Wednesday, December 28, 2016

Update your Netgear wireless router or be hacked

A couple of weeks ago, Netgear announced that there is a major security vulnerability in several router models that allows anyone within range of your wireless network to log in as administrator without credentials. So many things can go wrong if this happens to you. Even the US-CERT recommends that you don't use the router until you've updated it.

Check your home wireless router. Popular brands include Linksys, Asus, D-Link and Netgear, among others. If your manufacturer is Netgear, check which version you have and update your router with newer firmware asap.

The page listing the models and the steps to update the firmware is here: http://kb.netgear.com/000036386/CVE-2016-582384.

Even if you don't have a Netgear router, it is always a good idea to log in to your router occasionally to see if it needs a firmware update. Or set a Google alert that queries the manufacturer's name and model. Add the word "firmware" to your query and configure it to deliver a notification to you whenever there is new information available on the Internet.

For more information, see the Forbes article here: http://www.forbes.com/sites/leemathews/2016/12/12/these-netgear-routers-are-scarily-easy-to-hijack/#1f89ad0d9537.

Saturday, December 17, 2016

Advice if you use Yahoo: Don't.

By now the world knows about the one billion Yahoo accounts breached over the past three years. The best advice I've seen from the experts this week is "get rid of your Yahoo account." Likewise, if you have an account with Yahoo partner AT&T, consider cancelling that as well.

Tips for moving away from Yahoo:

  1. Back up your Yahoo data like old emails, contacts, calendar entries and photos. This includes Flickr photos. See instructions at: https://help.yahoo.com/kb/download-save-info-lose-good-sln15129.html
  2. Delete your Yahoo folders.
  3. Navigate to the Delete Your Account page at https://login.yahoo.com/?.done=https%3a%2f%2fedit.yahoo.com%2fconfig%2fdelete_user%3f.scrumb%3d0, and terminate your Yahoo account (see screen shot below). This can take up to 90 days to process. 

Terminating your Yahoo! account


After successfully terminating your Yahoo account:

  1. If you have ever used your Yahoo password for other sites–which is always a bad idea–change the password and security questions for those accounts. For sites holding really sensitive data (banking, insurance, taxes, medical, etc.), consider modifying your user name as well by appending or prepending it with a few characters, numbers or symbols (where allowed). 
  2. If you have mobile phone number associated with your Yahoo account, and you still subscribe to that number, then you may be more prone to SMS phishing (a.k.a. smishing). Be on the alert for smishes and don't click links in text messages.
  3. Open a Gmail account.

Sunday, December 11, 2016

Don't get hacked this holiday season!

The holiday season is here. This is the time of year when scam artists are operating at full-tilt. Half of shoppers are buying gifts online this year. I've blogged about this in the past. This post is simply a reminder to be on your toes and to not share information about yourself with anyone who calls or emails you.

For tips in preventing identity theft and online scams, see the StaySafeOnline.org article Hackers Love the Holidays Too: How to Protect Yourself from Information and Identity Theft, summarized here.

  • Avoid making purchases when using public Wi-fi.
  • Never clicks links in unexpected, unusual or out-of-character emails - navigate to the web site directly from your browser. Just because an email looks like it is from someone you know doesn't mean it is legitimate.
  • Never download or open attachments sent to you in email.
  • Use anti-virus software and activate the firewall on your operating system.
  • Delete unused accounts on web e-commerce and other sites where possible.

Remember: Stop. Think. Do not click.