Greetings!

What's the Matter? Didn't you have anyone in pink pumps fix your computer before?

Saturday, August 23, 2014

Avoid My Evil Twin

Ok, not MY evil twin, but I've been you've fallen for the evil twin attack.  Evil twin attacks are pretty hard to avoid unless you are really skilled at identifying evil twin wireless access points. An evil twin access point looks just like the real one to wireless users. It has the same SSID as the real SSID so it's hard to tell which one is right.

Say you are at an airport and see FREE AIRPORT WIFI in your list of available wireless networks.  You go ask an airport employee "Hey nice airport employee what is the name of your wifi?" and they respond "FREE AIRPORT WIFI".    So that means you can connect to it, start using and you are safe, right? Wrong. It may be an evil twin. This happens a LOT at coffee shops and other free wifi places.

Some folks think they are really smart and can tell which one is the correct one. They see one has 5 bars and the other has 4 bars and assume the one with 5 bars must be the correct one. Hate to be a bubble buster, but that doesn't account for access point placement. The real one may be the one with the weaker signal because it is properly secured in a closet.

If you connect to the wrong evil twin, it only takes them 30 seconds to steal whatever information you transmit. Before you are done sending your emails, they have your password and can access everything you have in your emails.

How can you avoid the evil twin attack? Don't use free, unecyrpted wifi. Instead make a hotspot on your phone and connect to it or carry a MIFI with you.   Think about that MIFI subscription or the extra data on your phone as insurance against identity theft.   Work-provided wifi is safe as long as it isn't using WEP encryption. WPA2, WPA2-PSK and WPA2-ENT are the current encryption methods recommended these days.  So never ever use WEP. Ever.

And stay away from the evil twin.

Sunday, October 13, 2013

How to get rid of startapp 2013

Pesky little browser rediretor installed on your phone? It's slowing down your phone and making money for someone else so don't blame you for getting angry.

You can install the startapp optout on google play. It tells you to :

  1. Drag the Search magnifying glass icon to the trash.
  2. Hold the bookmark link and delete the bookmark.
  3. Go to your browser and open the settings. Choose the homepage option and change to whatever site you like.
  4. It then tells you to register your IMEI number with them so that you opt out.
That being said you don't need to install the app you can just do the above.

A handy program for detecting addons is Addons Detector.  

Thursday, September 12, 2013

Smartphone Buying 101

A mobile phone is more than just something to talk and text with these days. Business people use these for making appointments, booking flights and hotel rooms, finding their way to appointments, and much more. Phones can be extremely delightful or terribly frustrating and the daunting task of purchasing a new phone will send some folks into bouts of heart palpitations practically. Here's some points to consider when buying a smartphone.

  • Phones are either GSM (Global System for Mobile Communication) or CDMA (Code Division Multiple Access). GSM comprises 75% of the global market but in the USA, CDMA rules. Here's an easy way you can tell which one your phone is.  If you can take your phone to another mobile provider and it still works, it's GSM. If you can't, it's CDMA. Some folks want to have the freedom to switch mobile companies without buying a new phone. If you are one of those people, you'll need a GSM phone. Sometimes you have no choice because you are bundling a package deal or you are given a phone. Perhaps you've been with a CDMA company a long time and are happy with them. If that's the case, go ahead and get their CDMA phone. At least now you are aware there is a difference. In the CDMA phones, network information is stored on the phone circuit board. In GSM phones, the network information is on a removable SIM card. Verizon and Sprint are CDMA. AT&T and TMobile are GSM.
  • Some phones come with antivirus protection and some do not. Some utilize a technology called sandboxing and are protected by that technology. When buying a phone you need to ask, "How is this phone protected?"  If it's android, it's not protected and you need to install antivirus. A smartphone is a computer that you call make phone calls with. All computers need protection therefore all phones need protection. I also recommend getting antitheft protection for lost/stolen phones. It's bad enough when you lose your phone to be without it, but you don't want to fall victim to identity theft and financial loss at the same time.
  • Smartphones come in different speeds. From slow to fast there is: 3G,  EVDO/1xRTT, 4G. If all you do is text, talk, and answer emails, then speed isn't a huge factor. But if you watch movies while waiting for clients to show up, then speed is.
  • Smartphones need cases to protect them. Phones get dropped all the time. I recommend Otterbox cases, but there are several brands of "tough cases" to choose from. They are worth the money. Many mobile phone companies don't insure against breakage. If you are a frequent beachgoer, I suggest getting a waterproof case. (Or leaving your phone at home.)
  • Smartphones come with many apps installed, but there is an abundance of free and paid apps at the Apple and Play stores. An app is a program. An installed app is a downloaded program. Just like you have to be careful downloading programs, you have to be careful downloading apps. Check them out before you install them on your phone.
  •  Smartphones need to be charged more often than their dumbphone predecessors. It's the screen that takes up the huge amount of power. Add wifi, bluetooth, etc and you have a big power piggy.

Friday, August 16, 2013

About Filesharing Sites/Bit Torrent

Filesharing sites are finding new ways to get around their legal issues. Movies and music that people have put their cash and sweat into are protected by law. Those who run websites to distribute such materials don't feel they deserve compensation. New filesharing sites are cropping up daily and I won't mention any by name, but they all look the same. They offer much for practically nothing.

Here's how they work. You get a flyer in the postal mail or an email saying they have service available for a pretty reasonable (or even a ridiculous price). You go to the website and sign up for an account providing them a credit card number. Hey it's only a few bucks a month, so it's ok, right? Maybe not!

Once you log into your account, you can search for the material you want. Up comes a list of what you want. It's there for free! Great! Um, no, not great. These bit torrent sites are illegal. Once you download these materials you are in violation of copyright law and subject to prosecution. The company you subscribed with gets off scott free because they are just providing you storage space or links or whatever lame excuse they come up with. It's not their content...other bad guys are putting them up on the web and not getting caught.

So the question you have to ask yourself is: "Do I feel lucky?" Well do you? Do you feel you'll not get caught and do you feel it's ok to break the law if it financially helps you?

Personally, I'd rather blow the whistle on these places and pay for my content.

Oh and another thing you have to consider is safety. Do you trust these people and the files they put up? Are you clever enough to find out if they have been repackaged and malicious code put in them?

Stay safe!

Friday, May 3, 2013

Say No to Ransomware

Ransomware is a type of malware that holds your computer hostage with threats that you may lose all the files on the disk with no hope of recovery, unless that is, you pay a fee for the only program in the world that will clean up your computer.

Bullies come in all types, but this type of cyber bully doesn't deliver what he promises. Occasionally we hear from you that you paid for "the program" and it didn't do what it was supposed to do. Most of these ransomware criminal gangs originate in eastern Europe where they receive your payment electronically. When the program fails to do what it promises, they have no online support phone number for you to call.

I remember a trip to the Grand Canyon quite a few years ago. It was memorable because we were "held up" at "gunpoint" while riding the stagecoach. The "robbers" wore bandana masks and acted shady. You could clearly see that they were bandits. It's not that easy to tell who the bad guys are online. There are no guns or covered faces online, but behind your internet connection is a really, really bad guy.

Legitimate software vendors don't hold your files for ransom. This is how the bad guys operate. If a program "offers" to clean up your computer, don't accept. It may sound like a good deal, but that 20$ or 50$ could end up costing you a lot more. If those bad guys use your credit card information for nefarious purposes, then your credit may go down the tubes and you may have problems for years to come.

So what do you do???????

1. Plan ahead. Install a program now that will work in safe mode. Safe mode turns off a lot of malware, but not all programs will work in safe mode. Very few will. Download Malwarebytes Antimalware now and keep it up to date. Buy a registered version of it. It's worth the money.

2. Press control alt and delete at the same time. Choose to restart your computer and do it in safe mode by pressing F8. Once in safe mode, you can run a scan to remove the ransomware.

3. Backup your data today. That way if your computer does get hijacked, you are ready.

5. Take it to a professional if you need to. Instead of messing it up further, sometimes it's better to let the professionals save your data. If you wait too long the price can soar over 1000$ so, in comparison, paying a tech service a couple hundred dollars isn't that bad. Know your limitations. Asking for help doesn't mean you are not smart, it means you are smart.

Hope that helps. Don't get hijacked. Scan regularly and stay on the lookout for online bandits.

Tuesday, April 16, 2013

What is a Man in the Middle Attack?

It's a form of electronic eavesdropping. When you connect to an insecure wifi, you risk being victim to a MITM (man in the middle) attack. This happens a lot at airports and other free hotspots.  Information, often sensitive, is passed to another person, but along the way is intercepted by another person.  Let's examine the scenario.

You're at an airport. You're bored to tears waiting a couple of hours for your flight. You discover the airport has a free hotspot so you jump on to check emails, browse the web, etc. Hey it's free, right? You are hooraying because you don't have to spend money. That's where the hurrahs stop!

When you connect to an insecure wireless, anyone in range can record what is going onto the internet. It's called sniffing. If that traffic includes your username and passwords, then you are giving those passwords to someone who has enough time on their hands to sift through a lot of nonsense to get to your passwords. Once they have your password to your email, then they can gain access to your other accounts, like banking which is why I recommend a separate email address just for money matters. (And not a free email account, a paid one!)

You have to be on guard against MITM attacks wherever you are. Even at work. Say someone new comes to your office and sets up a wireless router in the office so they can plug many devices into the network. Even they don't realize they are doing anything wrong. If you see a wireless router in a coworker's office, let your manager know. Probably it was just a mistake, but that mistake can leave others open to account hacks and identity thefts.

Be safe out there and avoid MITM attacks by never connecting to insecure Wifi!

Thursday, March 7, 2013

Fakers! Posers! We don't like you!

Fake IDs are all the rage with young people. Even if you are  beyond the age where  you are even carded anymore when you order a glass of wine you still  have to be on guard against fakers. All kinds of them are out there in force. They'll dupe you if you are not always on guard against them.

There's some ways to spot these fakers:

1) They email a long list of email recipients and all their names start with the same letter. That means a webcrawler (software tool bad guys use to come up with email addresses off web pages) has gleaned your email addresses and an attack is starting. Delete without opening.

2) You receive a zip or exe file unexpectedly from someone you don't know. The more clever ones will use clever addresses like scanner@yourcompany.com and support@yourcompany.com.

3) Obvious mistakes exist in the email like they are talking about your Epson network scanner when your company doesn't even buy network scanners from that company.

4) There is bullying going on. IT techs are usually pretty polite people. If they are not, they don't last long in IT. Then you get this email from emailadministrator@penfedrealty.com (that email address is non existent) telling you that you must log in and change your password from 6 characters to 8 characters using the link provided or your email account will be deactivated. Whoa! Really? Back off you cyber bully!

5) Faker domains are also used a lot. What if you got an email from it@yourcompanyIT.com? Would you open it? Please don't! It's a faker domain and there's nothing but trouble in that email. You'll also see faker domains when you google. This mistake happens a lot with those of you who have a bit of computer knowledge. You google something to find the answer and click on a domain that isn't safe because they've registered a poser domain. Things that your download from hp.com are MUCH more safe than things you download from everythingyouneedhp.com.

Stay safe. Stay diligent. Hope that helps!