Password Manager May Pass All of Your Passwords to an Attacker

Password Security Login Technology Business Concept

Most of us have many online accounts; financial, social media, exercise and diet accounts, etc. and if you are following guidance of security experts, you have a unique password for each one. If you’re like most people, remembering so many passwords can get a little daunting and therefore we look for solutions. One of them may be to use a password manager such as LastPass. Unfortunately, that can make you even more vulnerable, as security researcher Sean Cassidy proved recently.

He found that by exploiting some flaws in the way LastPass works and using a bit of social engineering, he could thwart the security measures put into place, including getting past their two-factor authentication. It came down to phishing and popup fatigue. He convinced users to visit a malicious site using phishing methods. Then he used java script to generate a popup dialogue in the browser telling users they were logged out of LastPass. The message the users see was identical to the one LastPass displays, but it prompted the user to login again and then for their 2-factor authentication code. Then, all information was sent to a separate server controlled by Cassidy, who could have been a hacker. At this point, anyone wishing to employ this tactic has all the information needed to get all of the passwords in the LastPass file.

While using such products to keep track of passwords is still generally safer than using a single password for all accounts, there are obviously still risks to it. If you get logged out of any program when you are not expecting to, start back at the beginning. Re-type a known URL into the address bar or use a previously bookmarked link that you know is safe.  Make sure to read all popup dialogue boxes. Often attackers use these as a means to do harm because they understand how often people just click a button to remove the box from their view.

LastPass has worked with Cassidy to try to fix these issues, but the reality is that if all of your passwords are in one place and stored online, it’s added risk. Once someone gets your password manager password, they have all of your passwords. So use caution when using these and consider writing them on paper and storing them out of sight. And if you are one who likes to login to other sites using your Facebook, Google, or other account, consider the risks of doing that as well. One password would give someone access to a lot of accounts and information. Instead, take the extra time to create a separate set of credentials for each site. It’s a little extra time at the moment, but could save a lot of hassle later.

© Copyright 2016 Stickley on Security

Fintech is Changing Money Management for the Better

fintech

Are you stressed about managing your money? Most of us are at one time or another. Whether you’re trying to track your spending or invest spare change, fintech (financial technology) is here to ease your money worries. That’s the promise of the entrepreneurs and engineers working in one of Silicon Valley’s fastest growing industries.

Five Ways Fintech Can Help

Here are just a few examples of how fintech services could help you with your personal finances.

Budgeting easily and efficiently. There are budgeting apps that sync with your financial accounts to let you track your spending and savings in real time. You can even track spending in different categories, receive notifications when you exceed your budget and analyze the data to see where you spend most of your paycheck.

Saving money automatically. Apps can make it easy to grow your savings. Some services use algorithms to calculate how much you can afford to save, and then automatically transfer the money to your savings account.

Investing with minimal effort. Technology has made investing straightforward and inexpensive. Robo advisors are computerized investment management services that offer low fees, a simple setup and customized investment strategies. Using a robo advisor, you can let a computer create and manage your investment portfolio with just a few clicks.

Getting paid back quickly. Say goodbye to post-meal negotiation as you and your friends try to split the check. Mobile apps linked to checking accounts let you send and receive money instantaneously.

Comparing loan offers. There are online services that allow you to enter your information once and receive loan offers from competing lenders. The shopping tools let you compare interest rates and terms, which could save you money over the lifetime of the loan.

You might also be benefiting from fintech developments without realizing it. For example, new technology could be powering your bank’s online chat service or suspicious activity alerts.

Keeping Your Finances and Information Secure

Even if a new app or service seems reputable, it’s important to take steps to safeguard your finances and personal information.

Always research an app or service. Search the name of the app or company and look for reviews. Positive reviews by major media outlets are usually a good sign that the service is considered reliable.

Improve your password security. Password protection is an important aspect of online security. Don’t use the same password for two accounts, financial or other, and try to use two-factor authentication, meaning someone can’t log in with your password alone.

Use biometric authentication. Some banks offer biometric authentication that you can use to access your account from your phone. Rather than type in a password, the phone’s camera or microphone can verify your identity with your fingerprint, eye, face or voice.

Enable location-based alerts. Geolocation tracking can add an extra layer of security to your account. With your permission, banks can use GPS data from your smartphone to help verify that you’re with your card when it’s used for a purchase.

Use several accounts. Keeping your assets in several accounts can help limit your risk. Even if one account is attacked, you’ll have access to your other money while the financial institution looks into the matter and makes you whole.

Bottom Line: Fintech is changing the way people save, spend, borrow and manage their money. Though there are important security risks to consider, these new innovative and intuitive services offer something for everyone.

By Nathaniel Sillin

Are You Smarter Than Ransomware? You Can Be with These 4 Tips

Comuter laptop with key in red of ring and gears on binary code background.Vector illustration security technology concept.

