iOS 11 has just been released. Are you and your company prepared to secure your device, data, network, and identity when it arrives on your iPhones and iPads?
Practical Paranoia iOS 11 Security Essentials is the go-to guide to fully securing the home and business mobile devices. Written for the non-technical user, while covering everything expected of the IT professional. We have eliminated all of the technobabble, and included easy, step-by-step illustrated guides for every area of security for your device.
ANDROID GO KEYBOARD APP FOUND SPYING ON 200M USERS
As reported in betanews September 21, 2017 https://betanews.com/2017/09/21/go-keyboard-spying-warning/ the very popular Android Go Keyboard app (200 million installations) is sending personal information about users to remote servers. Making matters potentially worse is that the app is using a technique to download dangerous executable code that is prohibited by Google. Oh, and did I mention this is a Chinese developer?
There are two versions of the app on Google Play–GO Keyboard, Swipe input, GIFS, and GO keyboard – Emoticon keyboard, Free Theme, GIF.
It is strongly recommended to uninstall both of these apps immediately.
macOS 10.13 (High Sierra) release is just a few days away. Are you or your company prepared to secure your data and identity when it arrives on your Macs?
Practical Paranoia macOS 10.13 Security Essentials is the go-to guide to fully securing the home and business Macintosh computer. Written for the non-technical user, while covering everything expected of the IT professional. We have eliminated all of the technobabble, and included easy, step-by-step illustrated guides for every area of security for your computer.
Q: If the attorney at my office reads (Outlook) emails, where is he reading them from, an archive? Will he have access to sent email if both parties permanently delete it right away?
A: The issue is a bit deeper than may initially appear.
Assuming this is company email, it has been determined by the US court system that it is the property of the company, not the employee. This means the company has full ownership over not only the mail system, but anything and everything that you may send/receive via this system. They also have the right, and in many cases, the responsibility, to audit how the system is being used. This includes reading both sent and received email and attachments.
This is not typically done by the company attorney, but someone in the IT department. Often the Chief Information and Security Officer or one of their assistants.
If the email system is implemented well, even when you have deleted an email, it is only deleted from your eyes. The administrator will have full access to any deleted email. This is a legal requirement in HIPAA covered entities (healthcare providers) and SEC covered businesses (financial organizations). This is not from an archive, but a security vault that is built into the email system.
As an aside, the same is true for everything you do and store on your computer.
It is a wise practice to only do business on business computers and network. I recommend to my clients that even employee personal phones not be allowed on the company network. This is a security precaution, as there is no way to know the integrity of the personal mobile device. If it has become compromised, it can easily harvest data from the company network, and transmit this data to the penetrator.
Q: BECAUSE ALL OF OUR PERSONAL INFORMATION WAS ACCESSED IN THE EQUIFAX SECURITY BREACH, IS THERE ANY POINT TO BEING CAREFUL WITH YOUR PERSONAL INFORMATION?
A: When you leave your house, I assume you lock all of the doors, close all the windows. This is despite the fact that every day thousands of homes are broken into by throwing a rock through a window, picking a lock, knocking down the door, or driving a car through a wall.
Or how about when your body becomes ill. Do you simply throw up your hands and say well, death will come to me at some point, might as well give up now. Or, do you see your doctor and get treated?
Everything in life is a cat and mouse game. Don’t give up just because the chase is on. For some of us, this adds some interest or excitement to the game.
It is important to continue your security and privacy protection in all that you do. Both in the analog as well as the digital world.
Q: HOW MANY SIMULTANEOUS USERS CAN A SINGLE ACCESS POINT SUPPORT?
A: This varies by device model.
Some low-end units can only support 10 concurrent connections. Mid-range consumer units around 50. Prosumer models such as the Asus RT-AC5300 can have a bit more than 200. Once you move up to professional model – such as Cisco – they can at least in theory support a few thousand.
A: I hope you will forgive that I am side-stepping your question, as I think it is the wrong question.
Computers are tools. The purpose of a tool is to extend or expand your reach, power, speed, capabilities, so that you can do things you could not otherwise do.
If your tool costs you $1,000, and makes you $1,000,000 in a year that you could not have otherwise realized, do you really care that the tool lived only a year and a day?
So, again, the question isn’t which OS will make your laptop last longer, a more appropriate question is which OS (and hardware) can make you last longer, jump higher, and run faster.
The answer to that question is different depending on your computing skills, resources, and what you are interested in accomplishing. In my own personal case, I’ve worked on everything from IBM 360 mainframes to macOS. I’ve made more money, gained greater industry recognition, and do more interesting things with macOS than with any other OS. But most of those I work with would say the same thing about Linux or Windows.
PRACTICAL PARANOIA MACOS SECURITY ESSENTIALS (ALL VERSIONS) UPDATE: INTERNET ACTIVITY & SOCIAL MEDIA
There have been very significant recent changes in the VPN field, as well as how Facebook and LinkedIn work to help ensure your security and privacy. Practical Paranoia macOS 10.13 Security Essentials (released 9/18/2017) has been fully updated to reflect these changes.
If you are using earlier versions of the book, you may download the updated chapters here.
Credit Karma is one of the largest credit monitoring services. Together with the new identity monitoring, it provides an excellent option to continuously track the two areas likely to be compromised – for free.
To sign up for the free Credit Karma credit monitoring, and to be notified of the free identity monitoring service, visit https://www.creditkarma.com/.
But just 60 seconds of research finds that Ms. Mauldin has no education credentials in the technology or cybersecurity fields. Instead, she holds BA and MA in music composition. These are fine educational backgrounds for creative positions. But perhaps not so fine when the identity and credit of every US citizen is dependent on the responsible management of technology and cybersecurity.
Since this revelation, Ms. Mauldin’s LinkedIn page (https://www.linkedin.com/in/susan-m-93069a/) has been changed so her name is simply Susan M., holding a position of Professional at Private. Looking further down her page we do see that it still lists her position as Chief Security OfficerEquifax.
What Is The Point, Marc?
Would you choose an auto mechanic to perform heart surgery? Would you choose a heart surgeon to tune up your race car? Few of us can be excellent in even one area of life, fewer still can be very good in two areas.
In the coming months, there are sure to be many revelations of where Equifax made painfully poor business decisions. Hiring a skilled musician to fill the role of Chief Security Officer in an organization with the lives of every American at risk? This may meet the qualifications for criminal activity.
While We Are On The Topic
Who is leading security and technology within your organization? What is their educational background? What industry-standard credentials do they hold? How many years of successful experience in the field do they have?
To protect the business network from data harvesting by compromised devices, personal mobile devices should never be attached to the company network. Instead, set up a secondary (or Guest) network for these devices to work on. As the Guest wi-fi is separated from the company network, no damage can occur.
The following are the apps known to contain this malware. If these are found on your Android mobile device, they should be immediately removed:
One of the more malevolent issues with cyber security and privacy is web tracking. There are thousands of businesses whose only job is to monitor everything that you do on the web. With this massive dossier on almost everyone who connects to the web, advertisers, governments, and criminals can know more about you than your mother does.
Although there are several ways to avoid or block such tracking, the easiest and fastest option is by simply installing a browser extension/plug-in called Ghostery (https://www.ghostery.com). With Ghostery installed, you will immediately see who is tracking you, and more importantly, have the tools to block this tracking.
The next release of Practical Paranoia Security Essentials will include a section on Ghostery. A copy of the section is available here.
Cybersecurity is everyone’s business. And nobody is going to be able to ensure your data, identity, and credit security more than you.
This is why the Practical Paranoia Security Essentials (PPSE) courses and workbooks have become the #1 choice for DIY and STEM cybersecurity classes. Each book is a comprehensive course, written for the non-technical computer user, but covering everything a computer professional expects on the topic. GUARANTEED to be the easiest and most-comprehensive books in their category.
PPSE books are available in Kindle, paperback, and now Live online editions. When purchasing your books for class, teachers get free exams, desk copy, PowerPoint presentations, and telephone support from the authors. No other publisher gives you more to ensure the best possible course.
Q: How can I know everything about computer security?
A: The first step to wisdom is recognizing one doesn’t know much of anything.
In the case of Technology, new information is generated geometrically faster than a human can absorb it – even if that is their full-time job. And if you are in Cybersecurity, you already have a full-time job earning a living!
So while desiring to know everything about the topic is an admirable goal, it can never be realized.
If you wish to become an expert in the field, there are some steps you may wish to take:
Earn a BS in computer Science
Earn a MS in Computer science with a specialty in cyber security.
Earn your way through the industry certifications – CASP, CEH, etc. the secondary advantage of earning the degree and certs is that it allows you to get close to others who are leaders in the industry, and to share knowledge with them.
Attend security conferences such as Blackhat where you can learn from experts before the info is even published.
Teach. It’s astounding how much you have to learn when asked questions by students.
Be humble. I doubt any of us know even 0.1% of what is already known in our field. Be open to change perspective, opinion, and stance on a dime when the evidence points in a different direction.
Q: Can the retails shops or any store retrieve our email ID’s with the help of credit card details (I never gave my email address but they send me invoices/receipts to my email address)?
A: Of course! Not that the stores themselves can directly make the connection between your credit card and email address, but there are many companies out there whose sole purpose is to connect the dots from scraps of data to come up with a comprehensive inventory for all that makes you, you.
And this includes your email address, the websites you visit, which ads you click, how much time you spent on each web page, who your friends are, where you use your credit cards, your income, your sexual preferences, you name it.
Install Ghostery on your browser to see all the companies that are tracking you, and block those buggers.
Q: Do we need to use separate VPN services in 1 household?
A: This depends on your preferences, and on the end user license agreement with the VPN services.
If everyone in the household that wants to use the vpn agree on the same service, and that vpn host allows X number of devices to be used, All is good.
But if one person prefers one provider, and another prefers a different provider, or if you have 5 people in the household, but the provider only allows 3 devices, you may need multiple providers.
A possible solution is to choose a provider that is compatible with using their vpn on a router. Once you’ve configured the router for their vpn service, every device in the household gets vpn coverage, and it counts as only one device.
Last week it was revealed that most of the US adult population has had all necessary data stolen from Equifax to make it easy for criminals to steal their identity, take out mortgages, car loans, and get new credit cards in their name.
Recovering from identity theft is an expensive, and 1-2 year process. It is vital to get in front of this issue before it tramples most of us.
The most common areas of identity theft include:
Child ID theft. This level of theft can exist for a decade or more without notice. Once the child becomes an adult, the damage is done and very difficult to recover from.
Credit ID theft. The criminal uses your identity to apply for and get new loans and credit cards.
Tax ID theft. The criminal uses your social security number to file tax returns, of course using their address to send refunds.
Medical ID theft. The criminal uses you identity to get medical services, or to push fraudulent billing.
Social ID theft. The criminal uses your identity information to create fake accounts on social media.
Steps To Take Now
Every person should take the following steps to help prevent identity and credit theft:
Social Security Number. There are very few instances where your SSN is required. Instead, offer only the last 4 digits. Don’t carry your card.
Keep identity data private. When asked for personal identity data (full name, birthdate, bank account, etc.) by unsolicited sources, keep quiet.
Freeze your credit reports. Contact Equifax, TransUnion, Experian, and request a freeze on your credit reports. This prevents anyone from applying for credit in your name.
Secure your mobile devices. All of your mobile devices should have a password, hardware encryption, and erase after 10 failed password attempts. Millions of mobile devices are stolen annually, and each holds the keys to your financial and identity kingdom.
Only use a public wi-fi network when using Virtual Private Network (VPN). I personally recommend always using a VPN, even when on your own network.
Review your credit card and bank statements monthly for unauthorized transactions.
Purchase and use a micro-cut paper shredder for all documents to be trashed that contain financial or personal data. Micro-cut is important to prevent dumpster divers from piecing together the paper jigsaw puzzle.
Store documents with financial and personal information in a safe.
Secure your computers. This includes a professional security audit. It is not enough to just install antivirus and a firewall.
Should you find that your identity or credit has been stolen:
Report the theft to the Federal Trade Commission (FTC) at https://www.identitytheft.gov/, or by phone at 877.438.4338. The FTC will provide a recovery plan where you can track your progress, receive template letter s to submit to creditors.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.