What would you do if you got a purchase confirmation from the Apple Store…

Millions of people and companies have old machines that they are still using.  Windows XP has been end-of-lifed for years, as has Windows 7 and Windows Vista, yet I still see people with these operating systems connecting to the internet.

Old computers, as well as old software and operating systems pose a threat to other users of the internet for a number of reasons.

Out of date software may give hackers a nice welcoming mat yo enter into your machine and take control, or steal your personal information.  It is very important that you update your software as many times the updates are to correct security flaws in the prior versions.

Many people know that flash has been deprecated (no longer considered state of the art) but how many people have deleted flash from their machines?  To be truly safe, you need to remove flash if you are not using it (because if it is there, the hackers will gladly use it instead.)

The same thing applies for older versions of Java.  Once you update your java, you should check your installed programs to make sure you are not running different versions.  Just like flash and Windows, older versions have many vulnerabilities that were not fixed, and make you a tasty target.

If you are not sure about the security of your computer systems, please contact me to schedule a security assessment.

By now, everyone knows that a URL is basically an internet address.  There are many different examples of URLs like:

  • http://helpmeclayton.com
  • ftp://mozilla.org
  • mailto://help@claytonrandall.com
  • https://aol.com

each one shows you where your destination you will get to when you click on them.  When Twitter came along and had a 140 character limit, people turned to URL shortening to be able to send links of pages where the URL was too long.  People also got tired of typing in extremely long URLs and started using the shorteners to send to friends.  Then the scammers took notice that people would click on URLs that made no sense, so they started using them to send out URLs for sites people would never click on if they were revealed.

SO WHAT SHOULD I DO?

There are services now that you can copy a shortened URL into it, and it will tell you where it is going.  like

You should use one of these sites to verify if you feel a shortened URL might sound fishy.

Another zero-day exploit in the wild.  If you didn’t update it yesterday, do it today

http://get.adobe.com/flashplayer

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

After some great feedback, I have made a couple changes to the page.  My phone number to contact me is now prominently displayed.  Seems I was making people hunt me down, now it should be easier for new clients to find me.

Reviews – The Apple Consultant Network Reviews Page requires an Apple ID to post a review.  As many of you know, I am not limited to only Apple products, and a few people have asked how to submit a review without an Apple ID.  You will now see a button to submit a review on every post and page.

I often tell people who are looking for a cheap computer that there are numerous costs beyond the purchase price to consider.

This week on 3 separate occasions this point has popped its head up.

Episode 1: A woman asked me for a recommendation for a new computer – she is an octogenarian that uses it only once or twice a year when she can’t use her Kindle to make travel arrangements.  She was unaware that she could go to websites on her Kindle Fire and be able to make flight reservations.  Instead of showing her an array of computer options, I showed her how to navigate on her tablet.  She breathed a sigh of relief that she would not have to learn a new computer operating system (her old computer was still running XP).

Episode 2: A gentleman that I helped purchase a mac mini about 3 years ago called with a problem that AppleCare had tried to help him fix but couldn’t.  In the interest of saving money at purchase time, we had gotten an inexpensive monitor from CompUSA to pair with his MacMini.  On hearing him describe his symptoms, I knew the solution was to change the input on the monitor, but he had no idea where the button for that was, and I had no idea without being in front of it to hunt for it.  He asked why he got that monitor and not an Apple one, and I reminded him that he (his daughter) didn’t want to spend as much as an Apple monitor would cost.

Epsiode 3: A coworker recently moved to an iMac and was wondering how she was going to be able to back up her computer – a matter of 3 clicks later, TimeMachine was enabled and she was impressed to learn that it would keep hourly backups so in case she accidentally deleted or modified a file, she would have access to recent changes in a very intuitive interface.

It is vitally important to consider the value of your peace of mind when looking at the cost of your new machine.  How much is your aggravation worth?

You may have heard about the FREAK exploit that has been talked about lately, and you might think you are secure using the bank app, or medical records app that you downloaded directly from the Apple Store or Google Play.

A new study just released has shown that isn’t quite the  case, as the FREAK exploit is based on the encryption keys that the server you connect to, not the App on the phone alone.

Ars Technica has an article about the study, and points out that users of apps should contact the vendors to inquire wether they have corrected the app to prevent FREAK attacks.

WHAT SHOULD I DO?

1 – Upgrade your phone to the latest versions, as they have tried to prevent a vast majority of FREAK attacks in the latest versions.  The study found that even after the update on iOS, there were still 7 apps that were vulnerable.

2 – Don’t trust public wifi for secure transactions – you never know when the guy or girl next to you at the library is actually trying to hack your bank account.

SWAT – the Strategic Weapons and Tactical force

The SWAT force is called in when there is a highly volatile situation needing immediate, tactical force to deal with the situation.

However, Internet trolls have taken to using the SWAT teams around the country as their very own revenge squad.  If you are active on the internet, especially in the gamer community, you need to prepare yourself for possibly being SWATted (having the SWAT team dispatched to your home to deal with a falsely reported violent encounter).

Digg.com has a very good article explaining this, and what you should know.

Jamie Oliver – The Naked Chef probably never intended his tongue in cheek title to foreshadow the use of his website to distribute malware the way that porn sites are notorious for doing.

You might remember the post earlier in the month when I warned you of how his website was infected with malware.  Well, less than a month later, the bad guys have reinfected his site, this time with a better grade of malware.  The arms race is real, and you must be vigilant.

Malwarebytes Blog

for a purchase that you never authorized?

Would you report it on the included Transaction Cancellation form on the email?

Fake Transaction Cancellation Form – by filling this out, you give your account information and credit card information to the bad guys

 

If you have an Apple ID and have made purchases in the past, you should know that there is no Transaction Cancellation Form on your receipts.

But it looks so real!

That is the point of phishing – it makes it hard to tell when it is fake.  You have to think twice before putting your credit card information in anything you have received without your request.

Source: Malwarebytes Blog