Do you need help using the Internet?

Leave a comment

coverI have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Advertisements

Be Careful When Posting your Location on Facebook

Leave a comment

We have all seen the posts of people who need to share their current location.  They talk about the trip to Europe they will enjoy for the next two weeks,  the concert they are attending, or the restaurant where they will eat tonight.  They are sharing information with their friends.  Of course, we have talked before about controlling your security levels so you really only share with friends.  But, I suspect most people do not think of it a great deal.  So, I want to share a story.

There is a young woman in Chicago who works for Groupon, teaches rowing at one of the city’s finest Catholic high schools, and coaches a rowing team.  A few years ago she started an organization called Recovery on Water (ROW) for survivors of breast cancer.  Her mission is to provide them an opportunity to exercise because research suggests that regular exercise drops the likelihood of another tumor by half.  It seems like a good cause with a regular membership that exercises together and supports one another in their challenge.

This summer the founder decided she would row the perimeter of Lake Michigan to raise money for her cause in an effort she called Row4ROW.   As I understand it, she planned to row the entire perimeter alone and sleep on her boat.  Along the way she shared information about her cause and, of course, blogged about her experience, including her location.  All went well until last week when she was sexually assaulted while she slept on her boat (you can read the Sun Times story).   On July 12, her blog (written by a friend) read:

Jenn was set to row to Beaver Island on Sunday morning but was attacked and sexually assaulted by a man in the early morning hours. The attack occurred in an area south of Gulliver along Lake Michigan in Mueller Township, Schoolcraft County, Mich. Investigators have reason to believe the assailant traveled a significant distance to commit the assault.

The bold print on the last sentence is mine.  It appears from reading her blog that they have not yet caught the assailant.    However, it is interesting to note that they believe that he knew where to find this young woman simply by following her blog.  It is anyone’s guess how he knew to find her blog — it might have been random, or he knew of the effort, or someone posted it on Facebook (frankly, that is how I learned about Row4ROW).  But the point is that the young woman, traveling alone, sleeping on the water simply broadcast her location to the world.  And, she has paid for that mistake.

Many people suffer home burglaries or other crimes because someone knows they are not home because of broadcasts on social networking sites.  Even if all you do is to post a photo from your phone, a technologically sophisticated person can check the photo for information about your location (and, depending on your phone, might know exactly where you were and when you were there).

The young woman is now taking better precautions.  For a couple of days she rode a bike (with others)  until she could find safe locations for sleeping.  She is now back on the water finishing her adventure and raising more money and more awareness of her cause.  And, raising more awareness of the problems of social networking sites.

I do not know this woman, and I do not know anyone participating in the program.  However, I was moved enough by her determination to continue that I did contribute.  If you are so motivated, you can make a donation online.

 

Malware — DNS Change

1 Comment

You may have heard the reports that something called DNSChanger is expected to hit on July 9, but not known what it was or what to do.

First, what is a “DNS” and why do you care if it gets changed?  First, DNS stands for Domain Name System and it is the directory system that allows computers to locate one another.  Your computer has no understanding of a web address such as  https://internetuseforseniors.wordpress.com.  So, after you type that into your web browser, the computer goes to the DNS and asks for the URL to be translated into something it understands.  That something is called an IP address.  Like your home address, an IP address is made up on multiple parts.  Your home address has a street number, a street, a city, state, country (perhaps) and some code, such as a zipcode.  Similarly, the IP address has a series of components that identify a specific computer uniquely.  These addresses are of the form 134.124.25.18, where the first number indicates your domain and the last number identifies a specific computer in the domain;  the intermediary numbers are further demarcations of the location.

Without a DNS server, we would all need to type in the specific IP address.  Clearly that is not practical. So, if the malware has infected your computer, then on Monday you will no longer be able to type in a URL and have your computer understand how to direct the browser.

How did that malware get put on people’s machines?  Like most malware, it infected people’s machines when they clicked on some advertising link that downloaded software to computers without the user knowing about it.  Since the software was not causing any problems, people do not know that it is on their machine — until July 9.  (Of course, with regular malware checks, this would probably have been detected.)

