Router Hack?

For your possible interest, here is an article about Russian hackers carrying out attacks on home routers. The article doesn't mention how widespread this issue is, but I don't like the sound of it.  As Kim Komando says in the article, "this is a big deal, so pay attention".


The article provides a link to F-Secure where you can check to see if your router has been hacked. Another link to grc.com(https://www.grc.com/x/ne.dll?rh1dkyd2) provides several tests to see how secure your browser's web service requests are. 

I did both the router and browser tests and came out OK. I suspect we'll read more in the coming weeks about how widespread the Russian attacks are.

Jim Hamm

Car Hacking

        "Here is an article about yet another hacking attack,"  yes, Jim Hamm gets our attention!  He continues, "This time on a car! Now this isn't something you or I need to be worried about at this time, but it does make one wonder. What if your car was hacked, engine turned off, and held for ransom? Admittedly, not a likely scenario, but possible.
        "One item the article mentioned, which I hadn't thought much about, is your car may communicate with your dealer and monitor when your next oil change or service is due. Both our cars do this, and we'll get an alert on our car's dash when an oil change is due. So our cars are periodically checking back with 'home base'. This is very similar to what most of the programs do on your computer -- they all want to check 'home' and see is an update is available."
        And Jim is closing with this thought, "Driverless cars, hacking cars, electric cars -- it's an interesting time we live in."

It's Time to Uninstall Adobe's Flash From Your Mac

 This is serious. Jim Hamm alerts us, "As Steve Jobs so eloquently put it: Adobe Flash is a 'bag of hurt.'  Recently there's been many advisories about vulnerabilities in Adobe Flash.  The same comment has been true for many years.  Flash is vulnerable to hacking.  Time to get rid of it.  This article shows how." 

 Jim concludes with "If you must use Flash -- for example, if you listen to Pandora --  then use the Chrome Browser."

A New Hacking Tool

       The Yahoo Tech News of July 8 gives some details on a new hacking system with the headline "No One is Safe: $300 Gadget Steals Encryption Keys Out of the Air, and It's Nearly Unstoppable."

         At the end of the report it states, "The team plans to present its creation at the Worship on Cryptographic Hardware and Embedded Systems this coming September." An on-line  search shows several such workshops scheduled in California and  France. 

Are Loyalty Cards Worth the Risk?

        "You've probably read or heard about the recent hack of the U.S. Government," begins Jim Hamm.   "On a smaller scale here is an article about the hacking of loyalty cards at Starbucks, and why the hackers like to hack loyalty cards.
        "It is difficult to protect against dedicated hackers. If you shop online, or use a credit or loyalty card anywhere, you -- and I -- are vulnerable to hacking and losing our financial information."  And Jim winds up with,  "This is the e-life we live in."

YouTube Malware

        Alert and aware! Keep reading . . . 
        "I occasionally will watch a video on YouTube, as you probably do too," says Jim Hamm.   "One thing to be aware of when watching YouTube (or visiting any website, for that matter) is the possibility of getting malware on your computer. Here is an article that gives some tips on avoiding malware on YouTube and websites in general.

        "One item of particular interest, and one which I hadn't heard of previously, is a program called 'Tubrosa.' Take a read on what this program does. The hackers are quite creative, it seems. To my way of thinking, 'Tubrosa' is malware."
        And there's more to know.  Jim Hamm goes on, "Here is another link with 7 common sense tips on avoiding malware. 
        "Also, if I get an email from someone I know and trust, and it has a link in it with no words of description of why my friend is sending this to me, I don't open it. Why? Occasionally an email address will get hijacked and the hacker will start sending out links for people to click and get a virus or other malware -- and they never offer any comments on why the email was sent out."  So, thanks again to Jim for notifying us.  

Cyber Vulnerabilities: Did You Know?

        “Car Hacked on 60 Minutes” is the headline that shrieks to grab your attention when you click on this CBS news article forwarded by Jim Hamm.  http://www.cbsnews.com/news/car-hacked-on-60-minutes/   
        Quoting from this article,"In a dramatic demonstration, he (Dan Kaufman) and his colleagues use a laptop computer to hack into a car being driven by Stahl. Much to her surprise, they were able to take control of many of the car's functions, including the braking and acceleration."  Be sure to read the article.  
        Bringing this notice to us was the response of Jim Hamm when queried about another eye-grabbing article about the risks of using SmartTV.  
        Samsung notifies their customers “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

Half of American Adults Have Been Hacked

       Yes, there's more about hacking!  Jim Hamm alerts us, "I just read the following article wherein it is estimated half of all American adults were hacked this year! Hacking for ransomware or credit card or other personal information has become big business, it seems. Why is this so? The article succinctly puts it as follows: '...we're increasingly moving our lives online'...

     "I think this will be a fact of life for everyone who shops on or uses the internet."  See the short article and a 2 minute video here

Ransomware Attack: What To Do

      " Here is another article discussing what to do if your iPhone or iPad is hacked for ransomware."  And, of course, Jim Hamm immediately gets our attention.   "Unfortunately, hacks such as this are becoming more frequent as the following quote from the article mentions:
        'Database breaches are becoming far too common, with eBay, Adobe, Yahoo, and Target all falling victim in recent months.'
          Jim's advice is, "It seems the best thing to do to prevent this is to switch to a two-step verification process on your device.....

Secure From Hackers?

        The headline brought attention to a new hackers' method: http://www.foxnews.com/tech/2013/12/12/computers-can-be-hacked-with-high-frequency-sounds/?intcmp=obnetwork
        Time to get John Carter's opinion of the serious possibilities.  This is what he has to say,  "This technique takes advantage of the audio input/output on the computer. Most notably, the computers mentioned were a Lenovo business computer. Also mentioned was Linux. Now, if Linux computers can be hacked like this, so can a Mac or any smart phone or tablet.

        "The security measure mentioned is to turn off the audio and mic, and this can be done just by muting both the mic and sound. (No, I hadn't heard of this before.)"
        But then John goes on, " Now, if you really want to be afraid of your computer being hacked—even a Mac—look at method #3 in this link.
         "The hackers are teaching each other how to break into any computer by posting their findings on the web."  So, what can we do?  Keep alert to what's going on, so we can take action to avoid these problems. 

Is Your Router Vulnerable?

        With his thoughtful suggestion Jim Hamm forwards an interesting site.  He starts off, "Here is a description and test to see whether your router may be vulnerable to a UPnP discovery request. I ran the test, and our router is not vulnerable.

        Jim then comments, "In the real world, I don't know how serious this threat may or may not be. I don't recall reading anything about it, and don't really know anything about this vulnerability. So, proceed accordingly."
        Hmmm.  Let's look at this company and their blog to learn more.  Here's a photo of them,  http://www.rapid7.com/company/  and you'll learn more when you scan their Security Street blog: https://community.rapid7.com/community/infosec/blog 
       And this is the latest addition from Jim, "Here is more information on the Universal Plug and Play (UPnP) vulnerability issue. Although this article came out a while back, I guess reading it now is better late than never." 

Password Hacking

        "Here is an article, admittedly somewhat lengthy and nerdy, about how hackers can make mincemeat out of your passwords so easily."  Jim Hamm goes on to elaborate,  "After reading the article, I know my passwords are, oh, so vulnerable. I bet yours are, too. I'm thinking about buying something like 1Password, or another strong password generator program, and redoing all my passwords.

        "If you've got a password program you like, let me know if you would."  

Malware Prevention: Mac & PC

        Making us aware of the latest precautions for malware prevention, Jim Hamm sends this:  "Click here. This newsletter is oriented to PCs, but the information contained in this article is relevant to Macs as well."  The writer speaks about a February security conference, and goes into some detailed explanations and tips.  Social-engineering threats are rapidly growing.  He declares that the number one delivery method of a hack is a ZIP file.  He also relates his conversation with a hacker.  
        Thanks, Jim. This looks like an article we all need to read and heed.  We might do our PC friends a favor by sending this info on to them right away. 

Apple Got Hacked

        John Carter alerts us to the hacking, "'Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plugin for browsers,' the company said in a statement to AllThingsD. 'The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.'

        "The company noted that it has been shipping Macs without Java since the release of Mac OS X Lion, and that it also has a software mechanism that disables Java if it goes unused for 35 days. Apple is also releasing an updated software tool to detect and remove Java-related malware."
       John comments, "The sad part of this is that some websites, like GoDaddy, need to have Java enabled in the browser, and disabling Java in the browser is the only way to secure yourself from a Java attack.
        "Just yesterday I got an update from Apple for Java. I installed it. So I don't understand why I'm getting this update if Apple isn't installing Java on new computers. It could be because I already had Java installed and its presence triggered the notification for the update. Now I'm waiting for more news and maybe another Java update about this." 
        Here are several sites reporting on the situation: 

Bing and Botnets (What?)

        "Here's an interesting article on how automated botnets are searching Microsoft's Bing to find a weakness, or something they can harvest for nefarious purposes," begins Jim Hamm.  
        He explains, "Google, for example, has a 20-person team fighting this type of search all the time. The hackers are always looking for a weakness in a website, a bank's or retail database, or your computer, to try and steal something. 
           "It's no wonder sites and computers get hacked — the search by hackers is relentless," is Jim's final comment. 
        So now we've learned about Bing and Botnets.  See, we do need to keep up!  

Amazon & Apple Security to Blame

        The latest information on how Wired writer Mat Honan's iCloud and Twitter accounts were hacked is found here at AppleInsider.  Son, Peter, sends this link to Wired. Be sure to read this.
        See the earlier posts about this hacking, "Apple's Fault" on 8-5, and "Hacking Incident Warns Us About Passwords" on 8-4,  and how Amazon and Apple security measures were factors that caused this mayhem.