What you should know about the Krack WiFi Hack. The media is reporting this vulnerability and I feel that you should be aware of the mitigating issues about this flaw.
Researchers have found a serious weakness in the WPA2 security standard. WPA2, short for WiFi Protected Access II, is the security protocol that your WiFi devices use to keep your information safe. The flaw allows anyone to break this security model and steal information flowing between the targeted device and... your network. The vulnerability works on any device that utilizes the WPA2 standard.
Let's put this in perspective. This sounds very scary but there are some things that you should know. Attacks cannot be made remotely. An attacker would have to be within range of your wireless network to pull it off. This flaw cannot be exploited from half way around the world. The hacker would have to be physically on your sidewalk or in your backyard.
Most sensitive information, such as interactions with financial institutions or browsing email, are already protected with end-to-end SSL (Secure Socket Layer) encryption that is separate from any encryption added by WPA2. So relax.
This doesn't mean you should ignore this, however. Patches will be coming out from all the major manufacturers and software vendors. Be sure to apply them.
Practice safe computing.
We live in an age of everything digital. Equifax, one of the 3 main credit reporting agencies, was hacked. 143 million US consumers may have had their names, social security numbers, date of birth and addresses compromised. Approximately 209,000 US consumers have also had their credit card numbers exposed and 182,000 other US consumers have had their personal identifying information (such as drivers license or state ID) accessed.
An unstated number of UK and Canadian residen...ts have also been put at risk.
Some things you should know. Equifax is offering consumers free credit monitoring service for 1 year. The company that is providing this service, TrustedID, is owned by Equifax. TechCrunch (technology magazine) is also reporting that if you sign up for the protection service, you may be waiving your right to sue or be included in any class action suit. Their terms of service seems to indicated this and TechCrunch has reached out to Equifax for clarifications.
What should you do? Be diligent with your accounts and report any suspicious activity immediately to your account provider.
Sign up for credit monitoring. Let Consumers Reports or the Better Business Bureau guide your decision on which one. Do your homework before signing up. Read the terms of service. I know these are incredibly dry reading but you need to know what you're singing up for.
Beware of cons that will invariably pop up offering you protection from this breach. I'm sure there will be many sites pop up trying to take advantage, to make a quick buck.
This is largest breach that included social security numbers. You can't just change your name and SSN to combat this. Be aware of what is happening in your accounts. The banks and credit card companies do a pretty good job at detecting fraud but nothing can replace you keeping an eye on what's happening to your credit and money.
When natural disasters hit, it's incredible to see the outpouring of help and sense of community as we all bind together towards the common goal of helping all in need.
Unfortunately it also brings out the criminal element that is looking to take advantage of people's willingness to help.
Beware of the hurricane Harvey scams that are surfacing. They tug at your heart strings, requesting donations to help the people that are effected by the hurricane. Be critical of any emai...ls you may receive asking for donations. The are numerous website popping up where you can make donations that will never help anyone other than the criminals.
I would suggest that you make your donations through known charities. If you have any doubt as to the legitimacy of the charity, check them out. Here are some sites to verify the charity you wish to donate to.
Make your good intentions count. Verify your donation is getting where it will do the most good.
Our hearts go out to the people who are impacted by hurricane Harvey and thank all the first responders and volunteers that are saving lives.
I'm sure by now you have heard about the WannaCry ransomeware that has hit businesses in over 100 countries world wide. It encrypts your files and threatens to delete them unless you pay the ransom to have them decrypted.
1. Make sure you have a good backup of your files....
2. Update your operating system. If you are still running Windows XP, Microsoft released a special update for this exploit but there are no regular security updates. You should upgrade to Windows 10.
3. Install/update your anti-virus software.
4. NEVER, NEVER, NEVER open any unsolicited emails and NEVER, NEVER, NEVER, open attachments that you were not expecting.
It's getting ugly out there. Practice safe computing.
If there is one day that we are on our guard, it's April fools day. When it comes to scams, we should treat every day like it's April 1st. Here are some things to look out for regardless of the date.
That email from a friend or colleague. Does the email make sense? If your friend's contact list had been hijacked, hackers can send you messages that can direct you to a click on a link. The scammers can make the message seem very real but think about it. Does the email make se...nse. Verify with your friend but not by email. Use another communication medium.
Most email now is HTML (looks like a website with graphics and links). Is that link going to where it says it's going? Links can be spoofed. The link can say one thing but it actually going somewhere else. Hover your mouse over the link. Depending on which email client or browser you're using, there will be a small pop up, either at the link or at the bottom of the browser, that will show you the real destination of the link.
If you receive an email with an attachment that you are not expecting, DO NOT OPEN IT. Remember what happened to that curious feline.
Beware of bogus virus warnings. Telephone scammers will call you and try to scare you into giving them remote access to your computer. Web scammers will direct you to a website that looks very convincing and tries to extort money or to install malware or viruses.
When in doubt, call someone you trust. Do a google search in regard to the item in question. Call an IT professional. Any costs you accrue getting an answer will be far less than if your computer is compromised or all your digital memories disappear.
So go out and punk someone tomorrow but practice safe computing.
Attention all Android users. Have you installed the app 'Good Weather' recently? The Trojan posed as a legitimate app to get by the Google Play Store security. The bad app was only available for a short time but it is worth a new post.
Most people don't even look at the requested administration privileges when they install an app. This one will request a change to screen unlock password and the ability to lock the screen. It will then attempt to steal your banking passwords. It can intercept SMS messages. It can also lock your device and it cannot be unlocked until it receives an unlock command from the attacker.
If you installed this app recently, remove it. If you installed it prior to mid February, review the security settings. If anything looks strange, remove it. Practice Safe Computing.
If you are using Google Chrome, beware of a new scam just waiting to bait you and compromise your security. Here's how it works. You will receive dialog popup saying that a 'Font Wasn't Found". The box will have an update button. If you click the Update button, it will install not only malware that can trace your steps online but install ransomware software.
If you see the dialog, note the website you were just on, close your browser right away. As an added precaution, clear your cookies. Do not return to that website. If it is a corporate site, send an email informing them that their site has been compromised.
The dialog is pictured. Practice safe computing.
I'm sure you have all heard about the breach that Yahoo had. Since that breach, people have dropped their Yahoo account in favor of a Gmail account. If you have a Gmail account, read the attached article. Hackers are launching a new Phishing campaign that is very convincing. It is so good that professionals are being fooled. Please read the article. Forewarned is forearmed.
It's things like this that get my feathers ruffled. When your computer isn't working correctly and you need help, you want to turn to someone you can trust. When a major retailer abuses that trust it makes for a very long and expensive day. Take a look at the article below. Office Depot has let it's customers down. Chose your support wisely.
Special Warning for Windows 8 and 10 Users
Beware of a new scam that has been identified. This malware masquerades as Microsoft Security Essentials ( the built-in malware software from Microsoft ). The installer for this malware is introduced via a drive-by download from websites that have been compromised.
Once the malware is installed you will be presented with a false Blue Screen of Death (BSoD). This screen is usually presented when there is a problem with the hardware o...r severe issues with the operating system. The false screen is shown in this post and it has a phone number to call to resolve this issue. The real BSoD has no phone number.
Keep your anti virus and spyware software up to date. Be diligent and practice safe computing.
Is your TV secure?
As you may or may not have heard, a big portion of the Internet in the US and Canada was effectively shut down last Friday. Sites like Netflix, Spotify, PayPal, Twitter and others were inaccessible.
The attack was a Distributed Denial of Service (DDoS) attack. This is when a server is flooded with so many requests that it becomes overloaded and is unable to respond to legitimate requests. When the attack is on DNS servers, (the internet’s phone books) then... the result is websites that are unavailable.
The hackers used a ‘botnet’. A collection of computers that have been compromised by malware to allow the hackers to control them. These computers are then used to collectively stage the attack. This kind of attack isn’t new but what makes this more disconcerting is they used internet ready appliances.
The Internet of Things (IoT) is a system in your DVD player, your smart TV, your WiFi security cameras to name a few, to allow these items to communicate over a network or over the internet. These appliances were compromised and used in the cyberattack.
They were compromised because most people don’t think about security for these appliances. They use the plug ’n play approach and forget about it. You must take some time to secure these gadgets. Take as much time as you do to secure your social media account or your home network. Change default passwords. Use strong passwords. Store these strong passwords in a password manager. Make sure firewalls are properly setup. Make sure your WiFi network is secure and the password to your router has been changed. Keep your Anti Virus and Anti Spyware software up to date on your computers.
Convenience is a wonderful thing but don’t let it compromise our enjoyment of our online world. Take some time to secure your internet connected devices. This time it was just the inconvenience of not being able to watch your favourite show or listen to your music. Next time the breach could be much worse. Let’s not make it easy for the hackers. Security is everybody’s responsibility.
If you have an American Express card, please read this article below. This new phishing scam mimics correspondence from Amex so well, that it is fooling some that typically spot these types of scams.
Protect yourself. Always be skeptical when an unsolicited email requests your personal information. Please read the article below from Inc.
Familiar phone call: "I think I opened an email you told me not to open and now things aren't working right". I have posted on this subject before but it's worth repeating.
There are lots of scammers out there looking to part you with your money or just screw up your files for kicks. After opening an email from an unknown source, a client got a pop up on their screen that looked legit. It said it was from Microsoft and that their PC was experiencing problems and they should ...call the number below to be connected with a 'Microsoft Tech'. Well the client did just that.
We now have a mess on our hands because the client allowed the 'Tech' to connect remotely to their PC. If that wasn't bad enough, they left the 'Tech' unsupervised. Well the worse happened. Their server was compromised.
First of all, these kind of pop ups DO NOT exist in the real world. There is nothing in Windows that prompts you to call their technicians "UNSOLICITED". There are places within the help and support files with phone numbers to call for assistance but never unsolicited.
Second; if you receive an email from an unrecognizable source. Delete it! Don't let your curiosity get the best of you. Remember what curiosity did to the cat. You're risking your PC, all you photos or your business.
Be diligent. Use common sense and if there is a doubt, ask someone. Ask me in a message here. Ask the 13 year old kid down the street, but don't guess. This little fiasco will cost my client in many ways. It could have all been avoided with one phone call.
If you spend a lot of time at a computer, and you are experiencing headaches, back pain, eye strain and shoulder stiffness, your workstation may need an ergonomic overhaul. Here are the 4 steps to an ergonomic workstation as suggested by UCLA Ergonomics.
Step 1: Your Chair
- Push your hips as far back as they go in the chair
- Adjust the height so your feet are flat on the floor and your knees equal to or slightly lower, than your hips....
- Adjust the back of your chair to a 100-110 degree angle
- Adjust the armrests so your shoulders are relaxed
Step 2: Keyboard
- Pull up close to your keyboard
- Position the keyboard directly in front of your body
- Position the most used portion of your keyboard centered with your body. If you have a keyboard with a numeric keypad, center the letter portion in front of you not the entire keyboard.
- Do not use a wrist rest that is higher than your space key
- Make sure your wrists are straight when typing
Ste 3: Monitor
- Center the monitor directly in front of you above your keyboard
- Position the top of the monitor 2-3 inches above seated eye level
- Sit at least arm length away from the screen then adjust for your vision
- Place your monitor at right angles to windows to reduce glare
Step 4: Pauses and Breaks
- Take short breaks every 20-30 minutes
- Avoid eye fatigue by resting and refocusing your eyes periodically. Focus on something in the distance.
- Be aware of your shoulders. Make sure they are relaxed and not hunched up to your ears.
- Get up and walk around periodically
It has been reported that 32 million Twitter usernames and passwords are up for grabs on the Dark Web. Twitter says they were not hacked. So how did they get them? Stick with me because this has implications beyond Twitter.
Twitter confirmed that they were not hacked. This list was collected through exploiting third party flaws, badly protected websites and carefully crafted malware. If you have Twitter account, it would be in your best interest to change your password.
Here...'s the kicker. It's a proven fact that most people use the same or similar passwords for all their accounts. If the criminal element that would make use of this list have one password, they could easily try and get into your other accounts which may have the same password.
Change your passwords often. Use a password manager which can keep track of your multiple passwords. Be diligent. If you have had an account hacked, it is not a good feeling. If your identity is stolen, it could take months or years to straighten it all out. Keep your anti virus and malware software up to date.
Proactive is a lot cheaper than reactive.
As technology gets better so does the sophistication of the virus and malware writers. New version of ransomware was detected on May 24. This version infects users computers via malicious spam, malicious macros in Microsoft Office documents, and fake software installers.
If you get infected, it will try and distract you by putting up an innocent pop-up or dialog box while it communicates with the command and control server and begin the encryption. The pop-up will continue t...o appear while it's running.
Microsoft had noted in its alert that it targets 82 different file types but there have been some reports of as many as 121 different files extensions.
Be very suspicious of any email with attachments. If you didn't request it, don't open it. Update your anti virus and malware software and backup, Backup, BACKUP your data.