Wednesday, December 25, 2013

Merry Christmas


My prayers for a blessed Christmas

and my best wishes for a happy, healthy 

and successful 2014.

Saturday, December 7, 2013

Passwords - Again --- Updated 12/09/2013

I got this email from a customer:
. . . I heard on the news today that Google is one of many companies whose computers were recently hacked and that passwords were obtained.  I don’t use Google mail on my computer but rather Windows mail. However, in order to have access to Play Store apps, I had to open a Google account on my Samsung smartphone and that password is the same as my computer password. I just closed my Google account on my smartphone. Should I change my password on my computer and if so, how do I do that? I use that same password extensively for other applications. . .
Here is my reply:

You raise a heck of a lot of important questions in your text. Because the issues you are touching on IMHO are very important I will try to reply to every single part separately and interspersed in your text.
I heard on the news today that Google is one of many companies whose computers were recently hacked and that passwords were obtained.
A good example of uninformed sensationalist reporting. What literally ALL halfway decent companies stores are NOT passwords but encrypted passwords. That is technically and for hacking purposes a BIG difference.
I don’t use Google mail on my computer but rather Windows mail.
IMHO using ANY Microsoft email program puts your computer at a far greater risk that the stolen Passwords do. "only" two million passwords from together three companies were stolen; these affected companies together have many hundreds of millions of users. That makes the percentage of compromised passwords VERY small.

There were no reports on how these passwords got in the wrong hands. I have no information on this either but I suspect that some gang of miscreants had a well working virus program on many computers world wide and that virus program copied the passwords. Now THAT would be bad because the virus program would get the real and not yet encrypted passwords directly from the keyboard when they are typed.

Update 12/09.1023: I just read that it was actually 154 million accounts that got compromised. Now That's a different thing now.
 However, in order to have access to Play Store apps, I had to open a Google account on my Samsung smartphone and that password is the same as my computer password.
1. Exactly what do you mean with "computer password"? The one you type to log on to your Windows account or one that you use on any web site? The former is no problem, just change it locally on your computer. The latter poses possibly a risk.

2. Using the same password on more than one service is always a risk and should be avoided.
I just closed my Google account on my smartphone.
That does not eliminate risks from stolen passwords.
 Should I change my password on my computer and if so, how do I do that?
That depends on what exactly the password is used for that you mention. If it is for your local user account then google the name of your operating system and change the password; google something like "windows 7 change user password". You will get many pages with descriptions of how to do that.
I use that same password extensively for other applications. . .
That definitely is about the biggest mistake you can make. Please read the following articles on my blog for lots of background information:

    Passwords too simple and what to do about it.
    Hacked Passwords deals mainly with email issues.
    Passwords that are NOT a password
    Passwords the Latest


Especially the last article above has all the nitty gritty. Follow the link in "The article I read is here ".  There you find all the technical background you could possibly want.

Update 12/09.2013: Hackers often like to publish their discoveries, and the databases of hacked, stolen passwords were uploaded for all to see.  This allowed the people behind a rather useful website to create a searchable copy of the list, so that you can check whether your details appear on a list of some 154 million stolen online accounts and email addresses.

To find out whether your details do indeed appear on any of those stolen lists, just head to http://www.haveibeenpwned.com/ and type in your email address on the home page.  If that address is among any of the lists of stolen accounts, you'll be warned straight away.

Above two paragraphs are a literal copy from here.

I hope this long reply helps in addition to giving you a lot of information and confusion. Please keep asking.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Stay safe!

Thursday, December 5, 2013

Virus Check BEFORE Download


I assume that you know about Virustotal (VT). If you still don't now than I am at a loss of words- which rarely if ever happens to me. But enough of my puny attempts on being funny.

With VT you can check any reasonably sized file (up to 64MB) that already is stored on your computer for viruses. What if you want to check a file for viruses before you actually download it?

If you use a web browser other than Internet Explorer you could install an extension.
  • In Mozilla Firefox you can install the VTzilla extension.
  • In Google Chrome  you can install the VTchromizer extension.
  • In Opera you can install the VTopera extension. 
Thesae extensions make it possible to right click on a download link before you start the download. In the context meny that opens you will see an entry like shown here; the example was taken from VTzilla in Firefox:
VT will upload and test the file in it's usual manner and presto you have a good idea whether the file in question is "clean".

If you feel challenged by the idea to install an extension in Firefox don't despair, I can do that remotely. 

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.


Sunday, December 1, 2013

2013 12 02 WTKM Talking Points (Dec 2nd 2013)


An epidemic
of a new kind of malware; see:
       PuPs - No Virus But just as Nasty  and
       How Malware Gets Installed 
       These malwares increasingly embed Bitcoin mining into toolbars, toolbar helpers and
       search agents.

New zero-day hole in IE (all versions).

Many more scam phone calls claiming computer infections.
       Microsoft (and MS affiliates) do not know about us!
Do not let them work on your computer!
Do not give them any credit card information!

I have seen one case where these crooks used a known company name (iWon) to install PuPs (see above); they probably get money for every installation that they do.
The guys who did this one were not even good at it!



Fake Skype voicemail alert: Email comes packed with a variant of notorious ZeuS banking Trojan.
Messages typically come with subject line “You received a new message from Skype voicemail service”; it contains a copyright notice and a disingenuous warning that "Skype staff will NEVER ask you for your password via email".
The purpose of this email is to get you to download and open the attached 'voicemail' file; this then installs the Zeus trojan. 

Crypto Locker virus: Maintain regular backups of data, keep backups separate from computer.
CL encryption is essentially uncrackable (except by the NSA?).
CL infects all current versions of Windows, XP through 8.
If you are somewhat technically adept and/or have someone on your computer you can't fully trust and you want protection from CL then considerCryptoPrevent.
Protecting your computer from CL is easy with best practices (aka common sense).

Windows 8.1 rolled out Oct 17. NOT via Automatic Update, rather you have to go to the MS store!
 This forces you to use a Microsoft account!

Updating from 8 to 8.1
      BIG download (> 311MB)
. More details here (Oct. 2013)
      Too big for comfort on standard DSL connections.


New Windows 8 computer?
Don't use a Microsoft account! (privacy vs. convenience)
More info: What Exactly is a Microsoft Account
Either way MS tracks all searches, local & internet. (NO to Bing)
Turn off Smart Search
Use Classic Shell (free) or Start8 ($5) to start into desktop.
Install VLC media player (MS removed Media Player!)
Win XP? Your risk of virus infection is SIX times higher that with Win 8 - NOW.

Unpatched XP SP3 vulnerability with older versions of Adobe Reader than 11.0.04. XP users with the latest versions of Adobe Reader (11.0.4 and up) are immune. UPGRADE Adobe Reader.

Facebook is reportedly testing to track cursor movement (silently track a user's actions); tracks how individual visitors respond to ads for better targeting advertising!

Adobe's servers hacked. 38 million user names and passwords plus source code stolen.

Please listen to WTKM on 104.9FM, Monday, Dec. 2nd from 10:00AM to 11:00AM.