"WE'VE BEEN HACKED, THEY SAID..."
Ebay announced that user information [name/address/phone number/password] was hacked between February and March of this year.
You can read the Reuters article HERE, after you change your Ebay password!
Brian
Wednesday, May 21, 2014
CHANGE YOUR EBAY PASSWORD(S)
Ebay announced that user information [name/address/phone number/password] was hacked between February and March of this year.
You can read the Reuters article HERE, after you change your Ebay password!
Brian
Wednesday, May 14, 2014
CRITICAL ADOBE PATCHES
Tuesday, May 13, 2014
MONDAY MAY 12TH, 2014
"BITS AND BYTES..."
Another week begins, so pull up the drawbridge, fill buckets with hot tar, and prepare to do battle with unknown enemies planning to target your castle [i.e. - home network].
Let's cover some security basics quickly:
- If someone calls you and tells you they are from Microsoft, or some anti-virus firm and they've noticed that it appears your computer is infected, HANG-UP-THE-PHONE. There's nothing more to say than that.
- If a window slides up on from the lower right-side of your screen announcing a new update for Java, Flash, or Adobe Reader, what should you do?
- Click install, and when it asks you if your sure click "yes", or
- Click the "X" to close the window/box and go directly to the website and download the product from there? [HINT - This is the correct procedure]
- If you open Malwarebytes to run a scan and it tells you that it's been 200 days since it was last updated, expect to find Viruses, Trojans, PUP's [Potentially Unwanted Programs], or PUM's [Potentially Unwanted Malware]. Update your definitions immediately and run a scan.
- If your 2013 Anti-Virus program has just expired, don't just buy the 2014 product and use the key to re-activate the 2013 version - actually install the new anti-virus engine and all of the improvements within.
- Using Microsoft Security Essentials is like running around with a big sign on your back that says "INFECT ME, I'M EASY..."
And bad things never go away for very long, so be on alert for the infamous email attachments. They get trickier with each attempt and if you're not careful you could fall for one of these.
 |
| IMAGE: MALWAREBYTES |
'Nuff Said,
Brian
Saturday, May 10, 2014
BUT, I DON'T GO TO THOSE TYPE OF WEBSITES...
AND I DON'T OPEN THOSE KIND OF EMAILS...
The question: "What two things do I hear on most virus-cleaning service calls?"
I'll address emails first. While almost everyone has a SPAM filter these days, many "Phishy" emails still find their way into your In-Box, including fake emails that seem to come from your bank, your credit card company, or your friends.
"When a message is displayed in the preview pane it's just as if you double-clicked the email..."
If you use an email client like Outlook, more-than-likely you have the reader view pane "on" [ed. - it's the window below or to the right-side of your email list that shows you a preview of an email message]. When a message is displayed in the preview pane it's just as if you double-clicked the email and opened it, so if there is any hidden malicious code within the email - you've activated it. The fix is easy: don't use the preview pane. This was a known security risk within Outlook for years, then they patched it - but the patch didn't fix it.
"you may wonder why users get infected by already known/patched security holes - the answer is simple, many users don't bother to patch them..."
Regarding going to "those type of websites", there are no safe zones any longer. You don't have to visit a hacker or Porn website to get infected, it can easily come from a recipe website, a search results page, or a major website, like a big news webpage.
The people that write malicious code that infect your computer aren't doing it just for the fun of it - It's their livelihood. They make a lot of money stealing credit/debit card information along with a users identity, all which are bought-sold-traded on nefarious servers around the world. Because they make a lot of money doing this it's no big deal to buy advertising space on Google, or a major news website, and plant malicious code that will infect known bugs in JAVA and Adobe FLASH.
While there are "Zero-day" exploits [meaning a hole in JAVA, FLASH or Windows is being exploited before anyone admits to knowing about it], you may wonder why users get infected by already known/patched security holes - the answer is simple, many users don't bother to patch them...
BACK-IN-THE-SADDLE
I've been away for a week, taking some time off. Needless to say I wasn't without a computer and did look for anything new and terrible to put on this Blog while sitting in our hotel room - I just happened to pick a slow week [ed. - and there's nothing wrong with a slow week in security breaches, 'Nuff Said], so the only thing I have to mention is about the HEARTBLEED security flaw in open SSL: Don't let your guard down.
I read an article yesterday where a security firm confirmed that at a minimum, there are still over 350,000 un-patched servers still found on the Internet. They don't know what sort of servers they are, or what country they reside in, but it's safe to say you aren't completely safe from HEARTBLEED.
If you do a search for "Heartbleed browser add-ons" you should be able to find a secure place like pcmag.com, pcworld.com, or cnet.com to find this download. I have one in my Firefox browser which rates every website I visit.
And that's the end of this post folks! Surf the web safely...
'Nuff Said,
Brian
Thursday, May 1, 2014
MICROSOFT WILL PATCH IE6/7/8 ON XP
"JUST A ONE TIME EXCEPTION THEY SAY"
I say bull-oney, and predict as long as XP use still hangs over 25% it wouldn't surprise me at all to see yet another "one time exception" when the next bad thing comes along. In the meantime, if you're using XP, take advantage of this patch if you still use Internet Explorer.
The security update, detailed in Microsoft security bulletin MS14-021-Critical should be available now.
'Nuff Said,
Brian
Subscribe to:
Posts (Atom)