Google Maps Tips

The Victor crew found an article on PCMag.com about some things that you can do with Google Maps mobile app that not everyone may know about. From this app, you can add stops, you can hail a ride (taxi or Uber, for instance), travel through time in Street View, create a private map, remember where you parked. These are just a few of the tips listed along with short videos.

Ransomware

The Victor crew has heard a lot of news lately about a cyber attack nicknamed WannaCry using ransomware. Ransomware is holds an infected computer hostage until a ransom is paid, usually in bitcoin, money that is virtually untraceable. This latest attack has caused global problems. In the UK, hospitals have been attacked. In the US, FedEx fell victim. If you use a Macintosh computer you are most likely safe as these attacks are targeted at PC users. If you are still running Windows XP you are even more vulnerable as there are no more patches being made for these systems.

Here are some things you can to do to prevent this from happening to you:

Keep your computer up to date. Do the patches for your operating system.
Make sure to do security updates for your security service.
Only open attachments from the person you know and trust.
Be careful of programs or other items you may want to download.
Back up your computer to an external hard drive.
Keep copies of your files on cloud services.

If you do get infected and don’t want to pay the ransom, which has been about $300-$600, you will have to flatten your machine (reinstall your OS). If you have kept your files on a cloud service or on an external hard drive, you will have defeated them. You will need to reinstall all your programs if you haven’t backed up the entire system.

The predictions are that today there will be even more as people turn on their computers if they haven’t been kept up to date.

Sources:
http://www.foxnews.com/tech/2017/05/15/ransomware-how-to-protect-yourself.html
http://abcnews.go.com/US/simple-things-protect-ransomware-attacks/story?id=47410339

Rogue Science: Outlaw Tech

If you get the Science Channel, you might already know about the Outlaw Tech program. They explore the different ways tech is used to commit crimes. Be it heists sort of like Ocean’s Eleven, counterfeiting, or identity theft, they may cover it.

They have six hour-long episodes showing how banks, museums, casinos can be hacked. During the episodes, they show how people have defeated have cracked sensors, codes, ATMs, and computers to get what they want.

You can find out more here.

Why it’s important to keep doing your updates

The Jody Victor crew ran across an article that is truly disturbing.

A flaw in Microsoft Office given the ID CVE-2017-0199 has quite a history. This vulnerability allowed remote attackers to use Microsoft products to execute arbitrary code and take over computers. Ryan Hanson found the flaw last year. He spent some time to see if it could be made more deadly before contacting Microsoft in October 2016. Microsoft did not patch this right away. If they told people of a change in Word settings that would fix the flaw, then word would be out that there was a flaw with more ramifications.

They decided to release a fix in a later update. However, they sat on it and took their time. They started working on a solution in January but attacks had already begun. Through links in email, computers were infected with software that allowed eavesdropping. McAfee saw some attacks on April 6 of this year and blogged about it April 7. April 9, a program was for sale underground for hackers to exploit the flaw. On Tuesday, April 11, the flaw was finally patched in an update.

They don’t know how many computers were hacked or how much money was stolen before this exploit was patched. If you don’t automatically patch your PC, please do so now!

Source:
http://www.reuters.com/article/us-microsoft-cyber-idUSKBN17S32G

Can you put down your smartphone?

A few weeks ago 60 Minutes aired a segment called Brain Hacking. The Victor crew was surprised by some of the information.

Tristan Harris, a former Google product manager, compares smartphones to slot machines. Every time you pick it up and check on it, you are looking to see “what you get.” The person being interviewed, said that techniques are used to cause people to keep checking their phones and apps.

In another part of the segment, we find Ramsay Brown, a programmer who understands how the brain works and writes code accordingly. Co-founder of Dopamine Labs, tries to write apps based on the pleasure and desire in our brains. They try to find ways to keep people using apps longer or more often. For instance, he says Instagram may hold back some of your “likes” and release them in a sudden burst. They even try to figure out when the best moment to release them is. You don’t pay for social media like Facebook – advertisers do. He says it’s “your eyeballs are what’s being sold there.”

