Security Summit Thoughts – Hack-Proof Your Mac or PC

Posted on March 20, 2018January 13, 2025 by Gail Eddy in Hackers, Microsoft, Phishing, Ransomware, Technology Tips

Last week I attended Microsoft’s “Virtual” Security Summit. I have the word virtual in quotes because I didn’t have to travel anywhere. My son and I watched the live streaming video in our living room! While I like the buzz of meeting new people, staying at home and learning new things has its advantages as well. The Summit was primarily targeted towards management of large enterprise firms, I did pick up a few nuggets of information that will help the average person with the security of their machine as well.

First tip for Security:

Make sure the user permissions on your account are set to “Standard User” and not “Administrator”. This cuts down on the chance that viruses or other malware can be easily installed on your machine. This also protects a random bad operator from installing a bitcoin mining operation on your machine. You provide the computer and electricity, they get the benefit. If anyone has ever installed the SETI program on their machine, it would work similarly to that. (The “Search for Extra-Terrestrial Intelligence” program gave the opportunity for ordinary computer users like Chris Eddy to allow SETI to use some of their computer operating power.)

Make your machine harder for the bad guys to get access to. Use a very secure password, set up two-factor authentication wherever you can. Install updates to your Operating System as soon as they are available.

Finally:

Use good security practices. Patti Chrzan, head of Microsoft’s cyber-security fraud division said this:

“90% of all cyber crime starts with a phishing email”

A reminder that the phishing email is an attempt to get access to your personal information, like your birthday or password. A phishing email might also install a virus, ransomware, or other malware.

Being hyper-alert of every click, and every email you open puts you way ahead of the average person. Even if the email seems legit, never click on a link in an email from a corporation until you have confirmed its legitimacy. Call the company to confirm that your account has been hacked, or your password was changed, or a large purchase was made. Never take the word of an email at its face value!

The highlight of my day was when Microsoft retweeted my comment:

Just because you have an antivirus installed, does not automatically make you secure. You must have good personal systems in place too.

Past blogs you may find helpful:

20 February 2018 – Secure Passwords
28 November 2017 – Phishing
4 April 2017 – Two-Factor Authentication

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.

We’ve been using Amazon Prime for the past few years. We like the free and fast shipping. With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.

3 Tips to Creating a Secure & Strong Password

Posted on November 1, 2016April 29, 2024 by Gail Eddy in Entertainment Apps, Hackers, Tips

Last week, I wrote about the DDoS attack which occurred on October 21st. That attack shut down many websites and apps, especially for users on the East Coast. I recommended that you use a very secure and strong password. Please don’t use one of these most common passwords!

Use a Strong Password! Not these Common Passwords Source: http://i.imgur.com/FImcPiG.png — The Most Common Passwords
Source: http://i.imgur.com/FImcPiG.png

How to create a Strong Password:

It occurred to me that you may need some guidance to create a really secure and strong password. Here are some tips:

First, the more characters in your password, the more secure it will be. According to mSecure, a four-character password can be cracked in under a minute, while an eight-character password can be cracked in five months. A nine-character password can take up to 10 years to crack. Notice I said “up to”. Just using lots of characters doesn’t work if the password is easy to guess. That’s why you also need:
Next, think Complexity. Using a eight-character password like “password”, “Password”, or even “PasswØrd”, is too easy to guess. Even a nine-character password like “password1” is relatively easy to crack. The same goes for “Admin”, “administrator”, and “12345678”. These are common passwords that a lot of people use. In order to make a password more complex, add symbols, capital letters, and numbers. Using symbols or numbers in exchange for letters makes the password easier to remember. For example swap out your “o” for an “Ø”, your “a” for “@”, or your “e” for a “3”. You can even use a password generator like passwordsgenerator.net to generate a truly unique password. I like this one because I can set the number of characters and whether or not I can use special characters like @#%& for a particular website. Above all, when you go to enter your log in credentials:
Finally, you must remember that very strong password! Some ideas include a favorite book, your best friend’s name from second grade, or your grandparent’s street address. Just remember to add some additional complexity to make it even more secure. For example, “Newport” can become “517Newport”, “NewpØrt”, or “Newport100”. If you must write down your passwords, keep it in a secure place. I use a password protected spreadsheet.

