SOS Newsletter

The SOS Newsletter: Help for your web stuff – August 2014

Logo4640

dit-dit-dit/dah-dah-dah…

August has come and gone and its back to school for many.  Malware seems to be in the rise.  What can you do if you find malware on your Facebook account?  How can you decrypt your files being held for ransom by malware?  In this newsletter you can learn how to handle both successfully.  What’s the best malware protection out there?  We’ll take a look at the ratings   And my home tech tip is a car hackability chart!

SOS Security Support

 DecryptDecrypt Those Ransomed Files for Free with DecyptoLocker

We’ve talked about CryptoLocker before (Ransomware) – that malware that likes to hold your files for ransom until you pay up.  There are several variants out there but one in particular, CryptoLocker, has now got a fix: DecryptoLocker  provided by FireEye and FoxIT.

When you provide the site with your email address (which will not be given out or sold) and an encrypted file, they will email you a master decryption key to be used along with their recovery program.

They advise that you don’t give them any files of a sensitive or personal nature.  And each infected system will need its own master decryption key.

 

MalChart

What’s the Best Malware Protection For My Computer?

In a recent test done by the independant Anti-virus research group, AV-TEST 
Malwarebytes came out on top as the best malware protection with a score of 100% in total system repair!   They beat out even paid security programs like Bit Defender, F-Secure and Kaspersky.  While Malwarebytes doesn’t include anti-virus support and protection, it says a lot for a FREE security program.

How did the FREE anti-virus programs fare?  AVAST! and AVG came out on top ahead of MSSE.  But read the report for yourself

 

SOS Featured Social Media Security Support

FacebookStrange “likes” and Posts Showing Up On Your Account? You May Have Malware

When you have a malware infection from Facebook it can show up as strange “likes” to many pages or comments or postings you didn’t make or a sudden surge in following a lot of people on Facebook. One particular malware that’s been recently re-spotted on Facebook this August is the “Color Changer” app.   According to Information Week:

Cheetah Mobile found that this iteration of the scam stems from an apparent vulnerability in Facebook’s app page. This vulnerability lets hackers implant viruses and malicious code into Facebook-based applications, which direct users to phishing sites, it said.

The latest version of the scam works in two ways. First, it asks users who click the link to view a color changer tutorial video. If users view the video, it steals their Facebook access tokens, which gives the hackers temporary access to the user’s Facebook friends, Cheetah Mobile said.

What should you do if you suspect malware on your Facebook account?  Go to the “Apps” tab and remove it.  Then the following steps apply to any and all other malware scenarios on Facebook.

  1. Change your password
  2. Scan your computer.  Use a couple of anti virus programs (internal and external)* and a Malware scan
  3. If you are using Chrome, use a browser-specific scan.
  4. Make sure you are using the latest browser version.  If not, Upgrade!
  5. Remove suspicious browser-add ons
  6. Review your recent account activity and delete anything you did not post.

Facebook provides the links to some scanners and you can review the steps there.  *While I normally recommend MSSE (Microsoft Security Essentials), I’m recommending a switch to a combination of Avast! or AVG and Malwarebytes for now (as far as FREE Anti-virus goes) PAID Anti-virus such as Bit-Defender, F-Secure, and Kaspersky will give you stronger anti-virus protection .  If you continue to use MSSE, please use it in combination with Malwarebytes.

Home Tech SOS

Access the ‘Hackability’ of Your Car 

Questions have been raised since 2 hackers successfully hijacked the steering and brakes of both a Ford Escape and a Toyota Prius.  Want to assess the ‘hackability’ of your car?  Try the *chart below from Wired.com:

CarHackChart

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

*DISCLAIMER: This chart is not considered conclusive or comprehensive.  According to the article:

All the cars’ ratings were based on three factors: The first was the size of their wireless “attack surface”—features like Bluetooth, Wi-Fi, cellular network connections, keyless entry systems, and even radio-readable tire pressure monitoring systems. Any of those radio connections could potentially be used by a hacker to find a security vulnerability and gain an initial foothold onto a car’s network. Second, they examined the vehicles’ network architecture, how much access those possible footholds offered to more critical systems steering and brakes. And third, Miller and Valasek assessed what they call the cars’ “cyberphysical” features: capabilities like automated braking, parking and lane assist that could transform a few spoofed digital commands into an actual out-of-control car.

No comments
MelanieThe SOS Newsletter: Help for your web stuff – August 2014
read more

The SOS Newsletter: Help for your web stuff – JULY 2014

Logo4640

dit-dit-dit/dah-dah-dah/dit-dit-dit…

July has just whizzed right on by.  Seems like its been packed with a lot of things to do like work, maintaining security on your sites, summer vacations and Client events.  So let’s try to catch the last of July before it runs out on us.

