Tag Archives: encryption

ALERT! – Specter and Meltdown Security Flaw – ALERT!

Regardless of what computer you own, Apple or Windows, Spectre and Meltdown security flaws affect you. Security researchers recently revealed the details of these two microprocessor security flaws. Chips made by Intel, Advanced Micro Devices (AMD) and others are in billions of devices making them sitting ducks for hackers.

Devices with these chips include phones, tablets, PCs, and computer servers. Exploiting the vulnerability opens the door for hackers to steal personal data, passwords, cryptographic keys, and other supposedly inaccessible information from device owners. While the average consumer should exercise caution the impact on business could be devastating. 

The Meltdown flaw only runs on Intel chips while the Spectre flaw can affect devices with virtually any modern processor.

Computer microprocessors handle data like a passwords or encryption keys. Normally these are kept from other apps. But both Intel and AMD pride themselves on the speed of their chips. To do this the chips use whats known as “speculative execution” to try to guess answers that may be needed if a chain of calculations came out a certain way. Since the delay in calculations can be predictable researchers found that a rogue app could guess where confidential data was located in a chip’s memory and steal it.

Regardless of your web browser, Google Chrome, Apple Safari, or any version of the Windows family, they all use Javascript code.  Hackers could introduce a data stealing Javascript program and post it on any chosen web site. Your browser app would automatically run the rogue code like it was an ordinary part of the site’s features resulting in your data becoming vulnerable or stolen. As you can see this is an extremely grave threat to business computing.

Although this vulnerability is now known there is no evidence anyone has used it…yet. And that is where the danger lies. The danger of these flaws is so great that tech companies  swung into action quickly to fix the problem. Perhaps too quickly.

According to various news sources the Microsoft patch to fix the flaw has been damaging some devices.  In some instances the computers are suffering performance problems while others have been bricked. A bricked computer is frozen and unusable. The problem has become so bad that Microsoft has halted issuing the patch for both Spectre and Meltdown for AMD equipped computers and devices.

Intel’s CEO Brian Krzanich addressed the Meltdown and Spectre issue as the keynote speaker at the Consumer Electronics Show in Las Vegas. “I want to thank the industry for coming together to address the recent security research findings reported as Meltdown and Spectre,”  said Krzanich. He called the response to the issues a “collaboration among so many companies.” Krzanich promised that “for our processors and products introduced in the past five years, Intel expects to issue updates for more than 90 percent within a week, and the remaining by the end of January.”

Browser makers have swung into action to combat the flaw. Users of Google Chrome should turn on a feature calledsite isolation.”  The feature prevents malicious Javascript from accessing sensitive data. Google will soon release an update to Chrome’s Javascript feature that will improve protection against Spectre attacks, however, browser performance may suffer.

Microsoft has already issued a Windows security update for its Internet Explorer and Edge browser apps labeled “KB4056890” to protect against Spectre. According to Microsoft the update will change the browser’s features to protect confidential information in a device’s CPU. But make sure you check if your device has an AMD chip before using this patch.

Firefox maker Mozilla said its newest apps changed several features to make Spectre attacks more difficult. Released on January 4th, Firefox version 57.0.4 includes the new protections. Mozilla said in a blog post that it is studying additional ways to strengthen security against the attacks. “In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers. This project requires time to understand, implement and test.”

Apple is planning to release an update to Safari in “coming days” to protect against Spectre. Early tests of the Apple updates showed a minimal impact on browser performance. For additional information on Apple products click here.

 

 

 

 

 

 

 

Cryptocurrency – What’s It All About?

What is cryptocurrency? Or you may call it Bitcoin. Where does it come from? How does it work? Is it real money? In case you haven’t heard we are in the midst of a monetary revolution. Many people are raving about Bitcoin. Some say it’s the money of the future. Others are saying it’s a scam or worse. So what’s it all about?

First of all lets clear up the definition. Bitcoin is cryptocurrency but not all cryptocurrency is Bitcoin. As a matter of fact there are as many as 1,000 different brands of cryptocurrencies. Bitcoin is just the most valuable.

What is Cryptocurrency?

Cryptocurrency is a digital form of currency that is different from real money. Money or currency is produced by banks and nations who create the money’s value based economic strength. This money is managed through a central banking system of that nation.

How is cryptocurrency different?

Transactions of traditional money are controlled, taxed and tracked by banks and nations.  Cryptocurrency transactions are made with no banks or governmental interference.  Some economist and investors like to say that transactions are frictionless. Cryptocurrency users are anonymous . So essentially cryptocurrency is stateless money with no banks and the users are completely unknown. That is until they change Bitcoin into real cash. 

