Online Web Meeting Systems Are Getting Hacked

Set the security options! And learn to use more than one service.

April 15,  2020

Online web meeting systems are meant to connect people together. Sadly that means that hackers, creeps, exhibitionists and other interlopers can get into your meetings. The more popular the system, the more it's going to be a target for hacks.

• Learn the security features of your online system: passwords, authentication, waiting rooms, forced mute and disconnect, and so on. 
• Become familiar with several platforms. Too many people are fixated on Zoom. It's not unique, and there are others just as good.

Here's a handy link to a comparison of meeting systems. with an emphasis on comparing the free options.

 

It's Time to Replace Old Computers

Old systems are not just slow, they can be seriously vulnerable.

February 12,  2020

I will admit that I have some old computers. The problems with old systems are many.  Mainly, they are too slow to run Windows or Mac OS. Two are in my "computer museum". Another I still use on occasion. But it's time to stop that. New computers are less expensive than any previous generation. You can get a fast Chromebook for as ilttle as $100. And you can get a full PC with Windows 10 for less than $400.  My favorite, the Lenovo T470S, sells on Amazon for $548 and often goes on sale. How a basic Dell  Inspiron with Windows 10 and a touchscreen and a flip screen, for example,  with an entry price around $200 and that's not on sale. 

Why struggle with a clunker if this costs $200?

The issue is not just speed, and running the latest apps and OS, it's also security.  Old hardware and firmware is difficult to impossible to update. Why? Because it's OLD. And the hackers are finding vulnerabilities in old systems that will never be fixed. A perfect example is a scary rootkit hack that affects nearly every computer because it is linked to a theft recovery system called Computrace, or Lojack for Laptops. The system is in fact a rootkit. Why? Because it takes a root level process to help you find your device if it's lost or stolen. People tend to forget that there are root processes in their phones that make Find my iPhone and Find my Android possible. The difference is that people get rid of old phones, and along with them they get rid of old vulnerabilities. Also, the root level processes on phones have been more carefully defended than on PCs.

So the story is that Russian hackers found a way to modify the Computrace/Lojack agent and turn it into a slave that can report your actions and control your system. The hack is called LoJax and it falls in a category called Command and Control (CC) hacks. This type of hack in and of itself is not new. Other such attacks exist, the most famous IMO being Megaupload.  This hack is elegant because your firmware is modified without a formal firmware update, and you don't know that it happened.  Several security authorities, mainly vendors, and presenters at Black Hat, have written about this hack. It makes great headlines that cause these folks to appear smart. But how bad is the threat?

The answer is, Don't Panic. The worst version of the hack affects PCs that were built prior to 2009 and are using Intel firmware chips made prior to 2009.  This hack  can be performed over the Internet by tricking someone into downloading an updater masquerading as something else.  Newer systems cannot be remotely attacked. Nevertheless the "experts" have published additional reports highlighting this threat.  But it cannot be installed unless someone has physical access to your computer. In other words, it's very unlikely. Neither the original nor the new version of this attack have ever been shown to have affected more than a handful of systems. It's just not showing up in the wild. 

There are far more dangerous hacks out there. If you have a newer system, you should feel reasonably confident that you can activate Computrace/LoJack and use it as intended, to find a lost or stolen PC.  

 

An Up-to-date Computer is a Happy Computer

Updates are the key to manage risks.

February 2, 2020

Every day brings a new story about ways that hackers have stolen information, damaged systems, or taken over someone's computer. People (like anyone reading this) are funny.  We get used to all the scary stories. Then something happens to you personally so you decide to swear off Facebook.  Or to stop talking to Alexa. Or uninstall all of your apps. As if taking a single action is going to make things better.  There is no safe place in cyberspace. Your computer, phone, tablet, TV are so complex that no one fully understands them any longer.  Several studies indicate that 90% or more of hackable vulnerabilities have patches and updates available at any given time. The best defense is a good dose of prevention that starts with a healthy, up to date system. When you receive an official notice of a system update, DO IT.

Here are some tips to help.

• If your Windows PC or tablet has an official update, you will get a message in the notification area, typically located on the right side of your screen.  The message will probably pop out for a moment, then close. You can see it again by opening the notification pane. The task bar should contain an icon that looks like one of these:   click on the icon and the notification area will open up and show details.  The number would indicate how many new messages are waiting.
• If your Mac has an official update, you will get a drop down message, typically at the upper right side of your screen.
• Android and Apple phones will display pop-up messages. You will go to settings and may need to authenticate to receive updates. 
• None of these devices will be officially updated through an email, text, browser pop-up, phone call notification or other method. 
• If you are really not sure, either call your support line, or search your vendor's help site online, and look around the Internet for information about a recent update. Don't put off a real update.  These companies release updates that fix problems. 

 

Your Phone has a Virus! And it's not electronic...

 You can talk but don't inhale. 

January 23, 2020

According to research reported in the Seattle Times and Mashable, these are typical counts of bacteria per square inch on various surfaces.

• Toilet seat: 1,201 bacteria per square inch
• Kitchen counter: 1,736 bacteria per square inch
• Pet food dish: 2,110 bacteria per square inch
• Checkout screen: 4,500 bacteria per square inch
• Doorknob: 8,643 bacteria per square inch

HOWEVER, your phone is likely covered with more than 25,000 bacteria per square inch. Sorry, don't have the statistics for viruses themselves, but do you need to know? This is a good time to invest in cleaning solutions that are safe for use on phones. Disposable wipes are going to be safer than liquids. You can also use ultraviolet light!

Here are some possible products. No endorsements, of course.

                      

 

Stay Safe!

Use strong PIN codes on smart devices

August 24, 2019

 1234    1212    2580   you really think it was your idea? 

Your device should demand a PIN code for login after power up or restart, maybe even after inactivity. Don't count on your face, eyes, fingerprints, and so on to protect you because they ares only 10,000 (10 to the 4th power) combinations and yours may be easy to guess. But a four-character number-letter code is 36 to the 4th power or 1,679,616 combinations! 

Read some interesting warnings about weak number PINs here, and here. 

 

Firewall your phone from malicious physical access with power-only cables 
The data leads are an invitation to an attack  

August 20, 2019

There are plenty of ways to attack a phone (or tablet) through a cable such as USB or Lightning. Why? Because a standard cable will have at least four wires. Two wires, red and black, charge a device; the others are used to create a communications link. Think about that, the next time you plug into a public kiosk with USB ports to give you a free charge.  Most of the time, we don't need the data connection so whenever you are buying a cable to charge your phone, especially for travel, get one that is "power only"! It's one of the easiest ways to protect your device.  Or just by a special tip with only two connections, and all of your cables will be safe.  Here's an example from PortaPow