Monday, July 25, 2016

Beware cyber scams around the Olympics

According to the Weekly Digest Bulletin issued by the Department of Homeland Security (DHS), we should all be on the lookout for cyber scams about Rio 2016. These can come to you via fake web sites, phishing emails or SMS text messages—perhaps even by phone.

What do do? 

Stay on your toes and be wary of any message that you receive or encounter about Olympics tickets or merchandise while connected to the Internet. Remember, these can present themselves as ads on just about any web page you visit.

Only input your credit card or other personal information on web sites that you know and trust. Watch out for fake domain names containing "rio" or "rio2016" in the address bar of your web browser. Think before you click.

Inform yourself. For more details about the following types of scams, see this RSA blog entry:

  • Fake tickets to Rio 2016 Olympics
  • You've won tickets to Rio 2016
  • Counterfeit Olympics merchandise
  • Mobile threats

Saturday, July 23, 2016

Using Apple devices? Update them today

If you have an iPhone, iPad, Mac, Apple TV or Apple Watch, it's a good idea to update the device right now. Today.

The flaw being discussed in the news this week allows a hacker in through a simple text message or email sent to your Apple device. Once in your system, the attacker can take over your device.

Depending on your configuration, if your device is set to display images automatically, which is the default setting, no user interaction with the malicious message is required for the hack to be successful. All the user has to do is open the tainted message, thereby rendering the exploit-tinged image contained in the message. This makes the attack difficult to detect.

On your iOS device, use the Settings app to update the operating system.

For more information, see iOS flaw lets hackers access iPhones using an iMessage. The video is quite helpful.

Saturday, July 16, 2016

Pokémon Go: Understanding the security and safety risks

You have probably heard about the new Pokémon app, which has gone viral. Pokémon Go sends smart phone users out onto the street to real-world locations (called PokéStops) in order to 'catch' little virtual creatures. The game gives the app access to your GPS location, camera, and more. 

Adults, know that there are some risks if you have succumbed to the "gotta catch 'em all" fever, and talk to your children about it.
  • First, download the app only from trustworthy app stores (i.e., Google Play, Apple App & iTunes, etc.); do not download the app from anywhere else. Why? Bad guys have created fraudulent look-alike versions of the app, infected them with malware, and are trying to trick you into downloading the fake apps from untrustworthy websites.
  • Second, anyone using the app—especially kids—should be very careful not to be lured into a real-world trap that could lead to mugging or abduction. Other players can track you in the real world using this app, so be mindful of where you are going, at what time of day/night, and with whom. Stay alert.
  • Third, there are possible privacy issues if you use your Google account to log into the app. Create a separate throw-away account that you use only to log into Pokémon; do not use not your private account or business account.
As always, think before you clickFor more information, see The security risks of Pokémon Go, explained.

Thursday, July 7, 2016

Do you cover your laptop "webcam" lens?

Many people I know use a sliding webcam cover to prevent a hacker from viewing through the computer's camera. Facebook founder Mark Zuckerberg does this, too. Not to mention, he covers his computer's microphone. Covering the mic is new to me, but it makes sense because, just as a camera can be hacked into, so can a microphone.

A while back, while visiting my mom, I applied an adhesive webcam cover to her laptop. If you're a frequent webcam user (i.e., you use Skype or similar video-enabled apps), then you'll want to adhere a sliding webcam cover to surface of your laptop, like the one pictured below. Or, if you do not use your webcam, black electrical tape works fine.

A good friend of mine shared a recent New York Times article with me, where the reporter raises the question: Is this is paranoia or just good practice?

Ask yourself this: If you close your window blinds to ward off burglars, is that paranoia or good practice? Any physical security expert will tell you that it's the smart thing to do, as thieves are less likely to hit the house on the street that they cannot see inside.

If you're a high-value target, like Mark Zuckerberg attending a conference, then you definitely want to cover both the mic and the camera. Home users, you should keep your camera covered when not in use. Obscuring the mic certainly cannot hurt.

You be the judge—here is the article: Mark Zuckerberg Covers His Laptop Camera. You Should Consider It, Too.

NOTE: The mic is not the same thing as the microphone input jack port used to plug in an external microphone. If you aren't sure where your microphone input is on your laptop, consult the manufacturer's manual. If you can't find the manual, just Google the make and model number. It's there.

Saturday, July 2, 2016

The Big Hack: Can this happen to us?

In June, New Yorker Magazine published a gripping tale depicting a coordinated cyber attack against New York City. Reeves Weideman's story is a fictional account based on real-life hacks and attacks that already exist today.

Carrying out this type of attack would require well-corroborated resources and a highly sophisticated plan. But every vector of attack laid out in this story is one that is feasible. It is the coordination and timing of the various cyber attacks that make this story so fantastic.

Can it happen? Sure. Will it happen in our lifetimes? I don't know. But 9/11 happened; that synchronized attack required just five years of planning.

I share this story with you today not to incite fear but to educate. We live in a world where every modern convenience is connected to the Internet, and we each need to understand the security implications of that ubiquity.

Our HOA property manager was on site (for once) the other day, telling me that he knows exactly how to prevent being hacked. "I tell everyone to just shut down their computers," he proudly opined. Sure, if you are unplugged from the Internet permanently, you'll never get hacked.

Good luck with that. This fellow couldn't run his business without Internet connectivity.

It's a naive suggestion because every electronic device you own now and in the future is already connected to the Internet, including the phone in your pocket. Better to educate yourself and be vigilant.

Here is that New Yorker story: The Big Hack: Envisioning the Hack That Could Take Down NYC: The day cars drove themselves into walls and the hospitals froze. A scenario that could happen based on what already has.