Where did cryptocurrency come from?

Satoshi Nakamoto, the inventor, created Bitcoin in 2009. He has never been seen. No one even knows who or where he is. He may not even be a single person but a group of programmers. No one really knows. So cryptocurrency’s origin is a mystery. However, some believe that the National Security Agency has identified him. As usual the NSA has declined comment.

How is it created?

Cryptocurrency is created or “mined” using computers to solve incredibly complex math problems. Performing this work eats up a lot of electricity. So much electricity that you could never make a profit with the average computer. Cryptocurrency “miners,” as they are called, have begun building their own computers or hijacking other people’s computers to create Bitcoins. This has become known as Cryptojacking.

Mining a Bitcoin is not easy or cheap. Bitcoin’s value is about $6,000. How many Bitcoins would you have to produce to deal with a monthly $6,000 electricity bill and still make a profit? 

After a computer solves a series of problems it becomes known as a block. The blocks is then verified by other users and, once confirmed, are added to what is called the blockchain. The blockchain grows rapidly with a new block being added about every 10 minutes. A blockchain is a record of the Bitcoins created. It also records Bitcoin transactions that can never be changed. The blockchain never ends and is not hosted in single location making it immune to hackers.

How do you store or spend Bitcoins?

Bitcoin transactions move between users like email. Each transaction is digitally signed using cryptography and goes to the entire Bitcoin network for verification. These transactions are open to the public and can be found on the blockchain. All Bitcoin transaction leads back to the point where the Bitcoins were first mined.

Bitcoins are kept in a bitcoin wallet or the digital equivalent of a bank account. You can download the Bitcoin wallet from the Google Play store or iTunes. Your wallet allows you to send, receive and store Bitcoins. 

To complete a Bitcoin transaction you need two things; a public encryption key and a private encryption key.

Public keys or Bitcoin addresses, are random sequences of letters and numbers that work the same as an email address or username. Public keys are safe to share. You must give your Bitcoin address to receive Bitcoin. The private key must keep secret. This private key allows you to spend the Bitcoin.

Is Bitcoin real money?

Well, that is where Bitcoin may run into problems. First of all Bitcoin must meet the current standard of what money is. There are four basic standards for money.

ScarcityThere can be a only a limited amount available to secure its value. There can only be 21 million Bitcoins in the world. Right now there are about 9 million Bitcoins. Once it reaches 21 million no more Bitcoins can be mined.

Durability It must stand up to constant handling with no maintenance or special treatment. Bitcoin is completely digital and is never actually touched but human hands. However, Bitcoin is vulnerable. User error can cause the loss or destruction of Bitcoins. Users have lost or forgotten their private key making access to the currency impossible. Recently a a single user error caused the destruction of over $300 million worth of Bitcoin. So durability is an issue as well as security.

FungibilityIs every Bitcoin worth the same.  Let me make this simple for you. According to CoinMarketCap.com there are 1,037 different cryptocurrencies available. So not every one is worth the $6,000 I spoke about earlier. 

PortabilityCryptocurrency can be carried anywhere you carry your smartphone just like cash. So it is portable.

Breaking It Down.

Cryptocurrency is growing in acceptance but is not yet considered a viable currency. Its value is unstable and it is considered  an unacceptable risk by most financial experts and the coin of the future by others. In addition, governments are now examining the cryptocurrency phenomenon. Its anonymity makes it useful for crimes such as drug dealing, terrorism, money laundering and tax dodging. So the future right now depends on the view world governments take. A single law or crime could bring the whole thing to a halt or change the very definition of cryptocurrency.

 

Tax Season 2017 – Fighting Identity Theft

There are two seasons that cyber criminals celebrate; Christmas and tax season. African-Americans should understand that protecting themselves during this time is especially critical  A 2011 Federal Trade Commission national fraud survey revealed that African-Americans were almost twice as likely to be victims of fraud as whites.  African-Americans were victimized 17.3 percent of the time compared to 9 percent for whites.  For Hispanics 13.4 percent reported being fraud victims. To top off these disturbing numbers is the fact that black and minorities often don’t report fraud because of embarrasment.

Tax season used to be a multi-billion dollar hunting season for identity thieves. But the hunting may not be so good this year. Because of IRS work identity theft has plummeted by 46 percent.  376,000 fewer taxpayers had their identities stolen by criminals.

In the past two years the IRS, working with major tax preparers, started sharing information to improve tax payer security.  Congress has also given the IRS more tools to prevent criminals from getting fraudulent tax refunds. This allowed the IRS to identify and block over 1 million phony tax refunds last year. 

