April 10, 2014

Heartbleed and the Password Monster

This week we have seen exactly how something bad can happen to our virtual world and better yet, how annoying it is to try and get information.


Brian Krebs has had a couple of excellent, easy to follow articles:


and


One of the things not mentioned and that you can do in addition to checking sites and changing passwords is get yourself a password manager.  I am going to list a few here, check them out.  Everyone has one they prefer for various reasons.  (my preference is 1Password).  They all work, some are more automatic than others. All of them make it easier for you to have better passwords and change them easily.  

The Freebies: 

Password Safe - this one has been around for ages and continues to be developed in open source.  It works great on Windows desktops.  If that is all you need, this one will do it for you.  Check out the fun video under the Quickstart guide link.  

KeePass - I have not used this one, but a number of people like it. Also Windows based like PW Safe above. No cool video, but it will likely do the same job. 

RoboForm - many people love this one. It's more polished than the other two and it works on all platforms. Windows, Mac, tablets, phones.  Very nice for a free platform.  The password database resides on their servers.  Some people are okay with this others not so comfortable. It depends on you're personality when it comes to this. 

Freemium 

LastPass - this is another online based system.  The freemium model means you can get their basic services on your computer for free.  If you want to go with mobile devices too, then you have to pay them. It's not terribly expensive, they do charge per year.   They also hold secure notes among other things.  I haven't used it, but I know people who love it. Ironically, they were hit with the Heartbleed bug although they have fixed their servers.

Pay for:

1Password - I have been using this for several years now and love it. Yes, it's pay for.  It does not run on Windows tablets so if that is important to you, then this is not the one to use.  

They started as a Mac application and it works beautifully on all apple products.  Your options are to have the database on your computer, on dropbox, or (if you are on apple) on icloud.  I have used it via dropbox to sync to my Windows 7, Mac, iphone, and ipad.  It will also sync to android devices.  

I like the flexibility of where the database will reside.  I also like the features of secure notes, software license folder, credit card folder, personal identity folder (to fill in forms on websites).

I'm sure there are others out there, but among these, you should be able to find something that fits your needs and works for you.  


Posted by: Teresa in WebTech at 01:51 PM | Comments (4) | Add Comment
Post contains 509 words, total size 4 kb.

March 28, 2014

The end of XP

As you may or may not know, support for Windows XP ends April 8th.  That's coming up in about 10 days.  If you are running XP (yes you have a very old machine) then be prepared.  After the last update, there will be a spate of exploits sent out. 


I know there are people who can not (financially) move on to other machines so here are a few things you can try to keep the wolves at bay - so to speak. 

1. Get either Chrome or Firefox as a browser.  Don't argue with me that you love IE - doesn't matter. It is already a mess with holes in it. It will only get worse after support ends.  And don't tell me one of the above is better than the other... that doesn't matter either. What matters is they are both current browsers and both are continuing to update patches even if they run on old XP.

2. Put Ad Block Plus on your browser of choice.  When you go to the site, it determines the browser and will show you the plugin you need to apply.  Use it!  There will be malicious software being served up as ads on all kinds of sites - even so called "safe" sites. This includes the big ones like CBS, ABC, NBC, CNN etc.  This plugin will stop those ads from getting to you instead of you trying to clean up after them.  I know there are people trying to support their site via ads.  But you can't afford the price at the moment. One bad ad served by one site could brick your computer... how much does it help if you have no working computer?  BTW - on some of the news sites,  this plugin will keep videos from running.  Sorry about that. They are jerks about it and want to sell ads, even if you put your machine at risk.  Walk away. 

3. Add Web of Trust to the browser too.  It's not 100% fool proof, but they make an effort to scan for malware on sites and mark them.  If you hit a "red" site even by accident, it brings up a page to stop you before you go there.  Go read why it's marked as "red".  Most times it is because of malware.  Political sites are a bit iffy as opponents will mark the site "red" based on content.  But do check FIRST.  Don't assume a site is marked as bad simply because of content, WoT will tell you why if you take a moment to go look. 

4. If you download mail to your machine, get an antivirus program and run it (if you don't have one as yet).  Avast has a decently rated free program.  As with all AV - this will protect against old stuff not new, but there is still plenty of the old stuff wafting about the net. 

5.  Don't skip the last set of patches.  Get them all.  

6. Try to stay behind a good firewall like a home router if at all possible.  Don't connect to public networks with no decent firewall. 

7.  Last but not least. For those with enough tech savvy and some adventurous spirit, get a thumb drive and grab a copy of  Ubuntu Linux.  They have made things very easy and it might be exactly what you need to get you through until you can get a new machine with an updated OS. 

Good luck. 

