Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Internet Security – Permanently delete unneeded social media accounts

The attached article shares very helfpul links & advice for users who wish to close a social networking, email, or other popular INTERNET sites.  Some users may desire to start with a fresh account or permanently leave as a member of site.

http://www.pcmag.com/article2/0,2817,2386458,00.asp

Deleting accounts you’ve created on the internet isn’t always easy. Here’s how to leave several big-name services, from Facebook and Google to Netflix and Hulu.  Sadly, not all websites and social networks and online retailers are created equal when it comes to breaking up. With some, it takes only a couple of clicks to say goodbye. For a few sites, if you stop paying for the service, the site cuts ties fairly quickly. Others make you jump through more hoops. Even after you follow all the required steps, some sites never quite leave you alone, with vestiges of your relationship around forever.

No matter what you call it—deleting, canceling, removing—when you want to be rid of an online account, many sites don’t make it easy. You don’t want to rush into a breakup, but if you’re ready, we’ve compiled the links, tips, and—in the most extreme cases—the phone numbers you need to sever ties. (And let’s be clear, there’s a difference between deleting an account and just deactivating it. We’ll spell out the differences for each account, as needed.) Also, sometimes legality prevents a service from deleting everything you’ve posted publicly in the past, so remnants of your time there could remain in perpetuity

Phishing – Corporate techniques prevent realistic image files from other sites

The ISC warns of obfuscated JavaScript phishing attacks that can pull in highly realistic Excel image files pulled from outside the company’s main website.  In targeted corporate attacks, this highly realistic HTML code can to be linked into scripts that may trick users into revealing passwords.  The Excel spreadsheet security prompt for email address & password is realistic & dangerous

https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/

It is part of a phishing campaign and tries to lure the victim to provide his/her credentials to get access to an Excel sheet. Nothing very dangerous for most people. It’s a simply obfuscated Javascript code.  When loaded in the browser, it first displays a HIGH SECURITY warning.  Then, it renders the fake Excel sheet with a popup to enter an email address and password.  A good practice is to prevent hot-linking of images. Basically, you configure your web server to serve images only of the referer is correct.

Windows 10 Edge – Import favorite sites from other browsers

Below are techiques that allow saved bookmarks to be easily imported to the HUB central area that are stored in other browsers

https://blogs.windows.com/windowsexperience/2017/02/27/windows-10-tip-import-favorites-browsers-microsoft-edge/

Did you know you can easily import your favorite sites from other browsers including Chrome, Internet Explorer and Firefox with just two clicks, and see them organized in the Hub? Hub lets you to access your favorites, downloads, reading list and history all in one place.  To import your favorites, go to the Hub and click Settings on the top right. Select the browser you want to import favorites from and click Import.  All your imported favorites will show up in the Hub under the Favorites section

Security – Danger of Internet connected toys for children FEB-2017

There are dangers noted in privacy if parents are not careful with controls and supervision, as shared below

http://www.foxnews.com/tech/2017/02/28/data-from-internet-connected-teddy-bears-held-ransom-security-expert-says.html

Data from internet-connected smart teddy bears has been leaked and ransomed, exposing children’s voice messages and more than half a million customer accounts, according a security expert.  In a blog post, cybersecurity expert Troy Hunt says that an unnamed source contacted him about a data breach affecting the CloudPets range of stuffed animals. The Bluetooth-connected toys let parents upload and download messages to and from their children via an app.

The CloudPets database had allegedly been left exposed online. “Someone sent me data from the table holding the user accounts, about 583k records in total,” wrote Hunt, in his blog post. “There are references to almost 2.2 million voice recordings of parents and their children.” Hunt added that the information was sent to him by “someone who travels in data breach trading circles,” and said that others had also accessed the information. “The CloudPets data was accessed many times by unauthorised parties before being deleted and then on multiple occasions, held for ransom,” he wrote.

Steven Malone, director of security product management at security company Mimecast told Fox News that users need to think carefully about the security implications of the Internet of Things, where a wide range of devices are connected to the web. “Just because you can connect a device to the Internet, it doesn’t mean you should!” he wrote.

AMD – New Vega Radeon branded as next generation graphics cards

AMD has shared some of their future plans for the next generation chipsets for their low cost graphic card solutions designed for engineers or gamers

http://hothardware.com/news/amd-announces-radeon-rx-vega-branding-and-logo

Although we have not yet been given full access to AMD’s upcoming Vega graphics architecture, what the company has provided is the official branding for its new flagship parts. While we all knew that these graphics cards would be based on the Vega architecture, which supersedes Polaris, we didn’t know that “Vega” would actually find its way into the name of shipping parts.  Upcoming cards will take on the Radeon RX Vega branding instead of, for example, Radeon RX 470. AMD also showed off the Vega logo

Radeon RX Vega graphics cards will begin shipping during the first half of 2017 and are still built on a 14nm FinFET process, like their Polaris predecessors. However, AMD is bringing second generation High Bandwidth Memory (HBM2) to the table along with twice the peak throughput per clock compared to previous generation architecture. The Geometry Pipeline, which is now even more efficient, is also joined by a New Compute Unit and next generation Pixel Engine.