Federal authorities crushed a massive identity theft ring in Alabama and Georgia in 2015. Those thieves collected $10 million in fraudulent refunds. Cyber criminals are merciless. This scam even targeted veterans of the Afghanistan war being treated at Fort Benning’s hospital.

Last year another ring in the District of Columbia was taken down as they tried to steal more than $20 million in fraudulent tax refunds. The victims included people in assisted living facilities, drug addicts and prison inmates.

Technology deployed at the IRS in recent years identitfies potential fake tax returns. Now the IRS can flag dramatic differences in a taxpayer’s return from year to year for additional screening.

The earned income tax credit is a big target for identity thieves. The IRS was holding refunds until Feb. 15 for families claiming this credit. These credits provide payments to people who don’t make enough money to owe any federal income taxes. This makes them attractive to identity thieves.

Protect your personal nformation during tax season by following these steps.

  • File early, even if you owe. Filing  your return early prevents anyone who has stolen your information from filing a fradulent return. The IRS will only accept the first return even if the thief has your social securty number.
  • Encrypt your data. Encrypted data is secure even if your laptop is stolen. There  is plenty of free encryption software available. PC Magazine recently published The Best Encryption Software of 2017. And using it is not that hard. If you can create a password you can encrypt your data.
  • Buy a decent shredder. Destroy any document with any personal information, especially your Social Security number. Any small bit of information helps a cyber thief and they are not above going through your trash can. These thieves have been known to drive through neighborhoods picking up trash! Any personal papers that has your bank account or investment account information should be shredded before disposal.
  • Use strong passwords. Learn to construct powerful passowords that are easy to remember. And change them often.
  • Keep your computer software up to date. Use a good anti-virus/anti-malware. Some cyber thieves can install spyware on an unprotected computer and steal your information.
  • Be aware of phishing attacks. Phishing is when you recieve an email or call asking for information using very sneaky questions. This is a form of social engineering. Don’t respond or click on email attachments or links. Anybody calling claiming to be from your bank or the IRS should be hung up on and reported. Banks and the IRS don’t call asking for information. These callers can be insistent and even threatening. Just hang up and investigate on your on by calling the IRS or your bank. DON’T GIVE ANY INFORMATION OVER THE PHONE! And remember, if anyone calls asking for money you should be the one asking the questions.
  • The IRS does not ask for money NOW! The don’t ask for money to be tranferred via a payment card. They don’t ask for credit card or debit card information. The are not coming to your house to arrest you. If someone threatens you with anything like this they are thieves. If you get a suspicious email or phone call, do not respond. Immediately call the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490.
  • Is someone else preparing your taxes? Here what you need to be asking;
    • How will my data be stored?
    • Will it be encrypted?
    • What computer security software is used?
    • Who has access?
    • Have those with access been properly screened?
  • Do not transmit tax returns or sensitive personal data on public WiFi. That means Starbucks or the public library. This is prime hunting ground for cyber thieves. These hackers wait and watch wifi traffic for an unprotected computer. The can intercept and record your online activity stealing your information or even hijacking your computer.
  • Check you credit report at least annually. You can get all three free credit reports from AnnualCreditReport.com. Remember this is the only credit report website authorized by the federal government.

Don’t be a victim during this tax season. Be aware!

How the Cloud Improves Internet Security

masergy-transparent-2Convenience, economy and improved workforce productivity are just some of the benefits that are emerging as the result of cloud computing. And, despite some initial concerns regarding the security of cloud computing, discussions about the cloud at many companies are no longer asking whether they should move, but why they have not yet done so. For organizations who are still on the fence about deciding whether or not to move over to the cloud, the good news is that the various cloud computing practices of today can actually help to improve security. We’ve taken a closer look at just some of the security benefits of cloud computing.

Increased Storage Methods

Chances are, if you only have one of something, it will get lost or broken. When it comes to cloud computing, company data can be better protected due to the fact that the cloud provides companies with a multitude of different options for storage. By using not only a range of storage options but also a layered approach which includes critical elements such as encryption, strong access controls, and security intelligence, data stored in the cloud can be more secure than any other space. There are also a range of cloud computing security tools which you can use to add an extra layer of protection, such as the MPLS Network and security products from Masergy.

Reduction in Human Error

As people, we can all make mistakes, whether it be due to misunderstanding, tiredness, or getting something mixed up after being overloaded with work. However, computers don’t make these mistakes, and there’s no chance of them being tired, overworked or having a bad day. All of this means that security in the cloud is even more enhanced. Since cloud computing provides better levels of security, even a laptop or other device which is lost, stolen or damaged becomes less compromising. According to reports, laptops are lost more often than you may realize – each year, a huge 800,000 laptops are left in airports around the world. One of the biggest security benefits of cloud computing for companies is that even if devices are lost, data can still be accessed in the cloud.

