Monday, October 29, 2012


Over 350,000 Debit and/or Credit card numbers were stolen in what's called the "Biggest Data Breach of the Year", including over 3 million Social Security Numbers in South Carolina.

"The number of records breached requires an unprecedented, large-scale response by the Department of Revenue, the State of South Carolina and all our citizens," South Carolina Governor Nikki Haley said in the statement. "We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected."

For more information, read the article HERE.

Sunday, October 28, 2012


The other night Robin and I were watching TV when I threw a few idea's I had rolling around my brain [ed. - idea limit 3 while watching TV, 'nuff said] and after the 3rd one she said "You should write an article about that". We resumed watching "Person of Interest" (GREAT show BTW). I awoke this morning before dawn due to the resumption of rolling ideas and came in here to get this down on a file so I could get a good nights sleep tonight.

It's hard to miss the big hand pointing a finger at you, so it was probably the first thing you noticed on this blog post, the 2nd being the subject matter. It's easy to to buy Anti-Virus software, get infected, and blame the software, and just as easy to blame your email account (whether it be a Microsoft, Gmail, Yahoo, or AOL email), along with endless other online accounts that require a login name and password. IMHO, this is not outside the boundaries of what makes sense - as long as you have done your part in this security partnership, and that's exactly what it is - a partnership.

Whatever service you sign up for, that service has their own internal security and firewalls that cost more than your car; yet even they are vulnerable (as we've seen throughout this year). But on a personal level you should make things difficult for someone interested in hacking just your account.


  • Using the same password for all of your accounts. It's a pain in the butt, but buy a notebook pad and write the information down.
  • If the site allows it, don't use your email address as your login name. I know that many sites will only let you use your email address, but for the ones that will let you pick something else - do it.
  • If the site lets you pick a login name, don't use your name, or any other name that someone could link to who you really are.
  • Birth dates. Some sites require your birth date [ed. - this is where that pad full of logon's and passwords comes in handy], so pick a month, day, and year that isn't yours, but make sure to write that down on your pad should a question about your birth date comes up.
  • Social Networking sites have other things to fill in, like where you work, where did you go to high school, what State or zip code do you live in, etc. If it's required, fill them but make the information FAKE, FAKE, and....FAKE. Then write all of this down on your password pad. Should your account ever get hacked, the information obtained by the hacker will do them no good. They will be creating an information file on someone who doesn't exist.
  • How many email addresses do you have? Some have one, others have 2 - personal and work. Create several more. Why? It's a good practice to have an email address just for non-essentials.
Example: You're at a store and have just made a purchase and they ask for your email address, or, you see that a radio station has a contest you'd like to enter and it requires an email address. Use the non-essential email you just created, not your personal or work email address.


Many companies you purchase products from will pledge to keep that information with them, and them only, while at the same time, many companies, services, and even magazines you subscribe to will sell that information to someone else, who will sell it to someone else, etc. And let's not forget those contests you entered like trying to win that new Dodge or Ford truck while ignoring the little, tiny fine print allowing them to use the information in any way they wanted to.

Because of this, there is a LOT of information about you floating around the Internet and all it takes is a Google, Bing, or Yahoo search to find it. The information may or may not come up on the first or second page, but if you dig deeper you'll find something - and what you find, may shock you! Think I'm kidding? Here is a recent example:

I was at a clients residence cleaning viruses, spyware, and Trojans off their computer and while I was doing this I handed them a document I'd written in regard to what steps they should take after having their computer's security breached, like changing passwords, how to make the password harder to crack, etc. I could see cold sweat running down this person's (now ash-white) face as they began to get overwhelmed with what they would have to do.

In a calm, soothing manner, I talked about each step and they understood the importance of it all, finally realizing they had to take on this challenge. Of course the usual questions about their infections like: Who? What? Why? were asked (and answered) and how much of their personal information did I think was on the Internet. "I couldn't tell you for sure", I said while pulling up google and typing the person's name in the search box and hitting ENTER. A bunch of links (along with paid advertisements) came up on the first page, but nothing relevant, and the same with the 3rd page; but on page 4 came a link with that person's name on it.

Clicking the link we were told that 57 people with the same name were found in the US. We saw that Texas had 14, and clicked on that to eliminate the other 43. Of the 14, 4 were in the Houston area and it also has the age of the each person next to it. Clicking on the name with the correct age brought us to another page with listed this person's company they worked at (2 companies ago), home address, 3 email addresses, and a map with directions to their house! Oh, and I almost forgot - it even had a picture of them, one that had been used years ago for an instant messaging program no longer used. Most of this information was either in the public domain, or legally purchased from some company on the web.

[End of the example]

While using the Internet makes things super easy, it comes with a price with regard to your personal information, and how super easy it is to find it. If I've just given you a chill down your spine then I've succeeded in conveying the delicate balance of good vs. evil and the Internet.

