Science & Technology

The Joys Of Internet Browsing

Over the last few days, I have been noticing an increase in posts on social media complaining about how this or that website isn’t working like it’s supposed to. If you’ve spent more than ten minutes on the web this is something we’ve all experienced (you do realize that the “www” part of a website address stands for World Wide Wait, right?).

First, let’s get some terms explained so everyone will understand.

  • URL – Uniform Resource Locator. This is what you see in the address bar of your browser. Such as “https://facebook.com”.
  • Internet Browser – There are many to choose from. Most Micro$oft Windows PCs will have Internet Explorer (also called IE), or the new (and terrible) Edge. Apple (MAC) machines come with Safari. Others include Firefox and Google’s Chrome. There are other browsers as well, that those are the bigger players.
  • Internet Cache – Also called Browsing History. When you visit a website, small portions of the site are kept on your local computer. This helps speed up subsequent visits to that website. For example, if you visit a certain website on a regular basis, let’s say Google, a copy of the Google logo may be stored on your PC so you don’t have to download it every time you visit. This was very helpful back in days of dial-up internet connections.
  • Cookies – Small pieces of information stored locally to help (but not always) with various aspects of web browsing. An example would be settings for the way you prefer to see news items. Some websites allow you to customize what you see when you get to their page. Amazon does this. Even though I do not have my password saved on my PC for Amazon, when I open the site it still has my name and preferences stored. But to purchase anything, I have to enter my password. So cookies can be good. But just like real cookies can hurt you (see expanding waistline in the dictionary), not all cookies are helpful. Some track your browsing history, allowing for targeted ads to appear on other websites.  Ever search for a product then see ads for that product (or competitors similar item) on another site? That’s tracking cookies at work.

In my 20+ years of IT experience, I have found that 75% or so of all “the webpage won’t load” or “why can’t I see this part of the webpage” problems are not the fault of the website itself, your internet provider, or the fact the Mercury is in retrograde. It’s almost always something corrupt in your cache.

So what to do?  Well, if you’re using a Windows PC the very first thing you should whenever there is something wonky (very technical term) happens, is reboot the PC. In reality, Windows PCs should be rebooted about once a week. Rebooting a Windows PC fixes a great many problems. And they really should be wiped cleaned and reinstalled yearly. But that’s another post. Mac and Linux users usually don’t have that problem.

If the problem is internet related, then you should clear your cache, or browsing history. I won’t go into details on how to do that. There are way too many variables for me to cover, and I can’t be responsible if you make a mistake and instead launch nuclear missiles. Hey, stranger things have happened.

Follow this link to Lifewire for some basic instructions. They have better lawyers, you know, just in case those missiles start flying.

If that doesn’t seem to help try this. A wonderful site Down For Everyone Or Just Me? has a great tool to see if an internet site is truly down. Just enter the website (i.e. google.com) and hit the big blue “or just me?” and it’ll tell you if the site is hosed.  Quick question; you do know that words that are (usually) blue and underlined are clickable? And they’ll take you to another webpage? Right? Just making sure…

All these tips will work no matter what kind of PC you’re using.  Folks on mobile devices (phones or tablets) may have different steps to take.  Google whatever Operating System your mobile device is running (only two big choices here – IOS for iPhones and such, or Android for damn near everything else) and your browser. It would be something like “clear cache IOS # Safari” or “clear cache Android # Chrome”. The “#”‘s stand for the version of your Operating System. If you’re not sure which version you’re running, you’ll have to Google that too.  We’d be here until the stars burn out going over all the different versions.

I hope this helps you in some small way. But I’m sure, like all tech notes, it’ll just leave you with more questions.  So feel free to ask questions in the comments below. It does require you to enter your email address, but I don’t keep track of any of that. It will write a cookie (remember those?) to your device so that it will remember you if and when you come back. You will come back, right? Please?  Of course, you can leave comments and questions on my social media, but I prefer you ask or comment here.  Links are below.

Peace,
B

Twitter  FaceBook

P.S. The jury is still out on whether or not Mercury being in retrograde effects internet traffic.