Stricter Standards

When you use cloud computing, you can be assured that security in the cloud is held to higher and stricter standards than all other types of security. A multi-billion-dollar industry, a huge part of cloud computing’s success is based on cloud vendors’ ability to keep their customers’ data safe. Due to this, the security standards which they must adhere to are high. When using cloud computing and solutions, security is actually increased due to the strict International Organization for Standardization (ISO) standards which all cloud computing providers must adhere to, along with other, regular security audits.

Initially, there were many concerns about the security of cloud computing. But, with more and more businesses moving over to the cloud, using cloud computing and solutions for your company or personal data storage could actually be the safest option.

By Bill Clark

Bill is a freelance journalist who specialises in writing about culture and the arts, however will write about anything that piques his interest including business, travel and lifestyle.  @BilboClark01

App of the Week – PaidEasy

Save easyDining out is not as easy as it looks especially when you are dining with friends. You know the ones who look the other way when the check comes. Then there is keeping track of what everybody ordered and making sure the check, with tip, is correct. Then you have to take the risk of surrendering your card to a stranger who disappears and returns with the check and a smile. What happened to your card when it was out of sight? That’s why PaidEasy is the App of the Week.

PaidEasy is the new comer to the mobile payments arena but the rookie has got game. The PaidEasy app is described as  “the quickest way to discover merchants, search offers, and open and close bills.”

This payment app uses iBeacon technology to swing into action the second you walk in the door syncing with the merchant’s point-of-sale (POS) system. This rapid fire sequence allows the waitstaff to immediately add items to the bill without having to disappear with your credit card after the meal is finished.

And for those  freeloading friends of yours separate checks is really easy for everybody concerned. The customer can pay immediately with PaidEasy or, get this, just walk out the door knowing that the tab will close within 45 minutes (and include a tip).

But the miracles don’t stop there. PaidEasy provides the merchant with improved table management giving restaurants the ability to address walk-ins and cut down on table turnover.

Want more? The app integrates with Uber, Yelp, and Apple Pay easing the trip to the restaurant. Paid Easy allows customers get to the restaurant, place there order, and choose their payment method. PaidEasy even takes the surprise out of the price by allowing customers to view their bill at any time during the meal.  The final glorious benefit of PaidEasy that the app encrypts the customers credit card data so payment information never visible to the merchant.

PaidEasy is free and currently only available for Apple.

 

 

EMV is Coming! EMV is Coming!

chipcardOctober is EMV card month. And what is EMV? Currently there are 1.96 billion credit cards in circulation and they are about to change. Black people all over America are walking around with a credit or debit card in their purse or wallet. So we need to know and understand what EMV is and how it will change the landscape of credit card use starting in October. So lets get started.

First of all next month the way you use your credit or debit card will change. The first thing that will change is the card itself. America is the last major market on earth to switch to the chip embedded card. Why? The short answer is laziness, stupidity or ignorance by all involved. If you have not already received your chip embedded card now is the time to call your bank or card provider and ask when you should expect it.

The new card is called the EMV which stands for  Europay MasterCard VISA after the people who invented it. The first noticeable difference in the new card will be the chip, which is the small silver or gold chip embedded in the front of the card. Because of this chip the card should be more secure than the current magnetic stripe card you may still be carrying. Magnetic stripe cards save static payment data that can be copied, stolen or skimmed from one card and put onto another. This duplicate card data is then used to make all kinds of fraudulent purchases. Magnetic strip cards are simply outdated and notoriously insecure. The EMV technology adds a layer of security to the payment process.

EMV card readerf

EMV Card Reader

The EMV card works a little differently. The chip you see on your card has encrypted data. EMV card readers can read that data. Each purchase made with an EMV card creates a individual code unique to that particular purchase. If a hacker got a hold of that code he would not able to use it. You should be seeing the card readers in stores already. Once you slide your card into the reader, no more swiping, powerful cryptographic functions validate the authenticity of the card and cardholder. Bottom line is the encryption makes it extremely difficult to create a duplicate or fake card. But keep in mind that the magnetic strip is not likely to disappear from cards. Many small merchants will continue to use the old style card reader.

When you pay using the EMV card reader your card is instantly identified as being authentic by a process called dynamic authentication. When used with a PIN, the chip proves that the customer is paying with his or her own card.