To avoid a problem, check your system now.  Some services, such as Comcast, has notified the users whose machines seem to be infected.  Similarly, Google and Facebook may be posting a warning if they detect your computer is infected.  To check, go to http://www.dcwg.org and follow the directions for checking and repairing your machine if necessary.  Do it today so you don’t have a problem on Monday!

What are Flame and Stux-net and why should I care?

1 Comment

There has been much discussion in the popular press of late about something called Flame and something called Stux-net, especially with regard to national security. However, many people do not understand what they are and why they are so troubling. Basically both of these are “computer worms” which, like viruses, attempt to perform malicious acts to your computer. The difference between a “worm” and a “virus” really has to do with how they are propagated. Computer viruses are a type of malware that generally deletes or changes files. They must be permitted to execute code and write to memory, and so generally attach themselves to some program; when the user runs the program, he or she also runs the virus (unintentionally). A worm, on the other hand, can self-replicate and move through a network (like the Internet). Generally worms are designed not only to spread, but also to make specific changes to the computer, including taking control of all or part of the computer. The key to understand is that the worm can cause damage to the system.

First, let’s talk about Stux-net. You may have heard about this one in 2010 when it was reported that there had been a cyberattack on Iranian uranium-enrichment centrifuges. This worm had been introduced into the Iranian nuclear processing facility (people in the know think it was introduced on a thumb drive), and it took control of the control system. A control system manages and regulates the machinery under its control, so that humans (often quite far away) can read sensors and information about they system and make adjustments. In this case, facility being monitored was Iran’s nuclear processing facility. The control system sent messages to uranium-enriching centrifuges to spin at speeds well beyond their tolerances. Obviously then the centrifuges were damaged.

You might ask how the worm could have caused that problem. Well, the programmers of the worm found vulnerabilities in the computer programs that run the control system. It is the same process of programmers exploiting bad programming the operating system so our computers can get viruses.

The worm caused so much damage to the facility that it has set back the nuclear program in Iran. At the time, there was discussion at the time that it might have originated in the United States and Israel, but there was no evidence to back up that claim.

It is beyond the scope of this blog to discuss who was behind it and their motives. However, it is important to note that malware can get into a physical facility, such as power plants, water treatment facilities and other public utilities. These are things we have taken for granted as protected and safe. However, The Washington Post, reported that:

A recent examination of major control systems by six hacker-researchers working with the security firm Digital Bond found that six of seven devices in the study were riddled with hardware and software flaws. Some included back doors that enabled the hackers to download passwords or sidestep security completely.

In fact, according to The Washington Post,

Uncounted numbers of industrial control computers, the systems that automate such things as water plants and power grids, were linked in, and in some cases they were wide open to exploitation by even moderately talented hackers.

Further, they note,

A researcher at Cambridge University, Eireann Leverett, used Shodan to identify more than 10,000 control computers linked to the Internet, many of them with known vulnerabilities. Leverett concluded that many operators had no idea how exposed they were — or even realized that their machines were online.

Last week the press identified a new worm deployed in Iran called Flame. This seems to be primarily surveillance malware that allows someone to turn on microphones, look at data, track what people are doing on a computer, and perhaps even listen to nearby cell phone conversations. This worm was deployed to the Iranian oil industry and was attaching itself to control systems for the rigs and other equipment. It was detected and the Iranian government has unplugged those facilities from accessing the Internet. It has also created its own task force to combat these attacks and claims it intends to build its own Internet. This same worm has been found in the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

While the worms seem different, experts are not sure. They both move in the same fashion. In addition, computer experts say that the style of programming is similar between the two. Yes, it is true that there are styles of programming just as there are styles of writing. An expert can tell the reasons Emily Dickenson works are not confused with those of James Joyce. A computer expert can tell similarities in programming by how things are named, how they flow, and how different parts of the programs are hooked together. Worse yet, these experts claim to have found code that was apparently taken directly from Stux-net and put in Flame. All of those suggest similar authors.