**** UPDATE  Also Office 2003 support is ending too!  If you use this version of Office, you may want to either upgrade if you can or look at the free tools available.  They aren't as good, but they are up to date and patched.  There is Open Office   or Libre Office  along with Thunderbird for mail.  Look at Google for your calendar too.  These might help a bit if you can't afford Office 365. 

Posted by: Teresa in WebTech at 04:06 PM | No Comments | Add Comment
Post contains 656 words, total size 4 kb.

February 18, 2014

And speaking of Brian Krebs

I always cringe when people start talking about connecting any of their stuff to the internet through their firewall.  It's just asking for trouble. 

Brian Krebs asks, Is it time to harden your hardware?

If you are lost when reading the opening remarks about the routers, scroll on down to the light switches... then read about the problems with Network Attached Storage (NAS).  These things are becoming very popular. 

Heck I have a hard time making people understand that their Operating Systems need to be kept up to date.  Trying to make them understand that other machines need updating too?  Whew...

The problem with the hardware listed here, it's all being touted as making your life easier.  Plug it in, fire it up, voilà  you are online and able to access your house systems from afar. 

Except maybe someone else can do this too... and maybe you don't want them to. 

It's a problem.  How much security are you willing to trade off for the ability to turn your lights on and off when you aren't home? 

OTOH this is probably one of the funniest commercials I've seen with the theme.  I wouldn't use the service, but I giggle whenever I watch it.




Posted by: Teresa in WebTech at 02:21 PM | No Comments | Add Comment
Post contains 208 words, total size 2 kb.

February 17, 2014

A great read

The NY Times does a story on a reporter I admire very much. And they do an excellent job of it.

Brian Krebs profiled by the NY Times


Posted by: Teresa in WebTech at 11:25 AM | Comments (2) | Add Comment
Post contains 31 words, total size 1 kb.

February 04, 2014

Flash Flash Flash - Bug

Big bad bug out there... please check your computers and apply the Adobe Flash update just released today. Brian Krebs is on it as usual. Check his article for links and what to watch out for.

http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack/




Thank you!

Posted by: Teresa in WebTech at 02:54 PM | No Comments | Add Comment
Post contains 44 words, total size 1 kb.

January 17, 2014

Hackers and breaches and credit cards - Oh My!

Well, it's a new year and another story of a big data breach. The more things change...


;">Update: Breach exposes data on 110 million customers, Target now says


As long as there is something to steal, people will try to steal it and periodically they will be successful.  Sometimes they will be wildly successful. 


Most people read about these things and their thoughts immediately turn to "OMG they have my credit card info! They're going to charge stuff!". While this is true, there are other things you will need to keep in mind.  Let’s consider the data that was taken.  Credit  and debit card numbers yes, but also, full name, address, email, and phone info too. This may be far more of a problem than the credit card numbers.  


It’s not possible to cover every bad thing that might happen from a data breach in one post (or even several posts) so let’s look at the most likely results and how you can keep from becoming a victim after the fact. 


With all that identifying data, it becomes very easy to target people with phishing emails and even phone calls.  The chances of a direct snail mail campaign are small, but possible.  With snail mail the cost is high and there are very specific laws that come into play that aren’t there for email, but please extrapolate anything said about emails and phone calls to include snail mail.   


Sadly, suspicion is your friend no matter the method of contact.  If someone walked up to your door and knocked, or stopped you on the street, then asked for your credit card info or login information for your bank, would you tell them?  Right now I’m going with - No!!! Please tell me you wouldn’t give this information out to a random person you don’t know!  


Phishing email has gotten very good over the last few years.  It can be nearly impossible for people to detect whether or not an email dropping into their inbox is from the place it says it’s from.  While there are still huge numbers of badly worded and misspelled phishing emails that can easily be spotted, the real problem are emails that are so good you believe it is legitimate. 


Because the information stolen is most of what a company would use to identify you, the bad guys can now create even more plausible emails and phone calls.  They know the correct name associated with an email. They know the correct address and phone number.  The end result is, the approach looks legitimate and you believe them because they have this information already.  


So, what to do?  Here are things to keep in mind. 


Never trust a person or business who contacts you directly asking for information. Do not open email attachments.  Do not click links to respond. Do not ever reply to an email asking you to fill out a form and return it. And please please don't tell me you would only do this if the email is from someone you know.  Don't. Period. 


Let me say that again.  Never give out information to anyone if you did not contact them first and were waiting for a response. 


But how about a little extra information so you can see why you should be careful.  


First of all, do not place all your trust in anti-virus software. It is useful for catching older stuff, but it won’t catch everything all the time and it won’t catch anything that is new and hasn’t had virus signatures created - I don’t care who makes it or what their claims are. It also will not catch an email that just asks you to fill out information and return it... that isn't a virus.  As always, you are responsible for what you click or delete or what information you give out. Think about it carefully.