Another change coming in October is the liability shift. A liability shift means that the responsibility for credit card fraud shifts slightly from just the card issuer to a shared liability of both the issuer or merchant that doesn’t use EMV technology. This change provides both parties with an incentive to adopt the technology. However it is not required that either party switch to the new technology. Why? Lets keep this as simple as possible; some issuers and merchants may still feel it is cheaper to take a loss on card fraud than to invest in the new technology. Is that simple enough for you?

NerdWallet’s Sean McQuay, a credit card expert and former VISA strategy analyst says, “EMV is a powerful tool, but it’s only effective if both consumers and merchants are ready to use it for transactions. Consumers need chip cards and merchants need chip readers. If only one side has upgraded to EMV for a specific transaction, then the upgrade was a waste.”

But will EMV solve all of our card security concerns? Probably not. This new technology is great but not perfect.

For example; in person transactions would definitely be more secure. Not so with thecard not presenttype of transaction such as purchases by phone or online. Using your card at the gas pump will continue to be dangerous since gas pumps aren’t required to implement the new technology until 2017. So this type of fraud is expected to increase.

So learn to protect yourself. Hackers are going to be going after those store that don’t use the new EMV card and card readers. That’s the first place you are vulnerable. Avoid those stores whenever possible by keeping a little extra cash in your pocket. And demand the new card from your bank or issuer. If they have decided not to go with the new technology then you may want to got with an institution that does.When shopping online avoid unfamiliar or unsecure websites. When you see “https” at the beginning of the payment page’s URL that means it is a secure payment site. Avoid it if you only see “http.” Change your user name and password regularly if you store your card information with any online retailers. Avoid sending credit card information via email or social media. 

Finally, criminals work hard too steal your money. The technology arms war n isever ending and hackers have already developed methods for hacking the EMV cards. Read on!

Here is more of what you need to know about the new EMV card technology.

Federal Reserve say Chip and Signature Not Enough.

Bad Guys Already Compromising Chip and PIN Cards

Now you know.

ALERT! CareFirst Health Insurance Hacked…Last June ALERT!

carefirstbcbs2color_2According to a Wall Street Journal report Washington, D.C.-based not-for-profit health insurer CareFirst BlueCross BlueShield announced Wednesday it had suffered a major data breach…last June! 

The data breach was announced Wednesday, following cyber security firm FireEye completed review of the attack late last week.

Hackers targeted and gained access to the personal information including birth dates, names, email addresses and subscriber information of over one million of its customers. 

“This breach provides further evidence that cyber security defenses in the healthcare industry are still one step behind sophisticated hackers. The first question to ask is: was the compromised database properly encrypted? Encryption is widely recognized as a best practice and it is vitally important for a company like CareFirst, which is handling sensitive patient information. Healthcare companies are prime targets for hackers,” Greg Kazmierczak, CTO of Wave Systems, told DC Inno.

CareFirst, along with Anthem Insurance and Primera BlueCross, becomes the third major health insurer this year to report a data breach. CareFirst has hired FireEye to investigate the breach and mitigate the damage.

“The intrusion was orchestrated by a sophisticated threat actor that we have seen specifically target the health-care industry over the past year,” FireEye said in a statement.

A representative of CareFirst stated that the compromised database “contained no member social Security numbers, medical claims, employment, credit card or financial information.” The insurer also stated that when they first detected the attempted attack last April, they believed they were successful in deflecting the infiltration.

But criticism of CareFirst has already begun. “Not only should the database have been encrypted, but access to the database should have been protected by 2-factor authentication. By having multiple identifying factors, it is dramatically harder for a hacker to gain entry into this type of database. While CareFirst stated that social security numbers and credit cards were not held in the database, access to names, birth dates, and email addresses can lay the groundwork for future intelligence gathering and cyber intrusions. Without strong encryption and access management, expect medical fraud and identity theft to run unchecked,” Kazmierczak said.

Breaking It Down

This is simply another sign of sloppy data handling by a major company. This should have never happened to CareFirst. But what do you expect when you have absolutely poor data security standards in the health care industry. Another sad fact is that the company experienced this data breach last year but is just announcing it now. Thats why we have to have a national data breach standard law and we need it now! CareFirst is trying to make its customer feel better by saying no information such as social security numbers, medical claims, employment, credit card or financial information was in the data base. So what! The information that was there is enough for a cyber criminal to use to hijack an email account, launch a phishing campaign, or even steal an identity. With the information they did get they can get the rest.  As for black people who ask “what does that mean to me?” I just told you.