Read more about the segment.

New type of phishing attacks affecting browsers

The Victor crew came across an urgent matter. If your browser is Chrome or Firefox, be aware of a new phishing attack. An attacker can send you an email with a link to a malicious website. You could visit a site that will either infect your computer or make you think you are signing in with your credentials as they trick you into thinking you are accessing the correct site.

The people from Wordfence, a security plugin for WordPress found this last Friday, April 14, 2017. They set up a demo site to show what is happening. It is well worth it to check their article and see if you are affected and what to do. They have set up a demo using a medical site, epic.com, so you can test your browser and browser settings. You can visit their demo site here in Chrome or Firefox. To compare the demo site with the real site they faked for comparison, you can click here to visit the real site here.

This does not affect Windows or Safari browsers. Currently there is a fix for Firefox browsers. Here is what you do:

Open your Firefox browser
Type about:config in the address bar
Search for ‘puny’ (without quotes)
You should see network.IDN_show_punycode set for ‘false’
Double click it to make it ‘true’

Chrome currently does not have a fix for it.

Do you NEED a screen protector?

So you get a new iPhone, Android phone, iPad, tablet, iPod … Do you need to purchase a screen protector for it too? The Victor crew wanted to explore this after having seen a protector be the only thing that saved the phone of someone they know and talking to someone else who said they never get a screen protector.

To begin with, there are different types of protectors – plastic and glass. Glass is the pricier of the two. It can also be tempered glass. You’ll find all different type like anti-glare, carbon fiber, high definition, etc. Where do you begin?

Whether or not you get a screen protector is personal. It can help with scratches and longevity of the device. Are you hard on your device? Where do you usually keep your phone? Are you clumsy? If your phone is made with gorilla-glass you won’t have to worry.

Just be sure to get the right type. The cheaper ones may protect somewhat for scratches but maybe not as much if dropped. Thermoplastic is more durable but may not be as effective as a screen guard. Tempered glass has several layers and can absorb some shock. A glass cover may shatter on impact but your screen may still be protected. You may want to go further and find an anti-glare cover.

Geeky April Fools Day

This past Saturday was April Fools Day. The Internet wasn’t short of pranks. The Victor crew enjoyed putting together this list of some of them.

Stack Overflow had fun making this video of their Dance Dance Authentication protocol:

In case you don’t know, Stack Overflow is a site that is used by developers as a forum.

Google had fun with Google Gnome, something to make your backyard smart:

T-Mobile Onesie:

Amazon brought us Petlexa

Honda has Horn Emojis

New iPad – Flat-out Fun.

For those of us waiting for a new iPad, last week Apple announced the new iPad. It wasn’t really given a name and it isn’t an iPad Air. It has a 9.7-inch Retina display with an A9 processor. It comes in just 2 sizes: 32GB and 128GB. (We really wanted a 64GB but had to get the 128GB.) It has iOS 10.3 and Touch ID. It comes in silver, gold, or space gray and costs $29 for the 32GB Wi-Fi model and $459 for the 32GB Wi-Fi + Cellular model. For the 128GB model it’s $100 more each respectively.

Ordering began March 24 and shipping begins on March 31. Read more here. Don’t forget to back up your old device through the cloud or iTunes so you will get back all your apps!

So you want a new iPad, iPhone, or iPod

You’ve had your device for a while and it has all your favorite apps, your information, etc. What do you do? Well, if you haven’t already, you back it up to either iCloud or through iTunes.

To back up to iCloud, go into Settings then click on Backup and turn on iCloud Backup. Tap Back Up Now. You can see the information (how big your back up space is) if you look at Storage. You are only allowed 5GB of free space so if you need more, you will have to purchase it from Apple for about $0.99/month for 50GB.

The other alternative is to back up through iTunes. You will need to have a Mac or PC with iTunes running on it. Connect your device to your computer. You can still back it up this way to your iCloud or to your computer. Most likely you are doing it this way because of lack of iCloud space. Find out more here.

To restore a device from a backup, you must have all content erased from a device. Follow the onscreen setup until you reach Apps & Data screen and tap Restore from iCloud Backup or Restore from iTunes Backup. Sign in with your Apple ID if you are restoring from iCloud. Find out more here.

The Victor Crew

Keyboard Shortcuts for PC

For almost anything you do, there is a keyboard shortcut. On a PC, you usually hold down the Ctrl key + another key.

Here are some of the more popular ones used while making a document or editing:
CTRL+C: Copy
CTRL+P: Paste
CTRL+X: Cut
CTRL+Z: Undo
CTRL+B: Bold
CTRL+U: Underline
CTRL+I: Italic

If you want some other shortcuts:
Microsoft Flag button – brings up the start menu
Flag+L: locks your PC
ALT+TAB: switch between your open programs
CTRL+F5: refresh the webpage
ALT+F4: closes the current window
CTRL while dragging a file to another folder will copy it to the folder.

You can find many more shortcuts here.

The Victor Crew

Server is down

Last week, there was a major outage of Amazon’s cloud servers on the east coast in VA. It lasted a few hours and caused havoc with many websites. It’s not often that this happens, but when it does, it causes problems in many places.

If you use any of their services, you can check the status of their servers here. Even if you don’t keep your website on their servers, you can find some of your apps having problems. Think Alexa, Nest, etc. Some major websites depend on these services as well and you may find them down as well.

If you are having trouble reaching a site, you can go to isitdownrightnow.com. The home page of this site has a list of major services listed with (hopefully) a green box to let you know it is running. It includes sites such as Netflix, Facebook, Youtube, Google, Yahoo, and the like. There is also a list on the right site of sites last checked and some sites that are currently down.

Oh, and human error was blamed for the massive Amazon server outage.

The Victor Crew

Scamalot

You may have heard of the Broadway play Spamalot. But there is British Mashable contributor who has recorded a bunch of short videos called Scamalot. The premise of the videos by James Veitch is that instead of deleting spam messages he receives, he actually answers them. They are all under 4 minutes long so they are quick watch. Season 1 includes the following episodes: Gold, Poem, Toaster, Mary Gary, Novel, and China Jewelry Corp.

You can watch a season of it on Amazon video or see them on his Youtube channel.

Here is the first episode: Gold.

Yahoo!

Yahoo has recently been in the news again lately due to yet another problem with data breaches. Having a Yahoo account, this Victor crew member has received an email from Yahoo about it.
Yahoo Email
In this message, they tell me that they are investigating the creation of forged cookies. They say they are taking steps to secure accounts. They say this forged cookie may have been created in 2015 or 2016 and they believe it to be connected to the September 22, 2016 data theft. They also give some actions you can take.

They suggest using a Yahoo Account Key which is something we will investigate ourselves at a later time. This user is on the verge of dismissing this account altogether although it was my first email created back in the 90s. I have added 2-step verification as well as changed the password.

Yahoo Email
Another email as a reminder from Yahoo states a reminder to secure to secure the account. They suggest updating to the Yahoo Mail app on android or iOS. They suggest to turn off insecure apps.

Yahoo Email
As I logged into the account after the above emails, there was a link to update security settings to block apps with less secure login. I am not sure what this entails yet, but will let you know when I find out.

Cortana

Remember that email you sent telling someone you’d send them something by Friday? Oh. You forgot. Well now you won’t … with Cortana. Cortana can now help you remember these things. She will give you reminders.

Just launched last week, Cortana’s reminders work on Windows 10 and will eventually support Android and iOS. It works with Outlook.com and Office 365 work and school addresses with support for other email services coming soon.

You can also have Cortana add a reminder to your list by talking to her. Unfortunately, you cannot link them all yet if you have an Office 365 Home edition. Hopefully that is in the future as well.

Mobile Phone Number Hijacking

We’ve written a few times about password security. But what if your phone number gets hijacked? This is not having your phone stolen but rather having your phone number taken from you. You no longer can use the two-step verification because someone else has the number they have on file for it. So how does a phone number get hijacked in the first place? The Victor crew wanted to learn more.

It can start with a text that looks like it came from your carrier. It may have a number or a login page for you to enter some information. All they need is your call-in pin and they can start the process of porting your number over to their phone. You actually think you are talking to a representative of your carrier. Once they have your number, they can use the “forgot password” function of all your apps and get a code sent to them to reset the passwords. Think of all the apps you have – your bank, your email, your wallet. So what can you do?

Here are some ideas from Forbes:

  • Put a passcode on your account with your carrier. Make sure whoever you are talking to uses that passcode with you. If a hacker tries to use it, hopefully the representative is on the ball and asks for the passcode.
  • Use the mobile carrier specific email address to access the account. Forbes suggests you have an address as your current primary one, one just for a mobile carrier, and one for all your sensitive accounts like banking. This way your primary account can’t be used to steal your phone number.
  • Disable online access to your wireless account. You will have to go the store to make changes but it won’t get hacked.
  • Ask your carrier to make changes with photo ID required.

Some other thoughts:

  • Use a password manager and let it generate passwords.
  • Don’t have the same security questions on all sites and don’t answer them truthfully.
  • Do not connect your mobile number to sensitive accounts. Create a new Gmail email address and don’t connect a phone number to it. Use Google Authenticator with one-time passcode generator to use it. They suggest using a Google Voice number.
  • Use a security key. Yubikey is a physical security key device. There are also devices you use a USB port for.
  • Use biometric authentication – fingerprint for example.

Can you hear me?

Don’t say yes! If someone calls from an unknown number and asks, “Can you hear me?,” don’t say ‘yes.’ It will be recorded and they will have your voice saying yes in agreement and may use it to authorize changes on a phone bill, utility bill, or credit card bill.

The Victor crew thinks this sounds a lot like the old ‘slamming’ fraud where a phone company would ask you a few questions and if you said ‘yes’ to anything they would change your phone billing method, mostly to a much higher rate with another company.

Right now this is mostly happening in Virginia, although similar complaints came from the Pittsburgh Better Business Bureau in October.

Police are urging people that if they receive this type of call, to hang up immediately and don’t answer.

http://www.foxnews.com/tech/2017/01/27/can-hear-me-scam-has-police-urging-people-to-hang-up-immediately.html

Gmail Alert

If you use Gmail, like many others, the Victor crew wants you to be aware of a new phishing attack going around. This one is even fooling tech-savvy and security conscious people. They are trying to steal usernames and passwords for Gmail.

It starts as an email that appears to come from someone you know and may even have an image of an attachment you might think is from the sender. If you click on it, it will give a preview, like Gmail normally does but instead, a new tab will open and want you sign in to your Gmail account again. Make sure you look at the address bar and see only https://accounts.google.com… If you see “data:text/html,” before it, (data:text/html,https://accounts.google.com/ServiceLogin?service=mail), DO NOT ENTER YOUR LOGIN!

If you think you may have already fallen for this attack, change your Google password.

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
http://www.pcmag.com/news/351113/dont-fall-for-this-sophisticated-gmail-phishing-scam

Ever think about cutting the cord?

Cord-cutting refers to abandoning cable TV for streaming services. There are so many different avenues to go with this, the Victor crew thought we’d do some exploring into what was available.

One thing you can get is a Roku that you can stream many different channels from. It handles Netflix, Amazon, Hulu Plus for example. Netflix and Amazon have some crossovers, but Hulu Plus will bring you many current TV shows. Another streaming channel to consider is Sling TV for television shows. You might consider Apple TV instead of Roku. Another streaming device is Amazon Fire TV. There’s also Google’s Chromecast. You may want to find reviews on these devices and make your decision.

Another thing to consider is your Internet connection. How strong is it during peak hours? You can test it at speedtest.net or testmy.net. Do several throughout the day and evening to see how much you can handle. You may need to get an HD antenna to get the major networks in full HD.

You can find more information here.

LittleArm 2C

The Jody Victor crew found a cool little toy you can get for your fledling techie on KickStarter. It is called the LittleArm 2C. It’s a mini Arduino Robot Arm for STEM or hobby. Arduino is an open-source electronics platform. STEM means Science, Technology, Engineering, and Mathematics, so it is a teaching tool in these disciplines.

This arm comes out of a previous project that was made into a kit through 3D printing. They sent out their original kits and took in all the feedback. They came up with this new LittleArm 2C as a result of the feedback. There is also an app you can use to control the arm’s movements. You’ll have to visit the page to see all it can do!

A new kind of Phone

There’s a new phone around called the Graalphone. But it’s much more than a phone. It’s a tiny laptop, it’s a tablet, it’s a smartphone, it’s a 3D camera.

As a tiny laptop it has a 7-inch screen, a real keyboard, and a Windows based PC. As a tablet it’s an Android OS tablet. The tiny smartphone has a 5-inch screen (not so tiny). As a camera, it’s 2D or 3D with Zoom 5x and Xenon flash.

It will be available later this year. The Victor crew will keep you posted…

Another Data Breach

By now you have heard there was another data breach reported … from Yahoo. This is the biggest breach to date. A while ago they reported a breach of 500 million accounts after which they had contacted people asking them to change their passwords. It turns out there were more than a billion accounts hacked. This included names, usernames, passwords, phone numbers, emails, security questions/answers, backup emails.

If you haven’t already after the breach reported in September, you need to change your password. NOW. If you are using this email account for any other account, you need to change the other accounts as well. People tend to use the same username/email/password combinations. The Victor crew also advises you to turn on 2-step verification. That way if anyone does get into your account, you can be notified.

Bottom line, if your identity and information means anything to you, make sure to keep your information secure as you possibly can. Use a password manager. Use a different password for every site.

Here is what the latest email from Yahoo looked like:

NOTICE OF DATA BREACH

Dear [Name of User],
We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.

What Happened?
Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.

What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected.

What We Are Doing
We are taking action to protect our users:
• We are requiring potentially affected users to change their passwords.
• We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
• We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.

What You Can Do
We encourage you to follow these security recommendations:
• Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
• Review all of your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
• Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.

For More Information
For more information about this issue and our security resources, please visit the Yahoo Security Issues FAQs page available at https://yahoo.com/security-update.

Protecting your information is important to us and we work continuously to strengthen our defenses.

Sincerely,

Bob Lord
Chief Information Security Officer
Yahoo

Blast from the Past!

By now, you are (hopefully) running the latest Windows OS (if you’re not a MAC). Here is an interesting page from Richmond University for their faculty staff from 1998 – back when Windows 95 was the latest Windows OS. It shows how to open or close a window on the Windows 95 OS. Very retro.

In case the link gets taken down, the Victor crew gives you this screen shot:

Open and Close a Window

Have a Blessed Christmas!
The Victor crew

Green Monday

Okay. So today is Green Monday. What is it, you ask? The Victor crew wanted to find out too so this is what we found out. It is another online retail shopping day similar to Cyber Monday. It was first coined by eBay to describe their best sales day in December, usually the second Monday of December. Specifically, it’s the last Monday with at least 10 days before Christmas. In 2009, there was $854 million spent online. In 2014, it reached a record $1.6 billion. It is still lower than 2014’s Cyber Monday which topped out at $2.68 billion.

https://en.wikipedia.org/wiki/Green_Monday

Since we are on the Wikipedia site, we noticed for a while they have been pushing for donations. They are willing to take even just $3. They say if everyone reading it “right now” would donate $3, they would make their goal in within an hour.

Gift Giving for the Techies in Your Life

It seems there are a bunch of different lists of gift-giving this year. If you are giving tech this year, here are a few lists the Victor crew found on the web:

CNN Tech – this has a short video that shows different tech available along with some tips for different types of tech.

The Inquirer – features a list for the gamer and gadget fan in your life.

CNet – video of the top 5 gadget gifts under $100.

Popular Mechanics – has a gallery of top picks for this season’s gift giving.