Let me be clear about this. I love KeePass, a free password management tool that gets great reviews, and with good reason. I started using it a few months ago, and I now rely on it more than ever. I’ll be reviewing it soon, but I wanted to get this posted without delay, because you must…

Be Careful Where You Download It

Now for the warning. There are some review articles that reference download sites that, as far as I’m concerned, deliver malware along with the KeePass program. In fact I have in the past referenced one of them as a valid download site. But some time between when I last downloaded from there and now, things changed. They now dump a lot of other things on you when you think you’re getting only KeePass. In fact, both AVG and Malware Bytes identifies a Trojan in the download. I’m not going to identify the bogus download site here, as I don’t want to refer anybody to it.

Here’s the ONLY Place to Download KeePass

The official Website for KeePass Password Safe is KeePass.info. That’s the only place you should go to get it. If you get it from anywhere else, it could come with a surprise inside.

I say again. I love KeePass. The problem is not with KeePass. The problem is with disreputable download sites.

Freeware Best Practices

Generally speaking, you should go only to the official Website to download any product, especially freeware. They’re less likely to pawn off extra stuff on you.

And also generally speaking, only download software that you are sure what it is and what you are getting. “Free software” is frequently a carrot offered to get you to download malware. Used cautiously, it’s a great resource. But it can also jump up and bite you if you’re not careful.

Not a day goes by where I don’t see another warning…

• Brute Force Attack on WordPress Underway. Details >>>
• Breakin at Streaming Media company Vudu Compromises Customer Info. Details >>> 
• Dropbox Used as Conduit Into Your Computer. Details >>>
• Hacker Can Hijack a Plane in Flight using an Android App. Details >>>
• Professional Canon Cameras Breached – Used for Clandestine Surveilance. Details >>>

What? Planes in Flight!? Bad guys can take control of the airplane I’m riding in and change the flight plan?

Yes, they can.

My own camera? They can even turn my own camera against me!?

Yes, they can.

I suppose one could become completely paranoid over this security thing. But I’d rather go overboard in protecting myself than become the proverbial sitting duck.

If you haven’t yet done so, be sure to sign up for our Email Alerts that will bring to your attention the things you need to know about.

We’ve said it many times … it’s important (no CRITICAL) that you not use the same password on all Websites. The reason for that just reared its ugly head yesterday in an email I received from the streaming movie service, VUDU.

Here’s part of that message:

We want to let you know that there was a break-in at the VUDU offices on March 24, 2013, and a number of items were stolen, including hard drives.

Our investigation thus far indicates that these hard drives contained customer information, including names, email addresses, postal addresses, phone numbers, account activity, dates of birth and the last four digits of some credit card numbers.

While the stolen hard drives included VUDU account passwords, those passwords were encrypted. We believe it would be difficult to break the password encryption, but we can’t rule out that possibility given the circumstances of this theft. So we think it’s best to be proactive and ask that you be proactive as well. … If you use your VUDU password on any other sites, we strongly recommend that you change it on those sites as well.

We usually think of sensitive information being garnered from externally hacked systems. Here’s a case where the bad guys brazenly broke into VUDU offices and ripped the hard drives right out of their computers, thereby gaining access to everything on that hard drives.

You can be sure they had just one thing in mind … to pilfer all of VUDU’s customer information they had on file, including usernames and passwords. The common thing to do next is to try to log on to other accounts using the same username and password, including email services, online banking systems, online merchants like Amazon, and everywhere else where they think they might be able to rip you off and profit from your confidential information.

Are you still using the same password for multiple Websites?

You have been warned!

I first heard of this some time ago. I thought this was ancient history, but today I actually got “the phone call.” The caller asks for me by name…

I’m calling from Windows Service Center.

… he says with a strong Indian accent.

We’ve had a report that your computer has serious virus problems.

He proceeds to instruct me to look at my keyboard and navigate my computer. The goal: to have me hand over remote control of my computer to “fix” the problem.

I told him to … Well, never mind what I told him.

THIS IS A SCAM OF THE WORST SORT

No legitimate company will cold call you and offer to “fix” your computer right then and there. NEVER allow someone who you don’t know, through a phone call you did not initiate, to take over control of your computer. It may be hard to imagine that criminals — and that’s exactly what they are — could be so brazen to actually call you up and install nasty malware on you computer, while you sit right there and help them do it. But it’s going on.

Be suspicious always. They ARE out to get you.

I didn’t record my call, but here’s an interesting Youtube description of how the call would proceed, IF YOU WERE TO BE SO GULLIBLE AS TO FALL FOR THIS.

For more information on this particular scam, see these reports:

• from Microsoft
• from Ars Technica
• and there are many more.

Be careful out there in the wild. It’s a scary world.

Got this in my email this morning, supposedly from Facebook … NOT!

Don’t fall for this one. If you have doubts whether a message is legit, hover over a link and check the URL at the bottom of your browser. Don’t click anything that you are not 100% sure is legitimate. Even the unsubscribe link is bogus.

[CLICK IMAGE FOR LARGER VIEW]

I just got this email this morning with the rather serious-looking subject line:

“IRS notification of your tax appeal status”

Then it gets even worse…

Dear Chief Account Officer,

Hereby you are notified that your Income Tax Refund Appeal id#5499970 has been REJECTED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Oh, yes … the “attachment.” The attached file is disguised to look like a web page, but it is actually an attached file. Click on it and … who knows. You can count on malware of some sort.

Be careful out there in a computer world where attacks on your security and privacy are common place. While this email is pretty obviously bogus to anyone who is looking carefully, it is tax season. Hence, this one could get you, if you were seriously concerned about the message.