How to Protect your privacy online

Privacy - Privacy Online

Online Data

52 percent of respondents shared personally identifying information through social media sites.  — Dan Raffer

Do you know how much of your personal data is out there? There are many people who will not know just how much data is available on the internet. You could literally find information about a person where they live, their phone number and even their email address if you really know where to go to search for this information. No I am not joking, it is really not hard to find this information and that is what most people just don’t realize.   As you might think, most people are leaking their information in many ways from their hair color to their favorite food on social media sites and this just as dangerous as you might not realize.

Hearing what I just told you, how do you feel about it?

“Most browsers — including Chrome, Firefox and Safari — offer some sort of private browsing window.” Christian Stewart

You can protect your privacy somewhat by using this private browser such as Chrome’s Incognito window but this is only the first step to protect your privacy online. You should also disable third party cookies and also use a good privacy focused search engines such as duckduckgo (duckduckgo.com), or Wolframalpha (wolframalpha.com) to help keep people from tracking you. These are all good and will help you not be tracked as much on the internet and keep your privacy safe.

Be skeptical

More than 99 percent of threats observed required human interaction to execute.Gamelearn

Did you know that it could be as simple as being very skeptical of any links you have been sent or browsing on the web. Not every link on the internet is safe for us to click. So How do you know if it is safe to click? These are good questions that need to really be thought out before you click any link you want. Some of the common questions I ask myself are:

  • Did I receive this link without being told?

  • Was it a popup message or something like that?

  • Do I know the person who sent it?

  • Is the URL link hidden from my site?

  • Was it sent on a Social Media site?

If you answered yes to at least one of these questions you should be very cautious to click the link. Most of the time if you received a message saying your system is infected you would be quick to click that link but that would be the wrong. Most virus authors will pray on your emotions and social engineer the attacks that will get them the most results.

Stop with the easy passwords

This is the most valuable tip I can give you, everyone who’s anyone will not create complex passwords because we aren’t complex. Humans especially when it comes to passwords will not create a really hard password because it will be hard for them to remember it. Definitely don’t write down your passwords for others to see. You’ve seen shows or movies like Ready Player One. If you seen the movie Ready Player One, in the movie Sorrento leaves his password on the rig and well you know the rest but it makes a great point that there are better ways to keep your passwords safe. I recommend using a password vault or a password manager that will do the job. I currently use Lastpass for all my needs but I am sure there are other free password managers that will create, encrypt, and even save those passwords for the next time you visit a website. Any good password manager is really going to be better at create a unique password than you would.

Use 2 factor authentication

It’s time to use 2 factor authentication. It is something you have and not something you know, you should make it extremely hard for any key-logger or other such methods from controlling your account. This is where 2 factor authentication comes into play, they might know your password but they will also need to know or have a way to authenticate in other ways. So it is best to have this turned on even if you are using your cell phone, it will provide another layer of protection and will keep your accounts safe.

When it comes to privacy, it can be a big struggle just to keep your information safe. There are several ways you can keep it from those big baddies that want to use your information for piracy and identity theft. We can never really understand why but we can at least work hard at making sure our information isn’t in the wrong hands.

How password security will change in 10 years!

Passwords are going out the Window!

We’ve seen in the past where people have used such words as ninja, jesus, 12345678, and password!  I’ve talked about Lastpass in the past and I really believe they are the best possible combination of the two. With the recent questions of Password Length and Password Strength, I have come to the conclusion that in the coming years.   People will be doing a 3 factor authentication and having the passwords as a back up.   It really would be nice to have two ways to authenticate and not have to put in a password.

3 factor authentication!

I know your Password! Click image to see!Three factor authentication is a simple concept.   Since we have a password we can simply use two other ways to authenticate for example a cell phone and maybe a Yubi Key.  The password will be the backup for one or the other.  If you lost your phone and still would need to authenticate you password would be one you can use in an emergency. Thus it really becomes a 2 factor authentication but since we could use all three to authenticate it would make it that much harder for a hacker to brute force an attack and get your sensitive data.

2 factor authentication!

Although most people don’t think of this but having a limited number of possible access to the important data can make it just that much harder and maybe get the hacker to go somewhere else.   What about social networks?  Do we really need that for social?  I am thinking maybe and it just depends on how you login in the first place.   I would love most of them to to maybe let me authenticate with Google and come back to them but that leaves a large hole.   It just depends on how valuable your social status is and what the possible outcome of someone getting a hold of that social network.  

Elite passwords!

Some would call it “leet” speak,  and I’ve heard people say this is something we should do in reguards to making a password.   I tell you know, we already have a 2,000 most common passwords and I am betting it has some really good leet passwords already.  So what makes a hacker no try those to hack your account.   I would think these would be tried after the primary just because this would also be the easiest way to gain access to an account.

In Ten years!

I am pretty confident in ten years we will see something like this happen and we will no longer be depending on a system that was developed in the late 1990’s.   We have to be ready for change and keep it.  I just hope it happens sooner rather than later and that most companies should jump aboard and help us get this implemented.   I don’t know how hard this will be but it will be nice to not have to worry about a password anymore with my bank or other financial institution. 

Paul Sylvester

One thousand GamerTags have been Hacked on Xbox!

Brought to you by Pastebin

XBOX has been Hacked!

From what I can tell there are 1,009 GamerTags with passwords and email addresses. I am unsure how many of them are real and how many are just fake or if they are all fake. I do know if you have an XBOX account and you want to know if your account is hacked you can go to Pastebin and hit Control-F and either enter your GamerTag or email address.

Change your Password!

If you need to change your password on your XBOX account, all you really need to do is reset your live account.   Somethings to remember when changing your password is to have a difficult password and also something that can have a Dictionary Attack on it.  This has happened in the past with Xbox having accounts being hacked, it actually happened in 2007.  I recommend using something like Lastpass to create a very strong password that is hard to crack.   I know the pain of entering that password into XBOX but that is one way no one will gain access to your account!

Paul Sylvester

Techniques to remove malware from your domain!

Starfleet Officer Image by Sam Howzit via Flickr

Websites and domains!

I recently had to help my favorite club remove some malware off their website.   My club, Starfleet-command Quadrant One website, was one of those sites that didn’t see this coming.   As a website owner, I’ve seen many of things come and go but experience has taught me that it will always come back.  I will be watching for this again in the near future but hopefully it won’t come back!

The back story was something that I have to at least talk about because this is how the site got infected.

One reason that this site got infected was by being hosted with the same hosting server.  They were both using the Goddady shared hosting account to display their webpages or forums on the internet.   Thus Godaddy, with their infinite wisdom tried to explain it away as that.    I don’t know if I buy that reason or if there was something else that might of been the culprit but I do know this website had urls redirects and such to malware sites.  I much rather keep with Hostgator, then have Godaddy anyways.

Another Reason is that it was probably some kind of key logger, or something that was sending back the important password information to a Command and control server and thus the website owner was infected or someone in the organization that had access to the account was unintentionally allowing a hacker to gain access to the website.

Removing the Malware off your Site!

Nothing in the world is ever going to be easy, but it is necessary to get into the guts of the website.   Your probably thinking, websites don’t have guts.   You’d be wrong, when I thought about having to go through each part of the code and remove the html malware redirects that is what I mean by guts.      Many people will come to understand that as a programming language but I like to think of it as a doctor who does surgery to remove an infectedc limb or something like that.

So I’m going to give you a few areas to look at if your having this problem with Malware being on your site or domain.   It won’t always be the same place for the same infection but it will at least help you find it and remove it.

.htaccess — This is one place where they will first make changes to redirect traffic to the domain that they want your visitor to. If you have had much experience with what it does.   It is a good time to learn what they do and how to use them.

 

index.php or index.html— This is something that the hackers have learned to use but most often is over looked.   This is something that I haven’t seen before until now.   Certain browser will display the virus or malware warnings and others will not even see it or have any problems!   See example for more information, because I couldn’t do a better job then them!

 

Check Subdomains and subdirectories —   This is something that is also needs to be looked at.   even if they aren’t showing the signs of being being infected it is always a good idea to at least make sure they stay uninfected.   Check them for the .htaccess and index code and remove what you need or change it to where it should be going to in the first place.   I found the .htaccess redirect code all in subdomains and sub directories on the one that I helped to remove the infection from.

 

Change ALL passwords — This is a MUST, if you’ve been infected then your passwords are at risk of being the source of the infections.   Change your FTP Password, your log in information password, and anything associated with the site in question and possibility the subdomains passwords.

 

Limit the number of people with the new passwords — if your like me, you don’t want to many people to have the ftp password and thus you should consider only allowing a select number of people having it.   Like the organization I have, they have people left and right who use it to upload files and stuff that is needed.   It also might be required to just have a server that is used for nothing else but to upload files for publications and other things like that.

 

Disclaimer

Nothing in the article is a must do or will get rid of your site being blocked by Google and other such search engines but it will at least give you a place to start looking to find culprit and maybe get your site running again quicker.   I will not make any guarantees that this will fix the problem or that it will solve your problem 100% but this is to be used as a tutorial on where to look and what you should do to prevent re-infections with malware.

 Paul Sylvester

SUPERAntiSpyware, with over 20 million users worldwide, is the most thorough scanner on the market. SUPERAntiSpyware

 

 

 

 

 

Enhanced by Zemanta

Amazon really is Confusing some times!

Your Amazon.com password has been changed!

Dear [First] [Last],

This is an important message from Amazon.com

As a precaution, we’ve reset your Amazon.com password because you may have been subject to a "phishing" scam.