What is the take-away for us? All of this mischief has put a spotlight on the fact that we, as a society, depend on computers for much beyond the business and pleasure applications we generally discuss. Everything from the car you drive to the utilities use computers to control them. And, where there are computers, there are people contemplating ways of breaking them. Most of these controllers were not visible to the average user, so they did not get attention from hackers. However, that also meant that their manufacturers often got lazy in building in the security to protect them. Now that they have the attention of the hackers, companies are scrambling to protect their controllers. Otherwise, we may be in for some rough times ahead at malicious or inadvertent attacks on our infrastrucutre.

Facebook Privacy

1 Comment

If you use Facebook regularly, you probably have seen the following in the last couple of days:

PRIVACY NOTICE: Warning – any person and/or institution and/or Agent and/or Agency of any governmental structure including but not limited to the United States Federal Government also using or monitoring/using this website or any of its associated websites, you do NOT have my permission to utilize any of my profile information nor any of the content contained herein including, but not limited to my photos, and/or the comments made about my photos or any other “picture” art posted on my profile.

You are hereby notified that you are strictly prohibited from disclosing, copying, distributing, disseminating, or taking any other action against me with regard to this profile and the contents herein. The foregoing prohibitions also apply to your employee , agent , student or any personnel under your direction or control.

The contents of this profile are private and legally privileged and confidential information, and the violation of my personal privacy is punishable by law. UCC 1-103 1-308 ALL RIGHTS RESERVED WITHOUT PREJUDICE

Ignore it, it is one of many hoaxes that appear on Facebook.   As I understand it, the law cited has to do with commercial law, and does not address anything about privacy in Facebook or otherwise.

BUT, the hoax does remind us of an important topic, Facebook Privacy.  Your privacy in Facebook is controlled by you through your privacy settings.   To find your privacy settings, look for the small arrow on the top right hand portion of your Facebook page, circled in the image below.   If you click on it you should get a listing of pages you own and some options.

 

From this menu, select “Privacy Settings,”  and you will get a menu of your various Facebook settings like:

 

These are the items that you can control.  Clicking on the blue “Edit Settings” will allow you to control the items in those categories.  So, if you select “edit settings” in “How you connect” you see a menu such as the one below:

 

 

This literally shows who can see you and request friendship or send messages.  In my case, I have left these settings open.  I have provided no telephone numbers, so there is nothing to see.  If I provided phone numbers, though, I would make sure only “Friends” could see the numbers.  By leaving open the email address, this allows people to find me by searching on the email.

I do know people who have limited who can send friend requests to only friends of friends.  It does limit the number of times you get friend requests, but it does limit your network to people in certain categories of your life.  If that is what you want, then button it down.

The second category is what people can post in the profiles or how Facebook controls tagging.

As you can see from the drop down box, in each case you can show the information to everyone (who has a Facebook account), to Friends of Friends, or just Friends.  In addition, you can limit it to people on certain lists, or even specify the friends using custom.  For example, I have limited who can post to or see my wall to Friends.  Although little of what I post on Facebook is too personal, I do not want everyone in the world being able to read it.   Limiting it to my friends does give me some control.

Now, what if you want to limit a specific post or photo?  Facebook does give you the ability to do that individually through the inline audience selector.  When you are posting, there is a blue menu at the bottom of the post as shown below.

 

Using the small arrow, you can select who can see the post to limit it to only some people, all your friends or everyone.  This gives you individual control.

A WORD OF WARNING:  While it is important to control your privacy settings so that unintended people do not get control of your personal information, you need to remember that once something is posted, you lose control of that information.  People who can see your post can easily re-post it or save it and post it somewhere else.  This is not a case of “What happens in Vegas stays in Vegas.”  Rather, it is a case of “it is on the Internet FOREVER.”  Before you post, think carefully about how much of a problem you might have if the information ended up with your boss or co-workers, a potential boss, members of your family or whatever.  It might not be a problem today, but if it stays there forever, you might find it to be a problem later.

