4th Doctor: Scringe stone found in a dead man’s pocket? A lost mine? A phony map. Are people still falling for that old guff? I mean, are they?
1st Romana: You mean you didn’t believe his story?
4th Doctor:  No.
1st Romana: But he had such an honest face.
4th Doctor: Romana, you can’t be a successful crook with a dishonest face, can you. 

Doctor Who, The Ribos Operation part 1 1978

While I haven’t been doing tech now for several years, given the great hack of 2017 I think it’s one again time to give you several pretty basic rules on password security, that, if followed by John Podesta and the DNC, would likely have the media looking for a different conspiracy to blame Hillary Clinton’s defeat on.

Rule Number 1:  If it has a computer in it and said computer connects wirelessly to any other, it’s hackable:

Your phone, your game system (and at the rate we’re going pretty soon your car and toaster) are all basically computers, accessing the net and being accessed.  Any such systems need to be treated as such when it comes to keeping sensitive info or opening attachments or setting passwords.

Me I don’t connect my cell phone to the net, I don’t use it for email, hell I generally don’t keep it charged or on unless I’m traveling.  I use it as a phone when I need a phone, that’s it.

Rule Number 2:  If you live in the first world and have a credit or debit card you ARE worth hacking.  

A lot of people figure because they’re just average folks without a lot of money hacking you isn’t worth someone’s time hacking or spamming you remember (per gallup figures) that the median per capita income in Nigeria is $493, That for a quarter of the nations of the world $100 represents the median monthly per capita income of a person.

If my temp warehouse job paying just over minimum wage with no bennies  pays above the median annual household income of all but 23 countries in the world, higher than Spain, Italy, Portugal and nearly double the median annual household income of Russia is enough to draw the ladies from Cape Verde to work & make 13 times the per capita GDP of their nation, how much more tempting is just sitting at home and trying to make such money without traveling thousands of miles and learning a new language and culture.

And remember we’re talking median incomes meaning there are plenty of people who make less.  If you are taken for a few hundred that might get you angry, but it’s more than most folks see in a month and if you can be taken for a few thousand for most such folks, they’ve hit the lottery.

Rule Number 3:  Your passwords are only as secure as the least careful person who knows them 

There are plenty of people who don’t bother to change default password or use something like their birthday or their phone number or address as a password, but even if your password is a Klingon phrase translated into Esperanto using a book cipher from an obscure 11th century Arab poet, if you give it out to Harold to check his email on your tablet it’s only as secure as Harold keeps it.

Rule Number 4:  Your home and business network is only as secure as the least careful person on it

Even the most careful person slips up on occasion, think how often the least careful person does and remember any shared platform means your security is dependent on every other person on it.

Rule Number 5:  Rule Number 4 about business networks applies to your bank, to Amazon, to your electric company and anyone else who stores your credit card info.

I would be Very careful about who you allow to keep a stored credit card on file and how many people you allow such info.  if you think it’s a pain just remember the number of hours you have to work to earn that $100 , $1000 or $10000 again or the number of hours you have to spend on the phone to get a phony charge credited.

Rule Number 6:  Attachments and links in unsolicited emails (even from friends) are your enemy.

This is also known as the “John Podesta Rule”  If you have an attachment that claims to be from a bank or a friend or amazon  or the electric company you don’t click on said links or open said attachments until you email them back (at the address you have stored) or call them (at the number online NOT the number provided in the email) to confirm it.  And if you get an email from a friend and it consists only of a link make it a point to email your friend back and let them know they’ve been hacked.

Rule Number 7:  NEVER EVER CLICK ON A “VERIFY ACCOUNT OR PASSWORD” LINK IN AN EMAIL AND ENTER YOUR ACCOUNT OR PASSWORD INFO

That is an old one but it still takes in plenty of people.  the IRS, your bank, comcast, amazon et/all aren’t going to be sending you unsolicited emails like this.  It’s one thing when you set up an account to get a “click here to verify” while doing so, it’s quite another to get one a week, a month or a year later.  If you’re not comfortable simply deleting these emails call the company or organization in question, they would likely like to get info on these hacks.

Rule Number 8:  Open wi-fi to the pubic is just that, open to the public

If you are using an open wi-fi network in a public don’t you dare be buying stuff online or entering your credit card info, particularly in a big city.  That’s just asking for it.

Rule Number 9:  Run the updates

It doesn’t matter if a software or OS maker has found and fixed a vulnerability in a piece of software if your system never updates to install the fix as those who fell for yesterday’s superhack discovered:

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced that it had already issued software “patches” for those holes. But many companies and individuals haven’t installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

By Kaspersky Lab’s count, the malware struck at least 74 countries. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.