Easy Ways to Protect Your Privacy

Teaching black people about the digital age is what this blog is all about. And black people need to understand what information collection is and stop surrendering so much of it. We ignore the incessant collection of personal information for the sake of convenience. In the end it doesn’t just demean us but all people. Information is the currency and the commodity of the digital age. The more you have the better off you will be. So whatever information you have left here is how to keep it and, in some cases, re-claim it.

First of all I could tell you to use a good password to protect your devices but that would be wrong. Use a good pass phrase. Most devices like your phone or tablet use just four characters to unlock it.That means its could take as little as 9,999 tries to unlock it. Don’t use your address or birthdate or any easy number to guess. Don’t use the pattern recognition thing either. My niece unlocked my phone on the first try just by looking for the greasy smear on the screen. It can be seen if you hold the devices at the right angle. Try using a picture choice instead. But use something.

Most black people don’t like you going behind their back to learn something about them. Its just not cool and very sneaky. So if you want to know who is looking you up then use Google Alert. This service allows you to keep track of when your name is searched online. Yeah, Google will sound the alarm if anyone searches your name. Go to http://www.google.com/alerts enter your name, and any variation of your name with quotation marks around it. But be prepared to get a lot of feedback because I’m sure you’re not the only person with your name in the county let alone the world. But if your name is unique then you got a chance. You can also do it for your children, your business or that new person you’re dating. This is especially helpful if you are job hunting. You will know if a potential employer is searching your name online.

Sign out of your online accounts when you are done. You know; the same online accounts that you are now using pass phrases instead of passwords; remember? That means email, social media, banking, shopping, everything! This will reduce the ability to track your web surfing. I hope you’re not using a public computer. If someone came along behind you they could get a look at your activity just by hitting the back button. Even if you’re using a friend’s computer sign out! Leave those accounts open and suffer the consequences. Did you know that the public library is a prime spot for identity theft?

Don’t share your email, phone number or zip code unless its ABSOLUTELY necessary! Why the hell do stores ask for your zip code or email address at the checkout counter? Because they are collecting information on you that’s why?  African-American consumers should refuse handing over anything except cash at the checkout. Like I said, stores are building a profile of you and what you buy. Don’t be so helpful. 

Use encryption on your computer. By encrypting your computer no one can access your files without a pass phrase.  Let’s be real you could have malware on your computer that allows someone to access to it. It happens. If you have a Mac go to your settings, select “Security and Privacy,” then “FileVault,” click the “Turn on FileVault” option. You’re encrypted! For you PC owners use Bitlocker.

If you use Gmail then you want to use Two Step Authentication. This process turns your phone into a security assistant. If you want to access your Gmail account from a new or different device you will need a special code that arrives in your phone as a text message. So even if someone gets your password there is no way they’ll able to use it to sign into your Gmail account. Google claims millions of people use it and “thousands more enroll each day.” You’d be smart to be one of those people.

If you don’t want anyone to know what you’re buying pay cash. Yes, cash is king! Even in a digital economy it’s still accepted worldwide and no one can trace it back to you.  So when it comes to the sensitive  or embarrassing items just pay cash and no one will know and no embarrassing ads will show up at your home in your email.

Don’t be stupid on social media. Make sure your settings only allow your friends to see your posts. Don’t like anything. Trust me, they are doing fine without your help. Don’t friend the friend of a friend. Keep strangers out of your life until they prove they are worthy. Don’t use your picture or your children’s picture on the page. Ask your friends not to tag you in pictures. And be cautious about what you do post. I like to post things two weeks after they happened.

Clean up your browser history and those unwanted cookies at least monthly. You can set your browser so that it erases your history after every session. Simply to the  go to the “privacy” setting in your browser’s  options and set it to clear browser history and cookies when you close it. That’s how you cut down online tracking. You can also use the add on called TACO. This also helps to reduce online tracking. Anyone can look at a computer and check the browser history to see what websites you been to. Keep that in mind when someone is using your computer. Most websites use cookies to track you. Delete them frequently. They tell anyone who looks where you been as well. I am a big fan of keeping my computer clean and secure. See my post here.

Make use of an IP masker. Tor browser is an excellent way to hide your online movements. You can download Tor or use another browser add-on  like HideMyAss.com. The objective is to prevent companies and other information collectors from following you around the web. Its really creepy to know that somebody somewhere has a lists of all the websites you visit and what you’re looking at. But, yes someone does.

Keeping your information yours is extremely important for black people. We have a problem because we don’t know how this information is used. And we know its sometimes used against us. Information collection has become a huge industry; an unregulated industry. So these companies are watching you and everything you do with impunity. Are you gonna play along?

