February was another bad month for data breaches. The number of healthcare-related breaches I found this month surprised me. We entrust so much data with our doctors and healthcare providers. However, when they can’t protect this data it scares me. Here are the data breaches you should be aware of for February 2019. You can see a listing of all the monthly data breach reports here.
Towards the beginning of February, a hacker put up massive data breaches online for sale. This hacker has stated that he or she has the account information for 620 million accounts. These accounts come from 16 or more popular websites. So far the hacker has put up for sale account data from the following websites:
Some of these sites have already confirmed that their data was stolen. For Example, in my January 2019 breach report, I told you about the Houzz data breach. Others of these sites are already resetting users’ passwords as a precaution. If you have an account with any of these sites, you should go ahead and reset your password immediately.
The following companies have acknowledged the breach and have provided some recommendations:
Taco Bueno is a small Mexican restaurant chain that looks to be mainly in the state of Texas. They announced that some of their locations had become infected with a Point of Sale virus. In some locations, this virus was able to copy credit card information off of the cash registers. As a result, if you ate at one of the affected locations and used a credit card to pay, that credit card may have been stolen.
I always recommend that you pay careful attention to charges on your credit cards. If you notice something that you did not authorize call your bank or credit card provider immediately. In most
The University of Connecticut (UConn) announced this month that their employee email system had been hacked. According to them, hackers were able to get in to the employee email system and access some pretty sensitive information. They reported that some patients names, dates of birth, address, and limited health information. According to their press release, limited health information is billing and appointment information. But, they also mentioned that some patients had their Social Security Numbers leaked.
UConn has stated that they are sending out letters to anyone that might have been affected. Therefore, if you are a patient at UConn, you should be extra vigilant about identity theft. Check your credit reports and immediately contact the credit bureau if you believe that your identity has been stolen.
The Kentucky Counseling Center had a particularly interesting incident in the month of February. A staff member took a list of patients without authorization and sent it to a former staff member. This file was sent using an anonymous file sharing service, which makes this breach interesting. The Counseling Center says they don’t believe that the person who sent the file was trying to harm the people on the list. However, the intent of the person really doesn’t matter, they still used an anonymous file-sharing site to post up a very sensitive file.
According to their release, the file that was sent included names, addresses, dates of birth, email addresses, phone numbers, sex of the patients, Social Security Numbers, marital status, and insurance information. While all of this information is incredibly sensitive, the Kentucky Counseling Center made sure to note that no clinical information was leaked.
If you are a patient at the Kentucky Counseling Center, make sure to pay more attention to your credit report. You are at a higher risk for identity theft because of this breach. If you do identify odd items on your credit report, immediately notify the credit bureau of potential identity theft.
In January, a private security researcher discovered a database that was open to the internet. In that database were tens of thousands of documents. After this researcher analyzed a few of those documents, he found that they were sensitive loan documents. These documents were from many different loan companies including Wells Fargo and CitiGroup. The documents included customers names, addresses, phone numbers, credit histories, and social security numbers.
It’s disappointing when we see bank documents in the news. The data in these documents could be used to steal people’s identities, open credit cards in their names, and even apply for loans. This is the kind of data that really needs to be protected by the companies we trust it with. The banks that housed their data in this database have taken it offline and are reaching out to affected customers. If you believe that you might have been caught up in this breach, you should watch your credit report carefully. If you notice something that isn’t right, contact the credit bureau immediately.
As always, the breach reports can be scary. However, they are not designed to make you want to live in the woods. I just hope that you take the information I provide here and realize what threats are out on the internet. If you are caught up in any of these breaches, don’t panic. I try to make my recommendations easy to understand and implement. If you are caught up in any of these and have questions, leave a comment below.
Over the past couple of years, there has been a growing threat that targets families and business alike. That’s Ransomware. It’s unlike any virus that has been in the past. It’s a money-making scheme for lots of cyber criminals.
