Category Archives: Security

Simple ways to protect your digital life in a few hours

Online security tips

Have you ever thought about what you would lose if a hacker got access to your mobile phone, personal computer, email, banking details, or online shopping details? Most of us now store a huge amount of information and data with online services, and just one breach can lead to further compromises, or perhaps even provide an attacker with remote access to you smart phone or computer.

If you could ask any hacker if your digital life is at risk and the simple answer is a definite yes. Do not despair or feel helpless. There are some easy and simple ways to make your digital life less of a target for hackers, money-hunting phishers and overly aggressive marketers by simply increasing your security and data privacy.

We were all trained that an anti-virus software programs is enough but it will take little more than that. Antivirus helps to identify problems, however viruses don’t spread like they used to; the bad guys have adapted and changed their ways and strategies such that antivirus programs cannot keep up.

The basic rule of online security is software updates, smarter passwords and better defensive web browsers. All it takes is for you to adopt a few digital habits to avoid being duped by hackers or criminals who try to exploit your good nature.

If your computer becomes slower all of a sudden or you start receiving shady-looking offers, the first thing you should do is to check for malware that you might have picked up while surfing the Web. A great program to use is Malwarebytes which does a great job of finding and removing worms and Trojans. Or a secondary form of defense try Hitmanpro.

After you have removed all the nasty things then you should spend some time going though the recommendations below.

Update your software – Software is always changing and being updated but this is to address new vulnerabilities. Basically if you install something, then you need to keep it updated. Always update your phone and computer operating system; and then move on to all the apps you have downloaded. Also remember to check the software of your router which is often overlooked and a back-door for hackers, or simply buy a new router. Always run the latest software.

Increase your browser privacy – A web browser is the first place a hacker goes to snoop and aggressive marketers use to exploit you. When exiting a web session or after accessing sensitive information like your online bank, clear browsing data and remove all website data and passwords. Never opt to stay logged in to any site or save passwords. To avoid unwanted marketers activate Do Not Track in the settings for your browser and install a browser extension like Ghostery, Disconnect or EFF’s Privacy Badger to block spying ads and trackers.

Use strong passwords – A strong password is all that stands between you and a hacker. Using strong passwords can contain any threat when a site is compromised. True on and use two-factor authentication of your most used services. Use a different password for every site, so if one company is compromised, the hacker cannot use your stolen username and password somewhere else. Best passwords are random, long strings of numbers and letters. All my passwords are at least 25 characters long and saved using password manager software that can be synced across all devices.

Check the apps you use – Given the number of apps we use – there is an app for everything – businesses are increasingly monitoring where you are going and you do all day. Both a privacy and security concern. Check which apps have access to your location and other data and choose to turn of access or delete apps you rarely use. Bonus, it will also save battery life. Also check your Facebook apps and clear all that you don’t care about. Perform a security check with Google and Facebook on your accounts.

Encrypt your drives – By encrypting your devices will prevent criminals even governments for accessing your info if your device is lost or stolen. Encryption makes it much harder to retrieve anything without your permission. On smartphones you should add a password or fingerprint to unlock phone. Always password protect and encrypt your computer and any external hard drive.

The biggest security risk and vulnerability to our computers and phones is ourselves. Hackers are clever and trick us into providing access tour computers. Always think before you click and read what is on the screen. Use your logic and be alert of phishing scams. Never click on any link or open any attachment in emails from individual or companies you don’t know. Use secure websites marked with “https” especially when entering payment information. Remember your online security not effect you but also the people you connect with online.

Avoid being a hackers prey and take the time to run regular security drills. It only takes a few simple steps to make you digital life less attractive to hackers, phishers and overly aggressive marketers.

Share

FREAK OpenSSL Bug: What All Users Need to Know

FREAK OpenSSL Bug
Security researchers have discovered a crippling OpenSSL bug in Microsoft, Apple and Google devices, as well as many high profile websites, which could allow “man in the middle” attacks. These attacks can occur when Apple users are on public Wi-Fi networks, where they can be fooled into connecting to rogue servers claiming to belong to someone else.

The “FREAK” vulnerability (CVE-2015-0204), short for Factoring attack on RSA-EXPORT Keys, makes it possible for attackers to decrypt and monitor HTTPS-protected traffic.

A FREAK attack is possible when someone with a vulnerable device—Mac OS X computers, iOS and Android devices—connects to an HTTPS-protected website configured to use an easily breakable key once thought to be dead. It requires that the attacker be in a position where they can intercept packets between the endpoint device and the HTTPS-protected website.

How did we get here?

The flaw resulted from a former policy of the Clinton administration, which required weak 512-bit keys to be used in any software or hardware that was exported out of the United States. The U.S. government forbade the export of strong encryption in products shipped to customers in other countries.

These restrictions were lifted in the late 1990s, but somehow the weaker encryption have managed to remain in widely used software and hardware around the world, including the United States, and went unnoticed by the public until recently.

