Every business, to be successful, must differentiate themselves from the competition.
An obvious differentiator to use is security and privacy. MS has a long history of paying little attention to security and privacy. This makes it easy for a competitor – particularly one with a history of having better security and privacy (Apple) to fill that niche.
Now with that differentiator in place, a potential buyer needs to make a decision as to what product to buy. They can weigh price, features, availability, stability, appearance, performance, compatibility, AND security and privacy.
If security and privacy are more important to the buyer than other issues, they will likely go with Apple.
A: Antivirus software typically works with your operating system. But there are a few that are specifically designed for use with browsers. As such, they are browser plug-ins or extensions. Such antivirus tools can block access to malicious websites or downloading malicious files.
My favorite is Bitdefender Trafficlight.
Keep in mind that you still need an antivirus for system protection. Again, my preference is Bitdefender antivirus.
A: You don’t. That is why they are the administrator and you are not! In any organization I support, attempting such action would be considered a breach of computer policy, with termination as the likely result.
If the user enables private browsing mode on their browser, there will be no browsing history on the computer. However, this doesn’t stop browsing history from being recorded by the office router. This cannot be bypassed. The Internet Service Provider will maintain a browsing log. This can be bypassed by using Virtual Private Network (VPN). The DNS provider will also maintain a log. This can be bypassed by switching to a DNS provider that does not maintain logs.
Keep in mind that using VPN or switching DNS provider is very easy for the administrator to spot.
A: Physically, easy. I suspect the majority of computers can physically outlive their owner.
Realistically, no. Apple (as well as Microsoft and other vendors) will continue to provide system updates for 5–7 years. Once your computer is too old to receive system and application updates, it is HIGHLY vulnerable to malware and breach.
This puts useful lifespan to around 5–7 years.
An unasked question is is it worth it to keep a computer 10 years?
If the computer is used in a business or otherwise make money, I don’t see a way for an older computer to be profitable, or “worth” keeping around. Around 15 years back I created a program that calculated the cost/benefit of a computer versus purchasing a new computer. I used this to provide hard numbers to clients. In almost every case, if the current computer was two years or older, it was the more responsible choice to replace it with a new computer. In addition to getting a new sparkly, the company almost completely eliminates technical support costs, has little to no support-related downtime, no need to pay for extended warranty, and the user can be more productive.
If the computer is not used for business or make money, and the user doesn’t mind operating in the slow lane, as long as the computer receives OS and app updates, go for it.
A: A google doc is just an html file, like a web page. Primary protection is in the form of permissions protection. Be specific who has access, and what permissions they have.
Second, having a viable backup is critical to protect against corruption, change, or deletion. For this, you need a cloud backup of your document. There are several internet providers that specialize in this, such as Backupify and SpinBackup. Yup, you will be using an internet service to backup your internet files! A local backup will be of little use.
Another option is to download your Google docs in either .pdf or Microsoft Office format.
A: It is vital to back up all of your data in case the original becomes damaged, corrupt, or deleted. To protect your data you must have AT LEAST one local and one remote backup.
A local backup is typically saved to an external hard disk drive or flash drive. You will need a drive with at least four times the capacity of the data to be backed up. This is to allow for growth as your files are edited and additional files are created. The drive needs to be encrypted. This can be done with Time Machine or Disk Utility (macOS), or Bitlocker (Windows).
The remote backup can be a drive like the local backup, but stored off-site. In many cases a better alternative is to use online backup. This can be done with Google Drive, Microsoft OneDrive, or one of the dozens of commercial internet backup tools.
ANSWER: A bit of background information is probably in order.
It is almost certain that much of what you think of as personal information is already “out there” and readily available to marketing groups, criminal hackers, advertisers, and other miscreants. Organizations such as social media, Google, your Internet Service Provider, and all major websites track your online activities. Over time, this accumulation of data creates a near perfect personal profile. This profile is sold to marketing groups and others. There isn’t a thing you can do about this – other than to be wise with how you interact with social media, and to operate with as much anonymity and security as you can whenever connected to the internet.
Some of your personal information comes from breaches of websites where you have freely provided your information. For example, health providers, banks, credit card companies, social media, etc. You can check for such breaches at https://haveibeenpwned.com. If you find a breach, again, not much you can do about it, but it is time to change your password for the site.
Almost nobody practices wise cybersecurity and internet privacy. A recent study found that the majority of adults use the same one or two passwords for everything. 85% of high school kids use the same password for everything, with almost 50% freely sharing their passwords with friends. There are some standards to put into practice:
Use a different password for EVERY site and service.
Passwords should be a minimum of 15 characters in length. Complexity doesn’t matter – length matters.
Don’t write down passwords. Instead, use a quality password manager (I’m fond of Bitwarden) to store passwords in an encrypted database.
Use multi-factor or two-factor authentication whenever it is available. For sites such as health care, banking, credit card, financials – if they don’t offer multi-factor authentication, change to another provider that does. This indicates they don’t care about security and privacy.
Don’t share your passwords with anyone.
Don’t use a non-private domain email. For example mary@google.com. Instead, spend a few dollars to set up your own private domain email, for example marc@maryxsmith.com, and make sure you have a quality email provider as your host. I recommend Proton Mail, Google, and Microsoft. Once you have this, ask your provide for help setting up your SPF, DKIM, and DMARC records. This will help prevent getting spam and help prevent your account being used to spam others.
Contact the three major credit reporting organizations to get copies of your credit at least yearly. Review for any errors, and then get them resolved.
Oh, did I mention to be smart about your cybersecurity and internet privacy? Did your eyes roll to the back of your head when you read that? It is actually quite quick and easy, once you know the How! Interested in the how? Have I got a book or two for you: Practical Paranoia Security Essentials.
A: It is almost a sure bet your child has been knowingly or unknowingly a victim of cybersecurity or internet privacy breach (if they have internet accounts).
According to a report released today (August 11, 2021) by NIST (National Institute of Standards and Technology), 87% of high schoolers use the same password for everything. 45% of high schoolers share passwords with their friends. According to the research, teens don’t see password sharing as risky behavior, but a way to build friendships and trust.
Apparently, this is not an issue with not knowing cyber best practices. Children as young as third grade know and understand why passwords are needed, and why to use and how to create strong passwords.
So, with almost 90% of children using the same password for everything (my head almost explodes just writing that), and almost half sharing that singular password with friends, is it any wonder you can bet they have been breached?
Unfortunately, if they have freely shared their password(s) with friends, there isn’t a viable way to determine if this password has been used by friends to access their other accounts. But the doors are wide open for friendly fire upon their social media, email, banking, and school accounts to haunt them for years.
This might be a great time to spend five minutes with your child to review password best practices. For those whose own memory may be a bit dusty 😉 …
Use a different password for every website and service.
Passwords should be a minimum of 15 characters.
Password complexity isn’t important. Better to have an easy to enter passphrase.
Whenever possible, enable two-factor authentication (also called multi-factor authentication). This prevents someone who knows your password from accessing your account.
Do not share passwords with anyone.
Do not write passwords. Instead, store passwords in a password manager utility, which encrypts your data. My preference is Bitwarden for all OS’s.
While you are at it, check all family member accounts for breaches by visiting https://haveibeenpwned.com. Although this site won’t tell if you have been a victim of friendly fire, it will tell if your account has been attacked.
No matter how “great” or “strong” your password, it can be broken, hijacked, or bypassed. Perhaps the most common method to usurp your password is by breaching the user database of a major vendor. For example, recent attacks include:
Audi: 2.7 million accounts
Guntrader: 112,000 accounts
University of California: 547,000 accounts
Once a major site has been breached, the criminal gains access to all of the user accounts and passwords. If the passwords are strongly encrypted, it is simply a matter of time before automated cracking software resolves that bump in the road. More typically, however, is the passwords were either not encrypted at all, or used weak encryption that can be quickly and easily broken.
Given there are currently over 11 BILLION hacked accounts sitting on the dark web waiting for criminals to scoop them up, what can you and I do?
This is where two-factor authentication (2FA) (also called multi-factor authentication) rides in to rescue the day.
With 2FA in place, even if the criminal gains access to your password, they still need the second authentication factor in order to access your account – and only you have it!
What Is Two-Factor Authentication
2FA is just a second way that you can provide proof you are authenticated to access an account. The first way is knowing the password.
The second method can be:
Knowing a one-time-use code that is sent to your email.
Knowing a one-time-use code that is sent to your smartphone via text or voice.
Knowing a one-time use code that is randomly generated every 30 seconds via software or a hardware key.
Knowing a one-time use code that was given to you when you registered for 2FA on the site.
Best Practices currently recommends against codes sent to your smartphone, as they are easily intercepted.
A Business Email Compromise (BEC) is any type of cyber attack using email that in itself does not contain a malicious attachment. Although there are many different BEC attack vectors, the dominant one is spoofing, used in almost 50% of all BEC attacks. In a spoofing attack, the criminal sends an email that appears to be from a high-ranking member of the organization, requesting a transfer of funds.
A few statistics to act as a wake-up call:
In a recent survey, 71% of organizations acknowledged experiencing a BEC attack over the past year.
The FBI’s Internet Crime Complaint Center reports that in 2020 there were 19,369 BEC complaints, with losses of approximately $1.8 billion.
One of the largest BEC losses came to Nikkei, the Japanese media group, in the amount of $29 million.
A BEC attack generally works like this:
The criminal acquires the name and email address of a senior-level executive within an organization.
The criminal sends an email, spoofing the name and email address of this executive, to their executive assistant or the accounting department, requesting that monies be sent to some account outside of the organization.
Because this email appears to be from a senior-level executive, there is often no expenditure authorization policy in place to limit amounts, and no requirement for secondary approvals.
The monies are sent to the requested accounts, which are immediately cashed out by the criminal.
What Can I Do To Help Prevent an Attack
Expenditure Authorization Policies
Although it will likely result in a few bruised egos, and introduce some time delays, it is vital that expenditure authorization policies mandate that any significant financial request, from any member of the organization–even the owner, president, or CEO–must be cleared through a secondary approval process. Even something as simple as a required video call to the requestor could block most of these attacks.
Staff Education
As part of staff continuing cybersecurity and internet privacy training, all staff should be educated on how a BEC attack works, and what the new expenditure authorization policies are.
Technology
The corner stone of a BEC attack is the ability to send an email that appears to be from a legitimate source. We do have technology that can help stop this from occurring. These go by the terms Sender Policy Framework (SPF), Domain Keys Identified mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC).
If your eyes just rolled up to the back of your head, I understand, but stay with me.
SPF is an email validation system. It provides a mechanism to authorize servers and services to send email using your domain. This allows a receiving mail server to verify that incoming mail from a specific domain is coming from a host authorized to send that mail. If a criminal sends email to you with spoofed “from” information, your email server can validate or invalidate the authenticity of the incoming email. This prevents email from a forged or spoofed address from reaching an inbox.
DKIM accomplishes much the same as SPF, but from the opposite direction. It provides a mechanism for the receiver to verify that an email stating to have come from a server which has been authorized to send mail for a specific domain via SPF is indeed the server that is sending the email.
DMARC is a configurable policy that determines how to deal with email that has failed the SPF or DKIM validation.
In a nutshell, SPF authorizes a server to send email on behalf of a specific domain, DKIM authenticates the sending server, and DMARC determines what to do with the email if it fails authentication.
Configuring SPF, DKIM, and DMARC doesn’t require an IT professional. Your email service provider may be willing to set it all up for you. Better yet, do it yourself and be certain it is done properly! The entire step-by-step takes only four pages and less than an hour of your time. Where can you find the steps? They are assignments 13.11.1 through 13.11.4 in any of our current Practical Paranoia Security Essentialsbooks.
Oh! I almost forgot… You can now become master of your cybersecurity and internet privacy even if you wouldn’t know an SSL from a TLS (ok, nerd humor isn’t even funny to other nerds). In just 1 hour a day over 10 days with our Practical Paranoia Online Workshops. If you can tap, double-tap, and save a file, you can quickly and easily secure your computer, tablet, phone, data, and communications using the same steps as used by governments, military, and big business. All you are missing is knowing the how. Lucky for you, we’ve got the know-how to spare, and we will share it all with you in the workshop.
Register by July 31, 2021 and receive 55% discount.
It doesn’t take an Apple Genius, Google Guru, or Microsoft Engineer to help secure your devices, data, and communications.
If you can tap, double-tap, and save a file, we can walk you step-by-step through ensuring your cybersecurity and internet privacy to industry standards.
Register NOW and receive a 55% discount – only $125 for any workshop in August. https://thepracticalparanoid.com
There was a time, not so long ago, where most IT administrators mandated that every password for everything be changed every three months.
In my specific case, I currently have 940 passwords in my password vault. That means I would be changing at least 10 passwords every day. And getting very little else accomplished!
Thankfully, someone took a deep breath and gave some time to actual critical thinking about the whole password life span issue. The conclusion? Unless a password has been breached, or you think it could have been breached, no need to change it for…ever.
That is right. According to the current guidelines by most of the major US government IT overlords, you never need to change a password unless it may have been compromised.
But, that answer isn’t really quite that simple.
First, there are plenty of old-school IT administrators in the field who refuse to do their own critical thinking, and insist on mandating password changes every X months. Good luck getting these folks to wake up.
Second, this guideline assumes your password habits are healthy. What are healthy password habits?
Every website and service uses a unique password. No password is used more than once.
All passwords are strong. “Strong” is defined differently by different standards-setting organizations. But a good generalization is a minimum of 15 characters. A password of 123456789012345 is technically as strong as $g1A7^bY0&qX4%r.
No password uses a part of your name, address, phone number, social security number, pet name, or is otherwise guessible.
This is far easier than the old-school rules of:
At least 1 upper-case letter
At least 1 lower-case letter
At least 1 number
At least 1 special character
At least 1 drop of unicorn blood
But now you have a trove of passwords, at least 15 characters in length, none of which are rememberable.
What to do?
Use a password manager to do the remembering for you.
If you are a Mac user, macOS, iOS, iPadOS, and Safari work together to remember and autofill your passwords.
If you are a Windows user, Edge will remember and autofill your passwords.
Brave, Firefox, and Chrome also have their own built-in password managers.
However, my recommendation is to use Bitwarden. Bitwarden is a third-party free/for-fee password manager and Multi-factor Authentication utility (free for password management, for-fee to access the MFA). It works with almost all browsers, all OS’s, and across all of your devices. So a password created on my iPhone is immediately available to my Chromebook, Windows PC, MacBook, and Android tablet. For less than what you will find in your couch cushions, you can have peace of mind in the password department.
As of Thursday, July 21, 2021, the short answer is YES. As reported by CNN, a federal judge forced a January 6, 2021 US Capitol rioter Guy Refitt to sit in front of his computer to allow face recognition to unlock the computer. The prosecution stated that the computer most likely held video footage of the riot from the helmet cam worn by Refitt. Whatever your views and politics are regarding the Capitol riots, this is seen a blow for cybersecurity and internet privacy. Whether or not law enforcement could force a person to unlock their computer or mobile device has long been a hotly contested issue. This federal ruling will add weight to the debate over using face recognition. However, the question over having to enter a password is still in the balance.
What Does This Mean For Me?
I have long recommended to clients that they NOT use biometrics for computer or mobile device log in. My primary reason is that biometrics (Face ID, Touch ID) can be easily circumvented. It now looks like biometrics provide little protection against law enforcement penetration as well.
Stop Being the Victim of:
Data Loss
Ransomware
Malware
Hackers
Malicious Websites
Identity Theft
and Stolen Passwords
Take Control of Your Cybersecurity and Internet Privacy
Just 1 Hour a Day for 10 Days
The Easiest, Fastest, Step-By-Step DIY Course Available
Includes the Best Selling Practical Paranoia Security Essentials Workbook and Private Instructor Hours
Starts August 2, 2021
55% Early Registration Discount until September 31
Surveillance technologies now available– including the monitoring of virtually all digital information– have advanced to the point where much of the essential apparatus of a police state is already in place. – Al Gore
The manufacturers or developers (such as Apple, Facebook, Google, etc.) and carriers (Verizon, AT&T, etc.) for each party can intercept any traffic that crosses their networks. This interception may extend to any third parties that work with your carrier, such as contractors or subsidiaries. In addition, your local, state, and federal government monitor data in dragnet-style snooping.
How can you communicate easily and securely?
If you are interested in cross-platform, end-to-end encrypted, text, voice and video conferencing solutions, a few options are available.
Wire and Signal are our choices for end-to-end encrypted voice, video, instant messaging, and group communications. Both provide end-to-end encrypted communications between Android, Chrome OS, iOS/iPadOS, macOS, and Windows.
Wire is a for-fee commercial service. It offers a free 30-day trial.
Signal is an independent nonprofit that provides its product and services for free. We use Signal for the rest of this blog.
HIPAA Considerations
HIPAA is concerned about securing Protected Health Information (PHI) from leakage, but at the same time, requires that instant messaging have an audit trail. This requires that all messaging be logged to a centralized server so the log can be reviewed. In addition, HIPAA requires that the vendor be willing to sign a Business Associate Agreement (BAA). As a BAA puts the vendor at a potential liability should their service or software be found responsible for leaking protected health information, you will not find free or inexpensive software that meets HIPAA compliance requirements.
Most readers of this blog want to leave no record of an encrypted conversation, and have no need of a BAA.
If your instant messaging needs include HIPAA compliance (this requires meeting Joint Commission guidelines), then the rest of this blog does not apply to you. I recommend you perform an internet search to find and assess the few options available. Then work with an IT expert to implement your HIPAA-compliant program.
Signal
Signalis a free platform for peer-to-peer (no centralization) and group secure, end-to-end encrypted communications using instant messaging, voice, and video.
Install Signal
In this assignment, you create a Signal account. This account allows you to make fully secure, encrypted instant messaging, voice calls, and video conferences with friends and business associates.
Prerequisite: If you wish to use Signal on a Chrome OS, macOS, or Windows computer, you will first need to create a Signal account registered on an Android or iOS mobile device (performed in this assignment).
Download and install Signal onto a mobile device
On your iOS or Android mobile device, open a browser window to https://signal.org.
Tap Get Signal. If using an iOS device, the App Store opens to Signal-Private Messenger. If using an Android device, the Google Play Store opens to Signal-Private Messenger.
Download and Install Signal to your mobile device.
On your mobile device, open the Signal
Follow the onscreen instructions to complete the registration process.
Open the downloaded installer file and follow the prompts to install the app.
Launch Signal.
Signal displays a QR code.
If using an iOS mobile device, open Signal.app > Signal Settings > Linked devices > Link New Device. If using an Android mobile device, tap the + button.
Use your mobile device to scan the QR code.
Assign a name for your Linked Device, then tap Finish.
Your Signal desktop app is now ready to use!
Invite People to Signal
Before you can communicate with someone else using Signal they must also have a Signal account.
In this assignment, you invite someone to install Signaland create an account.
Prerequisite: Access to your mobile device with Signal installed.
Open Signal on your phone (invitations do not yet work with Signal Desktop.)
Tap your profile picture in the top left corner > Invite Your Friends.
Select to send either a Message or
A list of all your phone contacts appears. Select the target contact(s), then tap
A new emailmessage is created with each of your target contacts listed in the Bcc field, with a link to downloadSignal on their phone.
Customize the emailto your taste, then tap the Send
Once your target contacts have installed Signalon their phone, you receive a text from Signal they have joined, and their name appears in your Signal Contacts
Secure Instant Message with Signal
In this assignment, you instant message your new Signal friend.
Open Signal (for this assignment, on your computer.)
From the sidebar, select the desired Contact.
In the main body area of the Signalwindow, at the bottom in the Send A Message, enter a text message for your contact, then tap the Return The message is sent to your contact and received in seconds.
Secure Voice or Video Call with Signal
In this assignment, you make a secure, encrypted voice call to a Signalfriend.
Open Signal.
Select a Signalcontact to call.
In the top right corner of the Signalwindow tap either the phone or the video
Tap the Start Call
On your friends Signaldevice, they hear their device ringing, and an Incoming Call message in if they wish to answer, they tap the SignalPhone icon.
The two of you can now speak in complete privacy (even better than Maxwell Smart’s Cone of Silence).
If you are a Mac user, but also need to run Windows, there are several easy ways to do it all on one machine.
However, if you are on Apple silicon (M1) Mac, and want to run Windows 11? So far the path has hit a brick wall. Parallels promises to have a version out when they have mastered how to do it. But what if you just… can’t… wait?!
I may just have to magical codes to deliver.
My thanks to ytechb.com for most of the pointers.
WARNING: Windows 11 is still in beta/preview development. This is not stable software (oh, hell. When is Windows all that stable anyhow?)
WARNING: These steps require making changes to your registry. This is not something to be taken lightly. However, the changes are minor.
PREREQUISITES:
An Apple silicon Mac with all current updates.
At least 22 GB free space on your boot drive.
Parallels (current version).
Internet connection.
Download and install Parallels from https://parallels.com.
Download and install Windows 10 Insider Preview from https://insider.windows.com/en-us/
From Parallels, install the Windows 10 Insider Preview.
Run Windows Update to verify you have the latest version of Window 10 Insider Preview installed.Normally, this is as far as you can currently go with updates, as Windows 11 Insider Preview will not install on an Apple silicon Mac. But there are two brick walls we are going to go through like they were butter.
Open the Windows Registry Editor, then go to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > WindowsSelfHost > UI > Selection.
Double-tap on UIBranch, then change the value to Dev.
In Registry Editor, go to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > WindowsSelfHost > Applicability.
Double-tap on BranchName, then change the value to Dev.
Close Registry Editor.
Restart Windows.
Go to Windows Update Settings > Check for Updates.
The Windows 11 Insider Preview will be seen as available.
Tap the button to download the Windows 11 Insider Preview.
The download will start, but will soon pop-up an error message that Windows 11 cannot be installed as there is no TPM 2 chip found (Macs do not have a TPM chip, although they have their own hardware security chip in use).
Don’t close the error message.
Open File Explorer, then search for AppraiserRes.dll.
When AppraiserRes.dll is found, open the parent folder, drag AppraiserRes.dll to the desktop, then delete the found AppraiserRes.dll. KEEP THIS PARENT FOLDER OPEN.
Go back to the error message and click Continue.
In the Windows Update window, tap the Fix issues button. The Windows 11 installer will continue downloading.
An Almost Ready message will appear. You can close it.
Once the download has progressed past the point it had stopped earlier (probably around 10%), you can drag and drop the AppraiserRes.dll back into the folder in which it was found.
When download has completed, an alert will prompt to Restart Now. Tap this button to restart.
Once restarted, Windows 11 will continue to install.
When back to the desktop, return to Windows Update Settings > Check for Updates, and check for additional updates.
When the updates download, you are done, and have Windows 11 Insider Preview waiting to be used.
Click the Play button below for the audio version of this posting.
On the Fourth of July, Americans celebrate independence, declaring we are no longer subject and subordinate to the monarch of Britain.
But today we are subject to greater tyranny through constant internet surveillance and breach of our online privacy. We are at the mercy of our government, Facebook, Google, cyber criminals, and other bad actors intent on knowing, seeing, and recording our every digital nanosecond.
Time for an updated Independence Day.
I’m Marc Mintz, Project Director for The Practical Paranoid (TPP).
TPP and I have worked to enlighten the public that it does not take an Apple Genius, Google Guru, or a Microsoft Engineer to secure your systems, data, and communications. Almost everything the government and big business do to ensure their cybersecurity and internet privacy can be done for you, by YOU, for less than what we spend on coffee. And in just a few hours.
Our Practical Paranoia Security Essentials books have been showing non-technical users how to do this for over eight years.
The number one comment we receive from buyers of Practical Paranoia Security Essentials books is how surprised they are at how fast and easy it was to secure their phone, text, email, browsing, and entire digital life.
Yay!
The second most common comment from buyers is how intimidating Practical Paranoia books appear. Some buyers never jump into using a book after they purchase it.
Ouch!
With release of five new operating systems this year – Android 12, Chrome OS, iOS 15, macOS 12, and Windows 11 – we needed to remove the intimidation factor so that everyone could learn how to protect their data, communications, and privacy. And we did it.
Announcing five brand-new Practical Paranoia Security Essentials Online Workshops that cover all the new OS products.
Protecting your digital life is as important as locking your home and carrying a driver’s license.
There are three paths to cybersecurity and internet privacy:
You can pay a certified cybersecurity professional to do all the work that you will do in a TPP workshop. But pros cost $1,000-$4,000.
You can buy the Practical Paranoia book and DIY for only $64.95. But you would have done it already if it weren’t for that pesky intimidation factor.
Now you can do the work on your own–but with an industry leader guiding you in a workshop– the only workshop of its kind available anywhere at any price.
Think you don’t have the skills or background knowledge to do your own cybersecurity? We designed each workshop for the non-technical computer, tablet, and smartphone user. If you can tap, double-tap, and save a file, this course was made for you!
Each OS workshop consists of:
A series of 7 to 10 one-hour classes on Zoom
A copy of the latest best-selling TPP book, a $64.95 value
Our August beta workshops will be presented live by an industry expert who has taught technology courses internationally
Each class is recorded for students to access if they miss the live session
Easy hands-on assignments to harden your security and privacy to industry standards
AND Private Instructor Hours via Zoom to help you over any rough patches
The Practical Paranoia Security Essentials Online Workshops are only $275. And, it gets even better!
If you register for any of our first beta workshops in August 2021, your cost is only $125 for any workshop. Registration for beta workshops is limited and will close quickly.
Protecting you, your family, and your business cybersecurity and internet privacy is fast, easy, and inexpensive. You may even have fun doing it!
Nine Android apps with a combined downloaded of over 5.8 million have been removed from the Google Play Store for stealing users’ Facebook credentials.
The apps are:
PIP Photo
Processing Photo
Rubbish Cleaner
Horoscope Daily
Inwell Fitness
App Lock Keep
Lockit Master
Horoscope Pi
App Lock Manager
These fully functional apps performed their theft by requesting users to log into their Facebook account in order to disable in-app ads.
As a general cybersecurity and internet privacy guideline, never log in to one account in order to access another account or features of another account. The most common example of this is when a newly installed app requires creating a user account, and gives the option of creating an account on the app site, or using your existing Google account to log in.
What To Do If I’ve Installed One of These Apps?
Uninstall the app.
Change your Facebook password.
If you do not already have it, enable two-factor authentication with Facebook.
You Know You Need Cybersecurity and Internet Privacy for Yourself, Your Family, and Your Business, But:
I can’t afford to hire a qualified cybersecurity professional.
I’ve bought the DIY books, but they are too intimidating.
I don’t have the time to DIY, and besides, even if I did find the time, who would help guide me when I get confused.
Unless you have been living in an ice cave (hmmm, perhaps I’ve been using that phrase just a tad too often), you already know how vital it is to keep your operating system and applications fully up to date. This is because most updates include security enhancements and patches to vulnerabilities.
But few people give thought to updating the firmware of their routers and modems–and this is perhaps even more important. Because if there is a vulnerability in your router or modem, a bad actor can have full access to your network and all the data that travels along it.
And that has just happened, again.
Microsoft discovered a bug in Netgear router firmware that could give the bad actor access.
But this article is not to point the finger at Netgear. These vulnerabilities crop up on almost all software and firmware. This article is about pointing the finger at your modem or router, and question when was the last time you verified the firmware is up to date?
Every modem and router – even from the same manufacturer – may have wildly different interfaces to check and update firmware. Because I have a CenturyLink ActionTec modem and an ASUS router on my network, I’ll use them as examples.
CenturyLink Modem
Log on to the modem. In most cases, this is done by opening a browser, then entering the modem IP address. This is often 192.168.0.1.
Select Utilities, or sometimes Advanced or Administration.
In the case of this modem, then select Upgrade Firmware from the sidebar:
Tap Download to download the firmware from the manufacturer to your computer.
Tap Choose File to locate and select the downloaded file.
Tap Upgrade Firmware to upgrade your modem.
In a few minutes, the modem will reboot with the latest and greatest firmware installed.
ASUS Router
As with the CenturyLink modem, open a browser to the IP address of the router. This is often 192.168.0.1.
Log in to the router.
Tap Administration.
Tap Firmware Upgrade. In the case of modern ASUS devices, they have the option to automatically check daily for updates. You can see that I have my Auto Firmware Upgrade switch set to On.
To manually check or to verify, next to the Check Update text, tap Check.
If there is a new firmware available, tap Download.
Once the download completes, tap Upload.
In a few minutes the router will reboot with the latest and greatest firmware.
How Often Do I Need to Check for Firmware Updates?
Your operating system can be configured to auto-check daily. The macOS App Store can be configured to check for application updates constantly. Although Windows doesn’t have a built-in updater for app acquired from other than the Microsoft Store, there are free automatic updaters available. But your modem and router will require manual checks (unless you have one of the few that automatically updates).
I recommend putting this on your monthly tickler file, so that your firmware is never more than a month out of date. Of course, more often wouldn’t hurt 😉
I just love it when with just a few mouse taps I can add a solid layer of security to all the devices under my roof. It’s just icing on the cake when it’s free!
The Problem
All of the internet-connected devices under your roof need to communicate over the internet in order to function. This includes computers, tablets, smartphones, webcams, smartwatches, smart doorbells, smart thermostats, printers, and more.
With your computers, tablets, and smartphones, you can add a layer of protection against malware by installing quality antimalware software. But what about your printer, smartwatch, doorbell, thermostat… you get the picture. Each of these smart devices are open to a breach, and few offer any option to install or configure security.
The other possible problem is adult content. Should you be a parent that would prefer little Jane and Johnny to not have access to adult content, it can be a full-time job playing content cop.
The Solution
All of your home and business devices must connect to the internet through your router. Inside of each router is a setting specifying which Domain Name Server (DNS) the router will use to learn where to direct this internet traffic. If a DNS server was knowledgeable about which web addresses held malware or adult content, the DNS could pass this info along to the router, blocking access to these sites.
Lucky you! There are DNS servers with this knowledge, and Cloudflare offers them at no charge.
The How To
If you would like to block known malicious and adult content sites from all of your home and business devices, you just have to change your router DNS settings. By default, most routers use your internet provider’s DNS servers. You will change this IP address to those of Cloudflare.
CenturyLink Modem
Every router has a unique interface. In the example below I’m using a CenturyLink Actiontec C3000A.
Log in to the modem. If you aren’t familiar with the process, call your internet provider for instructions.
From the menu bar, select Advanced Setup.
From the sidebar, select DHCP Settings.
In the main area of the page, scroll down to 5. Set the DNS servers allocated with DHCP requests.
From this area, select Custom Servers.
For malware only protection, set the Primary DNS to 1.1.1.2, and Secondary DNS to 1.0.0.2. For malware and adult content protection, set the Primary DNS to 1.1.1.3, and Secondary DNS to 1.0.0.3
Tap the Apply button.
Your modem may reboot. The protection will be in place immediately.
It’s Your Data… Protect It
Most people ignore their cybersecurity and internet privacy because they think it is too difficult or expensive. But what if it was fast, easy, and (almost) free? Our guides have been written by certified experts, with step-by-step illustrated instructions so that even a child can harden your security like a pro.
Visit https://thepracticalparanoid.com for the easiest, most comprehensive cybersecurity and internet privacy guides you can buy. Guaranteed!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.