Tag Archives: security

Twitter users! Change your password, now

I subscribe to an Australian government website called ‘Stay Smart Online’. The site sends me notifications of current security alerts, and this is the latest:

‘As a precaution, Twitter is urging more than 330 million users to change their password after a glitch left log-in details exposed in the company’s internal computer system.

When you set a password for your account, Twitter uses technology that masks it, so no one can see your password.

The company recently identified a bug that stored unmasked passwords in an internal log. Twitter found this error itself, removed the passwords and is now looking at how it can prevent this from happening again.

Twitter has advised it has fixed the bug, and has no reason to believe the passwords left Twitter’s systems or were misused by anyone.’

Despite these assurances, however, you really should change your Twitter password now. More importantly, you should also change your password on any other sites where you used the same password.

I know you’re not supposed to ‘re-use’ passwords, but I’m just as guilty as everyone else because my memory is simply incapable of storing hundreds of passwords. I have special passwords for my banking accounts, or accounts that deal with money, that don’t get shared, but for the main social media accounts that I log in and out of multiple times a day, well….:(

Anyway, I’ve just gone through and changed mine, so I’m a good girl now. 🙂 Are you?

Please don’t ignore these warnings off as you never know when they’ll come back and bite you on the bum.

Meeks


How to uninstall Intel Security Truekey when all else fails

Before I get to the ‘how-to’, a quick explanation: I downloaded the latest version of Adobe Flash, from the Adobe website. I was not shown an opt-out screen for the two applications bundled with Flash – i.e. McAfee and Intel Security Truekey. All three applications were installed on my pc as I watched in fury, unable to stop it from happening.

As soon as the installation finished, I immediately uninstalled McAfee via the Control Panel, but for some reason, Truekey did not show up at all, not as ‘Truekey’ and not as ‘Intel Security Truekey’. Yet there it was on my desktop, cosily installed on my pc.

I went online and found suggestions that did not work. If you are in the same boat here is what you do:

  1. Go online and search for Intel Security True Key support in your home country. In Australia it’s – 1 800 073 267,
  2. Ring, and when you finally get through to a tech, do not give them your email address – it is not necessary,
  3. Do not agree to remote access support. Remote access means that someone, somewhere is given permission to get into your computer to fix it. Never, ever allow remote access because you have no way of knowing whether that access has been permanently closed or not,
  4. DO ask to speak to a supervisor. It may take a few minutes but this is your right, especially if you did not want the application in the first place.
  5. If the supervisor doesn’t offer it, demand a link to their software removal application. You will have to download it and install it on your pc, but you can check it with your own anti-virus application before you run it. The application I was given is called: MCPR.exe.

I had to run MCPR.exe twice as the first attempt was not successful:

After the first, unsuccessful attempt, I was told to restart my pc and then run MCPR.exe again. I did, and finally managed to get rid of Truekey completely, but I wasted a lot of time doing it.

To say that I’m angry is an understatement. Apparently there is an opt-out screen on which you can uncheck both McAfee and Truekey, BUT that opt out screen doesn’t always display. I know, because I found a lot of other angry people who could not opt out either. You’d think a company as large as Adobe could get something like that right, wouldn’t you?

Apparently not. And then, to add insult to injury, my research revealed that I didn’t need Flash in the first place! The only site I use regularly that did use Flash, once upon a time, is Youtube, and it doesn’t use Flash any more. There may be certain games that still require Flash, but the whole industry is moving away from it because of the constant security issues. That in itself should be a red flag.

So, my advice is to stay away from Adobe products like Flash unless you absolutely have to have them. And if you do download one of Adobe’s products, and become the victim of an unwanted application installation, don’t just shrug it away. User apathy is one reason these companies get away with behaviour that is one, small step away from malware.

Right, I feel a bit better now. Time to go make the Offspring’s birthday cake.

cheers,

Meeks

 


Stolen Dropbox passwords are circulating online. Here’s how to check if your account’s compromised — Quartz

If you got an email from Dropbox asking you to reset your password earlier this week, it’s a good idea to do it. Nearly 70 million stolen Dropbox passwords are circulating online, according to Motherboard, which obtained the data. The file-sharing service has confirmed the passwords are linked to a breach that took place in…

via Stolen Dropbox passwords are circulating online. Here’s how to check if your account’s compromised — Quartz

In view of my recent post about Cloud storage, this article from Quartz is super important…whether you use Dropbox or not.


#Cloud storage & #sync.com…….or a positive tech post for a change!

