15/07/14

Permalink 10:49:00 am by Eugene Gardner, Categories: Security, Articles

Picture this: you receive messages from people asking you to stop sending them invitations to buy anatomy enhancing medications, or send them money as they have been stranded overseas, or maybe just a link to a website that discharges a virus when visited.

The problem is that a bad person has got hold of your email address and has spoofed it by placing it in the From: field of an email message.  By using your address rather than their own they make themselves less identifiable and their poison pen messages less likely to be trapped by spam filters.

What's worse, these messages often get sent to people you know.  The real sender tries to rely on your good name to convince the recipients to follow their evil plan based on your trusted character.

How did this happen ?

  • Perhaps you use the same password on more than one website and one of those got hacked.  Hacked (often big name) sites are a daily occurrence as evidenced by my Twitter feed.
  • Perhaps your email provider's database was compromised (e.g. AOL most recently) and any contacts list copied.
  • Perhaps anyone who has ever corresponded with you has a computer that was attacked by a virus that harvested the email addresses in the From:, To: and CC: fields of all their messages.  Perhaps their address book was stolen too.

What can you do about it ?

If you use the same password in more than one place change them for unique complex (more than 10 characters including upper case, lower case and numbers) passwords.  You don't have to remember them as long as you use a (possibly free) password manager as explained in my earlier blog post.

Change your email account password - this is just precautionary but it can't hurt. Remember to update any mail clients you use with the same password.

Forward this blog entry to anyone who contacts you. That way they will understand that this problem is most likely not of your making and there is absolutely nothing you can do about it once your credentials are in the hands of a criminal.  Quite soon the bad people will not have any value in your email address as it has been used so this problem will naturally end.  

Yes it is a pain but it is such a common part of life today that most people are aware of the issue and are in a position to empathise

11/07/14

Permalink 07:58:00 pm by Eugene Gardner, Categories: Security

To avoid having your internet access restricted by protective mail servers and service providers, and also avoid the thieves and cyber scoundrels that are ever present but all the more difficult to handle when travelling, follow these suggestions.

Enable two factor authentication and test it on all web facing applications on all devices at least a week before you set out.  See my earlier post on this. 

Don't do anything on public Wi-Fi that you wouldn't want posted on a roadside billboard.  Sometimes that's not an option though so install a virtual private network that will create an encrypted tunnel to your home provider.  My favourite is http://www.cyberghostvpn.com but others such as https://www.privateinternetaccess.com are sound.

Assume your device (phone, tablet, laptop...) will be stolen.  Encrypt the entire disk with BitLocker or  https://diskcryptor.net  if running Windows or FileVault for OS X or LUKS for Linux distros.  Android and IOS have similar apps.

Remember to pack a Kensington lock to physically tie down your device and install Prey or Find My Mac to enable you to alarm, lock, destroy, photo the thief, or use GPS tracking.

General good practices such as logging out of each service before closing the window and using unique strong passwords should be part of SOPs but are especially necessary when on the move.  

Similarly, shelter your screen and keyboard from overlookers both in person and via CCTV.  And it should go without saying that a paid for updated firewall and virus protection suite are essential.

Finally, social networks are fun but if you post a picture from overseas you may as well broadcast to local villians that you are not at home.  Be circumspect with the information you publish.

10/07/14

Permalink 04:01:00 pm by Eugene Gardner, Categories: General, Articles

I'm sometimes asked why a client's messages are rejected or bounced by one or two recipients.

We all have an address on the internet – that is how an email message knows where to go.  The problem is that when a suspected spammer or other person with nefarious intent has been traced back to his address, that address gets blacklisted on several lists to prevent more spam being sent.   A selection of these blacklists are checked my most email providers to ensure they are not responsible for propagating rubbish.

 Because there are more potentially internet connectable devices in the world than available addresses stale connections are dropped and when a new connection is requested a new address gets allocated.  You have been unfortunate to have picked up the address that the bad person used.

 There are ways of having it removed from the various blacklists but the time and effort involved is far more than the alternative method of resolution.  Visit  http://www.whatsmyip.org/  and make a note of the IP address on the top line.  Now power off your computer and any other internet connected devices including the router.   Count to 10 then power up the router.  After a minute power up your computer and any other devices you want.  Now visit  http://www.whatsmyip.org/  and see if your IP address has changed.  If so, send you email again and expect it to arrive.  If the address is the same, go through the above process again but wait much longer before powering up the router - overnight perhaps.

The above works for the 95% of people who have dynamic IP addresses allocated by their ISP.  If you have a static IP address (usually bought if you are a business hosting a server) then the above won't work; in that case you need to either get a new IP address issued by contacting your provider, or go through the process of proving to all the blacklist owners that you are not a bad person.

05/07/14

Permalink 07:57:00 pm by Eugene Gardner, Categories: Security, General, Articles

Contrary to all the advice that I and others have given to keep passwords secret, there is one occasion where it can help to have a trusted friend with knowledge.  I recently received an email purporting to come from a client as follows:

 I'm writing this with tears in my eyes, I and my family presently on a short trip to Rome, Italy. Unfortunately, I was robbed in the hotel I booked, all my valuables which includes cash, mobile phones were stolen during the attack but luckily I still have my passport with me.

 I've been to the Embassy and the Police here but they are not taking the matter seriously. Please, I really need your financial assistance now because things are really getting tough on me here. Our flight leaves in few hours from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills. Please, let me know if you can help us out?

Well I've received scores of identical messages in the past so I was in no doubt that the client's email password had been aquired by a bad person.  I played along for a time by offering to help - until such time as I was instructed to make a (non-traceable) payment of £870 to a Western Union (spurious) address. 