Now you know.

Home Wi-Fi Security

ID-100109816

Courtesy of Stuart Miles

We are in the era of wireless connectivity. Most African-American homes have an Internet connection that comes through the cable or telephone wires. But once inside the signal goes to a wireless router that allows you to access the Internet. Your home Wi-Fi allows you to use your laptop, tablet or other device anywhere in the house. It works using radio signals. It’s called home Wi-Fi security for a reason. But you knew that. Now for what you don’t know.

Those radio signals can travel well beyond the walls of your home. You may not know it but someone could be piggybacking on your Wi-Fi signal. Yeah, your neighbor maybe getting free Internet because they can use your unsecured wi-fi signal.

But the situation could be worse. There maybe someone sitting in a car close by using your Wi-Fi. Maybe they are watching and recording everything you do online. If your home Wi-Fi is not secure then you could be asking for trouble. A wardriver or wardriving is a person who searches for Wi-Fi signals from a moving vehicle. These wardrivers actually map Wi-Fi networks and put the information on the Internet for all to see. Wigle.net offers a mapping service where you can find almost anybody’s home network and sometimes the devices on the network. They sometimes even designate which are open or unsecure. Is that your home Wi-Fi?

ESET Senior Research Fellow David Harley says that “for many users, a few simple steps could enhance security without having to grapple with complex software, or buy a new router. Taking a few simple precautions  would enhance security for quite a lot of home Wi-Fi users – though I don’t have any statistics to say how many networks are relatively insecure.”

Securing your home router is a top priority because that is your door or gateway to the Internet. If you leave it open anybody can walk right in. Let’s look at how to secure your home router.

1. Make sure your firmware is properly updated. Firmware is the code and data that makes routers work. You can compare them to a computer operating system. But the big difference that updates for firmware often have to be installed manually. To update your router you need to find the routers model number. Its usually on the router itself. Look on the back or bottom. Then visit the manufacturer’s website to see if there is a newer version. Download the update to your computer. Then access your router’s controls via its internal IP address.  This is usually standard for each manufacturer. You can also find it in your manual, or on the manufacturer’s site. You can also contact your Internet service provider for help. Most provide tech support for these things.

2.Change your passwords. Many routers come from the factory with default passwords. If you never changed it then its probably something easy like “123456” or “password.” You can also find just about any manufacturer’s default password on the Internet. Portforward.com lists hundreds of default passwords by manufacturer.

Harley says that users should always, “Change default router administrator usernames and passwords, and change the default SSID.” The SSID is the name of your network. This SSID is broadcasted beyond the walls of your home to anyone within Wi-Fi range. Not changing your default password is makes it easy for a hacker. From your SSID the hacker can learn the model of your router and whether you are using one supplied by your service provider. When you do change your network name make sure to use a name that does not identify you. Don’t use your address or your first initial and last name. Avoid any personally identifying information. 

It might be worth it to considering making your home Wi-Fi a “hidden network. This disables the broadcasting of the SSID’s name. It makes you less visible to attackers. To connect a new device, simply type in your network’s name on the gadget.

Harley warns when you perform a router software update your settings may revert back to factory settings. “After any update, check these settings have not reverted,” he says.

3. What is your router’s encryption setting?  If you find that your router is using the old WEP then you better update. New routers use the more secure WPA2 encryption standard. If you have had your router for more than two years then you need to check it. “Don’t use WEP encryption, if anyone still is,” Harley says. “If the router doesn’t allow anything else, time to change it. WPA2 is reasonably secure. Even if you had trouble connecting a tablet or other mobile devices to your network, leaving it “open” is always a bad idea. Harley says, “ If you’re not using encryption at all, fix it.”

4. Who’s using your network? As I said earlier; someone in your neighborhood could be using your Internet. Happens all the time and no can really say of if it is legal or not. But i’ts your Internet connection. You pay for it.

Your PC, tablet, game console, cable box,  DVD player even your phone has a unique identifying number known as a MAC address. Accessing your router’s settings permits you to choose which devices can connect to your network. This usually prevents any freeloading neighbor from logging in on your network.

You can add the MAC addresses of any devices in the home to the router’s authorized list. No other device will then be allowed on the network. You can find smartphone MAC addresses and other portable devices under their network settings. If not then check with the manufacturer.

Finally take some time to watch the online video provided by Welivesecurity.com that gives basic steps to secure your home router.

Now you know.

