Skip to content

Posts from the ‘Uncategorized’ Category

6 days of security

What’s the process you do when you set up a new computer?

USCert site recommends these steps:

How can I improve my computer’s security?

The following are important steps you should consider to make your computer more secure. While no individual step will eliminate all risk, when used together, these defense-in-depth practices will strengthen your computer’s security and help minimize threats.

  • Secure your router. When you connect a computer to the internet, it’s also connected to millions of other computers—a connection that could allow attackers access to your computer. Although cable modems, digital subscriber lines (DSLs), and internet service providers (ISPs) have some level of security monitoring, it’s crucial to secure your router—the first securable device that receives information from the internet. Be sure to secure it before you connect to the internet to strengthen your computer’s security. (See Securing Your Home Network for more information.)
  • Enable and configure your firewall. A firewall is a device that controls the flow of information between your computer and the internet. Most modern operating systems (OSs) include a software firewall. The majority of home routers also have a built-in firewall. Refer to your router’s user guide for instructions on how to enable your firewall and configure the security settings. Set a strong password to protect your firewall against unwanted changes. (See Understanding Firewalls.)
  • Install and use antivirus software. Installing an antivirus software program and keeping it up-to-date is a critical step in protecting your computer. Many types of antivirus software can detect the presence of malware by searching for patterns in your computer’s files or memory. Antivirus software uses signatures provided by software vendors to identify malware. Vendors frequently create new signatures to ensure their software is effective against newly discovered malware. Many antivirus programs offer automatic updating. If your program has automatic updates, enable them so your software always has the most current signatures. If automatic updates aren’t offered, be sure to install the software from a reputable source, such as the vendor’s website. (See Understanding Anti-Virus Software.)
  • Remove unnecessary software. Intruders can attack your computer by exploiting software vulnerabilities, so the fewer software programs you have installed, the fewer avenues there are for potential attack. Review the software installed on your computer. If you don’t know what a software program does, research the program to determine whether or not the program is necessary. Remove any software you feel isn’t necessary after confirming it’s safe to remove. Back up important files and data before removing unnecessary software to prevent accidentally removing programs that turn out to be essential to your OS. If possible, locate the installation media (e.g., CD) for the software in case you need to reinstall it.
  • Modify unnecessary default features. Like removing unnecessary software, modifying or deleting unnecessary default features reduces attackers’ opportunities. Review the features that are enabled by default on your computer, and disable or customize those you don’t need or don’t plan on using. As with removing unnecessary software, be sure to research features before modifying or disabling them.
  • Operate under the principle of least privilege. In most instances of malware infection, the malware can operate only using the privileges of the logged-in user. To minimize the impact of a malware infection, consider using a standard or restricted user account (i.e., a non-administrator account) for day-to-day activities. Only log in with an administrator account—which has full operating privileges on the system—when you need to install or remove software or change your computer’s system settings.
  • Secure your web browser. When you first install a web browser on a new computer, it will not usually have secure settings by default, you will need to adjust your browser’s security settings manually. Securing your browser is another critical step in improving your computer’s security by reducing attacks that take advantage of unsecured web browsers. (See Securing Your Web Browser.)
  • Apply software updates and enable automatic updates. Most software vendors release updates to patch or fix vulnerabilities, flaws, and weaknesses (bugs) in their software. Intruders can exploit these vulnerabilities to attack your computer. Keeping your software updated helps prevent these types of infections. (See Understanding Patches and Software Updates.) When setting up a new computer, go to your software vendors’ websites to check for and install all available updates. Many OSs and software programs have options for automatic updates. Enable automatic updates if they are offered; doing so will ensure your software is always updated, and you won’t have to remember to do it yourself. Only download software updates directly from a vendor’s website, from a reputable source, or through automatic updates.

What are some additional best practices I can follow?

There are other simple practices you can follow to improve your computer’s security.

  • Use caution with email attachments and untrusted links. Malware is commonly spread by users clicking on a malicious email attachment or a link. Don’t open attachments or click on links unless you’re certain they’re safe, even if they come from a person you know. Be especially wary of attachments with sensational names, emails that contain misspellings, or emails that try to entice you into clicking on a link or attachment (e.g., an email with a subject that reads, “Hey, you won’t believe this picture of you I saw on the internet!”). (See Using Caution with Email Attachments.)
  • Use caution when providing your information. Emails that appear to come from a legitimate source and websites that appear to be legitimate may be malicious. An example is an email claiming to be sent from a system administrator requesting your password or other sensitive information or directing you to a website that requests your information. Online services (e.g., banking, ISPs, retailers) may request that you change your password, but they will never specify what you should change it to or ask you what it is. If you receive an email asking you to change your password, visit the site yourself instead of clicking on any link provided in the email. (See Avoiding Social Engineering and Phishing Attacks.)
  • Create strong passwords. Use the strongest, longest password or passphrase permitted. Don’t use passwords that attackers can easily guess, like your birthday or your child’s name. Attackers can use software to conduct dictionary attacks, which try common words that may be used as passwords. They also conduct brute force attacks, which are random password attempts that run until one is successful. When setting security verification questions, choose questions and answers for which an internet search would not easily yield the correct answer (e.g., your pet’s name). (See Choosing and Protecting Passwords.)

 

 

Dear AT&T can you fix our phone number?

Right now if you want to call us, use 559-252-8586 because someone at AT&T has somehow switched our main number from 559-252-8585 to 559-251-3001.  So if you call us and we don’t answer… it’s not that we don’t want to, it’s that the phone number isn’t ringing us.

So call 559-252-8586 until this gets fixed.

All fixed now.  You can call us at 559-252-8585.

14 days of security

Time for a little game.  Time to see if you can spot a real email from a phish.  A phish email is one that tries to trick you into clicking on a link.

So go to this Sonicwall phish test and see how you do.

Go ahead  I’ll wait.

Well, did you get them all right?  I bet you didn’t.  I didn’t either.  See how hard it is to determine good emails from bad?  This is why one needs to be so aware of emails and just be a little paranoid when opening them up.

15 days of security

So you know you’ve been hacked.  Now what?  You can tell your passwords have been reset and you can’t get into your accounts.  You have evidence that a bank account has had funds transferred without your permission.  What can you do?

Well it honestly depends on exactly the level and damage of the attack.  Financial crimes have a higher impact and thus will often get action.  Low impact crimes, for example where someone is spoofing you online and pretending to be you in Facebook and asking for “friend” requests won’t get police action.

But what can you do to at least make authorities aware of the problem?  Obviously with any hacking or cyber activity that has a financial impact, immediately call your financial institution.  They can change bank account numbers, put in place positive pay processes to ensure that no authorized transactions get made without your explicit permission.   For high impact intrusions you can contact the FBI or the Secret Service or the Internet Crime Complaint Center.  For lesser impactful attacks you have much less options.

Often the best thing you can do is make sure passwords are changed and you run a full antivirus scan on your system with a third party antivirus program that you don’t normally use.  Using the antivirus from another vendor will often showcase other issues you weren’t aware of.  Many vendors provide full scan tools for free. or have rescue disks to help get your machine cleaned up.

23 days of security

You go to a web site.  You search for something.  You then go to another page and the very thing you were looking for is now in the advertisements in the facebook feed, the side banners, just about everything you look at.   All due to tracking, beacons, cookies and all of the things that web sites use to keep track of you.

Just out today is something that is interesting, frightening, sad, and empowering all in one.  And for those of us in the United States, a bit timely.

Firefox and ProPublica are bundling a browser that has specific extensions specifically to monitor election ad tracking as well as provide a database of what ads are targeting us.  Just the other day my Dad said that if every politician did what their opponent said they did, we shouldn’t vote either one into office.  But nevertheless, someone needs to represent us and rather than not voting at all, it’s time to make your voice heard.

The ProPublica extension specifically tracks what ads end up in your Facebook stream and what they are targeting.

What the Extension Does

The extension places a content script on every Facebook page you visit. That script scans for ads, which it then stores on your computer. These ads are also sent to ProPublica to support research and journalism

But Susan, (you say) in the month of paranoia you want to SEND information to a journalism site?  For this purpose I do.  I’m convinced that foreign countries did (and still do) use targeted facebook and targeted twitter bots to enhance and influence opinions in other countries.

If you don’t do social media, wonderful, this paranoia isn’t for you.  But if you do… it might just be an interesting experiment to undertake in the month left before the elections.

Even if you don’t think this is an interesting idea, may I strongly urge you to ensure you are signed up to vote.  For some states, the deadline was today.

I don’t want to make this post political in any way, I just want to urge you to vote, period.  It’s time we all keep a bit more eye on things.

24 days of security

Today I’d like to remind you about a risk of something that too often we don’t think anything about and just take for granted…. wifi.  Walk into a Coffee shop and you will find people using a wifi that they don’t know anything about.  Go to a hotel and the check in process hands you a password to a wifi access point.

Yet you should think about what CAN occur on a hotel or public wifi which includes malware, man in the middle attacks, Malicious hotspots, or wifi sniffing.  I generally make it a rule to not connect to a wifi access point that I haven’t personally installed (my home and office), or personally know who has (friends and family).

Now you can add vpn services like NordVPN, ExpressVPN, OpenVPN and any number of other VPN services that put a layer of protection around your connection, but my recommendation is to also pay for that as well.  Don’t rely on free.  As a general rule “free” means that you are the product they are selling.  Review the end user license agreement very carefully, or don’t connect at all.

Also consider the device you travel with.  As a general rule, traveling with an ipad or android tablet is not only easier to get through the TSA lines, but also less of a target for malware.  Not saying that ipads are immune but giving the apps store experience, there is more of a vetting process that goes on.  When I do travel with a laptop for travelling, I travel with a (now several years older) Surface with built in cellular connection so I have the easy ability to get online with a paid cellular connection and not connecting to the Amtrak wifi, hotel wifi or coffee shops.  It’s getting a bit slow now and I’m looking forward to replacing it with a newer lightweight device that contains built in cellular as well.

Too often I see too many of us in restaurants, hotels and coffee shops with our nose in our phones or computers and not enjoying the ambiance of the moment.  Time to be a bit more paranoid about connecting to the wifi and make eye contact with that person sitting across the room from you.

25 days of security

It’s now been seven days of paranoia and today’s topic is about social engineering.  Or as the FBI puts it in their video designed to help train political campaign workers to not be tricked… “targeted lies designed to get you to let your guard down”.  Social engineering is now one of the key ways that attackers use to get into our systems, however, it is not new.  Back in 1995, Kevin Mitnick was arrested for breaking into computer systems, often without cracking passwords, merely tricking the person on the other end of the phone call with key information to get them to trust him to turn over more information.  He now is the “Chief Hacking Officer” of Knowbe4 a security awareness company.  What worked then, still works now, except what often worked then had to do with a human, Kevin, calling the victim over the phone and gathering information to trick the person on the phone to turn over key information.

Now we use phishing and spear-phishing (targeted attacks) via email to get to the same target.  As is noted in the video by the FBI, be careful what you share online and on social media.  Often you “leak” key personal information in social media posts.  Often password reset questions can be googled.  How many times have we seen reports of key individuals whose email accounts got hacked by being able to google up key questions in the person’s biography like where they went to school and so on.

90% of breaches start with social engineering/phishing attacks.  Read that stat again…. 90%.  Ransomware containing emails have increased 6000% between 2016 and 2017.

Bottom line they are out to get you so watch your email carefully.  For all the automatic tools and filters I have on my email, often the only thing between me and an attacker is a bit of skepticism and paranoia and not immediately opening up emails.  Don’t open attachments you weren’t expecting.  Run files through www.virustotal.com just to be safe.  Empower yourself it not immediately take action on email.  Be more suspicious of what comes into your email.  The vast majority of email in your inbox is there to attack you.