Please make it a point to use a secure and strong password on all of your internet connected devices. Change it today!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more on our website. Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

We’ve been using Amazon Prime for the past few years. We like the free 2-3 day shipping and the online streaming. I haven’t tried the Kindle lending library yet, but I’m tempted! Prime is normally $99/year, but you can try it for 30 day for free by clicking on this link: Try Amazon Prime 30-Day Free Trial (Yes, we’ll get a small commission when you sign up.)

Save

DDoS? And Why YOU May be to Blame

Posted on October 24, 2016January 13, 2025 by Gail Eddy in Hackers, Internet Service, Malware, Printer, Tips

Last week, many websites and apps were severely compromised, especially on the East Coast. Apps like Twitter, Reddit, Spotify, AirBnB, and Netflix slowed to a crawl or were shut down altogether. A DDoS attack was launched against Dyn, a New Hampshire company that provides DNS routing.

Level3 Outage map on 24Oct16 Screen Shot by Geek For Hire, Inc. — Level3 Outage map on 24Oct16
Screen Shot by Geek For Hire, Inc.

What did you just say?

DDoS = A “Distributed Denial of Service” occurs when hundreds of thousands of messages are sent to specific internet addresses with the intent to overload that service and shut it down. (In this case, the intent was to take down Dyn in order to affect many websites and not just one.)
DNS = The Internet’s Domain Name System translates the URL’s we enter, like www.google.com, into “the numerical IP addresses needed for the purpose of locating and identifying computer services and devices.” (From wikipedia)

In the past, most DDoS attacks were focused on a particular website. Last Friday, the attack was focused on a company which the NY Times calls “one of the Internet’s giant switchboards”, which had a devastating impact.

So, how is this MY fault?

Do you have a surveillance camera on your front door? A wireless printer? A “smart” refrigerator”? All of these are connected to the internet with their own numerical IP address. The “bad guys” can run through a list of IP address to see which addresses can easily be compromised. Once they’ve identified these devices, they can use them to add to their arsenal to send the messages that create the attack.

I still don’t get it. How is this MY fault?

Do you use a password on all of your internet connected devices? Is it secure? A password of “admin”, “123456”, or “password” is NOT secure! Have you ever been out looking for free WiFi, and something like “HP-M475-5E3F78” was presented as an available WiFi that you could connect to? That is what happens when someone does not put a password on their printer. There are literally millions of WiFi connected devices in the US. How many of those are vulnerable to participating in these types of attacks?

Please make it a point to use a secure password on all of your internet connected devices. Change it today!

Save

Sharing Your Social Media Identity with the Government

Posted on June 28, 2016September 4, 2016 by Gail Eddy in Facebook, Hackers, Passwords, Social Media

Every once in a while I read a story that makes me say:

WHAT?

Today was one of those days. According to this article in arsTechnica, the US Customs and Border Protection is considering adding a new field to their Visa application process. They will be asking visitors to the US to provide their Social Media Identity. Apparently it won’t be a required field, but if you leave it blank, it will look very suspicious.

“The agency says travelers coming to the US…. won’t be forced to disclose their social media handles, but leaving it blank obviously could raise red flags.”

Additionally, the verbiage associated with the request is very nebulous. According to the article:

‘Here’s what will be asked: “Please enter information associated with your online presence—Provider/Platform—Social media identifier.”‘

So, someone who is not paying attention may provide not just their ID, but might also provide their login and password info!

I have a couple of thoughts about this.

First, of course, is that anyone can find anything online, so adding a box on their form will just make the process a little easier for Customs to get your info.

Second, how will Customs keep this info safe? How will they insure that someone can’t hack into their systems and capture the info – especially if some of those applications may contain ID’s and passwords?

Lastly, how will this help? Call me cynical, but I don’t think someone entering the country with malicious intent is likely to be providing their “real” social media identity.

It is far too easy to set up multiple identities online. Just look at me. I’ve got an email for business, an email for personal stuff, an email for networking, and an email for signing up for stuff online. It was easy to do this. And once you have different emails, you can set up different social media accounts.

No, those folks will be providing their ”professional” social media account; the identity they use for LinkedIn to show that they are an upstanding citizen of their home country. I fail to see how this new field on the visa application will keep out the “bad guys”.

What are your opinions about online privacy and multiple identities? We’d love to hear your thoughts!

Join Amazon Prime – Watch Thousands of Movies & TV Shows Anytime – Start Free Trial Now

Save

Change Your Password!