Ransomware is a virus that, once installed, silently encrypts all of your documents, pictures, and other important files. You then get a popup telling you the files have been encrypted and if you want them back, you have to pay the criminals. As the name of the virus sounds, the criminals are holding your files ransom.
Some variants of the virus have the tendency to spread. Some people have reported an initial infection and then several more infections after a few days. There are thousands of different ransomware viruses out there. Some target small businesses, and others target people like you and me. Either way they are a major pain to deal with.
There are numerous ways that ransomware can get installed. One of the most common ways is for a criminal to send you a phishing link. When you click on the link, it will take you to a site that will install the ransomware if your system is not up to date.
Most people think that anti-virus will stop these types of infections. They aren’t wrong. Anti-virus companies have worked hard to develop virus definitions for all kinds of ransomware viruses. Like I’ve said before though, anti-virus isn’t a foolproof protection. The best way to avoid ransomware is to not click on links in emails that you suspect might be phishing.
If you get hit with ransomware, there is little that can be done to decrypt your files. You will have to either deal with the loss of your files or pay the ransom. As I write this in early 2019, the average ransom is running anywhere between $500 and $1,000. So you have to figure out how much your files are worth to you.
You may be thinking, can I go to the police? The answer is that most police don’t know what to do about ransomware. They don’t have the ability to decrypt your files. It’s also hard for them to arrest these criminals because many of them are in foreign countries. Following the money trail is impossible too because criminals use untraceable digital currency like Bitcoin or Monero.
If you do get hit with ransomware and you decide to pay the ransom, there is good news. Since the criminals are after your money, the probability is high that your files will be decrypted. If word got out that people were paying the ransom and weren’t getting their files back, then nobody would pay the ransom anymore. So they have an incentive to decrypt your files.
Yet I would caution you against paying the ransom. One, it is expensive. Two, the more we give incentive to criminals to run this kind of scam, the more they will run it. So while it may look like your only choice, I would urge you not to pay these criminals.
The one tried and true method of getting your files back from a ransomware attack is to have good backups. If you have recent backups of your files, then you can clean up the virus using a virus scan or anti-malware suite. Then, restore all your files from a backup. This is the best way to get your files back because it guarantees that your files are safe and you don’t have to pay a ransom.
One cheap and easy way to
The only issue with that is you might forget to
I suggest these two services for a reason. They are best suited for specific situations. If you only have one computer that you need to backup, then I highly suggest Carbonite. It provides unlimited backup for a small yearly fee (usually about the price of an external hard drive). But it is limited to just one computer. If you have a second or third computer in your house, then you have to pay a yearly fee per computer.
iDrive is a little bit different. You pay a yearly fee for a certain amount of storage, and then you can install their backup software on as many computers as you want. This option is perfect for families who may have more than one computer. I usually tell people to start at their lowest package and see how much you actually backup. If you need to, iDrive will allow you to upgrade your storage to a higher tier. This is the service I personally use for all of my computers at home.
Honestly, backups are the single best way to ensure your data is protected. I suggest you go out today and get one of the backup solutions I suggested here. Think about the files on your computer. Maybe you have pictures of family or loved ones. Maybe you have important business documents. Either way, they all have a value. Imagine if tomorrow they were all gone. Backups protect you from ransomware or natural disasters like fire or computer failure. With the price of storage dropping, it’s never been cheaper to backup your files.
This post contains affiliate links, and I may get a small commission if you sign up for the service. But I never recommend a product without having first used it myself. If you prefer not to choose the affiliate link that’s fine,
The new year is already off to a bang with data breaches. As I’ve always said, you have to take an active role in protecting yourself. While we have to keep these companies accountable, you also can’t blindly trust them with your personal information. Thus, I’ll be compiling a list of companies that experienced a breach each month. I’ll be presenting the facts of each breach and what you need to do if you are a customer.