Let’s start with email. Phishing emails are sent out by the millions. At some point in time, they are going to hit your inbox and look real.  It may say "we have tracking information about your UPS order please open the attached file” or "your bank account will be frozen unless you respond to this email, please open the attached file”. Or "this is an emergency, please click this link to go to our site and update your login information”. 


It may appear to come from your particular bank.  It may even appear to be a store you shop at regularly.  And you think, I need to check this out. After all, it couldn’t be the bad guys,  "how would they KNOW I just ordered something to ship via UPS???” , "how would they KNOW I use this bank???" The short answer is, they don’t (unless someone is stalking you and that’s a whole ’nother conversation).  So many of these are sent out on a daily basis, they will eventually contact a number of people who believe it applies to them simply because of timing. The variations on these emails are endless. Therefore, view all these requests with skepticism. The delete button is your friend.  


Another tack they take is to call and tell you they are from Microsoft, your ISP, a tech company, or some anti-virus company and there has been a virus detected on your system, could you please let them connect to your computer and they will clean it up.  Maybe they say they are from your bank and they need to confirm your information or you won’t be able to access your money.  (a bank threatening to take away money access is an easy way to scare people) 


No no no!!!!  Hang up.  Do not even talk to these people, don’t be polite, just end the call.   Here’s a hint… Microsoft has billions of copies of their operating system out in the world, they don’t call their customers.  EVER.  Never EVER.  Remember this.  Anti-virus companies don’t call either.  The idea is, you contact them if there is a problem. They never contact you asking to get on your system. If your bank really calls you, they will not ask you to give them your account number (if they do, find a different bank immediately!).  


If you are sincerely worried about your bank account.  Call your bank directly from a phone number on your statement, not from a number given to you by someone you don’t know. Better yet, go see them in person.  Don’t trust caller id as this can easily be spoofed by bad guys and be made to say anything they want. 


I have had my credit card companies call me because of likely fraud on my card.  They are generally automated calls.  I listen to them on my voicemail, then I call the 800 number on my card (not the one left on the voicemail).  These have all been genuine, but I do the calling to a valid number to make sure I know exactly who I’m talking to.  


And these are just a few things you can do to keep yourself somewhat safer out there in the Wild Wild Internet. 


Questions?  It's hard to fit everything into a post, so I very likely missed something. 


Posted by: Teresa in WebTech at 04:27 PM | Comments (6) | Add Comment
Post contains 1207 words, total size 11 kb.

October 30, 2013

Mavericks

With all the updates being posted to applications on my iMac, I have noticed it getting slower and slower (and it was already slow to begin with).  This happened when they started updating Snow Leopard apps for the move to Lion, which means this was not unexpected.

Last night I bit the bullet and installed Mavericks, hoping it would help with some of the memory management issues.

So far it's been pretty messy.  Apple totally hosed up the Gmail interface in the Mail.app.  I am plugging away at things and I hope once all the dust settles and everything is indexed, it will work again.  We shall see.

In the meantime, I ponder doing a fresh install of Mavericks rather than an upgrade...  not sure I have the time to spend messing with such a project.  The in-place update has taken longer to slog through than expected.  But it may be necessary if things continue to run so slow.

Stay tuned.

Posted by: Teresa in WebTech at 12:14 PM | No Comments | Add Comment
Post contains 162 words, total size 1 kb.

October 23, 2013

Commenty Fix

Just got a note from Pixy.  It seems the spam filter is what was causing the problem.  He thinks it is fixed but it might be slow to post comments.  I tried two test comments, one of them posted the other disappeared.  Have a go if you like and let me know via email if you can't get comments to post.

Thanks!

Posted by: Teresa in WebTech at 10:56 AM | Comments (2) | Add Comment
Post contains 64 words, total size 1 kb.

October 22, 2013

Comment issues

Apparently there are issues when trying to comment.  I have an email that I sent to Pixy about it.  Hopefully he can get it resolved soon.

Posted by: Teresa in WebTech at 05:57 PM | No Comments | Add Comment
Post contains 29 words, total size 1 kb.

October 02, 2013

Tech Tip of the Day

If you have a cell phone - back it up.  Doesn't matter what kind of phone, figure it out.  Even a flip phone of the old school.  If you have phone numbers in it, make a pencil and paper list if you must. If you have photos, find a way to save the ones you want. Any other data - make sure you have copies somewhere. 


This way when something goes south, you have the data somewhere and can restore it. 

Posted by: Teresa in WebTech at 03:11 PM | Comments (4) | Add Comment
Post contains 86 words, total size 1 kb.

<< Page 1 of 31 >>
59kb generated in CPU 0.05, elapsed 0.072 seconds.
72 queries taking 0.0391 seconds, 252 records returned.
Powered by Minx 1.1.6c-pink.