New Cyber Weapon Will Eternally Rock Your World

In the middle of the month of May, researchers found an instance of malware that may be far more dangerous that the recent WannaCry ransomware. It too arose from stolen NSA tools, but it isn’t ransomware. It can be stealthy. It can hang around on an infected device and just wait for commands from its master to make it into the next cyber weapon. It was found by a Croatian security researcher and reported by Bleeping Computer just recently. It’s being called EternalRocks.

This one takes advantage of the same Windows vulnerability as WannaCry. What does that mean? It means that if WannaCry didn’t scare you enough, this one should. If you have any Windows machines that are not patched with the updates that Microsoft already released months ago for this, you should definitely get on it. Microsoft even released a special patch for Windows XP and other versions of its operating system that it no longer supports.

However, if you are still using an unsupported operating system, consider upgrading to one that is. There is no guarantee that special considerations will be given the next time something like this happens. And this newest discovery only demonstrates that the exploitation of the cyber tools stolen from the NSA is not complete. Likely more malware will be headed our way soon.

EternalRocks is different from WannaCry in many ways:

-There is no “kill switch” allowing it to be shut down quickly.
-It is not ransomware.
-It can lurk in the background and wait for remote commands without being detected.
-It uses six tools from the NSA stolen cyber weapons stash including EternalChampion, EternalRomance, and one that was used in WannaCry as well, DoublePulsar.

So far there is no indication that it has spread very far, but that’s no reason it should not be taken seriously.

© Copyright 2017 Stickley on Security

Negotiate Your Way to Cheaper Rent: Four Tips to Try

Rent has a reputation of being inflexible. That is, unlike the price of a home, many people assume that rent can’t be negotiated. However, when it comes to setting the monthly cost of an apartment, tenants may have more power than they think. Here are four ways to lower the cost of rent:

The direct way (aka, asking)

Let’s be honest—your landlord probably isn’t going to offer to lower your rent out of the kindness of his heart. Don’t be afraid to ask. When you’re filling out the application, politely inquire if the property manager is open to negotiations. Just asking likely won’t hurt your chances of getting the apartment or condo.

Check rents in your area

One way to strengthen your negotiating power is to show that your rent is high compared to similar apartments in your neighborhood. A little online searching can provide you with facts and figures for your community that you can use to bargain.

Leverage your good payment history

As with credit card companies, paying your rent on time every month will put you in good standing with your landlord. If you have a solid payment history, it might help your case for lowering the rent when it’s time to renew your lease.

Offer to take an extended lease

Negotiations are based on give and take. Your landlord may be willing to give you a break on rent if you offer something in return, such as an extended lease. Agreeing to stay put longer means management won’t have to stress about re-starting the tenant search for a while, which gives you leverage.

BALANCE 2017

Food Waste is Money Down the Drain

How many times have you gone to pour milk in your coffee, only to see that the date on the carton was yesterday? Some people will instinctively throw it away, but chances are that’s not what the label is intended to convey. It’s likely a marker for when the food might taste its best, not if it’s safe to eat.

By some estimates, as many as 91 percent of consumers may misinterpret food date labels. It’s no surprise as there are dozens of different labels in use, but the misunderstanding and lack of meal planning are contributing to a larger problem. Between 30 and 40 percent of the U.S.’s food supply winds up in the trash or a compost container.

The benefits of reducing food waste are numerous. You’ll save money, which may be reason enough. You could also be lowering your carbon footprint by keeping spoiled food out of landfills and cutting down on the growing and transportation of food that doesn’t get eaten.

Cutting back on this waste could start with understanding what food labels actually mean.

Don’t misinterpret food dates as expiration dates. According to the United States Department of Agriculture (USDA), aside from on infant formula, food label dates aren’t an indication of whether or not the food is safe to eat. For example, “best by” may mean the food will taste, look and feel its best if its eaten by that date. It could still be good for days, weeks or even months (for non-perishables) after that date.

Some states do require expiration dates on milk or meat and food labeling could become less confusing across the country. But for now, you may need to rely on your judgment. The USDA writes that if foods don’t show signs of spoilage, such as changing colors or giving off an unpleasant smell, they could still be safe and wholesome.

Quick tips for keeping fruit and vegetables fresh for longer. Regardless of the date, proper food storage can impact a food’s longevity.

Wait to wash food until you’re about to cook or eat. Otherwise, the moisture could spur bacterial growth.
Strategically store items in your refrigerator. Your food will typically last longer if you put the least perishable items on the door, meat near the bottom back (unless there’s a meat drawer), veggies in the crisper and dairy or drinks near the top.
Generally, you want to keep fruits and vegetables away from each other because many fruits produce ethylene gas and exposure to the gas could cause vegetables to spoil more quickly. There are also vegetables that produce the gas and fruits that are sensitive to it.
If you’re storing a fruit or vegetable that gives off and is susceptible to ethylene gas, wrap it in aluminum foil or store it in a paper bag rather than using less-breathable plastic wrap or bags.
You can look for more tips about particular foods online. There are also apps that can automatically connect to your supermarket loyalty programs to track what you buy (or you can upload a picture of your receipt), warn you when something may be going bad and recommend recipes that incorporate those foods.

