Whaling Attacks

We recently came across the term “whaling” so of course, we needed to know more about it. Here is what the Victor crew found out. It is a form of phishing aimed at high-profile business executives, managers, CEOs, etc. They are going after the “big fish.” The emails sent to them are more official looking and target a particular person. A regular phishing attack usually goes out to a lot of people trying to lure anyone. Whaling is also considered “spear phishing” where it is an attempt to target an individual person or company.

As with phishing, whaling is used to get a person to reveal sensitive information, such as login credentials, to an account. They do this by trying to scare the individual into giving this information up.

Whaling goes so far as to make a web page or email that looks like the legitimate one. You may even be enticed into downloading a program in order to view a page or to get your information. It may come in the form of a false subpoena, message from the FBI, or some kind of legal complaint against you.

Be aware of what you are clicking. If you can, hover over the link and see where it is taking you. Try putting the URL in an analyzer, such as VirusTotal or TrendMicro to see if it is safe. If in doubt, don’t click or download anything you are unsure of.

Equifax Breach – What you can do

By now you’ve heard about the Equifax breach. Something you may want to do by November 21 is put a security freeze on your account. Until then, they are waiving fees to do this.

A security freeze is supposed to block outsiders from opening an account in your name. This is different from a fraud alert which will only notify you if someone opens an account in your name (even you).

A security freeze has you adding a PIN in order to make any changes. The three major credit monitors are TransUnion, Experian, and Equifax.
Right now you can only put the freeze on Equifax for free. TransUnion and Experian will charge $10 for each. Currently there is legislation pending on making this free. If you are planning to buy a car or house you don’t want to freeze your credit just yet.

Equifax will not be calling you so if you get a call saying it is from them, it is most likely a scam.

If you enroll in their monitoring program, you would waive rights to sue if you are impacted by the breach.

Here are some links:
Equifax blog with explanation of the problem
How to put on and remove a freeze from your account
Form to fill out to get a PIN to freeze account

Deleting files

Sometimes you try to empty a folder or delete a file only to find out you can’t because something else is using it. XKCD pictures it like this:

empty file

Sometimes you think you have everything closed yet you still get this message. You may need to restart your PC to make sure all instances that may have been previously connected to it are now disconnected. Another thing you can try is a program called LockHunter. Once it’s installed, you right click on a folder or file and you will see “What is locking this folder?” or “What is locking this file?”
LockHunter

After you click that, you will see what is locking the file or folder. I right clicked on a Pictures folder and clicked “What is locking this folder?” After that, this came up:
LockHunter Dialog

I can now find out what is locking the folder and take the actions I need to try to remove it.

Passwords: should you use the one you want?

If you are looking for a password, you can check to see if the password you want to use has ever been used. Just go to the Have I Been Pwned website and look at the Passwords link. They now have a list of the passwords that have been breached. You can test your password against it and it will tell you if it’s been breached but it will also tell you it may not be a good password even if it’s not been breached.

Here is what you get if your password has been used before and found on a breach list:

Have I been pwned Pwned Passwords - yes

Here is what it looks like if it hasn’t:

Have I been pwned Pwned Passwords - no

Ever wonder about your Internet speed?

Are there times when you aren’t sure you are getting the speed from your ISP that you pay for? Running a simple test on your computer will tell you. First you need to know that the speed you receive via a computer connected through an ethernet cable may be closer to what your ISP says you have and connections through Wi-Fi will be lower.

Why would you need to do these tests? Well if you are streaming and run into a lot of buffering problems or connection problems, you might want to take a look at your speeds. Are others in your household doing things that require more bandwidth such as streaming or gaming?

Here are a few sites you can test (we are supposed to have 75 mbps up and down with FiOS):

SpeedTest.net
BandWidthPlace.com
Many ISPs have a speedtest if you want to try them – in some cases you just the need the url of your ISP then add /speedtest/ to the end of it.

Here are some results from my test.

Speed test using Speedtest.net
Speed test using Speedtest.net

Internet Speed Test by Verizon
Internet Speed Test by Verizon

Speed Test HTML5 No App Needed
Speed Test HTML5 No App Needed

Digital Cameras

You’ve heard the term megapixel many times especially with regards to digital cameras. But what does the term actually mean and is bigger better? That’s what the Victor crew wants to know. Here is what we found out.