The home decorating company House announced that hackers were able to gain access to their account details. According to their announcement, usernames, encrypted passwords, and IP addresses were leaked. If you log in with your Facebook account, then your Facebook ID was also leaked. But, it’s important to note that if you logged in via Facebook, your Facebook password was not leaked. So there is no need to change your Facebook password.
If you are a customer of Houzz, I would suggest that you change your password immediately. As always, when I recommend that someone change their password, I recommend that they look at where else they have that password. If your password for Houzz is used on any other site, I would suggest you change these passwords too.
The French airplane manufacturer is another company that was hit with a breach. According to their press release, the company identified a cyber incident that resulted in a loss of data. The company is still investigating, but early results show that internal employee data was breached. The incident report says that employee contact information and IT details were part of the leaked data.
According to their report, you should only have to worry about this if you are a European employee of AirBus. If you’re a consumer, there should be nothing you need to do to protect yourself.
Discover announced recently that they noticed a data exposure of customers in California. They have attributed it to a possible merchant data breach. This probably means that one of their processors was breached and allowed hackers to steal credit card numbers. If you are a Discover customer and were a part of the breach, you should have already received a new card. While credit card breaches are always scary, it’s important to remember that you are not liable for fraudulent charges on your credit cards. I would suggest that Discover customers review their credit card statements and call Discover immediately if they notice any unauthorized charges.
No, the website “Have I Been Pwned” was not breached. However, they announced that they have found a new set of breach data that includes 773 million records. If you’ve never heard of “Have
He doesn’t have all the breach data out there, but he does have the largest collection I’ve ever seen. I always suggest that people go to his site and sign up for breach notifications. That way when he loads new breaches into his database, you will get an alert right away and can go change your password. I recommend that you go and search for your email on “Have I Been Pwned.” If your email comes up on a site, you should immediately change your password.
The website Local Bitcoins detected a breach this month where hackers were able to gain access to user accounts. It looks like it was an issue with their forum. They immediately shut down the affected accounts and fixed the issue, which is great! But, after any breach, I always recommend people change their password as a precaution. Additionally, Local Bitcoins has two-factor authentication. If you haven’t enabled it I recommend doing so.
The Department of Health and Human Services for the state of Minnesota announced that they were breached as a result of a phishing campaign. According to a local news source, the breach included names, birth dates, phone numbers, email addresses, and general information related to child protection cases. About 3,000 people’s data was leaked. They suspect 30 more people could have had their Social Security Numbers, Drivers License numbers, and financial data leaked.
It’s always a bad breach when a Government entity is involved. We trust the Government to protect our data and often we have no choice but to give it to them. If you were affected by this breach, I would hope the Minnesota Government would send out a letter informing you of this. If you are ever a part of a breach of this kind, it might be important to look into freezing your credit. Hackers will oftentimes use this information to try and steal your identity.
This month didn’t have the worst breaches I’ve ever seen. Yet, it’s still important to maintain awareness about these threats. If you have accounts with any of these companies, I recommend changing your passwords immediately. Always remember that the best way to keep hackers out of all your other accounts is to have unique passwords for every site you have.
Past Breach Reports:
Today is Data Privacy Day in the US and Canada. Data Privacy Day started in 2008 and the campaign is organized by the National Cybersecurity Alliance. So in celebration of the day, I wanted to take this time to discuss a little about online privacy. We put so much of our personal data out on the internet and we expect that companies will protect it.
In this post, I wanted to talk about the privacy settings on Facebook. These settings are important to keep your posts and pictures private. I find it helpful to review these settings on a yearly basis. It seems like Data Privacy Day is an appropriate time to do that.
This section of the privacy settings on Facebook deals with how others see your posts. The first setting “Who can see your future posts?” sets the default visibility settings for all future posts. When you post on Facebook, you are given an option to see who can see that post. Your typical options are:
By setting this, you set the default permissions for all your future posts. My recommendation would be to set this to at least “Friends.” This way, anyone who wants to see your posts must send you a friend request and you must accept it.
The next setting, “Review all your posts and things you’re tagged in,” allows you to see everything you’ve been tagged in. If you don’t want
The final setting in this section is “Limit the Audience for Old Posts on Your Timeline.” This allows you to go back and change the audience for all of your past posts. I showed you the audience settings above and how you can set the default audience for all future posts. This setting allows you to change all of your past posts to “Friends Only.” This way you don’t have to go through each individual post and make sure that the Friends Only was set on them.
This next section of the Facebook privacy settings deals with how people find you and your posts on Facebook. The settings here are important, but how restrictive you
The first setting is a pretty standard one – “Who can send you friend requests?” If you are truly concerned, you could absolutely change that to “Friends of Friends” only. But I think leaving it at “Everyone” is fine.
The next setting is who can see your Friends list. When people search for you on Facebook and find your profile, they can usually see a few things. Typically, they can see your profile picture, where you live, and your friends list. I would set this to “Friends.” Often times hackers will try to scam your friends by creating a fake profile of you. What they do is look at your
The next two settings are also pretty straight-forward. They give everyone the ability to find you using your email address or phone number. The way you set these also depends on how easy you want it to be to find you. If you set them to “Everyone,” then anyone who knows your email address or phone number will be able to find you using Facebook search. If you want to be harder to find, you could set it to “Friends of Friends.” Anyone will still be able to look you up by name. However, they will only be able to look you up by email or phone number if they are already friends with one of your friends.
Finally, the last setting controls if search engines like Google will have the ability to see your profile and posts. I would set this to “no.” By setting it to “no,” another person needs to have a facebook account and use their search in order to find your profile. If you set it to “yes,” then anyone could Google your name and find your Facebook profile.
The next area in the Facebook settings that deals with privacy is the location area. If you use the Facebook app on your iPhone or Android phone, then it will periodically collect your GPS location. This helps them deliver ads based on where you live. However, they also store that information and keep it. Essentially, Facebook has a record of every place you’ve ever gone and when you were there. My suggestion is to turn that setting off. There is no need for Facebook to keep that record or even know where you are with out you explicitly telling them. Don’t worry – with this setting off, you can still check in to places on the app.
The last section of the Facebook settings I want to discuss is Facial Recognition. Have you ever been tagging a photo and Facebook suggests that person as someone to tag? That’s their facial recognition at work. They use facial recognition in a number of ways. The first is to suggest tagging people in photos that you upload. The second way they use it is to figure out if someone is impersonating you by using your picture as their profile picture. I personally keep this setting off, because I’m paranoid. But I can see the benefits to it. You can learn more about Facebook facial recognition here.
Overall, Facebook has a lot of settings that protect your privacy. You just need to review them and make sure they are set according to your own risk tolerance. In most cases, I’ve told you how I set the settings on my personal facebook page. I tend to be a little more cautious and paranoid about my privacy. But it’s up to you to determine how private you want your data and how hard you want it to be to find your profile on Facebook.
Imagine yourself sitting at home watching YouTube. You are binge-watching your 7th video of the best cat fails. Everything is going great, and then you get that annoying popup in the corner of your screen. It’s time to update your computer again. But wait, didn’t you already update your computer? So what do you do? If you are like most people, you click “remind me later,” or “don’t remind me again.”
Now I’m going to tell you a little secret of mine. Even as someone who is a practitioner and teacher or cybersecurity, even I sometimes click the “remind me later” button. I know, I know. I’m about to give you a dose of do-as-I-say-not-as-I-do.
So why are there updates all the time? I know it seems like your computer wants to update almost every day. Well, it’s an important part of the software lifecycle. You see, when developers write code for the programs that you use, it’s often not a single developer. Most of the time, it’s a team of people and those people make mistakes. When mistakes are made, that unfortunately sometimes results in a security flaw.
So the developers test their software and when they find an issue, they develop a patch to fix the security flaw. That is why you get updates all the time. The windows operating systems alone consist of roughly 50 million lines of code. That’s a lot of code to review, and that’s a lot of places a developer could make a mistake.
Well, the only thing you can do is click the update button. The next time you see an update popup, take the two minutes and click the update button. This is one of the biggest things you can do to better protect yourself. Most of the viruses and ransomware out there rely on a vulnerability in the software you may have on your computer. More often than not, a vulnerability in your browser is what allows hackers to target you with ransomware.
By installing updates to your browser and your operating system, you are more protected from threats like viruses and ransomware. I know it’s not some sexy cyber trick or some next-generation anti-virus program. But to be honest, a lot of the time when you hear things like that from software companies, it’s mumbo jumbo. The best way to protect yourself is good old fashioned software updates.
You may have the new fancy Next Generation, Artificial Intelligence Anti-Virus program. But the truth is, that’s a bunch of marketing talk. Anti-virus is an important part of your computer defenses, but it’s not going to stop everything. Updating with the latest patches on your software will do more good to your defense than any anti-virus application would do.
There is no one solution that is going to stop hackers in their tracks. It takes layers of defense to make you more secure. This year, I’m making a renewed effort to update my systems and stay on top of patches. I hope you decide to do the same.
2018 was the year of the breach. Hundreds of companies were breached and your data may have been stolen from them. And that’s the ones we know about. Most companies have no idea that hackers have breached their systems. Many companies have hackers in their systems for 1 to 2 years before they ever find out.
All this to say we can’t always trust that companies will protect your personal information. This means that you have to do it yourself. So every month I’m going to go over some of the worst breaches from the previous month. I’ll tell you the main facts and what it means for you. If you have an account with that company, then I’ll also tell you if there is anything you can do to protect yourself.
This month Marriott, Caribou Coffee, Bruegger’s Bagels, Dunkin Donuts, Warby Parker, Facebook, Quora, and 1-800-Flowers are among the victims of data breaches.
It’s hard to say if Marriott is the worst breach of 2018. But it’s in direct competition with Equifax as the worst breach of 2018. Over 500 million Marriott and Starwood customers had their accounts breached. Stolen data was encrypted, but experts are unsure if the hackers were able to steal the encryption password as well. Only a small subset of customers may have had their credit card information stolen. But it is very likely that usernames and passwords were stolen.
My suggestion would be to change your password if you have an account with Marriott. Remember that most credit cards do not hold you liable for fraudulent charges. If you are concerned, you could always request a new credit card number, but that may be unnecessary. You can read more about the Marriott breach here.
Caribou Coffee announced that hackers breached their point of sale systems in 2018. This means that credit card data could have been stolen from several Caribou Coffee locations around the US. The notice they issued here listed the locations that were breached. If you used your credit card at any of these caribou coffee locations, be sure to watch your credit card statements. If you see fraudulent charges, immediately call your credit card company. You could also call your credit card company and get them to issue you a new number.
Bruegger’s Bagels is owned by the same company as Caribou Coffee, so this breach is the same as Caribou Coffee. Bruegger’s Bagels issued a statement here that shows the locations that were breached. If you used your credit card at any of the Bruegger’s Bagels locations, make sure to check your credit card statements. If you discover fraudulent charges, call your credit card company immediately. You may also call them to request a new credit card number if you are concerned.
If you are like me, you are a fan of Dunkin Donuts. They are yet another victim of a data breach in December. According to their announcement, hackers were able to gain access to “first and last names, email address (username), and your 16 digit DD Perks account number and your DD Perks QR Code.” Luckily, no credit card information seems to have been stolen here. But, I would suggest changing your password if you have a DD Perks account.
If you are a customer of the eyeglasses company Warby Parker, you may have been required to change your password recently. Warby Parker announced that hackers were able to get into their systems and steal the usernames and passwords of 198,000 of their customers. They did the right thing by forcing affected users to reset their passwords. But, if you have an account I would suggest changing your password even if they didn’t force you to.