How to tell if your browser is vulnerable

Type this web address directly into your browser address bar:

https://freakattack.com

On this page, you can see if your browser is vulnerable, and it has a list of every vulnerable website. At the time of writing this post, only Firefox is safe to use on Mac OS X (both Safari and Google Chrome are vulnerable).

Have hackers figured out how to exploit the FREAK flaw?

There is no published attack using this vulnerability, but that doesn’t mean it’s not happening. Given the age of this vulnerability, someone has probably figured out how to exploit it, at least by the NSA. However, successful exploitation is not exactly easy to accomplish without physical access to the hotspot hardware.

This means that attacks can be launched by anyone who has access to Internet traffic, which includes governments, Internet Service Providers (ISPs), coffee shops or airports, and any other locations offering Wi-Fi hotspots. A malicious hotspot owner could exploit the vulnerability, or someone spoofing the Starbucks hotspot from a nearby location. And a well-versed hacker could pull it off, but it’s really not that simple.

Dan Goodin at Ars Technica described what can happen, and said:

[A]ttackers on a coffee-shop hotspot or other unsecured network can masquerade as the official website, a coup that allows them to read or even modify data as it passes between the site and the end user.

How can the FREAK vulnerability be resolved?

Both Microsoft and Apple are working on a patch for the client side, and they no doubt will soon. Web server hosts can also patch this on the server side, which they no doubt are doing as well.

Intego is continuing to research this threat and will continue to provide updates as new information becomes available.

Share

Simple steps to protect your online privacy and identity

Online Privacy

 

The NSA is not the only organization out there snooping on you. There are many hackers trying to gain access to your online accounts and harvest your personal information. There is no security measure out there that will protect you 100 percent short of hermitage. Nevertheless, there are a few really simple things you can do and precautions you can take to protect your online privacy and deter all but the most determined bad guys.

Always Password Protect Your Devices

The most basic security measure you can undertake is to password protect all your devices. By not protecting your device with a password is the equivalent of leaving your home or car unlocked. Perhaps you will be lucky and no one will take advantage and enter your home or car. Alternatively, someone might enter your home and steal your most valuable items and secrets.

 

Update your antivirus and malware software

Always keep you antivirus and malware software up to date and remember to run a full scan of your computer from time to time.

 

Change your password from time to time

From time to time it is recommended that you change your password from time to time. When you do create a password make sure it not a simple password like 123345. Never create and use the same password for all your online accounts. Make use of 1Password to store all your passwords and confidential information which allows you with 1 click to access your online accounts. All you will need to remember is your master password to open 1Password.

 

Create a Google Alert on your name

Creating a Google alert on your name is a simple way to know what is being said about you online and only takes about a minute or two to set up. Go here: http://www.google.com/alerts and enter your name, and variations of your name, with quotation marks around it.

 

Remember to sign out of all online accounts when you are done

By signing out of your online accounts will reduce the chances someone tracking while you surf the internet. It will also prevent someone from gaining access of your online account when you step away from your computer. This is especially important if you are using a public computer.

 

Never give out your email address, phone number, or zip code when requested

Make a judgement call when asked for your email, phone, or zip code. For example, if you at a bar and a sketchy guy comes over and asks for your phone, are you going to willingly hand it over. The same goes when you out shopping at established retail outlets and the cashier asks for your zip code. More often that not, most people freely hand over this information. Retail stores take this information and build a profile about you and what you have purchased.

 

Encrypt your computer

If you encrypt your computer or device would that an individual would need to have a password or encryption key in order tog win access to your content on your computer or device. On a Mac, you just go to your settings, choose “Security and Privacy,” go to “FileVault,” choose the “Turn on FileVault” option. PC folk need to use Bitlocker.

 

Turn On 2-step Authentication In Gmail

Make use of 2 step verification to turn your phone into a security fob. If you Gmail it is very simple to turn on 2 step verification. What this means is that if you want to login into your account from a new device, you will need a verification code that is sent to your mobile phone. Without this verification code your account cannot be accessed. This is like having a second layer of protection. Even if someone does get hold of your password, they will still need the security code to access your account from a strange computer.

 

Use cash when purchasing those embarrassing items

If you don’t want your purchases tracked, simply use cash. If you want people to know how much junk food you are eating, simply choose to pay in cash and avoid that credit card. This is especially true when it comes to those x-rated items or the lingerie you purchase. This will avoid you wife or girlfriend checking your monthly statement and asking why she did not receive the present that month.

 

Change your Facebook setting to “Friends only”

Change all your Facebook privacy setting to friends only and make sure that the default privacy setting is not set to public. If you use “custom” settings, then make sure you know and are comfortable with any “Networks” you’re sharing with. You can change your “Friends” setting so that people do not have access to the list of your friends.

