Thu, 12 Jan 2017 00:00:00 +0700
(image) The ongoing game by scammers to convince people that their computer is infected has taken some seriously convincing turns in recent months.
One such version of the scam generates what appears to be an official Microsoft message complete with logos and color schemes and a robotic voice saying ‘critical alert’.
Here’s an example pop-up:
** ZEUS VIRUS DETECTED - YOUR COMPUTER HAS BEEN BLOCKED **
Error: Virus - Trojan Backdoor Hijack #365838d7f8a4fa5
IP: 108.XX.XX.XX Browser:Chrome ISP: Mci Communications Services inc. Dba Verizon Business
Please call computer system technician immediately on: 888-XXX-4963
Please do not ignore this safety alert. Your Microsoft System Has Been Compromised. If you close this page before calling us, your computer access will be disabled to prevent further damage and your data from being stolen.
Since this particular scheme attempts to keep you from doing anything else, calling the posted toll-free number to get help seems to be a rational response for those stricken with fear.
We’ve also seen this attempted scam posing as a warning from your Internet service provider (such as Cox or Century Link) because the scammers can easily determine who your ISP is.
Understanding some basic red flags will go a long way in helping you avoid this and all of the subsequent attempts to trick you that are certain to come.
Tip #1 – Be suspicious of toll-free numbers
Large technology companies have spent millions to prevent you from calling them for help.
It’s just not economically feasible for companies that have millions of users or in Microsoft’s case, over a billion, to pick up the phone whenever someone needs help.
With this in mind, any time you see any error message pop-up on your computer urging you to call a toll-free number, assume it’s a scam.
Tip #2 – Get to know your security software
Knowing what you have installed to protect you from Internet threats will go a long way to helping you quickly sniff out scams. Chances are, you have a third-party program installed to protect you, so take some time to understand what it looks like and how it alerts you.
Tip #3 – Real tech companies don’t answer the phone
Anyone that’s ever tried calling to speak to a human at any large organization is always met by an automated attendant system.
Call routing systems are necessary because call volumes are very high, so when you call a toll-free number for tech support and a real-live human answers, you should always be suspicious (especially if they have a foreign accent).
Tip #4 – Killing the fake message
It may appear that your computer has been locked down, but in most cases you can simply shut down the pop-up to regain control. Windows users can use the Task Manager (Ctrl-Alt-Del to access it) to end the fake task and Mac users can use the Force Quit option to kill the fake session (yes, this Microsoft pop-up can appear on Mac screens as well!).
If all else fails, manually shutdown your computer, then restart it and immediately run the security software you know you installed.
Wed, 4 Jan 2017 00:00:00 +0700It’s that time of year when many households are asking this same question as the new gadgets replace the old ones during the holidays.Electronic devices are one of the most common gifts every year, which results in lots of devices that end up in closets, drawers and garage shelves.The Growing E-waste ProblemUnfortunately, electronic waste (e-waste) continues to be one of the fastest growing municipal waste issues according to the EPA, which means most of it ends up in our landfills.Even though e-waste represents 2% of our trash, it accounts for around 70% of the overall toxic waste in our landfills. With our desire for new devices growing every year, the problem of improperly disposing of our old tech is also growing.Keeping the toxic waste in electronics that include lead, arsenic, cadmium, mercury and many other dangerous chemicals out of our landfills should be important to everyone, but at best we’re only recycling between 15% to 25% of our e-waste because too many people still aren’t aware of the dangers.Repurposing vs. RecyclingRecycling your old electronics isn’t your only option as a better use for them would be to re-purpose them. Just because a device isn’t useful to you anymore, doesn’t mean that it won’t be useful to others.Check with your local schools, churches and local charities, especially if you have older devices like smartphones, computers, printers and tablets that may be a little slow, but still usable.Another option is to make it available to others in your area via the Freecycle website (http://freecycle.org), which is essentially an online version of putting it out on the sidewalk with a sign that says ‘FREE for the taking’.If your old tech isn’t a candidate for repurposing, then finding a responsible recycler to ensure it gets properly processed is critical.Recycling OptionsMany municipalities now have a structured e-waste recycling process, drop off locations or annual events, so start by checking your city or county’s website.The National Cristina Foundation (http://cristina.org) is a great resource for individuals and businesses that have technology that they think can still be of use.The foundation focuses on service providing organizations targeting people with disabilities, students at risk and economically disadvantaged populations through their non-profit locator tool.If you have a cellphone or smartphones that still works, you may be able to trade it in or recycle it with your current wireless carrier.There are a number of companies that will offer to buy your old mobile gadgets like uSell (http://usell.com), Glyde (https://glyde.com) and NextWorth (https://nextworth.com) or you can trade them in for gift cards at Amazon (https://goo.gl/i5Hp3J).The EPA has also put together a list of national companies that offer recycling programs for PCs, televisions and mobile devices: http://goo.gl/sDTUV7The listed companies offer drop-off locations, recycling events or mail-in options.Another list of recycling options for things like batteries, printer ink cartridges and computers is http://www.computerhope.com/disposal.htm.Wipe Your Data FirstBefore you donate or recycle your computers, make sure you take steps to securely wipe your personal data from the hard drives: http://goo.gl/MGyE8f.Your cellphones and smartphones are also loaded with lots of personal information, so make sure you perform a factory reset http://goo.gl/0M07Q9 before getting rid of it.[...]
Wed, 14 Dec 2016 00:00:00 +0700
(image) Whether you currently use a Yahoo email account, used to use one or have never used one, the announcement of 1 billion accounts being compromised in 2013 holds many lessons for everyone.
Yahoo says that no financial information was included in the breach, but username, email addresses, telephone numbers, hashed passwords, birth dates and in some cases answers to security questions were all part of the break in.
Why Email Hacks Are So Desirable
Your email account is the digital key to your kingdom for a variety of reasons, which is why they are so valuable to hackers.
Remember, whenever you (or a hacker) need to reset a forgotten password for just about any online account, the reset instructions get sent to your registered email account.
Another treasure trove is the accumulation of messages that you were sent when you initially signed up for any account, which is a quick way to know what other accounts can be compromised.
Lesson #1: Start getting in the habit of deleting sign-up, notification and reset email messages as soon as you are through with them.
Birthdays & Security Questions
Many sites ask for your birthday as a way to ensure you are old enough to meet their age requirements, but nothing says you have to give them your actual birthday.
Although Yahoo is moving away from security questions as a way to allow you to regain access to an account, the information gathered by the hackers can potentially be used elsewhere.
Questions such as ‘what was your high-school mascot’ are pretty easy to figure out depending on your profile on sites like Facebook and LinkedIn.
Lesson #2: Start lying more; don’t give your actual birthday or use actual researchable answers on security questions.
Additional Security Measures
If you haven’t figured it out already, virtually anything on the Internet is ‘hackable’ and it’s generally just a matter of time for any large online entity.
Setting up password fraud alerts through 2-factor authentication (https://goo.gl/0MhNLG) and using password management programs that ensure that no password is ever used on multiple sites are a good start.
Lesson #3: Assume that everyone you do business with online is going to be breached and act accordingly.
Spear-Phishing Made Easy
Spear-phishing refers to scam emails that are targeted at those that are known to use a specific service.
In this case, if you have a Yahoo email address, it’s pretty easy for scammers to send convincing but fake ‘password reset’ messages to you knowing that you actually have an account.
Lesson #4: Never click on any reset links unless you just asked for a reset message to be sent.
With all the large-scale breaches in the last couple of years, the likelihood is that any password that you’ve been using for years has been compromised.
There are lots of ‘known password’ databases that allow cyber-thieves to compare them to stolen hashed passwords, which is why one breach can lead to so many other accounts being compromised.
Lesson #5: If you’re still using a password that’s been in use for more than a couple of years, change it to something you’ve never used before.
Wed, 7 Dec 2016 00:00:00 +0700
(image) The trend toward shopping online has seen a big jump in the last year with spending in 2016 predicted to be up by 45% over 2015.
There’s no question that online shopping is much more convenient than going to brick and mortar stores but during the holiday shopping season, getting your hands on what you want as early as possible is important.
More of the large retailers are adopting the ‘clicks and bricks’ approach which allows you to buy items online and pick them up at a nearby store if you want that peace of mind.