After coping with the security issues of Windows 10, it was such a pleasant surprise to find an ‘app’ that is unabashedly security conscious! And yes, Sync.com, I’m talking about you. But first, a quick word about the problems that sync.com solves: storage, backup and version control.

Normally, when you create a file on your computer, you save it to your computer – i.e. onto the harddrive inside the physical ‘box’. If you’re super organised, you may also save that file to an external harddrive or USB device, as a form of ongoing ‘backup’. Belt-and-braces type people might save that data to a DVD as well, giving them multiple backups in case of disaster.

But all of these various types of storage have one, critical downside – a change made in one copy of the data will NOT be reflected in the other copies. If you have 3 copies of a particular file, you will have to manually update each copy.

There is also another issue that can be a nightmare – version control. Let me give you an example. Every time I work on my WiP [work in progress], I save it to my desktop, and then I copy it to my USB device. The latest version from the desktop always over-writes the version on the USB. Obviously, this is so I always have at least one copy of my work no matter what happens [e.g. the house burns down in a bushfire or some other catastrophe].

But what if I have 2 computers and want to add to my WiP on both?

That is the problem I’ve been struggling with for the last few days: there’s no point having the laptop if I don’t use it for my work, but if I do use it while I’m away from home, how do I keep the versions straight?

My fear is that if I continue with the USB device, sooner or later I am going to get the latest version of the WiP wrong. In a moment of madness or tiredness or distraction, I’ll over-write the wrong copy and then I’ll be up the creek without a paddle. Enter cloud storage.

Like the USB drive or DVD etc., cloud storage saves your files outside your pc, usually in a server on the other side of the world. The file is ‘up-loaded’ to the cloud via your internet connection, and once it’s there, you can access it from any computer device you choose. You can also share that file with others if you wish.

For me, cloud storage means I can work on my WiP at home and have it synced to my laptop so if I go out, I can continue working on the WiP where I left off.

Lovely concept, right?

Unfortunately, the grand-daddy of cloud storage – Dropbox – showed that cloud storage can be hacked, and most reviews I’ve read say their security has not improved much if at all since then. Now, I’m not working on anything ‘naughty’ that I need to hide from anyone, but privacy is very important to me, and I would die if I lost four years worth of work through someone else’s ‘oopsie’. So no Dropbox.:(

I was trawling through the umpteenth review/comparison of cloud storage offerings – there are heaps of them! – when I came across Sync.com. And guess what! The thing that sets sync.com apart from the rest is its security. 🙂 Plus it’s Canadian, so not subject to some of the, um, government sponsored hacking found over the border.

And now for the acid test – does sync.com work?

Yes, yes, it does. 🙂

The two screenshots below show my desktop and the laptop. They’ve been synced via sync.com and the test files I used have shown up on both computers with only a very short delay – approx. 20 seconds or thereabouts.

sync com screenshots

So now I know the system works, and thankfully, getting it to work is really simple too.

How to use Sync.com

  1. First, register for the sync.com free, 5 GB plan: https://www.sync.com/install/
  2. Then download the installer to the first pc. Install Sync to the first pc using the account name you setup in step 1. Part of the setup process is the creation of a folder called ‘Sync’.
  3. Now, download and install the Sync installer to the second pc. Make sure you have a ‘Sync’ folder on the second pc as well.
  4. Drag and drop [or copy/paste] a file into the ‘Sync’ folder on the first pc.
  5. Wait 20? seconds and you will see that the file now appears in the ‘Sync’ folder of the second pc as well.

The Sync presence on your pc is minimal. If you need to do something with the actual app., you can find it inside ‘Show hidden icons’ on your taskbar:

sync taskbar icon

All other work is done on the website itself. Once I’ve worked out how to share files with friends, I’ll detail that in a separate post. For now, I’m really happy with my new way of working.

Last question: was finding and installing Sync as easy or convenient as using the default OneDrive cloud storage app offered by Windows 10?

Simple answer: no. Installing and learning how to use Sync didn’t take me long, but it still required some time and effort on my part, the payoff, however, is more than worth it:

  • I have an excellent cloud storage app.
  • It has excellent security features, and
  • I am in control, not Micro$oft
  • oh…and Sync is free [unless I want heaps more storage]

By contrast, I pay for the ‘convenience’ of Windows 10 by handing Micro$oft my privacy on a plate. No contest.

cheers

Meeks

 


RFID technology – aka Tap and Go, Paypass etc – and preventable fraud

RFID technology allows a chip on your credit/debit card to wirelessly communicate with a payment device at the supermarket, petrol station, McDonalds etc, and make a payment without you having to enter a PIN.

