Crypto-What?!?!

C-R-Y-P-T-O-L-O-C-K-E-R

It is not a virus, trojan, worm or root-kit. It is actually a security program meant for good but bent to the will of some evil, greedy parasites. They have taken a useful encryption program and surrounded it with a bright red screen that holds your documents and photos hostage until you pay them hundreds of dollars!

Viri and Trojans are bad enough when they cause damage or disable you computer access, and then the FBI/Moneypak Trojan came along and threatened us with extortion; but now, CryptoLocker actually encrypts your files and demands money to return them to their previous state. It is TERRORISM!

This nifty little package comes via a .ZIP file attached to an email, usually from UPS, FEDEX or DHL shipping service.

I have now had to deal with this low-down, flea-bag piece of malware, and so I HIGHLY recommend another layer of defense.

  • Hardware Router/Firewall
  • Software Firewall
  • Security Software with anti-virus, anti-malware, intrusion detection and email scanning
  • System Cleaner for temp files and Registry scans [CCleaner]
  • Java Script/Ad Blocker for Web Browser [NoScript/Ghostery]
  • And now WEB DOWNLOAD EXE/ZIP BLOCKER

Folks, this one is bad news; if you have XP and don’t have a backup of your data files, it will ruin your day/week/month. In a situation like this, the only way to restore your files is to pay the ransom. If you have windows 7 or 8 then there is a small chance your PC has a backup of your files. The BEST way to fix this one is to avoid it altogether.

The first step is to scan and block bad emails BEFORE they get into your computer. Use SPAM-filtering on your email, especially if you don’t have Gmail. Webmail can be harder to protect if your email provider does not scan your email for malware.

The second is to block executable programs and ZIP files from running in your TemporaryInternetFiles folder [or Web cache files.] There is a manual process; I’ve done it and it is tedious and technical. There are also 2 web sites that have bundled all the commands into a neat little tool to protect your computer. For Networks and Servers, use this one. For workstations and home PC’s, use CryptoPrevent.

The third is to make sure you have your important data backed up online. DropBox, Google Drive, Mozy and Carbonite will all work, but for real data security CrazyDogBackup is the way to go.

Lastly, if this stuff makes you nervous, then just let me know, ‘cuz I am here to help.

Hacked Password….Aaauuuggghhhh!

Thank you to us.123rf.com for this great image!

Just got a call from a friend who got attacked by SPAM and had bank and PayPal accounts hacked. The question I got was this, “Do I have to change my email address?”

My answer was, “No, Get a better password!”

I also suggested that AOL might not be the best place to park her email. (They have a bad reputation for harboring SPAMmers, although they try to keep them away.)

I thought it was a good time to review password policy. Good News to some of you is this: Changing your password is NOT as important as having a good password. For some of you the question is, “What makes a good password?” Well, I am here to help!

CERN Computer Security says;

A good password is:

  • private: it is used and known by one person only;
  • secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the monitor;
  • easily remembered: so there is no need to write it down;
  • at least 8 characters long;
  • a mixture of at least 3 of the following: upper case letters, lower case letters, digits and symbols;
  • not listed in a dictionary of any major language;
  • not guessable by any program in a reasonable time, for instance less than one week.

 

And here are some DON”Ts from CMU/SCS Computing Facilities:

What not to do when choosing a password

  • Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
  • Do not choose a password that is a word (English or otherwise), proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a “dictionary” of passwords.
  • Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1″, writing a word backwards, etc. For example, “password,123″ is not a good password, since adding “,123″ is a common, simple transformation of a word.
  • Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.

Borrowed from www.madhusudhan.info

My last piece of advice for my friend was this: Find two or three passwords that are easy for YOU to remember (following the guidelines above) and use a different one for each of your bank accounts, Paypal and such. This way, one compromised password will not let them into every account.

Got Questions? I am here to help! Use the Contact page to shoot me an email.

Old Friends and Old Computers

OLYMPUS DIGITAL CAMERA

My daughter was only 2 years old when this photo was taken in 2001. The dog was named Patch and he died in September of 2011. I love looking at this photo, and any of you with teen-agers might just know what I mean by that. This is the dog after which my Crazy Dog logo is modeled. That dog was almost 14 human years old when we had to let him go. In dog years, he was 75!

But why would I even bring it up if the photo is twelve years old, do you ask? Well, here is why: Windows XP was released less than a month after this photo was taken, and now it is also twelve years old! Software ages just like dogs; in just 2 years it is fully grown and having puppies of its own. That would make XP 70 in dog years. Windows XP still accounts for 38% of all computers and yet we have THREE newer Microsoft Operating Systems.

“But Rick, my XP computer is running just fine; why should I upgrade?” Well if it is true that your system is working flawlessly then no, you don’t need to upgrade…yet.