It's a nice Sunday morning, and after reading the paper, or going to church, it would be a good day to sit down with your spouse and write down every Internet site you use that requires a login name and password, then decide what you can do to make it more secure [ed. - here comes the example]:

Instead of a name, use a sentence or short phrase for a password that has at least one capitalized letter, and a number or other character to go along with it. You find at least two other posts I've written devoted to this subject, so I'll use my common password example of - itrainsinspain. Well now, that wasn't so hard to come up with was it? And I'll bet you can come up with many others (which you should use).

Now let's get a little tougher. You could make it: Itrainsinspain, itRainsinspain, or even ItRainsInSpain. Tougher? very well, let's get really tough! (remember you can use a number or other character like $ or ! as well) - it!Rains!in!spain$ [quite the difference from the very first example, and/or the name of your pet]. WHAT?? You want it even harder to break? Okay, here we go: Alpha/Numeric substitutions - i=1, s=$, and o=0 (zero). Taking our last password (it!Rains!in!spain$) we now have: 1t!Ra!n$!1n!$pa1n$, a password that would be suitable for very high security accounts like banking, stock portfolio, etc. AND - WRITE THEM DOWN ON YOUR PAD OF PASSWORDS!

It's easy to do, just go line-by-line and account-by-account. Line 1 might read,
Bank of America  Login Name: Forrest Tucker, Password: 1t!Ra!n$!1n!$pa1n$.

Next line:
Amazon   Login Name: openrange, Password: D0ntl00kunderthe$ta1r$

Tough? yes. A pain in the butt? yes, but remember, even though you may (or may not) be wearing a uniform, you are fighting in the Cyber war and you are responsible for holding up your end of the security line. Okay, now go do 15 push ups and take a nap -

'Nuff Said,and "Thank You" Robin

Thursday, October 25, 2012


Microsoft, Google, and Yahoo have strengthened/repaired a weakness in their email systems (I assume that means @hotmail, @msn, @windowslive, @gmail, and @yahoo accounts). This "Weakness" could allow an attacker to create a spoofed message that passes a mathematical security verification. Kinda medium-to-big sized weakness sez me.

Zachary Harris, a mathematician, gets credit for discovering it. He found it first with Gmail then discovered the problem wasn't limited to Google, but also Microsoft and Yahoo, all of whom appeared to have fixed the issue as of two days ago. The article, on PC WORLD, is worth a read and you can find it HERE.


You may have heard about Barnes & Noble halting the use of pinpad devices because of breach of security. If you didn't - now you have!Pinpad devices are what you use when making a purchase with a debit or credit card. Apparently it's quite serious and I suggest you read the article about it HERE.


If you use Adobe's Shockwave player you may want to run an update on it from their website. They just patched six critical security holes, and it shouldn't take long to do it (the update). From Adobe:

"Adobe recommends users of Adobe Shockwave Player and earlier versions update to the newest version," the company said in a security advisory accompanying the release on Tuesday. The new version is available for the Windows and Mac platforms.

And you can read the full article HERE.

That's about it for this post, except a reminder for you update and run a quick MALWAREBYTES scan if you haven't done so lately -

'Nuff Said,

Wednesday, October 24, 2012


I think, somewhere down the list I mentioned email scams, but recently Anti-Virus/Security firms have said that email scams are on the rise and to keep alert [ed. - if it smells like a fish and looks like a fish it's probably a fish, 'nuff said]. In my own mailbox I've noticed an increase and yesterday when I got home and sat down to check my email I saw a virtual flood of email scams.

Why-what-who? Email scammers fake legitimate company names with (usually) an urgent subject line hoping you will open it, click on their link and then be re-routed to one of their servers which will have a home page just like the real place. The object? To get your logon ID, Password, and perhaps a credit card or social security number from you.

Here are just a few  From/Subject emails I saw in my mailbox yesterday -

AMEX - Alert - A payment was received

AMAZON - Your credit card was rejected

BANK OF AMERICA - Your account is overdrawn

BBB Complaint Dep- Case# 92998361

FACEBOOK - A friend of Bob wants to be added to your friend list too

LinkedIn - You have received a job offer

UPS - We were unable to deliver package 43422346979 to your address

From Kaspersky Labs

"Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users."

A recent article about this matter can be read HERE. Keep your eyes open out there -

'Nuff SAID,

Tuesday, October 23, 2012


Guess what the report was about?? I'll give you 3 tries and the first 2 don't count. What? "Android" you say? Yes, very astute of you Mr. Holmes!

To quote the very beginning of PC Magazine's Stephanie Mlot: 

"Android smartphone users, beware — malware on Google's mobile platform saw a nearly sixfold increase in the third quarter, according to Trend Micro.
The number of high risk and dangerous apps targeting Android users jumped from 30,000 in June to 175,000 in September, Trend Micro said in its third quarter security roundup."


IOS) to get some anti-virus protection for your smarphones and tablets. You can read the rest of Stephanie's article HERE.