Passwords.  They have to be strong and long to be effective.  And that’s a PAIN!  You know it.  So before we do a lot of other things, let’s get this password thing down so its a lot easier as well as safer for you.  I’m going to give you a couple of sites that will help you create a password without having to think one up.  And then, a PASSWORD MANAGER,  so you don’t have to remember them.  How cool is that?!  Plus, I have a home tech tip that will help you maximize your bandwidth

SOS Security Tips

password_strengthYou didn’t just use “iloveyou” or “monkey” for your password, did you?

In a recent talk by privacy/security expert, Lorrie Faith Craner, it was cited that the 2 most popular passwords are “iloveyou” or “monkey”  and when asked to add punctuation to their password to make it harder to hack, 40% of people chose an exclamation point!  (And we just told the hackers, right? Shhhhhh!)  😉   Lorrie is the director of the Carnegie Mellon Usable Privacy and Security Laboratory at Carnegie Mellon University and a member of the Electronic Frontier Foundation Board of Directors.  (Love the EFF!) 

Also cited in the talk were the following problems with getting users ( busy folk like you my readers) to choose strong passwords (at least 16 characters) :

  • Even when people are told to choose long passwords or password phrases, they often chose something easy to hack like “passwordpassword” or “baseballbaseball”.
  • Random-word password phrases while long, are not easy for users to remember or use.
  • Pronounceable gibberish passwords like “vadasabi” worked very well and users could remember them.

All good points.  However, the debate – passphrases vs strong passwords (which is better?) – continues. And I, myself, favor long, strong and ugly passwords.  Clint Eastwood passwords; good, bad, and ugly.  There’s no social media hack aspect to them whereas with passphrases there is the possibility of a social hack – especially if you use familiar words any hacker can pick up  by doing a search on you and scanning your social media posts.   Also, there’s a maxim that’s worked well for me for a number of years: If its easy for you to remember, its easy (or will be) for the hacker to hack.

Why all the concern about passwords in the first place?  Because hackers have password cracking software.  That software is now easier and cheaper to get because its being sold as SaaS (software as a service)  And hackers have the computing power now in a single pc to very easily hack your short, easy to remember passwords in a shorter amount of time.  (There are also easy ways now to hack into the computing power of other devices without the user knowing it to multiply the power and speed the hacker has available – but that’s another newsletter. ) That’s why I tell you to make a password at least 16 characters long or longer.  I would add to that: 16 random characters long including punctuation.

That said, the most annoying aspect is making passwords up.  Second annoying thing is remembering them.  So I am providing you two password generators to make the whole thing easier to create.  One is a passphrase generator and the other is a strong password generator.  Both are excellent and easy to use.  Second, so that you don’t have to remember them, I am recommending a password manager so that it will remember your individual passwords for each of your online accounts and all you have to do (once its set up) is remember ONE PASSWORD for everything you have online.  You even get notification if there is a security breach.  How great is that?!

The XK Passphrase Generator (image source)

The Strong Password Generator

Go ahead.  Try them out.  Have a little fun.  Then start converting your current passwords to these new, stronger passwords.  Bookmark these links in your browser.

A Password Manager To Rule Them All

LastPassLogo300Then go to LastPass and get yourself set up so that you only have to remember ONE PASSWORD for all of your online accounts.  (It’s like “One ring to rule them all!” sort of thing)  LastPass is based on a freemium model so you can choose either the free or the premium account.  Another password manager is KeePass.  It’s an open source option but I find that it is not as user-friendly.  It is highly-recommended though.

A note of caution on password managers:  they, too, have their problems.  If you have been keeping up with this newsletter, you know I try to keep you informed of the most current and dangerous hacks.  But hacks at every level of our infrastructure go on all the time.  So password managers are no exception.  The security advantage is that they will keep you in an instant notification loop. They do have a password generator of their own, but I recommend the two above first.

Home Tech SOS

The BEST Wi-Fi SetUp Tip EVER! 

Where should you point your Wi-Fi Router antenna ?  UP!  Right?  Nope.  Here’s a great tip for setting up your wi-fi router antennas for the most optimal coverage from LifeHacker.com along with WHY it works better!

WiFiSetUp

No comments
MelanieThe SOS Newsletter: Help for your web stuff – JULY 2014
read more

The SOS Newsletter: Help for your web stuff – JUNE 2014

Logo4640

dit-dit-dit/dah-dah-dah…

You probably recognize that familiar morse code for “sos”, the call  for help.  It also happens to be the caps of my website – Switched-On-Sites.  More importantly, SOS stands for the kind of web help I want to provide you with my services.  If your web site is in trouble, I’m here to help.  So I thought why not make that the new focus of  the SOS newsletter!

Starting with this newsletter I’ll be covering  the kinds of information that will likely be most helpful to you: website security, social media, SEO, and home tech help and tips.   Let me know how you like it or if there is something you’d like me to add.

SOS Security Alerts

CLockerPicCryptoware Through Malicious Ads

You remember seeing that familiar screenshot on this blog from past alerts about Cryptoware (Ransomware) – that malware that likes to hold your files for ransom until you pay up.   Well, a new variant is on the loose, this time called Cryptowall.   And it showing up at some famous (and BIG name) sites like Disney, Facebook, The UK’s Guardian and more through malicious ads.

When you click on these infected ads, you are redirected to an infected advertisement site (called a malvertisement) and the malware is then downloaded to your computer.  Your files are then encypted with a very strong RSA encryption ( RSA 2048) and you are informed how much (Currently $500 USD) you have to pay to get them decrypted.

As I have warned in the past, prevention is the best cure on this nasty malware – DON’T CLICK THE ADS!  How widespread is this malware?  According to The Hacker News: 42% of the infections are centered in the US, followed by England and Australia.

 

HackFlag

Help! My Site’s Been Hacked!

Have you ever been searching for a site, put in some search terms and come up with this little warning: “This site may be hacked”?  Well, its not all that unusual given that there are billions of sites on the web  and hacking of small business sites has increased.  According to Symantec’s Internet Security Report companies with less than 250 employees made up 31% of the  targeted hacks in 2012.    But many small businesses still do not know about the resources needed to fend off these attacks.  And often times, you may not even know you have been hacked until you are told by a customer who goes to search for your site and finds Google’s “hack flag” warning.  When that happens, its time to identify the type of attack, do clean up and remedial security protection for the site and appeal to Google for the flag to be removed so that your organic searches are not compromised.   As with all things, an ounce of prevention is worth a pound of cure.  This is something I can help you with here at Switched-On-Sites.  I specialize in the security concerns of your small but growing business!  Give me a call if you need help setting up your site security or need a hack fixed.

SOS Featured Social Media Tips

FacebookHow to turn it off: Facebook is using your browsing history for ads

You know by now how deeply the NSA surveillance of ordinary citizens is, but did you know how closely Facebook is watching every web site you go to?   Well, lets review a small paragraph in Facebook’s famous ever-changing TOS (Terms of Service) :

We and our affiliates, third parties, and other partners (“partners”) use these technologies for security purposes and to deliver products, services and advertisements, as well as to understand how these products, services and advertisements are used. With these technologies, a website or application can store information on your browser or device and later read that information back.

How are they doing that?  Well, those famous social media sharing buttons we put on your sites.  Or even with Oauth that allows you to login to other sites using your Facebook credentials.  That’s how.  It’s a double-edged sword.   It gives you and I the exposure we want for our sites and it makes logging in a lot easier than creating umpteen accounts all the time, but its also collecting browsing data about other personal things like your geographical location, personal demographics, medical information, online shopping habits , anything a third party website might collect from you and storing this in their databases.

So if you don’t want  Facebook to use your browser info to target ads toward you (shades of Minority Report!) then you can go to the Digital Alliance Website and opt out of interest-based ads.  It won’t stop them from collecting the information for other purposes, but it will stop them from using it to target ads.

You can also start using Duck Duck Go for browsing and while there at the Digital Alliance Website opt out of Google, Yahoo and other large sites tracking you for ads as well

SOS/SEO

SEOAre 301 Redirects Helping Your SEO?

At some point, you’re going to want or need to move your website.  Site migrations involve a great deal of planning to make sure nothing physical is lost during the transfer and traffic loss is kept to a minimum.  But there is one other consideration and that’s  maintaining your link equity (ranking power) in the best way which up till now has involved using 301 redirects.   But 2 weeks ago, Google updated their site move documentation to  recommend 302 redirects when it addressed separate smartphone URLs to Desktop URLs  .  Why?

As you may know, 301 redirects are permanent.  And in this particular scenario, you may want to change those redirects in the future.

 

 

Home Tech SOS

Low Tech Cord Management 

Tired of tracing wires back to their source?  Stop pulling the wrong plug!  Here’s a great idea for cord management from PinTriedIT.com:

CordManagement

No comments
MelanieThe SOS Newsletter: Help for your web stuff – JUNE 2014
read more