Tech Time

For those that have a Windows 10 PC, this is for you. If you’re using a MAC, or better yet a Linux box, I suggest you go listen to some tunes. (I recommend SiriusXM, but pick any streaming service), and if you’re still on Windows 7 uh… (Windows 8/8.1 users are in their own hell, we’ll leave them be).

Well never mind.  I was prepared to go on and on about not installing the latest (but not greatest) Windows 10 update. This would be the October update, otherwise known as build 1809 or Redstone 5. As a tech person, I installed it since I need to know exactly what happens.

I didn’t have the worst of the problems that I’ve ready about. I didn’t lose any files, although my Google Backup and Sync couldn’t find my “Downloads” folder to sync. The folder was still right there where it was supposed to be, but the update had changed the value that the OS (Windows 10 in this case) uses to identify the folder.

The only other problem I had been that all streaming audio quit working. I tried SiriusXM, Spotify, Pandora, and YouTube, with Chrome, Firefox, and Internet Explorer 11. I could see the sound levels in the mixer, but no sound could be heard. I did find some updated drivers that fixed the issue temporarily, but on a reboot, the sound was gone again. Needless to say, I rolled back to build 1803.

Now this morning while I sit at my keyboard putting electrons to virtual paper, one of my go-to sources for all things tech, Ask Woody, posts that Micro$oft has pulled the 1809 update!  This is unprecedented. To quote the article (here’s the link to the original post);

We have paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigate isolated reports of users missing some files after updating.

If you have checked for updates and believe you have an issue, please contact us directly at +1-800-MICROSOFT or find a local number in your area https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers.

If you have access to a different PC, please contact us at https://support.microsoft.com/en-us/contactus/(link will vary according to country of origin).

If you have manually downloaded the Windows 10 October 2018 Update installation media, please don’t install it and wait until new media is available.

We will provide an update when we resume rolling out the Windows 10 October 2018 Update to customers.

As I have said for a very long time, Micro$oft considers all of us as unpaid beta testers, and Windows is the most prevalent computer virus ever!

Here’s a fitting video for the 1809 update.

Peace,
B

Twitter  FaceBook

Truth! (In Advertising??)

Let’s talk about a strange, but very interesting, ad. I don’t know if this commercial runs outside of the USA, so for reference here it is:

So let’s pick this apart shall we?

First, while it is true that text messages are being broadcast into space, after all everything that has ever been broadcast by humans has been sent into space. How do you think aliens are learning our anatomy & physiology? They’re not abducting us and doing rectal probes. They’re watching all the p0rn and sexting messages were sending out. Basically, aliens have as much of a screwed up expectations of our sex lives as a 16 year-old boy.

Second, if you were the astronaut in space, do you think you’d actually be monitoring text messages? I won’t even go into the lack of a lag it the messages. I know here on earth, my texts don’t get delivered in real-time. Can you imagine the bounces a message would have to take to finally make it to someone in space?

Next, both of characters are in a night-time scene. This would mean that the “space station” she is working on is close to the terrestrial location the guys is locked out of his car. That would indicate that the station is in a geosynchronous orbit. But the space station isn’t in that type of orbit. In fact it makes a complete orbit around the earth about every 90 minutes. So they would both see the same moon for a very short time.

Lastly, if one member of a couple is an astronaut I think they could afford something a bit more fitting of the astronaut’s earning capabilities than a Hyundai.

But that’s just my opinions.

Can you find any other “not quite right” moments in this commercial, or any others? Leave a comment if you do (or feel free to pick apart my pseudo-science).

Peace,
B

Twitter  FaceBook

True Stories From The Workbench – Part II

(True Stories From The Workbench – Part I)

Here are a couple more stories of the odd things we techie types run into now and then.

The year was around 2001, I was doing in-home/office computer work. I went to the home of a doctor that was having a very minor issue. If I remember correctly (which at my age is questionable), it only took me about 15 minutes to fix the issue. While she was writing out my check, she asked me what I did to fix the PC. I didn’t get more than a handful of words out in reply when she interrupted me with “No! Don’t tell me. You may push something out of my brain that I need”.  Now I may have only been a paramedic back in the day, but I’m pretty sure that’s not the way the brain works. I was hoping she was joking, but she looked really serious. I just let it go.

Just this past week: We use Micro$oft SharePoint here at work. (No I am not a fan). It is set (and cannot be changed) as the default homepage for both Internet Exploder Explorer and Chrome web browsers. We also have it set that the login cookie (that’s what saves your username and password) expires at a set time. This means that every now and then you will have to re-enter your login credentials to continue. So, we get a HellDesk ticket “SharePoint is asking me to log in and I don’t know what to do!”  Uh… Maybe enter your username and password and login? You know, follow the damn instructions!!!

Have any stories you’d like to share?

And this video has nothing to do with anything in this post. But it showed up all on its own, so I think it’s an omen.

Peace,
B

Twitter  FaceBook

The Trouble With Spam

(And no, I’m not talking about that bouncy, pink, pseudo-meat stuff..)

I’m talking about unsolicited, junk, probably virus & malware-laden, email. You get them, I get them, and to paraphrase Oprah, “everybody gets them!!”.

Combating SPAM, and it’s more evil cousin PHISH, emails is a major part of my job. I’ve talked about Phish emails before, so this time I want to concentrate on Spam.  I’ve given you a basic definition of just what Spam is in the opening of this post. So let’s talk a bit more about what the differences are between Spam and a Phish.

Spam may be benign. It doesn’t always have a malicious intent. It usually does, but not always. Phish emails, on the other hand, will always be malicious. The main job of a Phish email is to get you to click on a link or open an attachment with the express intent of infecting your PC (doesn’t matter if you have Windows, Mac, ChromeOS, or even Linux – you can be infected).

Most Spam you see are nothing more than advertisements trying to get you buy something. Consider an email from the retail giant Amazon. Now I do buy a lot, and I do mean A LOT, of stuff from Amazon. But, unless you specifically set your preferences not to send you marketing emails, you will get email after email from them with something similar to whatever you just bought or even just browsed. While this is not considered “Spam” outright, it very well could be. Did you ask Amazon to send you recommendations? Probably not. But if you didn’t opt-out of their marketing emails when you created an account, they are legitimate emails. However, any commercial emails that you didn’t ask for are completely Spam. Unfortunately, you cannot claim emails from your Grandmother with her award-winning Tuna Casserole recipe, that you didn’t ask for as Spam.  Or in my case, emails from family members asking computer questions. I’m usually the one sending them recipes. But not for Tuna Casserole. That stuff is vile, and if it’s not already outlawed by the Geneva Convention, it should be!

Now here’s a sticking point. Emails that you have not signed up for (Spam), but come from a “reputable” source, a store you frequent, or a website you visit regularly. Do you use the “unsubscribe” link or button in the email?  NO!  If you’ve never given this entity your email address NEVER click the unsubscribe link or button.  This only tells the scammer behind the Spam that this is a valid email address. Plus, since this is a directed email (it has now become a Phish, or even a SpearPhish, email), the link to unsubscribe most likely will take you to a malicious website or even go so far as to download something to your PC without your knowledge or permission!

Here’s an example for you. Last summer my family spent a week at Disney World. Since we did all the reservations and set up stuff via their website, I was added to many, many of Disney’s email lists. I expected it (although not quite as many as I ended up with – the sheer volume of unsolicited emails was staggering!). For those emails, it was safe to unsubscribe.

Now here’s a more troubling example. For this, I will use my work email. As I mentioned before, one of my main duties is PC Security. For this task, I have several tools at my disposal. I can Phish my end users with templates that are very realistic. But for the purpose of this post, let’s talk about the Spam I receive.

Every day I receive, on average, about 5 Spam emails. These are not any mailing lists that I’ve signed up for, nor are they any company I’ve ever had any dealings with (I think my email address was sold to some advertising/marketing company, sadly). It appears that the rest of the world seems to think that I am the compliance manager for the city I work for. Or at the very least, they hope I will forward on the constant emails about software and/or websites that can make my compliance work so much easier. Add to that, the emails from “LinkedIn” that somebody wants me to join their network (Hint: my work email, nor my personal email is not on LinkedIn!) and I could spend much of my day just adding folks to my junk sender list. Thankfully Outlook takes care of most of it for me. The ones that are not already added to my list just take a simple right click and blocked!