I do have a minor, personal peeve. I like and use Norton/Symantec products (have been for over a decade), and when you install the product there are two boxes you can check/un-check: 1. Would you like to get emailed security alerts, and 2. Would you like to help Symantec by submitting blah-blah-blah. I've never clicked on that choice, but have always selected email security alerts, and I've yet to receive one. You can't knock a great product for someone dropping the ball on email alerts, but it would be nice to get them, rather than having to spend several hours viewing a half dozen websites to get the latest news and post it here for you to read. Okay, peeving over.....

'Nuff Said,

Wednesday, October 17, 2012


What country would you pick as the number one spammer in the world? What I might have answered 4 years ago is not what I would have suspected now, but as with everything - change occurs.

[Credit: Sophoslabs]

"India has surpassed the U.S. and taken the lead as the greatest spam-sending country in the world. One out of every six junk messages that litter users' e-mail inboxes are coming from India, according to a new report from SophosLabs."

Read the article HERE.

Tuesday, October 16, 2012


Sorry, I couldn't resist using a shortened line from the film "The Marathon Man" for the title. Of course, this question is in regard to cyber-security. So here is this morning's news - Ripped from the headlines.....
From the "Seattle Times":

"Police in the small (population 8,400) northwest Washington town of Burlington say hackers have transferred $400,000 out of a city account."

"Authorities say the transfers took place between Tuesday night and Wednesday morning. The hacked Bank of America account has been frozen now."

Read the complete story on the Seattle Times website by going HERE and then review your own security and password strengths. Credits due: Associated Press and the Seattle Times.

'Nuff Said,

Monday, October 15, 2012


Boy, was I S-I-C-K last week (which accounts for the lack of Blog posts), hopefully it was a fairly light week, regarding viruses, but I worked Monday (on the basis I had bad allergies), then Tuesday (realizing by the afternoon my goose was cooked), and in bed until Sunday, so I'm playing catch up here.

  • Firefox released Version 16
  • Firefox pulled Version 16 the next day
  • Firefox later released Version 16 after patching critical bugs - some of which could allow someone to takeover your computer
  • The U.S. Secretary of Defense said Thursday that "Future cyber attacks could rival 9-11, and cripple the U.S."
  • The Conficker "Worm" is still be tracked, still infecting computers, with apparently no end in sight.
  • In November AT&T will be sending out anti-piracy notices, initiating their new "SIX STRIKES AND YOUR OUT" policy.
'Nuff Said,

Tuesday, October 9, 2012



I know this because I've gone through this before. I check the lower right corner of my taskbar where the icons are by the time, but I don't see any new updates waiting for me. Then, I go through Windows Update and after what seemed like 30 minutes, I get a message that there are no new critical updates for me.

What does this mean? It means that you may wake up Wednesday morning and find your PC rebooted after having Microsoft Updates installed - but don't hold your breath. The last one that came around didn't show up on my PC until Thursday night/Friday morning, and for some customers, not until the weekend.

Why is the Word flaw so critical? For many years I've discouraged users from using the view pane in Outlook because it's had a well known bug where if you're just previewing the message and the message has malicious code in it B-A-N-G, you're infected. What does Outlook have to do with Word? It uses word as it's default editor/viewer, so I'll be really happy if this does fix the problem which exists in Office versions 2003-2010.

The article did have a link to just the Word patch, which I just did, but you can wait for your updates to arrive soon in one package if you like, and I doubt I'll turn the viewing pane back on - after about 10 years I've figured out I really don't need it. The article can be found HERE.

'Nuff Said,


I suppose I was busy doing something other than reading a lot of Tech news in 2011, or maybe I read it and filed it in the "To Be Forgotten Bin", and you know that it's not my first, second, or third choice for Anti-Virus security, however an unrelated article caught my eye this morning about INTEL's announcement that they were going to lay-off at least 1000 McAfee employee's. Reading on, I read that Intel bought them in the first part of last year but due to the industry and economic decline they were forced to do this. I don't recall a time frame being mentioned - Heck! I don't even remember Intel buying them to begin with....

Monday, October 8, 2012



SYMANTEC today said that "A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service", in an article in the Security section of

"Anyone who thought they were downloading Web proxy software was instead installing a Trojan horse [complete with backdoors] tied to a Russian black hat operation."

"Once a computer is compromised, it connects to a remote server......."

You'll find that interesting article HERE.

'Nuff Said,


Yeah, like you reading this, I'm as awake as I look as I read about yet another Monday morning blitz - this time a SKYPE "worm". As reported on Trend Micro's Security site (formerly security blog), you may find messages from people on your contact list which briefly asks:

“lol is this your new profile pic?" [which has a link for you to click on after the question mark]

Advice: Don't click on the link. It was reported in Europe over the night but comes in German and English versions. Read more about it on their site HERE. SKYPE, used for families to communicate from one side of the country, or world, to a another makes a fast way to spead this.

'Nuff Said,