It’s not a matter of if, but when (Part II)

As promised, here is the second part of the post the other day. A disclaimer, these are only services and resources I’ve used in the past and found useful or appropriate for the situation at that time. I’ve noted the ones that I’m using currently and why I’m still using them despite more well known products or resources being available. The majority of what I’ve found in my experience is that online protection and security is more behavior (knowing what not to do or recognizing signs its bad stuff) rather than finding the right application to rely upon. What I’m using currently is an extension to my own experience and knowledge that helps when its not clear if I’m going down a road to something malicious.

Online Safety Resources

These are sites that I’ve come back to time and time again as resources to help people. Everyone has to realize that it’s their responsibility to keep themselves safe online because no one else is going to do it for you (unless you’re a child with proactive parents). The wife and I have consistently kept a lot of technology away from our daughter on purpose because we knew she wasn’t ready to 1) listen to our advice and 2) properly police herself online. A recent foray into YouTube that got her into some real-life videos with questionable content is a perfect example. She didn’t know enough to say “I shouldn’t be watching these” and close the application. The computer is now only allowed in open family space, no more in the bedroom with a closed door!

YouthSpark Hub (sponsored by Microsoft)

StaySafeOnline.org (sponsored by National Cyber Security Alliance)

Get Safe Online

Protection (Anti-Virus / Anti-Malware / Web Filtering)

Out of all the things that you can choose to passively keep yourself safe out there, these are the three that I highly recommend. They’re a good balance between protection and minimal resource impact on the machines you’re running them on. I’ll address each individually to make things easier.

Microsoft Internet Safety & Security Center

This is a combination service that includes Microsoft Security Center and Windows Defender that come bundled with Windows 8.x and Windows 10. It’s automatically enabled by default and if you don’t know that they’re there, you’re already protected to a certain extent. I like this application because it literally sits in the background and only reminds you its there when something bad is about to happen or your actions are going to trigger something bad. It would well despite some of the bad press online, however its free and capable at protecting the “macro” stuff.

Microsoft Family Safety

Probably one of the best services I’ve seen from Microsoft, this lets you create an account for your child with a password they select, yet let you watch/see/block anything you want. An amazingly easy interface, you create the Microsoft account while logged in with your account and authorize their account on only the devices you want them to be able to log onto. You have the ability to restrict their total time, the time frames they’re allowed to log on, as well as see everything they download/install/browse online. If a site shows up you don’t want them getting on, a quick click of “Block” next to the site will remove their ability to get to it via any browser. You can also block installations of certain applications (like Firefox or Chrome) forcing them to use IE or Edge so you can keep track of their online behavior. Instructions are easy and they take you through every step.

Sophos Home (anti-virus/anti-malware/web filtering)

I highly recommend this service due to the ease of use and quick setup. You create an account, then install the Sophos Home agent on every computer you want to protect (up to 10 for free). Each computer shows up individually by machine name (I change them to be specific, e.g., “DaughtersLaptop”) and lets you review their online activity. This is an added blocking defense for any site that they got to that Family Safety didn’t block for some reason. In addition to the web filtering, this is also an added anti-malware tool and has an extensive database of web sites that have been reported as having a bad reputation in regards to malware or virus activity. Simple installation and small footprint (less than 50MB of memory used when running), this passively watches in the background.

Passwords

I can’t stress enough how important it is to have strong, complex, and long passwords. A password using capital/lowercase letters, numbers, and special characters that is 8 characters long, can be cracked in about 6-8 hours @ 1,000 attempts/minute. The same type of password at 15 characters will take 2-3 years @ 1,000 attempts/minute. Once you add in non-standard characters, it could take decades to crack. It’s not a matter of making your password uncrackable (that’s impossible) but more a matter of making it so long to get it cracked that they move on to the poor guy that has decided to use “12345678”, “p@ssword1”, or “qwerty1234” as their password for their banking site. And please, don’t be a smart-ass and make it “passwordWITH1number”….. that’s just stupid.

I personally use LastPass and definitely utilize the password generator built into it for everything now. I can access my password database on all my devices including my mobile. The database is encrypted even in the cloud to the point where LastPass is unable to decrypt it should I happen to forget my master keycode. They also just released an authenticator application (numbers that sequence every 60 seconds) to allow for dual-factor authentication on sites that allow it. WordPress supports it ūüôā

LastPass – Password Manager

Creating a strong password

How to Create a Strong Password (and Remember It)

How to Create a Super Strong Password (Infographic)

Well, there you have it, a lot of information to digest and absorb. It’s worth the read in my opinion as it holds true: “It’s not a matter of if, but when” you get hacked / you get a virus / you get malware / you get phished / etc. Stay safe out there!

It’s not a matter of if, but when (Part I)

I received a letter from American Express yesterday. ¬†It was nothing out of the ordinary as they send me crap all the time, but this was different. ¬†The letter informed me that my information changed via a third party service sometime in January 2016. ¬†Red flag. ¬†The letter didn’t tell me that this was an ordinary or extraordinary action and in the 22 years I’ve had this card I’ve never had anything changed via a third party. ¬†Red flag. ¬†Upon calling them, I was informed of a potential breach in a third party system that American Express uses to update their credit files. ¬†The letter was auto generated and was a result of a changed file. ¬†My question “Why did I get a letter its changed as I’ve never received this before?” went unanswered.

This event triggered me to write about it, because I’ve yet to talk to someone that completely understands the extent of their threat exposure. ¬†So here, a short list of items that I’m sure everyone has an account with or a device in their possession:

  • Mobile Devices: ¬†mobile phones, wifi doorbells, wifi cameras, wifi baby monitors
  • WiFi Vehicles: ¬†On-Star, Hyundai Assist, Ford Sync
  • Medical Devices: ¬†pacemakers, defibrillators, insulin pumps
  • Social Engineering: ¬†email, text messages, phone calls
  • Service Providers: ¬†mobile phone companies, cable, phone, electric, gas, water

Every single one of the above items (its not an exhaustive list) has a component that can be breached and used to take advantage of unsuspecting people. ¬†I’ve been in this industry for years and still see threat deltas that I’ve never seen before. ¬†The potential that hundreds of thousands of people are even less aware is very real and the news tends to support that theory. ¬†Here are some scenarios that may or may not fit:

  • Get a new WiFi router for your home and just plug it in and it works. ¬†No changing of the default password, no wireless security (open), no update to the default factory settings that allows for internal device browsing, etc.
  • Get a new Android phone and start to build out your profile, download apps, etc. ¬†You get a prompt to enter in your credentials for GooglePlay and blindly enter in your credentials because you think its for an app. ¬†You don’t notice that you’re not prompted for a username/password ever for downloading apps (since it uses your Google account automatically) through official channels.
  • Connect your personal mobile device to a hotspot for internet access without reviewing the entire list of available networks. ¬†Most places of business will display their wifi network name so you don’t connect to something malicious. ¬†Ex – a wifi network will NEVER show up as “ad-hoc”, the ones that do are malicious almost in every case.

There are literally hundreds of thousands of articles and resources available if you want to learn more about protecting yourself. ¬†I’m going to list a few of the more easier to understand resources in my next post. ¬†Keep yourself safe online and the horror stories you see online will never be about you.

Texting While Driving in PA… DENIED!

It’s just under two hours until its illegal to text while driving in Pennsylvania. ¬†The new law, which takes effect March 8th, authorizes law enforcement to pull people over and ticket them if they’re observed texting while operating a vehicle. ¬†Of course me being a techy and geek, I know better and have learned that while driving, “it can wait” unless its a call. ¬†My wife knows that if its an emergency and knows I might be driving to ring once, hang up, then immediately call again.

Commuting over 50 miles for almost 10 years combined now, I’ve seen a lot of other things besides texting that should have been ticketed. ¬†Wheres a cop when you need one?

Ok, here they are, in no particular order:

  • I can use a picture of this camera, I own one ūüôā

    Reading the newspaper while driving 70mph on the highway

  • Putting on makeup (weaving all over the place too)
  • Changing clothing…. ¬†observing the driving while changing pants made me back off
  • Eating any number of various items normally thought of as not “easy” to eat while driving
  • Having a fight on the phone
  • Performing a Chinese fire drill reminiscent of some action movies, “here, take the wheel”
  • Taking pictures with an SLR of people allegedly tail gating behind them

It truly is amazing to me that there aren’t more accidents based on the way that people drive normally. ¬†I mean, there must be a majority of good drivers that avoid the bad drivers on a regular basis so accidents are narrowly avoided. ¬†In my older wiser age I’ve adopted a smarter driving style and only have rare fits of “get the hell out of my way” types of road rage. ¬†They are fortunately or unfortunately (depending on how you look at it) becoming less frequent. ¬†My wife approves!

At this point I see a lot of other states adopting “No Texting” laws to help protect all the drivers out there. ¬†I for one wouldn’t mind seeing a few choice punk teenagers taken to the wringer and getting tickets they seriously can’t afford. ¬†Now I need to figure out when I became old enough to dislike teenagers instead of thinking I still was cool enough to be one…..