A few items for your Friday

Here are a few items for your consideration:

First up, yesterday I alerted iPhone users to the fact that Apple is urging all owners to ‘upgrade’ to the latest version of iOS. Here’s more on why that’s a really good idea:
[ NOTE: “zero-day” is Geekspeak for “an attack for which we currently have no defense”.]

* Three zero-days found in iOS, Apple suggests users update their iPhone

“Pegasus is highly advanced in its use of zero-days, obfuscation, encryption and kernel-level exploitation and the malware has been active for some time..” Read more..

And a couple more..

* Every Android App You Need

“Whether you’ve got a brand-new Galaxy Note 7 or an older Android phone or tablet you just want to spruce up, these are the apps that matter.” Read more..

* The Best Laptops for College

“Need a light, affordable laptop you can carry all over campus? These 10 affordable picks make the grade.” Read more..

And last but certainly NOT least…

* WhatsApp to Share Your Data with Facebook — You have 30 Days to Stop It

“Nothing comes for Free, as “Free” is just a relative term used by companies to develop a strong user base and then use it for their own benefits. The same has been done by the secure messaging app WhatsApp, which has now made it crystal clear that the popular messaging service will begin sharing … ” Read more..

[ NOTE: that “sharing” includes your phone number.. but sheeze, you don’t think FB doesn’t already know your phone number?? ]

*     *     *

Today’s quote: “Your time is limited, so don’t waste it living someone else’s life. Don’t be trapped by dogma – which is living with the results of other people’s thinking. Don’t let the noise of others’ opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition.” ~ Steve Jobs

Copyright 2007-2015 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

---

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

---

All we really have, in the end, are our stories.
Make yours great ones. Ones to be proud of.

August 26, 2016 Posted by techpaul | advice, Android, Apple, cellular, computers, consumer electronics, cyber crime, gadgets, hackers, Internet, iPhone, mobile, News, privacy, security, software, tech | "zero-day", alert, android, Apple, apps, best laptops, Facebook, iOS, iPhone, malware, mobile, News, pegasus, privacy, security, spyware, The 100 Best Android Apps of 2016, trident, vulnerabilities, vulnerable, whatsapp | Leave a comment

Today’s ‘Must Read’

Folks, here’s an article I recommend everybody reads.. even those who are ‘not techies’. (Especially those..)

* How one hacker exposed thousands of insecure desktops that anyone can remotely view

“Imagine being given the keys to the internet. One minute you could be looking at a building’s air conditioning panel, a pharmacist’s inventory, and a Windows programmer’s console, and the next minute it’s a school administrator’s email inbox, and a touch-screen toilet customer satisfaction monitor (which, sadly isn’t a joke).” Read more..

[ read it and find out why the weakest link in the chain is us.. ]

*     *     *

Today’s quote: “Yesterday is not ours to recover, but tomorrow is ours to win or lose.” ~ Lyndon B. Johnson

Copyright 2007-2015 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

---

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

---

All we really have, in the end, are our stories.
Make yours great ones. Ones to be proud of.

March 29, 2016 Posted by techpaul | cloud computing, computers, cyber crime, Cyberwarfare, hackers, Internet, Internet of Things, News, security, tech | computers, hack, hacked, hackers, Internet, network, News, remote desktop, remote viewing, security, tech, vnc, vulnerabilities | Leave a comment

Heads Up for Apple Owners

If you are an Apple person, here is a development you should be aware of.

* Mac OS X is the most vulnerable OS, claims security firm; Debate ensues

“According to a report by security firm GFI, Apple’s Mac OS X is the most vulnerable operating system, with the iOS platform coming in second. A debate over reporting nuances and merits of the report quickly followed.” Read more..

*      *       *

Today’s quote: “Love all, trust a few, do wrong to none.” ~ William Shakespeare

Copyright 2007-2015 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

---

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

---

All we really have, in the end, are our stories.
Make yours great ones. Ones to be proud of.

February 25, 2015 Posted by techpaul | advice, Apple, computers, consumer electronics, cyber crime, Internet, security | Apple, most vulnerable, OS X, security, vulnerabilities | 4 Comments

What’s With All These Updates?!*

Every time I sit at my computer, it says there’s an update available!

