Welcome to the Geek Choice Blog

Here at Geek Choice we see it happen all the time. People call in asking for help recovering their email or even their log-in so they can access the computer, because the evil hacker guessed “monkey” and got it right. Stop these weasels before they really do some damage to your email or computer.

A computer security company called Duo Security ran a decryption of hundreds of thousands of passwords and was able to crack everyone of them, simply because they were “weak”. A weak password contains only letters and numbers, sure mixing them up with alphanumerals is good, but not enough.

Passwords seem like something to get it out of the way so you can sign up or log in fast. This attitude can prove to be fatal, as hackers can just as easily decrypt passwords like Duo did, but with evil intentions reek havoc on your personal files.

Some of the accounts that Duo cracked into were from federal and state government agencies, with employees providing weak passwords, anyone with a knowledge of hacking could have access to confidential information that is very valuable. If you think your email was one of the ones tested, go to this Web-based tool to find out just type in your email address.

Personally I used to just put in a funny name or something relevant to my life that I could remember. I learned quickly that it is not what I can remember, but what someone who wants to access my files remembers. Now I am being safe by using letters, a symbol or two, and a number. This is the safest bet to ensure that hackers will at least have a harder time trying to get in.

The most common ways of hackers is to guess:

• the user’s name or login name
• the name of a significant other, a friend, relative or pet
• birthplace or date of birth, or a friend’s, or a relative’s
• automobile license plate number, or a friend’s, or a relative’s
• office number, residence number or most commonly, their mobile number.
• a name of a celebrity they like
• a simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of the letters.
• a swear or curse word

If you use the last one on this list, you might as well deserve to be hacked into and destroyed. But for the rest of you out there enjoying the a small sense of security when you login to accounts such as PayPal, online banking, or online stores with saved credit card information, it is time to open your eyes to the big picture. You know, the one where you are hiding in the corner because all your information was hacked into and used to buy all sorts of lewd and unexplainable items. This is something you could have avoided if you had heeded the advice given at Geek Choice Blogs and changed the password to something like: ilovegeeks@123

It can’t hurt, but it will if you are not smart and leave the password at: “iamamonkey”

It does not come soon enough, this holy holiday, when depression rates soar and stress doubles during a a few months in the winter; yes, Christmas is here!

We all know shopping is done and the gifts are bought for our kids, friends, and loved ones, but this year it seems everyone is going online to shop. This brings up new threats to your security and new ways for those pesky thieves to get your money. Here are ways to protect against them and make sure the season is as jolly as it should be.

If you have kept on the blogs at Geek Choice, you are one step above everyone who has not, because you know about phishing attacks. These are fake websites that grab your info without you even knowing it, usually by clicking on a link that goes to a website set-up by a hacker. During the holiday season, these attacks increase ten fold because people are ignorant to phishing, thus making it easy to hack into your credit or debit card information as they surf and shop. Be careful, be aware, check the URL that loads from a link on website or email-make sure it matches what the address bar says.

While you are looking for the coolest toy or newest video game that your kid just has to have, before you fill out the form of payment with your credit card information, check the website for signs that verify that it is secure. First look at the address bar, look at the beginning of the address: if it has HTTPS you are good. Also look on the bottom of your browser, it usually has a locked padlock to show that it is secure. Most big sites like Amazon, EB Games, and Best Buy actually have certificates of security on their sites.

Here is a good one, forget using debit cards unless you are okay with putting information such as access to your bank account. Use credit cards.

There are certain security questions that a site might ask you, like where you have previously lived, answer them. These are designed to make sure you are who you say your are.

Attacks happen all the time on the internet, you may think it won’t happen to you, until it happens and ‘what are you gonna do’ is all you can say. Don’t be that schmuck, take action. Arm yourself with sufficient facts that will keep you safe this holiday season. When you are spending all that money on things that will probably become trash in a couple years, remember that there are people out there with the means and the will to access your information. But they cannot if you know what to look for.

That is our goal, my goal in this blog, to educate the masses of people out there of the risks posed by the internet. It is a scary world today, and today’s world is online, so what are you doing to protect yourself?

