Wednesday, June 25, 2014

Top 10 Tips for Computer Security


computer-virus


Being in the Internet Age, we use computers to pay bills online, go shopping, take college courses, and endlessly entertain ourselves.

Before you allow the computer to consume your whole life, take the necessary steps to ensure your finances stay personal.

  1.  Use passwords for protection
  2. Get your guard up
  3. Up the ‘anti’ with software
  4. Run scans to stay current
  5. Take wireless precautions
  6. Pump up password protocol
  7. Watch out for attachments and downloads
  8. Avoid going public
  9. Watch your phones and PDAs
  10. Clean up your computer

These are all ‘best practices’ for technical security precautions.

Following these precautions will help you keep your data and personal information safe.  Be sure to never run your computer as administrator unless you must do so for a specific task.

Maintain your software and be sure to run updates on your device.

By backing up your data frequently, you protect your files and hinders your operating system from crashing.    This will also prevent hardware failure and virus attacks.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
Allebrand, Cheryl
10 tips to computer security – Bankrate

http://www.bankrate.com/finance/financial-literacy/10-tips-to-computer-security…
Best practices for computer security – Indiana University
https://kb.iu.edu/d/akln

Monday, June 23, 2014

USPS Email Scam

USPS-Email-scam
A USPS email scam leads users to malicious computer malware.

A woman has claimed that she cant get rid of the malware that was put on her computer from a bogus U.S. Postal Service email came through.

The woman received an email with a shipping label link in it.  She clicked on the link for the shipping label and realized she may have done something wrong.  With the uneasy feeling of potentially clicking on something that isn’t trusted, she ran a computer scan and found that her device was infected with a data-stealing virus from the bogus link.

The woman said she received an email from USPS.com claiming that a package could not be delivered to her residence.

“Your parcel has arrived at May 24, 2014. Courier was unable to deliver the parcel to you,” stated the email.
“Print your label and show it in the nearest post office to get a parcel.”

The email had the link, “Print Shipping Label” to get the proper package identification, displayed at the bottom.

The real USPS email states that they do not contact customers via email if a package could not be delivered.

USPS is aware of this scam along with others like it.  They have posted a warning on their website cautioning customers about the situation.

Clicking the link activates a virus, which can steal personal information like user names, passwords, and other private data stored on your computer.

If you receive this email, delete the message and report the spam at abuse@usps.gov.

This marketing scam has already been uncovered by the Postal Inspection Service where fraudsters mask themselves as USPS employees and calling residents requesting D.O.B. along with SSN for package deliveries.

Always check suspicious emails for; poor grammar, spelling errors, funny formats, and security symbols in the url.

The email received by residents, states that a parcel has arrived “at” May 24th.  Also, the sender information on the “From” line for the email address states “donotreply?id85@kestrelgymnastics.co.uk, not a USPS.com.

It is advised for anyone who received on of these scam email to forward it to spam2uspis.gov.  Or recipients may call the postal inspection service at 1-877-876-2455.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
Marquez, Homer
Fake USPS email leads to malware – MyPlainview
http://www.myplainview.com/news/article_4679a566-e6a4-11e3-b32a-001a4bcf887a.html

Thursday, June 19, 2014

Start using hashtags when shopping online


amazon-twitter-hashtag

Amazon, the online e-commerce giant, wants you to begin using hashtags when shopping on their website.

The company’s new hashtag #AmazonCart and #AmazonBasket rolled out last month with mediocre popularity.

This is designed to make it easy to add items to your shopping cart without leaving your Twitter feed.

This new hashtag shopping tactic is a way to attract new, socially savvy, consumers to spend more time on the Twitter smartphone app.

“Twitter offers a great environment for our customers to discover product recommendations from artists, experts, brands and friends,” said an Amazon spokeswoman.

Making purchases through Twitter may come off as not going together, but it is just another way the Internet is changing our shopping habits.

This isn’t the first account of social media integrating with online shopping.  In 2012, Facebook started to let users send each other actual gifts through the timeline.

This method didn’t last long, nor was it popular.



AmazonCart-Hashtag


Chinese social network Weibo, which is the Chinese version of Twitter, launched a “buy” button last year.

This was done with the partnership of an e-commerce company Alibaba.



Online-Shopping-Hashtags


Chirpify is another similar shopping campaign on Twitter that allows brands and agencies to leverage social channels through hashtags.  They have been in business for two years now.

Many businesses create campaigns with ‘Action hashtags’ to trigger accelerated internet marketing.  #Win a free t-shirt! #$25GiftCard, or #EnterToWin.

#AmazonCart will send an item to a cart, the @MyAmazon  account sent from Twitter, will automatically respond to the action hashtag tweets delivering 3,357 tweets replying to the action hashtag #AmazonCart.

Amazon’s official Twitter accounts have promoted hashtags and brands through this means.



Chirpify-Hashtags


Amazon and Twitter have partnered to strengthen their mobile social network and sales conversions.

Consumers are increasingly spending time on their phones instead of PCs.  It just makes sense for Amazon to campaign with Twitter.  78% of Twitter users access their site through a mobile device.

Amazon is campaigning for not only mobile users but also for the power of social media to advertise and make people want to buy more, according to CRT Capital Group Analyst Neil Doshi.

“Amazon has a very strong mobile presence, that is a tailwind for its e-commerce business,” he said. “Using Twitter just shows that Amazon is willing to use social mobile experiences to drive more sales. But, we wonder how many Twitter users would use this feature, as it might be a new way to shop.”

This is a chance for Amazon to change the perception of social shopping.   Across the board, convenience, speed, and mobility will improve any business.

Would you purchase through #AmazonCart from Twitter?  Do you think this will help or hurt shopping carts?  Please leave your comments below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.


References:

Why Amazon wants you to use Twitter hashtags to shop – C|Net
http://www.cnet.com/news/why-amazon-wants-you-to-use-twitter-hashtags-to-shop/
Published: May 6, 2014

Related posts:

Facebook Square IconPhishing Page Offers Fake Security App to Facebook Users

  enduser_computing-landing-pg_shutterstock_91847048Close the divide between your IT

Wednesday, June 18, 2014

WARNING: Chinese Smartphones Contain Built-In Android Malware

There is a Chinese clone of the Samsung smartphone that steals personal data using a virus disguised as Google Play!
chinese-android-malware

A Chinese Android smartphone that is selling on Amazon, eBay and other online stores have been found to contain a virus that pretends to be the Google Play Store.

This virus steals the user’s data when logged onto the bogus store.

The Star N9500, is resemblance to the Samsung’s Galaxy S4 Android smartphone.  It is manufactured in China but the phone is sold through resellers located in Belfast and Hong Kong.

The Trojan is known  as “Uupay.D“, its disguised as the Google Play Store.  It is pre-installed on the Android smartphone with no way to be removed by the user, according to German security company G Data.

G Data has analyzed one of the smartphones purchased directly from the factory in China and verified its vulnerability.

The scary aspect of this, is that online criminals have full access to these smartphones.

All Access

The malware attached to these Androids, steal personal data from the phone and sends it to an anonymous server located in China.  This Android malware is also capable of installing additional applications or viruses without the user’s knowledge.





malware-phones


The only thing users see is an app with the Google Play Store icon in the running process.  The virus enables criminals to track the location of the smartphone, intercept and record phone calls, make purchases and send premium text messages without the user’s permission.  All completely discrete and disguised.

The authentic phone usually costs £500 while the Chinese smartphones are going for £120.  Users are noticing reviews on this product range from one to five stars.  Although, they are complaining about the poor quality and noticing the phone starts to break down after a couple of months.

The device is offered with an extensive list of accessories which includes a second battery, car charging adapter and second cover.

The low price of a smartphone with such a wide range of features is a criminal tactic, according to Geschkat, a product manager at G Data.

Buyers Beware:  Cheap offers online that seem tempting should make buyers suspicious.  There is no such thing as free.

Android accounted for 97% of the malware targeted at mobile devices last year.  This is an increase of 20% a year, according to data from a security firm F-Secure.

Even though this malware is already installed onto these devices from the Google Play store, it accounts for only 0.1% of malware.

Malware from these Android’s can’t be blamed for all accounts.

The majority of all malware is downloaded from third-party app stores including the Chinese stores Baidu and Anzhi, where access to Google Play is restricted.

Have you come across these phones?  We’d love to hear from you, please leave your comments below!

References:

Gibbs, Samuel
Chinese smartphone on sale on Amazon and eBay contains built-in malware – TheGuardian
http://www.theguardian.com/technology/2014/jun/18/chinese-smartphone-samsung-amazon-ebay-malware-google-play
Published: June 18, 2014


Related posts:

Drive-by-Downloads Targeting AndroidCompromised Sites Serving Android Malware via Drive-by-Downloads 

Android KO'dResearchers Find More Android Malware: Some Send Expensive SMS, Others Steal Data

  evil-android-manAndroid Trojan Can Partake in DDoS Attacks, Send SMS Spam

  Candy Crush SagaWatch Out for Mobile Adware

Monday, June 16, 2014

‘Prayers for Likes’ Facebook Scam

Pictures of sick babies circulate through social media sites, especially through Facebook.

These images are of sick children, less fortunate families, and persons with deformities.

Facebook and Microsoft

Specifically, a sick baby with hospital equipment in the background which claims that liking the image equates to a prayer for the child while sharing equates to one hundred prayers.

The disgraceful scam is designed to accumulate likes for a Facebook Page and promote the Page for more shares.

The image of the baby was stolen from a personal Facebook profile and is being circulated without the baby’s parents permission.

This is how most Facebook scams work.  Pictures are distributed and not authorized to be shared, then stolen from its rightful owners.

Tragically, the baby in the picture passed away only two weeks after she was born.

The message continued to circulate, causing great distress to the baby’s family.

If you see messages like this on Facebook, please do not like or share it.

Analysis

Like farming and sharing messages will not help the baby or the baby’s family in any way.  The message is just a tic in the long branch of sick baby hoaxes that falsely claim that you can help a baby by liking or sharing the message.


prayers-for-likes-facebook-scam

Some messages claim that money will be donated in exchange for liking or sharing.  Others declare that liking and sharing equates to prayers for the child.

The people who create these messages are driven by greed and selfishness.

This precious baby passed away April 2014, just weeks after she was born.

Whether or not you believe that prayers will help, the real intention of this scam is not pure.

Facebook has removed some of these messages and continues to take them down in a timely manner.

Although, there have been numerous reports, there are still some messages that continue to circulate with no action taken.

If you see scams  like this, please report them to Facebook as soon as possible.

Report a scam:

https://www.facebook.com/help/344403945636114/

http://facecrooks.com/Internet-Safety-Privacy/How-to-report-a-Facebook-scam.html/

What Facebook scams have you come across lately?  Please share your experience and help us take control over these cruel messages.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:

‘Prayers for Likes’ Facebook Sick Baby Scam – Hoax-Slayer
http://www.hoax-slayer.com/prayers-for-likes-facebook-scam.shtml

Friday, June 13, 2014

This Day In Tech History: June 13, 2014


June 13, 1993:  Microsoft and Time-Warner Release Interactive TV

In 1993, Microsoft teamed up with Tele-communications and Time Warner to begin the innovative “Interactive TV”.

Consumers were able to purchase products right through the set during a show.

http://www.hyphenet.com/blog/day-in-tech-history-june-13-2014/

iTV would give users a Digital Set Top Box so the users could use and browse, then go back and continue to watch the video.

The iTV connected to a telephone to let you know who is calling and also allowed you to receive a SMS.

This has greatly influenced pop-culture.  The software allows consumers to bank, shop and surf the web.
Also, this day in history:

  • Pioneer space probe crossed Neptune in 1983
  • Series of Brazilian websites were hacked by Analysta in 2000
  • 2.4.21 of LINUX kernel was released in 2003
  • Microsoft ceased development of IE or the Macintosh in 2003
  • IE for MAC shut down in 2003
  • Fedora Core 4 was released 2005
  • Music piracy had been contained from file sharing in 2006
  • Vincent Farrari tried to cancel his AOL account, but the agent refused to in 2006.
  • Jeffrey Goodin is the first to be sentenced 70 months in jail because of the CAN-SPAM act.  He was posing as an AOL billing agent.

We are again making history today with the “Super Moon” or the “Honey Moon”.  It is the only full moon at its closest to the earth on a Friday 13th until 2049.  We haven’t seen a moon like this in over 100 yrs.

The moon will look larger in the sky, sitting low on the horizon with a honey hue to it.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:

Powers, Jeffrey
June 13, 2014: Honey Moon, 1993: Interactive Television from Microsoft
http://www.dayintechhistory.com/
Published: June 13, 2014

This entry was posted in news and tagged .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. Edit

Tuesday, June 10, 2014

Half of U.S. Adults have been hacked: Are you one of them?


identity-theft

AARP has estimated, nearly half of all adult Americans have been hacked in the past year.  The Better Business Bureau said 1 in 5 of all victims are college students or in their twenties.