To WiFi or Not to WiFi ….

Leave a comment

We have all entered our favorite Starbucks,  Panera, hotel or other public place and connected via the free WiFi network.  It is convenient, easy and free.  Why wouldn’t you connect?  There is always a risk with a public WiFi node that people can read your messages and track your searches.  Yes they can … there is technology that allows them to do it on a non-protected (read that free) network.  But, there is an additional concern this summer.  According to Private:  Your Online Privacy Source,

This month, the FBI’s Internet Crime Complaint Center issued a stark warning to travelers:  If you use hotel Wifi hotspots abroad, you could get burned.  The alert says cybercriminals are targeting travelers abroad using pop-up windows that appear while they are trying to connect to the Internet through hotel Wifi.  The pop-ups tell hotel guests that they need to update a widely used software product.  But when they click to install it, what they get instead is malware on their laptops.

So, what can you do? If we follow our normal security procedures, download all software updates before you travel, only download updates directly form a vendor (and never click on a link in an email to do it), you are better prepared. You should also block popups because that is how the criminals advertise the software they want you to download.

In addition, if you use free WiFi spots, it would be good to use a Virtual Private Network (Private VPN).  The VPN encrypts all of your data thereby making  it useless to the criminal who might intercept it.  Without the VPN, your data is sent without any protection and someone with the right tools and abilities could intercept it and then use it for whatever purpose.  The Private article recommends using PRIVATE WiFi™.

Don’t ruin your vacation because you neglected security!

Flashback Trojan

Leave a comment

I’m sorry I have been gone for a while, but,  I got caught up in conferences and final projects/exams, and I lost control of my schedule.

Something important happened while I was gone, though, the Flashback Trojan!  We have discussed trojans before.   They are similar to viruses in that they disrupt the operation of a computer or make your computer vulnerable to data theft or keystroke logging,  or other things.    They are different from viruses in that they cannot infect another computer.   What makes this particular trojan interesting is not its structure or action, but rather that it was directed to a Macintosh.  My friends and colleagues who use Macintosh computers have smugly reminded me for years that they do not run virus protection software on their computers because they do not need it;  Macs don’t get malware.   Yet on April 5, it was reported that over 600,000 Macs were infected with this trojan.  This malware was initially found in September 2011 masquerading as a fake Adobe Flash Player plug-in installer, but it has also exploited Java vulnerabilities to infect Macs.

Do you wonder if you have it?  Check the security company F-Secure, which has published instructions on how to determine whether a Mac is infected with Flashback.  If your computer is infected with the trojan, you can learn how to remove it from CNet.

This is not the first malware product lately to infect the Mac, but it was the most widespread. The question you may be asking right now is WHY????  As I said, most Mac users do not bother with malware protection because to this date they have not needed it.  Yes, it is true that the Mac operating system has fewer holes in it to exploit when compared with Windows.  Yet, I believe there is more to the story.  Historically there have been many more Windows-machines than Macs, and they tended to be more pervasive in industry.  If your goal was to cause significant disruption or to steal data and identities, you would get a bigger bang associated with Windows machines than Macs.   I believe that is exactly what malware writers have been doing.  However, the Mac isn’t just for schools and artists anymore, it is being used in more businesses and by more people.   It stands to reason that more malware will be written for these machines, especially since there are less people protecting the Macs and few companies that are actively involved in research into the attacks.

So, what does it mean for you?   I would recommend that you purchase anti-virus software and use it.  That is, you not only need to install the software, but you must update the virus patterns weekly (if not more often).  Second, you need to be careful what attachments you open.  If you are suspicious, do not open it.  That holds for updates too.  Research what is being updated and whether that popup is legitimate.  Be careful — even with solid doors with locks, you must be vigilant to insure the burglar does not steal your possessions.  The same is true with the protection of your computer.

Older Entries