Wed, 16 Nov 2016 00:00:00 +0700
(image) This election cycle dramatically elevated the use of fake news sites that in the past were generally used to spread malware by infecting unsuspecting visitors.
There were a variety of reasons for creating these sites that ranged from the obvious political influence to making money from the world-wide interest in our candidates.
Savvy Teens in Macedonia
BuzzFeed News reported that they were able to identify at least 140 fake political news websites being run from a single town in Macedonia.
Despite the sites being overwhelmingly pro-Trump, the young tech-savvy creators of the sites said they didn’t care about Trump’s campaign.
Earlier in the year, they claim to have researched the various candidates to see which ones would generate the most traffic as their incentive was purely economic.
Any website that can generate a lot of traffic, can use global marketing platforms like Google’s AdSense to monetize that traffic.
They also learned that the best way to generate traffic to their sites was to use Facebook to spread stories, especially if they were in some way pro-Trump.
The latest word from both Google and Facebook is that they cracking down on fake news sites that attempt to use their advertising platforms from now on.
Google said sites that “misrepresent, misstate, or conceal information about the publisher, the publisher’s content, or the primary purpose” will be kept out of their ad platform.
Facebook said that it already banned apps and sites with “illegal, misleading, or deceptive” content but they updated their policy to “explicitly clarify that this applies to fake news.”
This by no means will be the end of seeing questionable news sites in your Facebook News Feed or in Google search results, so we all need to sharpen our skills.
Sniffing Out Fake News Stories
The first thing to pay attention to is the web address of the site that is reporting the story, especially if a two-character country code is added to the end (Example: abcnews.com.co)
With the speed at which news travels across the Internet, doing a quick Google search by using the headline as the search parameter should provide plenty of help.
If the story only appears on sites you’ve never heard of, it’s the first sign that you should be suspicious.
Questionable headlines will likely have search results that include sites like Snopes and HoaxBusters that provide some context to the lack of credibility.
Web tools such as Web of Trust can also quickly provide warnings of questionable sites.
What Else Can You Do?
Both Google and Facebook will be using various algorithms and machine learning to help with the task, but Facebook users can help by posting fact-checking links that debunk stories in the comments section, which will help the algorithm.
Facebook users can also click on the v-shaped icon in the upper right corner of any post to hide all posts from that source or unfollow the person that shared the story to prevent future junk posts from appearing in your news feed.
News aggregators like News360 present news stories and includes how many news organizations reported on that specific story with an easy way to read the story from any or all of the sources.
Wed, 26 Oct 2016 00:00:00 +0700
(image) Browser security should be on the top of everyone’s mind these days, as it’s one of the most likely ways you’ll be compromised.
Cyber-thieves know we spend most of our time on the Internet, so they’ve shifted their focus from just exploiting your OS (Windows, MacOS, etc.) to exploiting browsers in conjunction with operating systems and utilities.
Computer security has definitely improved over the years, so hackers have had to implement a ‘blended attack’ approach to compromise users.
Instead of exploiting one program or utility, they use a combination of attacks on various known vulnerabilities in the most commonly used programs to improve their chances of success and to gain deeper access.
Your web browser is often the first item on the list in these blended threats.
Measuring Security in Browsers
There are a number of things to consider when evaluating browser security, but none of them points to the absolute best browser for everyone to use.
Security and usability can often be at odds; the most secure options can be more difficult to use and the easiest to use can often be the least secure.
With browsers, the most secure options are generally the ones that strip features out or employ tactics that results in noticeably slower performance.
There is no such thing as a 100% secure web browser, so you need to find the balance between security and usability that best suits your needs.
One measure of security you may want to consider is how often the browser is updated, since the update interval represents the amount time hackers can exploit a known vulnerability before it’s patched.
Here are the standard update intervals for the most popular browsers:
Microsoft Internet Explorer and Edge – 30 days
Google Chrome – 15 days
Mozilla Firefox – 28 days
Apple Safari – 54 days
Opera – 48 days
Security Through Obscurity
The term ‘security through obscurity’ is often used to describe how lesser used technology can be more secure only because they’re less targeted by hackers.