Posted on May 24, 2016May 2, 2024 by Gail Eddy in anti-virus, Hackers, Phishing, Social Media

In the last few days, we’ve had a bunch of calls from customers who have had their email hacked. They are hearing from friends and clients that their email is sending out spam. Some of them have been aggravated with us because they feel like their anti-virus should have protected them. (Security software can’t protect you if someone else already has your password information.)

Here’s the deal. Several years ago, LinkedIn was hacked. Login credentials were stolen from approximately 117 million LinkedIn accounts! Although this happened in 2012, one of the “bad guys” has recently decided to sell the credentials.

According to this article from Tech Crunch:

Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin.

117 million LinkedIn emails and passwords from a 2012 hack just got posted online

CNN:Money adds their two cents:

Companies typically protect customer passwords by encrypting them. But at the time of the 2012 data breach, LinkedIn hadn’t added a pivotal layer of security that makes the jumbled text harder to decode.

Put on the defensive, LinkedIn is now scrambling to try to stop people from sharing the stolen goods online — often an impractical task. The company is also invalidating all customer passwords that haven’t been updated since they were stolen.

LinkedIn said it’s reaching out to individual members affected by the breach. This particular hack affects a quarter of the company’s 433 million members.

http://money.cnn.com/2016/05/19/technology/linkedin-hack/

Since many people use the same password on their other online accounts, the hackers can potentially access other accounts as well.

Our advice? Change your passwords for LinkedIn and other social media sites today. If you use the same passwords for other online sites, change the passwords for your email and banking accounts too. (If you didn’t have a LinkedIn account prior to 2013, you should be safe. This time.)

Changing your passwords on a regular basis is always a good idea!

Join Amazon Prime – Watch Thousands of Movies & TV Shows Anytime – Start Free Trial Now

The Scariness Increases

Posted on March 22, 2016May 2, 2024 by Gail Eddy in Data Backup, Data Recovery, Hackers, Malware, Tips

Ransomware

Chris forwarded a link to me the other day about some scary “malvertising”. For those of you who didn’t have Senor Garcia for High School Spanish, “mal” is a Latin prefix meaning “bad”. Other words you might be familiar with include “malware” and “malicious”. And that’s what this is: Malware that looks like advertising, but really contains malicious code.

I can hear you saying: “But I know how to be careful and not click on stuff that looks suspicious!” And that’s the issue right there. These are “advertisements” that appear on highly respected websites. ARS-Technica warns us that:

“Mainstream websites, including those published by The New York Times, the BBC, MSN, and AOL, are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned.

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when “Angler,” a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network.”

Another technical site, MalwareBytes, mentions some other websites, including Newsweek, Realtor.com, and NFL.com.

And, the malware that is being downloaded isn’t your run-of-the-mill virus. In many cases it is Ransomware, which takes all of your files and encrypts them with a special key. You then need to pay a ransom to get the encryption key to get your data back.

This is not a message you want to see popping up on your screen!

Ransomware Image - source: http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/ — Ransomware Image – source: http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/

What is our advice?

Use an adware blocker like AdBlock Plus
For some websites, they won’t show you ANY content unless you agree to see their ads. In that case, never click on an advertisement.
If you really are interested in a product or service that is being offered, go to the company’s site directly.
Keep your data backed up to an external source. And back it up at least once a month – more often if you are working with ever-changing and precious data.

If you need help getting rid of any malware, or learning how to regularly back up your data, give us a call!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area.

Are You Thinking of Using a Password Manager?

Posted on January 26, 2016May 9, 2024 by Gail Eddy in Cloud, Hackers, Passwords, Phishing, Tips

I am of two minds when it comes to an online password manager. On the one hand, I think it would be a great way to keep multiple passwords secure. On the other hand, I worry about hackers gaining control of my data.

That being said, if your keyboard (or monitor) looks like this, it’s time to find another solution!

Luckily, there are several online password managers to choose from:

1Password
Dashlane
LastPass
KeePassX
mSecure
Sticky Password

Most of these have the same or similar features.

Manage passwords over multiple devices
Generates ultra strong passwords
Stores banking and other sensitive information
Most are free but do have an annual or monthly fee for certain upgrades
Some utilize the iPhone fingerprint to confirm your identity

Even with a secure password manager, you still need to be careful of “spoofing”, where a fraudulent web page is displayed to trick you into providing your super-secure password key as described in this article:

Which password manager do you use? What are its best features? What don’t you like? Let us know in the comments below!

Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PC’s for the past fourteen years. His company is highly rated by both the BBB (Better Business Bureau) and by Angie’s List. You can find more at http://www.GeekForHireInc.com Geek For Hire, Inc. provides onsite service (Tier 3) to the Denver / Boulder / Front Range area and remote service throughout North America.

Protect Yourself from Phishing Attacks!

Posted on January 5, 2016May 9, 2024 by Gail Eddy in Hackers, Phishing

How to protect yourself from phishing attacks? Many of you know that I take frequent road trips. That’s why my vehicles have the EZ-Pass device on them. EZ-Pass automatically collects tolls on highways and bridges on the East Coast. (FYI, FasTrak is used on the West Coast. Here in Colorado, we use ExpressToll.) When this article crossed my news feed, I was particularly interested.

“Phishing Scam Alert: There is a phishing email* being sent to drivers across the nation claiming they owe money for unpaid E-ZPass tolls. This is not an email from The Toll Roads, the Transportation Corridor Agencies, E-ZPass or E-ZPass tolling agencies. E-ZPass is used to collect tolls electronically on the East Coast; FasTrak is used to collect tolls electronically on the West Coast.

In fact, during the fourth quarter of 2015, phishing attacks saw a huge increase. As expected, financial institutions took the biggest hit, although any company is vulnerable.

Wikipedia has a good definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

How to protect yourself from phishing attacks:

Remember that most phishing attacks come via email, so it is very important to remain vigilant about what links you click in the emails you receive. Even when an email looks legitimate, with accurate looking logos and links, if you have any doubt, don’t click!

Social Media is becoming another prime target and a place to protect yourself from phishing attacks. In fact, according to Ian Trump of LogicNow:

“One in five phishing attempts is made through social media. Some of these will be unsophisticated attempts to snare anyone who might miss-click, but others will be more targeted and try to fool people with specific information, attempting to drive the user to a fake website where they will enter their username and password. A compromised social media account has the potential to wreak further havoc, especially given the habit for people to use the same password over and over again for both work and personal accounts.” More info in this article.

Whenever you receive an email saying you owe an organization money, or they need to confirm your information or anything that makes you wonder if it’s for real, be especially careful. Never click the link on the email. Instead, head to the website you’ve used before to check out the authenticity of the message. If you find that it is a phishing attempt, notify the company too.

Have you been hacked? How do you protect yourself from phishing attacks? How do you handle it? Let us know in the comments below!

I’ve created a Free Report on how to protect yourself from phishing attacks. Click here to receive it!

Watch Out For Phone, Text, Email, and other Scams:

Remember to stay well clear of shortened links unless you know without a doubt where that link will take you. That includes most bit.ly and owl.ly links. Here’s a recent article about short links.
Right now there are a lot of scams out there. Read our article about Covid19 scams.

Information about Geek For Hire, Inc.

Chris Eddy of Geek For Hire, Inc. has provided computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area and remote service throughout North America.

Here’s a link to our Covid19 Policy.

A Look Back at 2015 in Technology

Posted on December 22, 2015February 25, 2025 by Gail Eddy in Computer History, Hackers, Siri, Tips

Every year there are new developments in the Technology world, and 2015 was no exception. Here are just a few:

VR Headset – At the CES 2015 show in January, no one expected Virtual Reality for the masses to be available this year. They were wrong! Announced in time for Black Friday, Oculus as released a headset that works exclusively with the Samsung Galaxy smartphone. More info here:

iWatch – Apple has been developing their watch since 2011 and it was finally available in the spring of this year. Reviews on the different tech sites that review these things have been mixed. Reviews by Amazon consumers are much higher.

Intel Skylake – Chris is pretty excited about the new 6th generation Intel Core Processor. He says it will run better on mobile technology. Do you know what the 1st generation was? Check out this article and astonish your geeky friends!

Tesla – Chris is also excited about the new Ludicrous upgrade to the Tesla Model S P90DL. Well, anything that takes you from zero to sixty in under three seconds has got to be worthy of some salivation! Here’s a link to DragTimes video.

Car Hacking – This was a big story this past spring. Computers in cars are pretty ubiquitous now and are just as susceptible to hacking as other computers are. The difference here is that car manufacturers don’t seem concerned and are not doing what they could to make their systems more secure. A previous blog about a report released by Senator Ed Markey has more information.

DieselGate – Earlier this year we found out that VW and Audi installed software on many of its 2009-2015 diesel models that would essential “cheat” emissions tests. From this NYTimes article “The software sensed when the car was being tested and then activated equipment that reduced emissions, United States officials said. But the software turned the equipment off during regular driving, increasing emissions far above legal limits, possibly to save fuel or to improve the car’s torque and acceleration.” There’s more info here: Late last month, VW announced their fix for the diesel engines. Automotive News describes the modifications that will need to be made here.

What do you were the most significant technology announcements in 2015? Share in the comments below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

How To Keep Your Online Presence Safe During the Holiday Season

Posted on December 15, 2015October 3, 2024 by Gail Eddy in Hackers, Passwords, Tips

With the holidays coming up, people are doing lots of online shopping. It is very important to keep your online presence safe! Last week I heard the Amazon website may have been hacked and user IDs and passwords may have been compromised.

Now is the time to change your password for all of your online accounts. Especially accounts where you have credit card or other financial information stored!

To keep your online presence safe, when you change your password, make it a STRONG password!

Use each type of character that the website allows. For example, some websites only allow you to use letters, capital letters, and numbers. Others allow you to use special characters like “@”, or “&”, or “#”. Always use the special characters unless the website doesn’t allow you to. One of the best ways to make a strong password is use a word that is familiar to you and change some of the letters. For example, you can change “a” to “A” or “@”. You can change “o” to “O” or “0”. An “s” can become “5” or “$”. You get the idea. It’s also important to use a long password. Most websites require eight characters, but you should use at least 16 characters wherever the website allows you to. Adding a date to your familiar word will add another eight characters to your password

Here are the steps to follow:

Use letters and capitals
Use numbers
Use special characters
Replace letters with capitals, numbers, and special characters
Make the password at least 16 characters long, or as long as the website will allow you

So a good strong password could be “1_lIk3-$un5ets_1215” instead of “Ilikesunsets”

When you change your password, make it a UNIQUE password!

Use a different password for each site. When you use the same password on multiple sites it makes it that much easier for hackers to get into your accounts on other sites as well. Each site where you have stored credit card information or other financial information should have a different and unique password. So, yes, you’ll need a different one for Amazon and eBay. And, you’ll need a different one for Fidelity and Charles Schwab.

What’s the best way to do this? Add two or more characters to your strong password to indicate which site it is for. For example, you could use “1_lIk3-$un5ets_F1d”, or “1_lIk3-$un5ets_eby”

Phishing is also a holiday issue!

Keeping your online presence safe requires vigilance. Be aware of phishers!

Phishing is when someone tries to trick you into giving them your sensitive and private information. Generally, they’ll send you an email. (They might also call you on your phone.) They tell you there is an issue with your Amazon or Charles Schwab account and that you need to update your password immediately. The email looks legitimate, and you are tempted to click on the “Log into your account now!” button. Even if it is a legitimate email, you should always go directly to the official website and log in.

Do you already use strong passwords? What tricks do you use? How do you remember them all? Share your tips with your fellow readers in the comments below!

Information about Geek For Hire, Inc.

I’ve created a Free Report on what to look for to protect yourself from “phishing” scams. Click here to receive it!

Category: Hackers

Security Summit Thoughts – Hack-Proof Your Mac or PC

First tip for Security:

Next:

Finally:

Information about Geek For Hire, Inc.

3 Tips to Creating a Secure & Strong Password

How to create a Strong Password:

DDoS? And Why YOU May be to Blame

What did you just say?

So, how is this MY fault?

I still don’t get it. How is this MY fault?

The Scariness Increases

Ransomware

Are You Thinking of Using a Password Manager?

Protect Yourself from Phishing Attacks!

How to protect yourself from phishing attacks:

Watch Out For Phone, Text, Email, and other Scams:

Information about Geek For Hire, Inc.

A Look Back at 2015 in Technology

Information about Geek For Hire, Inc.

How To Keep Your Online Presence Safe During the Holiday Season

To keep your online presence safe, when you change your password, make it a STRONG password!

When you change your password, make it a UNIQUE password!

Phishing is also a holiday issue!

Information about Geek For Hire, Inc.