Category: Security (Page 3 of 4)

QR Codes on Boarding Passes

July 2, 2021 / / 0 Comments

A modern boarding pass (plane ticket) has a QR or Bar Code on it. Quickly scanning that code makes it easy for an airport employee to check you in and get you on your plane. But some people warn about those QR codes and their security.

USA Today and other news stories have been circulating for years, warning of the dangers of discarded boarding passes. Supposedly, hackers could pick up your tossed ticket, scan the QR code themselves, and glean your information. Then that info could be used against you in a scam or money-making scheme.

Basically True, But…

The basic info presented in these stories and articles is true. Most QR and Bar Codes on boarding passes contain your name and other PII, and that information is stored there in an insecure manner. Anyone can zap that code to read it, with the right, freely available tool.

You can test it for yourself, next time you have a boarding pass in hand. There are numerous free QR-Code-Reading apps you can download to your phone. Use one to scan your ticket, to see what lay underneath that strange sigil. Or there are websites that do the same thing: Simply upload a picture and it will regurgitate what’s in the QR code as plain text.

Reader’s Digest has reported on this. Kim Komando, as well. Krebs on Security did way back in 2015. That’s makes this a big deal, right?

Not That Big of a Deal

Nah. I can agree this is worth discussing, but I don’t think it’s worth the hype and paranoia that the news media would have you adopt.

First, the QR codes often contain the same info that is printed in plain English on your ticket. There’s a chance of other info, like your seating preference or your frequent flier number, being stored in the code. But there won’t be anything super-secret, like your account password or bank account, in there.

Next, while the potential for information abuse is there, it hasn’t become widespread. Notice that as you watch or read these news items, they report on what could happen, what hackers might do with your boarding pass. The reporting is largely hypothetical. That’s because the hackers are going after lower-hanging fruit. There are easier ways for scammers to target their victims than picking up trash and boot-strapping into one person’s accounts and identity.

You should still treat your boarding pass as a sensitive document. Like a utility bill or library card, you should store your boarding pass safely or shred it when you are done with it. You shouldn’t be careless with any document that reveals information about your identity. Don’t tempt fate. That said, this risk with boarding passes is low, and the news media are largely stirring the pot and cashing in on the attention economy.

Amazon Sidewalk

May 31, 2021 / / 0 Comments

Amazon is rolling out a new feature in their Alexa-enabled devices on June 8. It’s named Amazon Sidewalk, and it’s getting a lot of attention. More and more people are writing to me to ask about it, and the concern in their questions is quite apparent. Why?

Well, in short, because Amazon is adding Sidewalk to all of your Alexa, Echo and other Amazon devices. Everyone’s Amazon hardware is getting a Sidewalk upgrade, as well as many Ring.com devices on June 8. It will create a really big network that shares info over a large area, using your internet bandwidth. And Amazon is doing this without asking you, the end-user, the consumer, the owner of the hardware in question.

What is Sidewalk?

But let me back up a little bit and try to describe the technology a little better: Sidewalk will be a fascinating way of connecting devices at up to half a mile’s distance. Using a mixture of Bluetooth and wireless spectrum transmissions, Amazon wants to mesh all of their devices together. If you have an internet outage, Amazon claims your devices may continue working or be more easily reconnected using Sidewalk technology.

Amazon also wants to alleviate your concerns about privacy and data usage: They state that they’ll be triple-encrypting any data passed through Sidewalk. And the amount of data used each month will be kept low and slow, so you should not notice any speed difference, nor hit any data cap with your ISP.

Why Would(n’t) I Want Sidewalk?

Presuming that Amazon is being truthful about the broad-strokes details, here’s some more possibilities on what Sidewalk could do:

  • While your internet is down, Ring devices may be able to still send you motion alerts and other notifications.
  • If you lose your keys/dog/toddler, and they have a Tile tracker attached, the mesh network may be better able to help you locate them, even if they are away from your home WiFi and property.
  • Amazon Support states that they can help you fix your devices’ connections more easily with Sidewalk enabled.
  • Sidewalk can help stretch to your far-flung Amazon devices and keep them connected, if you have to place them further away than your regular Wi-Fi can reach.

But many tech experts and pundits have cautionary opinions about Sidewalk:

  • Amazon & Ring don’t have the greatest track record with data security, and they’re not disclosing exactly what of my data they plan to share over Sidewalk.
  • If this mesh network spans over entire neighborhoods and cities, does this amount to mass surveillance? Will Amazon be watching me as I travel and connecting me with other people?
  • I paid money for my Amazon tech and I own it. It seems a bit presumptuous for Amazon to commandeer my property and use it for their benefit, without compensating me.

