Wed, 22 Mar 2017 00:00:00 +0700
(image) Smart or connected devices such as doorbell cameras, thermostats and home security webcams are growing in popularity, with estimates that over 24 billion internet-connected devices will be installed by 2020.
If you plan on installing these devices in your home or business, understanding the security issues is pretty important.
IoT - The Internet of Things
Often referred to as the ‘Internet of Things’, these everyday items generally incorporate Internet connections to allow for remote access, monitoring and control.
Getting alerts on your smartphone whenever a webcam detects motion or when someone rings your doorbell as well as having finite control over your thermostat and lighting from just about anywhere has tremendous appeal.
As someone who loves to travel, I personally love the added benefits as they provide pinpoint control as long as you have an Internet connection.
Access is Access
The thing to keep in mind is that if you can access your devices from outside your home, technically, so can anyone else.
The Internet is one huge global network of devices all connected to each other, so you can be next door or on the other side of the ocean and have the same access.
The primary thing keeping unauthorized users from accessing anything you install on your network is whatever security has been setup by that device.
The Default Password Problem
Usernames and passwords are the primary line of defense you have against unauthorized access and making sure they are secure is always your first task.
There have been lots of stories over the years, especially when it comes to web cameras, showing how many of them are completely open to the world because the user didn’t change the default username and/or password.
If you've already installed smart devices on your network and want to see if they are publicly accessible via websites like Shodan, checkout BullGuard's IoT Scanner: https://goo.gl/HbmIuz
Using any Internet connected device with the default administrative password will make you a sitting duck as every default password for just about every device ever made is readily available online at sites like: https://cirt.net/passwords
Don’t Be Afraid
Lots of Internet security experts have written about the ‘security as an afterthought’ approach that the industry has taken, and rightly so.
Security should never be taken lightly by anyone using anything connected to the Internet, but it can also be overhyped or agenda driven.
No different then driving a car that could potentially kill you every day, empowering yourself with knowledge is the key.
If You Don’t Understand It, Get Help
Nothing is 100% ‘hacker-proof’, especially if a malicious party is motivated, but unless you’re a celebrity or a politician, you’re much more likely to become a victim from a ‘random act of hacking’.
This means you made it really easy for an outsider to take advantage of you because you skipped simple security measures like updates and patches that can appear too complex for non-technical users.
For the average user, the convenience benefits far outweigh the risks when it comes to most IoT devices, so don’t let the ‘horror stories’ keep you from educating yourself and using them.
Wed, 15 Mar 2017 00:00:00 +0700
(image) Ads on the Internet are a fact of life that frankly speaking, help pay for many of the ‘free’ services that we all enjoy.
Having said that, the way that ads are delivered via third party networks often causes slow loading of pages or makes it difficult to find the actual information that we seek.
Mobile users on a limited data plan can reduce the amount of data they use by eliminating the bandwidth required for loading ads.
Throw in the potential for ‘malvertising’, which are legitimate ad networks that have been infiltrated by malware-laden ads and you have plenty of reasons for wanting to limit ads while you surf the web.
How Ad Blockers Work
Ad blockers employ similar filtering techniques to anti-virus programs for identifying scripts which are then compared to a list of known sites and scripts that are blocked based on the programs pre-set parameters.
They can also simply hide certain HTML elements of the page from your view even if your browser loads them.
It’s far from a perfect technology, but by and large, they do a pretty good job.
Ad blockers are not limited to your desktop or laptop computer; you can also use them on just about any of your mobile devices.
The Downside of Ad Blockers
While the reasons for using an ad blocker may be many, there are some side effects you should be aware of.
The most obvious side-effect will be on pages that rely on scripts that when blocked can totally ‘break’ the page and dramatically change what you actually see.
For hardcore privacy advocates, there may be data privacy risks as some of the free ad-blocking tools collect your browsing behaviors for third-party use.
There’s also the very real issue of using a 'free' site that can only provide its content if they can pay for it through delivering ads.
Technically speaking, if everyone on the Internet used ad blockers, it would essentially destroy the business model that is the basis for what we all take for granted on a daily basis.
One way to use the technology but support your favorite websites is to use the ‘whitelisting’ option most of them employ, which allows ads on just the sites you choose.
One of the most popular browser add-on called AdBlock Plus (https://adblockplus.org) works with most major browsers and offers apps for both Android and iPhone users.
The Opera (https://opera.com) browser for computers and Opera Mini for mobile devices has an ad blocker built-in, so you can install it as an alternative browser for when you want to use ad blocking.
Firefox fans have long used the NoScript plugin (https://noscript.net) to manage a variety of scripts that range from ads to malware attacks, but I would only recommend this more elaborate tool for tech savvy users.
Fans of Google’s Chrome browser can also try ScriptSafe (https://goo.gl/9ow7Au) to offer similar features to NoScript, though it’s not nearly as powerful.
Wed, 8 Mar 2017 00:00:00 +0700
(image) A lot of people that use Facebook on a regular basis are very likely to be suffering from some form of ‘political post’ fatigue.
There are a number of ways to better manage what appears in your newsfeed that can range from basic measures to drastic action.
Start with Unfollow
For those friends that seem to obsess over every twist and turn of this unprecedented political environment, you can simply stop following them so their every post does not appear in your newsfeed.
On your computer, you can easily do this by floating your mouse over their profile picture and changing the ‘following’ button to ‘Unfollow’.
On mobile devices, you can click on the small down arrow in the upper-right corner of anything they post and tap the ‘Unfollow’ option from the menu.
When you unfollow someone, there is no notification to that person, so you don’t have to worry about offending them.
Hiding Certain Sources
There are lots of allegations of ‘fake news’ being thrown around by all sides, but you get to decide which sources you want to see.
When a post is shared by a friend for a resource you don’t particularly care for, you can click on the small arrow in the upper-right corner of the post and select the ‘Hide all from…” option. This will keep anything shared by anyone from that resource from appearing in your newsfeed.
If you don’t want to completely unfollow someone but attempt to filter out politically oriented posts, there are a number of options available for your desktop browsers.
One created for the Chrome browser that’s been getting a lot of mentions is called Remove All Politics From Facebook (https://goo.gl/fv7H8l). In my tests, it didn’t work very well, but many comments from users claim that it does help, so your mileage may vary.
A more powerful tool that’s been around for a while is called Social Fixer (https://goo.gl/bkhAOS) and works with every major browser, not just Chrome.
Social Fixer lets you choose pre-existing filters (like politics or superbowl) or create keyword lists of your own, giving you a lot more control over what you see.
If you really want to shut down everything and only see posts from specific friends, News Feed Eradicator for Facebook (Chrome only) will do the job.
Once you install it, you‘ll get an inspirational quote where your newsfeed normally appears, so you have to manually go to individual profiles in order to see any posts.
Keep in mind, all of these browser add-ons are at the mercy of Facebook’s code, so any updates or changes by Facebook can impact the effectiveness of them all.
The Nuclear Option
In some cases, you may feel it’s ‘healthier’ to completely disconnect from certain friends so you can ‘unfriend’ them by going to their profile on either mobile or desktop devices.
If things have really become problematic, you may want to completely block them from anything you post as well by going to your account settings menu and selecting the ‘Blocking’ option.
Wed, 1 Mar 2017 00:00:00 +0700
(image) Raising children in the digital age is forcing parents to deal with questions that can’t be answered by a previous generation of parents.
I can remember when my daughter was 10, she proclaimed that she was the only one of her friends that wasn’t allowed to watch PG-13 movies. Today’s parents are going to be faced with this same proclamation for a myriad of adult-oriented social sites like Facebook, Instagram and SnapChat.
As with many other aspects of parenting, the answer to the question “when are they old enough?” is going to be different for each child and situation.
The child’s maturity level along with your relationship with them should play a big role in making the decision.
Starting this process off with a discussions about the pros and cons of engaging in social networks is a much better approach then just telling your child “No, because I said so”.
Technical Age Limits
Most popular social networks require that a child be at least 13 to sign up for an account, but it’s not necessarily a parental guide. Most networks are doing so to comply with the FTC’s COPPA (Children’s Online Privacy Protection Act), which was created to prevent companies from gathering certain types of information on minors.
Despite that, there are plenty of experts that believe that until the age of 13, most children lack the cognitive ability to fully understanding adult-oriented social situations. Keep in mind, this is a general guideline (like PG-13 movie ratings) and not a line in the sand for all parents.
For a better understanding of the typical 13-year-old’s mindset, checkout Common Sense Media’s overview: https://goo.gl/811lFU
Accessing your child’s ability to understand things like the context of a post (many adults still have a problem with this!), cyber-bullying or inappropriate content should be your primary guideposts.
Age Appropriate Platforms
Waiting until a child is 13 to engage in any type of social platform isn’t necessarily the best approach in the digital age. Pretending that they won’t be exposed to social networks until you decide it’s time isn’t very realistic, so it’s best for you to be the one to introduce them to it.
There are plenty of age-appropriate and COPPA compliant platforms for children under the age of 13 like Lego Life (https://lego.com/life) and Kudos (https://kudos.ai) or you can create your own private social network with options like Gecko Life (https://geckolife.com).
Getting together with other parents to create a controlled network with only friends and family is another method of introduction to social media you may want to consider.
(A comprehensive list of kid safe options is posted at: https://goo.gl/Pm4DzV)
Setting Guidelines Early
The earlier you start setting up the guidelines for your child, the better. Making sure they have a grasp of things like privacy issues, mindful posting, identity theft, what cyber-bullying looks and feels like and an open ongoing dialogue with you is critical.
Making sure you have access to everything they use, following them on the same networks and limiting their connections to people that you know in the real world are essential early in their development.
Wed, 22 Feb 2017 00:00:00 +0700
(image) We’ve been hearing the promise of the “paperless office” for over 30 years, but very few of us have taken the time that it takes to make the transition.
The good news is that going paperless at home is a lot less complex than doing so in a business.
Going completely paperless isn’t realistic, but going less-paper is entirely feasible with today’s various options.
One of the easiest ways to cut down on the amount of paper that gets sent to you is to opt for electronic billing and statements whenever a company offers it.
While there may be certain situations where you do want to have paper copies sent to you, start looking at every paper bill or statement you’re currently getting to figure out which ones can become electronic from the source.
Are You Disciplined Enough?
The next question you need to ask yourself is are you willing to adopt the behaviors required to be successful in converting all your paper documents into electronic copies?
You’ll have to completely change your ‘workflow’ as it pertains to all the paper that comes into your household.
You’ll also have to go through the learning curve on an electronic storing and filing system so you can find items when you need them down the road.
A Good Scanner is Critical
You’ll need an appropriate scanning device that makes converting and filing your documents efficient or else you’ll never do it.
Cheap flatbed scanners that require you to manually place each page on the scanner won’t do the trick; you’ll need a device with a decent document feeder.
You’ll also want one that can scan both sides of the document (duplex scanning) and wireless is a nice option for flexibility in where you can use it.
Fujitsu has long been a leader in high-quality scanners that will hold up to the workload that ‘going paperless’ will demand, but less expensive options are available from companies like Brother, Epson, Neat and Doxie.
Creating Your Workflow
The best way to stay on top of this new task is to have a physical ‘inbox’ next to your scanner where all your important papers get staged for scanning.
The single most important decision you’ll have to make is which electronic filing system you’ll use.
If you don’t create a solid filing, naming and tagging system, you’ll end up with a mountain of scanned documents that will be nearly impossible to search through.
Most document scanners have direct support to automatically send documents to both Dropbox and Evernote or others like Doxie and Neat offer their own integrated filing software.
Evernote provides a lot of flexibility for managing the documents and since it automatically converts everything to a searchable standard, it makes finding documents based on keywords much easier down the road.
If nothing that I’ve outlined so far has scared you off, there are some excellent resources that are much more detailed from Abby Lawson (https://goo.gl/3WBkeZ), Refind Rooms (https://goo.gl/aI2jiR) and Document Snap (https://goo.gl/2I8bzg).
Wed, 15 Feb 2017 00:00:00 +0700
(image) The race to provide the next generation wireless technology is in full swing.
With the increase in devices connecting to the Internet expected to more than triple (to over 20 billion) in the next four years, improving the wireless infrastructure is critical.
What is 5G?