26 days of security

We now turn to today’s (belated, sorry my automatic posting tool broke and didn’t post this entry) paranoia post.  And today’s paranoia is a reminder to check out the ways and means you can get your email back should someone hack your password.  Often the way to reset a password is to send a recovery email via email.  But if the very thing you are trying to recover IS email, obviously you need some other means to gain access and reset the password.  If you are unsure if your main email account has such a secondary access, now is the time to check it out.  Gmail will often remind you if you don’t have such a secondary account.  For Outlook you go into the security settings of your account.  I am seeing more and more web sites asking to set up multi factor and or secondary access to ensure you can get back into an account.

I’ve also seen where when an email account gets hacked, this reset account gets changed to the attacker’s email address so that they can reset it.  For all the talk of passwords are dead, we are still so dependent on them.

So take some time to determine if you have a secondary means to get back into your account and prove that you are you.  If you can’t prove that you are you, you might not be able to get back into your email account.  I’ve known some folks who have had this happen to them and it’s not a fun thing to deal with.

27 days of security

can you trust your hardware?  You’ve probably seen the headline about chips embedded into motherboards of computers used by Apple and others.

But before we start unplugging all of our computers and going back to paper cups and string as our communication means, there are also numerous stories that the article has holes in it.  For example… statements from the vendors.  Questions about the reporting from others.

But now there are stories that it’s not just hardware but firmware updates.  So how can you trust hardware when so much of it is built in a Country (and I’m going to be less than diplomatic here) has a history of being less than transparent?

And how do you know if you have a system that has such a backdoor?

There are several tools I use to better understand what is going out of my system, but none of them are easy to understand.  Some are cheap (free), but take a rocket scientist, of which I am not, to understand.

Ranging from tools like wireshark (free) that allow you to view the packets leaving your system, to Windows defender Advanced threat protection that give Windows 10 E5 users (yeah, not cheap) the ability to view in a console what is going on in your system helps me to better understand what is going outbound from my computer.

What is a bit disconcerting is that all of this information that we, the computing public, need to better understand what is happening to our systems is getting more complicated, not less.  Furthermore, our vendors are making it harder to get answers from our own systems.  While Windows 10 has a relatively new (in 1803) diagnostic data viewer, pretty much only a Microsoft engineer can understand it.

So what’s a computer user to do?  Today I don’t have a good solution for us.  Seeing and viewing outbound traffic and understanding it isn’t easy.  I hope that someday Microsoft will put Advanced threat protection in all versions of Windows.  The best I can recommend is get a gut feel for your system.  Open up the task manager and view what processes are running.  Note when your system “hits” the hard drive and what you are using at the time.  See if you want to tackle understanding Wireshark.  And then just kinda freak out a bit reading those articles.

I told you this would be 31 days of paranoia!

28 days of security

First off a couple of facts about “lost data”.  Unless you’ve written over the top of the very spot on the hard drive, that data isn’t lost.  It is, however an absolute pain in the rear to gain access to data that has lost it’s structure.   I still remember the day that on an IBM 8088 computer that I was intending to delete some files from a directory and instead I was at the root of the C drive and typed in del *.*.   Yeah, back in the dos days that was ugly.

And just because your data is in “da cloud” you need backups as well.  Office 365 is not immune to accidental deletions of information, and while in any cloud platform …just like it is on your local PC, the data is honestly still there, you just don’t have the ability to be an admin on a cloud server to run the necessary undelete tools to put it back.

And then… protect those backups.  As an unencrypted iPhone backup on a computer can often be accessed to get into phone data.  Back in the ancient days of offsite backup tapes, many a story was in the news that a backup tape was lost in transit.

While both cloud backups and onsite backups are invaluable tools, what you need to ask yourself is how fast do you want your data back?  A cloud restore process works, but may take time.  An onsite backup is often prone to failure, but is the fastest way to recover a lot of data.

So what backup solution do you use?  And for the bonus in paranoia… do you randomly delete a file/rename it and attempt a recovery?  When’s the last time you tested your backup?