Find creative uses for foods that are on their way out. Whether you use an app to sync shopping lists and schedule meals or use a paper list, meal planning can help cut down on waste as well. But even with great intentions sometimes things get forgotten, or meals get pushed off until it’s almost too late.

You can save vegetables from the trash by roasting them, making soup or turning them into a casserole. Carrots, potatoes and other root veggies (plus zucchinis) can be grated and fried to make fritters. You could bake fruits into breads, throw them into smoothies or freeze them for later. In the end, the goal is to use everything you buy.

Bottom line: Food waste could be draining your wallet, hurting the environment and in some cases, may be completely unnecessary. Learning to correctly interpret food labels and performing a sight and smell test before throwing something away could help. Taking the time to prepare before you shop, having a plan for how you’re going to use the food you buy and being okay with a last-minute backup plan can help even more. In the end, taking the extra time to evaluate the true condition of your food can save you money.

by Nathaniel Sillin

Pay Down Debt or Save for Retirement?

You can use a variety of strategies to pay off debt, many of which can cut not only the amount of time it will take to pay off the debt but also the total interest paid. But like many people, you may be torn between paying off debt and the need to save for retirement. Both are important; both can help give you a more secure future. If you’re not sure you can afford to tackle both at the same time, which should you choose?

There’s no one answer that’s right for everyone, but here are some of the factors you should consider when making your decision.

Rate of investment return versus interest rate on debt

Probably the most common way to decide whether to pay off debt or to make investments is to consider whether you could earn a higher after-tax rate of return by investing than the after-tax interest rate you pay on the debt. For example, say you have a credit card with a $10,000 balance on which you pay nondeductible interest of 18%. By getting rid of those interest payments, you’re effectively getting an 18% return on your money. That means your money would generally need to earn an after-tax return greater than 18% to make investing a smarter choice than paying off debt. That’s a pretty tough challenge even for professional investors.

And bear in mind that investment returns are anything but guaranteed. In general, the higher the rate of return, the greater the risk. If you make investments rather than pay off debt and your investments incur losses, you may still have debts to pay, but you won’t have had the benefit of any gains. By contrast, the return that comes from eliminating high-interest-rate debt is a sure thing.

An employer’s match may change the equation

If your employer matches a portion of your workplace retirement account contributions, that can make the debt versus savings decision more difficult. Let’s say your company matches 50% of your contributions up to 6% of your salary. That means that you’re earning a 50% return on that portion of your retirement account contributions.

If surpassing an 18% return from paying off debt is a challenge, getting a 50% return on your money simply through investing is even tougher. The old saying about a bird in the hand being worth two in the bush applies here. Assuming you conform to your plan’s
requirements and your company meets its plan obligations, you know in advance what your return from the match will be; very few investments can offer the same degree of certainty. That’s why many financial experts argue that saving at least enough to get any employer match for your contributions may make more sense than focusing on debt.

And don’t forget the tax benefits of contributions to a workplace savings plan. By contributing pretax dollars to your plan account, you’re deferring anywhere from 10% to 39.6% in taxes, depending on your federal tax rate. You’re able to put money that would ordinarily go toward taxes to work immediately.

Your choice doesn’t have to be all or nothing

The decision about whether to save for retirement or pay off debt can sometimes be affected by the type of debt you have. For example, if you itemize deductions, the interest you pay on a mortgage is generally deductible on your federal tax return. Let’s
say you’re paying 6% on your mortgage and 18% on your credit card debt, and your employer matches 50% of your retirement account contributions. You might consider directing some of your available resources to paying off the credit card debt and some
toward your retirement account in order to get the full company match, and continuing to pay the tax-deductible mortgage interest.

There’s another good reason to explore ways to address both goals. Time is your best ally when saving for retirement. If you say to yourself, “I’ll wait to start saving until my debts are completely paid off,” you run the risk that you’ll never get to that point, because your good intentions about paying off your debt may falter at some point. Putting off saving also reduces the number of years you have left to save for retirement.

It might also be easier to address both goals if you can cut your interest payments by refinancing that debt. For example, you might be able to consolidate multiple credit card payments by rolling them over to a new credit card or a debt consolidation loan that has a lower interest rate.

Bear in mind that even if you decide to focus on retirement savings, you should make sure that you’re able to make at least the monthly minimum payments owed on your debt. Failure to make those minimum payments can result in penalties and increased interest rates; those will only make your debt situation worse.

