The TV That Observes You

Imagine that you can talk to your TV and it response to your commands. The technology has finally arrived at a store near you. Samsung's SmartTV uses voice recognition technology to enable voice commands.  No more hand remote! Amazing!

Not so amazing is the caveat that comes with the technology.  It is better described as disturbing.  Buried in Samsung's privacy policy, is a disclosure that reads, "if your spoken words include personal or other sensitive information, that information will be captured and transmitted to a third party."  Notice the phrasing is NOT "could be" or "accidentally".  Rather it clearly states "will be captured and transmitted". 

Just when you finished covering your webcam to protect your privacy from hackers accessing your laptop camera, now you need to deal with your TV snooping on you as well.  At least someone has to hack into your laptop.  Not so with the Samsung SmartTV.  The spyware is already embedded and will be capturing and transmitting your spoken words to a "third party".

Expect more of the same to come with the "Internet of Things".

Ten Essential Smartphone Security Practices

Be Smart with Securing Your Smartphone

Today, there are more mobile phones than there are laptop and desktop computers.  Our smartphone is like a mini-computer.  We don't just make phone calls anymore.  We surf the internet, check our email, text messages, take pictures, make videos, check Facebook, and much more.  This treasure trove of personal as well as business information is a lucrative temptation for a cyber criminal or data broker.   If you don't want to have your emails, Facebook postings, text messages, and the like pilfered for someone else's profit or potentially used in an exploitive way, then you need to start being smart when it comes to securing your mobile phone.  Below are ten essential security practices you should follow.

Smartphone Security and Privacy Tips

1. Use a password on your phone to prevent unauthorized access.
2. Configure your smartphone to auto-lock when not in use.  Your password won't provide protection unless your device is locked.
3. Turn off Wi-Fi or Bluetooth when not in use.  Alternatively, place your device in "Airplane" mode. These platforms are essentially open connections to your phone; so if you don’t need to use them, turn them off.
4. Turn off auto-connect to Wi-Fi networks. There are a lot of unsecured Wi-Fi networks out there, and your phone can automatically connect to any Wi-Fi network that is in range. Only connect to trusted networks.
5. Download apps from only trusted sources such as the Apple Store or Google Play store.
6. Check app permissions individually to be aware of what data apps are accessing on your phone.
7. Perform regular software updates on all apps and your phone’s OS. This patches possible security vulnerabilities (aka backdoors) that can give hackers access to your phone.
8. Do regular backups of your phone. This will prove helpful in the event that your device gets lost or stolen.
9. If your device happens to get lost or stolen, make sure you have software that allows you to remotely lock, and if necessary, wipe the data from your phone.
10. Install mobile security software on your phone as an extra layer of security.

Why Net Neutrality is a Victory for Small Businesses

As a small business owner you are now free to set up an outrageously successful website without having to cough up extra money to your Internet Service Provider that would add no additional value to your service.   

Net Neutrality is the concept of keeping the Internet a level playing field with no "fast lane" or "slow lane" treatment to some kinds of traffic.  Large Internet Service Providers (ISPs) wanted to insert a "Middle-Man" service, that would stand in between the consumer and a Cloud provider such as NetFlix.  Currently, a user visits a website of their choice with no such Middle-Man obstruction.  Large ISPs wanted to implement another means to make money by charging a toll charge for website access.  There was no functional reason for this toll charge.  The Internet is working just fine.  Stopping short of censorship, the ISP could make access to a website so slow the result would be in users going elsewhere.  Eventually, the website host would have to pony up the extra money.  

It was no surprise there was widespread support for Net Neutrality as demonstrated by 99 percent of the 1.1 million comments on "Net Neutrality" submitted to the Federal Communications Commission were in favor of it, according to analysis by the Sunlight Foundation.

Steve Wozniak, co-founder of Apple Inc., explains why he favored Net Neutrality and why he thinks it is a victory for consumers. 

http://www.bloomberg.com/news/videos/2015-02-26/wozniak-this-is-a-victory-for-the-consumers

Antivirus Is Dead, What Do I Do Now?