I understand. Really I do. It seems like every time you try to get something done on your computer, some little window opens and tells you that there’s an update available. You tell it not to bother you, but the persistent little devil keeps coming back.
But, listen. People. And please hear me. If you learn just one thing from me.. please learn this– those “there is an update available” pop ups are your friends. Learn to welcome them. Stop what you’re doing long enough to click on “Yes”.
I repeat: Just Say Yes.

Tip of the day: Thwart hackers, crackers, and ID thieves and let your software close its holes– let it download the patch. Answer those pop ups with the button-click, “Yes, download the update” and do so the first moment you see it.

It does not matter which IT security expert or professional source you ask, they will all tell you the same thing: a major method hackers use to  attack (networks and computers) is through unpatched holes in common software — like Internet Explorer, or Adobe Reader, or Real Player, or Word, or the operating system itself, or you name it.

The way the software industry protects itself – and us – is to issue “patches” of these holes (called “vulnerabilities”), so that when an Evil Doer launches the string of code that would “exploit” the hole (and give him command access to your machine), it no longer works like his vile buddies in the hacker forum said it would.
Patches are your machine’s best friend. (And so it kinda follows that patches are your identity’s and your privacy’s best friends too. Right?)
If it helps, when you see “update”, mentally substitute the word “patch”.

The main objection to updates I hear is, “I don’t want to have it reboot.” Not all patches (excuse me, “updates”) require a reboot; and most allow you to delay the reboot. But this is important enough that I say, Save your work, answer “Install”, and use the reboot as an excuse to stretch your legs and refill your coffee.

When I explain this “patches stop hacker exploits of vulnerabilities in your code” principle to folks, more than one has come back with the reply/thought, “So… CoolProgram 6.0 isn’t any good, then.” When I ask, why do you say that? They answer that it seems to ask to be patched quite often, while some of their other programs never ask to be updated. “It must have a lot of holes”.

This seemingly logical conclusion (on their part) is not usually the correct one. In fact, more often than not it is the wrong one; though it is true that some programmers make more of an effort than others. Let me explain.
Let us say there really is a little program called “CoolProgram”; and let us say that it is a slideshow widget; and let us say that it has sold about 5,000 copies. And let us also say that it was written in five minutes by a first-year computer programming student, with absolutely no aptitude for programming, as a class project (they received a C+) and let us further imagine that it contains more vulnerabilities (holes) than any other program on the market. With me?
CoolProgram would never be hacked. (And thus, never need an “update”.)

Why? How could that be? If it is so poorly written? Because of the number of sales. It’s much too low to interest a hacker. Also, the odds that “CoolProgram” is installed on a computer somewhere inside CitiBank, Pay Pal, the Pentagon, or on a website’s server, are next to none.
All you have to do is think like a criminal to understand– they want to hit the most targets, in the most places. This increases the odds of hitting paydirt, or makes for a larger botnet [to read my article about botnets, click here].
This is why Windows is hacked more often than Apple — Apple is on only about 5% of the world’s computers — and why IE is hacked more often than Firefox. [note: Today (mid-2010) Firefox is just about a large a target as IE.]

I’ve run longer than I intended, so I’ll wrap up with a recap of how it works:
1) Some criminal with programming skills finds a way to inject altered code into a program which gives him “rights” on a remote machine.
2) He posts his find on a hacker forum, or/and sells it to other hackers.
3) These hackers then start using this code to attack machines.
4) Security experts take note of this new attack and notify the authors of the program being exploited.
5) The programmers of the affected program examine the way the exploit works, and try to rewrite their code to stop it. [PLEASE NOTE: they are “playing catch up” with the hackers.]
6) When they finally find the counter-code, they have to get it onto your machine, so they release a patch, or “update”.
7) A pop up window opens on your machine saying “here’s the fix; please install me”.
All this while the hackers are reaping the rewards and infecting machines.

So don’t delay. Don’t dally. Just Say Yes. Besides.. if you answer “later”, the pop up window will come back again.

Today’s free link: Keeping your programs patched and up-to-date is the most effective method we have of keeping the hackers at bay. The best tool I have found for evaluating your currently installed programs, and helping you get them patched, is a ‘scan’ I have posted here before, but the Software Inspector at Secunia is just too important, too good, and too easy not to mention again.

Orig post: 11/23/07

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved. post to jaanix.

---

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

---

Share this post :

June 30, 2010 Posted by techpaul | advice, computers, Internet scam, PC, security | annoyances, patches, pop ups, techpaul, updates, vulnerabilities | 16 Comments

Quick Time Zero-Day Monday

Ah, there’s nothing like the Monday morning after a long holiday weekend, and this one is bright, brisk and clear. Makes this fella want to stay in bed.
But like you, I’m up-and-at-’em. Re-invigorated, and ready to face the week.

You may have noticed that today’s title is a little strange-looking. But when I break it down, it should make more sense. Those of you who are regular readers of this series already know that I am an advocate of secure computing and that I am always providing tips, advice, and downloads to help you keep away the digital Evil Doers (aka “cyber criminals”). Today’s article follows in that proud tradition.

Regular readers also know that during holidays, I often re-post past articles– which I did, twice, this week. However, I did post one original article which (if you’ll forgive me a little vanity) may be one of the most important of all of the articles I have posted so far. (It is certainly my current soapbox ‘hot topic’.) Please, if you missed it, click here and read it. It is relevant to all computer users and discusses your first line of defense against hackers– software patches.

Now, to explain today’s title: The first two words are Quick Time, which is a media viewer (and format) from Apple which comes packaged with the iTunes software. Quick Time sort of competes with Macromedia’s Flash format, and is used as a way of presenting animations and short ‘films’ on the Internet. You may have been asked to install Quick Time as a browser “plug in”, to view certain material, by a website.

The second two words are “zero day“. Zero-day is a security term used to describe the period [I mentioned in the prior article] between when an exploit has been discovered– and the hackers are using it to attack, and take control of machines — and when a patch has been found and is available to the public. During this period, there is no (ready) defense against the hacker’s attack code.

There is currently an attack underway targeting a vulnerability in Quick Time, and there is as of yet no patch. In other words, a “zero-day attack” is travelling the Internet and people with Quick Time installed have no defense against having their machines turned into spam-launching zombies, or having malware installed.. or whatever else the cyber criminals want to use their machines for.
This “buffer-overflow” attack affects any machine with Quick Time installed, whether it be Apple OS X, or Windows Vista/XP.

Tip of the day: Don’t be vulnerable to this nasty zero-day attack. Since there is no patch (or, “update”) yet, for the time being, you must be particularly vigilant about clicking on links to websites you receive in emails, avoid visiting websites you haven’t been to before (practice “safe browsing”), and make sure your antivirus is up-to-date.

I don’t use Quick Time (nor do I use iTunes), preferring to miss out on that content (if a website uses it) than to have another media player on my machines. And I suggest that you may want to uninstall it if you have it.. particularly if you rarely use it.. as you can always re-install it once Apple releases a patch (at this time, there is no announced “expected release date”). I also recommend uninstalling the browser add-in version (to read how to remove/manage browser plug-ins, click here).
More advanced users should go into their router’s and/or firewall’s settings and block outbound TCP port 554.

As a fella used to say, let’s be careful out there.

[updated: Apple has released a fixed (updated) version of QuickTime that closes this critical flaw. Windows users can either answer “yes” to the autoupdate alert, or click here, and download the updated version, while Mac users will need to find the appropriate OS version download.]

Today’s free link: I have mentioned that I am a gamer and that I like flight simulators. YS Flight Simulation System 2000 is a free simulator that works even on Linux, and is highly adaptable with “mods” and additional planes (comes with 50) and not-too-stringent graphics needs.

Copyright 2007 © Tech Paul. All rights reserved.