Other considerations

When deciding whether to pay down debt or to save for retirement, make sure you take into account the following factors:

• Having retirement plan contributions automatically deducted from your paycheck eliminates the temptation to spend that money on things that might make your debt dilemma even worse. If you decide to prioritize paying down debt, make sure you put in place a mechanism that automatically directs money toward the debt–for example, having money deducted automatically from your checking account–so you won’t be tempted to skip or reduce payments.

• Do you have an emergency fund or other resources that you can tap in case you lose your job or have a medical emergency? Remember that if your workplace savings plan allows loans, contributing to the plan not only means you’re helping to provide for a more secure retirement but also building savings that could potentially be used as a last resort in an emergency. Some employer-sponsored retirement plans also allow hardship withdrawals in certain situations–for example, payments necessary to prevent an eviction from or foreclosure of your principal residence–if you have no other resources tot tap.(However, remember that the amount of any hardship withdrawal becomes taxable income, and if you aren’t at least age 59½, you also may owe a 10% premature distribution tax on that money.)

• If you do need to borrow from your plan, make sure you compare the cost of using that money with other financing options, such as loans from banks, credit unions, friends, or family. Although interest rates on plan loans may be favorable, the amount you can borrow is limited, and you generally must repay the loan within five years. In addition, some plans require you to repay the loan immediately if you leave your job. Your retirement earnings will also suffer as a result of removing funds from a tax-deferred investment.

• If you focus on retirement savings rather than paying down debt, make sure you’re invested so that your return has a chance of exceeding the interest you owe on that debt. While your investments should be appropriate for your risk tolerance, if you invest too conservatively, the rate of return may not be high enough to offset the interest rate you’ll continue to pay. Regardless of your choice, perhaps the most important decision you can make is to take action and get started now. The sooner you decide on a plan for both your debt and your need for retirement savings, the sooner you’ll start to make progress toward achieving both goals.

 

Prepared by Broadridge Investor Communication Solutions, Inc. Copyright 2017
___________________________________________________________________________
* Non-deposit investment products and services are offered through CUSO Financial Services, L.P. (“CFS”), a registered broker-dealer (Member FINRA/SIPC) and SEC Registered Investment Advisor. Products offered through CFS: are not NCUA/NCUSIF or otherwise federally insured, are not guarantees or obligations of the credit union, and may involve investment risk including possible loss of principal. Investment Representatives are registered through CFS. NASA Federal Credit Union has contracted with CFS to make non-deposit investment products and services available to credit union members.

CUSO Financial Services, L.P. and its representatives do not provide tax advice. For such advice, please contact a tax professional.

Don’t Be Scared of the Internet; Just Follow These Guidelines

Even if you hate technology, it’s everywhere and it’s here to stay. In fact, the Internet of Things (IoT) is probably just going to get more prevalent. Therefore, it’s always a good idea to keep a few security tips in mind when turning on your mobile device or computer and hopping on the Internet.

Passwords

Strong passwords are not only highly recommended, but are also often mandatory these days. And it can be frustrating when that error pops up that yours doesn’t meet the minimum requirements, yet it doesn’t always let you in on what those are for a particular site.

A good guideline is that they should be eight characters and include a combination of upper and lower case letters, at least one number, and a special character; or several of them. Avoid using dictionary words or information that is private or easy to guess, such as birthdates of loved ones. Whatever you do, don’t use “football” or “password” as your password. Those are on the list of worst, but most used passwords for 2016. Unfortunately, “password” and variations of “1234567890” are also on that list. There’s a reason. They really are bad and definitely not strong.

In addition, every online account should have a unique user name and password combination. Rotate the use of your passwords. Change them as often as possible, but at least quarterly.

Use Multi-Factor Authentication

When multi-factor authentication (MFA) or two-factor (2FA) authentication is offered, take advantage of it. This means you will need to use more than one way to confirm your identity when logging into your account. Often it means receiving an email or text with a code that needs to be entered before the site will allow access. However, there are other ways this can be done as well. A newer and increasingly preferred method is to use a security key. It’s an actual piece of hardware, about the size of a house key that you plug into your computer’s USB slot. It prevents unauthorized access to your accounts, because if you don’t have the key, you cannot log in. Sites such as Google and Dropbox support this technology.

Keep Software Updated

Know what operating system is on your computer. It will typically be some version of Microsoft Windows or Apple iOS. However, there are others as well, such as Linux. Keep it updated with the latest fixes and version updates so that it continues to be supported by the vendors.

Even if it isn’t reasonable or possible to update the operating system every time a new one is released, ensure that all critical and security updates are applied as soon as they are made available. Once the developer no longer supports an operating system or software version, it is time to get update. Once they are no longer supported, critical and security patches are no longer released for the version opening you up to far more security risks.

Install some type of anti-malware protection on the computer. There are many choices ranging from basic protection against viruses to more thorough solutions that act as personal firewalls. The price ranges are vast as well; from free to hundreds depending on individual needs.

