Some Simple Reminders about PC/Computer Security

Readability

Some Simple Reminders about PC/Computer Security

4th Doc­tor: Scringe stone found in a dead man’s pocket? A lost mine? A phony map. Are peo­ple still falling for that old guff? I mean, are they?
1st Romana: You mean you didn’t believe his story?
4th Doc­tor: No.
1st Romana: But he had such an hon­est face.
4th Doc­tor: Romana, you can’t be a suc­cess­ful crook with a dis­hon­est face, can you.

Doc­tor Who, The Ribos Oper­a­tion part 1 1978

While I haven’t been doing tech now for sev­eral years, given the great hack of 2017 I think it’s one again time to give you sev­eral pretty basic rules on pass­word secu­rity, that, if fol­lowed by John Podesta and the DNC, would likely have the media look­ing for a dif­fer­ent con­spir­acy to blame Hillary Clinton’s defeat on.

Rule Num­ber 1: If it has a com­puter in it and said com­puter con­nects wire­lessly to any other, it’s hackable:

Your phone, your game sys­tem (and at the rate we’re going pretty soon your car and toaster) are all basi­cally com­put­ers, access­ing the net and being accessed. Any such sys­tems need to be treated as such when it comes to keep­ing sen­si­tive info or open­ing attach­ments or set­ting passwords.

Me I don’t con­nect my cell phone to the net, I don’t use it for email, hell I gen­er­ally don’t keep it charged or on unless I’m trav­el­ing. I use it as a phone when I need a phone, that’s it.

Rule Num­ber 2: If you live in the first world and have a credit or debit card you ARE worth hacking.

A lot of peo­ple fig­ure because they’re just aver­age folks with­out a lot of money hack­ing you isn’t worth someone’s time hack­ing or spam­ming you remem­ber (per gallup fig­ures) that the median per capita income in Nige­ria is $493, That for a quar­ter of the nations of the world $100 rep­re­sents the median monthly per capita income of a person.

If my temp ware­house job pay­ing just over min­i­mum wage with no ben­nies pays above the median annual house­hold income of all but 23 coun­tries in the world, higher than Spain, Italy, Por­tu­gal and nearly dou­ble the median annual house­hold income of Rus­sia is enough to draw the ladies from Cape Verde to work & make 13 times the per capita GDP of their nation, how much more tempt­ing is just sit­ting at home and try­ing to make such money with­out trav­el­ing thou­sands of miles and learn­ing a new lan­guage and culture.

And remem­ber we’re talk­ing median incomes mean­ing there are plenty of peo­ple who make less. If you are taken for a few hun­dred that might get you angry, but it’s more than most folks see in a month and if you can be taken for a few thou­sand for most such folks, they’ve hit the lottery.

Rule Num­ber 3: Your pass­words are only as secure as the least care­ful per­son who knows them

There are plenty of peo­ple who don’t bother to change default pass­word or use some­thing like their birth­day or their phone num­ber or address as a pass­word, but even if your pass­word is a Klin­gon phrase trans­lated into Esperanto using a book cipher from an obscure 11th cen­tury Arab poet, if you give it out to Harold to check his email on your tablet it’s only as secure as Harold keeps it.

Rule Num­ber 4: Your home and busi­ness net­work is only as secure as the least care­ful per­son on it

Even the most care­ful per­son slips up on occa­sion, think how often the least care­ful per­son does and remem­ber any shared plat­form means your secu­rity is depen­dent on every other per­son on it.

Rule Num­ber 5: Rule Num­ber 4 about busi­ness net­works applies to your bank, to Ama­zon, to your elec­tric com­pany and any­one else who stores your credit card info.

I would be Very care­ful about who you allow to keep a stored credit card on file and how many peo­ple you allow such info. if you think it’s a pain just remem­ber the num­ber of hours you have to work to earn that $100 , $1000 or $10000 again or the num­ber of hours you have to spend on the phone to get a phony charge credited.

Rule Num­ber 6: Attach­ments and links in unso­licited emails (even from friends) are your enemy.

This is also known as the “John Podesta Rule” If you have an attach­ment that claims to be from a bank or a friend or ama­zon or the elec­tric com­pany you don’t click on said links or open said attach­ments until you email them back (at the address you have stored) or call them (at the num­ber online NOT the num­ber pro­vided in the email) to con­firm it. And if you get an email from a friend and it con­sists only of a link make it a point to email your friend back and let them know they’ve been hacked.

Rule Num­ber 7: NEVER EVER CLICK ON A “VER­IFY ACCOUNT OR PASS­WORDLINK IN AN EMAIL AND ENTER YOUR ACCOUNT OR PASS­WORD INFO

That is an old one but it still takes in plenty of peo­ple. the IRS, your bank, com­cast, ama­zon et/​all aren’t going to be send­ing you unso­licited emails like this. It’s one thing when you set up an account to get a “click here to ver­ify” while doing so, it’s quite another to get one a week, a month or a year later. If you’re not com­fort­able sim­ply delet­ing these emails call the com­pany or orga­ni­za­tion in ques­tion, they would likely like to get info on these hacks.

Rule Num­ber 8: Open wi-​fi to the pubic is just that, open to the public

If you are using an open wi-​fi net­work in a pub­lic don’t you dare be buy­ing stuff online or enter­ing your credit card info, par­tic­u­larly in a big city. That’s just ask­ing for it.

Rule Num­ber 9: Run the updates

It doesn’t mat­ter if a soft­ware or OS maker has found and fixed a vul­ner­a­bil­ity in a piece of soft­ware if your sys­tem never updates to install the fix as those who fell for yesterday’s super­hack discovered:

The secu­rity holes it exploits were dis­closed sev­eral weeks ago by The­Shad­ow­Bro­kers, a mys­te­ri­ous group that has pub­lished what it says are hack­ing tools used by the NSA as part of its intelligence-​gathering.

Shortly after that dis­clo­sure, Microsoft announced that it had already issued soft­ware “patches” for those holes. But many com­pa­nies and indi­vid­u­als haven’t installed the fixes yet or are using older ver­sions of Win­dows that Microsoft no longer sup­ports and didn’t fix.

By Kasper­sky Lab’s count, the mal­ware struck at least 74 coun­tries. In addi­tion to Rus­sia, the biggest tar­gets appeared to be Ukraine and India, nations where it is com­mon to find older, unpatched ver­sions of Win­dows in use, accord­ing to the secu­rity firm.

Note again the vul­ner­a­bil­ity of older sys­tems that patches weren’t made for

Rule Num­ber 10: Apple devices are not immune

Amaz­ingly there are still some peo­ple who think that if their device is made by Apple it can’t get a virus and are there­fore safe, let me remind them: 1. Most attacks these days are on the soft­ware run on an oper­at­ing sys­tem rather than an OS itself 2. If some­one has your pass­word they don’t need a virus. It’s a corol­lary to rules 4 & 5. Your sys­tem is only as secure as the least secure pro­gram you run on it.

Now it’s likely the big world­wide hack used tac­tics more advanced than any of this, fur­ther­more none of these tips guar­an­tee that you will never be hacked any more than lock­ing your doors and win­dows guar­an­tees your house will never be bro­ken into but if you remem­ber these steps and earn to rec­og­nize unsafe behav­ior then over time you will be more likely to spot a scam when it comes.


All of this is paid for by you. If you think this site and our writ­ers are worth­while goal con­sider sub­scrib­ing and become (if you wish) a listed as a Friend of DaT­e­chguy blog

Remem­ber all sub­scribers get my weekly pod­cast emailed directly to you before it goes up any­where else.


Choose a Sub­scrip­tion level



And of course if you want to give a one shot hit (and help pay DaWife’s med­ical bills) you can hit DaTipJar




[olimome­ter id=3]

If you are not in the posi­tion to kick in your funds we’ll always accept your prayers.

4th Doctor: Scringe stone found in a dead man’s pocket? A lost mine? A phony map. Are people still falling for that old guff? I mean, are they?
1st Romana: You mean you didn’t believe his story?
4th Doctor:  No.
1st Romana: But he had such an honest face.
4th Doctor: Romana, you can’t be a successful crook with a dishonest face, can you. 

Doctor Who, The Ribos Operation part 1 1978

While I haven’t been doing tech now for several years, given the great hack of 2017 I think it’s one again time to give you several pretty basic rules on password security, that, if followed by John Podesta and the DNC, would likely have the media looking for a different conspiracy to blame Hillary Clinton’s defeat on.

Rule Number 1:  If it has a computer in it and said computer connects wirelessly to any other, it’s hackable:

Your phone, your game system (and at the rate we’re going pretty soon your car and toaster) are all basically computers, accessing the net and being accessed.  Any such systems need to be treated as such when it comes to keeping sensitive info or opening attachments or setting passwords.

Me I don’t connect my cell phone to the net, I don’t use it for email, hell I generally don’t keep it charged or on unless I’m traveling.  I use it as a phone when I need a phone, that’s it.

Rule Number 2:  If you live in the first world and have a credit or debit card you ARE worth hacking.  

