KRACK

A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself—not specific products or implementations—and works against all modern protected Wi-Fi networks. Which means that if your device uses Wi-Fi, KRACK likely impacts it.

Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it.

 

How does KRACK break Wi-Fi security?

KRACK (short for Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken.

 

What devices are affected by KRACK?

If your device uses Wi-Fi, it’s likely vulnerable to the KRACK Wi-Fi security flaw to some degree, though some get it worse than others.

 

What happens when Wi-Fi security is broken?

For starters, the attacker can eavesdrop on all traffic you send over the network. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

 

How to protect yourself from KRACK’s Wi-Fi flaw

Keep your devices up to date! Given the potential reach of KRACK, expect new patches to come quickly from major hardware and operating system vendors. Microsoft says a security patch is already incoming for Windows PCs.

Until those updates appear, consumers can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to your cellular connection on a phone. That’s not always possible though.

If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.”

And again, keep your security software up to date to protect against potential code injected malware.

Device and router Wi-Fi security FAQ

 

Is my phone at risk?

KRACK is a different sort of attack than previous exploits, in that it doesn’t go after devices, it goes after the information you use them to send. So while the data stored on your phone is safe from hacking, whenever you use it to send a credit card number, password, email, or message over Wi-Fi, that data could be stolen.

 

So my router is vulnerable?

That’s closer, but still not totally accurate. It’s not the device that’s at risk, it’s the information, so the sites you visit that aren’t HTTPS are most vulnerable.

 

Oh, so I should change my Wi-Fi password then?

Well, you can, but it’s not going to stop the likelihood of attack. The exploit targets information that should have been encrypted by your router, so the attacker doesn’t need to crack your password to implement it. In fact, it has no bearing on the attack whatsoever.

 

So all devices are at risk?

Now you’re getting it. However, while any device that sends and receives data over Wi-Fi is at risk, the researchers who uncovered the attack said Android devices were more at risk than other mobile phones.

 

Great, I have an Android phone. But I’m running Nougat so I’m safe, right?

Unfortunately, no. Newer phones running Android 6.0 or later are actually more at risk since there is an existing vulnerability in the code that compounds the issue and makes it easier to “intercept and manipulate traffic.”

 

So is my iPhone safe?

Safer than Android, but still not entirely safe.

 

What about my Mac?

The researchers who found the bug initially had a harder time cracking macOS, but subsequent attacks were easier to implement.

 

And Windows PCs too?

Yup, same deal, but Microsoft said in a statement that it has a security update to address this issue is incoming.

 

I run Linux. I’m impenetrable to attack, right?

Not quite. Researchers actually found that Linux machines were the most vulnerable desktop devices, with a similar bug to the one found in the Android code.

 

So should I turn off Wi-Fi?

That’s probably not a viable option for most people, but if you’re completely panic-stricken, then the only way to be completely safe is to avoid using Wi-Fi until you know your router has been patched.

 

OK, I’m not doing that. What else can I do?

Right now, all you can do is wait. Google has already confirmed that it is aware of the issue and will be distributing a patch, and Apple and Microsoft will presumably do the same, as well as Linux purveyors. So keep checking for updates and install them when they arrive.

 

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Advertisements

Ransomware

 

As you may have heard, a new and major ransomware attack was unleashed worldwide back in May of this year (2017), named WANNACRY. This one infected at least 75,000 computers in 99 countries in a very short amount of time. The ransomware locked computers and networks using file encryption software, and demanded payment by Bitcoin (a non-traceable crypto-currency) to release the data.

 

These types of attacks typically enter a computer through a “phishing email” and then spreads to other machines on the same network by exploiting vulnerabilities, including vulnerabilities in the computer’s operating system (although Microsoft did discover the vulnerability and released a patch, many computer users do not regularly update their operating systems and may have missed the critical repair).

 

What can you do to prevent ransomware on your own computer?

Here are a few tips:

  • Don’t click on links from unfamiliar sources. Even if you think you know the sender, be cautious about clicking on email links. When in doubt, DELETE IT! Be especially wary of messages requiring you to act quickly, asking for personal information, or threatening you in any way.
  • Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
  • Use strong authentication, requiring more than a username and password to access accounts, especially critical networks, to prevent access through stolen or hacked credentials.
  • Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
  • Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.

 

For more information, or for a complete system checkup, contact TeCHS!

We are fast, affordable, and friendly. Serving all of Ventura County.