Share this post :

November 26, 2007 Posted by techpaul | advice, computers, firewall, how to, networking, PC, security, tech, Windows | "zero-day", Apple Quick Time, patches, Quick Time, updates, vulnerabilities, zero day attacks | Leave a comment

Learn to love the pop up

I understand. Really I do. It seems like every time you try to get something done on your computer, some little window opens and tells you that there’s an update available. You tell it not to bother you, but the persistent little devil keeps coming back.
But, listen. People. And please hear me. If you learn just one thing from me.. please learn this– those “there is an update available” pop ups are your friends. Learn to welcome them. Stop what you’re doing long enough to click on “Yes”.
I repeat: Just Say Yes.

Tip of the day: Thwart hackers, crackers, and ID thieves and let your software close its holes– let it download the patch. Answer those pop ups with the button-click, “Yes, download the update” and do so the first moment you see it.

It does not matter which IT security expert or professional source you ask (and loyal readers will have read this here, also), they will all tell you the same thing: the number one way hackers attack (networks and computers) is through unpatched holes in common software — like IE, or Adobe Reader, or Real Player, or Word, or the operating system itself, or you name it.

The way the software industry protects itself –and us– is to issue “patches” of these holes (called “vulnerabilities”), so that when an Evil Doer launches the string of code that would “exploit” the hole (and give him command access to your machine), it no longer works like his vile buddies in the hacker forum said it would.
Patches are your machine’s best friend. (And so it kinda follows that patches are your identity’s and your privacy’s best friends too. Right?) When you see “update”, mentally substitute the word “patch”.

When I explain this “patches stop hacker exploits of vulnerabilities in your code” principle to folks, more than one has come back with the reply/thought, “So… CoolProgram 6.0 isn’t any good, then.” When I ask, why do you say that? They answer that it seems to ask to be patched quite often, while some of their other programs never ask to be updated. “It must have a lot of holes”.

This seemingly logical conclusion (on their part) is not usually the correct one. In fact, more often than not it is the wrong one; though it is true that some programmers (or more typically, team of programmers) make more of an effort than others. Let me explain.
Let us say there really is a little program called “CoolProgram”; and let us say that it is a slideshow widget; and let us say that it has sold about 50,000 copies. And let us also say that it was written in five minutes by a first-year computer programming student, with absolutely no aptitude for programming, as a class project (he/she received a B-) and let us further imagine that it contains more vulnerabilities (holes) than any other program on the market. With me?
CoolProgram would never be hacked. (And thus, never need an “update”.)

Why? How could that be? If it is so poorly written? Because of the number of sales. It’s much too low to interest a hacker. Also, the odds that “CoolProgram” is installed on a computer somewhere inside CitiBank, Pay Pal, the Pentagon, or on a website’s server, are next to none.
All you have to do is think like a criminal to understand– they want to hit the most targets, in the most places. This increases the odds of hitting paydirt, or makes for a larger botnet [to read my article about botnets, click here].
This is why Windows is hacked more often than Apple — Apple is on only about 5% of the world’s computers — and why IE is hacked more often than Firefox.

I’ve run longer than I intended, so I’ll wrap up with a recap of how it works: 1) Some criminal with programming skills finds a way to inject altered code into a program which gives him “rights” on a remote machine. 2) He posts his find on a hacker forum, or/and sells it to other hackers. 3) These hackers then start using this code to attack machines. 4) Security experts take note of this new attack and notify the authors of the program being exploited. 5) The programmers of the affected program examine the way the exploit works, and try to rewrite their code to stop it. [PLEASE NOTE: they are “playing catch up” with the hackers.] 6) When they finally find the counter-code, they have to get it onto your machine, so they release a patch, or “update”. 7) A pop up window opens on your machine saying “here’s the fix; please install me”.
All this while the hackers are reaping the rewards.

So don’t delay. Don’t dally. Just Say Yes. Besides.. if you answer “later”, the pop up window will come back again.

Today’s free link: Keeping your programs patched and up-to-date is the most effective method we have of keeping the hackers at bay. The best tool I have found for evaluating your currently installed programs, and helping you get them patched, is a ‘scan’ I have posted here before, but the Software Inspector at Secunia is just too important, too good, and too easy not to mention again.

Copyright 2007 © Tech Paul. All rights reserved.