Facebook announced in December that a flaw in their system allowed 3rd party developers to access user’s photos. I believed this was so bad that I wrote an entire blog post on it. You can read all about it there, but my suggestion is to check on the apps that have access to your Facebook account. I’ve outlined how to do that in my blog post on the subject.
The question and answer site Quora is yet another victim of a breach. If you have an account with Quora, your username and password might have been stolen by hackers. Quora announced that usernames, passwords, and data imported from Facebook and LinkedIn for 100 million of their users was stolen. If you have an account, you should change your password immediately.
The parent company of 1-800-Flowers announced that their Canadian operations suffered a breach. Canadian customers who ordered from 1-800-Flowers could have had their credit card data stolen. The parent company says this breach did not affect any customers in the United States. As always, my suggestion is to watch your credit card statement and call your credit card company if you see any fraudulent charges.
It’s easy to look at these breaches and think there is no hope. But it’s important to remember that there are some simple steps you can take to protect yourself. With any breach that affects your username and password, make sure to change your password. If you use that same password on other sites, it’s also important to change your password there too. That’s why I recommend using a password manager. With a password manager, you can create a unique password for every site you have an account. This way when a breach happens, you don’t have to worry about changing your password on several sites. I teach you how to do all this and much more in my course “A Hacker’s Guide to Internet Safety and Cybersecurity”.
It’s that time of year again. It’s the holiday season and for most of us, that means time with family and friends. But this time of year isn’t only busy for retail businesses; it’s also a busy time for hackers and scammers. They know that everyone is out purchasing gifts for their loved ones. Since we increasingly turn to online stores to get us those great presents, hackers and scammers have figured out how to use that against you. Everyone wants to know the status of their packages from online retailers. Right after Thanksgiving in the U.S., there is a major increase in fraudulent package emails that make their way into email accounts.
Hackers and scammers are trying to prey on your worst nightmares when it comes to online shopping – a lost package. They’ll send emails with subject lines like “Package Undeliverable” or “Delivery Exception”. Think about it, if you ordered something and then a couple of days later you got an email saying your package can’t be delivered, how would you feel? Who wants to deal with a shipping company? And what if the package doesn’t arrive on time?
So you open the email, and without thinking, click on the link to try and resolve the issue. That’s where they get you. The resulting link usually has some sort of virus on it. Typically, it’s ransomware that is designed to hold your files hostage until you pay the ransom.
UPS has compiled a lot of really great examples of fraudulent emails that they find. Here’s an example of one –
You’ll see that it looks pretty legitimate. It has the UPS logo and some decent worded language in the email. But, there are a few red flags here. The first thing you should look at is who it’s from. The From line on this email is not a valid UPS URL. That should tip you off right away.
But what if you don’t look at the “from” block of the email? The second issue is that there is no tracking number in this email. Most delivery exception emails from any carrier will have a tracking number in the body or subject of the email. This example has neither.
The last red flag in this email is the link. While this may look like the legitimate UPS URL, it might actually take you to another website. When hackers send phishing emails, they typically use hyperlinks to get you to click on the link. By using hyperlinks, the hackers have the ability to type in www.ups.com but have that go to their website, which typically hosts viruses. The best way to defeat that is to hover your mouse over the link without clicking it. Your browser will show where that link is actually going in the bottom right or left corner of your browser.
I always recommend being cautious of any links in emails. Especially emails that you didn’t sign up for. So my first suggestion would be to not click links in any emails. But what if the email is legitimate?
Each of the main package delivery services have some sort of online account that will alert you of incoming packages. UPS has UPS My Choice, FedEx has FedEx Delivery Manager, DHL has MyDHL, and USPS has Informed Delivery. With all of these services, you can put in your address and it will inform you of packages that are coming your way. Instead of clicking on the links in an email, log in to the services and see if there are any packages scheduled for delivery. This way you know that the package is coming and you don’t have to worry about clicking any links in your email.
