Nobody can hurt me without my permission. — Mahatma Gandhi
As I read this week’s news about Pokemon Go and how it has full access to your Google Account on your phone and subsequently online it caused me to re-examine the access that I have granted to applications on my phone. When you do this, you will be surprised at what they want to access.
Our phones each have a different way of granting privileges to applications and some give us more control over each piece than others. The scary piece is when an application wants to access your call records or to be able to make a phone call when it has no business even interfacing with that section of your device. I have seen and read about applications accessing every part of the phone in what can only be seen as poor coding on the part of the developer, a blatant attempt to infect and control your device, or a lack of knowledge on the part of the developer with regards to the actual needs of the application. If you have the access to limit what rights are given, it is in your best interest to do so. Turn off access to contacts, sms, phone calls, gps, photos, etc if the application does not need access. This will make your phone more secure and efficient, and therefore will protect your privacy and increase your level of security. It is also a good idea to periodically look at these settings in case an update changes them.
We all use our phones for contact, news, entertainment, and more. What we need to do is be aware of how someone might corrupt that process to their benefit or to our detriment. Be safe, be smart, and be aware.
Pokemon Go Has Full Access Permissions to Your Emails and Documents
Google to change app permissions for ‘Pokémon Go’ after security concerns
Senator voices concerns about ‘Pokemon GO’ data privacyIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
On the soft bed of luxury many kingdoms have expired. — Andrew Young
As time progresses and smartphone technology advances, we become ever more reliant on the power and presence of the computer we carry in our pockets. With everything it does and contains it is truly indispensable in so many ways that if we were to lose it or have it compromised we would be in dire straights.
Beyond the standard ideas of a secure pin or passcode of at least six characters and locking your device when you are not using it, there are other things to consider. One piece that many people do not think about is the authenticity and reliability of the software they install. Do you? All of the different phone platforms have an app store, and their own standards and rules for getting an app in the store. This does not always protect you as the user, and some platforms allow you to add apps from alternative sources. All of this opens us up to the chance of getting infected with malware. An application I have been happy with and been using for years is Lookout. They were recently featured on 60 minutes in a great piece about cell phone hacking. They watch and protect against malware, offer a tracking and alert option, and also a backup option for your contacts, all in the free version (iOS and Android).
There are many options and settings for protecting your phones no matter the platform or data you store and consume, so make sure to research and determine your particular needs. Remember, it is your privacy and your security at stake so it is your responsibility to make sure that anyone that wants to affect that is hindered to the best of your ability or those you enlist to aid you in this important endeavor.
How to Crack Android Full Disk Encryption on Qualcomm Devices
Apple iOS App Store riddled with malware — XcodeGhost haunts hundreds of apps
BlackBerry to Stop Making Classic Smartphone, Shares FallIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
Law-abiding citizens value privacy. Terrorists require invisibility. The two are not the same, and they should not be confused. — Richard Perle
In this ever changing time, and with the constant influx of social media platforms to choose from, everyone is likely to find something that intrigues them. We have Twitter for short thoughts, Facebook for long ones, Periscope for videos, Instagram for photos, and numerous other for everything under the sun.
If you are one to flock to a certain platform, or even multiple platforms, be aware and ever vigilant with your privacy, security, and safety as well as that of your family. Each and every platform has some level of privacy and security setting that will allow you to control what information is used and shared with other users, the platform, and possibly their affiliates. This information can be your location, your shopping and/or browsing habits and history, your posts, your photos, your personal information such as name, address, phone numbers, and email address(es). If you do use social media, put some thought into what you do want to share, and make sure to fully explore all of the settings and options for the platform(s) you choose so that you can remain as safe and secure as possible while still participating in the social expanse.
As always, your privacy and security are up to you to control. And while it takes time now, and on a regular schedule to maintain said privacy and security, the peace of mind and the knowledge that you and your family are less likely to be a victim is well worth it.
Social media apps are tracking your location in shocking detail
Location Tracking: 6 Social App Settings To Check
Social Networking Privacy: How to be Safe, Secure and Social
How Social Media Privacy Settings Could Affect Your FutureIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
There’s no harm in hoping for the best as long as you’re prepared for the worst. — Stephen King, Different Seasons
With the summer travel season in full swing and the current state of our world it is wise to be prepared for problems,which brings us to a tip I read some time ago and have had in practice since then with minor adjustments for changing technology and environments.
Think about the contents of your wallet or purse. How many credit and debit cards, id cards, medical information, passports, etc do you have or take w
hen you travel? What happens if you lose them or they are stolen? Do you have medical issues, severe allergies, medical devices? What would you do if you were in a foreign country and had to replace the cards, prove who you are, or needed medical attention after having your wallet or purse stolen? Have you ever thought about making an emergency flash drive to carry your important information securely. I have, and that is today’s tip. To make this drive you will need a few items.
- A physically small flash drive that is at least 2 GB formatted with exFat for maximum compatibility
- A copy of VeraCrypt
- Access to a scanner
The basic layout is as follows.
- Format the drive exFat
- In the root of the flash drive you will have a text file (MUST BE PLAIN TEXT) with some basic information (name, address, phone, “I AM AN AMERICAN CITIZEN”, “I HAVE INSURANCE”, include emergency contacts also) Title this file EMERGENCY.
- A file titled “Medical” that lists your medications, and allergies to drugs, foods, or bugs, as well as your primary care physician’s contact information. This document says “I HAVE HEALTH INSURANCE” at the top of it, so that you don’t run the risk of being denied treatment. If you have traveler’s insurance, put that info in here as well.
- A file of “credit card contact info” with details for each card you carry. Use this to quickly cancel your cards if your wallet is lost or stolen. Do not include the CC number, CVV, or expiration date. That data is in the secured partition of the drive.
- A scanned image copy or digital photo of your insurance card, front and back.
- A web browser. You can get portable versions of Chrome, Firefox, and other browsers that will run directly from the drive—more secure than using a public terminal loaded with who-knows-what snoopware.
- Install VeraCrypt and create a portable install on the flash drive
- Create an encrypted container on the flash drive approx 1GB in size and make sure to use a memorable but highly secure password
- In the container you will have the following items:
- Scanned copies of each of your credit and debit cards, front and back. (jpg format)
- A file titled “CCNs” that lists the account numbers, expiration dates, and CVVs of your cards as well as the toll-free contact numbers and international collect call numbers for each company. (plain text)
- The routing and account number for bank accounts, phone numbers to your local bank’s branch office. Be ready to have money wired or to freeze accounts. (plain text)
- Scanned copies or digital photos of your passport, your driver’s license, and at least one other form of state-issued photo identification. (jpg format)
Now that you have this drive, you will need to determine the best means of transport and security for the location and environment. There are drives that are “rugged” and will be fine on their own in most environments, but if you will be in a rainy location you may consider a watertight container. The drive should be on you at all times while traveling and should not be on your keys in case of theft. I carry mine in a “go tube” inside my clothing, but you can wear it as a necklace under your clothes or secure it to the inside of your clothes somehow. The idea is to have it not be subject to a pickpocket or being lost.
Facebook begins tracking non-users around the internet
Stop Facebook From Following You Around the Web
Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records
Web developers, meet WebGazer: software that turns webcams into eye-trackersIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain. — Kevin Mitnick
The past few weeks brought news of a rush of new hacks and old ones brought back to light. We saw LinkedIn, Tumbler, and Twitter with breaches in the tens of millions of accounts. We saw major celebrities get hacked from Mark Zuckerberg and Lana Del Rey, Katy Perry, the NFL, and DeRay Mckesson.
The story of DeRay Mckesson (see links) is the ultimate motivation for this tip. While most of the celebrity hacks were achieved due to poor security practices such as reused passwords across platforms, weak passwords, and not using two factor authentication (2FA) where available, DeRay was following all of the best practices and was still hacked. When you consider 2FA uses your cell number to send you a text in many cases, have you secured your carrier account with all of the available security measures they offer? In many cases someone can call in and have a new phone assigned to your number which will allow them to receive your 2FA codes and bypass your security. You should visit you cellular account and make sure to enable a security pin right away. It is free and easy and will give you that extra layer of protection that could be the difference between security and insecurity despite all of you other efforts.
As always I do suggest strong, unique passwords for every account as well as unique usernames when feasible. I also suggest unique disposable email addresses for each account if possible. To make this manageable a good password manager is also recommended.
DeRay Mckesson, activist, disavows Trump endorsement after being ‘super hacked’
Mark Zuckerberg’s Twitter and Pinterest accounts hacked, LinkedIn password dump likely to blame
Check your BITS, because deleting malware might not be enough
Researchers Turn Smartphone Vibration Motor into Microphone to Spy on YouIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
Everyone complains about the weather, but nobody ever seems to do anything about it. — Willard Scott
This month we have seen record rainfall in Texas, tornadoes in Kansas and Colorado, and earthquakes around the world. With these unpredictable acts of nature we have seen of late I thought I would talk about how we can prepare our digital lives for some of the more unforeseeable events.
Having a comprehensive backup plan in place should be at the forefront of everyone’s thoughts in today’s ever-changing and growing digital world. Local backups are great for the ease, time, cost, and convenience with which we can create and access them, but they are limiting in a disaster situation. Online or offsite backups are the next, and most logical solution to continued access and availability of our data. The costs have come down, and with the widespread availability of high speed internet access in our homes we cannot afford to not consider them as part of our comprehensive solution. Each online provider has their pros and cons, and should be researched to find what suits your needs.
Don’t look at your backup solution as only necessary for natural disasters, but to eliminate so many potential issues from theft, fire,or flood, to equipment failure, redundancy and ultimately piece-of-mind as we rely more and more on our digital data everyday.
Causes of data loss and some statistics
Thinking Inside the BoxIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else. — David Brin
This week we saw news about Google deprecating Flash in Chrome except for a chosen few websites. We also saw news of Microsoft inserting more ads onto our Start menus in Windows 10 as well as automatically scheduling our computers to upgrade to Windows 10 whether or not you want to upgrade. Finally, we have seen the headlines about Facebook censoring the news to fit their agenda.
You DO NOT have to accept this. It is your right to have a browser that does not run Flash at all (Firefox), and to not be indexed and branded. As for the Windows 10 upgrade, there are ways to still be able to run non-Windows 10 versions if you want to or need to. With all of the privacy and security issues we know about in Windows 10, I would not recommend upgrading until or unless those issues are fixed.
Now, as for the news, as Americans it is our inalienable right to free speech, and as such we should demand a fair and impartial delivery of the news no matter our political, social, or philosophical leanings. Seek out such news outlets, gather your news from the source if possible, use multiple avenues, do as you must to be informed and educated about the country and world around you so that you can make informed decisions. Demand the same of everyone you know and even those you don’t. The more informed we are as a populous, the better equipped we are to stand up for our rights and to demand the best for ourselves.
Academics Make Theoretical Breakthrough in Random Number Generation
How hackers smooth-talked their way past the security of a power company
Google to block Flash on Chrome, only 10 websites exemptIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
If you fail to plan, you are planning to fail!. — Benjamin Franklin
With the passing of Prince last week and the recent revelation that he did not have a will, I thought I would talk about some documents we should all have for our piece of mind, security, and to help our loved ones when the time comes.
As we mature and have dependents that count on us, we need to consider how they depend on us and how we can plan for our future and theirs. To ensure you have the appropriate authority in place, health care directives, and that your intentions are clearly and legally defined, the following documents are the bare minimum you will need:
- Advanced Directive or Living Will
- Power of Attorney for Healthcare
- Power of Attorney for Finances
- HIPAA Release Form
- Beneficiary designations
- Letter of intent
- Guardianship designations
These items should be professionally sourced, signed, witnessed and notarized. As a security consideration, the original should be on file with your attorney, a copy in your safe, and a copy with your executor. It is also a good idea to have scans of these in a secure format that you can take with you in an emergency. You must make sure that all of these are maintained and updated and that they are stored as securely as possible.
Dangerous Windows 10 flaw lets hackers secretly run any app on your PC
It was shockingly easy for ’60 Minutes’ to hack a congressman’s iPhone
The FBI is working hard to keep you unsafeIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
Man is still the most extraordinary computer of all. — John F. Kennedy
Yesterday was Patch Tuesday, and this week we had a major announcement from Microsoft. They announced that Flash content in Edge browser would now me click to play instead of auto playing like they have been in the past. This is a major step forward for online safety as Adobe was forced to release an out of band update for Flash to address yet another critical vulnerability. Flash has outlived its safe and useful existence and should be used with extreme caution.
My tip for this week has to do with updates and patching. If you are a Windows user, make sure you configure updates to cover all Microsoft applications and to automatically install all critical updates. and to at least notify you of other updates. It is best practice to install all updates when they become available. Also make sure you are updating your browsers since you are using Firefox instead of Internet Explorer. If you do have Flash installed, make sure to keep it up to date as well.
House committee votes unanimously for Email Privacy Act
50% of people will plug any old USB drive into their computersIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.
One person’s “paranoia” is another person’s “engineering redundancy.” — Marcus J. Ranum
March 31st was World Backup Day, so this week I wanted to talk about backups.
With the amount of information we store on our computers and phones, and the cost of storage, how can we not consider having a good backup system in place. Think about what you store from precious family photos, financial information, software and art we create, documents we write, and so many other things. What would you do if your drive failed? Would you be able to recover those precious documents? What if your computer was stolen?
It is suggested to have more than one copy on more than one type of media. For recovery speed and ease, an external drive connected to your machine is a good start. Consider fire, flood, and theft, and you would be wise to consider an off-site solution (I use CrashPlan). To be truly safe and not to trust a third party, you might consider storing something in a safe deposit box or at a trusted location.
For my most important data, I have a copy on my computer, a copy on mirrored external drives, a copy with CrashPlan, and a copy with a trusted acquaintance in their safe. All copies are encrypted before being sent and I hold the key.
The 3-2-1 rule and other backup tips
Security tips from a super-hacker: Kevin Mitnick’s advice on protecting laptops, smartphones, and moreIf you enjoy this newsletter and know anyone that would be interested in the information contained, please pass this along or subscribe here.