Public Wi-Fi

Leave a comment

My local police department issued this warning today:

Today’s technology can be extremely useful in our everyday activities, but also dangerous if not done so with caution. Below are some things to remember before you allow you your smart phone, tablet, lap top, or any other device to connect to a publicly shared Wi-Fi network.

  1. Never utilize your online bank or credit card accounts, or shop online when connected to public Wi-Fi.
  2. Be aware that criminals may set up similar network names to a restaurant, café or coffee shop to get you to us their network. When this is done, they can gain access to your personal information.
  3. Make sure your smart phone is not set up to automatically connect to surrounding Wi-Fi networks.

You might ask the difference between public Wi-Fi and the one in your home.  Well, the simple answer is encryption.  Everything you send via a public Wi-Fi signal can be intercepted by someone else on that same network.  Since the transmission is not encrypted that person can read everything you send.  That includes passwords, bank numbers and private emails.

Encryption acts similarly to the locks on the doors in your home.  The locks keep people out unless they have the right key to translate the tumbler in the door.  Similarly, encryption locks your message so that someone without the proper decryption codes cannot understand what you have sent.  No locks mean that anyone can walk into your home;  no encryption means that everyone can read your post. The better the locks, the less likely that undesirable people will come in your home;  the better the encryption, the less undesirable people can read your email.

Do you need help using the Internet?

Leave a comment

coverI have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Think Twice about what You Post

Leave a comment

Today I read a post in Facecrooks (which by the way is a positive site to help you protect yourself, despite the name) about a man whose posts lead to negative consequences.  The post started with:

According to police in Philadelphia, a 19-year-old man was targeted by three robbers after he posted on Facebook and Instagram about an inheritance of jewelry he had just received.

The three robbers kicked down the door of the victim’s home at 2:30 a.m. Saturday morning, making off with a Rolex watch, several gold chains and mobile phones. Thankfully no one in the home was hurt, but the robbers have not yet been caught.

According to the Hickory Record, the robbers were caught and during the questioning, they mentioned they had heard about the inheritance.  Clearly the young man who received the inheritance never intended for strangers to know about his good luck.

This is a case of not having Facebook privacy controls set appropriately.  To check YOUR settings, go to the small arrow at the far end of the blue border at the top of your Facebook page.  Click the arrow and select “Settings” as shown below.

Checking Facebook Settings

Checking Facebook Settings

At that point,select “Privacy” from the left menu.  You will see a screen that begins with “Who can see my Stuff.”  If you have not already set it, this probably says “everyone.”  If so, edit it and and select the “custom” button.  You might want to set that to just your friends, or friends of friends.  Or, you can set it so that only specific people can view what you post.

If you have something valuable, such as the jewelry inheritance, you want the post to be sent only to your friends, and maybe not even all of them.  You can use your lists of people to narrow the group further.  If you have it set as “everyone,” not only can everyone who happens on your page read it, but they can also share it with everyone they know.  With this kind of visibility, it is not surprising that the bad guys got the news.

You need not adjust those settings the same for everyone.  But, for valuables or for photos of children (especially with other information), it is best to limit the range of people who see your post.

Cybersecurity, Sony, and You

Leave a comment

By now, I assume you have heard about the hacking of Sony’s computers last month.   Just to remind you, Sony produced a comedy film about two fellows who were supposed to assassinate Kim Jong-un, called The Interview.   There was significant publicity before the movie was released;  personally I did not find the commercials compelling and had not planned to view the movie.  Then, just before it was to be released suddenly Sony’s computers fell victim to a significant hacking attack.  Financial data, including social security numbers and identities, were released.  Equally embarrassing were the masses of personal emails which highlighted the dysfunctional nature of the film business.  In addition, the hackers “wiped” most of the computers “clean,” meaning the data are lost to Sony.  Estimates of the damage are in the millions, far more than the value of the film.

Early reports blamed North Korean hackers for this attack.  Then reports suggested that the hackers were really not from North Korea, simply “sympathizers” with North Korea.  Then the focus turned to North Korea again.  The Federal Government seems fairly sure that fault lies with the North Koreans.  However, whoever was behind the hack announced they would do no further damage if Sony never released the film.  So, Sony halted release of the movie.  It did later get released amid cries of the inappropriateness of the North Koreans censoring our media.

So, what do we know? Clearly Sony was hacked.  Evidence suggests that the intrusion had been occurring for more than a year, prior to the release of data.  Could it have been the North Koreans given their lack of technology?  We have known since 1998 of the formidable capabilities of the DPRK army’s Unit 121;  at that date, its force was 17,000 hackers (there are probably more now).   Further, North Korean officials had previously expressed concerns about the film to the United Nations, stating that “to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war. [emphasis added]”   Could it have been someone else who sympathizes with them?  Yes.  The Guardians of Peace have made threats against the United States, and they have the capability.

The question though is what is the impact on you?  Well, assuming you are not one of the employees or dependents whose private information or communications were released, this is primarily a wake up call is the impact that hacking can have on us as individuals and us as a society.  First, to us as individuals.  Those people whose financial data were exposed may run into a variety of problems from credit card fraud to identity theft.  Someone, whether it is Sony, the individuals themselves, or others, will need to spend much time and money to ensure that the people are made whole again.  You run the same risk every time you use a credit card (whether on or off the net), or connect to the Internet.

The more interesting question, though, is what happens to us as a society.  Sony will spend a small fortune recreating its data bases, correcting information and repairing relationships with its customers.  Of course, they will need to create a better security system to protect the recreated repositories.  That means that the costs of Sony movies will increase and we will all be forced to pay for it.  Perhaps this experience will frighten all of the studios to invest more money and so that the costs of all movies increase.  Well, today it is just a cost of doing business.

Bigger than that, however, is the threat that if another government (or perhaps another company or group of people) doesn’t like what you produce, they can affect it by hacking into your computers or even threatening to hack into your computers.  What will that do to the freedom of speech and expression in this country?  What will it do to entrepreneurship in this country?  For that matter, what will it do to the governing of this country?

In this case, the cost was primarily financial.  What happens when the hack is against our power grid,  water systems, or hospitals?  The implications of that are far worse.

We all need to be careful about computer security, and we need to think about the tradeoffs with ease of use.  And, all of us need to put pressure on corporations to improve their security systems from the bottom up.

 

 

Cyber Monday is coming

Leave a comment

Tomorrow is Cyber Monday, the online equivalent of Black Friday.  Online vendors offer great deals  — without the crowds, lines and hassles. While I never partake in Black Friday shopping (although I do practice Small Business Saturday shopping), I always try to get some time for Cyber Monday shopping!

Ah, but it is not without its problems.  There are great deals, but those that seem too good to be true often are just that, untrue.  People will pretend to give you bargains, and even pretend to be something they are not just so they can steal your money.  So, you need to be ready for them if you are planning to shop on Cyber Monday.  These are some hints that will help you keep safe.

  1. Only shop with companies you know.  Those little boutiques and great offshore stores may look like they offer great deals, but you may never get anything from them.  They should be avoided unless you are sure they exist because someone else has shopped there or you have some physical evidence that they exist.
  2. Don’t click on a link from an email to get to a website.  The link may look safe, but you do not know that link will direct your browser to where it says it is going.  If you must, copy the email address that it is visible and paste it into your browser manually.  Once you arrive at the page, look at it carefully to be sure it is the intended site and not a fake site made to look like a real site.  It is easy to reproduce logos, colors and the like to make a page resemble a legitimate business page even if it is not.
  3. Only provide your financial information  to websites that are secure.   Anything sent over a regular Internet connection can be captured by people with the correct knowledge and tools.  To avoid hackers having access to information such as your credit card number, you want to send the information over a secure internet connection.  Reputable stores will transfer you to a secure connection before asking for financial information.  You can tell two ways.  First, you should be able to see a locked padlock icon somewhere on your screen (it is different with different browsers, different versions and different kinds of machines).  For example, in Firefox on a PC, the padlock is at the top of the page near the “go back” button.  Also, even if you cannot find the padlock, look at the URL, or address in the locator window at the top of the page.  If it is a secure connection, the address will start with https:// (instead of the normal http://).  The “s” stands for secure.
  4. Try to use just one credit card online.  In today’s world there are lots of examples of hacking both online and at the brick and mortar stores.  It is a good practice to use a credit card online that is not your main credit card.  In that way if you are a victim of fraud, you can cancel the one card and still have another for your regular purchases.
  5. Keep passwords secure.  Most of us think passwords are a hassle.  While they are a hassle and it is hard to remember secure passwords or multiple passwords, they often are the only thing keeping your credit card and other personal information safe.  Keep them secure and keep them “strong” (hard to guess).  For more information on this, I recommend you look at the blog entry on passwords.
  6. ALWAYS use anti-virus software, a firewall and anti-spyware software.    It is amazingly easy to pick up malware on the Internet.  (For more information, check out my blog on malware.)  Having those tools available does not guarantee that you will not have problems anymore than putting locks on your doors will prevent you from being burglarized.  But, we all lock our doors at night.

Enjoy your hassle-free shopping, but be careful.  It is easy to forget there are undesirable people in cyberspace just like there are in most communities.  Avoid them if you can!

Senate Bill 2105: Cybersecurity Act of 2012

Leave a comment

On Valentine’s Day, four Senators introduced Senate Bill 2105, which is also known as the Cybersecurity Act of 2012.  If you would like to read the bill as it was introduced, it is available in full as presented.   If passed, this law would authorize the Federal government to regulate the security of privately owned critical infrastructure, much of which is controlled by Internet-connected systems and susceptible to being hacked.  This includes electrical power grids, telecommunications networks, air traffic control systems, dams, and nuclear power plants.  Said differently, this would allow the Federal government to have security standards, to assess a company’s compliance, and to levy fines if the security is not sufficiently high.

Last week, the Wall Street Journal reported that a group of Senators have weakened the bipartisan legislation.   They responded to business lobbyists who claimed that such regulations would “regulations would create a costly and cumbersome process.”  Rather than requiring the companies to meet these regulations, they should be encouraged to do so.  According to Senator John McCain, “Instead, we must leverage the ingenuity and innovation of the private sector in partnership with the most effective elements of the federal government to address this emerging threat.”

I am perplexed as to why Senator McCain, who has a strong record on National Security, would take this stand …. unless he does not really understand the real and present threat of such an attack.  Consider the number of companies in the last few months that have reported a security breach.  Sometimes the breach provides thieves with passwords, which can be problematic enough, but sometimes instead it is social security numbers, bank accounts and more personal information.  The people whose identities are stolen have a never ending hassle to fix the problem.  Many companies do not take security as seriously as they should.  Even when security is a priority, the companies have a significant task keeping a step ahead of the hackers.

Now, take that up to a regional or national level.  Suppose the U.S. had no access to electricity or telecommunications equipment.  Suppose this is not for a couple of hours as you might get in a thunderstorm, but rather for an extended period of time.   What would that do to the company’s productivity?  What if it happened during peak holiday shopping and no one could buy gifts or food?  What if it happened on election day and half the people were not able to vote?  What if …. there are many horrible examples.

We have already proven this can happen.  Well, it is unclear whether “we” proved it or someone else proved it by the introduction of the Stuxnet virus into Iran’s nuclear reactor.  Not only did it stop operations, but it did it in a way to damage the plant and roll back their development.  Other similar viruses, aimed at the “Internet of Things” (such as a power plant) have also been identified.

People release viruses all the time — sometimes without even knowing the impact of what they have done.   Why do we believe it won’t happen here?  Personally I think it is because people just do not understand technology and what security breaches can do.   They understand bombs or people shooting guns and know how to respond.  But electrons?  It is easy to listen to those claiming to be experts and follow their advice.

I hope we get the legislation.  I hope that it is flexible enough to be able to adapt to the rapid changes in technology.  I hope we can find a way to protect ourselves before it is too late.  If you agree, please share your concern with your Senators and Representatives.

 

A postnote:  Even weakened, the bill failed.  Too many people thought telling infrastructure companies that they need to be secure was a problem.  Sigh.

Malware — DNS Change

1 Comment

You may have heard the reports that something called DNSChanger is expected to hit on July 9, but not known what it was or what to do.

First, what is a “DNS” and why do you care if it gets changed?  First, DNS stands for Domain Name System and it is the directory system that allows computers to locate one another.  Your computer has no understanding of a web address such as  https://internetuseforseniors.wordpress.com.  So, after you type that into your web browser, the computer goes to the DNS and asks for the URL to be translated into something it understands.  That something is called an IP address.  Like your home address, an IP address is made up on multiple parts.  Your home address has a street number, a street, a city, state, country (perhaps) and some code, such as a zipcode.  Similarly, the IP address has a series of components that identify a specific computer uniquely.  These addresses are of the form 134.124.25.18, where the first number indicates your domain and the last number identifies a specific computer in the domain;  the intermediary numbers are further demarcations of the location.

Without a DNS server, we would all need to type in the specific IP address.  Clearly that is not practical. So, if the malware has infected your computer, then on Monday you will no longer be able to type in a URL and have your computer understand how to direct the browser.

How did that malware get put on people’s machines?  Like most malware, it infected people’s machines when they clicked on some advertising link that downloaded software to computers without the user knowing about it.  Since the software was not causing any problems, people do not know that it is on their machine — until July 9.  (Of course, with regular malware checks, this would probably have been detected.)

To avoid a problem, check your system now.  Some services, such as Comcast, has notified the users whose machines seem to be infected.  Similarly, Google and Facebook may be posting a warning if they detect your computer is infected.  To check, go to http://www.dcwg.org and follow the directions for checking and repairing your machine if necessary.  Do it today so you don’t have a problem on Monday!

Older Entries