Come April of 2014 [this next year] Microsoft will eliminate support for XP, which means there will no longer be any more security updates. This is like making my 96 year old grandfather into a security guard at the bank and taking away his gun and pepper spray. Who wouldn’t rob that bank?  I am not going to mention Vista, but Windows 7 is light-years ahead of XP in security AND stability. I have removed malware from Windows 7 just by using System Restore. You can’t do that with XP.

I loved my dog, Patch, but at the end, he couldn’t protect me from a baby in a stroller; and in this same way, XP cannot protect you from current Internet threats like the Medfos Trojan. If you have any questions, I am here to help.

Rambling Tale

Thank you to http://blog.pixert.com for the image.

As a computer repairman, I have a lot of electronic carcasses laying around my workroom, many of them are still around because they have some value, even if it is just for spare parts. My wife is always amazed at the “junk” I keep. In some ways, I am a handy-man for computers, and if you ask my friend John, handy-men never throw anything away, because they might need it some day. You would be surprised by how much stuff I never end up using, and by how many things I can fix because I just happen to have one of “those” laying around at home.

Why do I even mention any of this? Well we all have extra stuff laying around or packed in secretive spots for when it might be needed. It may be lawn or sports equipment, or supplies for our favorite hobby or just memorabilia like photos or mementos. But in the world of electronics, upgrades and new technologies make older parts obsolete in only 2 to 4 years time. The law of Diminishing Returns demands a reckoning on my storage bins on a semi-annual basis.

I need a laptop that will run Minecraft as a gift, so I was reconditioning one of the better laptops stacked in my workroom, when I noticed that many of them will only run Windows XP. Say what you will about the new Operating systems from Microsoft, but XP is a dinosaur, really, it is so unsafe to use! Over 50% of the malware I clean is cleaned from XP computers. Windows 7 is safer, better and more reliable. Now is the time to upgrade while Win7 can still be purchased. [Windows 8 is best saved for the new touch-screen devices.]

It is not OK to keep using old software and hardware if it accesses the internet at all. Would you drive a car with 3 wheels? Take it from a pack-rat; it is time to upgrade and Windows 7 is your ticket if you live in a Microsoft world.

If you live in a Mac world you should be on Lion, if not Mountain Lion [OS X 10.7 or 10.8]. Apple has already set all version of OS X version 10.4 [Tiger] and older adrift in the Ocean of no-upgrades. And remember; if you have any questions, I am here to help.

Which is the better Browser?

browser-logos

Linked from https://github.com/paulirish/browser-logos without permission

Not only do I get this question often, I also get the question, “What is a Browser?” A browser [or Web-Browser] is the program that lets you view web pages, or as some call it, “The Internet.” The Internet is MUCH MORE than just web pages, but this and E-mail are the two most prolific uses. I mean, Facebook is just a popular web-site [and now a phone app.]

I don’t think this is a stupid question for this reason; software companies are more interested in making their products easier to use and be recognized, than trying to describe their purpose and function. [This is a good thing for users that are familiar with that type of software.]

The problem occurs during remote troubleshooting when I need to lead a customer to the web. Many users are happy with one of the main browsers but not usually all of them. I will always install a secondary browser such as Mozilla Firefox just so the user has a, “spare in the trunk.” Asking a user to, “open their browser,”  often requires a definition for the same reason that we ask people for a “Kleenex” as opposed to a facial-tissue. Everyone knows what the blue “e” does, but not what it’s called.

If Internet Explorer isn’t acting right, then having Firefox installed can save hours of frustration and lost revenue. [hint-hint]

So what is the best browser? Some may say it come down to preference, but for the last three years, the Federal Bureau of Investigation, in conjunction with US-C.E.R.T. has said that Mozilla Firefox and Google Chrome are the safest browsers with Firefox often beating out its younger sibling from Google by only a small margin. Why are these young upstarts more secure than the venerable Explorer from Microsoft? There are many reasons, most of which are quite technical, but in the end, the competition between all of these companies is good for you, the End-User.

My preference is Firefox, but if you are not sure, then read this article over at InfoPackets.com.

Java Flaw…Again?!

Yet again there is a ZERO-DAY [or 0day] threat in Java. Oracle has been mired in problems since they acquired Java from Sun, but it seems like the bad guys know about the flaws before anyone else. Thank God for the researchers who make them known to the rest of without hacking our computers to do it.

It has been almost a year since the FBI and everyone else told you to remove Java from your computer, so here is how you do it:

Disable Java in All Browsers
Last month Oracle released a new Java version, Update 10, that includes a one-stop option for disabling Java in all browsers in the Java Control Panel. Open Control Panel and launch the Java applet. If you don’t see it, switch to Classic View (in XP) or small icons (in Vista or Windows 7). Click the Security tab. In previous versions this tab just allowed advanced users to manage Java-related certificates. It now displays a security-level slider and, more important, a single checkbox titled “Enable Java content in the browser.” Un-check this box, click OK, and you’re done.

Disable Java in One Browser
For security’s sake you really should be using the very latest Java version. If you’re not, or if you need to enable Java in some browsers but disable it in others, you can do that too.

Using Chrome? Enter chrome://plugins in the browser’s address bar. Scroll down to Java and click the link to disable it. That was easy, and a bit simpler than Oracle’s recommended steps. The process is similar in Opera, which Oracle’s page doesn’t mention. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button. In Safari, choose Preferences, choose Security, and deselect Enable Java.

The only way to disable Java in Internet Explorer is through the Java Control Panel. Launch it as described above, click the Advanced tab and expand the item titled Default Java for browsers. Un-check the boxes for Microsoft Internet Explorer. You may need to click the item and press spacebar in order to clear the checkmarks.

Firefox users can click the Firefox button at the top and choose Add-ons from the resulting menu. On the Plugins tab, click the Disable button next to “Java(TM) Platform.” You can also disable Java for all Mozilla family browsers by un-checking the Mozilla family box in the Java control panel.

Stay Updated
When writing this article, I had a hard time viewing the new feature that Oracle added in Update 10. Why? Because I had disabled Java and figured I didn’t need to update it. That was lazy thinking; I’ve reformed. At any time you might find you need Java, perhaps for a Web meeting, or a remote-control tech support session. If you don’t want to let Java update automatically, you can check for updates from the Java Control Panel at any time.

Whichever method you choose, visit the Java test page at http://java.com/en/download/testjava.jsp to confirm that Java is disabled. Yes, you’ll occasionally run across a website that relies on Java. If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.

In Conclusion, this isn’t over and you need to use a JavaScript blocker like NoScript also. If you have a questions, just remember, I am here to help.

iPhone users beware

If you have the newest iOS [version 6] on your phone, then please DON’T leave your phone unattended thinking a passcode will keep it safe. A You Tube video will show anyone how to hack your phone. The good news is that Apple is working on a fix, so keep a look-out for new updates. Just remember, if you have any questions; I am here to help.

Is your firewall fire-proof?

OK, none of our computers are 100% safe from internet threats any time they are on and connected to the Internet. I admit that. And if you did not know that…POP… I am not sorry for bursting that bubble. Just like driving, it only takes one other driver on the road to cause a collision. Safe computing, like safe driving requires intentionality and vigilance.

But when a company hides secret accounts [known as back-doors] in our security equipment, it raises my ire. Barracuda Networks has been outed for having back-doors, and this article from KrebsOnSecurity says, “It’s not clear for how long the backdoor accounts have existed in Barracuda’s products, but the researchers found evidence that they have been in place since at least 2003.”

It was around this time last year when I heard of a different Security Vendor, who was friendly to the Chinese government, that had not improved their equipment’s internal software in 3 or 4 years.

If you aren’t getting notices that upgraded software exists for your firewall/router, then maybe you should go looking. Or just call me because I am here to help.

Cell phones, data and privacy.

I get a newsletter called WINNEWS and it can be found at http://winnews.com , this is a clip from an opinion article about legal issues in our digital world. You can find the full article at the site listed above. Here is the quote (sorry it is so long).

However, like any technology, location data can be used against you, and it’s not just smartphones that can be used to track where you go. The dumb ones can do that, too. In a 2012 case, the Sixth Circuit Court of Appeals (United States v. Skinner) handed down the somewhat alarming decision that you have no reasonable expectation of privacy in the location data that your cell phone transmits. That means government agencies can monitor your movements in real-time without being subject to the fourth amendment requirement to get a search warrant.

What about stored records that track your phone’s movements in the past? Oh, you didn’t know cell phone carriers store that data? According to a Department of Justice document, records of the cell towers used by phones (all cell phones, not just smartphones) are typically retained for at least several months, and often longer. The cell tower information can be used to track general location, although it’s not as precise as GPS data. The Obama administration says your cell phone location data is a “third party record” like your banking records, and you have no right to privacy in either.

The fight began when a Texas judge denied federal prosecutors’ requests for court orders requiring disclosure of historical cell tower location data over a period of 60 days. That judge (correctly, in my opinion) ruled it was a violation of the fourth amendment. The feds lost again at the district court level, but they don’t give up easily; they took it to the Fifth Circuit Court of Appeals. As of this writing, that case is still awaiting an opinion.

Windows H8?

That title reads like this, “Windows hate?” The tremendous dislike for this new OS is not completely unfounded. Everything is moved yet again. Windows RT won’t run windows apps. The START ORB is gone. And the list goes on…

I have it on a laptop, and it is not bad, just different. Most people won’t recognize the power of Windows 8 until they have it on a touch-screen device.If you have questions, send them my way, as I am here to help.