(800) 669-2022 | http://www.ezdigitallife.com

 

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Safeguarding Yourself From Scams – Don’t become a victim! Part 1: Common Techniques

Safeguarding Yourself From Scams – Don’t become a victim! Part 1: Common Techniques

scam-alert1
1.) Phishing : Phishing e-mails mimicking online businesses or banks in an attempt to fool people into freely giving out confidential personal and financial information. URL Obfuscation is the part of the phishing scam that really plays on human error and our brain’s ability to “fill in the gaps” automatically by sending a victim to a fraudulent web site address that looks almost exactly like a real address (i.e. http://www.pay-pal.com versus http://www.paypal.com).

2.) Pharming : Pharming is another form of phishing that “poisons” a person’s computer’s DNS cache and redirects visitors from a real web site to a bogus mirror site. Every web site has its own internet address and the Domain Name System (DNS) translates the IP address into the host name. A DNS cache poisoning changes the entries in the computer so when the legitimate site is typed in, the victim is sent to a fraudulent web page instead.

3.) Trojan Horse : Trojan Horses are malicious software files that infiltrate your PC by hiding in seemingly innocuous files. Some Trojans, called “keystroke loggers,” record every one of a person’s keystrokes and send that information back to the attacker.

4.) Trojan : Zombie Computers and Man-In-The-Middle Attacks are part Trojan and the malicious software that is installed on the victim’s computer allows that person’s PC to be controlled remotely by their attacker without their knowledge. The Man-In-The-Middle attack is frequently partnered with an “Evil Twin” which is a fake wireless internet hot spot connection that looks almost like a legitimate service. When the victim attempts to connect, the criminal launches a transaction to get the victim’s credit card information in the form of a standard pay-for-access deal to use the wireless internet.

5.) Cashier’s Check Scams : There are numerous ways to use cashier’s checks in scams. Here are a few of the most common –

Money mule: you receive payments, and you’re supposed to deposit the payments to your account and forward the money to somebody else. Often advertised as a work-at-home check processing job, these schemes are often problematic. In some cases, you’re laundering money for criminals. In other cases, the first few payments are fine, but eventually you’ll get a fake check (after they’ve gained your trust) and you’ll lose money.

Foreign wealth scams: somebody you don’t know reaches out to you and asks for your help transferring a large sum of money out of a corrupt nation. In exchange, you can keep a tiny fraction of the transfer, which is more than you make in a year. Of course, you’ll have to send money to somebody to complete the transfer (which will never arrive).

Inheritance and lottery scams: you’re about to receive a lot of money, but you’ll need to pay a small amount for taxes or legal fees to “release” the funds. It’s a small price to pay for the riches that are headed your way. Of course, they’ll never materialize.

Property rental scam: somebody is moving to your area for a new job. They’d like to pay the first and last month of rent (and security deposit) with a cashier’s check before they ever see the property. The day after you deposit the check, they say there was an issue with the job – they’re not coming, so they don’t need the rental. You can keep the security deposit, but they’d like for you to return some of the rent. After you send the refund, you’ll find that the check was a fake.

Part 2 (JULY) will go over a few tips to protect yourself.

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page Google+ LinkedIN Pinterest Twitter YouTUBE

Online Safety, Part 2 – Unsolicited Calls

I write a lot about staying safe online but in our world this subject is incredibly important. Over the next few months I will be writing about general online safety tips.

Scam-Alert

There is a very common scam out there right now where you will get a call and the person on the hone will say something like this: “Your computer is infected with a virus and I will help you get rid of it.” They also usually state they are from “Microsoft” or “Apple” or some other large computer company. They are not. They are nothing more than lying thieves.

They will then ask you to go to a specific web site address and allow them access to take control of your computer.

DO NOT DO THIS!
NEVER DO THIS.

Hang up IMMEDIATELY! Then block the phone number from your phone (or add to the auto-reject list).

We even get these calls at our office!
I admit, if we aren’t busy we have a little fun with these people… and if you are so inclined, I suggest doing so yourself but NEVER go to the site they tell you to and NEVER give them access to your computer.

Once you allow them access, they will have total control over your system, your data, your digital life.

~Your TeCHS

~~**~~**~~

Photobucket

Facebook Page Facebook Profile Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

 

Online Safety, Part 1 – Links

I write a lot about staying safe online but in our world this subject is incredibly important. Over the next few months I will be writing about general online safety tips.

links

LINKS : If it looks suspicious, even a tiny bit, don’t click on it. Just don’t. Resist the urge. Close the browser or delete the email and DO NOT CLICK!

Your bank (or PayPal, or eBay, or ETSY, etc) WILL NEVER email you asking for your bank account number, your social security number, a credit card number, etc. If you get an email that looks like it is from a legitimate company asking you to log in to your account for any reason (like those listed above), delete the email. If you think it is real, delete the email anyhow – NEVER CLICK A LINK IN THESE TYPES OF EMAILS. You can always type the company’s web address into your browser yourself to get to their real website and check on your accounts. Never ever click the links.

A lot of link-related scams come in emails from what looks like your friends and family. Check the email address (you can usually see the address it came from by hovering your mouse over the sender’s name) – you will see that the email address is not your loved one’s email. The scammers are simply using their name to get you to click the link they sent and grab all of your contacts as well.

There are so many scams out there right now that phish for your information like this. Once you click the link – they have you! Sometimes all they get are your contacts, sometimes they take over your entire computer… and if you happen to click on one that infects your computer with ransomware you may lose all of your data, or a big chunk of your money trying to salvage your data.

~Your TeCHS

~~**~~**~~

Photobucket

Facebook Page Facebook Profile Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

 

 

Three tips to help you stay safe online

Three tips to help you stay safe online

Scammers are constantly increasing their fake emails and calls… Here are three really good ways to protect your identity and information online from criminals, scams, and phishing attempts.

  • Keep a clean machine: Keep all of your software up-to-date (especially operating system updates) on all Internet-connected devices to reduce risk of infection and malware. Check for updates regularly and make sure they are installed.
  • Use a better password: Improve your defenses on accounts by making passwords that you can remember and that are hard to guess. Passwords should use a combination of numbers, capital and lowercase letters and symbols. They should also be different for every account.
  • Passcode protect:  Every device ‒ laptop, tablet or smartphone ‒ should be protected with a passcode or password to prevent unwanted access if it is lost or stolen.

~Your TeCHS

~~**~~**~~

Photobucket

www.ezDigitalLife.com

 photo fb-like_zps155bff42.png  photo facebook_zps181b02a4.png  photo youtube_zpse7f4655a.png  photo pinterest2_zpsad33f4c3.png google-plus-icon

Your Digital Life Simplified!

‘Smishing’

‘Smishing’ Another Identity Theft Scam

Have you ever been “smished”?

Identity theft experts warn us all to be on the alert for text messages with links — they could be an identity theft scam known as smishing. Similar to phishing (which involves email), smishing uses cell phone text messages to deliver bait that’s intended to get you to divulge personal information.

Smishing may involve winning a prize or a message that contains something that requires your immediate attention — the link tells you to “click here.” If you click on the infected link, it downloads malware that allows the bad guys to gain control of your device remotely. They can then use your phone from anywhere in the world to access your banking information, credit card data and the like.

What to do if you receive a text message that asks for sensitive information:
-Do not reply to the message.
-Do not click on any of the links that may be embedded in the message.
-Contact your carrier’s privacy or fraud team. If their company name or brand is used in efforts to fraudulently obtain personal information, they may choose to pursue legal action.
-Contact your bank or financial institution to be sure your accounts have not been compromised.

Visit the FTC Identity Theft website to learn more about how to minimize damage from identity theft. If you believe that you have been a victim of a smishing scam, you can file an online complaint with the Federal Trade Commission’s Complaint Assistant.

The bottom line:
-Just don’t click the link!

As technology provides new ways to expose and defend against familiar scams, clever con artists will devise new ones. Always be careful what you click on.

~Seth & Kim Ralph, TeCHS

~~**~~**~~

Photobucket

www.ezDigitalLife.com

Your Digital Life Simplified!

  • TeCHS FB Page

  • Get Our Newsletter

    Want awesome tech tips & tricks sent directly to your inbox? Get our newsletter!

    Simply click the link below to signup.

    NEWSLETTER SIGNUP

  • Recent Posts

  • TeCHS on Twitter

  • Calendar

    December 2017
    M T W T F S S
    « Nov    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Archives

  • TeCHS Logo Ball
  • Pages

  • Connect with Your TeCHS

    Facebook Page Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

  • Enter your email address to follow this blog and receive notifications of new posts by email.

  • Follow ezdigitallife | TeCHS on WordPress.com
%d bloggers like this: