everything from scratch.
Wed, 2 Nov 2016 00:00:00 +0700
(image) There are many lessons that can be learned from the recent high-profile email hacks to several public figures.
The most important lesson is that people, not security measures are the easiest to compromise.
The Weakest Link
As anyone in IT security will tell you, no matter how sophisticated the cyber-security system may be, the humans using the system are always the weakest link.
In most cases, hackers employ what’s called ‘social engineering’ to trick users into divulging critical information that allows them to be exploited.
In the Podesta case, a ‘spear-phishing’ email claiming the password had been stolen convinced both the users and the IT person that it was a legitimate warning from Google.
Spear-phishing refers to a more targeted exploit because the hackers know that you use a specific online service.
In this case, since the recipient’s email address ended with @gmail.com, they created a ‘stolen password’ alert that appeared to be from Google.
Tell Tale Signs
As with most phishing messages, a close examination of the punctuation and grammar would have tipped off an observant reader.
The lack of commas in appropriate places, the relative vagueness of the message and the fact that they ended the message with ‘Best, The Mail Team’ are clear red flags.
The reason social engineering tricks work so well is that the anxiety created by the message causes most people to focus on the salacious subject line and scary claims instead of the message in its entirety.
Another way to sniff out suspicious messages is to use the hover method as described in this video: https://youtu.be/-aay-00BCKE.
Thoroughly Read Messages
The IT person also fell for the fake message but in their defense, they replied with a specific link to use to change the password, which the frantic user didn’t use.
Instead, they went back to the original message and clicked on the button that said ‘Change Password’ which sent them right where the hackers wanted them.
Had they followed the instructions from the IT person, even though the message was a fake, they would not have been compromised.
Stolen Password Protection
Another important step that the IT person suggested in his response was to make sure that 2-step verification was turned on (https://goo.gl/SCa64p), which would have kept the hackers out even with the password.
2-step verification creates a second layer of protection in the event someone steals your password.
With it turned on, whenever the site detects a valid login from an unknown location or device, it sends a special code via text message to your smartphone.
Without the code, the person that has your password won’t be able to get in AND you will have been alerted that your password has been compromised.
Never Click Links
We’ve all heard the ‘never click links in email messages’ a million times, but cleverly crafted messages can scare people into taking immediate action.
Even when you think a warning is legitimate, avoid the links and manually type in the address of the service in question to see if the same warning comes up when you log in.
Wed, 26 Oct 2016 00:00:00 +0700
(image) Browser security should be on the top of everyone’s mind these days, as it’s one of the most likely ways you’ll be compromised.
Cyber-thieves know we spend most of our time on the Internet, so they’ve shifted their focus from just exploiting your OS (Windows, MacOS, etc.) to exploiting browsers in conjunction with operating systems and utilities.
Computer security has definitely improved over the years, so hackers have had to implement a ‘blended attack’ approach to compromise users.
Instead of exploiting one program or utility, they use a combination of attacks on various known vulnerabilities in the most commonly used programs to improve their chances of success and to gain deeper access.
Your web browser is often the first item on the list in these blended threats.
Measuring Security in Browsers
There are a number of things to consider when evaluating browser security, but none of them points to the absolute best browser for everyone to use.
Security and usability can often be at odds; the most secure options can be more difficult to use and the easiest to use can often be the least secure.
With browsers, the most secure options are generally the ones that strip features out or employ tactics that results in noticeably slower performance.
There is no such thing as a 100% secure web browser, so you need to find the balance between security and usability that best suits your needs.
One measure of security you may want to consider is how often the browser is updated, since the update interval represents the amount time hackers can exploit a known vulnerability before it’s patched.
Here are the standard update intervals for the most popular browsers:
Microsoft Internet Explorer and Edge – 30 days
Google Chrome – 15 days
Mozilla Firefox – 28 days
Apple Safari – 54 days
Opera – 48 days
Security Through Obscurity
The term ‘security through obscurity’ is often used to describe how lesser used technology can be more secure only because they’re less targeted by hackers.
The most popular browsers have the largest number of known vulnerabilities because cyber-thieves are willing to spend more time trying to exploit a tool they know hundreds of millions of people are using.
One of the reasons that Safari and Opera have longer update intervals is that they have fewer vulnerabilities (and users) than the others, which many would suggest is a great example of ‘security through obscurity’.
Vulnerability counts by themselves don’t really say much as the severity and complexity required to exploit them means a lot more.
At a recent hacking contest called Pwn2Own, Google Chrome came out as the most difficult to exploit, while Apple Safari and Microsoft Edge didn’t fare as well (Opera and Firefox were not part of this competition).
What’s Really Important
Focusing on browser security is kind of pointless if you aren’t keeping everything else in your system updated as well.
Here’s the biggest problem we regularly see - risky online behavior can negate most anything you do from a security standpoint, so surfer beware!
Thu, 20 Oct 2016 00:00:00 +0700
(image) With all the exploding battery stories surrounding the Samsung Galaxy Note 7, there seems to be a heightened awareness of battery issues, which is actually a good thing.
Lithium Ion batteries are in just about every rechargeable device we own and there have been many instances of them catching on fire in everything from laptops to hover boards to Tesla cars and even Boeing’s 787 Dreamliner.
In fact, there have been over 40 recalls by the Consumer Product Safety Commission since 2002 for products with defective lithium ion batteries.
Despite all of the stories of exploding batteries, it’s actually quite rare when you take into consideration the number of devices we all have with lithium ion batteries.
Why Batteries Catch Fire
The very nature of how they work is also what subjects them to becoming a fire hazard.
There is a potential for a ‘thermal runaway’ chain reaction whenever the battery becomes overheated, so keeping any device as cool as possible is important.
Well made batteries have safety features built into the battery itself to prevent overcharging and overheating, which is why exploding batteries are relatively rare.
The biggest mistake that most people make when using or charging a device with a lithium ion battery is contributing to the overheating.
For example, using a laptop for extended periods on a soft surface, like a pillow or comforter usually blocks off any air vents and acts like an insulator, which keeps the heat from dissipating.
This scenario can be even more hazardous if you’re charging the laptop at the same time as charging always generates additional heat.
If your device has been exposed to direct sunlight and is hot to the touch, you should wait until it reaches room temperature before attempting to recharge it.
Using the wrong charger to recharge your battery is another major contributor to problems, especially when too much energy is passed during the charging process.
If you ever lose your charger, it’s always safest to replace it with the original manufacturers replacement instead of a third-party charger.
To date, I’m not aware of any portable chargers that have been recalled because of a battery defect, but knowing that the design of the unit is a critical factor, I’d suggest you stick to name brand chargers.
Choosing a Charger
A portable battery’s capacity is rated in milliamps hours or mAh and amperage (A) with the higher the numbers, the more capacity it has to charge your devices.
Generally speaking, the higher the capacity, the larger the battery as well so finding the right combination of size and capacity is key.
Start by determining the battery capacity of the item(s) you want to charge and then divide the capacity of the portable charger by that number to determine how many charges you can expect.
If you plan on charging larger devices, like a tablet, you’ll also need to make sure the amperage is high enough to get the job done (usually 2A).
Wed, 12 Oct 2016 00:00:00 +0700In my more than 20 years providing data recovery services, it’s obvious that there’s as much confusion about backing up critical data as there has ever been.Our data recovery division sees the results of this confusion on a daily basis as most of the conversations start with ‘I thought…’The concept of backing up isn’t the confusing part, it’s the implementation where most people end up failing to protect themselves.External Drive: Pros and ConsOne of the most common backup methods is to connect an external hard drive to your computer and setup a backup program to make copies.Unfortunately, far too many people buy what is labeled a backup drive, connect it to their computer and start saving their important files directly to the drive.Backup implies that there is more than one copy, which isn’t the case when files are saved directly to the external drive.Another mistake with external drives we see is that no automatic scheduling is setup, so it’s on the user to remember to manually run a backup every time. As time goes on, the ‘I’ll get around to it tomorrow’ behavior takes over and it gets forgotten.‘My computer was brand new, so I didn't think the hard drive would crash’ is another common statement we hear.Another potential issue with the external drive configuration, especially with laptops is that it needs to be plugged in when the automated backup tries to run.External backups aren’t great at protecting against theft, fire, flood or the growing threat of ransomware because what impacts your computer also impacts your backup drive.Online Backup: Pros and ConsWhen high-speed always-on Internet connections became commonplace, pushing your critical data to the cloud become practical.Unlike most external hard drive backups, online backups are automatically encrypted so that even if someone gains access to your data, it’s not directly readable.More: (Are online backup services safe? https://goo.gl/O6Y63o) Online backup companies are also in the cyber-security business, so they’re more likely to be aware of emerging threats than the average user trying to protect themselves at home.With external backups, there is a one-time cost, while online backup services have annual fees, so over time, it’ll will cost more to use an online backup.Online backup services provide superior protection against ransomware because they aren’t directly attached to your computer, which doesn’t allow the malware to infect your backup files.Most online services also include file ‘versioning’ meaning it keeps multiple copies of changed files, which can be really helpful when you accidentally over-write a file and don’t realize it for a while.3-2-1 Backup StrategyThe very best backup strategy incorporates 3 copies of your data on at least 2 different devices with at least 1 of them off-site.If you’re really interested in protecting your critical data, your best bet is to use both an external hard drive and online backup service, like Carbonite (https://goo.gl/ckDEQJ).Data recovery services can get really expensive and sophisticated ransomware encryption is unbreakable forcing many to pay the ransom, so having extra layers of protection can save you a lot of money and heartache.[...]
Wed, 5 Oct 2016 00:00:00 +0700
(image) With the recent story about FBI Director James Comey admitting to having tape over the top of his webcams at home, this question is making the rounds once again.
Comey isn’t the only one that has tape over his webcams. Another story that took the Internet by storm was a picture of Facebook Founder Mark Zuckerberg showing that he has tape over both the webcam and the microphone jack on his laptop.
How Possible Is A Webcam Hack?
The technical capability for a remote hacker to gain access to your webcam is absolutely a possibility, so putting tape over your webcam will keep them from being able to see or record anything if they do get in.
But I’ve always contended that just putting tape over your webcam is a little like sticking your head in the sand, if that’s all you do.
In order for a remote hacker to make use of your webcam, they generally start by gaining access to your computer, which gives them complete access to EVERYTHING on your computer.
Making sure you have solid security software installed and paying attention to changes in the performance and startup times of your computer are also critical to sniffing out hidden malware.
Both Mac and Windows users are potential victims of the many social engineering tricks used by malware creators to gain access to your system.
One of the more common tricks is to convince you that you need to update your video playback software in order to see a video, which often presents itself as a convincing but fake pop-up with a link.
If you’re serious about protecting access to your computer’s webcam, you can install special software that monitors, blocks and alerts you whenever a program is attempting to use your webcam.
Windows users can look into using Phrozen Software’s Who Stalks My Cam (https://goo.gl/W5DwIa) which offers free threat detection as well as the ability to setup automatic responses to detected threats.
It also offers the ability to create ‘Whitelists’ of approved programs so applications like Skype that you do want to use won’t be stopped in their tracks.
Mac users can install a free program called OverSight (https://goo.gl/TvcWb1) from the R&D Director at Synack, an information security firm.
The OverSight program will monitor both your Mac's mic and webcam, alerting you whenever the internal mic is activated or whenever a program is attempting to access your webcam.
Patrick Wardle, the author of the program and former NSA staffer recently discussed new ways malware could piggy-back on legitimate webcam sessions, so Mac users shouldn’t shrug off the threat as a Windows-only problem.
Most webcams have an LED that indicates that it’s in use, but some of the more sophisticated attacks can turn off the visual indicator or in the case of the recent proof-of-concept attack on the Mac, simply piggy-back onto legitimate sessions.
Remember, if a remote user can access your webcam, they can generally access everything on your computer, so don’t limit your concerns to the webcam.