Note again the vulnerability of older systems that patches weren’t made for

Rule Number 10:  Apple devices are not immune

Amazingly there are still some people who think that if their device is made by Apple it can’t get a virus and are therefore safe, let me remind them:  1.  Most attacks these days are on the software run on an operating system rather than an OS itself  2.  If someone has your password they don’t need a virus.  It’s a corollary to rules 4 & 5.  Your system is only as secure as the least secure program you run on it.

Now it’s likely the big worldwide hack used tactics more advanced than any of this, furthermore none of these tips guarantee that you will never be hacked any more than locking your doors and windows guarantees your house will never be broken into but if you remember these steps and earn to  recognize unsafe behavior then over time you will be more likely to spot a scam when it comes.


All of this is paid for by you. If you think this site and our writers are worthwhile goal consider subscribing and become (if you wish) a listed as a Friend of DaTechguy blog

Remember all subscribers get my weekly podcast emailed directly to you before it goes up anywhere else.


Choose a Subscription level



And of course if you want to give a one shot hit (and help pay DaWife’s medical bills) you can hit DaTipJar




Olimometer 2.52

If you are not in the position to kick in your funds we’ll always accept your prayers.

President Obama’s dreadful policies toward Russia allowed Vladimir Putin to regard the United States as an impotent power.

The misguided approach started at the beginning of Obama’s regime. For example, he surreptitiously sent a letter to the Russians just after taking office, offering to cancel plans to install a missile defense site in Poland and corresponding radar in the Czech Republic.

According to The National Review, these systems would have provided a layer of protection for the United States and its allies from Iranian long-range missiles. All Russia had to do for Obama to cancel the plans was to agree to help pressure Iran to stop its nuclear weapons program.

This exchange started the road down the ill-advised treaty with Iran and showed Russia the weakness of Obama because he couldn’t force the Islamic Republic to do his will.

The Obama administration ended up canceling the missile-defense system, and the United States to this day remains ill-equipped to combat Iranian ballistic missiles.

Obama also negotiated a new arms control treaty with the Russians even though Putin and the gang were violating the previous one. It took constant congressional pressure to get Obama to admit that Russia had been disregarding the previous agreement since he took office.

Fast forward to Obama’s statement on an open microphone telling then–Russian President Dmitry Medvedev to pass along a message to then–Prime Minister Putin. “On all these issues, but particularly missile defense, this, this can be solved, but it’s important for him to give me space…. This is my last election. After my election, I have more flexibility,” Obama said.

In other words, Obama promised to do a lot more than anyone in the current administration has.

Obama’s response to Russia’s invasion of Crimea in March 2014 and Moscow’s subsequent support of pro-Russian rebels in eastern Ukraine was economic sanctions. Although the measures had an impact on the Russian economy, they were seen as woefully inadequate.

Finally, the United States has become so irrelevant in Syria and Russia so important that the Obama administration didn’t even get an invitation to the last conference to discuss the civil war.

Only after all these signs of weakness did Russian hacking occur. But it wasn’t just the DNC. Russian entities hacked private companies, Nasdaq and banks, as well as government agencies, including the State Department, the White House and the Pentagon. The Obama administration apparently was incapable of mounting any significant defense against the hacking.

An investigation into Obama’s dreadful record of dealing with Russia might be useful before looking at anything else.

 

Christopher Harper teaches media law.

I remember back in the 80’s I was talking to a friend who thought I was being an alarmist when I said that the same internet connection that allows a person on the net could be used by someone else to either read or control your home machine.  Well time for me to be an alarmist again.

There is an update to the story concerning that car hack I wrote about a few days
ago

Chrysler said Friday it was recalling roughly 1.4 million vehicles after security researchers exposed a flaw that allowed hackers to kill transmissions remotely.

The recall affects several models of Dodge, Jeep and Chrysler cars.

The company maintained it was conducting the recall “out of an abundance of caution” and not because of any reports that hackers had actually exploited the security defects.

I don’t think people realize just how bad this is and what it’s going to mean consider:

As any person who owns a computer know, systems are constantly being updated to close hacking hole that are discovered. While some are discovered by the companies internal security systems others are discovered after there are actual victims of a vulnerability.

Are manufacturers going to recall cars every time they need to install a security patch?

Furthermore as anyone who has either upgraded or had a system update there is occasion when said update crashes.  And while losing data you need might seem like a matter of life and death due to a software crash, if such said software crash takes place in a moving vehicle it may become an actual matter of life and death for those in said car and those around them.

And such hacks don’t have to come direct from the net, consider as more cars are setup to sync with various devices it’ entirely probable that malicious code on said devices could be designed to migrate to the purpose of

1. Hacking a car’s software

2. using the car’s net interface to notify said hacker of the specific vehicle is hacked.

Can you imagine a ransomeware on a car?  Pay me or pay the dealer who has to re-initialize all the software.  Or even worse.  Your son or daughter is driving and you get an email  pay or their car swerves into traffic.  You’re given a few minutes to approve what are you going to do?

There in one obvious solution.  There is absolutely no reason why an open system of convenience can not be completely independent of any critical systems.  That should be the case, that way any hack would only have the effect of inconvenience.

Personally I’d just as soon keep all of a car’s computers closed systems.

Expect to see a lot more of this.

 

I’m called DaTechGuy. My major in college back in 1985 was computer science, my first job was in the computer field and my last pre-national blogging job was in the computer field. I use computers, I like computer I respect how computers have made life easier.

However when I see a story like this there Is a moral worth repeating

A new vulnerability in the Uconnect system gives attackers frightening remote powers over Chrysler vehicles, revealed in a Wired exclusive report. In a live demo, attackers used the vulnerability to cut out a Jeep Cherokee’s transmission and brakes and, when the car is in reverse, commandeer the steering wheel — all without physical access to the vehicle. “This might be the kind of software bug most likely to kill someone,” said Charlie Miller, one of the researchers behind the exploit. The full vulnerability will be presented next month at Defcon,

Now given the modern lifestyle it’s not so odd that a car that you are paying tens of thousands of dollars for is going to have a computer with wi-fi access, but remember this.

Everything that is a computer on the internet is hackable.

Or lets put it another way, if I was a terrorist or someone at war with the US how much trouble can you make if you have guys hacking cars on US highways?

Or even worse how many bright kids who don’t know better might decide to crash a car because it’s cool?

Now if you want a car controlled by computer that’s your call, for myself I’d just as soon have a car that’s a car and a phone that’s a phone.

I suspect thousands of unemployed law grads are punching the air while taking a quick refresher on divorce law:

Cybercriminals hacked the online dating site for cheaters — and its two-timing subscribers could soon be exposed.

A hacking group swiped mounds of data from Ashley Madison, the hookup service for adulterers, and is threating [sic] to leak users’ personal data, according to cybersecurity expert Bryan Krebs.   

The intruders, who call themselves “The Impact Team,” claim to have completely compromised all of Ashley Madison’s records, stealing the information of 37 million affair-seeking subscribers.

I don’t like hacking but may I suggest that if you are someone who is giving your personal information to a company that’s sole purpose is to aid people in breaking their promises to their  spouses then one doesn’t have a lot to complain about  if said company isn’t all that efficient in keeping their promises of discretion to their customers.

A piece of scripture instantly come to mind:

You have done this deed in secret, but I will bring it about in the presence of all Israel, and with the sun looking down.  2 Samuel 12:12

…that Barrett Brown is not of Sicilian ancestry:

All it took was for one member of the group to be identified as such by law enforcement, at which point they could get a warrant that would permit them to monitor every communication — e-mail, chat, phone, whatever — in which that person engaged, and . . .

BARRETT BROWN IDENTIFIED HIMSELF!

How stupid do you have to be not to see what that meant?

Like I said, not a Sicilian.

Hey stuff like this happens when you declare war on the US.

Actually every time of year is scam time but with tax time approaching and various stimulus programs being talked about its a good time to think about the many online scams out there to nail you One example:

Economic Stimulus Payment Scams
Perpetrated via a phishy email or a fraudulent phone call, these scams capitalize on confusion surrounding the federal government’s economic stimulus package. By now you probably know that you may be getting a stimulus payment in the coming months but may not know how or when the payment will arrive. Potential victims of this scam are told that they’ve qualified for their stimulus “rebate” and are asked to provide their bank account number to receive the payment electronically. In reality, you won’t have to do anything more than file a federal tax return to receive your payment, and the IRS will never call or email you about the economic stimulus payment.

The Cyberstreetsmart site is a good one. Go there and read the whole thing. If you are a person with a kid about to enter college check out their phony scholarship section here.

Don’t forget to take their IQ quiz to see how much you already know.

An Important announcement for all people like me who have embedded and or posted Monty Python clips over the years direct from the Pythons itself:

Brilliant, absolutely brilliant! I’m in favor of anything that leads to new original python stuff such as the clip above..

The page is here.

And the Pythons are right it is a much higher quality video. So if you are going to buy ringtones or videos etc you might as well buy it direct from them.

In case I haven’t made my opinion clear I think that Monty Python will (and has) stand the test of time as good or better than any other comedy team in history.

There has been a lot of loose talk over the years of civil liberties being eroded but this looks like the real thing:

THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

The quietly part really bothers me almost as much as the without a warrant

The strategy will allow French, German and other EU forces to ask British officers to hack into someone’s UK computer and pass over any material gleaned.

That is an incredible surrender of sovereignty.

Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.

That is interesting, would it be made illegal for makers of anti-spyware software to block or stop this stuff?

The idea that this can be done without an explicit vote in Parliament is disgusting. Regardless of your opinion of the patriot act in the US the Congress passed it out of both houses and the president did sign it. This is being done without the consent of the people at all.

The actual story is here. Via insty & samizdata.net