My final tip for you is to forward any suspected fraudulent emails to the shipping company’s fraud department. Each of the major services has an entire department dedicated to fighting fraud. They rely on you to help protect packages and their customers. So if you get one of those emails use the links below to find the email address to forward the phishing email to. This will help them take down the hackers and keep you safer.
A few days ago Facebook let the world know that there was a flaw in the way that apps accessed photos. This flaw allowed developers of the Facebook apps to access the photos of 6.8 million users. Facebook apps are one of the biggest security risks to Facebook users. Cambridge Analytica came to light back in the summer when they asked users to take a survey and install an app on their profiles. This app gave the company access to lots of data that people have posted on their Facebook profiles.
When you install an app, you give that app permissions to data that you post on Facebook. One thing you have to remember is that Facebook is not the developer of many of these apps. So you are in essence giving someone other than Facebook to access your photos and posts. Facebook is notifying people if their photos were leaked as a part of this issue. If yours were leaked, you’ll get a notification in the Facebook app the next time you log in. Facebook says that they are working with the app developers to scrub the exposed photos.
There is something you can do about this though. I recommend that everyone look at the apps that are installed. You can see all the apps and the individual permissions that those apps have. Make sure that you are alright with giving that third party access to your data. You can either delete the app or deny permissions to the app.
The image above is an app I had installed. You can see I’ve given this app permission to see my
I will warn you in advance, turning off permissions like that could break the app. This means that it may not provide the service you want anymore. I would suggest looking at the apps and thinking about what service it provides you. If you don’t want or need that service anymore, delete the app
We all give Facebook a lot of information about ourselves and we assume that they will protect that. We all need to do a better job of protecting ourselves online, but especially with regard to social media. It’s clear that the companies we do business with aren’t doing a great job of that. That’s why I’m working on a Facebook security workshop that I plan to launch in the next few weeks. If securing your Facebook account is something you want to learn how to do, sign up using the form below. I’ll send you an email to register for the free workshop.[mc4wp_form id=”124″]
[vc_row][vc_column][vc_column_text]When I first got in to Cybersecurity there wasn’t much talk about all these complex password requirements and next generation firewalls. The advice from experts was simple – ensure that you have an up to date anti-virus application and make sure that you patch your computers on a regular basis.
Now the advice is much different and the prevailing thought is that anti-virus is largely ineffective at stopping some of the more advanced threats out there. This means that we as individuals have to be more cautious about what we download and what we install on our computers. So let’s take a little bit to understand how anti-virus works and why it’s sometimes ineffective.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”How Does Anti-Virus Work?”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]One of the most common ways that anti-virus finds and stops viruses, malware, and ransomware is by using what’s called “signature-based” detection. Signature-based detections is exactly what is sounds like – the anti-virus vendors create signatures for new viruses and the software and then scan your computer for those signatures.
There are two problems with this type of threat detection. The first is that these signatures are usually looking for something very specific in the virus. This could be some code they know will be in the virus or a specific file that is placed on the system when the virus is run. While these signatures can get very complicated, they are also easily broken by many tactics.
So let’s look at what a very simplistic signature would be. Say you have a virus and once it’s installed it runs the following code “printf (“hello world”)”. Now this is a very simplistic line of code and the likelyhood of this being in any virus is low. However, for this demonstration, let’s pretend our virus runs that. The anti-virus application will be looking for that particular piece of code running on your system.
As a malware author, all I have to do is add some random characters in to that line of code to tamper the anti-viruses signature. So if I change that line before to “printf (\x90 “hello world”)”, I have effectively defeated the anti-virus signature.