The most popular browsers have the largest number of known vulnerabilities because cyber-thieves are willing to spend more time trying to exploit a tool they know hundreds of millions of people are using.
One of the reasons that Safari and Opera have longer update intervals is that they have fewer vulnerabilities (and users) than the others, which many would suggest is a great example of ‘security through obscurity’.
Vulnerability counts by themselves don’t really say much as the severity and complexity required to exploit them means a lot more.
At a recent hacking contest called Pwn2Own, Google Chrome came out as the most difficult to exploit, while Apple Safari and Microsoft Edge didn’t fare as well (Opera and Firefox were not part of this competition).
What’s Really Important
Focusing on browser security is kind of pointless if you aren’t keeping everything else in your system updated as well.
Here’s the biggest problem we regularly see - risky online behavior can negate most anything you do from a security standpoint, so surfer beware!
Thu, 20 Oct 2016 00:00:00 +0700
(image) With all the exploding battery stories surrounding the Samsung Galaxy Note 7, there seems to be a heightened awareness of battery issues, which is actually a good thing.
Lithium Ion batteries are in just about every rechargeable device we own and there have been many instances of them catching on fire in everything from laptops to hover boards to Tesla cars and even Boeing’s 787 Dreamliner.
In fact, there have been over 40 recalls by the Consumer Product Safety Commission since 2002 for products with defective lithium ion batteries.
Despite all of the stories of exploding batteries, it’s actually quite rare when you take into consideration the number of devices we all have with lithium ion batteries.
Why Batteries Catch Fire
The very nature of how they work is also what subjects them to becoming a fire hazard.
There is a potential for a ‘thermal runaway’ chain reaction whenever the battery becomes overheated, so keeping any device as cool as possible is important.
Well made batteries have safety features built into the battery itself to prevent overcharging and overheating, which is why exploding batteries are relatively rare.
The biggest mistake that most people make when using or charging a device with a lithium ion battery is contributing to the overheating.
For example, using a laptop for extended periods on a soft surface, like a pillow or comforter usually blocks off any air vents and acts like an insulator, which keeps the heat from dissipating.
This scenario can be even more hazardous if you’re charging the laptop at the same time as charging always generates additional heat.
If your device has been exposed to direct sunlight and is hot to the touch, you should wait until it reaches room temperature before attempting to recharge it.
Using the wrong charger to recharge your battery is another major contributor to problems, especially when too much energy is passed during the charging process.
If you ever lose your charger, it’s always safest to replace it with the original manufacturers replacement instead of a third-party charger.
To date, I’m not aware of any portable chargers that have been recalled because of a battery defect, but knowing that the design of the unit is a critical factor, I’d suggest you stick to name brand chargers.
Choosing a Charger
A portable battery’s capacity is rated in milliamps hours or mAh and amperage (A) with the higher the numbers, the more capacity it has to charge your devices.
Generally speaking, the higher the capacity, the larger the battery as well so finding the right combination of size and capacity is key.
Start by determining the battery capacity of the item(s) you want to charge and then divide the capacity of the portable charger by that number to determine how many charges you can expect.
If you plan on charging larger devices, like a tablet, you’ll also need to make sure the amperage is high enough to get the job done (usually 2A).
Wed, 12 Oct 2016 00:00:00 +0700In my more than 20 years providing data recovery services, it’s obvious that there’s as much confusion about backing up critical data as there has ever been.Our data recovery division sees the results of this confusion on a daily basis as most of the conversations start with ‘I thought…’The concept of backing up isn’t the confusing part, it’s the implementation where most people end up failing to protect themselves.External Drive: Pros and ConsOne of the most common backup methods is to connect an external hard drive to your computer and setup a backup program to make copies.Unfortunately, far too many people buy what is labeled a backup drive, connect it to their computer and start saving their important files directly to the drive.Backup implies that there is more than one copy, which isn’t the case when files are saved directly to the external drive.Another mistake with external drives we see is that no automatic scheduling is setup, so it’s on the user to remember to manually run a backup every time. As time goes on, the ‘I’ll get around to it tomorrow’ behavior takes over and it gets forgotten.‘My computer was brand new, so I didn't think the hard drive would crash’ is another common statement we hear.Another potential issue with the external drive configuration, especially with laptops is that it needs to be plugged in when the automated backup tries to run.External backups aren’t great at protecting against theft, fire, flood or the growing threat of ransomware because what impacts your computer also impacts your backup drive.Online Backup: Pros and ConsWhen high-speed always-on Internet connections became commonplace, pushing your critical data to the cloud become practical.Unlike most external hard drive backups, online backups are automatically encrypted so that even if someone gains access to your data, it’s not directly readable.More: (Are online backup services safe? https://goo.gl/O6Y63o) Online backup companies are also in the cyber-security business, so they’re more likely to be aware of emerging threats than the average user trying to protect themselves at home.With external backups, there is a one-time cost, while online backup services have annual fees, so over time, it’ll will cost more to use an online backup.Online backup services provide superior protection against ransomware because they aren’t directly attached to your computer, which doesn’t allow the malware to infect your backup files.Most online services also include file ‘versioning’ meaning it keeps multiple copies of changed files, which can be really helpful when you accidentally over-write a file and don’t realize it for a while.3-2-1 Backup StrategyThe very best backup strategy incorporates 3 copies of your data on at least 2 different devices with at least 1 of them off-site.If you’re really interested in protecting your critical data, your best bet is to use both an external hard drive and online backup service, like Carbonite (https://goo.gl/ckDEQJ).Data recovery services can get really expensive and sophisticated ransomware encryption is unbreakable forcing many to pay the ransom, so having extra layers of protection can save you a lot of money and heartache.[...]
Wed, 28 Sep 2016 00:00:00 +0700
(image) Since water damage is one of the most common problems experienced by so many, getting a phone that can protect itself makes sense.
The technical definition of water resistant is that it’s able to resist the penetration of water to a certain degree but not entirely.
Waterproof technically means that it’s impermeable to water, no matter how much time it spends in water.
Unfortunately, these terms are thrown around as if they were interchangeable by so many.
With Apple throwing it’s ‘water-resistant’ hat in the ring with the iPhone 7, joining others like Samsung, Sony, Motorola and Kyocera, understanding the technical differences is helpful.
What the ‘IP’ Rating Means
Today’s smartphones generally have certifications published when it comes to resisting the elements signified by ratings such as IP67 or IP68.
The IP marking for International Protection or Ingress Protection (depending upon who you ask) is followed by two numbers.
The first number designates its ingress protection against solids, such as dust with numbers ranging from 0 to 6 (the higher the number, the better the protection).
When you see a 6 for the first number, then the smartphone is ‘Dust Tight’ which means it’s completely protected against contact with dust.
Having this rating an be important for hikers, mountain bikers or anyone that wants to use their smartphone in dusty environments.
The second number refers to the ingress protection against liquids, with numbers that can range from 0-9 (again, higher is better).
Can I Swin With My Smartphone?
Apple’s recent iPhone 7 announcement included news that it was water-resistant with a certification of IP67.
This means that it’s completely dust-proof and it can technically be submersed in water of up to 1 meter (@3 feet) for a duration of up to 30 minutes.
Many Samsung and Sony smartphones have an IP68 rating, which technically means that they are completely dust-proof and water-resistant in depths ranging from 1 to 3 meters for a duration as determined by the manufacturer (usually 30 minutes).
These descriptions may make it sound like you can use your smartphone in the pool to take underwater pictures, but none of the manufacturers will recommend it.
The actual laboratory tests are done with smartphones in standby mode, meaning they aren’t being used in any way during the tests.
What it does tell you is that with either an IP67 or IP68 rating, if you get pushed into the pool with your smartphone, the chances of its survival are very high.
I’ve actually owned a Sony Xperia Z3 for years, which was one of the first consumer handsets designed to be water-resistant and the few times that it has been in water, it’s done just fine.
If water gets on the screen while it’s active, it’s not going to respond like it normally would because water conducts electricity just like your finger which is why using it underwater isn’t recommended.
Another thing to keep in mind is if the screen on a water-resistant phone gets cracked, replacing it will likely break the factory seal that protected it, so it will no longer be water-resistant.
Wed, 7 Sep 2016 00:00:00 +0700
(image) With the unveiling of the iPhone 7, the usual chatter about the latest features seems to be dominated by this seemingly odd design decision.
It would appear that Apple will eliminate the traditional 3.5mm analog headphone jack on all of its new devices in favor of the Lightning connector or their new proprietary wireless technology.
They actually aren’t the first smartphone maker to make this decision as Chinese manufacturer LeEco and the Moto Z line from Lenovo (formerly Motorola) have already eliminated the headphone jack.
The iPhone 7 will ship with Lightning earbuds and a special ‘dongle’ that converts the lighting connector at the bottom to a standard headphone jack so you can still use older headphones.
Apple wants to get away from analog technology that was created in the 1960’s and use a more advanced digital audio output.
The Lightning connector at the bottom of the phone is capable of providing more than just a way to charge the iPhone and digital audio is just one option.
While the new Lightning headphones are certainly capable of delivering higher fidelity audio, I’m not sure the average listener will hear the difference, especially if the quality of the audio file isn’t all that great.
Many companies, including Apple, are trying to roll out higher fidelity music services, so having higher fidelity headphones is a natural part of their strategy.
More Room Inside
Another benefit of getting rid of the headphone jack is that it frees up space inside the phone itself. Space is extremely tight in all smartphones, so every millimeter counts, especially when it comes to something as large as a 3.5 mm headphone jack.
That extra space can be devoted to larger screens, bigger batteries, better antennas or a slimmer form factor.
The Wireless Future
We must remember that Apple was the first computer company to get rid of floppy disk drives and CD/DVD drives in their computers and in the name of innovation, the headphone jack had to go.
Unveiled along with the iPhone 7 were the new AirPod wireless earbuds, which uses proprietary wireless technology and will sell for $159.
Apple knew that relying on the current Bluetooth standard for wireless audio would be too problematic, so they chose to create their own wireless connectivity technology to make thing easier and more reliable.
3 Billion More Reasons
Many analysts scratched their heads when Apple agreed to pay $3 billion to acquire headphone maker Beats, but it’s now a little clearer how they plan to leverage that acquisition.
Whether you end up using Lightning headphones or the wireless earbuds, they’re both going to be more expensive than traditional headphones which plays right into Apple’s ‘premium products’ strategy.
Some of the initial concerns being voiced over this radical change include the inability to listen to music while charging the phone, owning headphones that only work on Apple devices, losing the special dongle or if you opt for the expensive wireless earbuds, losing them (they aren’t much bigger than traditional hearing aids) and having yet another thing to remember to recharge.
Wed, 31 Aug 2016 00:00:00 +0700
(image) Since its humble beginnings in the 1950’s, voice recognition technology has made great strides over the years, but there are still many challenges to making it work the way most people envision is should work.
Managing your expectations about what it can and can’t do will have as much impact on your success as the technology itself.
If you’re looking for the kind of perfection portrayed in sci-fi movies, don’t bother looking at anything that’s commercially available just yet. Frankly, I’m not sure we’ll ever see an error free speech-to-text recognition system any time soon.
Understanding Accuracy Claims
You’ll likely see various claims being made about the accuracy rate of today’s technology, but keep in mind, a 90% accuracy rate means that every 10th word could be wrong. Even at 95% accuracy every 20th word could be wrong.
This means you’ll always have to spend time reviewing and correcting anything you generate, especially when it comes to things like homonyms and punctuation.
If you’re okay with that, then you’re ready for the next step.
Hardware Is Crucial
Everything starts with the microphone that generates the sound patterns that the software will attempt to recognize, so trying to use the built-in mic on a laptop or webcam isn’t going to cut it.
Ambient noise can make recognition even tougher than it already is, so you’ll need to invest in a decent headset mic so you’re providing the program with the cleanest audio possible.
Cadence Is Key
To get started with any voice recognition program, you always have to go through a training process so the software can get to know your voice and, more importantly, you train yourself on how to talk to the program.
Your cadence is the first thing you’ll need to change, because speaking to the program like you would to another human being is going to generate more errors.
This one area is where I’ve seen most people give up, because they aren’t willing to go through the learning/training curve in order to make the system provide a reasonable level of productivity.
Let’s face it, if you’re spending as much time cleaning up errors as it would have taken to type it out in the first place, it’s pointless.
Start With What You Already Have
You most likely already have voice recognition capabilities in your computer if the OS is reasonably recent.
Mac users can follow these instructions http://goo.gl/vQu4x2 to try using the Dictation tool that’s built in, while Windows 7, 8 and 10 users can go to the Control Panel and click on Ease of Access then Speech Recognition to turn it on.
None of these built-in technologies will compare with what most consider the industry leading software from Nuance called Dragon Naturally Speaking (http://goo.gl/yU6IbJ) which can range from $75 to $500.
Nuance also offers a smartphone app called Dragon Anywhere that you can try out for free to see if using your mobile devices works better for you.
Wed, 24 Aug 2016 00:00:00 +0700
(image) A recent decision issued by the Ninth Circuit Court of Appeals is just the latest story to take on a life of its own because of the incessant need to create ‘clickbait’ across the Internet these days.
Headlines claiming that “’sharing your Netflix password is now a federal crime” seem to be lingering thanks to social media.
What the court ruled on was that sharing your passwords can be grounds for prosecution under the Computer Fraud and Abuse Act, but the case was specifically ruling on unauthorized access by a former employee after the company had revoked his access to a protected system.
The former employee left the company to start a competing business and got a current employee to share her password so he could continue to access company records himself.
The majority opinion stated that the case was about stealing intellectual property and not about password sharing, but a dissenting judge disagreed.
This is apparently where the rumor mill started that evolved into the salacious headlines that you may have seen shared on Facebook or Twitter.
No part of this ruling directly addresses password sharing of your streaming services, although one of the judges did try to address the unintended consequences of the ruling because it was so broad.
What it does signal is that it’s now easier for businesses to go after current and former employees for sharing access credentials to protected systems with this ruling.
Most companies like Netflix, Hulu Plus and HBO have viewed password sharing as a viral marketing tool and wouldn’t be likely to ‘go after users’ even if this ruling does get interpreted in that way.
What can get you in trouble is if you sell your credentials to others, but simply sharing your credentials with a friend or family member isn’t suddenly a federal crime.
Netflix provided Snopes.com with this response to their inquiry into password sharing: “Netflix members can create up to five profiles on each account and the only limit is on how many devices that can be used to access Netflix at the same time, which is by plans. The $11.99 plan allows four devices to stream at the same time; the $9.99 plan allows two. As long as they aren't selling them, members can use their passwords however they please.”
Other services like Amazon have guidelines for sharing Prime Benefits by creating an Amazon Household posted here: http://goo.gl/jahmbg.
Cord cutting millennials that are no longer at home use their parent’s password so they can watch popular shows like Game of Thrones and HBO is well aware of that.
HBO’s CEO Richard Plepler told Buzzfeed last year ““It’s not that we’re unmindful of it, it just has no impact on the business.” In many ways it’s a “terrific marketing vehicle for the next generation of viewers,” he said, noting that it could potentially lead to more subscribers in the future.
You can expect things to change as streaming services grow in popularity, but for now, you don’t have to worry about the Feds knocking down your door because you shared your Netflix password.
Wed, 17 Aug 2016 00:00:00 +0700
(image) Passwords tend to be the only thing separating criminals and thieves from our online accounts, which is why they spend so much time creating sophisticated means in which to compromise them.
Just about all the advice you’ll ever hear about creating ‘strong passwords’ is generally designed to thwart sophisticated guessing schemes commonly referred to as ‘brute-force attacks’.
Brute-force attacks, which are generally performed off-line by high-speed computer networks, are a systematic process of trying every possible combination of letters, numbers and special characters until the correct combination is figured out.
Long, complex passwords are the best way to combat this type of attack.
Understanding Brute-Force Attacks
If you were to only use 2 characters for your password, you can see how a high-speed computer could guess every possible combination in the blink of an eye.
