A few tips for novices

I was speaking the other day to a non-IT friend who has now got the message – be careful…but he’s not sure where to be careful!

He was worried about people hacking into his home wifi network and was therefore turning it off when he wasn’t using it.  I would never tell people ‘don’t do that’ but it would drive me crazy.  It did make me think…what’s a few easy tips to help people understand risks

  1. Public wifi is always risky
    • It is easy for someone to sit with their PC and ‘sniff’ out various passwords
    • But a small local coffee shop, where a non local is obvious, is much safer than airports.  Airports wifi is always high risk – a dodgy person could sit for hours without raising any suspicions.
    • The hacker also wants big volume – the local coffee shop won’t have anywhere near as many people logon as the airport lounge
  2. Web browsers are riskier than an app
    • This is a broad generalisation  – but it is easy to mistype a bank’s web address.  You know the sort of thing, you type HBSC.com instead of HSBC.com and the bad guys are ready for you and your fat fingers.
    • The bank app – is generally going to send you to the right place!!
  3. The mobile network is generally safer than wifi
    • Its a bit harder to hack the mobile network

So here are the tips

  • Don’t use airport wifi
  • Use apps rather than web 
  • Use mobile network rather than wifi

But remember there are no guarantees in this world, these tips are about reducing the risk – not guaranteeing safety

Domino’s data breach

It seems like almost every week, another major corporate reports that they have been compromised.  In many cases it is a third party or outsource partner – but the consumer doesn’t care.  Their confidential data has been exposed.

In this case it seems fairly innocuous, simply email addresses and suburb – but it is just another step in building a profile of people.  It makes it easier to get through the spam filters, it makes the next step easier!!

If you are a Domino customer- be extra ready for odd things in your inbox

US Navy ships hacked – Surely not?

There has recently been two widely publicised collisions between US Navy vessels and cargo vessels.  I have zero naval knowledge but it seems hard to believe that this can happen with vessels that I understood to be very sophisticated.

There are now reports that perhaps the US naval vessels were hacked!!

Chief of US Naval Operations John Richardson on Monday said he could not rule out some kind of outside interference or a cyber attack being behind the latest collision.

I was always told to assume incompetence over conspiracy – I still think that incompetence is more likely but it is frightening to think that they were hacked.

The Singapore based Straits Times has a good article here

Which countries are the best prepared for cyber issues??

It seems the best prepared countries are

  1. Singapore
  2. USA
  3. Malaysia
  4. Oman and
  5. Estonia

These results are in the Global Cybersecurity Index 2017 (GCI-2017), published by the ITU (International Telecommunication Union).

Out of the 193 Member States, there is a huge range in cybersecurity commitments, as the heat map below illustrates.
Level of commitment: from Green (highest) to Red (lowest)


A short summary is here

The full report is here

Why is re-using passwords a problem

An ABC (Australia) journo had someone else using his Uber account recently…but Uber had not been hacked.  How does that happen??

Say the guy was using the same email address and password combo for his local golf club or his airline frequent flyer account.  That account gets hacked – surprise, surprise the local golf club does NOT have great security.  The bad guys then try the same combo in Uber, in various banks, in Amazon ..

In this case the guy thought he was clever, his passwords were a bit different – you know, lets swap a zero with a letter o.  Bad luck, you’ll be shocked to learn the bad guys know that trick.

You get the drift – do NOT re-use passwords.  I know it is hard that is why you really need to use a password manager.  I use a product called Dashlane – I find it great.  There is a free version or if you want the paid version, then use this code for a discount.

The full story on the ABC journo is here

Cyberattacks around the world – what to do?

Today there have been numerous reports of widespread computer problems and so called ransomware attacks.  They are typically ones where all of the data on your machine is encrypted, with the attacker then requesting a ransom fee to un-encrypt your data.

In many cases the fee is a few hundred dollars but, just like old school ransoms, sometimes the payment triggers good things and sometimes not.

Some of the reports are here and here and here

What should you do to stop the problem?

  1. Don’t click on links from unknown sources
  2. Make sure your copy of Windows has been updated

Try a Nespresso machine and keep it for free

Sound like an offer too good to be true…it is!!  There is an old scam going around again, it goes like this…

Offer: Test & Keep for free our latest Nespresso coffee machines – au00709

Offer Details: This is your lucky day! Click the link bellow to get your Nespresso Machine free!

You unique Session ID: 9926cfcd-5554-4b3f-8ab2-95a4cb6c02f7fc554907-4566-4b45-ae41-b21c2a4e4a46

Join Now!: http://xxxxxxxx
Note: Don’t miss the offer expires very soon! – 5bb8ad57-bbe6-4d9c-891c-4277f09f9134


Beware fake bank web sites

You know the scenario, you just want to do something quickly on your bank’s web site.  You rapidly type in their address into your browser because you haven’t got around to downloading their app, quickly type in your id and password….one small problem.  You mistyped the bank’s web address and you’ve headed into the seedy world and someone now has your bank credentials.

To give you an idea of the magnitude of the problem, last week there was 100 fake HSBC sites and 74 for Barclays.  Sites like HBSC.com (the letters are swapped)

Slow down and go faster

Dieselgate at VW ..now Keygate

The bad press with VW and diesel emissions, seems to have passed…now it seems around 100 million of their cars have an issue with remote key access.

Researchers from the School of Computer Science at the University of Birmingham have found that VW is at risk due to vulnerabilities in its remote keyless entry systems.

They say the system to lock, unlock and start a car is based on rolling codes and fatally flawed. It impacts most VW Group vehicles manufactured from 1995 (this is VW, Seat, Skoda, and Audi) relying on a just four global master keys that can be hacked and easily cloned.

It seems that VW have known for more than 2 years!!

The team at Birmingham are now checking numerous others manufacturers.

The detailed paper is here