Yahoo! Confirms Theft of Data of 500 Million Users


About a month ago, it was reported that Yahoo! was investigating a possible data breach affecting 500 million users from 2012 (the New York Times is reporting 2014). Since then, the company has confirmed the breach. The same hacker that claimed responsibility for the breaches of MySpace and LinkedIn has claimed this one too. Information accessed included user names, birthdates, contact email addresses, and poorly scrambled passwords.

The advice is the same as it was before. If you haven’t changed your Yahoo! password in a while, it’s a great time to do it. Also change passwords on any accounts for which you reused that one. Use strong passwords that:

  • are at least eight characters,
  • include at least one number,
  • include at least one special character, such as a number sign,
  • are not dictionary words or names,
  • cannot be easily guessed,
  • are not used on any other online site.

It is difficult to remember so many passwords. However, it is important to have different ones for all the sites you visit. Password reuse happens more often than ever and is being blamed for breaches and account access regularly. If the thief (or thieves) figures out that some of the contacts in those Yahoo! accounts are related to financial sites or people, they could try them on banking sites.

Jim Stickley of Stickley on Security recommends having a core password or phrase of at least six characters such as “Xu8*V@” and adding letters from the URL to your password in some manner you can remember. For example, if you were visiting Yahoo, your password would become “Xu8*V@YO” or some other derivation of that. It is highly unlikely a password would be reused this way.

Another way is the “dice” method. This is when you take dice with words on them (create your own dice if needed) and roll them to combine words into a password.

If you have to write down passwords, try to use clues to trigger your memory as opposed to writing down actual passwords. Then keep the list in a place separate from your computer; in a locked cabinet is preferred. And never put your passwords on sticky notes and attach it anywhere on your desk or monitor at work. This leaves your accounts vulnerable to a physical security breach.

In addition to changing your password, keep an eye out for additional email showing up in your in box that includes links or attachments that you don’t expect. These could be phishing. Even if the email comes from a known sender, the theft of such a large number of email addresses means that spam and phishing messages may appear to come from Yahoo! account holders and/or from any email address in their contact lists.

Some news sources have reported the perpetrator is a state-sponsored actor. However, this information has not been confirmed by Yahoo! or the U.S. Government.

© Copyright 2016 Stickley on Security

What College Students Should Learn About Money


As you prepare for a new year at college, managing your money may be the last thing on your mind. But, college is the perfect time to instill strong and healthy financial habits, such as budgeting and living within your means.

By starting on the right foot with good saving and spending habits, you’ll have a good chance to set yourself up for a life of financial success. Here are some ideas students – with the help of parents, relatives and the school’s financial aid office – can consider while taking the leap into living away from home.

Create a financial plan early on. Create a general financial plan for your college years right away, and a more detailed budget for the upcoming semester. You can start with estimated costs for tuition, fees, room and board from your school’s financial aid office and fill in the actual numbers once you know them.

Even with financial aid, most college students need to be frugal as they balance major expenses and a limited income from work or parental support. While you may need to take out student loans, the better you manage your personal and educational expenses the less you’ll have to borrow now, and repay later.

Adjust your budget as you go. Your focus should be school, but you can also take time to track your money and stick to your budget. A budget can be a tool and a learning opportunity, and particularly during your first few semesters, you’ll likely have to make adjustments as you learn to balance wants and needs. Try to stick with it and remember it’s okay to make changes (and an occasional mistake) as you go.

Parents can discuss how they manage their personal or family budget and offer suggestions for cutting expenses or finding work. College students may face many financial firsts, such as signing a rental agreement, purchasing insurance or applying for a loan, and parents can share their experiences and advice.

Make your budget add up. Learning how to roll with the punches and live within your means are timeless skills. You’ll have to balance academic obligations with a part- or full-time job to increase your income. But, there are often flexible on-campus jobs you can qualify for if you have a work-study grant as part of your financial aid package.

When it comes to saving, there are all sorts of ways to cut costs on necessities and indulgences. Consider the following three tactics almost any college student can use to spend less money.

  • Use student discounts. Dozens of stores offer students discounts, validated with an official ID, or a .edu email address, and you may be able to save 10 to 20 percent off your purchase. Ask store employees or check online before to see if a store offers a student discount before checking out.
  • Save on textbooks. Look for alternatives to buying new textbooks, such as renting textbooks, buying used books, purchasing or renting e-textbooks or using the library’s reference copies.
  • Mobilize your savings. If saving money is just one more thing you don’t want to think about, you can save your spare cash via your smartphone. Thinking about buying a car next summer or saving money for spring break? There are mobile apps that will calculate how much money you can afford to save at a given moment – whether that’s $20 or ten cents – and will save it for you. You could also set up an automatic weekly or monthly transfer to your savings account through your bank. Chances are you won’t miss the money, and you won’t spend it if you don’t see it in your checking account.

Make a practice of saving for the future. You’ll want to figure out the best way to use your savings. If you’ve taken out student loans, you could allocate some of the money to early loan payments.