So, how can you avoid Spam emails? The easy answer is, you can’t. But you can cut out a lot of it. Think about all the emails you get every day. How many are from stores you visit? Do you really need to know what is on sale every damn day? They all have websites you can visit when you need or want a specific item. All these emails are trying to do is entice you to buy something you probably don’t need or really want, but they have too many in stock.  Mainly because nobody needs or wants it in the first place! Save your money and go buy a good book or go to the movies!

When you create an account on a website, hopefully for something important, look at each step of the creation.  There will be (or at least there will be IF the site is legitimate) boxes to check to either opt-in or opt-out of various offers, email lists, etc. This also is important if you ever download and install a program from the web. One great example of this is the free Adobe Acrobat Reader. This is a very good legitimate program, considered the “standard” for reading PDF (Portable Document Format) files. But, on the install page, there is always a bonus free program. Sometimes it’s Google Chrome (my favorite web browser), and sometimes it’s an anti-virus program (McAfee seems to be the favorite). While both of those examples are basically fine to download, there are somewhat more nefarious downloads that hide malicious programs, masquerading as something else, hoping to infect your system.  So, “Think Before You Click”!  That’s good advice for anything internet related.

And just so you know, Spam is not a new thing. This image shows a capture of a letter-to-the-editor from the May 30th, 1864 edition of The Times of London.

Victorian_Spam

Sir,—On my arrival home late yesterday evening a “telegram,” by “London District Telegraph,” addressed in full to me, was put into my hands. It was as follows:—”Messrs. Gabriel, dentists, 27, Harley-street, Cavendish-square. Until October Messrs. Gabriel’s professional attendance at 27, Harley-street, will be 10 till 5.” I have never had any dealings with Messrs. Gabriel, and beg to ask by what right do they disturb me by a telegram which is evidently simply the medium of advertisement? A word from you would, I feel sure, put a stop to this intolerable nuisance. I enclose the telegram, and am,  Your faithful servant, M.P.  Upper Grosvenor-street, May 30.
~ The Times Of London, 30 May 1864
Source: Stu Sjouwerman (@StuAllard) CEO KnowBe4 (@Knowbe4)

I think I’ve taken enough of your time with this post.  Please ask any questions or leave a comment below (not on the various social media sites this will be linked to). I will be happy to give any resources I have to help you be safe.

Thanks, and happy (and safe) interneting!!

 

Peace,
B

Twitter  FaceBook

Conference Time

Last week I had the great pleasure of attending the KnowBe4 conference in Orlando. (Official hashtag: #KB4Con18). This was without a doubt the best tech conference I have ever attended. Not only were there absolutely dynamic speakers, all attendees were treated to the best food!  I’m talking some of the healthiest stuff I have ever seen at any conference.

I’ve mentioned KnowBe4 before. This is the vendor we use at the city to train, test and generally harass our end-users (OK, maybe not harass). (KnowBe4 website) With just a small part of their product, I can train my co-workers on the latest ways the “bad guys” try to use social engineering to do well, bad stuff. I will admit that I enjoy sending out simulated phish emails. Why? Because it shows me where are weak links are. And this gives me the means to do targeted training to make our city network, and by association everyone’s home PC/Network, that much more secure. I don’t do it to shame someone or hold it over anyone’s head. Since I have been an instructor of some sort for very many years, I use this primarily as a training tool. But on to the conference itself.

Other than the hour plus, each way, drive on I4 (A.K.A. the devil’s highway), and being in Orlando (way too big and crazy for me), everything else went beautifully. The folks at KnowBe4 went above and beyond in this, their first ever conference.

The opening keynote speaker was Kevin Mitnick, or as he likes to call himself “The World’s Most Famous Hacker”, a title he lives up to. If you don’t know who he is, take a moment to read his Wikipedia page, even if it a bit light on his history. Kevin gave us many demonstrations of current hacks, all of which arrive via an inconspicuous email. And all of which are very nasty. But the one hack that scared me the most was when he showed how Google’s two-factor authentication (2FA) could be hacked. Google has always been one of the toughest to crack since they stay on the cutting edge of all technologies. As a big user of many Google services, this is troublesome.