Identity theft is exponentially rising while users aren’t realizing the true risk that is posed.

Roughly, 432 million online accounts that belong to 110 million Americans, which are half of all adults were hacked in cyber-attacks in the past year.

Consumer Reports estimates that 11 million Americans were victimized from email scams in 2013.

This year alone, there have been 260 breaches that have occurred in health facilities, exposing the sensitive data of 8 million people.

Could this be from health care facilities still using Microsoft Windows XP?  The software is no longer supported and vulnerable to zero-day exploits.

From coffee shops to corporate networks, grocery stores to airports, two-thirds of surfers have nothing to protect themselves.

AARP has launched Fraud Watch Network, where you can get access to information about how to protect yourself and stay alert on the latest tricks and scams.

The best ways to safeguard your personal data are:
  1. Don’t share if you don’t have to
  2. Monitor your finances
  3. Protect your electronic devices and accounts
  4. Leave a paper trail
  5. Don’t trust everyone
Studies have shown that from the ages of 18 to 24, in the average of 132 days, they’ve been scammed.
 
That’s five times larger than the national average.

This goes to show why university computers are popular targets for cyber-criminals.

This year nearly 840,000 private records were exposed in breach attacks in at least 12 universities.
 
Universities affected are: University of Maryland, Indiana University, Johns Hopkins University, Iowa State, University of Minnesota, Auburn University College of Business, University of Wisconsin, Loyola Law School and North Dakota University.

Also, there were 5,000 records hacked in 10 data breaches of financial institutions, according to the Identity Theft Resource Center.
 AARP
Reducing identity theft includes:
  • Monitoring financing accounts
  • Keeping checkbooks and statements
  • Securely storing computers and all devices
  • Avoiding Wi-Fi networks when shopping online
  • Reading reviews before installing apps
  • Decline free game downloads, music, and screen savers
  • Adjust privacy settings for your social network sites
  • Use credit cards instead of debit cards for liability protection
  • Shredding solicitations for pre-approved credit cards
You can opt out of certain solicitations at https://www.optoutprescreen.com

For information on other scams, sign up for the Fraud Watch Network.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:

Kirchheimer, Sid
Half of U.S. Adults Hacked: Are You Among Them? – AARP Blog
http://blog.aarp.org/2014/06/06/half-of-u-s-adults-hacked-are-you-among-them/
June 6, 2014

Kirchheimer, Sid
College Students: Ideal for ID Theft – AARP Blog
http://blog.aarp.org/2014/05/16/college-students-ideal-for-id-theft…

Monday, June 9, 2014

More Bugs Found in OpenSSL Security Tool


OpenSSL

There have been six more bugs found in the widely used OpenSSL security tool.

OpenSSL is a security tool that houses computer programs to enable security over the public Internet.

OpenSSL is used in shared consumer applications, like software in Google’s Android smartphones.

With the Heartbleed vulnerability in OpenSSL,  the new publicity had system administrators rushing to update their systems to protect against it.

Computer administrators everywhere have frowned upon six new security issues that were recently found in the OpenSSL security library.

For example: if you see “https://” in your URL bar, it  indicates that the connection is secure.

The server computer at the other end of the connection is using OpenSSL to provide security.
The two main forms of security are:
  1. It scrambles information so it is unreadable to anyone other than the intended recipient
  2. It authenticates the source of information, ensuring the sender is who they say they are

 

How to protect yourself

OpenSSL-Vulnerability

Most won’t have to take any kind of action in response to the OpenSSL attack.

Non-browser client applications such as music players and chat programs will need to be immediately updated.

Distributors of Linux, which uses OpenSSL more openly, have already received issued updates.

If you haven’t already reset all your passwords due to the Heartbleed bug, it is the perfect time to do so.

Major service providers will inform you if it is necessary to reset your password.

Websites that are affected, may be unavailable for a short period of time.  This allows the fixed versions of OpenSSL to be installed by their system administrators.

There will most likely be more flaws discovered in OpenSSL.  Password resets, and software updates are becoming more of a habit with increased internet usage.