Private and unsubsidized federal student loans accrue interest while you’re in school. Making a payment can help you avoid increasing your debt load and save you money on interest. Plus, unlike with some other types of loans, there’s no penalty for making early student loan payments.

Bottom line. College is an ideal time to instill healthy financial habits. Ask your parents or other relatives for guidance, discuss student loans and budgeting with your college’s financial aid office, learn a new skill online or attend a local personal finance workshop or seminar. While you set off on a series of firsts, take advantage of these resources to learn how to manage, save and wisely spend your money.

By Nathaniel Sillin


How to Tackle Your Grocery Bill


Food shopping can quickly take over your budget despite your best intentions. Perhaps it’s due to impulse purchases, unplanned shopping trips, food going bad or a combination of all three. If you’re looking for ways to save money while enjoying nutritious and delicious meals, consider these money-saving tactics.

Stick to your budget to save time and money. Look at your food budget before making a trip to the store. If you don’t have one yet, figure out your overall budget including food costs with a simple budget worksheet. Knowing how much you want to spend and actually spent can help you make informed decisions.

Plan out the week’s meals with your budget in mind. If you make dishes that rely on the same staples, you can save money by using leftovers to create a new dish. But mix things up to avoid boredom.

Make your trip to the grocery store even easier with a shopping list. Sticking to a list can help limit food waste and make it easy to get in and out of the grocery store. If you share food shopping duties with a spouse or partner, you can avoid double purchases by using grocery apps that let you create and sync shopping lists.

Stack different discounts and deals to rack up savings. Once you enter the grocery store, it’s time to put your plan into action. Plan for the occasional indulgence and let yourself make impulse purchases occasionally, but try to stick to the list.

You can also often save money at grocery stores by joining the store’s loyalty program. Members get exclusive discounts, and some programs offer additional savings at partner stores. Check your membership account online or with the app before checking out, as some programs have electronic coupons that you need to “clip” to get the savings.

One way to increase your grocery budget is to use one, or several, of the apps that give you cash back when you buy groceries. Sometimes you can even earn cash back on general purchases like a loaf of bread or a gallon of milk. Depending on the app and food, you may need to verify the purchase by scanning the barcode and sending a picture of your receipt.

The store you choose can also significantly impact how much you’ll spend.

Strategically plan your shopping route. Planning your grocery shopping after reviewing your local stores’ weekly sales and coupons can help you determine what to buy and where. Also take the time to explore your neighborhood stores, as one grocer may frequently have high-quality yet inexpensive produce while another might have a great butcher.

No matter where you shop, be mindful of how the store’s design can entice you to make purchases. The outside ring is often where you’ll find the fewest processed foods, however you might notice that you need to walk to the back of the store to grab milk or eggs. The store hopes you’ll be tempted by something you see along the way.

Sticking to your list, refraining from walking through an aisle unless you need to and remembering that the eye-level products aren’t necessarily the best bang for your buck can help you avoid these traps.

Stick to inexpensive foods. Consider choosing store-brand rather than name-brand products as they’re often cheaper, but not necessarily lower quality. You may also want to consider changing what you buy. Filet mignon can be delicious, but so can cheaper cuts of meat and there’s a lot of advice online for how to best prepare them. Staples, such as rice, beans and canned or frozen goods are also a low-cost way to supplement meals.

Bottom line. Buying food is a necessity, but you don’t have to overspend to keep a well-stocked fridge and pantry. By planning your meals and grocery trips, using the money-saving tactics above and carefully choosing where you shop, you can save time and money – and cook up something delicious.

By Nathaniel Sillin

Android Photographers Shutter with News of Malicious Prisma Apps


Photographers and editors on Android devices, beware! The wildly popular Prisma app, which transforms your photos into artwork, is a recent target of the cybercrime world. Researchers at security company ESET have discovered several fake versions of the app that can infect users with malware.

The app has been out only a very short time, but the popularity has made it attractive for those wanting to spread either malware or annoying adware and possibly both. In some of the cases, the infected apps tricked users into visiting sites where surveys were displayed that ultimately stole the entered personal information. Subsequently, those unfortunate victims were “signed up” for various bogus and pricey SMS services. One of them displayed fake messages on the screen saying the phone was infected with a virus that could be removed if he downloaded another anti-virus app, which was also malicious.

This stresses the importance of doing the background research on all apps that you download to your mobile devices; and any software to your computer. Read the reviews both inside the app store and elsewhere online. Don’t get the apps from any location other than the official app store for your particular devices.  Sideloading, which is getting them from location other than the app stores, is more riskier because generally those in the app stores go through more stringent security checks before they are allowed to be placed into them. Unfortunately, no process is 100% guaranteed, so they sometimes will slip through, which is what happened in this case.

Another version of the app found by ESET displayed fake Android 6.0 update messages, which then redirected users to a site that stole Gmail credentials. Those were subsequently used in a phishing scam.

Google has removed all of the known malicious apps from the Google Play store, but look out for this to happen again with the next popular app craze. Not long ago it was Pokémon Go and it’s likely even more malicious versions of that and its support apps will pop up. So, always make sure the apps you want are from the legitimate developers. While you’re in there searching for Prisma, make sure you download a good anti-malware app too, if you haven’t already. Then update it. While it won’t guarantee malware won’t end up on your devices, it is certainly a first line of defense.

For those who have Apple devices, you’re not completely safe from malicious apps either. Toward the end of last year, Apple removed over 300 malicious apps from its official store.

© Copyright 2016 Stickley on Security

Password Manager May Pass All of Your Passwords to an Attacker

Password Security Login Technology Business Concept

Most of us have many online accounts; financial, social media, exercise and diet accounts, etc. and if you are following guidance of security experts, you have a unique password for each one. If you’re like most people, remembering so many passwords can get a little daunting and therefore we look for solutions. One of them may be to use a password manager such as LastPass. Unfortunately, that can make you even more vulnerable, as security researcher Sean Cassidy proved recently.

He found that by exploiting some flaws in the way LastPass works and using a bit of social engineering, he could thwart the security measures put into place, including getting past their two-factor authentication. It came down to phishing and popup fatigue. He convinced users to visit a malicious site using phishing methods. Then he used java script to generate a popup dialogue in the browser telling users they were logged out of LastPass. The message the users see was identical to the one LastPass displays, but it prompted the user to login again and then for their 2-factor authentication code. Then, all information was sent to a separate server controlled by Cassidy, who could have been a hacker. At this point, anyone wishing to employ this tactic has all the information needed to get all of the passwords in the LastPass file.

While using such products to keep track of passwords is still generally safer than using a single password for all accounts, there are obviously still risks to it. If you get logged out of any program when you are not expecting to, start back at the beginning. Re-type a known URL into the address bar or use a previously bookmarked link that you know is safe.  Make sure to read all popup dialogue boxes. Often attackers use these as a means to do harm because they understand how often people just click a button to remove the box from their view.

LastPass has worked with Cassidy to try to fix these issues, but the reality is that if all of your passwords are in one place and stored online, it’s added risk. Once someone gets your password manager password, they have all of your passwords. So use caution when using these and consider writing them on paper and storing them out of sight. And if you are one who likes to login to other sites using your Facebook, Google, or other account, consider the risks of doing that as well. One password would give someone access to a lot of accounts and information. Instead, take the extra time to create a separate set of credentials for each site. It’s a little extra time at the moment, but could save a lot of hassle later.

© Copyright 2016 Stickley on Security

Fintech is Changing Money Management for the Better


Are you stressed about managing your money? Most of us are at one time or another. Whether you’re trying to track your spending or invest spare change, fintech (financial technology) is here to ease your money worries. That’s the promise of the entrepreneurs and engineers working in one of Silicon Valley’s fastest growing industries.

Five Ways Fintech Can Help

Here are just a few examples of how fintech services could help you with your personal finances.

Budgeting easily and efficiently. There are budgeting apps that sync with your financial accounts to let you track your spending and savings in real time. You can even track spending in different categories, receive notifications when you exceed your budget and analyze the data to see where you spend most of your paycheck.

Saving money automatically. Apps can make it easy to grow your savings. Some services use algorithms to calculate how much you can afford to save, and then automatically transfer the money to your savings account.

Investing with minimal effort. Technology has made investing straightforward and inexpensive. Robo advisors are computerized investment management services that offer low fees, a simple setup and customized investment strategies. Using a robo advisor, you can let a computer create and manage your investment portfolio with just a few clicks.

Getting paid back quickly. Say goodbye to post-meal negotiation as you and your friends try to split the check. Mobile apps linked to checking accounts let you send and receive money instantaneously.

Comparing loan offers. There are online services that allow you to enter your information once and receive loan offers from competing lenders. The shopping tools let you compare interest rates and terms, which could save you money over the lifetime of the loan.

You might also be benefiting from fintech developments without realizing it. For example, new technology could be powering your bank’s online chat service or suspicious activity alerts.

Keeping Your Finances and Information Secure

Even if a new app or service seems reputable, it’s important to take steps to safeguard your finances and personal information.

Always research an app or service. Search the name of the app or company and look for reviews. Positive reviews by major media outlets are usually a good sign that the service is considered reliable.

Improve your password security. Password protection is an important aspect of online security. Don’t use the same password for two accounts, financial or other, and try to use two-factor authentication, meaning someone can’t log in with your password alone.

Use biometric authentication. Some banks offer biometric authentication that you can use to access your account from your phone. Rather than type in a password, the phone’s camera or microphone can verify your identity with your fingerprint, eye, face or voice.

Enable location-based alerts. Geolocation tracking can add an extra layer of security to your account. With your permission, banks can use GPS data from your smartphone to help verify that you’re with your card when it’s used for a purchase.

Use several accounts. Keeping your assets in several accounts can help limit your risk. Even if one account is attacked, you’ll have access to your other money while the financial institution looks into the matter and makes you whole.

Bottom Line: Fintech is changing the way people save, spend, borrow and manage their money. Though there are important security risks to consider, these new innovative and intuitive services offer something for everyone.

By Nathaniel Sillin