Heartbleed Bug: Latest Updates & News

Heartbleed

Heartbleed

According to a report in the Washington Post the Heartbleed bug maybe getting worse. As websites and companies work feverishly to update their systems and networks the effort may slow Internet traffic to a rush hour like crawl. As Internet users work overtime to change passwords the effort may simply not be enough.

Some Internet reports give a failing a grade to the Internet industry as a whole, that includes governments and websites.

 

Many Internet users may have jumped the gun by changing their passwords too quickly. Banks and other sensitive websites may not have updated their websites when the passwords were changed meaning the new passwords is as vulnerable as the old.

But it is important to know what passwords you need to change immediately and what websites have bee identified as being vulnerable. Mashable is one of many websites that offer a list of websites that you need to change your password as soon as possible.You may also want to know what sites are vulnerable so KrebsonSecurity offers s ome tools to use to investigate sites you may use.

As with all tragic events the human slime seems to appear on the scene all too quickly. Scammers have already begin using phony email phone calls and websites to steal information from people seeking help.  So Internet users are warned to beware of emails claiming to offer Heartbleed detection services.

Many of you have more than one device that connects to the Internet and no doubt at lesst one of them is an Android device. The Heartbleed bug has impacted millions of Android device as well according to the Huffington Post. People using the Android version 4.1.1 should not use it for sensitive financial transactions.

For those of your using Apple iOS and OS X count your blessings. The Heartbleed bug does not seem to be having any impact at all on those computers. But that does not release you from the responsibility of checking the websites and services you use for the vulnerability.

 

Original Post, April 9, 2014 – Heartbleed, the Internet’s newest nightmare. Heartbleed is an Internet bug that exposes a flaw in the OpenSSL cryptographic tool.  Basically this is the program code that permits secret communications between applications over the Internet. These applications include email, instant messages, and virtual private networks.  So you’ve never heard of OpenSSL.  If you use the Internet at all it’s part of your life, in a lot of different ways. Almost every app used, every website you visit; if the information sent back and forth between you and the site is encrypted then there’s a good chance they use OpenSSL to do it. How do you know if the information is encrypted? Look for https in the address bar or that little lock. Did you use your credit card on the site? Its probably encrypted.

Apache web servers powers nearly 50% of all web sites and utilizes OpenSSL. This bug permits anyone on the Internet to access the memory of any computer system protected by the vulnerable version of the OpenSSL software. According to expert reports Heartbleed exposes millions of usernames, passwords and credit card numbers.  The real terror of the Heartbleed bug is that it may have gone two years without detection and as many as 500,000 servers may be vulnerable. Some experts are even declaring that Heartbleed is the worst bug ever. This bug impacts anyone and everyone who uses the Internet.

“When all the net security people you know are freaking out, it’s probably an okay time to worry. This afternoon, many of the net security people I know are freaking out.”- Greg KamparakTechCrunch

According to Internet security firm Codenomicon, who discovered Heartbleed, the vulnerability is deadly serious. The company reported they broke into their own systems without using any special passwords or insider knowledge. They were able to steal user names, passwords, crypto keys and business documents and left no trace of their attack. This means that any company using the vulnerable OpenSSL may have been attacked and robbed of valuable data and not know it.

While there is a fix available there is no evidence of how much damage has been done or who it was done to. As a result you may want to change passwords on your banking and financial sites. Is your bank vulnerable? One way to find out is by visiting the Lastpass.com blog. They offer a free service that allows you to check if your bank or other sensitive website has a vulnerability.

Breaking It Down

I was told once that locks only keep honest men out. And that is pretty much how the Internet works. If it can be hacked it will be hacked! My blog believes in Less Tech-More Knowledge so I am gonna make this as simple and tech free as I can. The Heartbleed bug leaves sensitive information and networks open like a 24-hour Walmart!  Every banking transaction record, every Facebook post, every email and instant message whatever you shopped for online and whatever you did online is now open to  web hackers who attack that OpenSSL flaw. The sad part is that it is really too late to consider taking action. Its been two years and I guarantee that someone has exploited this bug.  Are you personally vulnerable? Probably not. There are bigger fish out there and that is what a hacker is looking for, The big bank accounts. The big data banks. That’s probably not you. But make no mistake this is bad news.

For companies, whatever competitive advantage you had could be gone. Trade secrets; POOF! Gone. Proprietary information and research? POOF again! So now your customer list is out there. If you run a charity your donor list may be gone. Maybe you were doing market research for new product. GONE!  I can spend all day talking about what you may have lost because of this bug but I won’t.

When you hear of these bugs it is likely that foreign governments and intelligence services have been at each other stealing whatever they want. They steal from us we steal from them. Its all part of the game. Like I said before, locks only work on honest people.