Turn on the computer, wait a couple minutes for it to load up, click on your internet browser, and enter into a world where anyone can see where you are and what you are doing. Sure, we keep our business and personal life separate right? That is why we have “personal” and “work” computers, but there is a big difference as to how the meaning of “personal” actually is true. You cannot go anywhere now without being taped, you are tracked by purchases and paper trails, and now it seems that the little privacy you had left is gone.

Wish you could put the “History” behind you? After you click on your internet browser and start to surf around the web, everywhere site you visit is recorded and saved, making it very easy for people to find out what you are up to. You might be saying to yourself, “Yes this may be true, but not for me because I am a virtuous person, there is no need to worry about someone finding out my History!” That’s nice, but what we are talking about is the fact that people can get into personal files that could hurt you regardless of the porn sites or other personal adventures that might make you look bad.

Let us say that you use a payment service online that transfers money to your bank account. By the hackers finding out this information, regardless of the fact that reloading the page won’t work, they may have the means to get into that site with your personal log-in information. Feeling scared yet? I am, because I use this very system and preventing something like this is crucial.

Luckily, Google Chrome, Mozilla  Firefox, and Apple’s Safari have taken these preventive measures by not allowing for JavaScript to run in your browser. Phew!

There is a name for people who snoop around your personal information: history sniffing.At University of California, San Diego, researchers have discovered 485 of the 50,000 of the most popular websites are exploiting a flaw that allows them read your browser’s web history.

Notice how you click on a blue link, revisit the site and the link has turned purple, marking that you have already clicked on this link. What hackers can do is hide links on a certain website, say for example to Facebook or Twitter, then use the spying sites to use JavaScript code to find out the color of the links are.

JavaScript coupled with the use of Cascading Style Sheets, a common website language, make it very easy to track where you have been on the internet. Some of those 485 sites actually download your entire web browsing history! Whether you are doing illegal activities or you are a saint that only uses the internet to write emails, the fact that people can find out this information is kind of creepy. There is no privacy anymore, especially in the computer world, where history hackers are getting into the “trash” and checking out personal files.

Stay protected out there.

They do not call it the “World Wide Web” for nothing. It is a spider-web, and it is world wide the information that is about you and is out there for everyone to see, if they really wanted to. The spider on the web is anyone who searches your name using different programs or services provided online, and it is amazing what comes up.

Say someone wants to know what you are up to. By tracking the electronic foot prints left behind by email, Facebook, Twitter, MySpace, or even just account activity, they can learn a lot about you in a short amount of time, about the time it takes to load a page. The world of today where there are no walls and information is out there flying around can be a dangerous one, if you are not careful.

The information that is out there can be grabbed by people search engines like Pipl, Spokeo, and CVGadget. It is not illegal, they are doing nothing wrong in the eyes of the internet police, but it does invade our privacy even if the information is out for people to see. It is like putting your dirty laundry out in front of the house, even clothes with small stains, the fact remains that our personal stuff can be easily accessed by anyone. Creepy.

So what can you do about it?

Put a stop to the mountain of information on you that is being collected by these search engines as you read this. First check out for yourself how much is out there by searching your name. Rapleaf is a provider with an open tool to let you see everything, while the other search engines only let you see bits and pieces. By going to that site you can actually manage what people see about you. No more spying from your ex-girlfriend or boyfriend, no more parental espionage, no more privacy pillaging! By ‘Opting-out’ on Rapleaf’s website, you can permanently delete all that saved information that Rapleaf has on you.

Another way to stop prying eyes is to adjust the privacy settings. This means going to all the sites connected to your email address and changing them individually

• Amazon: Wish Lists are made public by default. To change that setting, go to this page and select the option to sign in. You can then view any Wish Lists associated with your account and designate them as private.
• Facebook: Once signed in, look under the ‘Settings’ tab at the top of the page to find the privacy control panel. Click the Profile option to set parameters regarding who can view your content.
• MySpace: Click the My Account button at the top of the page after logging in, then click Privacy to adjust your settings. Bear in mind that your age and location are typically displayed publicly even if your profile is set as private, as was the case in one of the examples cited in “They Know Your Dark Secrets…And Tell Anyone.”
• Pandora: Your playlists are public unless you specify otherwise. Once logged in, click Account at the top of the page, and then follow the option to edit your profile info. From there, you’ll see a checkbox that you can select to make your profile (and thus your playlists) private.

By doing this, you prevent search from sites like Pipl and Spokeo from getting into your private information like what music you like, who your girl or boyfriend is, where you live, the list goes on and on. Take back control of your privacy. Don’t let weirdo’s or people who do not need to see your personal life get the best of you. Who knows what people will do with information like that. You can protect your privacy even when you are on the web, these are ways to catch those spiders crawling around looking for trouble.

Of critical importance to any of you who use social networking sites such as Facebook and the various applications to which you can subscribe while using them (think Mafia Wars, etc.) is the recent news of the RockYou Database being compromised by hackers.

Occurring on December 4^th, the RockYou Database was infiltrated by the nefarious types who scour the internet for penetrable networks from which sensitive information can be retrieved and used for criminal purposes. Username and passwords were stolen, along with any other information that the RockYou application retrieves upon your use of it.

If it’s any consolation to those of you who might have fallen prey to this theft, none of the usernames and passwords have been published, but there’s nothing stopping the thieves from making them publically available – or selling them, even — when they’re so inclined.

The company behind the RockYou app is largely to blame, carelessly storing the information in an insecure text format. In addition to Facebook, other social networking sites that use the application have seen their users’ information hijacked, including Myspace and email services such as Gmail.

If you use any of these social networking sites, we strongly suggest that you change your password immediately, particularly if you’re someone who uses the same password for every site on which you’re a member.

Geek Choice works hard to stay on top of the latest security issues to help keep your computers safe. If you have any questions about the RockYou hack and how it affects you, or if you’re concerned that your web accounts or computer may have been compromised, give us a call at 1-800-GEEK-HELP (433-5435) and our techs can help.

Sources:
http://www.techcrunch.com/2009/12/14/rockyou-hacked/

http://www.securitywatch.co.uk/2009/12/14/security-problems-with-social-networking-persist/

http://digital.venturebeat.com/2009/12/15/rockyou-hacked-32-million-account-passwords/

http://www.eweekeurope.co.uk/news/personal-data-at-risk-after-sql-flaw-discovered-2750

When using social networks such as MySpace or Facebook, privacy is of paramount concern, with the details of your private life sensitive enough that you might want to restrict the availability of that information to those people you trust.

Today, Facebook unveiled a revamped privacy interface, affording its users even more control over how their information is filtered to those viewing their pages. With over 350 million users, making it the world’s largest social network, Facebook is hoping this gives its users more flexibility over how they’re able to manage what they share amongst the community.

Per Facebook, the new changes include:

• They’ve removed regional networks, finding that the various communities have become so large as to make its initial purpose inapplicable. Instead, users will be able to share information to friends, family, or publically.
• Users will have a tool that assists in setting up their privacy, though the default settings will automatically block that information which is particularly sensitive.
• No matter what the item you’re sharing, you will now be able to control who sees it, whether it’s loved ones or the public.

If you’re curious about what this means for your account, Facebook explains the changes in more detail here.

Most of us are already well familiar with the frustrations of spam: unsolicited email advertisements. In recent years, unwanted emails have evolved in an attempt to avoid increasingly advanced filters and wary consumers. The contents and goals of unsolicited emails are not always the same, however, and some emails are more dangerous than others. We’ve put together a list of red flags to help you quickly identify emails that may be harmful to your computer and your wallet.

Suspicious attachments

Attaching files to an email is a quick and easy way to share files with your contacts. The downside is that unscrupulous spammers can attach files like viruses and trojan horses in the hopes that an unwary recipient might download the file and infect their computer. Any time you see an email with an attachment that you weren’t expecting, be very cautious about downloading the attachment or even opening the email.

Links that don’t make sense

In an email supposedly from Yahoo, a link to a specific page on Yahoo’s site appears. So why does the text of the link not begin with “http://yahoo.com”? Because it’s a scam. Many scam artists attempt to gain account information or even credit card numbers by posing as respectable web companies looking for information about your account. These emails typically contain a link where you can reset your password, confirm your credit card information, or log in to access some special new feature. To spot these bad links, you need to look at the url: the address of the page that is being linked to. All urls begin with “http://” or “htpps://” and from there vary from website to website. If the url is not visible in the link, you can hover your mouse over the link and see the url in the lower left corner of your web browser.

email containing links that don't match up and suspicious sender information

Notices about accounts you don’t have

Virus spreading emails that mask themselves as emails from major websites are banking on their recipients actually having accounts with that website in the first place. If you get an email about your facebook account when you never signed up for facebook in the first place, the odds are very good that this is a phishing or virus email.

Password reset requests you didn’t send

One of the most common phishing emails currently is the fake password reset. These emails claim that you recently requested a new password, and direct you to a webpage where you can enter your “old” account name and password. You may be able to identify these emails by the link urls or because you don’t have the account that you would supposedly be resetting a password for in the first place. Even if you don’t see anything wrong with the link or the account information, never respond to a password reset email that you didn’t specifically request.

Sender addresses that don’t add up

An email from YouTube.com will be sent from an account that ends with @youtube.com. If “joey5683426$$@ytmail.com” is sending you important updates about your YouTube account, it’s a safe bet this is also a malicious email. If your email system hides sender information, you can change your settings to show full headers or usually click a link right in the email to show all of the sender information.

Money transfer requests

Typically from Nigeria, these emails claim that there is some obscene amount of money sitting in an account somewhere that the sender wants moved to the United States before something terrible happens to it. It’s not uncommon for these emails to be completely in upper case and poor English, although there are exceptions. These emails are scam attempts, trying to get your bank account information so that the sender can access your funds. No matter the pretense for the email, you should never share bank account information with anyone you don’t know. Recent versions of these emails claim to be from “a member of your church.”

Weird emails from friends

The most dangerous and difficult to spot malicious emails are the ones sent by your friends and other contacts. Usually if you receive a suspicious email from a friend or co-worker, it’s either because their system has been infected or because their account has been compromised. If you see an email from one of your contacts that contains strange characters in the subject, has attachments that you weren’t expecting, links to a file sharing site, or otherwise looks unlike the correspondence you’re used to from that person, take the time to check with them before clicking on any links or downloading any attachments. If you do find a strange email from a contact that later turns out to be a virus or online scam, it’s important to remember that your friend most likely was not the one that sent the email to you. These are almost always sent either by a virus or by someone who gained unauthorized access to your friend’s email account.

Email from the user's account containing a suspicious link and subject

Emails from yourself (that you didn’t send)
These emails can be disturbing when you find them. If you find an email from your own account sitting in your inbox that you know you didn’t send (and you have not allowed anyone else access to your account) immediately change your password and security question for your account. Next, check your “sent mail” folder to see if any other emails went out that you were unaware of. Let everyone who received one of these suspicious emails know that you did not send the emails, that they should not open them or click any links or attachments and that you suspect your account was compromised. You can also let your email provider know about your concerns. If this problem recurs, your system may be infected and need virus cleanup service performed.

As users and spam filters become more aware of these malicious emails, scammers will develop new schemes to get at your computer, bank account, and other information. The best weapon against these attacks is a healthy dose of skepticism, though even vigilant users can fall victim to scams and viruses. If you believe you may have a compromised email account or infected machine, or if you just want more information about how to prevent these problems, give our office a call at 1-800-GEEK-HELP (433-5435).

For all the praise it receives for its ground-breaking services and the advances they’ve introduced to our use of the internet, Google has also been viewed as a pioneer of dubious intentions, an increasingly vocal chorus of criticism rallying around what some denounce as the company’s tendency to overstep its bounds where privacy is concerned.

While there’s no denying that Google’s products have ushered in a considerable shift in how we take advantage of the ever-evolving internet, concerns have been raised about what many perceive to be intrusions on their privacy. No matter which Google service you’re using – search engine, email, blogs, news, videos, shopping – the company logs your activity, collecting data about every action you take.

For many of these, Google requires your permission to exact that information, but the sheer number of services makes it difficult for the average user to keep track of what’s being collected.

To assist in that effort, Google has unveiled the Google Dashboard, a helpful tracker that sums up every bit of information Google has collected about your profile from the moment of use. This includes everything from the latest blog you’ve read to the number of emails contained within your Gmail account, giving you a compilation of your ongoing activity while using Google’s services.

For those concerned about security, this is not contained on a server, restricting this information to just your web browser.

This tool can be used only for those Google products which require your login information.

The information Google Dashboard will sum up for you includes:

• Web history
• email
• Calendar
• Youtube
• iGoogle
• Latitude
• Reader
• Shopping
• Voice
• Contacts
• Finance
• Friend Connect
• Tasks
• Picasa
• Mobile sync
• Orkut
• Blogs
• Docs
• Account and profile
• Alerts
• Search engine

At this time, despite the persistent questions about how Google uses the information they collect, we feel that you should not be overly concerned with your use of their products. If you have any questions about your use of a Google service, give one of our technicians a call.

We’re all guilty of happening upon a website from which we’d like to quickly exit. Even if just the result of an inadvertently clicked link, our travels on the web will always consist of visits to sites which are best tucked in the remote corners of our memory.

If your internet adventures are taken with Firefox, here is a quick way to expunge from your browsing history those websites which you’d no sooner forget.

Two methods effectively address this need:

FIRST SOLUTION:

In the address bar, begin typing the name of the website. In the example below, we’re ridding ourselves of the “CNN” url.

Even before the full address is typed out, you’ll notice that the website – or several selections – will drop immediately beneath the address bar. Highlight those selections you’d like deleted.

Once highlighted, press the “delete” button on your keyboard. Doing so renders that site obsolete, as far as your browser is concerned, which becomes evident when attempting to type “CNN” in the address bar again.

SECOND SOLUTION:

Slightly more involved than the first method, this process sees you open your “history” window and review the entire history of your browser’s romps about the internet. To open it up, look at the menu bar, where you will select the “History” option.

From that drop down, click on “Show All History,” which opens the History Library Window.

As you’ll see, once opened, you can review your history in its entirety.

Looking at the history, you can select the website you’re seeking the removal of. Right clicking on the website will bring up a window that affords you the option to “Forget About This Site.” Like before, we’ll use the “CNN” example.

After its removal, the only way that site will return to your browser’s history is if you return to the website.

While these two methods will successfully clear your history of any sites worth forgetting, it’s best to be mindful of where you’re visiting, should you ever find that you need to delete a   website from your history.

Within the private confines of their home, away from the prying eyes of co-workers lurking nearby, the average user of a home PC figures they can surf  the internet without worrying about intruders. Spyware and Viruses are all that concern them, the installation of malware protection enough to ward off any stress about their computer’s vulnerability.

Yet, no matter how much we caution users against leaving their computers unprotected from malware, those pests are not the only threat to which your attention should be turned.  Many home networks remain susceptible to the ill intentions of unwanted visitors.

Piggybacking ranks as one of the most common offenses, the term referring to the unauthorized use of bandwidth by an outside party.  With a wireless connection, piggybackers access an unsecured network, using it as if it were their own. While piggybacking is a relatively mild transgression, usually committed by a struggling college undergrad who can’t afford internet service, it can impact the availability of bandwidth on your network — resulting in a slow response time when using the internet.

The more serious violations of network security occur when an intruder invades your network for the express purpose of retrieving private information.  Housed on your network are files of all sorts, personal data that you wish to secure against snoops and thieves. Without ample safeguards in place, unauthorized users can ferret sensitive information from your network and use it for their own design.

Many people unwittingly leave their networks open, unaware that they’re leaving themselves subject to the unwelcome motives of the internet’s less scrupulous population. Protecting yourself against these incursions is paramount, and one of the most effective ways to do so is the establishment of a  firewall.

Firewalls do exactly what the term suggests, erecting a wall of protection that shields your network from outsiders, blocking entry to those who haven’t been granted authorization. They can be implemented through software or hardware, to varying degrees, depending on just how secure you want to be.

For those looking to set up a firewall on their network, here are a couple free solutions that I like:

http://www.comodo.com/home/internet-security/firewall.php

http://www.zonealarm.com/security/en-us/free-upgrade-security-suite-zonealarm-firewall.htm

Creating a firewall can be an involving process. If not properly configured, your firewall will leave you no more protected than you were  before its installation.  Should you have any questions on how to build one, feel free to give our office a call. We are here to help you.