I just got a call…..

You may have heard about the FREAK exploit that has been talked about lately, and you might think you are secure using the bank app, or medical records app that you downloaded directly from the Apple Store or Google Play.

A new study just released has shown that isn’t quite the  case, as the FREAK exploit is based on the encryption keys that the server you connect to, not the App on the phone alone.

Ars Technica has an article about the study, and points out that users of apps should contact the vendors to inquire wether they have corrected the app to prevent FREAK attacks.

WHAT SHOULD I DO?

1 – Upgrade your phone to the latest versions, as they have tried to prevent a vast majority of FREAK attacks in the latest versions.  The study found that even after the update on iOS, there were still 7 apps that were vulnerable.

2 – Don’t trust public wifi for secure transactions – you never know when the guy or girl next to you at the library is actually trying to hack your bank account.

SWAT – the Strategic Weapons and Tactical force

The SWAT force is called in when there is a highly volatile situation needing immediate, tactical force to deal with the situation.

However, Internet trolls have taken to using the SWAT teams around the country as their very own revenge squad.  If you are active on the internet, especially in the gamer community, you need to prepare yourself for possibly being SWATted (having the SWAT team dispatched to your home to deal with a falsely reported violent encounter).

Digg.com has a very good article explaining this, and what you should know.

Jamie Oliver – The Naked Chef probably never intended his tongue in cheek title to foreshadow the use of his website to distribute malware the way that porn sites are notorious for doing.

You might remember the post earlier in the month when I warned you of how his website was infected with malware.  Well, less than a month later, the bad guys have reinfected his site, this time with a better grade of malware.  The arms race is real, and you must be vigilant.

Malwarebytes Blog

for a purchase that you never authorized?

Would you report it on the included Transaction Cancellation form on the email?

Fake Transaction Cancellation Form – by filling this out, you give your account information and credit card information to the bad guys

 

If you have an Apple ID and have made purchases in the past, you should know that there is no Transaction Cancellation Form on your receipts.

But it looks so real!

That is the point of phishing – it makes it hard to tell when it is fake.  You have to think twice before putting your credit card information in anything you have received without your request.

Source: Malwarebytes Blog

For all of my readers that think they are safe from malware because they don’t go to “questionable” websites …. you are not necessarily safe.  Malwarebytes has discovered that the website for Jamie Oliver has been compromised by hackers and infects the computers of visitors with a drive by infection.

The site has already been cleaned up, but this is a reminder that there is no such thing as a “safe” website.

Experts are predicting that 2015 will be the worst year ever for credit card fraud, as the US begins transitioning to the EMV card standard.  The US accounts for over 47% of all fraudulent card transaction losses on 23% of all fraudulent transactions.  That is primarily because we haven’t moved to the chip card standard.

So look for your bank to be issuing you a new card with a chip in it soon.

If you are thinking that Apple Pay (the secure credit card transaction method in the new iPhones) will stop this….well not so fast.  Hackers have found a way to use the iPhones as accomplices.  They buy credit card numbers on the black market, and load them into an iPhone, eliminating the need to create fake pieces of plastic.

If you are an Apple Pay using iPhone owner, your information in the phone is not being hacked, so don’t worry.

Infoworld has an excellent article on computer security.

To summarize it for you:

1- Patch the popular software first – and do it as soon as the patch is announced

2 – Don’t fall prey to the scams (social engineering) You are more likely to get scammed from sites you “trust” than those you don’t.  Don’t EVER give information to unsolicited callers.  Know what programs you have installed and ignore threat warnings from software you don’t recognize.

3-Don’t use the same password in multiple locations.  If one site gets hacked, that password is added to the dictionary so it can be used to try to hack other locations.

4 – 2 Factor authentication has its benefits.  Sure it is a pain in the butt, but if you are concerned about the security of your information/accounts, then the additional inconvenience is worth it.

from geeksupportlive, a very nice man called to tell me that he was calling from geeksupportlive and that they are getting reports from my computer that I have a lot of viruses.  That due to the agreement that they have with Microsoft, they are contacting people who have infected machines and offering to scan them for free…..

Luckily there were a few things going for me:

1 – My Mac was definitely not reporting back to their servers that my windows was infected

2 – the words computer virus and infection do not scare me

3 – ooops their call was answered by someone who probably knows more about the computers than they do in their sweatshop call center in India

How did I get so lucky to get this call the day after I started this blog?  After putting the gentleman on hold while I went to my computer and started it up (amazing how the computer can report viruses to their server when it is not on) and then a few more minutes while I “took another call from my son” I then was directed to go to a site to download a remote management tool.

Kudos to the website administrators of ammyy.com – a free remote administration tool for putting a warning up on their website that reads:  Screen Shot 2015-01-18 at 12.06.42 PM

 

http://www.ammyy.com/en/admin_mu.html

Remote management tools are very powerful tools, and in the hands of the wrong person, can do a great deal of damage to your computer and your privacy.

NEVER give access to someone that you don’t know..

But wait, I don’t know you

well if you call me then you are the one who initiated the contact, if I ask you to load a remote administration tool it is because you have asked me for help.  Beware the unsolicited caller bearing gifts…..they might just be a big wooden horse.

Well after I read them that disclaimer, Tyson told me that I was seeing that because my computer was clearly infected because his screen was not showing that link.  He transferred me to his Senior Support Technician who assured me that I had one of the worst cases of infection that he had encountered, and that I needed to do something IMMEDIATELY!  He then directed me to showmypc – another remote admin tool – this time without the warnings…..

ooops hold on I got another call……

21 minutes later …. click

Don’t be taken in by the scammers.  I have a long list of people that I can refer you to for testimonials.