Posted on

Are You Ready for iOS 11?


iOS 11 has just been released. Are you and your company prepared to secure your device, data, network, and identity when it arrives on your iPhones and iPads?

Practical Paranoia iOS 11 Security Essentials is the go-to guide to fully securing the home and business mobile devices. Written for the non-technical user, while covering everything expected of the IT professional. We have eliminated all of the technobabble, and included easy, step-by-step illustrated guides for every area of security for your device.

Available now in paperbackKindle, and our new Live! Online editions.

Download QuickLook.

Practical Paranoia iOS 11

Posted on

Android Go Keyboard App Found Spying on 200M Users

Android malware


As reported in betanews September 21, 2017 the very popular Android Go Keyboard app (200 million installations) is sending personal information about users to remote servers. Making matters potentially worse is that the app is using a technique to download dangerous executable code that is prohibited by Google. Oh, and did I mention this is a Chinese developer?

There are two versions of the app on Google Play–GO Keyboard, Swipe input, GIFS, and GO keyboard – Emoticon keyboard, Free Theme, GIF.

It is strongly recommended to uninstall both of these apps immediately.

Posted on

Are You Ready For High Sierra?


macOS 10.13 (High Sierra) release is just a few days away. Are you or your company prepared to secure your data and identity when it arrives on your Macs?

Practical Paranoia macOS 10.13 Security Essentials is the go-to guide to fully securing the home and business Macintosh computer. Written for the non-technical user, while covering everything expected of the IT professional. We have eliminated all of the technobabble, and included easy, step-by-step illustrated guides for every area of security for your computer.

Available now in paperback, Kindle, and our new Live! Online editions.

Download QuickLook.

Practical Paranoia macOS 10.13 Security Essentials

Posted on

Q: Can My Company Read My Email?

Q: If the attorney at my office reads (Outlook) emails, where is he reading them from, an archive? Will he have access to sent email if both parties permanently delete it right away?

A: The issue is a bit deeper than may initially appear.

Assuming this is company email, it has been determined by the US court system that it is the property of the company, not the employee. This means the company has full ownership over not only the mail system, but anything and everything that you may send/receive via this system. They also have the right, and in many cases, the responsibility, to audit how the system is being used. This includes reading both sent and received email and attachments.

This is not typically done by the company attorney, but someone in the IT department. Often the Chief Information and Security Officer or one of their assistants.

If the email system is implemented well, even when you have deleted an email, it is only deleted from your eyes. The administrator will have full access to any deleted email. This is a legal requirement in HIPAA covered entities (healthcare providers) and SEC covered businesses (financial organizations). This is not from an archive, but a security vault that is built into the email system.

As an aside, the same is true for everything you do and store on your computer.

It is a wise practice to only do business on business computers and network. I recommend to my clients that even employee personal phones not be allowed on the company network. This is a security precaution, as there is no way to know the integrity of the personal mobile device. If it has become compromised, it can easily harvest data from the company network, and transmit this data to the penetrator.

Posted on

Q: Is There Any Point To Being Careful With Your Personal Information?


A: When you leave your house, I assume you lock all of the doors, close all the windows. This is despite the fact that every day thousands of homes are broken into by throwing a rock through a window, picking a lock, knocking down the door, or driving a car through a wall.

Or how about when your body becomes ill. Do you simply throw up your hands and say well, death will come to me at some point, might as well give up now. Or, do you see your doctor and get treated?

Everything in life is a cat and mouse game. Don’t give up just because the chase is on. For some of us, this adds some interest or excitement to the game.

It is important to continue your security and privacy protection in all that you do. Both in the analog as well as the digital world.

Posted on

Q: How Many Simultaneous Users Can A Single Access Point Support?


A: This varies by device model.

Some low-end units can only support 10 concurrent connections. Mid-range consumer units around 50. Prosumer models such as the Asus RT-AC5300 can have a bit more than 200. Once you move up to professional model – such as Cisco – they can at least in theory support a few thousand.

Posted on

Q: Which OS Will make My Laptop Last Longer


A: I hope you will forgive that I am side-stepping your question, as I think it is the wrong question.

Computers are tools. The purpose of a tool is to extend or expand your reach, power, speed, capabilities, so that you can do things you could not otherwise do.

If your tool costs you $1,000, and makes you $1,000,000 in a year that you could not have otherwise realized, do you really care that the tool lived only a year and a day?

So, again, the question isn’t which OS will make your laptop last longer, a more appropriate question is which OS (and hardware) can make you last longer, jump higher, and run faster.

The answer to that question is different depending on your computing skills, resources, and what you are interested in accomplishing. In my own personal case, I’ve worked on everything from IBM 360 mainframes to macOS. I’ve made more money, gained greater industry recognition, and do more interesting things with macOS than with any other OS. But most of those I work with would say the same thing about Linux or Windows.

Original post:

Posted on

Q: How to collaborate securely using iPhone or Android


The easy answer is to use Google Drive with Google Docs (doc, sheet, etc.) Google maintains encryption in transit and at rest, and multiple users can work on the same document at the same time.

Original Post:

Posted on

Practical Paranoia macOS (all versions) Update: Internet Activity & Social Media

Facebook and LinkedIn


There have been very significant recent changes in the VPN field, as well as how Facebook and LinkedIn work to help ensure your security and privacy. Practical Paranoia macOS 10.13 Security Essentials (released 9/18/2017) has been fully updated to reflect these changes.

If you are using earlier versions of the book, you may download the updated chapters here.

Practical Paranoia macOS 10.13 Internet Activity & Social Media v1 201709017

workshops and training

Posted on

Credit Karma To Launch Free ID Monitoring


Reuters announced on 20170915 ( that in light of the Equifax fiasco, they are accelerating a new service to provide free identity monitoring. This service will now be available in October 2017.

Credit Karma is one of the largest credit monitoring services. Together with the new identity monitoring, it provides an excellent option to continuously track the two areas likely to be compromised – for free.

To sign up for the free Credit Karma credit monitoring, and to be notified of the free identity monitoring service, visit

Credit Karma credit and identity monitoring

Posted on

How To Destroy A Company The Equifax Way


As reported in MarketWatch 20170915 (, Equifax CEO Richard Smith was responsible for hiring Susan Mauldin as the company Chief Security Officer.

But just 60 seconds of research finds that Ms. Mauldin has no education credentials in the technology or cybersecurity fields. Instead, she holds BA and MA in music composition. These are fine educational backgrounds for creative positions. But perhaps not so fine when the identity and credit of every US citizen is dependent on the responsible management of technology and cybersecurity.

Since this revelation, Ms. Mauldin’s LinkedIn page ( has been changed so her name is simply Susan M., holding a position of Professional at Private. Looking further down her page we do see that it still lists her position as Chief Security Officer Equifax.

Susan Mauldin LinkedIn page
Susan Mauldin LinkedIn page


What Is The Point, Marc?

Would you choose an auto mechanic to perform heart surgery? Would you choose a heart surgeon to tune up your race car? Few of us can be excellent in even one area of life, fewer still can be very good in two areas.

In the coming months, there are sure to be many revelations of where Equifax made painfully poor business decisions. Hiring a skilled musician to fill the role of Chief Security Officer in an organization with the lives of every American at risk? This may meet the qualifications for criminal activity.

While We Are On The Topic

Who is leading security and technology within your organization? What is their educational background? What industry-standard credentials do they hold? How many years of successful experience in the field do they have?

Posted on

One More Reason Why You MUST Have Android Anti-Virus

Android malware


As reported by Check Point 20170914 <>, they have recently discovered at least 50 apps on Google Play that are malicious. These apps have been downloaded on up to 4.2 million Android mobile devices before taken down from Google Play.

This malware has been dubbed ExpensiveWall. It is a variation on a malware found earlier this year on Google. In total, up to 21 million systems have been compromised by this family.

The malware registers the victim to premium services without notification and sends fraudulent premium SMS messages. All of this is charged to their accounts.

How to Protect Your Android Mobile Device

It is vital that every Android mobile device is protected with a quality, independently-tested anti-virus utility. Our current recommendation is Bitdefender <>, available from Google Play.

To protect the business network from data harvesting by compromised devices, personal mobile devices should never be attached to the company network. Instead, set up a secondary (or Guest) network for these devices to work on. As the Guest wi-fi is separated from the company network, no damage can occur.

Malicious Apps

The following are the apps known to contain this malware. If these are found on your Android mobile device, they should be immediately removed:

  • I Love Filter
  • Tool Box Pro
  • Horoscope
  • X Wallpaper Pro
  • Beautiful Camera
  • Color Camera
  • Love Photo
  • Tide Camera
  • Charming Camera
  • Horoscope
  • DIY Your Scope
  • Ringtone
  • Safe Locker
  • Wifi Booster
  • Cool Desktop
  • Useful Cube
  • Tool Box Pro
  • useful Desktop
  • Horoscope2.0
  • Yes Star
  • Shiny Camera
  • Simple Camera
  • Smiling Camera
  • Universal Camera
  • Amazing Toolbox
  • Easy Capture
  • Memory Doctor
  • Tool Box Pro
  • Reborn Beauty
  • Joy Photo
  • Fancy Camera
  • Amazing Photo
  • Amazing Camera
  • Super Wallpaper
  • DD Player
  • Fascinating Camera
  • Universal Camera
  • Cream Camera
  • Looking Camera
  • DD Weather
  • Global Weather
  • Love Fitness
  • Pretty Pictures
  • Cool Wallpapers
  • Beauty Camera
  • Love Locker
  • Real Star
  • Magic Camera
  • Wonder Camera
  • Funny Camera
  • Easy Camera
  • Smart Keyboard
  • Travel Camera
  • Photo Warp
  • Lovely Wallpaper
  • Lattice Camera
  • Quick Charger
  • Up Camera
  • Photo Power
  • HDwallpaper
  • Wonderful Games
  • BL File Manager
  • Wallpapers HD
  • Beautiful Video-Edit your Memory
  • Wonderful Cam
  • Useful Cube
  • Ringtone
  • Exciting Games
  • Replica Adventure
  • GG Player
  • Love Camera
  • Oneshot Beautify
  • Pretty Camera
  • CuteCamera
  • CartoonCamera-stylish, clean
  • Art Camera
  • Amazing Video
  • Fine Photo
  • Infinity Safe
  • Magical Horoscope
  • Toolbox
  • Cute Belle
  • CartoonWallpaper
  • Best Camera
  • Colorful Locker
  • Light Keyboard
  • Safe Privacy
  • Enjoy Wallpaper
  • File manager
  • Fancy Locker
  • Cute Puzzle
  • smile Keyboard
  • Vitality Camera
  • Sec Transfer
  • Lock Now
  • Magic Filter
  • Funny Video
  • Amazing Gamebox
  • Super Locker
  • Music Player
Posted on

Block Web Trackers With Ghostery


One of the more malevolent issues with cyber security and privacy is web tracking. There are thousands of businesses whose only job is to monitor everything that you do on the web. With this massive dossier on almost everyone who connects to the web, advertisers, governments, and criminals can know more about you than your mother does.

Although there are several ways to avoid or block such tracking, the easiest and fastest option is by simply installing a browser extension/plug-in called Ghostery ( With Ghostery installed, you will immediately see who is tracking you, and more importantly, have the tools to block this tracking.

The next release of Practical Paranoia Security Essentials will include a section on Ghostery. A copy of the section is available here.

Practical Paranoia Ghostery

Posted on

TPP Is All About Making Your STEM Course Its Best

TPP Is All About Making Your STEM Course Its Best

Cybersecurity is everyone’s business. And nobody is going to be able to ensure your data, identity, and credit security more than you.

This is why the Practical Paranoia Security Essentials (PPSE) courses and workbooks have become the #1 choice for DIY and STEM cybersecurity classes. Each book is a comprehensive course, written for the non-technical computer user, but covering everything a computer professional expects on the topic. GUARANTEED to be the easiest and most-comprehensive books in their category.

PPSE books are available in Kindle, paperback, and now Live online editions. When purchasing your books for class, teachers get free exams, desk copy, PowerPoint presentations, and telephone support from the authors. No other publisher gives you more to ensure the best possible course.

For more information, or to order your books, visit, or call (888) 504-5591.

Posted on

Q: Are all iMessages encrypted end-to-end, on every phone provider plan?

Q: Are all iMessages encrypted end-to-end, on every phone provider plan?

A: If sending from iMessage to iMessage, it is encrypted point to point. However, Apple holds a master key, and is able to read all iMessages.

It was recently reported that Apple does archive iMessages for between 1–3 months.

For true point to point encrypted messaging, without a middleman able to recover your messages, I recommend

Posted on

Q: How can I know everything about computer security?

Q: How can I know everything about computer security?

A: The first step to wisdom is recognizing one doesn’t know much of anything.

In the case of Technology, new information is generated geometrically faster than a human can absorb it – even if that is their full-time job. And if you are in Cybersecurity, you already have a full-time job earning a living!

So while desiring to know everything about the topic is an admirable goal, it can never be realized.

If you wish to become an expert in the field, there are some steps you may wish to take:

  • Earn a BS in computer Science
  • Earn a MS in Computer science with a specialty in cyber security.
  • Earn your way through the industry certifications – CASP, CEH, etc. the secondary advantage of earning the degree and certs is that it allows you to get close to others who are leaders in the industry, and to share knowledge with them.
  • Attend security conferences such as Blackhat where you can learn from experts before the info is even published.
  • Teach. It’s astounding how much you have to learn when asked questions by students.
  • Be humble. I doubt any of us know even 0.1% of what is already known in our field. Be open to change perspective, opinion, and stance on a dime when the evidence points in a different direction.

Original Post:

Posted on

Q: Can the retails shops or any store retrieve our email ID’s with the help of credit card details (I never gave my email address but they send me invoices/receipts to my email address)?

Q: Can the retails shops or any store retrieve our email ID’s with the help of credit card details (I never gave my email address but they send me invoices/receipts to my email address)?

A: Of course! Not that the stores themselves can directly make the connection between your credit card and email address, but there are many companies out there whose sole purpose is to connect the dots from scraps of data to come up with a comprehensive inventory for all that makes you, you.

And this includes your email address, the websites you visit, which ads you click, how much time you spent on each web page, who your friends are, where you use your credit cards, your income, your sexual preferences, you name it.

Install Ghostery on your browser to see all the companies that are tracking you, and block those buggers.


Original Post:

Posted on

Q: Do we need to use separate VPN services in 1 household?

Q: Do we need to use separate VPN services in 1 household?

A: This depends on your preferences, and on the end user license agreement with the VPN services.

If everyone in the household that wants to use the vpn agree on the same service, and that vpn host allows X number of devices to be used, All is good.

But if one person prefers one provider, and another prefers a different provider, or if you have 5 people in the household, but the provider only allows 3 devices, you may need multiple providers.

A possible solution is to choose a provider that is compatible with using their vpn on a router. Once you’ve configured the router for their vpn service, every device in the household gets vpn coverage, and it counts as only one device.

Posted on

Q: Are my files safe on OneDrive, or should I encrypt them before I upload them?

Q: Are my files safe on Cloud storage, or should I encrypt them before I upload them?

A: The files are safe from most criminals, and internal corporate spy’s.

But not safe from from the cloud support staff, nor government troublemakers. All these folks have keys to read your data.

To block everyone, you need to aes256 encrypt individual files or folders with something like veracrypt ( or Virtru (


Original post


Posted on

Next Steps To Avoid Identity Theft


Last week it was revealed that most of the US adult population has had all necessary data stolen from Equifax to make it easy for criminals to steal their identity, take out mortgages, car loans, and get new credit cards in their name.

Recovering from identity theft is an expensive, and 1-2 year process. It is vital to get in front of this issue before it tramples most of us.

Theft Areas

The most common areas of identity theft include:

  • Child ID theft. This level of theft can exist for a decade or more without notice. Once the child becomes an adult, the damage is done and very difficult to recover from.
  • Credit ID theft. The criminal uses your identity to apply for and get new loans and credit cards.
  • Tax ID theft. The criminal uses your social security number to file tax returns, of course using their address to send refunds.
  • Medical ID theft. The criminal uses you identity to get medical services, or to push fraudulent billing.
  • Social ID theft. The criminal uses your identity information to create fake accounts on social media.

Steps To Take Now

Every person should take the following steps to help prevent identity and credit theft:

  • Social Security Number. There are very few instances where your SSN is required. Instead, offer only the last 4 digits. Don’t carry your card.
  • Keep identity data private. When asked for personal identity data (full name, birthdate, bank account, etc.) by unsolicited sources, keep quiet.
  • Freeze your credit reports. Contact Equifax, TransUnion, Experian, and request a freeze on your credit reports. This prevents anyone from applying for credit in your name.
  • Secure your mobile devices. All of your mobile devices should have a password, hardware encryption, and erase after 10 failed password attempts. Millions of mobile devices are stolen annually, and each holds the keys to your financial and identity kingdom.
  • Only use a public wi-fi network when using Virtual Private Network (VPN). I personally recommend always using a VPN, even when on your own network.
  • Review your credit card and bank statements monthly for unauthorized transactions.
  • Purchase and use a micro-cut paper shredder for all documents to be trashed that contain financial or personal data. Micro-cut is important to prevent dumpster divers from piecing together the paper jigsaw puzzle.
  • Store documents with financial and personal information in a safe.
  • Secure your computers. This includes a professional security audit. It is not enough to just install antivirus and a firewall.
  • Use strong passwords (minimum 15 characters).
  • Use different passwords for each site.
  • Review your credit report at least yearly. This can be ordered from

Reporting Theft

Should you find that your identity or credit has been stolen:

Need More Information?