I wanted to protect my client from further misuse of their account but I could not reach him by phone.  Clearly there was no point sending an email as they were being forwarded elsewhere.  In this case, had I known the password I could have changed it and saved my client a little distress.

Unfortunately the password was not only 'protecting' the stolen Yahoo account, but it was identical to several others including the website from wence it was hacked.  All of these had to be painstakingly changed.  You may be assured that this client now heeds the age old advice to maintain a password manager and use long, complext and unique passwords.  In fact I think he has enabled two factor authentication too. Unfortunately many of his messages and contact list were deleted and not backed up.

07/06/14

Permalink 07:45:00 pm by Eugene Gardner, Categories: Security, Articles

The golden rule is to assume that your Facebook (and other) accounts will be broken into one day.  Your next potential employer or your ex-spouse's lawyer will be pouring over it.  Don't ever publish anything you would object to being posted on a bill board outside your house.

If you look hard enough, Facebook does offer plenty of controls to guard against your details being harvested by the bad folks.  Security settings and their defaults do get changed though, so it's a good idea to revisit this periodically.  To save some time looking for the key components, here are some suggestions.  

  1. Setup login notifications.  This will alert you when the account is accesed from an unknown device.  Down arrow > Settings > Security > Login notifications.

  2. Use two factor authentication.  Each time you access FB from a previously unused browser or computer your phone will be sent a verification code.  Down arrow > Settings > Security > Login Approvals.

  3.  Limit timeline post access to your friends.  a) future posts:  Click the padlock icon top right > Who can see my stuff > Friends.   b) previous posts.  Down arrow > Settings > Privacy > Who can see my stuff > limit past posts.

  4.  Lock down who can contact you.   Click the padlock icon top right > Who can contact me > Strict Filtering.

  5. Prevent successfull searches based on your email address.   Settings > Security > Privacy > Who can look me up > Friends.

Please add a comment if you think this post can be improved.

24/05/14

Permalink 07:52:00 pm by Eugene Gardner, Categories: Security, General

The currently most frequent ailment I encounter is computer speed restriction.  This is most often caused by the owner downloading – perhaps inadvertently – programs that are bundled with something else.  The problem often starts with a new off-the-shelf computer; they are almost all stuffed with unwanted commercial software trials that purport to add value to your purchase.  By coincidence they also boost the seller’s profits through partnership deals.

Another common route of entry is for the parasitic software to come bundled with the desirable.  Acrobat Reader is a good example: search Google for a download location and several sites are presented, all of which come with a payload of partner products. Even Adobe’s own download contains McAfee Security Scan unless you opt out; so it is essential to read through any windows that appear to ensure you are not acceding to install potentially dangerous and unwanted software such as search toolbars or worse, malware ridden scams.   

If you do get caught there are some automated tools that can help rid you of many problems.  Try the following in order and stop as soon as the problem is resolved as these get more aggressive further down the list.  I recommend taking a full image backup first in case things go from bad to worse.

  1. Adwcleaner removes adware, browser hijackers & toolbars. Free from
    https://toolslib.net/downloads/viewdownload/1-adwcleaner/
  2. DeCrapifier uninstalls known rubbish.  http://pcdecrapifier.com/ 
  3. Junkware Removal Tool deals with the common Ask, Babylon, Conduit, & MyWebSearch infections.  Disconnect form Internet & pause regular virus scanners before running this. Be prepared to reinstall Chrome after.  Free from
    http://www.bleepingcomputer.com/download/junkware-removal-tool/
  4. RogueKiller  will stop suspect processes, services, DLL registrations, repair HOSTS and master boot records.  Best to make a system restore point before running this one.  Free from
    http://www.adlice.com/softwares/roguekiller/

All the above run in under 10 minutes as they target specific problems.  For complete scans of the disk taking up to an hour to remove malware consider the free
http://www.malwarebytes.org/mbam.php  and
http://www.superantispyware.com/index.html

Irrespective of what’s discussed above it is essential to install a paid for Internet security suite.  And more than that, make sure all programs including Windows itself are kept at the latest versions.  This can be eased by running a free version checker such as
http://www.filehippo.com/updatechecker

15/05/14

Permalink 03:44:00 pm by Eugene Gardner, Categories: Security, Anti-Virus

Each year in the Autumn I review the comparative group tests of the major labs to glean the consensus of the ‘best’ security product.  That is the one I buy many licenses of at wholesale prices and recommend to anyone who’ll listen.

The labs I generally look at are

No one lab will give the definitive best product as they

  • test different products - there are scores of anti-virus products available so each lab can only test a sub-set
  • use different test environments - some test with viruses captured ‘in the wild’ while others roll their own bespoke test suites; some test on multiple platforms others just one version of Windows
  • report results differently - some score 1-5 stars, others use 3 or more groups of words, others just award a pass/fail; so comparing one set of results with another is not straight forward
  • record different capabilities - examples of capabilities that are measured are detection, prevention, cleanup, usability, cost, false positives, extra features, and performance
  • test different catagories of malware - all will test trojans and worms but not all test keyloggers, screengrabbers, zero-day exploits…

So I look at all and form my own opinion based on the consensus.  Although all the labs are independent, some are commissioned to conduct tests by one of the anti-virus companies and those companies usually get a good score.  This is not because of anything underhand but shows that the issues found have been corrected.  As long as the reader is aware of this it is not a problem as the other products are tested on a level playing field.

I read through many reports and assess the value of the most recent evaluations.  I then form an almost subjective opinion based on objective criteria.   

:: Next >>

Click here to return to the 1ComputerCare home page.

This is designed to supersede the newsletters that I just don't have time to produce to the standard I would want any more. Please register so that you may read and leave comments and subscribe to have posts automatically e-mailed to you.

Comments and suggestions are always welcome.

Search

July 2014
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Contents

XML Feeds

blog soft