In short, 5G stands for fifth generation technology. The wireless industry coined the phrase 1G for the technology used in the early 90’s as its first generation technology, which essentially allowed for wireless phone calls.
With major improvements to the infrastructure came 2G, which allowed for text messaging, then 3G, which added basic web browsing and finally 4G, which increased the speeds to allow reasonable usage of streaming video amongst other improvements.
4G also got the LTE (Long Term Evolution) label to signify a marked increase in performance and consistency through a totally different technical approach over 3G.
As video goes from HD to UHD to 3D to 4K and we all add new data hungry devices to our lives, data speeds and capacity are going to need to increase in order to keep up.
How Much Better Will 5G Be?
5G won’t just focus on improving speeds, it will also be adding capacity for more devices in the same area. We’ll need it to accommodate the huge increase in ordinary items all around us that will be connecting to the Internet (our homes, our cars, our clothing, etc.)
Various iterations are being developed to increase speeds to at least 10 times that of today’s 4G LTE with much lower latency, which means packets of data will get to us all quicker when we request them.
This will reduce buffering issues and provide hardcore gamers with a reasonable option to a wired connection for gaming applications.
5G is also being built from the ground up to allow for a variety of traffic types, so it will offer a different type of connection based on what the device is and the data being transmitted. 5G networks will know the difference between a smartphone streaming 4K video and a moisture sensor in your basement sending humidity updates.
Think of today’s wireless technology as more of a single lane road where cars, bicycles, joggers and walkers are all sharing the same space.
5G will segment the various traffic types so that cars get one lane, bicycles will get their own lane and joggers and walkers are segmented in their own lanes.
When Will 5G Be Available?
While there are a number of companies working on small scale tests and development projects, we aren’t going to see it anytime soon.
The best estimates for widespread deployment of 5G isn’t until 2020, so you can ignore anyone trying to make is sound like 5G is just around the corner.
There is a technology available today that is trying to bridge the performance gap between 4G LTE and 5G, which is known at LTE-Advanced or LTE-A.
LTE-A is theoretically designed to provide up to 3 times the speed of LTE, but is being advertised by various carriers as being 50% faster and requires a phone with LTE-A capabilities: https://goo.gl/h3oBCj
Wed, 25 Jan 2017 00:00:00 +0700
(image) Many in the cyber-security business refer to tax season as ‘Christmas for Criminals’ because of the amount of sensitive personal information that will be in circulation.
The IRS reported a nearly 400% surge in phishing and malware incidents in the 2016 tax season and you can bet that number will be as high, if not higher this year.
Fraudulent returns continue to top the list of scams because electronic filing makes it so easy to file returns when a thief acquires your Social Security Number.
In fact, the problem has gotten so big that the IRS will be delaying refunds for all taxpayers until February 15th this year in order to give them more time to screen for fraud.
Start With Your Computer
One the easiest ways for thieves to steal your personal information is directly from your computer if you aren’t paying attention.
Programs designed to sneak in and silently monitor your keystrokes (a.k.a. keyloggers) or steal your e-mail credentials won’t announce themselves.
If your computer takes forever to startup or seems to be ‘stuck in the mud’ when you try to use the Internet, these are clear signs that unnecessary processes are running in the background of your computer.
Since you’ll be working with a lot of sensitive information via your computer, whether you’re preparing your own return or gathering info for a tax preparer, make sure your computer is free of any potential malware.
If you aren’t comfortable running through the various processes yourself, make sure you find someone you trust to do a thorough checkup/cleanup before you get started.
Don’t Send Sensitive Info Via Email
Email has replaced the fax machine for sending documents, but it’s one of the least secure methods of transferring sensitive information to your tax preparer.
Not only can your unprotected information be intercepted by others, a record of your sensitive information gets stored in your email program unless you remember to delete all your sent items.
Check with your tax professional as they should have a more secure method for you to share electronic documents.
Watch For Phishing and Phone Scams
One of the many known phishing messages pretends to be from the IRS asking you to update your e-file account to make sure you get your refund.
The IRS will NEVER send you an e-mail message or call you; they only communicate with taxpayers via U.S. Mail. You can report any IRS phishing scams by forwarding the message to [email protected]
File Early To Beat Fraudsters
Fraudulent tax returns continue to be a billion dollar expense for the Treasury Department, but one of the ways you can avoid becoming a victim is file as early as you can to beat them to the punch.
If they file a fraudulent claim before you, it can take an average of over 300 days for you to get the mess straightened out. If you believe you’re a victim of ID theft, the IRS Identity Protection Specialized Unit phone number is (800) 908-4490
Thu, 12 Jan 2017 00:00:00 +0700
(image) The ongoing game by scammers to convince people that their computer is infected has taken some seriously convincing turns in recent months.
One such version of the scam generates what appears to be an official Microsoft message complete with logos and color schemes and a robotic voice saying ‘critical alert’.
Here’s an example pop-up:
** ZEUS VIRUS DETECTED - YOUR COMPUTER HAS BEEN BLOCKED **
Error: Virus - Trojan Backdoor Hijack #365838d7f8a4fa5
IP: 108.XX.XX.XX Browser:Chrome ISP: Mci Communications Services inc. Dba Verizon Business
Please call computer system technician immediately on: 888-XXX-4963
Please do not ignore this safety alert. Your Microsoft System Has Been Compromised. If you close this page before calling us, your computer access will be disabled to prevent further damage and your data from being stolen.
Since this particular scheme attempts to keep you from doing anything else, calling the posted toll-free number to get help seems to be a rational response for those stricken with fear.
We’ve also seen this attempted scam posing as a warning from your Internet service provider (such as Cox or Century Link) because the scammers can easily determine who your ISP is.
Understanding some basic red flags will go a long way in helping you avoid this and all of the subsequent attempts to trick you that are certain to come.
Tip #1 – Be suspicious of toll-free numbers
Large technology companies have spent millions to prevent you from calling them for help.
It’s just not economically feasible for companies that have millions of users or in Microsoft’s case, over a billion, to pick up the phone whenever someone needs help.
With this in mind, any time you see any error message pop-up on your computer urging you to call a toll-free number, assume it’s a scam.
Tip #2 – Get to know your security software
Knowing what you have installed to protect you from Internet threats will go a long way to helping you quickly sniff out scams. Chances are, you have a third-party program installed to protect you, so take some time to understand what it looks like and how it alerts you.
Tip #3 – Real tech companies don’t answer the phone
Anyone that’s ever tried calling to speak to a human at any large organization is always met by an automated attendant system.
Call routing systems are necessary because call volumes are very high, so when you call a toll-free number for tech support and a real-live human answers, you should always be suspicious (especially if they have a foreign accent).
Tip #4 – Killing the fake message
It may appear that your computer has been locked down, but in most cases you can simply shut down the pop-up to regain control. Windows users can use the Task Manager (Ctrl-Alt-Del to access it) to end the fake task and Mac users can use the Force Quit option to kill the fake session (yes, this Microsoft pop-up can appear on Mac screens as well!).
If all else fails, manually shutdown your computer, then restart it and immediately run the security software you know you installed.
Wed, 4 Jan 2017 00:00:00 +0700It’s that time of year when many households are asking this same question as the new gadgets replace the old ones during the holidays.Electronic devices are one of the most common gifts every year, which results in lots of devices that end up in closets, drawers and garage shelves.The Growing E-waste ProblemUnfortunately, electronic waste (e-waste) continues to be one of the fastest growing municipal waste issues according to the EPA, which means most of it ends up in our landfills.Even though e-waste represents 2% of our trash, it accounts for around 70% of the overall toxic waste in our landfills. With our desire for new devices growing every year, the problem of improperly disposing of our old tech is also growing.Keeping the toxic waste in electronics that include lead, arsenic, cadmium, mercury and many other dangerous chemicals out of our landfills should be important to everyone, but at best we’re only recycling between 15% to 25% of our e-waste because too many people still aren’t aware of the dangers.Repurposing vs. RecyclingRecycling your old electronics isn’t your only option as a better use for them would be to re-purpose them. Just because a device isn’t useful to you anymore, doesn’t mean that it won’t be useful to others.Check with your local schools, churches and local charities, especially if you have older devices like smartphones, computers, printers and tablets that may be a little slow, but still usable.Another option is to make it available to others in your area via the Freecycle website (http://freecycle.org), which is essentially an online version of putting it out on the sidewalk with a sign that says ‘FREE for the taking’.If your old tech isn’t a candidate for repurposing, then finding a responsible recycler to ensure it gets properly processed is critical.Recycling OptionsMany municipalities now have a structured e-waste recycling process, drop off locations or annual events, so start by checking your city or county’s website.The National Cristina Foundation (http://cristina.org) is a great resource for individuals and businesses that have technology that they think can still be of use.The foundation focuses on service providing organizations targeting people with disabilities, students at risk and economically disadvantaged populations through their non-profit locator tool.If you have a cellphone or smartphones that still works, you may be able to trade it in or recycle it with your current wireless carrier.There are a number of companies that will offer to buy your old mobile gadgets like uSell (http://usell.com), Glyde (https://glyde.com) and NextWorth (https://nextworth.com) or you can trade them in for gift cards at Amazon (https://goo.gl/i5Hp3J).The EPA has also put together a list of national companies that offer recycling programs for PCs, televisions and mobile devices: http://goo.gl/sDTUV7The listed companies offer drop-off locations, recycling events or mail-in options.Another list of recycling options for things like batteries, printer ink cartridges and computers is http://www.computerhope.com/disposal.htm.Wipe Your Data FirstBefore you donate or recycle your computers, make sure you take steps to securely wipe your personal data from the hard drives: http://goo.gl/MGyE8f.Your cellphones and smartphones are also loaded with lots of personal information, so make sure you perform a factory reset http://goo.gl/0M07Q9 before getting rid of it.[...]
Wed, 14 Dec 2016 00:00:00 +0700
(image) Whether you currently use a Yahoo email account, used to use one or have never used one, the announcement of 1 billion accounts being compromised in 2013 holds many lessons for everyone.
Yahoo says that no financial information was included in the breach, but username, email addresses, telephone numbers, hashed passwords, birth dates and in some cases answers to security questions were all part of the break in.
Why Email Hacks Are So Desirable
Your email account is the digital key to your kingdom for a variety of reasons, which is why they are so valuable to hackers.
Remember, whenever you (or a hacker) need to reset a forgotten password for just about any online account, the reset instructions get sent to your registered email account.
Another treasure trove is the accumulation of messages that you were sent when you initially signed up for any account, which is a quick way to know what other accounts can be compromised.
Lesson #1: Start getting in the habit of deleting sign-up, notification and reset email messages as soon as you are through with them.
Birthdays & Security Questions
Many sites ask for your birthday as a way to ensure you are old enough to meet their age requirements, but nothing says you have to give them your actual birthday.
Although Yahoo is moving away from security questions as a way to allow you to regain access to an account, the information gathered by the hackers can potentially be used elsewhere.
Questions such as ‘what was your high-school mascot’ are pretty easy to figure out depending on your profile on sites like Facebook and LinkedIn.
Lesson #2: Start lying more; don’t give your actual birthday or use actual researchable answers on security questions.
Additional Security Measures
If you haven’t figured it out already, virtually anything on the Internet is ‘hackable’ and it’s generally just a matter of time for any large online entity.
Setting up password fraud alerts through 2-factor authentication (https://goo.gl/0MhNLG) and using password management programs that ensure that no password is ever used on multiple sites are a good start.
Lesson #3: Assume that everyone you do business with online is going to be breached and act accordingly.
Spear-Phishing Made Easy
Spear-phishing refers to scam emails that are targeted at those that are known to use a specific service.
In this case, if you have a Yahoo email address, it’s pretty easy for scammers to send convincing but fake ‘password reset’ messages to you knowing that you actually have an account.
Lesson #4: Never click on any reset links unless you just asked for a reset message to be sent.
With all the large-scale breaches in the last couple of years, the likelihood is that any password that you’ve been using for years has been compromised.
There are lots of ‘known password’ databases that allow cyber-thieves to compare them to stolen hashed passwords, which is why one breach can lead to so many other accounts being compromised.
Lesson #5: If you’re still using a password that’s been in use for more than a couple of years, change it to something you’ve never used before.