SECURITY: Don’t Get ‘Juice Jacked’ While Recharging In Public

Do you plug your phone into free public charging stations? Be careful! According to NBC News , you may get ‘juice jacked’ by hackers who have installed malware that can tunnel and copy your sensitive personal information! Cybersecurity expert Jim Stickley demonstrates how a hacker could access a person’s phone through a public charging station.NBC News “Depending on the vulnerability they exploit, they would have access to everything you would have access to on your phone,” according to cybersecurity expert Jim Stickley.

Source: Don’t Get ‘Juice Jacked’ While Recharging In Public, Cybersecurity Expert Warns

# – # – # – # – #

Personally, I don’t use “public charging stations”.  I have several cheap battery blocks for the purpose.  In the rare instance that I have to, I “juice” the block and then connect the device to the block.

Can’t be too careful in “security”

— 30 —

SECURITY: Dump Verizon (aka AOL aka Yahoo) as well as your ISP email address NOW!

https://pjmedia.com/trending/yahoo-and-aol-can-now-read-your-emails-access-your-bank-records/

If you now have a Yahoo or AOL account, I recommend that you close your account.

​Seriously, not that I think​ Google is “Prince Charming”, but Verizon has now gone “over the edge”, imho.  Of course, it’s a giant PIA to change email addresses. 

That’s why I suggest that you have your own domain? The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I own “reinke.cc”. (I like saying “sea sea me at reinke.cc”! me@reinke.cc will actually work!) I gives one quite a bit of control. 

And, it’s very cheap. I know three solutions at 15$/year using wordpressdotcom with gmail, 25$/year email only with 1and1, and 60$/year for domain+email+webspace also at 1and1. My point is not that you should use 1and1. http://www.1and1.com/?k_id=9113251 I could care less which one you use. It’s that getting on to your own domain with email is cheap and easy. And, it’s not hotmail, yahoo, or gmail. It IS your own “personal brand”.

If you find out later that you’ve been abused by Verizon aka AOL aka Yahoo or your ISP, then you can’t say you did get warned.

# – # – # – # – #

SECURITY: Don’t reuse passwords

It’s World Password Day

Passwords are in the spotlight today and it’s an important reminder to reconsider our online security routine. Our recent research project, The Psychology of Passwords, shows a startling reality of unsafe online practices. Here’s a little preview of the habits that make hackers very happy:

 59% mostly or always use the same password

 53% have not changed passwords in the last year

 64% want to easily remember their passwords
From this, we’ve learned that consumers are using the same easy-to-remember password for multiple accounts (despite the increase in cybersecurity threats and breaches).

Don’t let yourself be one of these stats – participate in World Password Day! Refresh your passwords today and secure your digital life.

# – # – # – # – # 2018-May-03 @ 12:21

SECURITY: FBI paid Geek Squad employees as informants

http://www.foxnews.com/tech/2018/03/07/fbi-paid-geek-squad-employees-as-informants.html

The FBI paid Geek Squad employees as informants

*** begin quote ***

The FBI has been in cahoots with Best Buy’s Geek Squad for at least the past decade, new documents obtained by the Electronic Frontier Foundation (EFF) via a Freedom of Information Act (FOIA) lawsuit reveal.

An FBI memo obtained by the nonprofit digital rights group reveals that Best Buy in September 2008 hosted a meeting of the law enforcement agency’s Cyber Working Group at a Geek Squad repair facility in Kentucky. The memo indicates that the local FBI division “has maintained close liaison with the Geek Squad’s management in an effort to glean case initiations and to support the division’s Computer Intrusion and Cyber Crime programs.”

*** end quote ***

While I have no love for child porn, its producers, to its consumers, I am concerned about the Fourth Amendment. It would seem that the Geek Squad has become agents of the police and subject to the usual requirements of warrants.

It sets up a very suspect set of circumstances.

How does one ensure that the evidence was planted?

Does Best Buy have a secure image taken before the staff works on it? Are patrons advised to take an image before submitting a computer for service?

Makes one think doesn’t it?

# – # – # – # – # 

SECURITY: “Mobile Witness” as a tool

http://www.zdnet.com/pictures/android-ios-apps-to-download-before-disaster-strikes/13/

Mobile Witness

If you are in the area when a situation calls for evidence — such as in the case of dubious behavior or crimes — Mobile Witness can provide a way to record audio and video.

Rather than store this footage on your mobile device, which may be lost, taken, or stolen, recordings can automatically be sent to third-party cloud storage providers including Dropbox and Google Drive.

# – # – # – # – #

Great idea!

# – # – # – # – #

SECURITY: A password manager is essential today

https://www.lifewire.com/password-managers-4151868

Password Managers You Need
Online security can be stress-free with a password manager in your corner
by Tom Nelson
Updated October 02, 2017

*** begin quote ***

A password manager is an application that can generate, store securely, retrieve, and manage passwords and other login credentials. And it may well end up being the best friend you have when it comes to keeping your privacy safe while browsing the web and accessing your favorite online services.

Password managers let you collect and store all of your passwords and login information for various accounts in one easy-to-access app that can log you in to any service you have subscribed to with just a couple of clicks or taps.

The ease of access to your passwords usually puts an end to two of the most common security problems involving online services: using the same password for multiple sites, and using easy to remember, and thus easy to guess, login credentials.

It’s important to use different passwords for each and every site/service you use because if one of the sites or services you use is hacked and the hackers gain access to your name and password, they will start trying your name and password combination on lots of sites (think banks and social media sites). By having completely different passwords for each site/service leaves you far less vulnerable.

*** end quote ***

I am a lastpass fanboy.

https://lastpass.com/f?408336

Just this week, I had to help two people with “password problems”.

Both were with IOS, which makes me suspect that IOS screwed something up?

In any event, one was with Yahoo mail. Of course, the noob had never set anything up with “disaster recovery” in mind.

(And, the Sprint tech, who swap her phone out on an upgrade, never backed up any of her “stuff”. She was in tears until I suggested that she request photos from her friends with whom she probably shared them with. That got her back a lot but no one knows if it was all. I set up Google Photos to archive all of them and turned on her iCloud back up. Argh!)

Any way, I was able to get her phone to register with Yahoo as a recovery alternative. And, then recover her original password. Eventually, Yahoo “timed out” and “excessive recoveried” her. But it was good enough to get her mail flowing again.

I set up her LastPass and it began automatically capturing passwords for her.

But why does everything have to be done AFTER a disaster?

Argh!

Do these technology companies not realize that it has to be brain dead simple and that the average User has no concept of what is going on?

Argh!

# – # – # – # – #