Category: Internet safety
Until Trump rids us of the two egregious acts; the so-called “Patriot Act”, and NDAA, we are still a De-facto police state.
At a lower ? level, your personal privacy is YOUR responsibility. Folks continue to exercise the use of technology which has become passe, with the mindset that “I’m not a criminal, so I don’t have to worry”; well, “down the road apiece” they will discover the fallacious nature of that attitude, when it’s far too late.
The internet is a vast “rabbit hole”. As a child, merely reading the beginning of Alice in Wonderland made me uncomfortable. Lewis Carroll’s imagination was almost a hallucinogenic nightmare. “Eat me”, “Drink me”… More like “Time to get out of Dodge”!
A security publication by ASIS International posted an article on passwords. They are “one of those”… Alpha Dogs:
Copyright © ASIS International
This information is protected by U.S. and international copyright and trademark laws.
No part of this work may be reproduced without the written permission of ASIS International.
So I will have to refer you to this via the URL. Serious advice for navigating the Wild,Wild,Web. ‘Nuff Said.
Received this via e-mail. (I no longer use an e-machine; it was too old, way beyond the usual support offered by manufacturers anyway) However, this might be useful to others:
eComputerSupport is an independent provider of technical support for computer software, hardware and peripherals and not affiliated with any third party brand unless specified. Call now to get instant access to PC tech experts For Detailed Disclaimer.
Be aware – there seems to be a recent push for this malware known as Crypto-locker globally. This ransomware is using email attachments, embedded internet links and/or botnets to propagate.
Ransomware (Crypto-locker) is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to restore access to their systems, or to get their data back
How do I prevent Ransomware infection?
Use caution when opening email attachments. For more information on safely handling email attachments read Recognizing and Avoiding Email Scams (pdf) Double-check the content of the message
Refrain from clicking links in email
Always ensure your software is up-to-date
Backup important data
Filter EXEs in email
Disable files running from AppData/LocalAppData folders
Patch or Update your software
Periodically perform clean up from authorized technicians
If you are an existing customers of computer tech support and are concerned about ransomware protection or think you have been targeted by ransomware, please get in touch with us through the below methods.
1. CTS HELP DESK ICON on your desktop
2. Call at 1-855-820-8680/ 1-844-695-5448 (US), 1800886803 (Aus) & 8005244205(UK)
3. Click on the “LIVE CHAT” button on the link: http://www.ecomputersupport.net/help.php
Familiar with your WP dashboard? Think so? Hover over My Sites, then Click on WP Admin, NOT the menu which uses their less than stellar “improved” method of navigating and modifying your web page. click on “Tools”, then Available tools.
The list for my theme contains Press This; under that section is Categories and Tags Converter, ( I choose to control my categories and tags manually, and find the value of this service to be dubious) Then under that is Website Verification Services.
I need not go into a lengthy explanation on my opinion of Google, Bing, and other search engines; here is the list of options:
The blank areas under each were the example URL links.
|Google Webmaster Tools|
|Bing Webmaster Center|
|Pinterest Site Verification|
Yandex.webmaster was not there the last time I checked this section out. Pinterest is not a webpage I would want to link to. I copied “Yandex” into my anonymous search engine, (Duck Duck Go) and found this in Wikipedia. (I disabled the many links and attributions)
Yandex N.V. (/ˈjʌndɛks/ Russian: Яндекс) is a Russian multinational technology company specializing in Internet-related services and products. Yandex operates the largest search engine in Russia with about 60% market share in that country. It also develops a number of Internet-based services and products. Yandex ranked as the 4th largest search engine worldwide, based on information from Comscore.com, with more than 150 million searches per day as of April 2012, and more than 50.5 million visitors (all company’s services) daily as of February 2013. The company’s mission is to provide answers to any questions users have or think about (explicit or implicit). Yandex also has a very large presence in Ukraine and Kazakhstan, providing nearly a third of all search results in those markets and 43% of all search results in Belarus.
The Yandex.ru home page has been rated the most popular website in Russia. The web site also operates in Belarus, Kazakhstan, Ukraine and Turkey. Yandex Labs is a wholly owned division of Yandex located in the San Francisco Bay Area. In 2014, Yandex announced plans to open a research and development office in Berlin, Germany.