Brian Dye, senior vice-president for information security at Symantec, has declared antivirus as “dead”. With a detection rate of only 45%, you can’t rely on antivirus to protect your computer from malware infections. Now what?

Being careful with opening email attachments and what websites you visit is important but doesn’t mean you will never be fooled. If you have ever watched a magician perform a trick and couldn’t figure out immediately how that trick was performed, then you are capable of being fooled. Experienced cyber criminals are experts at scamming and the art of illusion. Besides, most people use Facebook and other social media sites which have become a popular attack approach. Cyber criminals have enjoyed a 70% success rate with malware spread through social media.

If you assume your computer will crash or will suddenly experience performance issues, and that is how you will know you’ve been hacked, think again. Cyber criminals will NOT crash your computer. That would defeat their purpose. Their aim is to infiltrate your computer to pilfer data. After their done they will use your computer to cover their tracks so their attacks on other computers will appear to originate from your computer. Besides, even if your computer performance takes a dump, how are you going to remove the infection if the antivirus or similar detection tool can’t find the source of the infection?

Obviously, a new approach to computer protection is required. First, would be an operating environment that is impervious to infections. One approach would be to change you operating system to Linux. Millions of malware infections are roaming around on the Internet designed for Windows. There are fewer malware infections designed for a Mac. Still the number of malware designed for a Mac is close to one million. Linux on the other hand has had less than 100 malware designed to attack it. Part of the reason is due to Linux lack of use along and the numerous different versions. Linux has had a reputation of being difficult to learn and use. However, there is a new version that has been designed for Windows users called Zorin. Even so, you may still find learning a new operating system to much of a challenge.

A new technology known as virtualization may provide an approach that has promise. The technology isolates an application from the rest of the operating system. It can also isolate and entire operating system environment. The benefit is that whatever happens in that isolated environment stays in that environment and won’t affect the rest of your computer. An example of software that uses application virtualization is Sandboxie. If you open your browser (Internet Explorer, Firefox, Chrome, etc) within Sandboxie, and if you go to a website that has malware, the malware will be isolated in the Sandboxie environment and will not infect your computer. Sandboxie can be configured to erase all activity in a session so that you can start with a clean slate each time you open a program. That means any malware will not only be isolated, but at the end of the session will be erased. This technology is still relatively new and still needs some work in the area of usability for the average user. But, power users should have no problem installing it and using it.

I will have more suggestions in future blogs, so stay tuned.

Check out…

Sandboxie

http://www.sandboxie.com/

Zorin 

http://zorin-os.com/

If Antivirus Is Dead, How Do I Know If I've Been Hacked

Antivirus “is dead”, declared Brian Dye senior vice-president of information security at Symantec. Industry experts agree that antivirus protection is only 45% effective in detecting malware. If you have been relying on antivirus protection as your only approach to protecting your computer from intruders, then you might sleep less comfortably at night.

So, if you go to a website, open an email attachment, or download a file where there is malware present, there is a 55% chance your computer will become infected without you knowing about it. If you can’t rely on antivirus protection to detect an infection, how will you know if you’ve been hacked?

Chances are you won’t know you’ve been hacked. Most people assume that their computer will crash or will suddenly experience performance issues. That assumption is a myth. Cyber criminals will NOT crash your computer. That would defeat their purpose. Their aim is to infiltrate your computer to pilfer data. After their done they will use your computer to cover their tracks so their attacks on other computers will appear to originate from your computer. They may also add your computer to their network on infected computers. That network is referred to as a “botnet” and your computer is referred to a “zombie”. With a network of hundreds of thousands and even millions of computers, hackers have the power to launch attacks on networks and websites that can render them inoperable. There is absolutely ZERO benefit to the cyber criminal in crashing your computer.

If you think that being careful with opening email attachments and what websites you visit will protect you, think again. Most people use Facebook and other social media sites. According to industry experts the use of social media to spread malware has become ubiquitous. Cyber criminals have enjoyed a 70% success rate with malware spread through social media.