Backup Critical and Files That are Important to You

Get into the habit of backing up important files and programs. There are many ways these can be lost, including a hard drive failure, or accidentally executing ransom ware that holds those files hostage until money is paid to a bad guy. Backups can be done easily to an external hard drive. Some are so simple that they just need to be plugged into the computer with a USB connection and the hard drive just grabs the files.

Copying them to some type of cloud service is also an option. Many vendors offer this service and some provide a basic amount of storage space at no charge. The more space needed, the more it costs.

Do these backups regularly, depending on how often your data changes. The more recent the backup, the less re-work needed should the backed-up files be necessary to retrieve.

Security Tools

There are tools that help keep your information and equipment safe. Some are locks to keep a thief from walking off with the computer and others are software solutions such as Virtual Private Networks (VPN) and solutions for encrypting software. Also, make sure the popup blockers are switched on for each browser used when surfing the Web and consider getting an ad blocking software. This will help to avoid accidental clicking on malicious ads.

Review Social Media Profiles and Postings

Most who are skeptical of new technology and particularly online technology may not be as likely to use social media. However, even those who don’t like sites such as Facebook and Instagram, may have a need for using business-related social media. Use caution, regardless of the website, about connecting with those who are strangers. Not everyone really wants to be your friend or colleague.

Be cautious of your posts and profile information too. More often, that is being harvested by hackers and used for spear-phishing and whaling attacks. These are targeted attacks with the intent of gaining specific information, such as W-2 data or convincing someone to make a wire transfer to a scammer’s bank account by posing as an executive.

Email

It is nearly impossible to be a consumer without using email. When opening email messages, be extra certain the sender is trustworthy. If there are attachments or links included, don’t open them unless you are certain it is absolutely safe. Take extra time to learn how to identify phishing email messages. This is the number one way in which malicious programs are let loose on computers.

There is plenty of information on products and safe browsing habits and it can even be found in books that can be physically held in hand. So, jump on in to the virtual world. While it can be overwhelming, as long as you maintain good cyber habits, you can lower your risk of becoming a victim of fraud or identity theft.

© Copyright 2017 Stickley on Security

Recent Study Finds Social Media Passwords Just Don’t Get Changed

Social media can be a great way to connect to people. It can also be a great way for us to become connected to the cybercriminal world. Consider all of the information that we display in what is a public forum when we complete profiles on Facebook, LinkedIn, or Twitter. We post status on our days, how our kids are doing, where we are going or did go on Vacation and on LinkedIn and other business networking sites, we display where we work and often our roles and responsibilities. It’s easy to see who our colleagues are as well. This is how the cybercriminals take advantage of us.

Phishing and spear-phishing are rampant and it doesn’t take a rocket scientist to perpetrate a phishing scam. In fact, various scams come wrapped up for sale in neat little packages these days. They can attempt to get online account credentials using forms that pop up on a screen or download malware to your computer in the background just because you clicked a clever link on Facebook. They can also spear-phish for W2 information or convince someone to wire frauds to a criminal’s bank account.

Always be aware that these scams and attacks are taking place all the time. If someone gets a password from a social media account, significant damage can be done. You’ve likely seen warnings from friends that their accounts were “hacked” and whatever that last embarrassing post was, it really wasn’t from them. But that is the least of the trouble that can ensue. Consider what can happen if someone takes over your social media site and sends a malicious link to everyone connected to you? Not only will it annoy your friends and colleagues, but it’s also a very efficient way for ransomware, for example, to affect a lot of people.

In February, the company Thycotic conducted a survey at the RSA Security Conference in San Francisco. It found that 53% of users of social media sites had not changed passwords in over a year. Even more startling was that 20% had never changed them at all. On top of that 25% change their work passwords only when they are reminded or required to do so. In 2016, over 3 billion sets of user credentials and passwords were stolen. That calculates to around 95 every single second.

Changing passwords should be part of everyone’s regular routine, like changing batteries in the smoke detectors; only more often. Doing this will prevent them from being reused later in case of a release of old data, for example. Yahoo announced a couple of different breaches last year. Data was posted publicly on the company’s users that was from a few years earlier. A similar incident happened with Last.fm, MySpace, and Tumblr. If your password is changed often, then you won’t be caught out by situations like that.

In addition, always make sure you don’t include personal details in your passwords and that each one is unique to a corresponding online account. Password reuse really does happen and is being blamed more often these days. It was blamed for the UK National Lottery breach last year as well as incidents with the music streaming service, Spotify and the income tax company, TaxAct.

Unfortunately, the security industry isn’t necessarily practicing what it preaches. The same Thycotic Survey found that approximately 30% in that field are still using birthdates, pets and kids’ names, and addresses for their work passwords.

© Copyright 2017 Stickley on Security