I wish I could see the future and tell you how this all turns out, so I could give definitive advice on what to do. But I just don’t know much for certain here. The best I can do is give you decent reading material, urge you to learn more about Sidewalk, and then step back for you to make an informed decision. Please consider these fine publication for more info on this topic:

Wired Magazine: How Amazon Sidewalk Works

Forbes: Why You Should Change This New Sidewalk Setting on Your Amazon Account

Amazon: Welcome to Amazon Sidewalk

CNET on Amazon Sidewalk

Tom’s Guide: What is Amazon Sidewalk

Amazon Device Makers Blog

Enabling/Disabling Amazon Sidewalk

If you’ve read up on Sidewalk and are comfortable with this new technology, then you don’t have to do anything! This feature will be turned on automatically and start working on or after June 8, 2021.

If you have any reason to abstain from Sidewalk, though, most of the articles above detail how you may turn it off. In short, you would open the Alexa app on your smart device, and go to More-> Settings -> Account Settings – Amazon Sidewalk, and then push the slider to Disabled. This setting in Alexa will affect ALL devices connected to that Amazon account at one time!

If you only have Ring devices and no Amazon/Alexa devices, you can follow these steps to disable Sidewalk in your Ring app.

TMI on Facebook

May 25, 2021 / / 0 Comments
Too Much Info

Recently I commented on YouTube that we should be very careful about what we share on social media. Specifically, I mentioned that we should avoid posting personal or sensitive facts about ourselves. Consider this ubiquitous example:

Sharing your employment info with the entire internet

I see this post repeated all over Facebook, sometimes with over 500,000 comments. My jaw drops to see so many people publicly reveal their answer to a security question they may have used on an important account.

But beyond advising you to Don’t Comment on These Posts, I want to conjecture a little with you, and suggest how deep the danger can go.

A Fairly Bad Tale

Let’s imagine a guy named Joseph Target. He’s an average guy who is amused by all the fun posts on Facebook. He’s clicked Like on hundreds of Pages that show him jokes and fun stuff. And he comments on everything he can relate to. “I worked at Subway, too! In Springfield, where I grew up. My brother still lives there.” Joe thinks it’s all harmless fun. And you know what? It is, at the time, for most of the people on Facebook.

Until one day, his Facebook account is stolen from him. He thinks it’s a high-level hackjob, but it was a common Messenger scam, that tricked him into giving up his password to the bad guys. He learns about the problem when people start calling him about weird FB Messages coming from his account. He hurries to a computer, goes through the standard account recovery process and then starts sending apologies to his FB friends. All told, it may have only been a few hours that his account was in someone else’s hands. But with a new password in hand, Joe feels like things are resolved, and he settles back into some Farmville games and commenting on posts about favorite hamburger toppings.

But during those few hours? The intruders weren’t just spamming his Facebook friends. They downloaded all of his Facebook info, saved it to their hard drive for future perusal. That includes his every post, every Like, every comment on everyone else’s posts, including all of those fun posts about his first job and mother’s name. Since they had Joe’s password, the process was quick (about an hour) and easy to do.

So as Joe returned to his casual Facebooking, the thieves casually riffled through all of Joe’s posts and other info from Facebook. And the bad guy was able to assemble quite the dossier on Joe, starting with his address and phone and email, and moving on to work history, relatives’ names, where he banks, his first pet’s name, and all kinds of other choice things he’s commented on over the years. All from one download from Facebook.

Are these Facebook phishers going to commit identity theft? Probably not, but they will sell the Target’s info to seasoned criminals, who do know how to steal someone’s identity. They’ll go on to use Joe’s record to open lines of credit, start utilities accounts, and maybe even obtain legal identification, all in his name.

Yes, this is an extreme story. This may not occur with every compromised FB account, but please understood how possible it all is. It does happen.

Safeguards

What can you do about it? For starters, stop posting personal info to Facebook (and other social media). Don’t post anything on Public posts, and review your own account data. Delete what sensitive info you can from their site, like your birthday, hometown, High School. While that info can help long-lost friends find you, it’s also useful to strangers and bad guys.

If you have some spare time, use the Download function to get a copy of your Facebook info and review it yourself. You may be surprised or terrified at what you find in there; it’s almost like reading a diary you’ve been secretly keeping on yourself! But it may help you find other info on your account that you’ll want to change or remove.

Consider turning on 2-factor authentication for your Facebook account. I know, 2FA can be an added inconvenience when logging into your account, but it is an effective safeguard against some bad actor swiping your password. With 2FA in place, someone would have to swipe your password and your phone in order to gain access to your account. That’s highly unlikely to happen!

Ultimately, though, the only certain method to protect your info on Facebook is to close your account. Identity thieves can’t see or copy info from your account, once it’s been deactivated. I don’t expect many of you will delete your Facebook, but just in case, this shows the steps for that.

Safe Browsing Protection in Google Chrome

February 8, 2021 / / 0 Comments

The Chrome browser offers a choice of protection as you surf the net. If you use Google Chrome, you should review your level of protection, and change it according to your needs.

If you go to this website, Google will tell you the steps to follow, in order to check your “Safe Browsing” setting. Make sure to click your device type (Computer, Android, or iPhone & iPad) to get appropriate directions.

Once you find this setting on your device, you have 3 choices: No Protection, Standard Protection or Enhanced Protection. Read the descriptions and make a choice based on what’s best for you.

If you have privacy concerns and don’t want your extra browser info sent to Google, just choose Standard Protection. If you need all the help you can get against malware and bad websites, set it to Enhanced Protection. If you’re a web developer or advanced user, perhaps No Protection will interfere with your work the least.

Apple’s Activation Lock

January 12, 2021 / / 0 Comments

Having trouble with an iPad you just bought second-hand? A common problem with used Apple devices is that buyers can’t get them to work properly, due to Apple’s Activation Lock.

Apple created the Activation Lock feature to protect against device theft. When an iPad, iPhone or newer Apple computer is properly signed into iCloud services, Activation Lock is also silently enabled. From that point onward, the device is bound to the owner’s AppleID.

This means that, even if the device is erased/restored/reformatted, it is still tied to that AppleID. Activation Lock will stop any other AppleID from signing in. The iDevice will be unusable, until the original owner’s AppleID is logged in. And Apple Support will not help you solve this, unless you can show original proof of purchase.

If you’ve bought a used Apple device and encountered this block, it may mean the device was stolen! Or it could just be an honest mistake: Ask the seller to go to their iCloud page and Remove the Device from the Find My page. If they can do that, the device will then accept a new owner’s AppleID just fine. If they won’t… I hope you can reverse the sale and get your money back.

Free Credit Freezes

January 6, 2021 / / 0 Comments

In 2017, Equifax experienced a large data breach that exposed millions of peoples’ sensitive data. Fines, litigation and media uproar ensued. But perhaps most significant was that our government mandated that the big 3 credit bureaus offer free credit freezes to consumers. Previously, the big 3 would charge you a fee any time you requested a freeze (or a thaw).

A credit freeze, also called a security freeze, can help prevent identity theft. It won’t block fraud committed against your existing accounts, but it can help stop thieves from opening new credit cards or loans in your name.

Freeze Websites

If you want to freeze or thaw your credit report, here’s where to visit at each of the big 3 credit reporting agencies’ websites:

Transunion Credit Freeze

Equifax Security Freeze

Experian Security Freeze

You may also want to consider obtaining free credit freezes for your children or other people you are responsible for. To learn more, visit any of the 3 freeze links above and read the FAQs!

Freeze Apps

Equifax offers an app, called Lock & Alert, free for Android and iOS users. This app allow you to “lock and unlock” (similar to a freeze) your credit report anytime you want, from your device. You may find it far easier to use than the Equifax Freeze website above.

Experian also offers its own app, free for Android and iOS users. The app gives you plenty of info about your credit, and if you scroll down far enough, also allows you to manage your credit freeze with them.

I suspect the Transunion app might allow you to manage a freeze with their agency. But I am unable to log into it, without paying for pricey credit monitoring. For now, I recommend you pass on their app and use their website to monitor any freeze with them.

Removing Flash Player

January 4, 2021 / / 0 Comments

We are finally done with Flash Player, and Adobe has announced that they will block Flash content from running later this month. That’s OK, because the web has largely moved on from Flash to more modern tools. Shutting down Flash content is more of a formality and an extra way to protect everyone’s computers.

But if you still have the Flash Player software still installed on your system, you should also remove it.

PC users: Run this Adobe Uninstaller to remove all versions of Flash from your system. If you have any trouble running this file, you can manually remove Flash, according to the steps below for your version of Windows.

  • Windows 10: Go to Start -> Settings -> Apps. Scroll down the list of installed programs, and see if Adobe Flash Player is present. If it is, click it and use the Uninstall button. If you see more than one Adobe Flash Player listing, remove them one at a time.
  • Windows 8: Right-click your Start button and then left-click “Program and Features.” Scroll down the list of installed programs, and see if Adobe Flash Player is present. If it is, click it and use the Uninstall button. If you see more than one Adobe Flash Player listing, remove them one at a time.
  • Windows 7: Go to Start -> Control Panel -> “Uninstall a Program.” Scroll down the list of installed programs, and see if Adobe Flash Player is present. If it is, click it and use the Uninstall button. If you see more than one Adobe Flash Player listing, remove them one at a time.

Apple users: Download an uninstall tool appropriate for your version of MacOS from the list below.

  • MacOS 10.6 and newer: Run this Adobe Uninstaller to remove all version of Flash from your system. If this returns an error while running, you do not have Flash on your system.
  • MacOS 10.4 to 10.5: Run this Adobe Uninstaller to remove all version of Flash from your system. If this returns an error while running, you do not have Flash on your system.
  • MacOS 10.1 to 10.3: Run this Adobe Uninstaller to remove all version of Flash from your system. If this returns an error while running, you do not have Flash on your system.

If you have any doubts about Flash Player remaining on your system, you can quickly check at this website. Go there and scroll down to Step 5. If you see any animation with moving clouds, Flash Player is still running on your system. If you just see a still image of a tree, that means Flash is not running on your system.

Why Would Anyone Want to Hack Me?

December 15, 2020 / / 0 Comments

I get this question all the time. Someone surveys themselves and sees nothing “worth hacking”. Because they just send a few innocuous emails a week, they do a little Facebooking with family, they play some solitaire. What could be worth a hacker’s time with their modest computer usage?

What makes them (or you) worth hacking is Legitimacy. If a hacker can get into your email or Facebook account, that is what they are stealing: your legitimacy. The hacker has no real identity to you or those you know, and has little power to steal into your lives and grab anything of value. But if they can get into your accounts, all of that changes.

Let’s say a scammer gets into your Gmail account. Once inside, he will probably change the password and recovery methods, so you are locked out and he can get comfy. He can now enjoy “being you” through your Gmail account. Since people trust messages coming from your Gmail, he has stolen a legitimate piece of your identity and can now:

  • Send scammy emails to everyone in your Contacts list, while bypassing all spam-filters.
  • Attempt password resets on your social media accounts, so that they can try scamming there.
  • Use your email address to logon to websites where the scammer has previously been blocked or banned.
  • Rifle through your Sent Mail to see where you shop, then attempt password resets at those sites, for some quick holiday shopping.

This kind of identity theft happens everyday and can really catch you off-guard, if you don’t think ahead and take it seriously. Your email and other online accounts are valuable, to the right crook. Please make sure to use strong passwords, so that crooks can’t easily guess them. And think twice before giving passwords out to anyone asking for them.

Locate Your Device

June 10, 2020 / / 0 Comments
locate your device

If you lose your smartphone or tablet, don’t give up hope. That goes for stolen devices, too. You may be able to locate your device! Android and Apple devices offer tracking tools, built-in to their accounts and devices, and they are free for all to use.

The Tools

On a computer, open your browser and use the appropriate website for your type of phone:

Android (Google) phones: www.google.com/android/find
(Apple) iPhones: www.icloud.com/find

If you are using a different mobile device, download and/or open the appropriate app:

Google’s Find My Device app
Apple’s Find My app

The Details

With either type of locator tool, you’ll need to sign in to the account associated with the missing device. After that, you’ll see a wealth of options:

  • Locate your device(s) on a GPS-style map (or its last-known location before it was powered off).
  • Cause your device to make a loud sound. Your ringtone will play at full-volume, even if you have your phone set to Do Not Disturb!
  • Lock/erase your device.

Whether your phone has been stolen, left at the grocery or just hidden between the couch cushions, I hope you can appreciate these tools’ usefulness. Try them out now to get familiar with them. And bookmark the site you use, so you can quickly return to it when needed.

AdBlockPlus

April 23, 2020 / / 2 Comments

Internet ads are not only annoying, but dangerous. Blocking ads to protect your computer just makes sense. Nowadays, I consider an ad-blocker as your second layer of protection, after your antivirus.

There are many ad-blocking extensions out there, but things work best if you install only one at a time. AdBlockPlus is freely available for almost every computer-based browser and for limited use on smartphones:

https://adblockplus.org/en/download

After you install AdBlockPlus, it’s important that you tweak its settings for maximum protection. Find the ABP stop sign icon in the corner of your browser, and right-click it. Go into its Options page, check all of the boxes under Free Features, and clear the checkbox for Show Acceptable Ads.

This should suppress most ads on websites you visit. Now, your web-surfing may be more pleasant, faster and safer!

« Older posts Newer posts »

Thanks for Visiting!

Feel free to email me if you have a question or suggestion for a future blog post.

Newsletter Sign-Up

I send out a semi-monthly email newsletter, sign up here for free!

Gratuities

If anything I’ve written has helped you out in a big way, please consider leaving a tip.

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑

Terms and Conditions - Privacy Policy