Ransomware is a type of malware that encrypts and holds your sensitive data hostage until a sum of money or other type of payment is made. Most of the time ransomware is delivered via email in the form of phishing, but can also arrive in adware or even on your Facebook or Twitter feed. The ransom can be anything from a “like” on a social media page to hundreds of dollars. However, there are ways to avoid being a victim of this.

1. Backup all of your devices

This is a reasonably simple task. External hard drives are getting less expensive all the time and they come with essentially plug-and-play technology. If you don’t want to do that, just back up your important documents and files to a USB drive and store whichever method you use separately from your computer. This way, should ransomware strike, you can simply restore your files and avoid paying any ransom. Most security professionals recommend backing up weekly, but ideally it should be daily. If your data is particularly critical, such as would be data in a hospital, perhaps hourly is appropriate. Earlier in the year, Hollywood Presbyterian Medical Center was caught without adequate backups and paid to have its data returned. This is not recommended.

2. Update software and firmware

Unfortunately patching and updating software seems to be lower on the priority list than it should be. While most personal devices have automatic update functionality, in businesses this is often not enabled. In fact, a study by Google found that only two-percent of non-security experts understand the importance of regularly patching and updating.  However, it’s important to do this whether at home or at the office. Create a patching schedule for non-critical and security updates and if you see an indicator on your smartphone that an update is available, apply it if it isn’t automatic. When vulnerabilities are found that can cause security issues, update as soon as the patch is released. Don’t forget the hardware. As soon as a new piece of hardware is installed, be it at home or the office, update it and change the default password.

3. Don’t take the bait

Ransomware is often delivered via phishing. This can come in email messages, social media feeds, or even in adware. If a link arrives in email unexpectedly or from someone unknown, don’t click it. Also avoid clicking adware and links in social media. Those are often scams and clickbait just to lure you to the hook. Educate those in the office and at home on identifying these and make sure anti-malware is installed on every device and is kept updated at all times.

4. Leave work at the office

A ThreatTrack Security survey from January found that nearly one-third of IT security personnel were asked to remove some sort of malware from an executive’s computer. Family members were blamed. Keep work data and files separate from private ones. Also, teach family members good computing habits, even if they don’t use the work laptop or mobile device. It also never hurts to start teaching kids early how to keep information safe.

© Copyright 2016 Stickley on Security

New Global Alliance Ranks Phishing as Top Cyber Risk for 2016

Phishing text on red laptops background illustration

Law enforcement agencies and government representatives from the UK and the U.S. have formed an alliance to help combat cybercrime. The Global Cyber Alliance (GCA) was founded at the beginning of this year and after a meeting of its Strategic Advisory Committee (SAC) has determined that the top cyber risk is phishing.

While there are certainly other risks in the cyber world and possibly some that pose more risk from a technical point of view, the possible reason they chose phishing is because most people at home don’t have the benefit of anti-phishing training. In addition, phishing doesn’t just hit those who work in an office, but inboxes are filled with phishing email at home too. Therefore, the GCA is taking steps to help in that area.

They plan to do this by promoting the usage of the DMARC protocol and the use of secure DNS practices. DMARC (Domain-based Message Authentication, Reporting & Conformance) is a way of allowing senders to indicate that their messages are further protected by a specific type of authentication. It also lets the receiver make a decision as to what to do if the message does not pass that authentication, such as toss it to junk or reject it completely. Using more secure DNS practices will help prevent spear-phishing attacks which increased 55% last year and contributed to losses of $3 billion to wire fraud scams against businesses (also called business email compromise).

Employees should be made the final line of defense against cybercrime. Training on how to identify phishing should be part of every organization’s security strategy. It’s not enough to implement technical barriers and expect them to do the job 100% of the time. Employees must be trained to recognize phishing and if something makes it into their in-boxes, there should be a well-defined procedure for letting the security team know about it so they can react accordingly.

The GCA also ranked weak identity authentication mechanisms, risks from vulnerable and compromised websites, and DDoS (Distributed Denial of Service) attacks at the top of the list.

© Copyright 2016 Stickley on Security

Preparing to Become a Caregiver

caregiver

Becoming a caregiver for an aging relative is a profound expression of love. You may find that you will begin to take on many of the responsibilities they might have had while raising you. Like raising a family, being a caretaker can be physically, emotionally and financially challenging but it is also extremely rewarding. It’s a responsibility that millions of people take on each year out of love for their families.

Whether you are preparing to care for a parent or another relative, understanding and preparing for the financial implications can help you provide the best care possible.

Start the discussion with your family

Whether you think you’ll provide direct care, decide to hire a caregiver, or both, you can work with your family members, including the relative in question, to create a plan.