Delay no more, secure yourself and reset all your passwords.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:

Merkel, Robert
Six more bugs found in popular OpenSSL security tool – Homeland Security News Wire
http://www.homelandsecuritynewswire.com/dr20140609-six-more-bugs-found…
Published: June 9, 2014

Thursday, June 5, 2014

Within the Heartbleed Bug

Only a few months ago, the Hearbleed OpenSSL bug was discovered.


heartbleed-openssl-bug

We are still learning about the countless encrypted transactions that left your accounts vulnerable to theft.
When computers talk to each other, it is called a heartbeat.  Because of a coding mistake, the Heartbleed bug was born.

Lets say there is a banking transaction:  The client (you) sends its heartbeat to the server (your bank) and the server hands it back to you.  So if something goes wrong with the transaction, the other party will know because the heartbeats get out of sync.

It’s like a cassette tape breaking because one of the spindles stopped working correctly.

How it happened

The actual breach happened all because of the following code:
memcpy(bp, pl, payload);
To explain, the memcpy is a command that copies data, and it requires three pieces of information to do so. 
The first set of information is the destination of where the data needs to be copied.  The second is the exact location of the data that needs to be copied.  The third set is the amount of data the computer is going to find when it goes to make the copy.

OpenSSL Heartbleed

The bp is a place on the server computer, pl is where the actual data the client sent as a heartbeat is, and payload is the number that says how big pl is.

The bp, which is where the data is going to be copied, is full of the data sitting in the part of the computer before.  Although, the computer treats it as if it were empty because the data has been marked for deletion.

When memcpy takes the data from pl and puts it in bp, it covers up all the old data in bp.

Everything that used to be in bp is destroyed and filled up with the pl data.

If payload says that pl is 64 KB but it only has 0 KB,  memcpy creates a 64 KB sized open space at bp that’s full of garbage data.  None of the bp old data gets overwritten because there’s nothing to replace it since pl is actually empty.

Meaning whatever old data was sitting in bp prior to the heartbeat gets passed back to the client.  Sometimes the data is irrelevant and sometimes its your banking password.

The Heartbleed bug has been fixed but the vulnerability has existed for a decade.  Who knows how much data was exploited.

Do you have maximum protection on your PC?  Is your antivirus out-of-date?  Let us help you protect yourself from the many vulnerabilities that live on the net.  [P] 619-325-0990

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:

Aguilar, Mario
Internet Vulnerability Left Encrypted Data Exposed For 10 Years – GIZMODO
http://gizmodo.com/internet-vulnerability-left-encrypted-data-exposed…
Published: June 5, 2014

Limer, Eric
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare – GIZMODO
http://gizmodo.com/how-heartbleed-works-the-code-behind-the-internets-se…

Monday, June 2, 2014

Request for Google to remove links about you

google-links

Have you ever searched for your name on Google and saw just how easy it is for people to find out personal information about you?

Do you have personal information on the web that you would like deleted or hidden from Joe Schmo trying to find out about you?

Google has created an online form in which you can ask for the links to your personal data or posts to be removed from search results.

This form is a response to a European Commission ruling that people have “the right to be forgotten” online.

The EC has administered for Google to stop linking to anything that’s “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

The landmark privacy decision by the European Union Court of Justice emerged from a number of cases coming from the Spanish data protection authority in 2011.

This ruling applies across the EU, among those are web giants Google and Facebook.

Clearing Your Name

When you submit links that you would like to be removed, Google says it will,
“assess each individual request and attempt to balance the privacy rights of the individual with the public’s right to know and distribute information.”
A statement provided to CNET by Google, Floridi called the move “an exciting initiative, which will probably require some hard and rather philosophical thinking.”

Google has pledged to consider whether or not there is public interest in information about financial scams, professional malpractice, criminal convictions, and public conduct or government officials.

In order to ask for links to be removed, you have to supply the URL and request, provide your name, contact email address, and a copy of a photo ID.

You may put in a request on the behalf of another person, like a spouse, or an associate, to have their name removed from a link.

Once Google has reviewed your request and have removed the link, it will disappear from Google search results in all site across the EU.

There is a statement saying, Google’s lawyers are arguing that applying the EU ruling to US publications in Google’s US search results would be “absurd”.

So by deleting your name from the EU, are you really being deleted from the net?
 For more information, view this EU podcast below:


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

References:
Published by Trenholm, Rich
You can now ask Google to remove links about you – C|Net
http://www.cnet.com/news/you-can-now-ask-google-to-remove-links-about-you/