Internet

The Joys Of Internet Browsing

Over the last few days, I have been noticing an increase in posts on social media complaining about how this or that website isn’t working like it’s supposed to. If you’ve spent more than ten minutes on the web this is something we’ve all experienced (you do realize that the “www” part of a website address stands for World Wide Wait, right?).

First, let’s get some terms explained so everyone will understand.

  • URL – Uniform Resource Locator. This is what you see in the address bar of your browser. Such as “https://facebook.com”.
  • Internet Browser – There are many to choose from. Most Micro$oft Windows PCs will have Internet Explorer (also called IE), or the new (and terrible) Edge. Apple (MAC) machines come with Safari. Others include Firefox and Google’s Chrome. There are other browsers as well, that those are the bigger players.
  • Internet Cache – Also called Browsing History. When you visit a website, small portions of the site are kept on your local computer. This helps speed up subsequent visits to that website. For example, if you visit a certain website on a regular basis, let’s say Google, a copy of the Google logo may be stored on your PC so you don’t have to download it every time you visit. This was very helpful back in days of dial-up internet connections.
  • Cookies – Small pieces of information stored locally to help (but not always) with various aspects of web browsing. An example would be settings for the way you prefer to see news items. Some websites allow you to customize what you see when you get to their page. Amazon does this. Even though I do not have my password saved on my PC for Amazon, when I open the site it still has my name and preferences stored. But to purchase anything, I have to enter my password. So cookies can be good. But just like real cookies can hurt you (see expanding waistline in the dictionary), not all cookies are helpful. Some track your browsing history, allowing for targeted ads to appear on other websites.  Ever search for a product then see ads for that product (or competitors similar item) on another site? That’s tracking cookies at work.

In my 20+ years of IT experience, I have found that 75% or so of all “the webpage won’t load” or “why can’t I see this part of the webpage” problems are not the fault of the website itself, your internet provider, or the fact the Mercury is in retrograde. It’s almost always something corrupt in your cache.

So what to do?  Well, if you’re using a Windows PC the very first thing you should whenever there is something wonky (very technical term) happens, is reboot the PC. In reality, Windows PCs should be rebooted about once a week. Rebooting a Windows PC fixes a great many problems. And they really should be wiped cleaned and reinstalled yearly. But that’s another post. Mac and Linux users usually don’t have that problem.

If the problem is internet related, then you should clear your cache, or browsing history. I won’t go into details on how to do that. There are way too many variables for me to cover, and I can’t be responsible if you make a mistake and instead launch nuclear missiles. Hey, stranger things have happened.

Follow this link to Lifewire for some basic instructions. They have better lawyers, you know, just in case those missiles start flying.

If that doesn’t seem to help try this. A wonderful site Down For Everyone Or Just Me? has a great tool to see if an internet site is truly down. Just enter the website (i.e. google.com) and hit the big blue “or just me?” and it’ll tell you if the site is hosed.  Quick question; you do know that words that are (usually) blue and underlined are clickable? And they’ll take you to another webpage? Right? Just making sure…

All these tips will work no matter what kind of PC you’re using.  Folks on mobile devices (phones or tablets) may have different steps to take.  Google whatever Operating System your mobile device is running (only two big choices here – IOS for iPhones and such, or Android for damn near everything else) and your browser. It would be something like “clear cache IOS # Safari” or “clear cache Android # Chrome”. The “#”‘s stand for the version of your Operating System. If you’re not sure which version you’re running, you’ll have to Google that too.  We’d be here until the stars burn out going over all the different versions.

I hope this helps you in some small way. But I’m sure, like all tech notes, it’ll just leave you with more questions.  So feel free to ask questions in the comments below. It does require you to enter your email address, but I don’t keep track of any of that. It will write a cookie (remember those?) to your device so that it will remember you if and when you come back. You will come back, right? Please?  Of course, you can leave comments and questions on my social media, but I prefer you ask or comment here.  Links are below.

Peace,
B

Twitter  FaceBook

P.S. The jury is still out on whether or not Mercury being in retrograde effects internet traffic.

Apologies

Seems the Russian Cialis bots have found this blog. To the tune of about 500 spam comments over the last week or so. Luckily the WordPress hosts blocked them all. But it has taken me about 3 days to adjust settings and clear them all out. But I didn’t want any of readers to inadvertently click on a link in a bogus comment and infect their PC/Smart Phone/what have you.

So if you left a comment in the last week or so, and it’s not posted, sorry, it probably got caught up in the mass deletions I’ve had to do.  Please repost your comment if you desire.

In the meantime, here’s a wonderful video for you to enjoy!

Peace,
B

Twitter  FaceBook

PC Security, Again (or Is It Still?) UPDATED!

Before I get into Facebook and its current issues, I’d like to pass along a portion of an email I received today from KnowBe4.  KnowBe4 is the company I use at work to help test and train our users in email security. If you’d like read more about them click here.

I receive a “Scam Of The Week” email from KnowBe4 every week. Todays was very relevant, at least to me.  The headline is “Fiendishly Clever Gmail Phishing You Need To Know About”. If you’re not sure what a “phish” email is, to sum it up, it’s any email that impersonates someone else. A good example that I bet a lot of folks have received, is one from FedEx claiming that they need you to click on an attachment or follow a link because they couldn’t deliver a package.  The attachment or link is nothing but a malware-laden delivery tool. Either will infect your PC leaving you open to become a victim of a crypto tool (something that encrypts all the files on your PC, then the bad guys make you pay money, usually in bitcoin, to unlock your files. Most of the time they take your money and never decrypt your stuff). Or your PC becomes a “bot” under the control of the same bad guys, causing it do malicious acts without your knowledge.

Here is the quote from today’s scam;

“There is a new scam where hackers send you a text that asks you about a password reset on your Gmail account, and if you did not, text STOP. This is a scam. The bad guys asked for that password reset and now want you to send them the authorization code! Don’t fall for it.

Remember that Gmail or any other web email service will never ask if you *don’t* want to do something with your account. You didn’t ask for a password reset, so you shouldn’t be asked about one.

Do not reply to the text (doing so will tell the scammers that they have reached a valid number). And to prevent losing your account to bad guys, it’s a very good idea to have 2-step verification set up on your Google account.”

So what about Facebook?  If you used an app called “My Digital Life”, you have not only allowed your information on Facebook, but you have also allowed anyone in your contact list to have a limited part of their data shared. Again without your knowledge.

This breach is so bad that Facebook founder Mark Zuckerberg is testifying in front of Congress as I type this. The impact of this event is that 87+ million people have had their information shared.

I cannot stress how important it is to NOT USE ANY FACEBOOK APPS this includes games. I would also strongly recommend that you DO NOT do any of the “surveys”, like What Animal Am I, or the ones that give you a list of months and days to make up a name of some kind. Just think what you just did if you responded to one of those. In the case of the ones that tell you to post your answer and you do, you just publically posted your birth date. So anyone watching these posts (and believe me, they do track this stuff) now not only knows your name but your birthday too. It would only take one or two more little pieces of information and next thing you know your identity has been compromised. It’s scary.

And as you can see at the bottom of this post, I use both Twitter and Facebook. I’m not saying you shouldn’t enjoy them.  Just be careful, please.

So, a few tips to make things a bit safer;

  • Do not click on any attachments or links in any email where you don’t know the sender or if there is no reason that they would be sending you an email of this type. Going back to my FedEx example above the email claimed the attachment was a shipping label you needed to open and print. So look at the reasoning. They can’t deliver a package to your location. So why do you need to print a shipping label? That would be the responsibility of the shipper, not the recipient.
  • Be suspicious of emails coming from known sources. It is very easy to spoof an email address. Just because a family member or a friend sends an email with an attachment or a link doesn’t mean it’s legit. Ask yourself “Self! Why would so and so be sending me an Excel spreadsheet?” Be wary my friends.
  • When on any social media (Facebook, Twitter, LinkedIn, etc..) be very careful of the information you post. The bad guys are monitoring all those sources very closely and will not hesitate to scrape any data they can get their grubby little paws on.
  • And make sure you have a good anti-virus and anti-malware program installed. And keep it updated. AND scan your PC on a regular basis.
  • Finally, NEVER, NEVER, EVER post information such as your phone number, your email address, or your home/work addresses on a public forum such as Facebook. You’re just inviting someone to steal your identity.

These exploits are not limited to Windows PCs (although since Windows has the biggest share of users in the world they get targeted the most). There are exploits for Mac/Apple (including iPhones/iPads/iPods), Android, Linux, you name it. Someone has written an exploit for that operating system.

If you have any questions about PC security, please leave a comment!

So let’s be careful and happy internetting! (Yeah I made that word up)

Peace,
B

EDIT:  This link came across my Twitter this morning. It will give you a tool to see if your data was “shared” in the Cambridge Analytica breach.  Click here for the link (you do need to be logged into your Facebook account for it to work).

 

Twitter  Facebook

Scary Email Phish

(In case you are not aware of what a “phish” is, in broad terms, it is an email designed to make you click on a link, or open an infected attachment. Once the link is clicked or that infected attachment opened, your machine (and this works on Windows, Apple, and Linux) will become a “host” for a variety of nefarious activities.)

This information came from one of the vendors we use at the city, KnowBe4. We use the tools they provide to send simulated phishing attacks to all our employees. It’s one of the fun aspects of my job. Here is a very specific phish threat they sent a notice about. I felt it important enough to pass along.

I was alerted by a customer about a really difficult scenario that’s becoming all the more frequent. While there’s probably little that can be done in terms of tuning your spam filters and endpoint security tools, new-school security awareness training can make a difference. Here is the story:

“Over the past few months, we have been hit with increasing frequency with an attack that follows this 5-step pattern;

  • A known vendor or customer falls victim to a phishing attack. Their email credentials are compromised, and the “bad guy” gets access to their email account.
  • They start by changing the password, so that the victim no longer has control.
  • They then comb through past email correspondence, and using the victim’s account, signature, and logo, send out targeted emails crafted to closely resemble legit correspondence they have had with our company in the past.
  • Depending on the “bad guy’s” dedication to his craft, these could be fairly generic, or extremely specific. We’ve received one with an inquiry that referenced a specific real invoice # for that individual.
  • The email always includes a spreadsheet or PDF. The name can be generic, or can be really specific. We’ve received one titled with a specific real invoice # for that individual.

Because these emails are coming from a real email account for a real business partner, they are very hard to identify, and in some cases they are literally impossible to detect, as they are carefully crafted copies of past legitimate emails. Naturally, there are a few that cast a wide net, so they are more generic and often contain corrupted grammar or spelling, but others are indistinguishable from real emails.”

What To Do About This Threat

Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.

However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?

If they did not, before the attachment is opened, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent . There is little else that can be done.

Yes, that is a little more work. But also, better safe than sorry. You have to constantly work on and reinforce your security culture, anywhere in the world.

As you can see, this is very scary. Especially in a corporate environment. The biggest thing to take away from this is if you get an email with an attachment THAT YOU DIDN’T REQUEST, DO NOT OPEN THE ATTACHMENT! This holds true even if you recognize the sender. The sender field on an email can be spoofed very easily.

So, as I’ve said before, keep your antivirus/antimalware up-to-date, and scan your machine on a regular basis. One of the catchphrases of KnowBe4 is “Think Before You Click”. Wise words to live by.

Happy and safe interneting my friends.

Peace,
B

Twitter  Facebook