As a seasoned professional in the industry, I will be the first to say it’s not as easy as I just made it out to be. The anti-virus vendors are very good at creating signatures. However, the virus authors have been largely successful at getting past anti-virus applications thus far, so we can’t rely on anti-virus as our only means of protection.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”New Viruses and Their Non-Existent Signatures”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]The other pitfall of anti-virus applications is that many of them rely on having seen the virus before. By this I mean that if the virus that gets installed on your computer is new to the internet, then the likelihood that any anti-virus vendor has a signature for it will be slim to none.
Anti-virus vendors have teams that are dedicated to finding new viruses on the internet. They use a highly-trained team of cyber analysts to scour the deep dark places of the internet where viruses are born, find new viruses, and put in protections against them. They also rely on outside people to submit what they think might be viruses to their team to be analyzed.
The problem with this is that if a new virus is released on the internet, it may take a while before their team finds the virus or someone submits it to them. The time between the virus release and the creation of a signature could be days, or even weeks. What this means for you, however, it that your anti-virus software isn’t protecting you against this new virus. If you download and install it before a signature comes out, you could have your data stolen or held for ransom.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”What Do You Do?”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]All hope is not lost. I don’t want you to think after reading this article that anti-virus is awful and that you should uninstall it. anti-virus is a very important part of your layered security model. You just need to understand what anti-virus is good at defending you against and where it is lacking.
Anti-virus vendors pride themselves on being able to block a lot of what I call the “broad-based” viruses and malware. This means that you are protected from many of the common viruses and malware on the internet today. Nevertheless, you cannot open every file and click on every link sent to you and feel 100% protected by your anti-virus system.
My final advice to you is make sure your anti-virus tool is set to automatically update and stay vigilant when you open links and documents from people you don’t know. With these tips in mind, you will be more secure than many people out there, and that is our ultimate goal – be harder to hack than the next person.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://youtu.be/8PJkjaf2J5U” align=”center”][/vc_column][/vc_row]
[vc_row][vc_column][vc_column_text]Have you ever been hacked? Do you know someone who has been hacked before? Most people I talk to say they feel as though they don’t know enough about computer security. I’ve spent a majority of my career protecting the networks of large companies and I’ve been able to translate what I’ve learned there in to simple tips and techniques that the average computer user can implement to ensure they protect their digital life.
I created a course, A Hacker’s Guide to Internet Safety and Cybersecurity, to teach those tips and techniques. The course has over 30 lectures and over 2 hours of content.
Through out this week I’ll be posting a new preview video on our YouTube channel so you can get an idea of what the class will be like. If you like what you see I’ll be posting a special coupon on Monday July 23rd so that you can enroll at our special introductory price.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Password Reset Questions”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]We’ve all been there, you enter your password and get the “Incorrect Password” error. You panic because you can’t get in to your account. Then the magical password reset link appears just below the error like an angel from heaven.
Most of the time when you set up an account anywhere online, part of the registration process is to set up password reset questions in case you forget your password. We all typically set up the standard questions:
These questions are easy questions for us to remember for when we forget our password, but what most people don’t think about is that most of this information is public information. Attackers can easily find out the answers to these questions. A lot of information on your family is public record and sites like ancestry.com have done a great job of collecting these public records and providing a place for everyone to search for them.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”How to Choose More Secure Password Reset Questions”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Hackers have in the past used the answers to these questions to compromise people’s online accounts. In the video preview I suggest changing the way you answer your password reset questions. The first way to ensure that hacker’s can’t use your password reset questions against you would be to ensure that you choose questions that are not public information. Questions like “What is your favorite food?” or “Where was your favorite childhood vacation?” are better questions because that is not something that a hacker can easily research from public records.
If you are unable to choose password reset questions about your likes and dislikes then you could always lie on the more public record questions. For example if you put your best friend’s last name as the answer to “what is your mother’s maiden name?” hacker’s won’t be able to correctly answer that question from the public research they’ve done.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://youtu.be/t5WrHONYwC0″ align=”center”][/vc_column][/vc_row]