KRACK

A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself—not specific products or implementations—and works against all modern protected Wi-Fi networks. Which means that if your device uses Wi-Fi, KRACK likely impacts it.

Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it.

 

How does KRACK break Wi-Fi security?

KRACK (short for Key Reinstallation AttaCK) targets the third step in a four-way authentication “handshake” performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network. The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken.

 

What devices are affected by KRACK?

If your device uses Wi-Fi, it’s likely vulnerable to the KRACK Wi-Fi security flaw to some degree, though some get it worse than others.

 

What happens when Wi-Fi security is broken?

For starters, the attacker can eavesdrop on all traffic you send over the network. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

 

How to protect yourself from KRACK’s Wi-Fi flaw

Keep your devices up to date! Given the potential reach of KRACK, expect new patches to come quickly from major hardware and operating system vendors. Microsoft says a security patch is already incoming for Windows PCs.

Until those updates appear, consumers can still take steps to safeguard against KRACK. The easiest thing would be to simply use a wired ethernet connection, or stick to your cellular connection on a phone. That’s not always possible though.

If you need to use a public Wi-Fi hotspot—even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.”

And again, keep your security software up to date to protect against potential code injected malware.

Device and router Wi-Fi security FAQ

 

Is my phone at risk?

KRACK is a different sort of attack than previous exploits, in that it doesn’t go after devices, it goes after the information you use them to send. So while the data stored on your phone is safe from hacking, whenever you use it to send a credit card number, password, email, or message over Wi-Fi, that data could be stolen.

 

So my router is vulnerable?

That’s closer, but still not totally accurate. It’s not the device that’s at risk, it’s the information, so the sites you visit that aren’t HTTPS are most vulnerable.

 

Oh, so I should change my Wi-Fi password then?

Well, you can, but it’s not going to stop the likelihood of attack. The exploit targets information that should have been encrypted by your router, so the attacker doesn’t need to crack your password to implement it. In fact, it has no bearing on the attack whatsoever.

 

So all devices are at risk?

Now you’re getting it. However, while any device that sends and receives data over Wi-Fi is at risk, the researchers who uncovered the attack said Android devices were more at risk than other mobile phones.

 

Great, I have an Android phone. But I’m running Nougat so I’m safe, right?

Unfortunately, no. Newer phones running Android 6.0 or later are actually more at risk since there is an existing vulnerability in the code that compounds the issue and makes it easier to “intercept and manipulate traffic.”

 

So is my iPhone safe?

Safer than Android, but still not entirely safe.

 

What about my Mac?

The researchers who found the bug initially had a harder time cracking macOS, but subsequent attacks were easier to implement.

 

And Windows PCs too?

Yup, same deal, but Microsoft said in a statement that it has a security update to address this issue is incoming.

 

I run Linux. I’m impenetrable to attack, right?

Not quite. Researchers actually found that Linux machines were the most vulnerable desktop devices, with a similar bug to the one found in the Android code.

 

So should I turn off Wi-Fi?

That’s probably not a viable option for most people, but if you’re completely panic-stricken, then the only way to be completely safe is to avoid using Wi-Fi until you know your router has been patched.

 

OK, I’m not doing that. What else can I do?

Right now, all you can do is wait. Google has already confirmed that it is aware of the issue and will be distributing a patch, and Apple and Microsoft will presumably do the same, as well as Linux purveyors. So keep checking for updates and install them when they arrive.

 

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Advertisements

Ransomware

 

As you may have heard, a new and major ransomware attack was unleashed worldwide back in May of this year (2017), named WANNACRY. This one infected at least 75,000 computers in 99 countries in a very short amount of time. The ransomware locked computers and networks using file encryption software, and demanded payment by Bitcoin (a non-traceable crypto-currency) to release the data.

 

These types of attacks typically enter a computer through a “phishing email” and then spreads to other machines on the same network by exploiting vulnerabilities, including vulnerabilities in the computer’s operating system (although Microsoft did discover the vulnerability and released a patch, many computer users do not regularly update their operating systems and may have missed the critical repair).

 

What can you do to prevent ransomware on your own computer?