A lot of people figure because they’re just average folks without a lot of money hacking you isn’t worth someone’s time hacking or spamming you remember (per gallup figures) that the median per capita income in Nigeria is $493, That for a quarter of the nations of the world $100 represents the median monthly per capita income of a person.

If my temp warehouse job paying just over minimum wage with no bennies  pays above the median annual household income of all but 23 countries in the world, higher than Spain, Italy, Portugal and nearly double the median annual household income of Russia is enough to draw the ladies from Cape Verde to work & make 13 times the per capita GDP of their nation, how much more tempting is just sitting at home and trying to make such money without traveling thousands of miles and learning a new language and culture.

And remember we’re talking median incomes meaning there are plenty of people who make less.  If you are taken for a few hundred that might get you angry, but it’s more than most folks see in a month and if you can be taken for a few thousand for most such folks, they’ve hit the lottery.

Rule Number 3:  Your passwords are only as secure as the least careful person who knows them 

There are plenty of people who don’t bother to change default password or use something like their birthday or their phone number or address as a password, but even if your password is a Klingon phrase translated into Esperanto using a book cipher from an obscure 11th century Arab poet, if you give it out to Harold to check his email on your tablet it’s only as secure as Harold keeps it.

Rule Number 4:  Your home and business network is only as secure as the least careful person on it

Even the most careful person slips up on occasion, think how often the least careful person does and remember any shared platform means your security is dependent on every other person on it.

Rule Number 5:  Rule Number 4 about business networks applies to your bank, to Amazon, to your electric company and anyone else who stores your credit card info.

I would be Very careful about who you allow to keep a stored credit card on file and how many people you allow such info.  if you think it’s a pain just remember the number of hours you have to work to earn that $100 , $1000 or $10000 again or the number of hours you have to spend on the phone to get a phony charge credited.

Rule Number 6:  Attachments and links in unsolicited emails (even from friends) are your enemy.

This is also known as the “John Podesta Rule”  If you have an attachment that claims to be from a bank or a friend or amazon  or the electric company you don’t click on said links or open said attachments until you email them back (at the address you have stored) or call them (at the number online NOT the number provided in the email) to confirm it.  And if you get an email from a friend and it consists only of a link make it a point to email your friend back and let them know they’ve been hacked.

Rule Number 7:  NEVER EVER CLICK ON A “VERIFY ACCOUNT OR PASSWORD” LINK IN AN EMAIL AND ENTER YOUR ACCOUNT OR PASSWORD INFO

That is an old one but it still takes in plenty of people.  the IRS, your bank, comcast, amazon et/all aren’t going to be sending you unsolicited emails like this.  It’s one thing when you set up an account to get a “click here to verify” while doing so, it’s quite another to get one a week, a month or a year later.  If you’re not comfortable simply deleting these emails call the company or organization in question, they would likely like to get info on these hacks.

Rule Number 8:  Open wi-fi to the pubic is just that, open to the public

If you are using an open wi-fi network in a public don’t you dare be buying stuff online or entering your credit card info, particularly in a big city.  That’s just asking for it.

Rule Number 9:  Run the updates

It doesn’t matter if a software or OS maker has found and fixed a vulnerability in a piece of software if your system never updates to install the fix as those who fell for yesterday’s superhack discovered:

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced that it had already issued software “patches” for those holes. But many companies and individuals haven’t installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

By Kaspersky Lab’s count, the malware struck at least 74 countries. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.

Note again the vulnerability of older systems that patches weren’t made for

Rule Number 10:  Apple devices are not immune

Amazingly there are still some people who think that if their device is made by Apple it can’t get a virus and are therefore safe, let me remind them:  1.  Most attacks these days are on the software run on an operating system rather than an OS itself  2.  If someone has your password they don’t need a virus.  It’s a corollary to rules 4 & 5.  Your system is only as secure as the least secure program you run on it.

Now it’s likely the big worldwide hack used tactics more advanced than any of this, furthermore none of these tips guarantee that you will never be hacked any more than locking your doors and windows guarantees your house will never be broken into but if you remember these steps and earn to  recognize unsafe behavior then over time you will be more likely to spot a scam when it comes.


All of this is paid for by you. If you think this site and our writers are worthwhile goal consider subscribing and become (if you wish) a listed as a Friend of DaTechguy blog

Remember all subscribers get my weekly podcast emailed directly to you before it goes up anywhere else.


Choose a Subscription level



And of course if you want to give a one shot hit (and help pay DaWife’s medical bills) you can hit DaTipJar




Olimometer 2.52

If you are not in the position to kick in your funds we’ll always accept your prayers.