Tools Toys and Technology

About the Tools You Use and the Toys That Make Life Interesting

Tools Toys and Technology - About the Tools You Use and the Toys That Make Life Interesting

Watch Out for Emails with These Subject Lines

Email “phishing” scams are down in number but apparently up in effectiveness, according to this article.

Phishing emails, posing as a message from a reputable company or organization, attempt to lure you to click through to a legitimate looking Website. Once on the site, you may be asked to complete a form requesting personal and financial information. In addition, serious malware may be downloaded to your computer by the mere act of going to the malicious Website. Just the act of clicking on the link in the email may set you up for all kinds of troubles.

It’s a little bit long, but if you’re concerned about your privacy and security, this article is worth a read.

More >>>

Serious Malware Alert – Ransomware Locks Your Files

CryptoLocker … SERIOUS BAD NEWS!

One of the nastiest pieces of malware in a long time is striking computers all over the world. You could be next.

CryptoLocker belongs to a family of malware known as “ransomware.” But unlike other forms of ransomware, which lock up your computer and prevent you from using it until you pay the criminal’s ransom demand, CryptoLocker leaves your computer functional. Instead in locks up all your files with military-grade encryption. The only way you can recover you files is to pay the ransom (reportedly $300.00) within 72 hours. If you don’t pay within that time period, the encryption key is destroyed and your files are gone for good.

CryptoLocker locks up everything: your word processor files, spreadsheets, financial records, music files, all your treasured pictures. Everything … it’s all gone, lost forever, unless you pay up.

This one is really scary. No computer repairman is going to be able to solve this for you. An antivirus program should be able to remove CryptoLocker from your computer, but it cannot recover your files. Once your files are encrypted, you have no recourse but to pay off the cyber criminals and then HOPE they respond to release your files. At least one victim reports that once the ransom was paid, the files did begin to decrypt.

How You Get Infected

The only good news, if you can call it that, is that the malware is delivered in kind of an old-fashioned way, as an attachment to email. The attachment usually looks like a common zip file or pdf document. If you click the attachment, an executable file is launched, and you are toast!

In my computer security class I preach, “Never open an email attachment unless you have personal knowledge of what is being sent.” YOU HAVE BEEN WARNED.

 How to Protect Yourself

The only way to recover your valuable files if you become infected with CryptoLocker (other than by paying the ransom) is to have a current backup. First you must remove the CryptoLocker malware with a good anti-virus program; then restore your files from a recent backup. Your backup must be a stand-alone snapshot of your entire computer system. Backup systems that constantly make synchronized copies of your files won’t work, because the synchronized backup will have overwritten your good files with the encrypted ones before you know you have a problem. Also, to prevent access to your backup files by CryptoLocker, backup drives should be disconnected form your computer and your network when not in use.

————–

For more information on CryptoLocker, see the online article: Nasty new malware locks your files forever, unless you pay ransom.

20 Most Common (HORRIBLE) Passwords

Last month (October, 2013), the “bad guys” hacked into Adobe and gained access to millions of accounts, compromising customer information including credit card details (numbers and expiration dates), usernames and passwords.

With the passwords revealed, we now know the most common passwords used by Adobe customers, and it verifies that the average computer user is still totally naive (nice word for STUPID) when it comes to protecting their account access.

Here they are…

Adobe’s 20 Most Common Passwords: SO SAD

  1. 123456
  2. 123456789
  3. password
  4. adobe123
  5. 12345678
  6. qwerty
  7. 1234567
  8. 111111
  9. photoshop
  10. 123123
  11. 1234567890
  12. 000000
  13. abc123
  14. 1234
  15. adobe1
  16. macromedia
  17. azerty
  18. iloveyou
  19. aaaaaa
  20. 654321

Homeland Security Employee Database Breached

Okay. Is it just me, or is this the ultimate in irony?

The Department of Homeland Security has notified employees and others with DHS clearance that their sensitive information may have been compromised due to a vulnerability in the database software. Potentially affected parties were just notified that their names, social security numbers, birth dates and other sensitive information has been exposed for almost 4 years. The potential impact is widespread, affecting current and past employees, contractors and applicants.

The Department of Homeland Security! Why do I feel a little less safe right now?

KeePass – Great Product – Some NASTY Download Sites

Let me be clear about this. I love KeePass, a free password management tool that gets great reviews, and with good reason. I started using it a few months ago, and I now rely on it more than ever. I’ll be reviewing it soon, but I wanted to get this posted without delay, because you must…

Be Careful Where You Download It

Now for the warning. There are some review articles that reference download sites that, as far as I’m concerned, deliver malware along with the KeePass program. In fact I have in the past referenced one of them as a valid download site. But some time between when I last downloaded from there and now, things changed. They now dump a lot of other things on you when you think you’re getting only KeePass. In fact, both AVG and Malware Bytes identifies a Trojan in the download. I’m not going to identify the bogus download site here, as I don’t want to refer anybody to it.

Here’s the ONLY Place to Download KeePass

The official Website for KeePass Password Safe is KeePass.info. That’s the only place you should go to get it. If you get it from anywhere else, it could come with a surprise inside.

I say again. I love KeePass. The problem is not with KeePass. The problem is with disreputable download sites.

Freeware Best Practices

Generally speaking, you should go only to the official Website to download any product, especially freeware. They’re less likely to pawn off extra stuff on you.

And also generally speaking, only download software that you are sure what it is and what you are getting. “Free software” is frequently a carrot offered to get you to download malware. Used cautiously, it’s a great resource. But it can also jump up and bite you if you’re not careful.

Security Breaches On the Rise

Not a day goes by where I don’t see another warning…

  • Brute Force Attack on WordPress Underway. Details >>>
  • Breakin at Streaming Media company Vudu Compromises Customer Info. Details >>> 
  • Dropbox Used as Conduit Into Your Computer. Details >>>
  • Hacker Can Hijack a Plane in Flight using an Android App. Details >>>
  • Professional Canon Cameras Breached – Used for Clandestine Surveilance. Details >>>

What? Planes in Flight!? Bad guys can take control of the airplane I’m riding in and change the flight plan?

Yes, they can.

My own camera? They can even turn my own camera against me!?

Yes, they can.

I suppose one could become completely paranoid over this security thing. But I’d rather go overboard in protecting myself than become the proverbial sitting duck.

If you haven’t yet done so, be sure to sign up for our Email Alerts that will bring to your attention the things you need to know about.

 

Breakin at VUDU Exposes Private Customer Information

We’ve said it many times … it’s important (no CRITICAL) that you not use the same password on all Websites. The reason for that just reared its ugly head yesterday in an email I received from the streaming movie service, VUDU.

Here’s part of that message:

We want to let you know that there was a break-in at the VUDU offices on March 24, 2013, and a number of items were stolen, including hard drives.

Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers.

While the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. So we think it’s best to be proactive and ask that you be proactive as well. … If you use your VUDU password on any other sites, we strongly recommend that you change it on those sites as well.

We usually think of sensitive information being garnered from externally hacked systems. Here’s a case where the bad guys brazenly broke into VUDU offices and ripped the hard drives right out of their computers, thereby gaining access to everything on that hard drives.

You can be sure they had just one thing in mind … to pilfer all of VUDU’s customer information they had on file, including usernames and passwords. The common thing to do next is to try to log on to other accounts using the same username and password, including email services, online banking systems, online merchants like Amazon, and everywhere else where they think they might be able to rip you off and profit from your confidential information.

Are you still using the same password for multiple Websites?

You have been warned!

 

Phone Phishing … Your Computer Has a Virus

I first heard of this some time ago. I thought this was ancient history, but today I actually got “the phone call.” The caller asks for me by name…

I’m calling from Windows Service Center.

… he says with a strong Indian accent.

We’ve had a report that your computer has serious virus problems.

He proceeds to instruct me to look at my keyboard and navigate my computer. The goal: to have me hand over remote control of my computer to “fix” the problem.

I told him to … Well, never mind what I told him.

THIS IS A SCAM OF THE WORST SORT

No legitimate company will cold call you and offer to “fix” your computer right then and there. NEVER allow someone who you don’t know, through a phone call you did not initiate, to take over control of your computer. It may be hard to imagine that criminals — and that’s exactly what they are — could be so brazen to actually call you up and install nasty malware on you computer, while you sit right there and help them do it. But it’s going on.

Be suspicious always. They ARE out to get you.

I didn’t record my call, but here’s an interesting Youtube description of how the call would proceed, IF YOU WERE TO BE SO GULLIBLE AS TO FALL FOR THIS.

For more information on this particular scam, see these reports:

Be careful out there in the wild. It’s a scary world.

Fake Facebook Message – Phishing Attempt

Got this in my email this morning, supposedly from Facebook … NOT!

Don’t fall for this one. If you have doubts whether a message is legit, hover over a link and check the URL at the bottom of your browser. Don’t click anything that you are not 100% sure is legitimate. Even the unsubscribe link is bogus.

[CLICK IMAGE FOR LARGER VIEW]

Bogus IRS email

I just got this email this morning with the rather serious-looking subject line:

“IRS notification of your tax appeal status”

Then it gets even worse…

Dear Chief Account Officer,

Hereby you are notified that your Income Tax Refund Appeal id#5499970 has been REJECTED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Oh, yes … the “attachment.” The attached file is disguised to look like a web page, but it is actually an attached file. Click on it and … who knows. You can count on malware of some sort.

Be careful out there in a computer world where attacks on your security and privacy are common place. While this email is pretty obviously bogus to anyone who is looking carefully, it is tax season. Hence, this one could get you, if you were seriously concerned about the message.