Early digital cameras had a poor resolution and didn’t compare to regular film cameras when they first came out. Some were only about one-third to half a megapixel. So a single megapixel is one million pixels. If you are using a one megapixel camera, you will have one million pixels in the image. So what is a good size? It depends on what you are going to do with the photos. If you are only going to view them online, one to three megapixels is fine. If you want 6×4 prints, you will need at least 2 megapixels. For larger 10×8 prints you would need to go to five megapixels and even larger 14×11 prints you will need to bump that up to seven megapixels.

How do you get away with a smaller size on a computer? Most monitors aren’t usually more than 2000×1000 pixels so that is only two megapixels. If you have a 4K monitor, that is eight megapixels. So you can get away with about a 6 megapixel camera in most cases. More pixels, however will give you cropping room. You do not have to turn in your camera for more pixels.

Source:
http://www.digital-photo-secrets.com/

Google Maps Tips

The Victor crew found an article on PCMag.com about some things that you can do with Google Maps mobile app that not everyone may know about. From this app, you can add stops, you can hail a ride (taxi or Uber, for instance), travel through time in Street View, create a private map, remember where you parked. These are just a few of the tips listed along with short videos.

New type of phishing attacks affecting browsers

The Victor crew came across an urgent matter. If your browser is Chrome or Firefox, be aware of a new phishing attack. An attacker can send you an email with a link to a malicious website. You could visit a site that will either infect your computer or make you think you are signing in with your credentials as they trick you into thinking you are accessing the correct site.

The people from Wordfence, a security plugin for WordPress found this last Friday, April 14, 2017. They set up a demo site to show what is happening. It is well worth it to check their article and see if you are affected and what to do. They have set up a demo using a medical site, epic.com, so you can test your browser and browser settings. You can visit their demo site here in Chrome or Firefox. To compare the demo site with the real site they faked for comparison, you can click here to visit the real site here.

This does not affect Windows or Safari browsers. Currently there is a fix for Firefox browsers. Here is what you do:

Open your Firefox browser
Type about:config in the address bar
Search for ‘puny’ (without quotes)
You should see network.IDN_show_punycode set for ‘false’
Double click it to make it ‘true’

Chrome currently does not have a fix for it.

So you want a new iPad, iPhone, or iPod

You’ve had your device for a while and it has all your favorite apps, your information, etc. What do you do? Well, if you haven’t already, you back it up to either iCloud or through iTunes.

To back up to iCloud, go into Settings then click on Backup and turn on iCloud Backup. Tap Back Up Now. You can see the information (how big your back up space is) if you look at Storage. You are only allowed 5GB of free space so if you need more, you will have to purchase it from Apple for about $0.99/month for 50GB.

The other alternative is to back up through iTunes. You will need to have a Mac or PC with iTunes running on it. Connect your device to your computer. You can still back it up this way to your iCloud or to your computer. Most likely you are doing it this way because of lack of iCloud space. Find out more here.

To restore a device from a backup, you must have all content erased from a device. Follow the onscreen setup until you reach Apps & Data screen and tap Restore from iCloud Backup or Restore from iTunes Backup. Sign in with your Apple ID if you are restoring from iCloud. Find out more here.

The Victor Crew

Keyboard Shortcuts for PC

For almost anything you do, there is a keyboard shortcut. On a PC, you usually hold down the Ctrl key + another key.

Here are some of the more popular ones used while making a document or editing:
CTRL+C: Copy
CTRL+P: Paste
CTRL+X: Cut
CTRL+Z: Undo
CTRL+B: Bold
CTRL+U: Underline
CTRL+I: Italic

If you want some other shortcuts:
Microsoft Flag button – brings up the start menu
Flag+L: locks your PC
ALT+TAB: switch between your open programs
CTRL+F5: refresh the webpage
ALT+F4: closes the current window
CTRL while dragging a file to another folder will copy it to the folder.

You can find many more shortcuts here.

The Victor Crew

Mobile Phone Number Hijacking

We’ve written a few times about password security. But what if your phone number gets hijacked? This is not having your phone stolen but rather having your phone number taken from you. You no longer can use the two-step verification because someone else has the number they have on file for it. So how does a phone number get hijacked in the first place? The Victor crew wanted to learn more.

It can start with a text that looks like it came from your carrier. It may have a number or a login page for you to enter some information. All they need is your call-in pin and they can start the process of porting your number over to their phone. You actually think you are talking to a representative of your carrier. Once they have your number, they can use the “forgot password” function of all your apps and get a code sent to them to reset the passwords. Think of all the apps you have – your bank, your email, your wallet. So what can you do?