Share this post :

November 23, 2007 Posted by techpaul | advice, computers, PC, privacy, security, tech | annoyances, patches, pop ups, updates, vulnerabilities | Leave a comment

Botnets hurt Rockies and, poison .pdf’s (updated)

You have to feel sorry for the Colorado Rockies, even if you’re not a fan. After a miraculous run of victories swept them into World Series, the Red Sox slammed them 13-1 in Game One (ouch!). To add insult to injury, their online ticket sales website crashed (after only 500 tickets were sold) on Monday, which they believe was the result of a cyber-attack; namely a DoS attack launched from a botnet.
“Our website, and ultimately our fans and our organization, were the victim of an external, malicious attack that shut down the system and kept our fans from being able to purchase their World Series tickets,” Keli McGregor, team president, said Monday in a news release.

Very early in the history of Tech–for EveryoneI wrote two articles which discuss botnets and how your computer could be a zombie without your knowing it — and a couple of steps you can take to prevent a hacker from using your machine to mail out spam, or launch attacks.

The first I titled “Some basic security pointers #1“, which I always think of by its opening sentence, “is your computer a zombie?”. In it I discuss User Account passwords, what makes a good password, and the hidden Windows Administrator account, and provide a link to a tool that tests the effectiveness of your firewall. (Click the links to view the articles.)

The second article was titled “The FBI and Operation: Bot Roast” which opens by asking the question, “is your computer a threat to national security?” In this article I discussed malware, such as rootkits and trojan horses, and how hackers use these to take control of your machine, and use it for their own, nefarious, purposes. I explained what a botnet is, and I provided a link to the pages on my business website where I list several dozen links to the best free antivirus and anti-spyware tools.

Tip of the day: Read these important articles and get educated about hackers and their evil programs, and then download the tools, and take the preventative steps, and thwart these Evil Doers. It is a fact that your machine can be used to interfere with our economic system and way of living.

Tip of the day #2: Do not open any PDFs you receive via email for a while. (Loyal friends and true will note that this is the first time I’ve posted two tips in one day.)
There is currently making the rounds an exploit that uses a trojan horse embedded in a poisoned .pdf attachment to download malware onto your machine. The exploit uses a vulnerability in code found in IE 7 on Windows XP. Microsoft is aware of this, but has yet to release a patch (through Windows Update).
If you aren’t sure what an “exploit” is, I discussed it in an article titled “These folks had a very bad day“, which discusses exploits and vulnerabilities and how this is the Number One hacker technique for gaining control of your machine. In it I demonstrate how to configure your firewall and Update settings, and provide a link to website which will scan your machine for unpatched vulnerabilities and help you get updated and protected.

[update 10/30: From Secure Computing–
Ken Dunham, director of global response for iSight Partners, told SCMagazineUS.com today that one of his source’s honeypots received the infected email once every 10 seconds. This indicates “a fairly heavy spamming taking place,” especially for home users in advance of the weekend, he said.

The shadowy Russian internet service provider, Russian Business Network (RBN), is behind the attacks, which attempt to infect users with two rootkits that seek to steal personal and financial information from compromised PCs, Dunham said.

“You have what looks like a PDF attachment,” he said. “It’s actually exploit code designed to download code from a remote server.”

Adobe patched the bug Monday, so those who upgraded to Adobe Reader 8.1.1 and Acrobat 8.1.1 are safe.”

Today’s free link: By clicking the links to the three articles posted above, and scrolling down to this section of the posts, you will find links to 50+ highly rated free security tools. Please, take advantage of them!

You can help improve this blog by answering a 5-question opinion survey Click Here to take survey

Copyright © 2007 Tech Paul. All rights reserved.

Do you appreciate all the free advice and links to safe and free software I provide six days a weeks–ad free? Do your friends (and me) a favor and let them know about Tech–for Everyone.

Share this post :

October 25, 2007 Posted by techpaul | advice, anti-spyware, antivirus, computers, firewall, how to, IE 7, PC, security, tech, Windows, XP | botnet, Dos attacks, patches, trojan horse, vulnerabilities | 2 Comments