A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

DEFENSIVE COMPUTING IN THE NEWS

January 2025

January 17, 2025: How to Recover When You Lose Everything Traveling by Leo A. Notenboom. A very thought provoking article.

December 2024

December 15, 2024: The Trouble With Searching Google for 'the Best' by Andrea Fuller for the Wall Street Journal. Sub-head: Shopping sites tout five stars. No. 1 rankings. Media endorsements. But how do you know what’s real? One lesson here is that ads are often fraudulent. To deal with this, see the web browser page here about installing uBlock Origin to block most ads. Also, avoid Snapbuy.us, Snapbuy.net and product-reports.org. One give-away that a site is a scam is the lack of contact information. Be aware that Trustpilot lets people review companies, not products. Finally, if something says "as seen on", verify this by Googling for the product along with "site:reallyhereormaybenot.com".

December 3, 2024: Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud from the FBI. Alert Number: I-120324-PSA. Quoting: "Generative AI reduces the time and effort criminals must expend to deceive their targets. Generative AI takes what it has learned from examples input by a user and synthesizes something entirely new based on that information. These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud." This has an overview of many different approaches used by bad guys in scams. Also, defensive steps.

December 4, 2024: US recommends encrypted messaging as Chinese hackers linger in telecom networks by Jon Brodkin for Ars Technica. "A US government security official urged Americans to use encrypted messaging as major telecom companies struggle to evict Chinese hackers from their networks." There is a page on this site about Secure Messaging apps.

December 4, 2024: A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections by Lily Hay Newman for Wired. About new high end anti-spyware software from iVerify. Their "Mobile Threat Hunting" feature was first released in May 2024. They just released a report on the first 2,500 devices that were scanned and 7 were infected with malware known as Pegasus from the NSO Group. The software uses three approaches: signatures, heuristics, and machine learning. It works on both iOS and Android. Their app costs $1 and lets you generate a file with a profile of your mobile device. You send this file to iVerify for scanning and you can send one file a month. Pay more, and the app regularly checks for spyware. The article fails to say that iVerify has both a Basic and EDR app on each mobile OS, let alone what the difference is. It also fails to say that no one is using the software at all, judging by both user ratings and the number of downloads.

November 2024

November 24, 2024: These alternatives to popular apps can help reclaim your online life from billionaires and surveillance by Zack Whittaker and Devin Coldewey for Techcrunch. Some of the suggestions are Joplin and Notesnook keep notes and scribbles encrypted, Ente for encrypted photo backups and Stirling PDF which is a one-stop PDF editing shop.

November 21, 2024: I Don't Own a Cellphone. Can This Privacy-Focused Network Change That? by Joseph Cox of 404 Media. A small tech company called Cape has been selling a privacy-focused cellphone service to the U.S. military. Now Cape will be offering its product to high-risk members of the public. This service is only for people with extraordinary needs for privacy and it requires a dedicated phone. In the future, they will offer a service that can be used on any phone but will not have nearly the privacy protection of the current service. Cape is an MVNO (think Google Fi and Mint Mobile) that uses UScellular's infrastructure.

November 12, 2024: The WIRED Guide to Protecting Yourself From Government Surveillance by Andy Greenberg and Lily Hay Newman. Not a very good article. Touches too many bases in too little detail to be of much use. The topic of secure communications fails to mention a Chromebook in Guest Mode using secure webmail, so I am not impressed.

November 3, 2024: You're overexposed online. This service fixes 223 privacy settings for you. Geoffrey A. Fowler for the Washington Post. The article is about an extension/service from a startup called Block Party. It is available on the Windows, macOS and Linux versions of Chrome, Firefox, and Edge. It works on the websites of Facebook, Instagram, Google, YouTube, X, LinkedIn, Reddit, Strava and Venmo. For these 9 companies, it reviews your privacy settings, recommends changes and can make the changes for you. There is a 7 day trial, after which the service is $20/year. I would add to the article that you might want to disable the extension when you are not using it. Quoting: "I thought I had my Facebook, Google, Instagram, X, Venmo and LinkedIn on privacy lockdown. Then I got terrified by a new service called Block Party. It scans nine critical apps for 223 privacy, security and other settings. Again and again, Block Party found problems with how I'd set up my accounts that left me exposed ... Tech companies want to collect as much of your data as possible, and, often, to share it widely. So they present privacy and other settings with so many confusing knobs and buttons that it feels like flying a 747. There are 44 different privacy settings on Facebook alone. Worse, apps move around settings - and keep adding new ones that find more ways to exploit your personal data."

October 2024

October 15, 204: Five ways to stop companies from using your data in new ways by Shira Ovide for the Washington Post. The article has instructions for PayPal no using your spending behavior to target ads and for both Meta and LinkedIn to not use your posts to train their AI. Also suggests using these browsers: Safari, Firefox, Brave and the Tor Browser. Links to another article with many changes to privacy settings.

September 2024

September 8, 2024: Scams are getting more sophisticated. Anyone using Gmail should read this: Gmail Account Takeover: Super Realistic AI Scam Call by Sam Mitrovic.

September 12, 2024: Another good Notenboom article: 7 Signs of Phishing to Watch For - Don’t be fooled by Leo A. Notenboom

August 2024

August 28, 2024: Protect Yourself From Online Scams by Leo A. Notenboom Good article.

July 2024

July 19, 2024: How to find lost gadgets (and avoid losing them) by Jared Newman for PC World. Lots of information.

June 2024

June 28, 2024: Is that app sketchy? Here are 3 easy ways to check. by Shira Ovide for the Washington Post. You could spend your remaining days reading privacy policies. Or take just a few minutes to do these checks for red flags.

June 23, 2024: Risk of getting malicious extension from Chrome store way worse than Google's letting on, study suggests by Thomas Claburn for The Register. Three academic researchers published a paper about Chrome Web Store data that suggest the risk posed by browser extensions is far greater than Google admits to. Google uses a convenient definition of "bad" when discussing bad extensions. The researchers use a more accurate definition. They found that over 346 million users installed a bad extension in the last three years (280 million malware, 63 million policy violation, and 3 million vulnerable to know bugs.

Paypal is a shit company. Word to the wise.

April 2024

Scams are everywhere: Welcome to Scam World by Steven Kurutz for the New York Times. April 21, 2024.

Backup your phone: The Basics of Smartphone Backups by J. D. Biersdorfer for the New York Times. April 17, 2024.

March 2024

March 26, 2024: 6 ways to protect yourself from getting scammed online, by phone, or IRL by Jack Wallen for ZDNet. The suggestions are: Be suspicious of emails and messages, Check links before you click them, If it sounds too good to be true..., Know how organizations contact you, Let unknown phone calls go to voice mail and Be leery of people asking for payments. Ironically, the two comments to this article appear to be scams also. The article has a big mistake, it says "... do[] a quick Google search to check that email.facebook.com is actually owned by Facebook" which shows that the author has no idea how domain names work.

March 21, 2024: 6 Steps to Dealing With Phone Spam by Leo A. Notenboom. Suggestions in the article: register with the Do Not Call list (US only), do not answer unknown calls or texts, use your phone or carrier's spam-marking features, maybe use call-blocking apps.

March 1, 2024: Outlook is Microsoft's new data collection service. A blog posting by Edward Komenda for Proton. Initially published Jan 5, 2024. "With Microsoft's rollout of the new Outlook for Windows, it appears the company has transformed its email app into a surveillance tool for targeted advertising." Microsoft shares your data with 801 third parties.

FEBRUARY 2024

February 29, 2024: These Video Doorbells Have Terrible Security. Amazon Sells Them Anyway. by Stacey Higginbotham and Daniel Wroclawski of Consumer Reports. Regulators have already found thousands of unsafe products, including potentially dangerous children’s sleepwear, carbon monoxide detectors, and dietary supplements for sale on Amazon. Now, its video doorbells with both security flaws and without a required visible ID issued by the FCC, making them illegal to distribute in the U.S. When contacted by Consumer Reports, both Amazon and the FCC said nothing. The bad doorbells were found to be sold under 10 different brand names (at least) and they are all controlled with a mobile app, called Aiwit. Some of the brands are: Eken, Tuck, Fishbot, Rakeblue, Andoe, Gemee, and Luckwolf. Consumer Reports found that Eken and Tuck doorbells have often been labeled "Amazon’s Choice: Overall Pick." The Amazon's Choice scam is described on the Amazon page of this site. How little does Amazon care? These things were still Amazon's Choice even after CR notified them about the security problems. As to the flaws, they allow a bad guy to take control of the video doorbell, watching when the victims come and go. These bad video doorbells are also sold at Walmart, Sears, Shein and Temu. Amazon, Sears, and Shein did not respond to Consumer Reports at all. Walmart said good stuff to CR, but they continue to sell these shitty products.

JANUARY 2024

January 25, 2024: Using Google Search to Find Software Can Be Risky by Brian Krebs.

January 11, 2024: What is credential stuffing and how do you keep your accounts safe from it by Katie Malone for Engadget. Things are bad. Okta says that nearly a quarter of all login attempts last year were credential stuffing. A Verizon analysis of data breaches found that about half of breaches involved stolen credentials. The article suggests two things I disagree with: changing passwords frequently and using passkeys. It has the mandatory nag to use a password manager, yet like all such knee jerk advice, nothing about the down side to doing so. One good suggestion is to delete accounts you no longer use. More in the Credential Stuffing topic here.

January 5, 2024: How to Be More Anonymous Online by Matt Burgess for Wired. Sub-head: Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules. This is a reasonably good article, but it touches so many bases that it can not go into detail on any one point. Basically, a checklist.

January 2, 2024: What It's Like to Use Apple's Lockdown Mode by Lily Hay Newman for Wired. Only about iOS, nothing on macOS. Newman found Lockdown Mode to be surprisingly usable. iOS 17 expanded the features that are locked down. This includes new support for the Apple Watch and removing geolocation data from shared photos. It also blocks, by default, the iOS device from joining unsecured Wi-Fi networks and 2G cellular networks.

End of Dec 2023/start of Jan 2024: iPhones running iOS versions prior to 16.2 were sitting ducks for spies and/or bad guys. They could be remotely hacked using a number of bugs and what looks like a deliberately open back door. We will probably not know who created the back door and/or why for 50 years. There is a non-zero chance that the US Government made Apple do this. More: 4-year campaign backdoored iPhones using possibly the most advanced exploit ever by Dan Goodin for Ars Technica (Dec 27, 2023), Security Now episode 955 by Steve Gibson (Jan. 2, 2024), New iPhone Exploit Uses Four Zero-Days a summary of this hacking by Bruce Schneier (Jan 4, 2024).

DECEMBER 2023

December 29, 2023: What to do (and avoid) after you’ve been scammed by Heather Kelly for the Washington post. One piece of advice from the article: "Do not rely on search engines to find help. Scammers will often buy search ads for keywords about falling for scams, getting into hacked accounts, or recovering money or cryptocurrency. Others will automatically reply to any public social media post about being scammed, offering help. Skip them all."

December 17, 2023: What to do when receiving unprompted MFA OTP codes by Lawrence Abrams for Bleeping Computer. If you receive an unprompted two factor code (typically via a text message) it probably means that bad guys have the password to whatever site/system sent the 2FA code. You should log into that site/system and change the password ASAP. Do not click on links in the text message or email message. If that password was also used at other sites/systems, change it there too.

NOVEMBER 2023

November 8, 2023: Google spent $26 billion to hide this phone setting from you by Geoffrey A. Fowler for the Washington Post. Google goes to great lengths to be your default search engine and keep you from switching. Here’s why you should make your own choice.

OCTOBER 2023

October 12, 2023: How to Block Graphic Social-Media Content From Your Phone - and Your Kids' Phones by Cordilia James in the Wall Street Journal. The war in Israel and Gaza is all over social media. Instagram, TikTok and Twitter have tools that can help you follow the news but control what you see.

SEPTEMBER 2023

September 18, 2023: Going to a protest? Here is your digital privacy survival kit by David Strom. This a summary of this advice from the EFF: Attending a Protest (Last Reviewed: Feb 1, 2023).

September 15, 2023: If traveling by car and the car breaks down in a remote area without cell service, Apple has a system in the U.S. that lets you contact AAA by satellite. See How to use Roadside Assistance via satellite on iPhone 14 and iPhone 15 by Zac Hall for 9to5 Mac. The feature is called Roadside Assistance and it requires an iPhone 14 or later. It also requires iOS version 17 (or later?). For now, the service is free. Here is the official Apple writeup: Use Roadside Assistance via satellite on your iPhone.

September 3, 2023: How to Use Proton Sentinel to Keep Your Accounts Safe by David Nield for Wired. Proton describes their Sentinel feature as offering more protection than most people will need. It is aimed at people that need the most security such as journalists, government officials, high-profile public figures, anyone who deals with sensitive data or anyone who might be a target for cyberattacks for whatever reason. It requires a paid account, the cheapest of which is the $10/month Unlimited account. It is also available on the $11/month Business account and the $20/month Family account. More from Proton: The Proton Sentinel high-security program (Aug 16, 2023).

AUGUST 2023

August 28, 2023: Hackers Can Silently Grab Your IP Through Skype. Microsoft Is In No Rush to Fix It by Joseph Cox for 404 Media. The article is very short on details as this seems to be a breaking store. There is no comment from any VPN provider and it is not obvious if the leaked IP address is the public IP or that of the VPN server.

August 18, 2023: This article offers a reminder of a couple companies that, perhaps, you do not want to buy their products. WD refused to answer our questions about its self-wiping SanDisk SSDs by Sean Hollister for The Verge. "For months, the company has been laughably silent about how its pricey portable SanDisk Extreme SSDs might lose all your data ... Months after our inquiries, Western Digital continues to sell these drives due to deep discounts, fake Amazon reviews, and issues with Google Search that rank favorable results far higher than warnings about potential failures." This issue has generated three lawsuits. "Western Digital was already forced into a class action settlement over a previous questionable practice: in 2020, the company brazenly tried to sneak SMR drives into its WD Red lineup marketed for network-attached storage devices. The company paid $5.7 million to settle those claims."

JULY 2023

July 9, 2023: Getting Locked Out of Your Digital Life Is Bad. Here’s How to Avoid It. by Nicole Nguyen for the Wall Street Journal.

JUNE 2023

June 12, 2023: The dos and don'ts of using home security cameras that see everything by Heather Kelly in the Washington Post. The article fails to take a big picture view of the pros and cons of various way to manage these cameras. Some tips: Monitor entrances and exits rather than enitre rooms. Beware of unknown hardware brands. How can you tell if a camera is on? Can you block a camera? The author puts too much trust in end-to-end encryption. There is nothing on using a router to block cameras from phoning home. Of course not. The Washington Post does not have techies write their technical articles.

June 5, 2023: Public DNS malware filters tested by Kris Lowet of Nexxwave. A test of some DNS providers that claim to block malware domains. The worst was Comodo Secure DNS which blocked nothing. Cloudflare for Families was very bad, blocking only 13%. Quad9 blocked 78%. CleanBrowsing Security Filter blocked 87%. The two best services were dns0.eu and dns0.eu ZERO which both blocked 94%.

June 5, 2023: Blatant tech frauds run amok on the biggest online marketplaces by Scharon Harding for Ars Technica. Sub-heading: If I can spot a fake SSD, why can't Walmart? The article discusses Walmart, Amazon and eBay. Some of the items mentioned are fake SSDs, fake Apple chargers, cables that do not meet the advertised specs, and counterfeit batteries that threaten physical harm.

MAY 2023

May 31, 2023: Create a Private Social Space, Far From the Maddening Crowd by J. D. Biersdorfer. Quoting: "Private social media apps work much like the larger platforms with the sharing of status updates, comments, photos and videos ... In some cases, you pay a small fee - but you can share without advertisements and fewer personal-information concerns." Among the services mentioned are Photocircle, Kin and CaringBridge.

May 18, 2023: Popular Android TV boxes sold on Amazon are laced with malware by Zack Whittaker for Tech Crunch. Two China-based companies, AllWinner and RockChip, sell several wildly popular Android TV boxes that are sold on Amazon. The boxes are cheap and highly customizable, including several streaming services. Their listings on Amazon boast four-out-of-five star ratings and collectively racked up thousands of praiseworthy reviews. Yet, the are preloaded with malware capable of launching coordinated cyber attacks. The only defense is to not buy one in the first place. If you own one, the only defense is to throw it away. They are still being sold by Amazon. Of course.

May 10, 2023: Your Android apps are tracking you. Here's how to stop them by Jack Wallen for ZDNet. Want to block third-party trackers on your Android phone? This feature from DuckDuckGo can help with that. Here's how to enable it. There is more about this in the Android topic on this site.

APRIL 2023

Apr 27, 2023: How I Nearly Fell for a Frightening 'Virtual Kidnapping' Scam by Larry Magid. A scammer called Magid on the phone and said he had kidnapped is wife. Quoting: "As a long-time tech journalist and founder and CEO of an online safety organization, I know a lot about phone and online scams ... But this call felt real to me and threatened to separate me not from money but from someone, who ... means more to me than anything in the world. Being an 'expert' didn’t make me immune to the social engineering that led me to believe the threat was real." The playbook for this type of scam: Start with fear, follow with an authority figure to gain trust and then pivot to the threat. Great defense: Magid put the bad guy on speaker and dialed 911 from another phone. He said nothing, but he knew that the 911 operator would hang on and listen to the call.

  • April 18, 2023: Used Routers Often Come Loaded With Corporate Secrets by Lily Hay Newman for Wired. Researchers from the security firm ESET bought 18 used routers made by Cisco, Fortinet, and Juniper Networks. They found nine were just as their previous owners had left them and fully accessible. Only five had been properly wiped. All nine of the unprotected routers contained credentials for the organization's VPN, credentials for another secure network communication service, or hashed root administrator passwords. All nine included enough identifying data to determine the previous owner. Eight of the nine included router-to-router authentication keys and information about how the router connected to specific applications used by the previous owner. Four devices exposed credentials for connecting to the networks of other organizations. Other security companies have repeatedly seen the same thing. ESET tried to contact all the vulnerable organizations and some would not give them the time of day. There is said to be a resale market with millions of enterprise level networking devices.
  • April 6, 2023: The headline is misleading, the actual attack was SIM Swapping. Read more about this type of attack and defending against it on the SIM Swap page.
    Riley Reid's Twitter Hacked and Posting Extremely Racist Things for Days to 2 Million Followers by Emanuel Maiberg for Vice. "One of the biggest pornstars in the world has been hacked to spread hateful content and Twitter hasn’t done anything about it for days."
  • April 3, 2023: Supply Chain Compromise or False Positive: The Intriguing Case of efile.com [updated - confirmed malicious code] by Johannes Ullrich of SANS. The tax preparing website has been hacked. For some users, it prompts them to download a scam browser update which is actually malware. I reviewed their website on April 5th and there was no mention of this.

    April 3, 2023: Even when using a VPN, there are many ways that a web browser can still spy on you. One way to counter this is to use the Tor browser. However, Tor is brutally slow, so Mullvad just released a new web browser, the Mullvad Browser. Basically, this is the Tor browser but without Tor. The Mullvad Browser can be used with any OS level VPN or even without a VPN at all. Both the Tor and Mullvad browsers have many customizations that avoid fingerprinting, that is, they try to make all users of the software appear to be the same. The Mullvad browser is free and available for Windows, macOS and Linux. There is no Mobile version. It uses the Mullvad DoH DNS service that is available to everyone, not just Mullvad customers. They offer two free DNS services, the default one does not block ads, but this can be changed.

    MARCH 2023

    March 31, 2023: How to spot the Trump and Pope AI fakes by Shira Ovide for the Washington Post. Some suggestions: look for hands, background images and inanimate objects that don’t look quite right. Look at the writing on objects. The background may be blurry or distorted.

    March 23, 2023 (last updated): How to Check if Your Password Has Been Stolen by Chris Hoffman of How To Geek. Check an email address or userid at haveibeenpwned.com. Check a password at haveibeenpwned.com/Passwords.

    March 22, 2023: Journalist hurt by exploding USB bomb drive by Thomas Claburn for The Register. A whole new type of attack using a USB flash drive. More in the USB Flash Drives topic.

    March 22, 2023: 4 Amazon privacy settings you should change right now by Jared Newman in PC World. The settings minimize data collection and opt out of ad targeting.

    March 10, 2023: A five minute video from CNN: CNN's Donie O'Sullivan tests AI voice-mimicking software March 2023. On the one hand this is funny as an AI voice fools the reporter's parents. On the other hand, AI generated voices are also used to fool relatives as part of scam to send money. And, financial institutions use voice printing as a security feature.

    March 5: They thought loved ones were calling for help. It was an AI scam. by Pranshu Verma for the Washington Post. To fake the voice of a person used to require a large voice sample. No more. Bad guys can now replicate a voice with an audio sample of a few sentences. The audio could come from YouTube, TikTok, Instagram, Facebook videos or podcasts, making many people vulnerable. Or rather, making their relatives vulnerable to scammers. The technology to do this is now much easier to use and cheaper making it available to more scammers. Two defenses are not new: be aware of this type of scam and also be aware that the callerid on a phone call can be spoofed. Another defense: when a loved one calls asking for money, put the call on hold and call them back. Another defense: verify the identity of the caller by asking them a question that only they would know. Or, along the same line, setup a security phrase ahead of time, just for this sort of thing. Ugh.

    March 3, 2023: Thought you'd opted out of online tracking? Think again by Thomas Claburn for The Register. A study of websites that offer users the chance to opt out of data collection found ... opting out did next to nothing. The defense: "... in order to fully protect privacy, users still need to rely on privacy-enhancing tools, such as ad/tracker blocking browser extensions and privacy-focused browsers (e.g., Brave Browser)." In the web browser topic on this site, I do suggest using Brave.

    March 1, 2023: How To Prevent Watch-And-Grab iPhone Theft a 7 minute video by Gary Rosenzweig of MacMost.com. If you are worried that someone can watch you enter your passcode on your iPhone and then steal your iPhone from you, then here's how to protect yourself. There is more on this on the iOS page.

    FEBRUARY 2023

    February 2023: Best Practices for Securing Your Home Network from the National Security Agency (Version 1.0). A nine page PDF.

    February 24, 2023: All iPhone users should watch this February 2023 video from the Wall Street Journal about bad guys stealing iPhones after watching the owner unlock the phone with a PIN code. The video is also available on YouTube: Apple’s iPhone Passcode Problem: Thieves Can Ruin Your Entire Digital Life in Minutes. The point of the story is all the bad things that thieves can do with just the phone and the PIN code. The video is a criticism of the Apple ecosystem and shows how easy it is to lose access to your Apple ID. Apple has made a number of design mistakes, perhaps the biggest is letting someone change the Apple ID password knowing just the PIN code for the phone. A safer design would require first entering the current password before being allowed to change anything. It also points up the danger to using the Apple password manager (iCloud Keychain). Apps that have the password automatically entered by the Apple password manager can be easily abused by the bad guys. One victim had $10,000 stolen from her. This strikes me as another design flaw, providing access to saved passwords without first requiring a password to kick off the password manager. Still another design flaw is the new hardware security keys that are intended to prevent access to an Apple account. With the phone and PIN code these security keys are bypassed and can even be removed from the Apple account. Big mistake by Apple. There is more on this and a long list of defensive steps on the iOS page.

    February 12, 2023: How to Make Sure You’re Not Accidentally Sharing Your Location by David Nield in Wired. Your location can be logged by your devices, by your apps, and by websites you visit. More on this in the Location Tracking topic on this site.

    February 8, 2023: How to Prepare for a Lost, Stolen or Broken Smartphone by J. D. Biersdorfer for the New York Times. The article discusses buying insurance or extended warranty coverage, backing up files both to the cloud and to a computer of yours, dealing with water damage, using location services and more.

    February 8, 2023: Mysterious leak of Booking.com reservation data is being used to scam customers by Dan Goodin for Ars Technica. "For almost five years, Booking.com customers have been on the receiving end of a continuous series of scams that clearly demonstrate that criminals have obtained travel plans and other personal information customers provided to the travel site ... It's hard to understand how, after five years, the leak in Booking.com’s partner network continues to spill private data that leaves customers open to scams and other forms of fraud. The company’s insistence that its systems haven’t been breached is little comfort to those affected ... Until Booking.com comes clean, people would do well to book travel using a different site."

    February 3, 2023: Retirees Are Losing Their Life Savings to Romance Scams. Here's What to Know by Emily Schmall in the New York Times. Con artists are using dating sites to prey on older lonely people, in a pattern that accelerated during the isolation of the pandemic. Older people are more susceptible to romance scams because they usually have more money than younger people. In an example in the article, gift cards were used to transfer money from the victim to the bad guys. Gift cards are a classic pattern in scams. If an older person refuse to accept the fact that they have been scammed, family members can file an emergency petition for temporary guardianship and ask a judge to issue an order that will immediately freeze bank accounts.

    February 3, 2023: Until further notice, think twice before using Google to download software by Dan Goodin for Ars Technica. Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous. "Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird." The Domain Name Rules page on this site shows how to recognize scam domain names. Not said in the article is that this can not affect iOS and Android which have their own app stores. This only affects ancient operating systems without an app store: Windows and macOS. The article also does not offer the obvious defense of blocking ads, probably because Ars Technica relies on ads itself.

    February 3, 2023: Part of Defensive Computing is picking good companies to deal with. In that light: Charter's $7 Billion Penalty For Murdering An Elderly Customer Reduced To $262 Million by Karl Bode for Tech Dirt. Paraphrasing: In August 2022 Charter Communications (Spectrum) was slapped with a $7 billion lawsuit after one of their cable technicians murdered an 83-year-old customer. The lawsuit claims that Charter had eliminated a more rigorous screening process when they merged with Time Warner Cable, letting the employee and his history slip through the cracks. A jury later reduced the amount to $1.1 billion. This week, Charter settled with the family for $262 million, all of which will be covered by insurance. Worse yet: the court found that Charter had forged documents to try and force the family out of the court system and into binding arbitration. Why? In arbitration, the results would have been secret and damages would have been limited to the amount of the victims cable bill. Let me repeat: forged documents.

    February 1, 2023: More pig butchering scams in the news (see also a story from September 2022 below). Pig-butchering scam apps sneak into Apple's App Store and Google Play by Dan Goodin for Ars Technica. Quoting: "In the past year, a new term has arisen to describe an online scam raking in millions, if not billions, of dollars per year. It's called 'pig butchering,' and now even Apple is getting fooled into participating. Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams.". Pig butchering scams employ a combination of apps, websites and people to build trust with a victim over an extended period of time. Eventually, the discussion turn to investments that the scammer claims to have earned huge sums of money from and the victim is invited to participate. The victims are often well-educated, some with PhDs. In part these scams work because of the length of the engagement the scammers have with the victims. One ruse to show that the scam investment is legit is when the bad guys let the victim withdraw some of their money.

    JANUARY 2023

    January 31, 2023: Can we trust Anker Eufy security cameras? Read this and decide for yourself: Anker finally comes clean about its Eufy security cameras by Sean Hollister for The Verge. Quoting: "First, Anker told us it was impossible. Then, it covered its tracks. It repeatedly deflected while utterly ignoring our emails. So shortly before Christmas, we gave the company an ultimatum: if Anker wouldn't answer why its supposedly always-encrypted Eufy cameras were producing unencrypted streams - among other questions - we would publish a story about the company’s lack of answers. It worked. In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted - they can and did produce unencrypted video streams for Eufy’s web portal ... ".

    January 25, 2023: Well done, Poland. Artemis – CERT Polska verifies the cybersecurity of Polish organizations From CERT Polska about their Artemis system that scans the Polish internet for bugs, old software and configuration errors and then notifies resource owners. They are scanning Polish schools, hospitals, research institutes, universities and local government units. And, they are finding lots of bad stuff. Good for Poland. Too bad, the United States does not do this. i think the Dutch do something similar.

    January 23, 2023: Hackers often use this clever trick to take you to phishing sites - can you spot it? by Anthony Spadafora for Toms Guide. About spoofed URLs that look very similar to legitimate ones. These are homograph attacks. The article has an example of a scam www.citibank.com domain and I could not spot the difference. It looked legit to me. More about this on the Domain Name rules page.

    January 22, 2023: How to Encrypt any File, Folder, or Drive on Your System by David Nield for Wired. Covers encryption software built into Windows and macOS. Also covers VeraCrypt.

    January 16, 2023: All the Data Apple Collects About You - and How to Limit It by Matt Burgess in Wired. "Apple's business model is shifting ... it has recently pushed to boost its profits by increasing its services, such as subscriptions to Apple Music, iCloud, and Apple TV. And its advertising business is quickly growing. As a result, Apple's users are starting to see more ads inside some of Apple’s apps." There is not much in the way of defense in the article, a couple system wide settings that are already on the iOS page here.

    January 5, 2023. Twitters blue verification is still a scam. Twitter said it fixed 'verification.' So I impersonated a senator (again). by Geoffrey A. Fowler for the Washington Post. Elon Musk said Twitter would begin authenticating users who pay $8 for Blue. Not true.

    DECEMBER 2022

    December 28, 2022. 6 easy fixes to avoid tech headaches in 2023 by Heather Kelly for the Washington Post. Quoting: "The most common issues we heard this year were about being tricked. Whether it was by hackers taking over Facebook accounts or scammers asking for money on the phone." As expected, the article pushes password managers, but it does also suggest a simple notebook which is the right solution for many people. Topics in the article: Lower your chances of getting hacked and scammed, Prepare for your death, Prepare for the death of your devices, Have the big tech talks with your kids, Set up older family members for success and Lock down your privacy online.

    December 22, 2022. Why You Need To Be Careful When Buying a Used Mac by Gary Rosenzweig of MacMost.com. A long article/video, well worth your time. Some points raised: online used Mac sales have been overrun by scammers. The most risk is at Craig's List, E-bay, Facebook, or Next Door. It is common for used Macs to have been stolen. In that case, it may be locked down and not usable. Macs can be locked down in a variety of ways. Macs get new operating systems for about five years after they come out. Then they only get security support for two more years. The battery may be worn down. You may over pay for it. The Apple Refurb Store will not save you much money but you will get a fair recent model. Tips on what to do first with a used Mac.

    November 14, 2022 (first published), updated Dec 20, 2022. How millions of phones get early notice of California’s biggest quakes by Geoffrey A. Fowler in the Washington Post. About a system called ShakeAlert, developed by the U.S. Geological Survey and partners. Typical warning is up to 20 seconds before the shaking. The system is now operating in California, Oregon and Washington state. Android is better than an iPhone in this regard. Google added ShakeAlert to Android in 2020. Of course the phone has to know your location and must have Emergency Notifications enabled. I found this impossible to understand as searching Android 13 Settings for "emergency" produced 932 results. Which ones matter? Dunno. On iOS you have to install an app and fight with the OS so it always knows where you are. Two apps mentioned in the article are MyShake, from the University of California at Berkeley and QuakeAlertUSA from Early Warning Labs.

    SEPTEMBER 2022

    September 19, 2022. What's a Pig Butchering Scam? Here's How to Avoid Falling Victim to One. by Cezary Podkul for Pro Publica. Quoting: "If you're like most people, you’ve received a text or chat message in recent months from a stranger with an attractive profile photograph. It might open with a simple 'Hi' or what seems like good-natured confusion about why your phone number seems to be in the person’s address book. But these messages are often far from accidental: They are the first step in a process intended to steer you from a friendly chat to an online investment to, ultimately, watching your money disappear into the account of a fraudster. 'Pig butchering,' as the technique is known - the phrase alludes to the practice of fattening a hog before slaughter ... went global during the pandemic. Today criminal syndicates target people around the world ... "

     

     This page: 8 views per day (over 779 days)   Total views: 5,851   Created: December 27, 2022
    This Page
    Last Updated

    January 19, 2025
    Site Page
    Views TOTAL

     1,097,363
    Site Page
    Views TODAY

      1,239
    Website by
    Michael Horowitz
    @defensivecomput
    top
    Copyright 2019 - 2025