Here are some ideas from Forbes:

  • Put a passcode on your account with your carrier. Make sure whoever you are talking to uses that passcode with you. If a hacker tries to use it, hopefully the representative is on the ball and asks for the passcode.
  • Use the mobile carrier specific email address to access the account. Forbes suggests you have an address as your current primary one, one just for a mobile carrier, and one for all your sensitive accounts like banking. This way your primary account can’t be used to steal your phone number.
  • Disable online access to your wireless account. You will have to go the store to make changes but it won’t get hacked.
  • Ask your carrier to make changes with photo ID required.

Some other thoughts:

  • Use a password manager and let it generate passwords.
  • Don’t have the same security questions on all sites and don’t answer them truthfully.
  • Do not connect your mobile number to sensitive accounts. Create a new Gmail email address and don’t connect a phone number to it. Use Google Authenticator with one-time passcode generator to use it. They suggest using a Google Voice number.
  • Use a security key. Yubikey is a physical security key device. There are also devices you use a USB port for.
  • Use biometric authentication – fingerprint for example.

Ever think about cutting the cord?

Cord-cutting refers to abandoning cable TV for streaming services. There are so many different avenues to go with this, the Victor crew thought we’d do some exploring into what was available.

One thing you can get is a Roku that you can stream many different channels from. It handles Netflix, Amazon, Hulu Plus for example. Netflix and Amazon have some crossovers, but Hulu Plus will bring you many current TV shows. Another streaming channel to consider is Sling TV for television shows. You might consider Apple TV instead of Roku. Another streaming device is Amazon Fire TV. There’s also Google’s Chromecast. You may want to find reviews on these devices and make your decision.

Another thing to consider is your Internet connection. How strong is it during peak hours? You can test it at speedtest.net or testmy.net. Do several throughout the day and evening to see how much you can handle. You may need to get an HD antenna to get the major networks in full HD.

You can find more information here.

Microsoft 10 Event

So Microsoft has an event scheduled for October 26 at 10 am EDT in NYC. They say to join them to find out what is next for Windows 10. One can only speculate…

While we’re on the subject of Windows 10, did you know you can ‘write’ in the Edge browser and save it as a note to OneNote? If you have a touch enabled device you can use your finger or a stylus. If not, your mouse will work.

First you need to enable your “pen.” This is in the top right corner of the Edge browser.
Webnotes

Next you need to choose the type (pen or highlighter), color, and size. This will show up on the left hand side of the browser after you enable the pen.
webnotes

Then you can write on your page and save it as a note for later.
Webnotes

The Victor crew.

TOR networks and the deep web

You may have watched some crime dramas or other shows where the resident geek goes on the deep web or Tor network. Anyone can access this but you need a special browser. Here’s what the Victor crew found out:

Tor stands for “the onion router”. The web addresses will end in “.onion”. You will need to be careful because some of these sites can be nasty and contain scams. It works by anonymizing your activity so it can’t be detected. People in other countries use this if websites are blocked in their country. For instance, they may need to go to “https://facebookcorewwwi.onion/” to access facebook.com/ or “http://3g2upl4pq6kufc4m.onion/” to access DuckDuckGo search engine. you can search the web for more sites. Here is a directory we found: https://thehiddenwiki.org/ that lists some sites.

The Tor browser is slower than your usual browser but people use it to bypass censorship. The Tor Browser is a modified Firefox version that you can download here. Remember to be careful of the sites you visit.

http://www.howtogeek.com/272049/how-to-access-.onion-sites-also-known-as-tor-hidden-services/

Ever need music clip for a video?

With all the copyright laws out there, if you need music for videos, here’s a site where you can generate AI music. At Jukedeck, you can choose genre (instruments), moods, and length. They have also have a list of pre-made downloads. Every track is unique and royalty free.

If you set up an account, you can save your downloads for future use. This was originated at Cambridge University by a team of composers, producers, engineers, academics, and machine learning experts.

The downloads are free for small businesses or individuals if you give them credit or $0.99 per download without credit. For businesses with 10 or more employees the cost is $21.99 per download. If you need to buy the copyright, it is $199 and you own it outright.