Here’s how phishing works:

A scam artist sends an e-mail, which is designed to look like it came from a reputable company such as a bank, financial institution, or retailer like Amazon.com, but is in fact a forgery. These e-mails direct you to a website that looks remarkably similar to the reputable company’s website, where you are asked to provide account information such as your e-mail address and password. Since that web site is actually controlled by the phisher, they get the information you entered.

Go to amazon.com/phish to read more about ways to protect yourself from phishing.

To regain access to your Amazon customer account:

1. Go to Amazon.com and click the "Your Account" link at the top of our website.

2. Click the link that says "Forgot your password?"

3. Follow the instructions to set a new password for your account.

Please choose a new password and do not use the same password you used with us previously.

Thank you for your interest in Amazon.com

Sincerely,

Amazon.com

Please note: this e-mail was sent from an address that cannot accept incoming e-mail. To contact us about an unrelated issue, please visit the Help section of our website.

This Happened a Few Days ago, and I thought I would talk about the security implications of this email. Some users and people are thinking this is fake. Obviously, I was concerned like everyone else so I contacted Amazon to find out about this. I talked on the Phone, and talked to a Representative that didn’t really know why my password was changed. So they told me the she’d give my email address to a specialist and that was it.

Account Alert: Please Read

Greetings from Amazon.com.

Please take the time to read this message – it contains important information about your Amazon.com account.

After careful review of your account, we believe it may have been accessed and used by a third-party to attempt to make purchases without your permission. It seems that someone obtained your personal account and/or financial information elsewhere, and used it on Amazon.com to access your account. Please note that no unauthorized charges were completed as we were able to cancel the order(s).

We have taken immediate steps to secure your account. We’ve assigned a new, temporary password to prevent further access by the unauthorized third-party, and removed any credit cards or other payment methods from your account. Additionally, if any information was added to your account by someone other than you, it has been removed. Your account access has been restored and is available to use at your convenience.

You’ll need to reset your password when you return to our site. Just click “Your Account” at the top of our Home page and select “Forgot your Password?” in the Settings section.” Enter your email address as prompted, and once completed, we’ll send you an e-mail containing a personalized link. Click the link from the e-mail and follow the directions provided. Your new password will be effective immediately. Please note that you will need to re-enter your complete credit or debit card number during the checkout process.

It is important to know that Amazon.com accounts can only be accessed by those who know personal, specific information about you and your account, including your email address and Amazon.com password. As mentioned above, it appears someone obtained this personal account information elsewhere and used it on Amazon.com to access your account.

While it is not clear how this happened in your case, we do know that personal account information is often obtained by scam artists who send unsolicited email to unsuspecting users asking them to "update" their account information. The email usually contains a link to a website that is controlled by the thief asking the user to submit personal information including email address, password, credit card number, and other relevant information. Once the information is obtained, the scam artist can then gain access to numerous online accounts since many internet users frequently use the same user name, email address, password, and financial information at multiple web sites.

Please know that Amazon.com employees will *never* ask for your password, nor will we ever send an email asking you to verify personal information.

Although it appears someone did access your Amazon.com account, they would not have been able to view your full credit card numbers as they are never displayed on our site. However, it is possible your credit card numbers may have been compromised at the time your other personal information was obtained. Therefore, we suggest you carefully review recent credit card statements to check for any unusual activity or unauthorized charges.

In the future, you can protect your Amazon.com password and account by following some of these safety tips:

———————————————————————–

1. Choose a good password: Use at least 8 characters and a combination of letters and numbers. Do not use single dictionary words, your name or other personal info that can be easily obtained, or a password that contains part of your email address.

2. Password protection: Avoid using the same password at multiple sites or for your email account. Do not share your password with others.

3. Account protection: Be cautious of unsolicited emails that appear to come from reputable online shops or services that ask you to submit personal information such as your credit card number, email address, and password. Often these emails will look as though they come from the company you’re familiar with, and the email will ask you to click on a link and "sign in". You should never provide this kind of personal information in an unsolicited email.

I don’t know if this isn’t just an automated message because anyone who know me, knows I do listen to Security Now and other such security podcasts. So I know about phishing attacks and other such ways of how someone can get your password. I’ve recommended Lastpass in the past and still recommend it. I don’t get what happened but it looks like they were concerned with my account and decided it need to be restricted until I changed my password. I even like the fact that Lastpass now uses Yubikey as a second factor of authen
tication, which I am quite glad they have implemented this. Great Going Laspass guys.

Don’t Click Links in Emails!

I’ve talked about in the past but I thought it was something that we should at least remind people. If you get an email with a link to your account and you’re not expecting it then don’t click it. You can click links if your resetting your password but those are expected. I always tell people if your not expecting it, talk to the person who sent it to you because they might have a virus or some link that will compromise your account or get your passwords. Remember, surf safe and think about your security.

Security is #1

Paul Sylvester