Here are a few tips:

  • Don’t click on links from unfamiliar sources. Even if you think you know the sender, be cautious about clicking on email links. When in doubt, DELETE IT! Be especially wary of messages requiring you to act quickly, asking for personal information, or threatening you in any way.
  • Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
  • Use strong authentication, requiring more than a username and password to access accounts, especially critical networks, to prevent access through stolen or hacked credentials.
  • Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
  • Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.

 

For more information, or for a complete system checkup, contact TeCHS!

We are fast, affordable, and friendly. Serving all of Ventura County.

(800) 669-2022 | http://www.ezdigitallife.com

 

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Safeguarding Yourself From Scams – Don’t become a victim! Part 1: Common Techniques

Safeguarding Yourself From Scams – Don’t become a victim! Part 1: Common Techniques

scam-alert1
1.) Phishing : Phishing e-mails mimicking online businesses or banks in an attempt to fool people into freely giving out confidential personal and financial information. URL Obfuscation is the part of the phishing scam that really plays on human error and our brain’s ability to “fill in the gaps” automatically by sending a victim to a fraudulent web site address that looks almost exactly like a real address (i.e. http://www.pay-pal.com versus http://www.paypal.com).

2.) Pharming : Pharming is another form of phishing that “poisons” a person’s computer’s DNS cache and redirects visitors from a real web site to a bogus mirror site. Every web site has its own internet address and the Domain Name System (DNS) translates the IP address into the host name. A DNS cache poisoning changes the entries in the computer so when the legitimate site is typed in, the victim is sent to a fraudulent web page instead.

3.) Trojan Horse : Trojan Horses are malicious software files that infiltrate your PC by hiding in seemingly innocuous files. Some Trojans, called “keystroke loggers,” record every one of a person’s keystrokes and send that information back to the attacker.

4.) Trojan : Zombie Computers and Man-In-The-Middle Attacks are part Trojan and the malicious software that is installed on the victim’s computer allows that person’s PC to be controlled remotely by their attacker without their knowledge. The Man-In-The-Middle attack is frequently partnered with an “Evil Twin” which is a fake wireless internet hot spot connection that looks almost like a legitimate service. When the victim attempts to connect, the criminal launches a transaction to get the victim’s credit card information in the form of a standard pay-for-access deal to use the wireless internet.

5.) Cashier’s Check Scams : There are numerous ways to use cashier’s checks in scams. Here are a few of the most common –

Money mule: you receive payments, and you’re supposed to deposit the payments to your account and forward the money to somebody else. Often advertised as a work-at-home check processing job, these schemes are often problematic. In some cases, you’re laundering money for criminals. In other cases, the first few payments are fine, but eventually you’ll get a fake check (after they’ve gained your trust) and you’ll lose money.

Foreign wealth scams: somebody you don’t know reaches out to you and asks for your help transferring a large sum of money out of a corrupt nation. In exchange, you can keep a tiny fraction of the transfer, which is more than you make in a year. Of course, you’ll have to send money to somebody to complete the transfer (which will never arrive).

Inheritance and lottery scams: you’re about to receive a lot of money, but you’ll need to pay a small amount for taxes or legal fees to “release” the funds. It’s a small price to pay for the riches that are headed your way. Of course, they’ll never materialize.

Property rental scam: somebody is moving to your area for a new job. They’d like to pay the first and last month of rent (and security deposit) with a cashier’s check before they ever see the property. The day after you deposit the check, they say there was an issue with the job – they’re not coming, so they don’t need the rental. You can keep the security deposit, but they’d like for you to return some of the rent. After you send the refund, you’ll find that the check was a fake.

Part 2 (JULY) will go over a few tips to protect yourself.

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page Google+ LinkedIN Pinterest Twitter YouTUBE

SCE Scam Warning

Please be aware that utility imposter scams are on the rise here in Southern California. Imposters claiming to be with Southern California Edison (SCE) are calling people and demanding immediate payment to avoid electricity service being disconnected due to allegedly past due bills. The caller demands that the customer purchase a prepaid cash card, call the imposter back, and give the imposter the cash card number.

Customers suspecting any fraudulent activity of this nature should ask for the caller’s name, department, and business phone number. Customers should then immediately terminate the call and call the local police! and SCE at (800) 655-4555.

Always remember that a real SCE employee:

  • Will never call and demand immediate payment.
  • Will never threaten to cut off your service.

Also:

  • Never give out any of your own personal information (including your credit card number, ATM or other card number, PIN numbers, account number, etc).
  • If someone calls you and requests that you leave your home at a specific time for a utility-related cause, call the police. This could be a burglary attempt setup by the caller.
  • Always be suspicious of anyone who arrives at your home without an appointment asking to check an appliance, wiring, or suggesting that there may be some electrical problem inside your residence. SCE employees would have setup that appointment ahead of time and all SCE employees will be wearing an ID badge.

~Your TeCHS

~~**~~**~~

Photobucket

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Facebook Page  Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

What do you do if your email has been hacked?

What do you do if your email has been hacked?

Have you ever tried to check your email but you find you can’t log in. Your friends and family might even be receiving messages that you know you didn’t send. What’s the deal? Unfortunately, you’ve probably been hacked! It may be because of malware installed on your computer, a company’s data breach, or even someone you know who was able to guess your security questions and change your password.

So… what do you do if your email has been hacked? Here are a few quick steps you can take to help recover your account and protect the security of your identity and your personal information.

  1. Check your security software now!

Hackers usually gain access to your accounts and passwords through computer viruses you might not have noticed. You will need to make sure your computer is clean before you do anything else.

Also, you will want to make sure that your computer and all of the important software (like your anti-virus) are up to date. Take a look at your settings and make sure they are set to update automatically. Then, run a security scan and see if there are any problem programs or viruses. Delete anything that comes up as suspicious, and restart your machine.

  1. Change your passwords.

Once you have made sure that your computer is virus free you will want to change your passwords. Changing passwords is always a bit of a pain… but it really should be done every few months even if you have no problems. Some people like to use password managers which generates very strong passwords and keeps track of them for you. Those usually come with a monthly fee.

  1. Check with your email provider.

The company that hosts your email should have measures that you can take to verify your identity and restore access to your account (such as texting a code to your phone). Once you have regained access to your email account, go to your settings and check them thoroughly. You will want to make sure your emails aren’t being forwarded to somebody else… and check to make sure that no links have been added to your email signature.

  1. Spread the word.

If you are at all concerned that your account has been compromised you need to let your friends and family know… they might have to do some work of their own if they clicked on a bad link that came from what they thought was you.

Also, sharing this blog post may help someone you know.

~Your TeCHS

~~**~~**~~

Photobucket

Facebook Page Facebook Profile Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

Preventing Mobile Malware

Preventing Mobile Malware

Smartphones and tablets now have as much, if not more, private data on them than computers, so attempting to get malware on these devices is logical (from a criminal’s point of view). It is no wonder that online criminals have started focusing more heavily on infecting mobile devices. Potentially harmful applications include spyware, ransomware and fraudulent apps.

Most malicious software is found in third-party app stores that are popular in a few countries. These third party app stores are loaded with pirated versions of software or trojanized applications.

There are three simple steps you can take to keep malware off of your mobile devices:

  1. Use the official app store for your device

The two official app stores, Google’s Play store and Apple’s App Store, regularly check all software in their stores for malicious behavior. The automatic checks aren’t perfect but they do help and the companies remove any programs found to be malicious.

  1. Do not jailbreak your phone

Mobile devices come with a lot of built-in security and using a program to ‘hack’ the device to remove the carriers’ and manufacturers’ restrictions (called jailbreaking) undermines the security protecting the devices.

  1. Update!

The mobile software space is always moving quickly and developers are constantly adding bug fixes, including security issues. You should update your software as frequently as possible and always look out for system updates.

 

~Your TeCHS

~~**~~**~~

Photobucket

Facebook Page Facebook Profile Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

Your Digital Life Simplified!

www.ezDigitalLife.com | (800) 669-2022

  • TeCHS FB Page

  • Get Our Newsletter

    Want awesome tech tips & tricks sent directly to your inbox? Get our newsletter!

    Simply click the link below to signup.

    NEWSLETTER SIGNUP

  • Recent Posts

  • TeCHS on Twitter

  • Calendar

    December 2017
    M T W T F S S
    « Nov    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Archives

  • TeCHS Logo Ball
  • Pages

  • Connect with Your TeCHS

    Facebook Page Google+ LinkedIN Pinterest Twitter TeCHS Blog YouTUBE

  • Enter your email address to follow this blog and receive notifications of new posts by email.

  • Follow ezdigitallife | TeCHS on WordPress.com
%d bloggers like this: