Jim’s Blog

Password Check

You’ve heard it before. Don’t use the same password on multiple sites. Don’t write it down and leave it beside your computer. Make it strong.

How secure is your password? How long would it take to crack it?animated-clock-image-0025

Days? Weeks? Centuries? Or seconds?

You can check a password for strength and security. Two good tools for this are

So once you have a good strong password, How do you remember it? And how do you remember two or three complex passwords, let alone dozens for all the different sites you log into?

You don’t. This is where a password manager comes to the rescue. It will remember all of your passwords for you. You only need remember one, the one that logs you into the password manager.Kaspersky Total Security

There are lots of choices some free, some paid. If you are using Kaspersky Total Security a password manager is included.

Another I am familiar with is Roboform. This can be used with multiple devices using Roboform Everywhere. It stores your passwords on their server and allows you to use your passwords on a computer tablet or phone.

Worried about using “the cloud”?

Read about the benefits and the risks in this article from Malwarebytes Labs.

There are a variety of free password managers as well with different features available. Some work with one device only and others sync across all your devices. They also have paid versions with extra features.Antispy

Here are just a few of the many choices. See which options work for you.

If your computer security and personal identity are important, and I’m sure they are, consider using tough passwords and using a password manager.

Keep the bad guys out.

Your peace of mind and privacy are worth it.

Ouch! Newsletter – I’m Hacked Now What?

Excerpt from Ouch! newsletter, April 2016Ouch I'm hacked now what

“Overview

We know you care about protecting your computer .and mobile devices and take steps to secure them ,However, no matter how securely you use technology you may eventually be hacked or “compromised.” In this newsletter, you will learn how to determine if your ,computer or mobile device has been hacked and, if so what you can do about it. Ultimately, the quicker you ,detect something is wrong and the faster you respond .the more likely you can reduce the harm a cyber attacker can can cause.”

Read the full article

 


OUCH – I’m Hacked, Now What? April 2016

Undeliverable Items in Your Mailbox?

Undeliverable
Fake returned message

Why was it marked Undeliverable?

  • You typed in the address wrong
  • the email address has been deleted
  • the person’s mailbox is full
  • their server is down

When you get it returned to you marked “Undeliverable”, it will have a long set of details from the “postmaster” on the server. You will need to check the address or wait for the person to make some space in their mailbox.

However, this is being used to send spam and phishing emails.

The images here are of an email I received that I supposedly sent and has been returned.

Why this is fake!

  • The postmaster address is fake. I checked and the website doesn’t exist.Undeliverable2
  • I didn’t send anything to redwingshoes.onmicrosoft.com or vasque.com
  • It has weird attachment names – What in the world is “anticommunist definability mulch”? I probably don’t want to know.
  • It is full of useless information about how to fix the problem.
  • They simply want you to either reply or click on the attachments.

DON’T DO IT.

 

 

What to do.

Delete the message. Then remove it from your deleted folder if possible.

Undeliverable1

Don’t

  • Open any attachments.
  • Click to download images if they have been blocked.
  • Reply to the message.
  • Send an email to anyone in the message.
  • Forward to anyone.

Email safety

Check out these links regarding safe and secure email practices.

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201407_en.pdf

https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201302_en.pdf

 

View the full text version of the email I received: Undeliverable text version

 

Your bank is calling?? Phishing email

Here is another phishing email I received. It said it was from my bank.Zip file phishing email

How do I know it wasn’t genuine? What are the red flags for this?

  1. I don’t do business with this bank.
  2. I wasn’t expecting a file. Usually the sender will have communicated with the recipient about the file before sending.
  3. The email address for the sender does not appear to be a valid bank address.
  4. The email is not addressed to you. Sometimes the email address will be similar to yours and your email server has sent it to you since it is so close.
  5. There is a zip file. Zip files can be used to sent a group of files together to save loading many individual files. They are also used to hide known file types or suspicious files. Although a zip file can be valid, your bank does not do business this way. They would simply send some information in the body of the email and suggest that you log into your account in your usual way. They seldom provide live links to their website.
  6. If there is a link in the email, hover over (DO NOT CLICK) the link and you will likely see some website totally unrelated to the bank.
  7. I often receive a number of these emails in the same day, with different names, but all using the same subject line with the same “file” for me to look at.

What to do if you receive an email like this.

  1. DON’T CLICK ON ANY LINKS IN THE EMAIL. This includes any pictures, files or any other attachments. Your email program may block these by default.
  2. Verify whether you know the sender. If you do, but you still suspect phishing, open a NEW email and ask the sender if they sent the email with the attachment. If they didn’t it’s quite likely THEIR email account has been hacked.
  3. Delete the email. You can also go to your trash or deleted items folder and permanently delete it for an extra measure of safety.
  4. Keep aware that the “phishers” are quite sly and will keep on trying to dupe you into opening their garbage. When in doubt don’t open, and contact someone you trust who can advise you.
  5. If you are suspicious, just don’t open it. Don’t be fooled by logos or slogans from valid companies since these can be used by spammers as well.
  6. Keep your virus and anti-spam software up to date. Make sure you have email scanning enabled in your software. Most internet security software enables this by default.
  7. Stay safe and have a great day.

 

Dropbox?? Phishing email

Here is another phishing email I received. It said it was from an individual Dropbox account.

How do I know it wasn’t genuine? What are the red flags for this?

  1. I don’t recognize the sender.
  2. I wasn’t expecting a file. Usually the sender will have communicated with the recipient about the file before sending.
  3. The email address for the sender is not as would come from Dropbox. When I send a file to someone the email from address is: James via Dropbox <no-reply@dropboxmail.com>
  4. The email is not addressed to you. Sometimes the email address will be similar to yours and your email server has sent it to you since it is so close.
  5. When I hover over (DON’T CLICK) on the link “Click here to view”, the link should look something like this. “https://www.dropbox.com/s/67zpxup9mrhut5t/IMG_0121.JPG?dl=0” Notice the difference in the image.  The link doesn’t even contain Dropbox.
  6. I received a number of supposed Dropbox shares in the same day, with different names, but all using the same subject line with the same “file” for me to look at. I actually received the same email 4 times in half and hour.

What to do if you receive an email like this.

  1. DON’T CLICK ON ANY LINKS IN THE EMAIL. This includes any pictures or files. Your email program may block these by default.
  2. Verify whether you know the sender. If you do, but you still suspect phishing, open a NEW email and ask the sender if they sent the email with the attachment. If they didn’t it’s quite likely THEIR email account has been hacked.
  3. Delete the email. You can also go to your trash or deleted items folder and permanently delete it for an extra measure of safety.
  4. Keep aware that the “phishers” are quite sly and will keep on trying to dupe you into opening their garbage. When in doubt don’t open, and contact someone you trust who can advise you.
  5. If you are suspicious, just don’t open it. Don’t be fooled by logos or slogans from valid companies since thes can be used by spammers as well.
  6. Keep your virus and anti-spam software up to date. Make sure you have email scanning enabled in your software. Most internet security software enables this by default.
  7. Stay safe and have a great day.

 

Another Flash Player Update – Get It Now!

You might be one of the 1.3 billion users of Adobe Flash Player. If so are you up to date?

Another Flash Player update was just released, the 20th in the past year. This one fixes a flaw that is already being exploited, and you could be next.

So if you have Adobe Flash Player you need to keep it up to date.

Do I have Adobe Flash Player?

Likely you do. Here’s how to check. Open your browser and go to https://helpx.adobe.com/flash-player.html

If you open in Chrome you will get this:Flash Player Update

As you can see Flash Player is installed in Google Chrome (by default). As of this writing the Flash Version is up to date, 16.0.0.305.

Flash Player Update

If it is not up to date you can go to Customize and Control Google Chrome in the upper right hand corner, and click About Google Chrome. As it opens it will check for updates and let you know if you need to update.

Learn more about updating Google Chrome here.

Although you can’t remove Flash Player from Google Chrome, you can disable it.

Simply enter chrome://plugins/ in the address bar and scroll down to Adobe Flash Player and disable it.

This makes it easy to reverse if you need to use it later.

For Internet Explorer in Windows 8/8.1 go to Flash Player Updatethe settings gear in the upper right hand corner and click Manage Addons.

Click on Show >All Addons.

Find Shockwave Flash Object and disable.

Flash Player Update

In Windows 7 and earlier you can disable Flash Player as above or remove it completely. The best way is to use the uninstaller. It and instructions can be found here.

If you don’t need it at least disable it and if you do need it make sure it is up to date. Either set it up for automatic updates, or at least heed the prompt when it tells you of a new version.

 

 

Password Managers – Why you should use one.

[mwm-aal-display]

How many passwords?Password Managers make logging in easier and more secure.

How many passwords do you have?

You might not remember how many, let alone what they are.

We tend to be lazy with passwords, making them simple and easy to remember, and often using the same one for multiple sites.

Why do we do it? Because it’s easier!!

Continue reading Password Managers – Why you should use one.

Windows 10 Technical Preview

Windows 10 Technical Preview –  If you hate 8, you’ll yen for 10.

I set out on the adventure of installing the preview version of Windows 10, referred to as Windows 10 Technical Preview. The preview version allows me to work with Windows 10, and provide feedback on what I experience.

In this series I will share my experiences and observations. Continue reading Windows 10 Technical Preview