Amazon Cloud Services – Recovery from brief outage FEB-2017

Approximately 30% of cloud based applications are hosted through this facility, a major incident today temporarily impacted websites and users mostly in eastern part of USA. 

http://gizmodo.com/how-one-little-amazon-error-can-destroy-the-internet-1792828399

https://status.aws.amazon.com/

[RESOLVED] Increased Error Rates

Update at 2:08 PM PST: As of 1:49 PM PST, we are fully recovered for operations for adding new objects in S3, which was our last operation showing a high error rate. The Amazon S3 service is operating normally.

Update at 1:12 PM PST: S3 object retrieval, listing and deletion are fully recovered now. We are still working to recover normal operations for adding new objects to S3.

Update at 12:52 PM PST: We are seeing recovery for S3 object retrievals, listing and deletions. We continue to work on recovery for adding new objects to S3 and expect to start seeing improved error rates within the hour.

Update at 11:35 AM PST: We have now repaired the ability to update the service health dashboard. The service updates are below. We continue to experience high error rates with S3 in US-EAST-1, which is impacting various AWS services. We are working hard at repairing S3, believe we understand root cause, and are working on implementing what we believe will remediate the issue.

Youtube – Over one billion hours viewed daily by all users

As one of the most popular and most free streaming resources on Internet, user should always be watchful for security threats and abide in accordance with digital laws protecting artists and contributors.

http://www.theverge.com/2017/2/27/14759102/youtube-billion-hours-watch-every-day

YouTube users are now watching more than a billion hours of videos every single day, the company has announced. Put back-to-back, that’s more than 100,000 years of footage, split between the millions of YouTube users across the world. The company announced the figure in a blog post published on Monday, but said that the billion-hour milestone was actually reached last year. YouTube said that it was now focusing more on the length of time people spent watching YouTube videos, rather than the overall views a video received — an internal decision made “a few years back” that it said would help the company understand if users enjoyed a video in question.

Security – FBI life cycle report for business email compromise

As the frequency & severity of cyber-security attacks are increasing, the FBI has developed excellent documentation and diagrams releated to how these threats evolve over time.  They begin with a discovery process, followed by targeted attacks, that can lead to compromised systems.

https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise

Since 2013, when the FBI began tracking an emerging financial cyber threat called business e-mail compromise (BEC), organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems. Losses are in the billions of dollars and climbing.

At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception. But the level of sophistication in this multifaceted global fraud is unprecedented, according to law enforcement officials, and professional businesspeople continue to fall victim to the scheme.

Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, BEC can take a variety of forms. But in just about every case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.

Those techniques include online ploys such as spear-phishing, social engineering, identity theft, e-mail spoofing, and the use of malware. The perpetrators are so practiced at their craft that the deception is often difficult to uncover until it is too late.

According to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”

Malware – Ransomware attacks grow by 50 percent during 2016

In malware, one can “follow the money” in evaluating the most popular attack methods designed.  Unfortunately highly destructive malware attacks can create business down time, permanent loss of data where items are not backed up, or payment of the ransom to get data back again.

http://searchsecurity.techtarget.com/report/Recent-ransomware-attacks-Data-shows-50-growth-in-2016

Ransomware is the fastest growing malware across industries, up 50% in 2016, compared to 2015, according to new data from endpoint security provider Carbon Black. Criminal use of malicious software to encrypt files or hard drives of unsuspecting victims is so widespread that some states are enacting legislation to make recent ransomware attacks easier to prosecute. In September, California became the latest state to offer specific anti-extortion guidelines to prosecute criminals who demand ransoms, usually in bitcoins, to unlock victims’ systems. But even with the rise in recent ransomware attacks, these viruses represent only a small percentage of total malware.

Malware continued to target all industries in 2016, with manufacturing companies (21.8%), non-profit organizations (16.4%) and utilities and energy (15.6%) hardest hit, according to Carbon Black, which based its findings on data from more than 1,000 organizations, representing 2.5 million endpoints. Of the dozen or more malware families tracked, Locky, which was used in one of four recent ransomware attacks, accounted for 2.17% of total malware.

Password security – 2017 NIST password recommendations for enterprises

This article shares an informative guide for 2017 NIST password recommendations to protect corporate systems

http://searchsecurity.techtarget.com/answer/What-new-NIST-password-recommendations-should-enterprises-adopt

It’s not surprising one of NIST’s first password recommendations is PINs should be six digits long and passwords should be a minimum of eight characters, with a maximum length of 64 for more sensitive accounts. Remembering a password longer than eight characters is not necessarily easy, but NIST’s new guidelines allow the use of all printable ASCII characters, as well as all UNICODE characters, including emoji, to improve usability and increase variety. Combine this with the recommendation that users should be encouraged to create longer phrases instead of hard-to-remember passwords, or passwords based on character swaps, such as “pA55w0rd” — which may appear complex, but, in fact, are not — and it opens the way for long, complex and easy-to-remember passwords.

Also, passwords should no longer be automatically expired after a certain period unless there’s a good reason, such as they have been forgotten, or there’s suspicion they have been phished or stolen and could therefore be subjected to an offline brute-force attack. This would mean there has to be some form of monitoring in place to detect potential compromises.

There is also advice on how to store users’ passwords safely. All passwords must be hashed, salted and stretched when stored. This will dramatically reduce the ability of hackers to cost-effectively crack passwords either in bulk or individually. Systems also need to check new passwords against a dictionary of known bad choices. Administrators need to ensure this dictionary matches its users most likely choices, which depending on location and industry, may not necessarily exactly match the world’s 100 most likely passwords; having 100,000 such entries is suggested as a good starting point.