The point of this technology is supposed to be two-fold: on the one hand it’s supposed to fix security problems with cards that rely on a signature – because too many retailers don’t actually check the signature. RFID is also meant to make paying for smallish items more convenient for consumers – just wave the card in the air and hey presto, all done.

cat burglar picBy smallish transactions, we’re talking about items up to $100. The idea here is that if your RFID card is stolen, there will be a limit on how much the thief can get away with. Unfortunately, there is no limit on how many times you [or the thief] can use the RFID card in a day.

So what are the ramifications? Well, let’s say your card is stolen in the morning and it has $500 on it. You realise it is stolen at lunch time when you try to pay for your sandwich. You ring the bank, but between breakfast and lunch, the thief has used your stolen card 5 times for a total of… you guessed it, $500.00.

Now the banks say they have algorithms in place to alert them to unusual transactions, and maybe they do, but it will still be up to you to go through the hassle of proving that you did not make any of those transactions. In the meantime, you’ve lost $500. If that was all you had for food etc for that week then you’re in trouble because your money will not be refunded straight away..

Now to be honest, you will have the same hassles any time your card is stolen, that’s just how modern life goes. But what if you don’t know your card has been stolen, because it’s still sitting right there in your wallet?

This is where things get sticky. The credit card companies say it’s not possible to steal your card information without stealing the actual card. The banks, [who have no say in what tech. goes on credit/debit cards] say the same thing, and people like me who don’t believe the assurances are labeled as wackos, dinosaurs or conspiracy theorists.

But seeing is believing. In this first video you will see  how easy, and cheap, it is to steal card and account information. The truly scary part, however, is how easy it is to then clone that information.

The next video shows one of the presenters of the well-known Mythbusters TV show talking about how a proposed segment on RFID technology was gagged by the legal representatives of all the major players – i.e. Mastercard, Visa, etc.

If these two videos have made you concerned, you can find lots more information out on the net, some for, some against the technology, but one thing is consistent throughout – you can’t opt out of it.

I suspect the manufacturers did not put an opt out function on the RFID card technology because:

1) it would cost more to produce, or

2) they were worried too many people would opt out.

Either way, the banks have no say in the matter. If they want to offer their customers credit card facilities, they have to take what the credit card companies give them, and that is RFID technology..

This means no amount of complaints to the banks will do a speck of good. I know because I spent almost two, very frustrating hours on the phone to the Bendigo Bank yesterday. I was trying to work out what was going on, and why I couldn’t just say no. Then I tried to complain. Then I realised that even the Bendigo Bank didn’t give a shit because there was nothing they could do about it. I was told to get an ordinary cashcard if I was so worried.

Apparently these cashcards are debits cards issued by the banks themselves. They can be used at supermarkets, ATMs and all EFTPOS terminals, but they CANNOT be used for, say, online transactions. So if you buy stuff on Ebay you can’t use your cashcard. The same thing applies to PayPal. 😦

By this point I was grinding my teeth and yelling at the customer service representative. Think small, grey-haired terrier biting at the ankles of a giant. Yup.

But I would not be writing this post if I did not have a solution, of sorts.

Solution 1

Get a cashcard for all normal, local transactions and keep it in your wallet. Take all the money out of the RFID card and keep the card in a safe place at home. When you need to use it for an online transaction, transfer some money into the card via internet banking.

Doable? Yes. Convenient? Hah

Solution 2

Use your MyKi card to disrupt the RFID card. I found this info. on the internet and haven’t had a chance to try it out yet, but apparently whatever is on the MyKi card messes with the RFID on the credit/debit cards. I’ve also read that you can buy a wallet that stops the wireless transmission. Or you can wrap your card in tin foil. Oh wait, maybe it’s your head that’s meant to be wrapped in tin foil.

-cough-

If the MyKi solution works, you won’t have to worry about being scanned, and scammed, while you travel to work on a crowded train/tram/bus, or wait in line at a supermarket or airport. Of course you will still be a bit exposed when you actually take the card out to use it [via swipe or tap] but at least it would be safer.

The Daughter and I intend to order cashcards on Monday because we can’t afford to lose any money, period. We will also trial the MyKi card solution, and I’ll update you on the results.

In the meantime, if you love the convenience of Tap and Go then at least please be cautious enough not to keep too much money on the card at any one time. It’s just not worth the risk.

Meeks


%d bloggers like this: