A: Antivirus is only a very small piece of the security and privacy puzzle – it doesn’t specifically protect against hackers. It protects against malware. Some of that malware may be under the control of hackers, some not. With or without antivirus, you still have work to do to protect your data.
A: Yes, otherwise they would not be able to authenticate your password on the next visit.
A quality site will store your password in an encrypted format, so if the site is compromised and the password database accessed, it is if no use. Unfortunately, this is by no means universal.
As a side note… Over 500,000 internet accounts are hacked every day! Because of this, it is vital to protect your data that is stored with online and brick-and-mortar businesses. Not a bad idea to mark your calendar to check every month if any of your accounts have been hacked. This is done by visiting:
These sites monitor such breaches. Their databases overlap, so best to check both.
Every single day my staff and I battle criminals, enemy agents, malware, and wackadoodle ex’s from compromising your security and privacy. I think we do an excellent job of it.
There is, however, a limit as to how much we can do. One of those limits just hit you and me, and in a way that can deeply and profoundly change our lives, and the lives of our family and children for the worse.
Although the federal government – the heads of every US intelligence and counterintelligence agency – confirm that our national and state elections have been, are, and will continue to be influenced illegally by foreign state actors (primarily Russia), our president and the Congressional Republican majority state we are not under any threat. As point of fact, House Republicans have voted down to renew election security funding. Every single Democrat voted for the bill. Every single Republican voted against it. I’m no fan of either party–but when finding oneself under life-threatening attack, perhaps the quote The enemy of my enemy is my friend holds some truth.
To be clear, every single one of our elected Republican representatives, having been advised by every national security leader of a clear and present danger to the US election process, refuse to do anything to thwart this threat. Not only are we under attack from without, this as a clear sign we are under attack from within.
Midterm elections are less than 2 months away. This is our opportunity to stand our ground. If those elected to represent us are failing to protect us and our country, it is our job to elect those who will.
STEPS TO TAKE:
A: Perhaps first we need to define what you mean by “encrypted laptop”.
By my definition, that means the storage device on which all data is contained is encrypted. But there are other items that may be encrypted as well.
FULL DISK ENCRYPTION
If this is what you are referring to, every Mac meets this criterion, as macOS ships with FileVault 2 which provides military-grade AES full disk encryption.
In the case of a Windows machine, if the user upgrades to Windows 10 Pro they have BitLocker, which also provides for full disk encryption. It is best to purchase a Windows computer with a TPM chip to make the encryption process faster and easier.
LOCAL AREA NETWORK
By default, both macOS and Windows communicate on the local area network (LAN) without encryption. However, if communicating with a Windows, macOS, or Linux server with Kerberos active, all communications between the server and client are encrypted.
INTERNET
No computer ships with internet encryption, as that is a service that is managed by a web host. There are literally hundreds of VPN providers available so that you may have encrypted internet communications.
macOS and Windows computers both ship with email software that is able to send and receive encrypted email. The ability to do this really rests on the email service one chooses. The service must support either HTTPS encryption (webmail) or TLS (email client software).
INSTANT MESSAGING
macOS ships with Messages app. Messages provides for end-to-end encrypted instant messages.
Windows does not ship with a fully secure instant messaging app.
There are several 3rd-party apps that provide cross-platform end-to-end encrypted instant messaging. My preference is for Wire.
DOCUMENT ENCRYPTION
Both macOS and Windows can use Microsoft Office. The current versions of Office apps allow you to save their files with AES 256 encryption. That’s as good as it gets.
macOS includes Disk Utility, which can create AES 256 contains to hold files and folders.
Windows 10 Pro includes Encrypting File System (EFS), which can create AES encrypted files and folders.
ETC
There are many other areas of encryption, but almost all fall into the category of internet-hosted service, which is something a computer doesn’t normally ship with, but the user can easily subscribe to.
A. That is water under the bridge. If the stick wasn’t encrypted, it is likely that information will be seen by whoever finds the stick. If you don’t have a backup, the data is lost to you.
Going forward you can protect yourself should this happen again:
A: In order to recover from a ransomware attack:
A: I don’t know if any independently tested, quality antivirus that doesn’t recommend against doing this. For good reason…
When a file/application opens, it is the job of the antivirus app to scan it before anything else (like the system or another antivirus app) gets access to the code. You can see that with more than one antivirus app installed, you have created a conflict – which will scan files first.
You didn’t mention what you are attempting to accomplish. I’ll assume it is better Protection than any one AV brings to the table.
A quality AV will catch perhaps 99.9% of KNOWN malware. Depending on whose stats you choose to believe, there are up to 40,000,000 malware. That would still leave up to 40,000 that NO AV will catch.
The solution is to combine a quality AV with application whitelisting and logging in with a non-administrative account. This will almost entirely eliminate that threat vector.
But don’t worry, there are many other threat vectors still out there – network eavesdropping, email, texting, and other communications sent without end-to-end encryption, zero-day attacks, more.
A: You don’t!
Use a password manager (I personally use LastPass). Have the password manager create the passwords, store the passwords, and auto-enter the passwords for you.
Now you only have to remember:
Problem solved!
Smartphones from 11 OEMs are found vulnerable to attacks via hidden AT commands.
In massive and groundbreaking research, a team of eleven scientists from the University of Florida, Stony Brook University, and Samsung Research America, have looked into what types of AT commands are currently supported on modern Android devices.
The research team analyzed over 2,000 Android firmware images from eleven Android OEMs such as ASUS, Google, HTC, Huawei, Lenovo, LG, LineageOS, Motorola, Samsung, Sony, and ZTE.
They say they discovered that these devices support over 3,500 different types of AT commands, some of which grant access to very dangerous functions.
These AT commands are all exposed via the phone’s USB interface, meaning an attacker would have to either gain access to a user’s device, or hide a malicious component inside USB docks, chargers, or charging stations.
Once an attacker is connected via the USB to a target’s phone, he can use one of the phone’s secret AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, or even inject touch events solely through the use of AT commands.
In the happiest cases, these AT commands are only available only when the phone’s USB debugging function has been enabled, but researchers said they found many devices where attackers had direct access to AT commands, even if the phone had entered a locked state.
“In many cases, these commands are completely undocumented,” said Kevin Butler, an associate professor in the University of Florida Herbert Wertheim College of Engineering and a member of the research team, revealing that an OEM’s documentation doesn’t even mention their presence.
Originally published on Bleeping Computer: https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/
A: You, personally, do not have either the tools or the legal footing to do so. That said, law enforcement does have the tools (at least the tools to get your ISP to assist with linking IP address with individual computers). It is still required to get the legal footing to start such a project.
It is doubtful you will get the assistance of law enforcement for something as “trivial” (I know, it’s not trivial to you) as someone attempting to access your home security, but it can’t hurt approach them.
Ultimately, it will require coordination with law enforcement, your ISP, and the ISP of the attacker to isolate who this may be.
Perhaps a better plan of action is to ensure all possible security protocols are in place for your home security system, thereby greatly reducing the possibility of penetration. Not knowing your security system, at a minimum, this would include:
A: There is very little reason you should trust a VPN provider with your internet privacy. The vast majority of VPN providers are operating on the other side of ethics, or are outright criminal organizations.
On the other hand, why should you trust anyone (priests come to mind, as do politicians, police, used car dealers, your wackadoodle ex, etc.)?
But you can do your due diligence. Research reviews, BBB records, how long they have been in business, etc. My current VPN favorite is NordVPN.com.
A: That balance already exists.
Any weakening of cybersecurity for anyone, weakens cybersecurity for everyone.
You cannot put the genie back in the bottle and eliminate AES 256 and all other end-to-end encryption.
So, it remains the eternal cat and mouse game. Encryption gets better. Law enforcement skills of hacking and investigation gets better.
Or as Benjamin Franklin said best:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
A: There are conflicting opinions regarding this within the IT security field. Here is my recommendation:
A: First, what is the evidence that your account was compromised? More often than not, when a client comes to me saying they have been compromised, it is either a bug or misunderstanding of how something works.
If in fact the account was compromised, how strict is your compliance with Google privacy settings?
Next, how is your compliance with system security:
It would be extremely unlikely for your account to be compromised if the above was followed.
A new attack vector named VORACLE can recover HTTP traffic that is sent via encrypted VPN connections under certain conditions. The conditions appear to be:
Our recommendation is to not use OpenVPN. Instead, use the IKEv2 encryption protocol. If your VPN provider does not support IKEv2, change providers. My current favorite is NordVPN.
More information can be found on Bleeping Computer.
Trump has one-by-one been dismantling the leadership of the FBI. Now he is doing the same with the CIA. This outrageous action is taking place without a single Republican leader speaking out against it.
Note that John Brennan doesn’t just call up the CIA and say, “Hey I want to be briefed on ‘this’ or ‘that'”.
It is the CIA that Brennan when they need his help and experience in securing our nation.
Trump did not attack Brennan. Trump attacked the United States of America.
Think upon this come November 6, 2018.
Think upon this whenever your own, your family, your organization security and privacy concerns come to mind.
“I do believe Mr. Trump decided to take action, as he’s done with others, to intimidate and suppress any criticism of him or his administration. .. This is not going to deter me at all. I’m going to continue to speak out. ..I’ve seen this type of behavior and actions on the part of foreign tyrants and despots and autocrats for many years during my CIA and National Security careers. I’ve never ever thought I would see it hears in the United States. I believe that all Americans really need ot take stock of what is happening right now in our government and how abnormal and how irresponsible and how dangerous these actions are.”
– John O. Brennan, Former CIA Director
Full video of the interview may be found at: https://www.msnbc.com/deadline-white-house/watch/fmr-cia-director-john-brennan-this-is-an-abuse-of-power-1299737667897?v=railb
As reported in an AP Exclusive, Google wants to monetize your data so badly, that for Android devices and iPhone users of Google Maps, Google Chrome, Google Search, and possibly other apps, even when Location Tracking is turned off, Google is still capturing your location information.
To see if Google is tracking your location, visit https://myactivity.google.com.
PREVENT TRACKING
Any Device
iOS
Set Google Maps to Inactive when not in use:
Set Search Engine to DuckDuckGo
Disable Location Tracking:
Android
DELETE PAST LOCATION TRACKING
Any Device
Parted Magic
$13.00
Coming Soon!
$0.00
Coming Soon!
$0.00
Coming Soon!
$0.00