It opened the first sales office outside the CIS countries in Lucerne, Switzerland in 2012 for its European advertising clients, and the second one in Shanghai, China in 2015 for Chinese companies that work on the Russian language market.
But it gets more interesting… Check out their acquisitions in the “History” section at Wiki. Among the many, I found these real eyebrow raisers:
In September 2011 Yandex launched a search engine and a range of other services in Turkey, at yandex.com.tr. The company also opened an office in Istanbul. [Turkey is a questionable partner in the war on terror…]
These two are all about those mobile devices which may soon doom traditional landlines:
In November 2011 Yandex acquired developer SPB Software.
In March 2014 Yandex acquired Israeli geolocation startup KitLocate.
Yandex Browser – a web browser that has a Blink layout engine and is based on the Chromium open source project. The Yandex browser alerts the user when they visit harmful sites and checks downloaded files with Kaspersky anti-virus. The browser also uses Opera Software’s Turbo technology to speed web browsing on slow connections.
Yandex Elements – add-on for web browsers Microsoft Internet Explorer, Mozilla Firefox, Opera and Google Chrome.
Considering recent developments regarding the W.W.Web, That’s some food for thought.
From Mozilla (Firefox)
You try to be healthy offline by eating well. As the saying goes: You are what you eat. But what about your digital self? How healthy is your online diet? Are you crazy for cookies? A sucker for spam? Or are you an open source, tracking-free gourmand?
Take this quiz to find out and get personalized tips from Mozilla.
INSTRUCTIONS – For those who stubbornly use Google as their search engine, I emphasize the first steps.
1) In a new tab, type “Duck Duck Go” .
2) Using the window in Duck Duck Go, type (or copy/paste) your blogs address into it and enter.
You will (anonymously) see everything you have put on the Wild.Wild.Web, other WP blogs, and any comments you made on others blogs. Oh what a tangled web…
Click on any comment listed that you have made on anothers blog, and there will be a feed listing all comments you made. Every one. Comments I bet you forgot you ever made!
NOW you see why it’s prudent to think twice about what you put out there. ‘Nuff said.
In Google We Trust
By Geoff Thompson, Mark Gould, Mario Christodoulou
Updated September 10, 2013 10:45:00
Site has a video here that can’t be imbedded. Use URL to view:
Australians are among the most technically connected in the world, but do we know where our data goes and how it’s being used?
- Video: Interview with Danny O’Brien of Electronic Frontiers Foundation (Four Corners)
- Video: Interview with Troy Hunt, Internet Security Researcher (Four Corners)
- Video: Collusion Web Tracking Video – Popular Sites (Four Corners)
- Video: Collusion Web Tracking Video – Pappas Family (Four Corners)
In Google We Trust – Monday 9 September 2013
Every hour of every day, our digital interactions are being recorded and logged. We live in the age of ‘big data’, where seemingly mundane information about how we go about our lives has enormous value.
Next on Four Corners, with the help of expert data trackers, we follow the information trail of an ordinary Australian family. We follow their data over a typical day, watching as it is surreptitiously recorded by government agencies and private organisations.
Who gathers the information, what are they doing with it and what are your legal rights?
The internet has brought us conveniences once unimaginable. You can shop online, diagnose illnesses, and send ‘selfies’ whenever you want. But it isn’t all one way traffic. Every time you use a search engine like Google, or access an ‘app’ on your smartphone, your activity is logged by companies around the world – many you’ve never even heard of.
That sometimes intensely personal data is either used or sold to make money.
At one level this could be to your advantage. Marketing and advertising is ever more accurately tailored to your wants and needs.
“The sort of products you’re buying can tell a marketer an awful lot about what else you’re likely to buy, you know, what model of car you’re likely to buy, the political party you’re likely to vote for, you know, what sort of job you’re likely to have.” John Ostler, Data Marketer
But where does it end, and what are the consequences? Is your information secure? Not always, Four Corners reveals.
If your user patterns are valuable and being sold on the open market, should you have a say in it? Should you be told who your data is going to, and exactly how it is being used? If your data is being matched with other data for more valuable results, should you be informed?
Four Corners’ investigation reveals that not only are we being tracked online by marketers but Australia’s own government agencies are secretly monitoring our digital travels.
On the road, devices in your car are being logged to register your movements.
When you pass by a police car you will be surprised to discover what modern technology is discovering about you.
This kind of information is already being used in court cases, but public officials can access your data without a warrant and without your knowledge:
“That is one of the areas of law reform that we have to, I think, take the greatest interest in. Which agencies can access this material? What can they do with it? And where on earth are the courts… where’s the legal oversight that applies to a regular search warrant?” Scott Ludlam, Greens Senator
The digital detectives are in shopping centres too, where your movements can be tracked to provide a physical profile of where you go and what you do. Millions of Australians hold supermarket loyalty cards. The data you give away to get them is now being cross-referenced with data from banks to better predict your behaviour.
Companies like Google and Facebook know more about you than your family or your best friends. How did we get to this point and should we care?
No political party has ever explicitly sought your permission for this to happen.
It is a situation that alarms many experts:
“I don’t think any social system, any government, can survive knowing everything about its citizens without ultimately that being corrupted.” Danny O’Brien, Privacy Advocate
“In Google We Trust”, reported by Geoff Thompson and presented by Kerry O’Brien, goes to air on Monday 9th September at 8.30pm on ABC1. It is replayed on Tuesday 10th September at 11.35pm. It can also be seen on ABC News 24 on Saturday at 8.00pm, ABC iview and at abc.net.au/4corners.
Use URL if you want to view the information trail of an ordinary Australian family.
Schneier on Security Lime color font my emphasis “X”
A blog covering security and security technology.
September 15, 2013
How to Remain Secure Against the NSA
Now that we have enough details about how the >NSA eavesdrops on the Internet, including today’s disclosures of the NSA’s deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.
For the past two weeks, I have been working with the Guardian on NSA stories, and have read hundreds of top-secret NSA documents provided by whistleblower Edward Snowden. I wasn’t part of today’s story — it was in process well before I showed up — but everything I read confirms what the Guardian is reporting.
At this point, I feel I can provide some advice for keeping secure against such an adversary.
The primary way the NSA eavesdrops on Internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.
Leveraging its secret agreements with telecommunications companies—all the US and UK ones, and many other “partners” around the world — the NSA gets access to the communications trunks that move Internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.
That’s an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. “Interesting” can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis.
The NSA collects much more metadata about Internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence.
The Systems Intelligence Directorate is in charge of data collection, and the resources it devotes to this is staggering. I read status report after status report about these programs, discussing capabilities, operational details, planned upgrades, and so on. Each individual problem — recovering electronic signals from fiber, keeping up with the terabyte streams as they go by, filtering out the interesting stuff — has its own group dedicated to solving it. Its reach is global.
The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability.
The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO — Tailored Access Operations — group. TAO has a menu of exploits it can serve up against your computer — whether you’re running Windows, Mac OS, Linux, iOS, or something else — and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.
The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs. First, there’s a lot of bad cryptography out there. If it finds an Internet connection protected by MS-CHAP, for example, that’s easy to break and recover the key. It exploits poorly chosen user passwords, using the same dictionary attacks hackers use in the unclassified world.
As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.
TAO also hacks into computers to recover long-term keys. So if you’re running a VPN [NOTE VPN= Virtual Private Network “X”] that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. This kind of thing is only done against high-value targets.
How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
I believe this is true, despite today’s revelations and tantalizing hints of “groundbreaking cryptanalytic capabilities” made by James Clapper, the director of national intelligence in another top-secret document. Those capabilities involve deliberately weakening the cryptography.
Snowden’s follow-on sentence is equally important: “Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”
Endpoint means the software you’re using, the computer you’re using it on, and the local network you’re using it in. If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn’t matter at all. If you want to remain secure against the NSA, you need to do your best to ensure that the encryption can operate unimpeded.
With all this in mind, I have five pieces of advice:
Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.
Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections — and it may have explicit exploits against these protocols — you’re much better protected than if you communicate in the clear.
Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the Internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my Internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good. [X – love this idea; if you have the funds to get an additional computer, I’d hop on this idea! ]
Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
Since I started working with Snowden’s documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I’m not going to write about. There’s an undocumented encryption feature in my Password Safe program from the command line; I’ve been using that as well.
I understand that most of this is impossible for the typical Internet user. Even I don’t use all these tools for most everything I am working on. And I’m still primarily on Windows, unfortunately. Linux would be safer.
The NSA has turned the fabric of the Internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.
Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.
This essay previously appeared in the Guardian.
EDITED TO ADD: Reddit thread.
Someone somewhere commented that the NSA’s “groundbreaking cryptanalytic capabilities” could include a practical attack on RC4. I don’t know one way or the other, but that’s a good speculation.
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Several links on this subject added below this post.
Posted by Bob Lee
SPAM E-MAILS CONTINUING TO CAPITALIZE ON FBI OFFICIALS’ NAMES
The FBI continues to receive reports of spam e-mails that use FBI officials’ names and titles in online fraud schemes. Although there are different variations of these schemes, recipients are typically notified they have received a large sum of money. The latest round of e-mails uses the name of new FBI Director James B. Comey.
Some of the e-mails reported to the Internet Crime Complaint Center continue to use the alleged “Anti Terrorist & Monetary Crimes Division” of the FBI. All e-mails encourage the recipient to send money for various reasons.
Do not respond. These e-mails are a hoax.
Neither government agencies nor government officials send unsolicited e-mail to members of the public. United States government agencies use the legal process to contact individuals.
The public should not respond to any unsolicited e-mails or click on embedded links in these messages because they may contain viruses or malicious software.
If you have received a message that purports to be from the FBI, disregard its instructions and file a complaint at www.IC3.gov.
For previous IC3 alerts concerning e-mail scams targeting the FBI and other government agencies, visit: http://www.ic3.gov/media/default.aspx.
Posted by Bob Lee
Posted by Bob Lee
Posted by Bob Lee
This one in its entirety:
Posted by Bob Lee
I’ll Pay For Your First month! Plain & Simple.
Ok … so what’s up with this one … right?
We all know when something has value, we share it with others (especially when it’s something funny).
It spreads like wildfire from one person to the next.
Next thing you know, people are talking about this thing that made them smile and its on Youtube, being shared in email, tweets, facebook and what have you.
Who would’ve thunk?? And …
Even though it happens over and over again – repeatedly (especially on you-tube video’s) it still AMAZES me to no end.
I know it’s as simple as hitting the Share Button on this App – but still …
You guys are blowing me away with this!
So … Once you decide to stay onboard from the second month on … the first month is on me! (how can you pass that one up?)
Now for the Twister …
Work from Home and Other Job Scams
BBB Warns Against Twitter Money-Making Schemes Through Tweets, e-mail and web sites, job hunters are being told that they can make lots of money from the comfort of home using Twitter and Better Business Bureau warns that the large print for such offers may promise big returns but the fine print can cost them every month.
BBB Warns Job Hunters to Steer Clear of Rebate Processing Job Scams Better Business Bureau is warning job hunters to beware of opportunities to work from home processing rebates. While the job offer may claim that people can earn up to a thousand dollars a day without leaving the comfort of their home, BBB has received hundreds of complaints from victims nationwide who never earned a dime and were, in fact, ripped off for hundreds of dollars in upfront fees.
BBB Warns of Craigslist Job Scam A bogus employment opportunity scam has surfaced on Craigslist claiming to offer a job with the Better Business Bureau. Scammers are posting fake advertisements for employment opportunities for a Data Entry Clerk at Better Business Bureau in regions across North America.
Enigma for Consumers: What Mystery Shopping Jobs? An operation that told consumers they could be hired as mystery shoppers and earn a substantial income, and the telemarketing firm working for them, are facing Federal Trade Commission charges that their claims about job availability and income potential were deceptive.
How I Got Taken by a Work-at-Home Scam Work-at-home-scams are on the rise, consumer watchdog groups say. Scammers are busier than ever because tough economic times are making people more desperate to make money.
Post Office Job Offers from Classified Ads Bogus The Federal Trade Commission has charged an employment-opportunity scammer and his companies with marketing a fraudulent U.S. Postal Service (USPS) employment program. Through advertisements and telephone pitches, the defendants misrepresented that they were connected with or endorsed by USPS; that postal jobs were available; that customers would receive study materials that would help them pass the postal entrance exam; and that customers who pass that exam were assured jobs with USPS. In reality, none of these claims are true
Stay Informed …
p.s. Take a peek