Here are some samples:

Difference between Sleep and Hibernate on your PC

If you have a PC whether desktop or laptop, do you shut it down or sleep or hibernate? What is the difference?

Shut down:
When you shut down, you need to save your programs before closing them. The next time you need to use it you need to wait for the boot up process.

Sleep:
This mode will preserve your session. You can close your lid on a laptop and it will do this. On a desktop you can choose to sleep. When you come back everything will be the way you left it. Sleep is a low-power mode. The current state will be saved in RAM. The only power drawn is to keep RAM on. It will resume where you left off when you power back on.

Hibernate:
Hibernation mode works a little bit differently. It saves your computer’s state to the hard drive and shuts down completely. There will be no additional power drawn like sleep mode. When you power back up, the data it loaded to the disk will load back into RAM and resume where you stopped. It will take longer to resume to where you were but not as long as a regular boot up. Hibernate is the almost the same as shutting down but your work will be preserved without shutting it down.

Most laptops are set up to sleep when you close the lid. You can customize in your settings how long it be before it goes into sleep mode. In settings you can also set up your power button to put your computer into sleep mode. Laptops may be configured already to go into hibernation mode after so many hours in sleep mode.

Find out more.

The Victor crew

Need a small web site?

Have you ever wanted to learn how to code a website from scratch? A good starting point might be to go through a W3Schools.com tutorial. Their homepage starts you with HTML. Currently the latest is HTML5. There are tutorials, references, and examples to get you started. Along with HTML, you should learn CSS (this stands for cascading style sheets) and is what gives webpages their style – color, fonts, and other design features.

The next recommendation is to learn JavaScript and jQuery. These are the basic essentials you need to make a nice looking website. Each page would be an individual and you would have to edit these pages themselves but it is a good starting point to get your feet wet.

This is fine for a simple site but you would need to go a lot further to make a dynamic site that uses a database. You might be better off calling a professional.

Sticky Notes

Ever wish you could put sticky notes all over your monitor to remember things? Windows 10 has sticky notes you may or may not know about. You can find them by going to All Apps > Windows Accessories > Sticky Notes or just search for it.

Here are some screen shots to help.

This is how you find it:
Find Sticky Notes

This is how to make a new note from existing one by clicking the + button:
New Sticky Note

By right clicking you can change the color of the sticky note:
Change Sticky Note Color

Just delete the note by clicking the small x on the note.

Sticky notes have actually been around since Windows Vista but few people know or use them it seems. Unfortunately they are just as useful as a real sticky note as they don’t “do” anything but sit there to remind you of something. No little alarm goes off when the time on the note comes.

Last week to get your Windows 10 for free!

Well, it’s finally coming this week. After Friday, Windows 10 will cost you a mere $119.99 per machine. What you need to know is that you r should not use the Express settings. By skipping custom settings, you will be agreeing to data collection and tracking.

If you went ahead and did do express settings, you can change it. Go to Settings > Privacy > Speech, inking & typing. Click on the Stop Getting to Know Me button. You can actually go down the list under Privacy and turn off or on what you want.

Windows 10

Jody Crew

Start Coding Early

Google has a way to teach kids how to code. Not with a computer but with blocks. Called Project Bloks, it allows kids to learn some skills they need for programming.

They us a brain board based on Raspberry Pi to provide connection to the program and each individual “puck” can be the instructions that go to the brain board to move it. Toys can take any form. Check out the video:

Apple has a way to teach coding in Swift using an app on their iPad. Solve puzzles to learn the basics of Swift. Find out more here: https://www.apple.com/swift/playgrounds/

Not to be outdone, Microsoft also has a way to teach concepts using Minecraft Education Edition. You can find out about it here: http://education.minecraft.net/

We’re sure if you’re an adult you won’t get demerits for trying this out.

The Victor crew

Add your favorite sports team to your Google calendar

Ever want to plan your schedule around your favorite games so you can be there for them? Here’s how you can add the schedule of your team to your calendar so you will always be able to watch them.

First of all, log into your Google account online (this won’t work in mobile).

Click on “Other Calendars” then “Browse Interesting Calendars”

Team Calendar

Once there you can click on Sports.

Team Calendar

We chose Football then NCAA Football next.

Team Calendar

We scrolled down to Ohio State Buckeyes.

Team Calendar

Then looked at a preview of the calendar showing that Buckeyes Football starts September 3rd.

Team Calendar

Google Maps on Android

Drive home shortcut Google is adding a new feature Google Maps on your Android. It is called Driving mode. You can find out if traffic conditions are okay to get on the road or if you should wait for a while. Get ETAs, traffic updates, quickest routes, and even gas prices. It looks at your recently searched destinations. To add a driving shortcut, you will need to add the driving shortcut icon found in widgets. The feature can also be accessed through the sidebar menu of Google Maps. Tap the sidebar menu and select the “start driving” option.

If you’ve already preset home and work in Google Maps, you’ll see ETAs when you’re likely headed in those directions. On the Galaxy S5, I found the Maps and Driving mode widget under Maps. I added my home destination and it made a shortcut icon called Home. See image.

Do Not Track

Is “Do Not Track” being turned on in your browser helpful? That is what the Victor Crew wants to find out.

If you use Firefox, you will see under the privacy tab that there is checkbox to “Request that sites not track you”. When you click on Learn more, it will take you to this page: https://www.mozilla.org/en-US/firefox/dnt/

They qualify it by saying they offer a Do Not Track feature “that lets you express a preference not to be tracked by websites.” They go on to explain that it tells them you want to opt-out of behavioral advertising. This does not block ads, but it may change the type of ads you see. It may affect certain ways you view sites, like maybe the need to enter your zip code on a weather site.
Firefox do not track

In Chrome you can go to Settings and scroll down to click Show advanced settings and find it under Privacy there.
Chrome do not track

In Edge you will go to settings and go to Advanced settings and find it under the Privacy settings there.
Edge do not track

There are many sites that will honor this request, but there are many others that will choose to ignore it. We hardly think they will be honored by the likes of Facebook, Google, YouTube, Pandora, Netflix, LinkedIn for some.

The FCC has chosen not to enforce the requests in a major blow to Internet privacy for users in the past week as per a the Consumer Watchdog Petition to require the requests be enforced. http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db1106/DA-15-1266A1.pdf

What do you do when you think you lost your phone?

There is nothing more discouraging than to think you’ve lost your smart phone. All your personal information could be out there! So what to do?

Safeguarding yourself:

Android:
Make sure you have installed the Device Manager app from the Play Store. It’s not enough to just download it. You need to make sure it is connected to your Google account and that your phone is verified through it. If you stil have trouble, you may need to check your location settings. They must be turned on. You must also go into your Google settings app and turn on the settings there to find your device. When I tested mine it found it and said “Right here in your hand,” so we know this will work.
Make sure you have some sort of security in place for the lock screen. Yes it’s a hassle but it’s worth it. You may have capabilities for fingerprint reading as well.
Don’t keep files with lists of passwords in your cloud drives.

iPhone:
Download and install the Find iPhone app from the App store. Make sure you do everything to set it up. Also you will need your location services on. You should be able to find your devices from your other Apple devices or from icloud.com.
Use whatever lock methods are available to lock your iPhone.
Don’t keep lists of sensitive data available.

In the case of loss or theft:

See if your carrier allows you to suspend service (with or without billing) temporarily so you can try to locate your phone.
Log into Google or iCloud.com and you should be able to either ring your device or erase the data.
Remember, even if you suspend the data plan, it can still be used through wi-fi to wipe it to factory condition and a new number installed.

Hopefully this won’t happen to you.

Jody Victor

Ever delete something you wish you hadn’t?

If you deleted something from a cloud service and wish you hadn’t, there could be hope! So you’ve uploaded files and synced them. But maybe you accidently removed something you didn’t mean to. You may still be able to recover them depending on the circumstances.

Dropbox:
With Dropbox, the files are deleted but not moved from their location. They go hidden. If you go online to the folder containing the “deleted” file, you can unhide it. Click on the trash can icon to show deleted files. You can also right click and show deleted files. Once unhidden you can restore the files or permanently delete them.

Google Drive:
When you delete a file it will go to trash. You can click on the trash icon and see the files sitting there. You can select, right click and restore them or delete forever. There are also links on top right instead of right click. You also can Empty trash.

OneDrive:
Microsoft’s OneDrive moves the deleted files to the Recycle Bin (sound familiar?) You can restore files or delete forever from there.

We are not sure what happens to items when a folder is shared with someone and they delete an item. It may depend on who started the folder.

Jody Victor

Source: http://www.howtogeek.com/212601/how-to-recover-or-permanently-delete-files-from-the-cloud/