 

Clear Your Browser History And Cookies On A Regular Basis

Have you ever cleared your browser history and cookies? Consider changing your browser setting so that when you close your browser all history and cookies will be automatically cleared and deleted. Not all browsers have these automatic options. Firefox enables you to set your privacy settings such that when you close your browser all cookies and browsing history are deleted. You can also set your privacy setting so that you browser never remembers your history. ON some browser you need to do this manually before you close the program.

 

Hide your online footprint and use An IP Masker

To hide your online footprint, you can download Tor or use an easy browser-based option like HideMyAss.com.

Source: Forbes.com

Share

20 worst passwords and how to secure your online identity

Password Security 1

 

There is clear evidence that people choose simple passwords for comfort rather than security.  Two events have shown that most people do not make the necessary effort to protect their data online.

Back in October, Adobe announced that their servers and system had been infiltrated and more than 38 million user accounts an passwords had been stolen. Analysis of the data stolen from Adobe revealed that the most common password user by account holders was “123456”. Approximately 1.9 million account holders used this password.

Another event that recently happened was the discovery of a trove of 2 million social media passwords, including Facebook, Google+, and twitter accounts, by security experts Spiderlab. They discovered the trove residing on a criminal cyber network. Upon analysis of the data, it was evident that the vast majority of passwords were “more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category.” Spiderlab is working with the social media network who are notifying all users that their account details have been compromised.

From analysis of the trove it is clear that individual do not put too much effort when selecting passwords. Most people will choose a password that are easy to remember rather than secure.

Below is a list of the 20 most popular passwords in the hands of the Adobe hack (Spiderlab’s top 10 is similar). Any person who has chosen these passwords is essentially inviting hackers for a free lunch and asking them to steal their data.

  • 123456
  • 123456789
  • password
  • admin
  • 12345678
  • qwerty
  • 1234567
  • 111111
  • photoshop
  • 123123
  • 1234567890
  • 000000
  • abc123
  • 1234
  • adobe1
  • macromedia
  • azerty
  • iloveyou
  • aaaaaa
  • 654321

If you have chosen any of the passwords listed above, it is highly recommended that you change your immediately. Here are a few tips on how to create and choose a strong password.

 

What not to do when choosing a password

Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
Do not choose a password that is a word, proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a “dictionary” of passwords.
Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backwards, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word.
Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.

 

Password Security 2

 

The best method for choosing passwords

The single best method for generating passwords is to do the following:

Make up a sentence you can easily remember. Some examples:

– I have four nephews: John, Edward, Linda, and Carol
– I would like to eat John and Darma’s banana cake.
– No, the model of my first car was a Toyota!

Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety. The above sentences would become:

– Ih4n:JeLc
– Iwl2eJaDbc.
– N,tmomfcwaT!

This method of choosing a password is fairly secure and at the same time easy to remember.

 

Why it is important to have strong passwords

It is common practice for hackers to attempt to break-in to systems and guess people’s passwords. Sometimes they do succeed, and when they do, more often than not, it is because individuals are using weak or poor passwords. Once your account user details have been compromised can result in significant downtime, lost work, and loss of privacy (for example, if you store your credit card details or banking details on your computer). It could also lead to identity theft which, in turn, could lead to bad credit report and take years to resolve and restore your credit ratings. Hackers often try to install keyboard sniffers which permit them to harvest additional information and passwords and place more machines at risk. Hackers also conduct dictionary attacks against a host’s password database and try out tens of thousands of potential passwords per second.

 

Good security advice and tips

  • Never believe that you have won a lottery because your email address was chosen.
  • Be suspicious of any e-mail that comes from someone you don’t know personally.
  • Never click on a link in a suspicious e-mail.
  • Never give social security numbers, account numbers, passwords, or driver’s license numbers over the internet or in an e-mail.
  • Safeguard use of credit cards on the internet for purchases. Only buy from businesses you know. When submitting credit card information make sure that the Web site is secure.
  • Make sure your browser is up to date and apply security patches as they become available.
  • Sign up for the Do Not Call list.
  • Check your credit report at least once a year.
  • Pay close attention to your bank statements and financial affairs.
  • Avoid using public terminals (such as Internet cafes) for Internet banking or sensitive business work.
  • Be aware of the higher risk of interception during a wireless connection. Only make use of wireless hotspots if you are certain of the integrity of the connection.
  • Install and update anti-virus and spyware programme and perform regular system scans.
  • Never access the site via a link. Rather type the address into the browser address bar or save the address as a ‘Favorite’.
  • While you are logged into your online bank account, do not open any other websites. Only have a single browser window open and remember to logout.
  • When you complete your online banking tasks for example, log off, clear browser cache, and close the browser window.
  • Choose a User ID and password that cannot be easily guessed and change these on a regular basis.
  • Always update your computer software.
  • Check for the padlock in the lower right of your browser window (it indicates a secure site). You can click on this padlock to verify the site ‘owners’.
  • Never provide your password over the Internet (by email) or over the telephone to anyone.

 

Source: Adobe.com, FNB.co.za

Share