A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

DEFENSIVE COMPUTING IN THE NEWS

FEBRUARY 2023

February 3, 2023: Retirees Are Losing Their Life Savings to Romance Scams. Here's What to Know by Emily Schmall in the New York Times. Con artists are using dating sites to prey on older lonely people, in a pattern that accelerated during the isolation of the pandemic. Older people are more susceptible to romance scams because they usually have more money than younger people. In an example in the article, gift cards were used to transfer money from the victim to the bad guys. Gift cards are a classic pattern in scams. If an older person refuse to accept the fact that they have been scammed, family members can file an emergency petition for temporary guardianship and ask a judge to issue an order that will immediately freeze bank accounts.

February 3, 2023: Until further notice, think twice before using Google to download software by Dan Goodin for Ars Technica. Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous. "Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird." The Domain Name Rules page on this site shows how to recognize scam domain names. Not said in the article is that this can not affect iOS and Android which have their own app stores. This only affects ancient operating systems without an app store: Windows and macOS. The article also does not offer the obvious defense of blocking ads, probably because Ars Technica relies on ads itself.

February 3, 2023: Part of Defensive Computing is picking good companies to deal with. In that light: Charter's $7 Billion Penalty For Murdering An Elderly Customer Reduced To $262 Million by Karl Bode for Tech Dirt. Paraphrasing: In August 2022 Charter Communications (Spectrum) was slapped with a $7 billion lawsuit after one of their cable technicians murdered an 83-year-old customer. The lawsuit claims that Charter had eliminated a more rigorous screening process when they merged with Time Warner Cable, letting the employee and his history slip through the cracks. A jury later reduced the amount to $1.1 billion. This week, Charter settled with the family for $262 million, all of which will be covered by insurance. Worse yet: the court found that Charter had forged documents to try and force the family out of the court system and into binding arbitration. Why? In arbitration, the results would have been secret and damages would have been limited to the amount of the victims cable bill. Let me repeat: forged documents.

February 1, 2023: More pig butchering scams in the news (see also a story from September 2022 below). Pig-butchering scam apps sneak into Apple's App Store and Google Play by Dan Goodin for Ars Technica. Quoting: "In the past year, a new term has arisen to describe an online scam raking in millions, if not billions, of dollars per year. It's called 'pig butchering,' and now even Apple is getting fooled into participating. Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams.". Pig butchering scams employ a combination of apps, websites and people to build trust with a victim over an extended period of time. Eventually, the discussion turn to investments that the scammer claims to have earned huge sums of money from and the victim is invited to participate. The victims are often well-educated, some with PhDs. In part these scams work because of the length of the engagement the scammers have with the victims. One ruse to show that the scam investment is legit is when the bad guys let the victim withdraw some of their money.

JANUARY 2023

January 31, 2023: Can we trust Anker Eufy security cameras? Read this and decide for yourself: Anker finally comes clean about its Eufy security cameras by Sean Hollister for The Verge. Quoting: "First, Anker told us it was impossible. Then, it covered its tracks. It repeatedly deflected while utterly ignoring our emails. So shortly before Christmas, we gave the company an ultimatum: if Anker wouldn't answer why its supposedly always-encrypted Eufy cameras were producing unencrypted streams - among other questions - we would publish a story about the company’s lack of answers. It worked. In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted - they can and did produce unencrypted video streams for Eufy’s web portal ... ".

January 25, 2023: Well done, Poland. Artemis – CERT Polska verifies the cybersecurity of Polish organizations From CERT Polska about their Artemis system that scans the Polish internet for bugs, old software and configuration errors and then notifies resource owners. They are scanning Polish schools, hospitals, research institutes, universities and local government units. And, they are finding lots of bad stuff. Good for Poland. Too bad, the United States does not do this. i think the Dutch do something similar.

January 23, 2023: Hackers often use this clever trick to take you to phishing sites - can you spot it? by Anthony Spadafora for Toms Guide. About spoofed URLs that look very similar to legitimate ones. These are homograph attacks. The article has an example of a scam www.citibank.com domain and I could not spot the difference. It looked legit to me. More about this on the Domain Name rules page.

January 22, 2023: How to Encrypt any File, Folder, or Drive on Your System by David Nield for Wired. Covers encryption software built into Windows and macOS. Also covers VeraCrypt.

January 16, 2023: All the Data Apple Collects About You - and How to Limit It by Matt Burgess in Wired. "Apple's business model is shifting ... it has recently pushed to boost its profits by increasing its services, such as subscriptions to Apple Music, iCloud, and Apple TV. And its advertising business is quickly growing. As a result, Apple's users are starting to see more ads inside some of Apple’s apps." There is not much in the way of defense in the article, a couple system wide settings that are already on the iOS page here.

January 5, 2023. Twitters blue verification is still a scam. Twitter said it fixed 'verification.' So I impersonated a senator (again). by Geoffrey A. Fowler for the Washington Post. Elon Musk said Twitter would begin authenticating users who pay $8 for Blue. Not true.

DECEMBER 2022

December 28, 2022. 6 easy fixes to avoid tech headaches in 2023 by Heather Kelly for the Washington Post. Quoting: "The most common issues we heard this year were about being tricked. Whether it was by hackers taking over Facebook accounts or scammers asking for money on the phone." As expected, the article pushes password managers, but it does also suggest a simple notebook which is the right solution for many people. Topics in the article: Lower your chances of getting hacked and scammed, Prepare for your death, Prepare for the death of your devices, Have the big tech talks with your kids, Set up older family members for success and Lock down your privacy online.

December 22, 2022. Why You Need To Be Careful When Buying a Used Mac by Gary Rosenzweig of MacMost.com. A long article/video, well worth your time. Some points raised: online used Mac sales have been overrun by scammers. The most risk is at Craig's List, E-bay, Facebook, or Next Door. It is common for used Macs to have been stolen. In that case, it may be locked down and not usable. Macs can be locked down in a variety of ways. Macs get new operating systems for about five years after they come out. Then they only get security support for two more years. The battery may be worn down. You may over pay for it. The Apple Refurb Store will not save you much money but you will get a fair recent model. Tips on what to do first with a used Mac.

November 14, 2022 (first published), updated Dec 20, 2022. How millions of phones get early notice of California’s biggest quakes by Geoffrey A. Fowler in the Washington Post. About a system called ShakeAlert, developed by the U.S. Geological Survey and partners. Typical warning is up to 20 seconds before the shaking. The system is now operating in California, Oregon and Washington state. Android is better than an iPhone in this regard. Google added ShakeAlert to Android in 2020. Of course the phone has to know your location and must have Emergency Notifications enabled. I found this impossible to understand as searching Android 13 Settings for "emergency" produced 932 results. Which ones matter? Dunno. On iOS you have to install an app and fight with the OS so it always knows where you are. Two apps mentioned in the article are MyShake, from the University of California at Berkeley and QuakeAlertUSA from Early Warning Labs.

SEPTEMBER 2022

September 19, 2022. What's a Pig Butchering Scam? Here's How to Avoid Falling Victim to One. by Cezary Podkul for Pro Publica. Quoting: "If you're like most people, you’ve received a text or chat message in recent months from a stranger with an attractive profile photograph. It might open with a simple 'Hi' or what seems like good-natured confusion about why your phone number seems to be in the person’s address book. But these messages are often far from accidental: They are the first step in a process intended to steer you from a friendly chat to an online investment to, ultimately, watching your money disappear into the account of a fraudster. 'Pig butchering,' as the technique is known - the phrase alludes to the practice of fattening a hog before slaughter ... went global during the pandemic. Today criminal syndicates target people around the world ... "

 

 This page: 11 views per day (over 42 days)   Total views: 477   Created: December 27, 2022
This Page
Last Updated

February 6, 2023
Total Site
Page Views

 537,168
Site Page
Views Today

  1,519
Previous
Website View

31 seconds ago
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2023