In fact, the Gibson Research Password Haystack Tool (https://grc.com/haystack) suggests that any 2-character password can be broken in 0.0000000000354 seconds or less.
Each additional character that you add exponentially increases the number of possible combinations, so the longer your password is, the longer it will take for a brute-force attack to be successful.
Most of you have been trained to use complex 8 character passwords, which are hard for you to remember and easy for attackers to crack. With today’s sophisticated password cracking technology, GRC’s tool suggest it’ll take just over 1 minute to break any 8 character password, no matter what combination of characters you use.
By stretching the password to 10 characters, that 1-minute goes to 1-week, as long as you have included uppercase characters, numbers and special characters.
Use Passphrases, Not Passwords
If you don’t follow the guidance on using all the required characters, the number of possible combinations drops exponentially.
For instance, the time that it takes to crack a complex 10-character password that does not include an upper case letter goes from 1-week down to just over 6 hours.
The key to creating strong complex passwords that you can remember is to stop using passwords and start using passphrases.
My go-to example of ‘I H8te Passwords!’ is a 17-character passphrase (including spaces) that GRC’s tool suggests would take 13.44 billion centuries to crack.
By creating a passphrase that is personal to you, you have a much better chance of creating a long complex password that you can easily remember.
For example, I’m Going To Aruba in 2017! is 27 characters long and uses all the required characters. Some sites don’t allow you to use spaces, but it would still be 22-characters long.
I personally shoot for at least 12-character passphrases these days, knowing that brute-force cracking technology is going to get faster as time goes on.
If time wasn’t a factor, any password of any length can eventually be broken, but time is a factor with cyber-thieves, so make yours long and complex enough so that your accounts aren’t worth their time.
Wed, 10 Aug 2016 00:00:00 +0700Passwords are often referred to as the weakest link in security by many cyber-security professionals primarily because of the human element.Most systems require users to include upper and lower case letters, at least one number and in some cases, at least one special character.Human behavior is very predictable by sophisticated hackers and when left to their own abilities, the average user will create weak passwords that are easy to break because it’s just not an intuitive process.With this in mind, many researchers are suggesting that forcing users to regularly change their passwords, which is common in corporate settings, can actually encourage the creation of weaker passwords.Creating strong passwords for each of your accounts is hard enough, so forcing users to regularly come up with new ones tends to create an environment where human nature takes over.It Makes Technical SenseFrom a purely technical viewpoint, regularly changing passwords makes sense as it renders compromised passwords useless, but it ignores the reality that humans are involved.Several researchers have published studies over the years warning of the unintended consequences of regularly forced password changes and one of the more prominent figures to speak out on this common practice is the Chief Technologist for the FTC, Lorrie Cranor.Her FTC blog titled “Time to rethink mandatory password changes” (https://goo.gl/MerJfN) points to a UNC research paper that showed users tend to use predictable patterns they call ‘transformations’ (like just adding the next number) when regularly required to change passwords.Cyber-thieves know that this behavior is common and have been using password cracking tools that can guess the highest probability for new passwords based on old passwords that have been compromised.This common human behavior can render the technical benefits of forced password changes useless because cracking the ‘new password’ can actually be made easier over time through pattern recognition.When You Should Change PasswordsLarge scale data compromises seem to be in the news just about every week and whenever a company that you do business with has been compromised, you should immediately change your password.Likewise, if your company knows that an outsider may have gained access to their network, forcing everyone to change their passwords is a no-brainer.If you discover that your computer has been infected with malware, especially since often times, one infection can lead to many others, you should change your online passwords from another computer or after your computer has been disinfected as a precaution.A Better Security MeasureSince data breaches and malware are a fact of life these days, assuming that your password is going to be compromised at some point is a good strategy.Activating 2-factor authentication or login approvals (How to Setup Password Fraud Alerts: http://goo.gl/SCa64p) on all of your online accounts provides you with an extra layer of protection when the inevitable occurs.Virtually every major online service offers this protection and it’s far more effective than regularly changing your passwords because it prevents thieves from gaining access even if they do steal your passwords.[...]