Is Your Voice Activated Assistant Spying On You?

Twenty million or more homes now entertain a smart-speaker sidekick. Speaking to devices isn’t new, just ask Alexander Graham Bell. But with technology constantly building on top of itself, these little household helpers are now leading the way. With all of their novelty and support, there is a flipside of voice-activation. From casual users to strung-out parents (who kiss the counter it sits on), there are several areas of concern.

Although the devices are trained to recognize the voices of users and family members, it’s far from 100% foolproof. Advertisers are already using voice-activation in TV and radio ads. While you’re cooking dinner, your kids might have a different idea and order a continuing stream of pizza deliveries. A more nefarious character could ask for personal information or turn on the shopping option for a lucrative shopping spree.

Privacy violations are cropping up primarily because once the device is activated, it records what’s being said and in some cases, uploads that data to a server elsewhere.

Earlier this year, Amazon was asked to give up an Echo device to the authorities concerning a murder case. Law enforcement believed the Echo may have inadvertently recorded information about the crime. Amazon relinquished the device, but not without protest. To be expected, voice-activated data vulnerability and privacy invasion hasn’t gone unnoticed by hackers. As smart-speakers grow in popularity, the more smarts you’ll need to protect yourself.

– Always link your smart speaker to your home or office Wi-Fi network. Having it attached to a public Wi-Fi hotspot could spell disaster.
– Using strong passwords with two-factor verification is always smart for any device. Smart-speaker voice-activation is no different.
– Connect only necessary accounts. When a linked email device is compromised, it can be used to spy. Linking banking and other financial information is playing with fire. The more sensitive the account linked the more vulnerable it is.
– Turn off the microphone for the device. It may not be convenient remembering to turn it back on, but you’ll know your privacy is certain when you’re not using it.

Hackers who gain access to the local network can change device settings or remove settings completely. Once they’re in the network, a whole lot of hurt can follow. Make sure you’re not making it easier for them.

© Copyright 2018 Stickley on Security

Catelites Bot Poses Threat To Android Users By Imitating 2200 Financial Institutions

There has been a recent report of financial malware, called the Catelites Bot, that has targeted over of 2,200 financial institutions worldwide through fake mobile banking apps on Android devices. There is a list of institutions that are targeted by this malware — over 180 are banks, credit unions and brokerage firms based in the United States.

About The Malware

Cybersecurity firms Avast and SfyLabs are seeing roughly one to two fake apps per week installing malware onto Android devices. These apps are either side loaded, executed via phishing, or downloaded from malicious adware. Once on the device, the icon looks like a shield with a checkmark and is titled “System Application.” If it’s clicked, it will ask for administrator rights, which should never be granted unless you really know what you’re doing. After the “System Application” app is clicked, it places three icons that are familiar onto the home screen: Gmail, Google Play and Chrome — all apps that users know well and tend to trust.

How It Works

How does the app pretend to be a legitimate financial institution? It uses actual logos and simple overlays to trick users. It not only can steal login details and payment card information, but also has the capability to intercept text/SMS messages, set ringer volumes so that you perhaps don’t notice incoming messages, retrieve running tasks from other applications on the device, and even wipe data from it or lock users out completely.

What to Do

Once the apps are on the home screen, they are irremovable. Cybercriminals are counting on people to open them and enter sensitive information such as payment card information and login credentials. The financial institution’s fake overlay will stay on top of the screen until the user enters credentials. But don’t. If anything looks amiss when opening a financial app, close it down immediately. If you suspect malware is on the device, shut it down and reboot into safe mode. Then delete the malicious apps. This process varies depending on the device, so make sure you find instructions for your specific one. If you are unsure how to do this, take it to an authorized support technician for help.

One good habit to adopt is to always keep current backups of your mobile devices. Should malware strike, you can often reset them to factory mode and reinstall an earlier version to get rid of malware. You can usually back them up to a computer or to cloud storage easily and quickly.

To Avoid Catelites

– Download apps only from official app stores. So far, this malware has only been found on third party sites. It has not been seen in the Google Play Store.
– Make sure that reputable security software is installed on your devices and kept up to date. Many of them will protect you from this particular threat.
– Don’t click links that arrive in email or via text/SMS that you are not expecting or you don’t fully trust.
– Avoid clicking on ads you see on the sides of your browser screens — they could be malicious. If you want to see something the ad is presenting, go to the store’s website directly and search for it there.
– Consider using ad-blocking software on your devices. There are many to choose from, and, as with all apps, do research on them and read reviews before downloading.
– Don’t give administrator access to any app, no matter how nicely it asks. Don’t blindly grant access to other items on your smartphones either. Consider, for example, if a calculator app really needs access to your camera. It doesn’t.

The overlays for this malware are not as sophisticated as some other financial malware, but still pose a significant threat. It counts on peoples’ willingness to enter credentials or payment card information.

As always, exercise caution when downloading apps from unfamiliar sites.

© Copyright 2018 Stickley on Security

Vehicle Maintenance Myths That Could Cost You

A lot of your accumulated car wisdom probably comes via tidbits from friends, relatives, shop teachers, driving instructors and various other fellow passengers on the highway of life. While some of this passed-on knowledge can be incredibly shrewd and useful, chances are some of the information just doesn’t compute.

The Myth: Replace It All

Back in the day, when filters, spark plugs and other car parts wore out faster, it made more sense to have your mechanic replace a bunch of components whenever you took your car in for an oil change. These days, though, just about everything in your car lasts much longer than it did in previous generations. Keeping a detailed service record and cross-referencing it with your owner’s manual will help YOU know when things need to be replaced and not make you reliant on your mechanic for potentially costly decisions.

The Myth: Use Cleaners Other Than Windshield Wiper Fluid

Are you one of those people who likes to use those “sneaky little tricks” to do a job more efficiently? If you are, and you’ve heard the one about using other kinds of cleaning liquids in place of windshield wiper fluid, be aware that while your windshield may seem cleaner, you are also probably stripping your car’s finish in the process.

The Myth: Winterize Or Else!

If you normally share the roads with sled dogs, you may need to take special precautions for the colder months. However, in most areas, all you probably need to do to get ready for winter is check your tire pressure and install snow tires if you have them.

The Myth: Let Your Car Warm Up Before You Drive

This one isn’t complete nonsense. There was a time when cars needed a little run-time before the engine was operating at optimal efficiency. However, unless you drive a classic car, you are only wasting gas by running your engine prior to a trip.

The Myth: Flush It

Some mechanics out there are quite flush happy. They want to flush your transmission, your radiator, your engine oil, and so on. But modern vehicles require these actions very infrequently. Consult with your owner’s manual to make sure your money isn’t just getting flushed down the drain.

The Myth: Put Your Car In Neutral At a Stop Light

The logic (if you can call it that) behind this suggestion is that it is supposed to put less strain on cars with automatic transmission. Shifting into neutral over and over will actually send you to the shop for a new transition much faster than if you had just left it alone.

The Myth: Top Off The Brake Fluid And Forget It

If your vehicle is low on brake fluid, you have a problem. Either the fluid is leaking or your brakes are becoming dangerously worn out. From a money-saving perspective, it may seem counterintuitive to spend hundreds of dollars for brakes, but it’s better than having to pay for repairs and higher insurance rates because you couldn’t stop in time.

There are lots of folks out there who like to share vehicle advice. However, you can do yourself a big favor by at least researching their tips to make sure you aren’t just creating more problems. You’ll also be rewarded for your efforts by having a few more dollars in your pocket.

Ten Car Maintenance Tips That Will Save You Money

– Avoid paying for high octane gas as the benefit doesn’t justify the cost.
– Inflate your tires to the level listed in your car’s owner’s manual, not the maximum listed on the tires. This will help you achieve better mileage and less wear.
– Have your fluid levels checked before every long drive.
– Thoroughly research online reviews of local mechanics to find the best.
– Get your tires rotated at least twice a year to make them last much longer.
– Install a vehicle service app for your mobile device to help you remember when to perform your maintenance.
– Avoid the rapid acceleration and abrupt braking of “jackrabbit” driving.
– Make sure your spare tire is present and in working shape to remove the need for a tow in the case of a flat tire.
– Consult with your trusted mechanic and your owner’s manual about the appropriate mileage benchmarks for oil change. You may not need to do it every 3,000 miles. However, make sure it doesn’t void your warranty.
– Perform the easy task of changing your own air filter instead of paying a mechanic to do it.

 

How Your Password Gets Cracked

We all know weak and overused passwords are a cybercriminal’s map to your online world of information. It’s one of the most common entry points into snagging your private information, allowing them to hack email accounts, install malware, steal identities, and much more. However, understanding just how this info is gained by the bad guys shines a light of help. Knowing how they work gives insight into stopping their success. Learning specifically how and why you’re vulnerable to attack is huge. For once, you may just understand how to stay a step ahead of cyberthieves.

Keyloggers. They are software and hardware tools placed nearby or connected to your computer. They detect every keystroke, number, letter, or character that you type. A good anti-virus/anti-malware software solution installed on your computer should detect and remove keyloggers.

Wi-Fi traffic. It’s monitored by a hacker using a simple application letting them watch all activity on public Wi-Fi. The software notifies the hacker when your name and password are entered. It’s not far from there for a hacker to run your information to gain access to your other accounts. This blows a gaping hole to your information when reusing the same login information.

Flawed Protocols. Hackers know that sometimes flaws exist in code that is used to exchange or encrypt passwords. When hackers find these vulnerabilities, they have likely hit the jackpot. Until these flawed protocols are found and corrected, keep security up to date, including security patches and the latest OS updates.

Spoofing Attacks. Knowing a website visited often lets spoofers create a closely identical copy of the same website. As far as you know, it’s the same exact site. You have no hesitation entering passwords and other kinds of information on the site, especially if you make a purchase. Stick to the real deal by typing the URL directly into the address bar yourself. Look for the usual security icons in the left of the URL, and make sure everything is spelled correctly. Beware of invalid certificate warnings and never visit a site with a certificate warning of any type.

© Copyright 2018 Stickley on Security

Intel Chip Flaw Puts All Computer Users At Risk

You know that fast new computer you have? It’s got one of those fancy Intel processing chips inside and it’s screaming quick and you love it, right? Well, you’re about to be disappointed. News has surfaced that any computer or smartphone, be it running Windows, MacOS, or otherwise, purchased within the last decade with one of those Intel chips is likely to be slowed down due to an impending patch for a serious security flaw in the chips. The slowdown could be anywhere from 5-30%.

At this point, little is being released about the specifics of the flaw, but some say it means that some software programs and apps are able to read essential parts of the operating system. It could expose information from the machine such as user passwords. It affects the kernel functioning, so the patched systems could potentially see that hit to performance, due to the way patches interact with the kernel.

Protecting a Windows PC is a mixed bag right now with a few unknowns. Microsoft, Google, and Mozilla are all issuing patches for their browsers as a first line of defense. The latest versions of Internet Explorer, Firefox and Edge for Windows 10 all include a fix for this issue. Google says it will roll out a fix with Chrome 64 which is due to be released on January 23rd. Apple has not commented on how it plans to fix its Safari browser or macOS, but information is expected soon. Chrome, Edge, and Firefox users on Windows won’t really need to do much apart from accept the automatic updates to ensure they’re protected at the basic browser level.

The Intel developers are scurrying to get a patch out quickly. Researchers are saying the biggest impact will likely be to enterprise systems; to the average user, it could be negligible and any hit to performance should be mitigated over time with future patch releases. That said, the issue is serious enough that you should not delay when the patch is released. Apply it right away to all systems regardless of whether or not it slows down the computer or if it’s a personal computer at home or a server or workstation at the office.

In Intel’s statement, the company claims this flaw is not exclusive to its chips and likely does affect others such as AMD and Qualcomm and it is working with those manufacturers for an industry-wide solution. It also said that exploitation of the flaw does not have the potential “to corrupt, modify or delete data.” More details about this and what it could expose and how it can be exploited will be released once the patch is out. Until then, just be aware that it exists and watch for the patch to come out.

© Copyright 2018 Stickley on Security

Don’t File the Wrong Tax Form

Tax time is time of making decisions, so why make life more complicated than it has to be? Use the appropriate federal income tax form for your situation.

The options most individuals may choose from are forms 1040EZ, 1040A, and 1040. You may download the form you want directly from the IRS website (www.irs.gov) or call 800-TAX-FORM (800-829-3676) to have it mailed to you.

Form 1040EZ

Form 1040EZ is by far the simplest to complete. However, the conditions to use it are strict, and you may neither itemize deductions nor receive a student loan interest deduction and education credit.

You may use Form 1040EZ if all of the following are true:

– Your taxable income is less than $100,000
– Your filing status is “single” or “married filing jointly”
– You claim no dependents
– You (and your spouse, if filing a joint return) were under 65 and not blind
– You have $1,500 or less of taxable interest income

Form1040A

The next easiest to fill out is Form1040A. While you still cannot itemize deductions, you can adjust your income to include IRA contributions, student loan interest deductions, unreimbursed educator expenses, and higher education tuition and fees. You may also claim a whole slew of credits.

You may use Form 1040A if:

– Your taxable income is below $100,000
– You have capital gain distributions
– You claim certain tax credits
– You claim adjustments to income for IRA contributions and student loan interest

Form 1040

Your final option is Form1040. Because you may itemize deductions and claim the most tax credits and adjustments to income, it is more time-consuming to complete than the two others.

Use Form 1040 if:

– Your taxable income is $100,000 or more
– You claim itemized deductions
– You are reporting self-employment income
– You are reporting income from sale of property
– Using the correct form will not only save you money, it will save you time, making life a lot less taxing