MVIMG_20180517_182225.jpg

Me and Kevin Mitnick

The keynote speaker for the next day was Frank Abangale. I have to admit that I did not recognize his name. But once I heard his story I knew how he was. Here is his Wikipedia page for you to educate yourself. Frank is considered one of the foremost experts on imposters and forgery. Steven Spielberg made a movie “Catch Me If You Can” starring Leonardo DiCaprio as Frank and Tom Hanks as FBI Agent Carl Hanratty. I have not seen this movie, but I see it available on Amazon Prime so I will correct that error very soon. And if I caught his reference, he was also the inspiration for the TV show “White Collar”.  His family story and subsequent talk on how to keep safe with online financial sources was very eye-opening.

IMG_20180518_104922.jpg

Myself and Frank Abangale

Another fantastic speaker was Roger A. Grimes (he wants you to know he is not related to the Canadian political figure with the same name), the best-selling author of several tech books. KnowBe4 even included a copy of his “A Data-Driven Computer Security Defense” in the big ol’ backpack they gave every attendee. The big takeaway from his two talks was the point that you have to determine what your biggest exploitable problem is, and fix that first. Common sense, which as we all know, is always in short supply.

One thing that I really was happy to see was the inclusion of women speakers. KnowBe4 has several women in executive roles throughout the company, and that makes me very happy. Since I have two granddaughters, one of which is very interested in the sciences, I fully support women (and really anybody) in STEM (Science – Technology – Engineering – Mathematics). One of the first questions Wifey® asked me was if there were women presenters. I was so very happy to say yes!

There was one thing missing though. No vendor room. Every other conference I’ve been to there is always a room for vendors. Not only can one make some great contacts with products and services that one doesn’t know about, vendors always have cool swag (freebie gifts). I’ll have to check with my manager, but I think a conference is how we found out about KnowBe4. It may not have been in the vendor area, it may have been word of mouth from another attendee (word of mouth is ALWAYS the best advertisement).

Sorry, this is such a broad overview, but I could write about ten pages if I covered the entire 3 days. All I can say is “I’m ready for KB4Con19!”

Peace,
B

Twitter  FaceBook

DNA Testing – What Can You Learn?

So just what does a DNA test tell you about your heritage?  You may have seen the Ancestry DNA commercial that’s been all over (at least my) TV lately. I tried to find it on YouTube, but couldn’t. It shows a young woman who has discovered a long-lost relative using their DNA testing service. It even goes so far as to imply that she not only found this ancestors name but that he had blue eyes as she does.  All from a DNA test? Not likely. What it doesn’t tell you is that you need a lot of hard genealogy work to find these kinds of things out.

I have had my DNA tested by both Ancestry and Family Tree DNA. Surprisingly, the results were very similar. Both give my heritage as very “Scottish”.  As a member of the Campbell group on Family Tree DNA, I have found that my DNA just might POSSIBLY point to a Pictish lineage.  For those that don’t know who the Picts were, they are considered one the earliest inhabitants of Scotland. They are basically made up of the Celts that came across from what we would call Germany today, Vikings that come from the northern Scandinavian countries, and the people who came across from what we call Ireland and then north up to Scotland. This shows just how impossible it is to be of “pure stock”.

Bruce's ethnicity

As you can see, my results from Ancestry DNA show a varied makeup.

The image above somewhat supports the findings from Family Tree DNA. My main groups do point to the historical makeup of the ancient Picts. But, since the Picts did not leave any written records of us to study, we can’t be completely sure.

But what does it prove? In all honesty, it doesn’t “prove” a damn thing. Without some genealogy work, it will never tell you much.  I have done a bit of work at Ancestry chasing down my family tree. I have managed to solidly confirm the Campbell line back to the 1860’s or so. I just may have a lead going back to the 1780’s or so, but have not been able to confirm it. Ancestry does have very fine resources such as US and UK census records. How much access you get depends on how much you’re willing to pay.

Unfortunately, all the matches I’ve found through DNA testing have not been on the Campbell side. I did have one gentleman who matched my DNA (up to 37 markers) exactly. But he will not answer my emails to see how we are related.