What can you do besides throw your arms in the air in frustration yelling “why little ol’ me!”. Or, resigning yourself to constant surveillance and saying to yourself “I have nothing to hide” in order to feel less uncomfortable. Obviously, a new approach to securing your computer is sorely needed. There are solutions that I will cover in future blogs. So, stay tuned.

Symantec Exec Declares Antivirus is Dead

 

Antivirus detects only 45% of all attacks which renders the widely used protection ineffective according to industry experts. Brian Dye, senior vice-president for information security at Symantec, has declared antivirus as “dead”. This comes from a company that has been a leading innovator of antivirus products since the 1980s.

Cyber criminals and hackers have simply outsmarted the developers at antivirus companies. At first the industry approach was detect and then protect. That method worked when the amount of malware and viruses being produced was relatively low. Once the amount of malware created per year reached the level of millions of variants the “detect and protect” approach became impractical. At that time a quasi-artificial intelligence called “heuristic detection” was developed. Heuristics worked for the 1990s and early 2000s. But, the bad guys found a way to bypass the heuristic detection. Hackers now use a method called “cypting” that renders malware undetectable to antivirus software and malware tools.

Brian Krebs, a computer security reporter describes this “crypting” method, “Put simply, a crypting service takes the bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today – to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And, it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.”

The cyber criminals and hackers call this kind of malware “full un-detectable” or “FUD” for short. This is the reason antivirus is now only 45% effective. So, if you have been depending on antivirus as your sole means of protecting your computers you are in for a rude awakening. And, if you have felt safe because your computer hasn’t crashed, you are even in for a bigger rude awakening. Professional cyber criminals and hackers will NOT crash your computer. That would defeat their purpose of pilfering your data and using your computer to cover their tracks when attacking other computers.  There is absolutely NO benefit to the cyber criminal to crash your computer.   They may encrypt your data and blackmail your into paying a ransom to get your data back, but they won't crash your computer. 

In future blogs I will discuss alternatives to antivirus protection that is more effective.  Stay tuned.  

Is Your Data Protection Stuck in the 1990s?

Let's be honest.  Business computing can be complex, confusing, and frustrating for the average small business owner.  Is it any wonder why most small business owners want simplicity when it comes to the securing of their business data.  Back in the 90's all one had to do was install a virus protection software that included a firewall and you were done.  Simple.

I hate to burst you bubble, but we are not in the 90's anymore.  Hackers, cybercriminals, and other techno freaks have punched so many holes into virus protection that it has rendered it as a mere annoyance. Cyber criminals have developed numerous end around approaches so they can get past the virus protection and firewalls.  Bottom line is one solution or one protection is no longer enough.  Simplicity gone, sorry.

Remember this Rule: If you make it simple for you, you make it simple for the hacker.

Is Your Business System Protection Stuck in the 90s?  If you answer NO to any of these questions...your stuck in the 90s...

Password Protect Data

• Do you create strong passwords with at least eight characters, mixing in symbols, numbers and uppercase and lowercase letters.
• Do you create unique login information for each of your online accounts.
• Do you change passwords regularly.
• Do you make it a policy to never share your account login information.
• Do you use two-factor authentication processes when they're offered. These require users to sign in with a username and password plus a verification code that's typically sent via text message or displayed through an application on your device.
• Do keep track of passwords with a password manager NOT and excel spreadsheet? (Available as a desktop program or as an app, this tool stores passwords locally and securely, and some even generate unique passwords for you.)

Practice Safe Web Surfing and Cloud Computing

• Do you always back up the data you store in the cloud to a local computer or hard drive?
• Do you update your operating system and/or web browser often to take advantage of security patches and updates.
• Do you invest in anti-virus and malware programs. Do you keep these updated as well.
• If possible, do you customize privacy settings so you control who can view your information and what information they have access to.
• Do you restrict the amount of information you share online. Do you protect sensitive information by keeping it in a separate location with access restrictions.
• Do you avoid directing all password recovery messages to a single address—a practice known as "daisy-chaining." A hacker who gets hold of your email login could gain access to all of your accounts.