Starting the conversation early can help you all reach conclusions without pressure to make a quick decision. You may want to cover the types of care that are available and learn which your parent prefers. For example, does he or she want to stay at home for as long as possible or prefer to live in an assisted-living home or elderly community?

You should discuss who’ll be responsible for managing personal, financial and medical affairs if your parent can’t handle those responsibilities anymore. Beyond making a verbal agreement, a parent can give someone legal authority by signing durable power of attorney agreements, which keep the delegation of decision-making authority intact even if your parent becomes incapacitated. There are two durable powers of attorneys, one for medical-related decisions, and a second for legal, personal and financial decisions.

Your parents might also want to execute a living will, also known as an advance directive. It has instructions for the medical treatments they want, or don’t want, if they are unable to communicate.

Determine what resources are available to your parent

Your financial situation may depend in part on your parent’s finances and the assistance that’s available to him or her from outside sources. Creating a list of these resources ahead of time can help you all plan for the future.
Your parent’s finances. Together with your parent, and possibly with the assistance of a financial planner, you can create a list of your parent’s current financial assets and future income.
Government and non-profit programs. Medicare and Veteran Affairs benefits may be available for those that are 65 or older. Medicaid, a joint federal and state program, often provides benefits to those with limited income, although the qualifications and benefits can vary by state. There are also non-profit organizations that provide helpful services to the elderly.
Family assistance. Whether it’s unpaid care or financial assistance, also take into account the family’s contribution to your parent’s care. Call a family meeting with your parent, siblings and extended family to discuss how you’ll take care of each other.
Professional support. You could hire an outside expert as well. A quick internet search may turn up organizations that specialize in working with families and elderly family members to plan for the future.

After gathering this information, you’ll have a better understanding of where the caregiving funds will come from and how they can be used. You may also discover gaps in coverage that you may want to fill in on your own.

Look for tax savings while paying for care

As an adult child and caregiver, there may be ways to structure an arrangement to improve your parent’s, and your own, financial situation.

Working with a tax professional, you may find there are ways to use the tax laws to maximize your parent’s money. For example, if your mother has gifted you money, you could then use it to pay for her medical expenses. If you’re able to claim the expenses as a deduction, you could put your tax savings back into her “medical care” fund. You might also be able to claim medical expenses you paid on behalf of your parent, which could include supplies and at-home caretaking, as an itemized deduction.

Find the best services you can afford

There are many different types of programs available, and someone might move back and forth from one facility or service to another as their health and preferences change.
Home care. Non-healthcare related assistance, such as buying groceries, preparing meals, cleaning the home, helping with bathing and other day-to-day tasks.
Home health care. At-home health-related support, including services from a physical therapist, nurse or doctor.
Assisted living. Assisted living homes are non-healthcare providing facilities that may provide supervision, a social environment and personal care services.
Skilled nursing home. A care facility designed to deliver nursing or rehabilitation services.

Your parent’s location can impact which option makes the most sense, and you can research and discuss the pros and cons of your parent moving. For example, some states have Medicaid waiver programs that allow Medicaid recipients to receive care in their home or community rather than in a nursing home or long-term care facility. Also, a parent that lives near or with a relative might only require part-time outside care.

Bottom line: As you prepare to take care of aging parents, work with them to understand their wishes, needs and financial situation. Together you can explore the family’s ability to provide physical and financial support and learn about the help available from government, non-profit or other programs.

By Nathaniel Sillin

Presidential Nominees Used to Bait You Into Malware

candidates

 

Regardless of which side of the political line you reside, an email message promising to show you something damaging to a presidential candidate may be fascinating. Hackers know this and are using clickbait to get malware installed on all the machines possible. In this case, they are using a scathing message about Hillary Clinton’s fake activities as clickbait.

Clickbait is a type of headline that intends to shock a reader or viewer into opening the file. It may promise a photo of a naked celebrity, a strange looking sea creature, or in this case a video of Clinton supposedly meeting an ISIS leader. A link to a video arrives in email with the headline of “Clinton Deal ISIS Leader caught on Video.”

Consider using ad-blocking software to avoid getting baited by these ads. They don’t always use something so shocking as this to attract clicks, but hackers know that curiosity certainly kills the cat. Often malware even lurks behind regular-looking ads. That’s why ad blockers can be effective. However, the number one defense is just to avoid clicking any ads unless you know for certain they will not do any harm.

Inside this particular ad is a story about how the presidential nominee was supposedly seen exchanging money with the ISIS leader and a line stating “you can decide on who to vote.” What ultimately happens is a .zip file that when opened will unleash a Java file that installs the malware Backdoor.Adwind which can get access to information on the machine.

This particular malware affects Windows, Linux, Mac OS X, and devices running on Android. No one is immune in this case, so everyone needs to keep an eye out and avoid clicking on any type of clickbait.

© Copyright 2016 Stickley on Security