I would like to call your attention to this page; “Two Lies And The Truth About DNA Testing”. The big take-away for me from this blog post was;

I want to stress that DNA Testing is of little value to anyone except yourself if you don’t do the genealogy research to back it up and share it.  A common complaint among testers is that the test result is wrong.  That’s probably a misunderstanding. Genetic testing is pretty reliable.  What isn’t so well-known is that people traveled, sometimes quite a lot, even back to ancient times. Our genes have been mixing through migrations, marriages, immigrations, wars, and conquests for as long as we have been here.  If you believe it to be wrong, prove it. But don’t forget to study up on world history first.

Source: http://blog.ancestorcloud.com/2017/05/19/two-lies-and-the-truth-about-dna-testing/ 

And from this blog;

Alva Noë explains at NPR:

Shakespeare’s kid probably had 50 percent of his DNA; his kid in turn, on average, a quarter, and so on. Within 10 generations, Shakespeare’s DNA has spread out and recombined so many times that it doesn’t even really make sense to speak of a match. Putting the same point the other way, each of us has so many ancestors that we have no choice but to share them with each other… The truth is, you have your history and your genes have theirs.

So basically, trying to say some famous person is related to you without doing the genealogy work, and only relying on a simple DNA test, is impossible.

I’m not telling you NOT to do DNA testing. I just want you to know that the test alone will not answer most of your questions. Wifey’s® results from Ancestry gave her what she wanted. She wasn’t looking for a long-lost relative. She only wanted to see the “mix” of her heritage. But no, I will not post her results. That would be TMI. Hell, I don’t even use her name on this blog, why would I give you her DNA makeup???

One more consideration. What happens to your DNA test results? Family Tree DNA does not share your results without your consent. Can’t say the same for most of the others.

In the end, ask yourself why you want to do the test. Is it for health reasons? Trying to fill out, or start, your family tree? Just curious (as was Wifey®)? For whatever reason, read the fine print before you do the test.

And remember, your results may very well vary between companies. Take your results with a grain (or maybe a shaker) of salt.

Peace,
B

Twitter  Facebook

PC Security, Again (or Is It Still?) UPDATED!

Before I get into Facebook and its current issues, I’d like to pass along a portion of an email I received today from KnowBe4.  KnowBe4 is the company I use at work to help test and train our users in email security. If you’d like read more about them click here.

I receive a “Scam Of The Week” email from KnowBe4 every week. Todays was very relevant, at least to me.  The headline is “Fiendishly Clever Gmail Phishing You Need To Know About”. If you’re not sure what a “phish” email is, to sum it up, it’s any email that impersonates someone else. A good example that I bet a lot of folks have received, is one from FedEx claiming that they need you to click on an attachment or follow a link because they couldn’t deliver a package.  The attachment or link is nothing but a malware-laden delivery tool. Either will infect your PC leaving you open to become a victim of a crypto tool (something that encrypts all the files on your PC, then the bad guys make you pay money, usually in bitcoin, to unlock your files. Most of the time they take your money and never decrypt your stuff). Or your PC becomes a “bot” under the control of the same bad guys, causing it do malicious acts without your knowledge.

Here is the quote from today’s scam;

“There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don’t fall for it.

Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.

Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it’s a very good idea to have 2-step verification set up on your Google account.”

So what about Facebook?  If you used an app called “My Digital Life”, you have not only allowed your information on Facebook, but you have also allowed anyone in your contact list to have a limited part of their data shared. Again without your knowledge.

This breach is so bad that Facebook founder Mark Zuckerberg is testifying in front of Congress as I type this. The impact of this event is that 87+ million people have had their information shared.

I cannot stress how important it is to NOT USE ANY FACEBOOK APPS this includes games. I would also strongly recommend that you DO NOT do any of the “surveys”, like What Animal Am I, or the ones that give you a list of months and days to make up a name of some kind. Just think what you just did if you responded to one of those. In the case of the ones that tell you to post your answer and you do, you just publically posted your birth date. So anyone watching these posts (and believe me, they do track this stuff) now not only knows your name but your birthday too. It would only take one or two more little pieces of information and next thing you know your identity has been compromised. It’s scary.

And as you can see at the bottom of this post, I use both Twitter and Facebook. I’m not saying you shouldn’t enjoy them.  Just be careful, please.

So, a few tips to make things a bit safer;

  • Do not click on any attachments or links in any email where you don’t know the sender or if there is no reason that they would be sending you an email of this type. Going back to my FedEx example above the email claimed the attachment was a shipping label you needed to open and print. So look at the reasoning. They can’t deliver a package to your location. So why do you need to print a shipping label? That would be the responsibility of the shipper, not the recipient.
  • Be suspicious of emails coming from known sources. It is very easy to spoof an email address. Just because a family member or a friend sends an email with an attachment or a link doesn’t mean it’s legit. Ask yourself “Self! Why would so and so be sending me an Excel spreadsheet?” Be wary my friends.
  • When on any social media (Facebook, Twitter, LinkedIn, etc..) be very careful of the information you post. The bad guys are monitoring all those sources very closely and will not hesitate to scrape any data they can get their grubby little paws on.
  • And make sure you have a good anti-virus and anti-malware program installed. And keep it updated. AND scan your PC on a regular basis.
  • Finally, NEVER, NEVER, EVER post information such as your phone number, your email address, or your home/work addresses on a public forum such as Facebook. You’re just inviting someone to steal your identity.

These exploits are not limited to Windows PCs (although since Windows has the biggest share of users in the world they get targeted the most). There are exploits for Mac/Apple (including iPhones/iPads/iPods), Android, Linux, you name it. Someone has written an exploit for that operating system.

If you have any questions about PC security, please leave a comment!

So let’s be careful and happy internetting! (Yeah I made that word up)

Peace,
B

EDIT:  This link came across my Twitter this morning. It will give you a tool to see if your data was “shared” in the Cambridge Analytica breach.  Click here for the link (you do need to be logged into your Facebook account for it to work).

 

Twitter  Facebook

Duuu.. Duuu.. Looking Out My Back Door (Or, Oh Hail!)

(With apologies to CCR)

So I have training in Orlando all this week. For the locals, that means I-4 both ways. Prayers and good wishes are accepted.

Today, the first day of spring we had a nasty storm come through. And as usually happens, it hits Orlando before it hits Daytona. So I’m in class and the storm moves through dropping about marble sized hail. But it clears by the time I get out of class. No problems the entire time on I-4.

But as soon as I get off the interstate it starts to rain. But I can deal with rain. I even managed to get home before it started racing hard. Then out of nowhere I hear what sounds like branches falling on the roof. It wasn’t branches, it was good sized hail.

Hard to see through the screen, but I wasn’t going out there!

Peace,

B

Scary Email Phish

(In case you are not aware of what a “phish” is, in broad terms, it is an email designed to make you click on a link, or open an infected attachment. Once the link is clicked or that infected attachment opened, your machine (and this works on Windows, Apple, and Linux) will become a “host” for a variety of nefarious activities.)

This information came from one of the vendors we use at the city, KnowBe4. We use the tools they provide to send simulated phishing attacks to all our employees. It’s one of the fun aspects of my job. Here is a very specific phish threat they sent a notice about. I felt it important enough to pass along.

I was alerted by a customer about a really difficult scenario that’s becoming all the more frequent. While there’s probably little that can be done in terms of tuning your spam filters and endpoint security tools, new-school security awareness training can make a difference. Here is the story:

“Over the past few months, we have been hit with increasing frequency with an attack that follows this 5-step pattern;

  • A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
  • They start by changing the password, so that the victim no longer has control.
  • They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
  • Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
  • The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.

Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”

What To Do About This Threat

Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.

However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?

If they did not, before the attachment is opened, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent . There is little else that can be done.

Yes, that is a little more work. But also, better safe than sorry. You have to constantly work on and reinforce your security culture, anywhere in the world.

As you can see, this is very scary. Especially in a corporate environment. The biggest thing to take away from this is if you get an email with an attachment THAT YOU DIDN’T REQUEST, DO NOT OPEN THE ATTACHMENT! This holds true even if you recognize the sender. The sender field on an email can be spoofed very easily.

So, as I’ve said before, keep your antivirus/antimalware up-to-date, and scan your machine on a regular basis. One of the catchphrases of KnowBe4 is “Think Before You Click”. Wise words to live by.

Happy and safe interneting my friends.

Peace,
B

Twitter  Facebook