Don’t Use Your Debit Card
The first thing I’d recommend is avoid using your debit card for online purchases. You’ll still have the same fraud protection that covers credit card transactions, but since it’s tied to your checking account, it can tie up your money while you are sorting things out.
Only your credit line gets tied up when a credit card gets hit with a fraudulent transaction while the money to make your mortgage or car payment gets tied up with fraudulent debit card transactions.
Every major browser offers the ability to create private browsing sessions, which keeps things out of the ‘History’ log and removes any cookies that get placed on your computer when you close the browser.
Using the private browsing option helps with two things that are commonly used these days; Dynamic Pricing and Remarketing.
Dynamic pricing which is also called demand pricing or time-based pricing is an automatic algorithm used by some websites that can provide different prices to different people at different times.
One of the many data points used in dynamic pricing is how many times you’ve looked at the item, even if it was on different websites. Private browsing eliminates this data point as a factor.
The biggest reason to use private sessions is when your computer is shared by your whole family. We’ve all experienced the situation where you went looking for a specific product only to have ads featuring the item then follow you around the Internet and on social media.
This process is called remarketing and it too relies on the cookies that get deposited on your computer. It can become a major spoiler when the rest of your family sees the glaring hints whenever they go online using the same computer.
Money Saving Tips
Once it’s installed, a small ‘h’ will appear in the upper right hand corner of your browser that turns yellow when you visit a site that has an available coupon code.
Another website popular with avid online shoppers is called Ebates because you get cash back for purchases, but unlike many others you can also get cash back from some in-store purchases as well.
Price comparison sites like Price Grabber and Froogle (now Google's shopping engine) – can help you find the best deals but don’t forget to calculate in shipping and handling fees and delivery dates before you click on ‘Buy’!
Wed, 16 Nov 2016 00:00:00 +0700
(image) This election cycle dramatically elevated the use of fake news sites that in the past were generally used to spread malware by infecting unsuspecting visitors.
There were a variety of reasons for creating these sites that ranged from the obvious political influence to making money from the world-wide interest in our candidates.
Savvy Teens in Macedonia
BuzzFeed News reported that they were able to identify at least 140 fake political news websites being run from a single town in Macedonia.
Despite the sites being overwhelmingly pro-Trump, the young tech-savvy creators of the sites said they didn’t care about Trump’s campaign.
Earlier in the year, they claim to have researched the various candidates to see which ones would generate the most traffic as their incentive was purely economic.
Any website that can generate a lot of traffic, can use global marketing platforms like Google’s AdSense to monetize that traffic.
They also learned that the best way to generate traffic to their sites was to use Facebook to spread stories, especially if they were in some way pro-Trump.
The latest word from both Google and Facebook is that they cracking down on fake news sites that attempt to use their advertising platforms from now on.
Google said sites that “misrepresent, misstate, or conceal information about the publisher, the publisher’s content, or the primary purpose” will be kept out of their ad platform.
Facebook said that it already banned apps and sites with “illegal, misleading, or deceptive” content but they updated their policy to “explicitly clarify that this applies to fake news.”
This by no means will be the end of seeing questionable news sites in your Facebook News Feed or in Google search results, so we all need to sharpen our skills.
Sniffing Out Fake News Stories
The first thing to pay attention to is the web address of the site that is reporting the story, especially if a two-character country code is added to the end (Example: abcnews.com.co)
With the speed at which news travels across the Internet, doing a quick Google search by using the headline as the search parameter should provide plenty of help.
If the story only appears on sites you’ve never heard of, it’s the first sign that you should be suspicious.
Questionable headlines will likely have search results that include sites like Snopes and HoaxBusters that provide some context to the lack of credibility.
Web tools such as Web of Trust can also quickly provide warnings of questionable sites.
What Else Can You Do?
Both Google and Facebook will be using various algorithms and machine learning to help with the task, but Facebook users can help by posting fact-checking links that debunk stories in the comments section, which will help the algorithm.
Facebook users can also click on the v-shaped icon in the upper right corner of any post to hide all posts from that source or unfollow the person that shared the story to prevent future junk posts from appearing in your news feed.
News aggregators like News360 present news stories and includes how many news organizations reported on that specific story with an easy way to read the story from any or all of the sources.
Wed, 26 Oct 2016 00:00:00 +0700
(image) Browser security should be on the top of everyone’s mind these days, as it’s one of the most likely ways you’ll be compromised.
Cyber-thieves know we spend most of our time on the Internet, so they’ve shifted their focus from just exploiting your OS (Windows, MacOS, etc.) to exploiting browsers in conjunction with operating systems and utilities.
Computer security has definitely improved over the years, so hackers have had to implement a ‘blended attack’ approach to compromise users.
Instead of exploiting one program or utility, they use a combination of attacks on various known vulnerabilities in the most commonly used programs to improve their chances of success and to gain deeper access.
Your web browser is often the first item on the list in these blended threats.
Measuring Security in Browsers
There are a number of things to consider when evaluating browser security, but none of them points to the absolute best browser for everyone to use.
Security and usability can often be at odds; the most secure options can be more difficult to use and the easiest to use can often be the least secure.
With browsers, the most secure options are generally the ones that strip features out or employ tactics that results in noticeably slower performance.
There is no such thing as a 100% secure web browser, so you need to find the balance between security and usability that best suits your needs.
One measure of security you may want to consider is how often the browser is updated, since the update interval represents the amount time hackers can exploit a known vulnerability before it’s patched.
Here are the standard update intervals for the most popular browsers:
Microsoft Internet Explorer and Edge – 30 days
Google Chrome – 15 days
Mozilla Firefox – 28 days
Apple Safari – 54 days
Opera – 48 days
Security Through Obscurity
The term ‘security through obscurity’ is often used to describe how lesser used technology can be more secure only because they’re less targeted by hackers.
The most popular browsers have the largest number of known vulnerabilities because cyber-thieves are willing to spend more time trying to exploit a tool they know hundreds of millions of people are using.
One of the reasons that Safari and Opera have longer update intervals is that they have fewer vulnerabilities (and users) than the others, which many would suggest is a great example of ‘security through obscurity’.
Vulnerability counts by themselves don’t really say much as the severity and complexity required to exploit them means a lot more.
At a recent hacking contest called Pwn2Own, Google Chrome came out as the most difficult to exploit, while Apple Safari and Microsoft Edge didn’t fare as well (Opera and Firefox were not part of this competition).
What’s Really Important
Focusing on browser security is kind of pointless if you aren’t keeping everything else in your system updated as well.
Here’s the biggest problem we regularly see - risky online behavior can negate most anything you do from a security standpoint, so surfer beware!
Thu, 20 Oct 2016 00:00:00 +0700
(image) With all the exploding battery stories surrounding the Samsung Galaxy Note 7, there seems to be a heightened awareness of battery issues, which is actually a good thing.
Lithium Ion batteries are in just about every rechargeable device we own and there have been many instances of them catching on fire in everything from laptops to hover boards to Tesla cars and even Boeing’s 787 Dreamliner.
In fact, there have been over 40 recalls by the Consumer Product Safety Commission since 2002 for products with defective lithium ion batteries.
Despite all of the stories of exploding batteries, it’s actually quite rare when you take into consideration the number of devices we all have with lithium ion batteries.
Why Batteries Catch Fire
The very nature of how they work is also what subjects them to becoming a fire hazard.
There is a potential for a ‘thermal runaway’ chain reaction whenever the battery becomes overheated, so keeping any device as cool as possible is important.
Well made batteries have safety features built into the battery itself to prevent overcharging and overheating, which is why exploding batteries are relatively rare.
The biggest mistake that most people make when using or charging a device with a lithium ion battery is contributing to the overheating.
For example, using a laptop for extended periods on a soft surface, like a pillow or comforter usually blocks off any air vents and acts like an insulator, which keeps the heat from dissipating.
This scenario can be even more hazardous if you’re charging the laptop at the same time as charging always generates additional heat.
If your device has been exposed to direct sunlight and is hot to the touch, you should wait until it reaches room temperature before attempting to recharge it.
Using the wrong charger to recharge your battery is another major contributor to problems, especially when too much energy is passed during the charging process.
If you ever lose your charger, it’s always safest to replace it with the original manufacturers replacement instead of a third-party charger.
To date, I’m not aware of any portable chargers that have been recalled because of a battery defect, but knowing that the design of the unit is a critical factor, I’d suggest you stick to name brand chargers.
Choosing a Charger
A portable battery’s capacity is rated in milliamps hours or mAh and amperage (A) with the higher the numbers, the more capacity it has to charge your devices.
Generally speaking, the higher the capacity, the larger the battery as well so finding the right combination of size and capacity is key.
Start by determining the battery capacity of the item(s) you want to charge and then divide the capacity of the portable charger by that number to determine how many charges you can expect.
If you plan on charging larger devices, like a tablet, you’ll also need to make sure the amperage is high enough to get the job done (usually 2A).
Wed, 12 Oct 2016 00:00:00 +0700In my more than 20 years providing data recovery services, it’s obvious that there’s as much confusion about backing up critical data as there has ever been.Our data recovery division sees the results of this confusion on a daily basis as most of the conversations start with ‘I thought…’The concept of backing up isn’t the confusing part, it’s the implementation where most people end up failing to protect themselves.External Drive: Pros and ConsOne of the most common backup methods is to connect an external hard drive to your computer and setup a backup program to make copies.Unfortunately, far too many people buy what is labeled a backup drive, connect it to their computer and start saving their important files directly to the drive.Backup implies that there is more than one copy, which isn’t the case when files are saved directly to the external drive.Another mistake with external drives we see is that no automatic scheduling is setup, so it’s on the user to remember to manually run a backup every time. As time goes on, the ‘I’ll get around to it tomorrow’ behavior takes over and it gets forgotten.‘My computer was brand new, so I didn't think the hard drive would crash’ is another common statement we hear.Another potential issue with the external drive configuration, especially with laptops is that it needs to be plugged in when the automated backup tries to run.External backups aren’t great at protecting against theft, fire, flood or the growing threat of ransomware because what impacts your computer also impacts your backup drive.Online Backup: Pros and ConsWhen high-speed always-on Internet connections became commonplace, pushing your critical data to the cloud become practical.Unlike most external hard drive backups, online backups are automatically encrypted so that even if someone gains access to your data, it’s not directly readable.More: (Are online backup services safe? https://goo.gl/O6Y63o) Online backup companies are also in the cyber-security business, so they’re more likely to be aware of emerging threats than the average user trying to protect themselves at home.With external backups, there is a one-time cost, while online backup services have annual fees, so over time, it’ll will cost more to use an online backup.Online backup services provide superior protection against ransomware because they aren’t directly attached to your computer, which doesn’t allow the malware to infect your backup files.Most online services also include file ‘versioning’ meaning it keeps multiple copies of changed files, which can be really helpful when you accidentally over-write a file and don’t realize it for a while.3-2-1 Backup StrategyThe very best backup strategy incorporates 3 copies of your data on at least 2 different devices with at least 1 of them off-site.If you’re really interested in protecting your critical data, your best bet is to use both an external hard drive and online backup service, like Carbonite (https://goo.gl/ckDEQJ).Data recovery services can get really expensive and sophisticated ransomware encryption is unbreakable forcing many to pay the ransom, so having extra layers of protection can save you a lot of money and heartache.[...]
Wed, 28 Sep 2016 00:00:00 +0700
(image) Since water damage is one of the most common problems experienced by so many, getting a phone that can protect itself makes sense.
The technical definition of water resistant is that it’s able to resist the penetration of water to a certain degree but not entirely.
Waterproof technically means that it’s impermeable to water, no matter how much time it spends in water.
Unfortunately, these terms are thrown around as if they were interchangeable by so many.
With Apple throwing it’s ‘water-resistant’ hat in the ring with the iPhone 7, joining others like Samsung, Sony, Motorola and Kyocera, understanding the technical differences is helpful.
What the ‘IP’ Rating Means
Today’s smartphones generally have certifications published when it comes to resisting the elements signified by ratings such as IP67 or IP68.
The IP marking for International Protection or Ingress Protection (depending upon who you ask) is followed by two numbers.
The first number designates its ingress protection against solids, such as dust with numbers ranging from 0 to 6 (the higher the number, the better the protection).
When you see a 6 for the first number, then the smartphone is ‘Dust Tight’ which means it’s completely protected against contact with dust.
Having this rating an be important for hikers, mountain bikers or anyone that wants to use their smartphone in dusty environments.
The second number refers to the ingress protection against liquids, with numbers that can range from 0-9 (again, higher is better).
Can I Swin With My Smartphone?
Apple’s recent iPhone 7 announcement included news that it was water-resistant with a certification of IP67.
This means that it’s completely dust-proof and it can technically be submersed in water of up to 1 meter (@3 feet) for a duration of up to 30 minutes.
Many Samsung and Sony smartphones have an IP68 rating, which technically means that they are completely dust-proof and water-resistant in depths ranging from 1 to 3 meters for a duration as determined by the manufacturer (usually 30 minutes).
These descriptions may make it sound like you can use your smartphone in the pool to take underwater pictures, but none of the manufacturers will recommend it.
The actual laboratory tests are done with smartphones in standby mode, meaning they aren’t being used in any way during the tests.
What it does tell you is that with either an IP67 or IP68 rating, if you get pushed into the pool with your smartphone, the chances of its survival are very high.
I’ve actually owned a Sony Xperia Z3 for years, which was one of the first consumer handsets designed to be water-resistant and the few times that it has been in water, it’s done just fine.
If water gets on the screen while it’s active, it’s not going to respond like it normally would because water conducts electricity just like your finger which is why using it underwater isn’t recommended.
Another thing to keep in mind is if the screen on a water-resistant phone gets cracked, replacing it will likely break the factory seal that protected it, so it will no longer be water-resistant.
Wed, 7 Sep 2016 00:00:00 +0700
(image) With the unveiling of the iPhone 7, the usual chatter about the latest features seems to be dominated by this seemingly odd design decision.
It would appear that Apple will eliminate the traditional 3.5mm analog headphone jack on all of its new devices in favor of the Lightning connector or their new proprietary wireless technology.
They actually aren’t the first smartphone maker to make this decision as Chinese manufacturer LeEco and the Moto Z line from Lenovo (formerly Motorola) have already eliminated the headphone jack.
The iPhone 7 will ship with Lightning earbuds and a special ‘dongle’ that converts the lighting connector at the bottom to a standard headphone jack so you can still use older headphones.
Apple wants to get away from analog technology that was created in the 1960’s and use a more advanced digital audio output.
The Lightning connector at the bottom of the phone is capable of providing more than just a way to charge the iPhone and digital audio is just one option.
While the new Lightning headphones are certainly capable of delivering higher fidelity audio, I’m not sure the average listener will hear the difference, especially if the quality of the audio file isn’t all that great.
Many companies, including Apple, are trying to roll out higher fidelity music services, so having higher fidelity headphones is a natural part of their strategy.
More Room Inside
Another benefit of getting rid of the headphone jack is that it frees up space inside the phone itself. Space is extremely tight in all smartphones, so every millimeter counts, especially when it comes to something as large as a 3.5 mm headphone jack.
That extra space can be devoted to larger screens, bigger batteries, better antennas or a slimmer form factor.
The Wireless Future
We must remember that Apple was the first computer company to get rid of floppy disk drives and CD/DVD drives in their computers and in the name of innovation, the headphone jack had to go.
Unveiled along with the iPhone 7 were the new AirPod wireless earbuds, which uses proprietary wireless technology and will sell for $159.
Apple knew that relying on the current Bluetooth standard for wireless audio would be too problematic, so they chose to create their own wireless connectivity technology to make thing easier and more reliable.
3 Billion More Reasons
Many analysts scratched their heads when Apple agreed to pay $3 billion to acquire headphone maker Beats, but it’s now a little clearer how they plan to leverage that acquisition.
Whether you end up using Lightning headphones or the wireless earbuds, they’re both going to be more expensive than traditional headphones which plays right into Apple’s ‘premium products’ strategy.
Some of the initial concerns being voiced over this radical change include the inability to listen to music while charging the phone, owning headphones that only work on Apple devices, losing the special dongle or if you opt for the expensive wireless earbuds, losing them (they aren’t much bigger than traditional hearing aids) and having yet another thing to remember to recharge.