June 20, 2012

Got a Smart Phone?

The latest and greatest scare tactic to part you from your money is now hitting smart phones.

Beware Scare Tactics for Mobile Security Apps

Okay you read it right? Well, stop here, go read... I'll wait.

Now you skimmed it, you saw the word "android", and decided it's not a problem because you have an iphone...

Here's the deal. This is being served up via the browser.  This means it could hit your phone or tablet no matter which mobile platform you use, no matter what sites your browse.  Yes, "good" sites have ads and reputable sites have served up malware ads.

It's a scam of course. Please do not click on anything, do not give them any info, especially credit card info!  But you don't even want to give them your email address.  Hijackers should get nothing from their efforts.

With an iphone you can shrink it to a tile and then close it. Not sure what the android platform offers but would assume something similar.

If you read down in the article, Brian has more tips for safe browsing on your smart phone (which includes all tablets). I agree with him. You have to be thinking when you are browsing. Using your brain is the best way to keep crapware off your systems period.

Better yet, go read this

Krebs’s 3 Basic Rules for Online Safety

He's a smart guy and he knows what he's talking about.  It's worth a few minutes of your time to read these articles as they may save you hours of grief later. 

Happy surfing - mobile or otherwise.

Posted by: Teresa in WebTech at 11:58 AM | Comments (1) | Add Comment
Post contains 270 words, total size 2 kb.

June 19, 2012

Authenticate Yourself - with slight updatey goodness

Authentication - Part 1

I've been dragging my feet on this for quite a while (over a year which is quite a bit of time).  Today I finally set up Two Factor Authentication on my Google account. 

When it was first introduced, I was waiting to see if it would all go wrong.  After all, new stuff fails all the time in unexpected ways.  Then after a while I was simply paranoid and figured I didn't have time to unwind the mess if I locked myself out of my own email.  Thus I let it ride and ride. heh. 

Of course I'm not at a hugely high risk of having my account compromised.  I don't log in from public terminals.  I don't use the same password everywhere. I don't do any app that wants my email password to "tell all my friends".   Yada, Yada, Yada.  It doesn't make me totally safe, but safer than a goodly number of people.

Then I would forget about it because it was too fatiguing to keep trying to remember it.  For some reason something reminded me today and I decided to look into it more closely.  It looks simple enough... but I'm always looking for the catch. The thing I will forget until I get into the middle of something and suddenly I'm stuck. 

I watched the video a couple of times and then took the plunge.  And... it all worked beautifully. I have to say I was shocked. 

The premise, for those who don't know: you log in with your username/password then you get a second screen and have to enter a special 6 character number sent to you by google.  You can have google either send this number to you via a text message or they can call and give it to you via a voice message.  (there is a time limit of course so you have to be ready to enter the number when you get it).

Once you are logged into the website portion, you can set up a special password for any of your applications that need to access google - so Outlook, Mail.app, Picasa, iphone mail, ipad mail, etc etc.  They go over all of it.  The only surprise was the G+ app on my iphone - that actually does the Two Factor Auth instead of the special password.

They even give you special numbers you can print and save them for an emergency.  If you need to get things changed but don't have your phone or you're traveling in a foreign country that kind of thing.  

Last of all, if you have a smart phone, they have an app that will generate these numbers with or without an internet connection. I'm not sure if that's a good thing or not... can't decide since it's fairly easy to lose your phone.

However, this makes it very easy to de-authorize a phone or tablet or laptop if it is lost. 

So I would give this a "yes" if you have a google account.  Watch the video a couple of times. Have your cell phone with you (or your landline if you want to do a voice number - you are not supposed to use google voice for this!!!).  And turn it on.  You do have to reauthorize your home computer for web access every 30 days, but this is far better than trying to get help from google if your account is compromised.  The apps do not need to be reauthorized unless there is a problem.

*** UPDATE: when setting up a mail program, hang onto the password they give you until you have done a test send/receive of an email.  With gmail you have to authenticate to get mail and to send mail so make sure you've done both and saved the password in both places or you'll have to go back, revoke the current password and do it all again. Just a minor annoyance.

***

Authentication - Part 2

Here's an iphone tip I just heard recently.  I can't remember where (drat - because I like to give kudos to people who have good tips!)

Using the simple passcode of a 4 character pin is pretty trivial to overcome, but who wants to be typing in a long passcode on that bitty keyboard?  Next best thing on an iphone (and who knows it might work on androids too).  Go into Passcode Lock in your settings. Turn off the Simple Passcode.  Now when you turn on the Passcode Lock, go to the numbers and enter a number longer than 4 characters.  That's it.  When you go to unlock the phone, it will give you only the number pad because you only entered numbers.... just more than 4.  It's marginally safer than the simplest of passcodes and easier to type too.

Those are today's safety tips.  FWIW.

Posted by: Teresa in WebTech at 11:08 PM | No Comments | Add Comment
Post contains 815 words, total size 5 kb.

June 14, 2012

Patchy - Patchy

Microsoft has released its monthly patches.  Java has released a huge patch recently (I found I did need to keep Java on my machines because of a printer that uses it - irritating).  Also Adobe Flash has updated.  Check on all of them on your system if you have Windows machines.

Apple sent out the Java patch just yesterday.  And Adobe Flash updated although flash updates through the browser rather than through Apple.

So there you go.  Check your updates and be sure they are done.  This makes you and others safer since it keeps your system from being easily hijacked by known issues.

As for me, I've been patching work computers which is tedious and about like watching grass grow, but it must be done and has to be supervised.  Such is life in computerland.

Posted by: Teresa in WebTech at 10:10 AM | Comments (2) | Add Comment
Post contains 139 words, total size 1 kb.

June 06, 2012

LinkedIn Woes

Today is LinkedIn's day in the spotlight of computer security. Not a joyful day so far either.

First we have a tweet from Brian Krebs

Still no confirmation from LinkedIn, but it's a good idea to change your password now if you use this service


So if you use LinkedIn - go change your password. If you are using the same password for your email account - change that too (to a DIFFERENT password than you are using for LinkedIn please!)

They are still trying to confirm whether or not something happened.  But changing a password is easy to do and less bothersome than finding out later that someone did get your password and is now causing trouble for you.

Then to continue on this same theme I saw this at Ars Technica

Your iPhone calendar isn't private—at least if you use the LinkedIn app

I had heard a while back that the LinkedIn app was sending the login password in the clear.  Since I don't use LinkedIn enough to have an app for it, I didn't bother thinking much about that bit of info.  Now it seems the app is doing even more fun stuff.  It is scraping your calendar for information even if the calendar item has nothing to do with LinkedIn... awesome!

I would say - give LinkedIn apps a wide berth for a while.  Even if they are Android apps.  They are looking at iphone apps, but just because no one is talking about the Android counterparts does not make them safe. 

Yeah, not such a hot day for LinkedIn. 

Posted by: Teresa in WebTech at 11:17 AM | Comments (3) | Add Comment
Post contains 267 words, total size 2 kb.

<< Page 1 of 1 >>
35kb generated in CPU 0.03, elapsed 0.0395 seconds.
69 queries taking 0.0227 seconds, 228 records returned.
Powered by Minx 1.1.6c-pink.