Monthly Archives: April 2017

Chrome and Firefox Phishing Attack

Very important for anyone using Chrome or Firefox as their primary Internet browser!

There is a new phishing attack that is receiving a lot of attention today in the security community. This new attack is capable of using domain names that are identical to known safe websites.

As a reminder:

A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be a trusted site. Simply visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker. This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer, Microsoft Edge or Safari browsers.

What Can You Do?

Currently we are not aware of a manual fix in Chrome for this. Chrome have already released a fix in their ‘Canary’ release, which is their test release. This release should be available to the general public within the next few days

For Firefox, do this:

In your firefox location bar, type ‘about:config’ without the quotes.

Do a search for ‘punycode’ without quotes.

You should see a parameter titled: network.IDN_show_punycode

Change the value from false to true.

Unfortunately this attack makes it impossible to tell if you are on a safe site or a malicious site by looking at the location bar in your browser. Until Firefox and Chrome fix their vulnerabilities you need to be very ever vigilant. Please manually check for your chosen browser updates until this is resolved.

Wordfence security has published a public service announcement that provides a working demonstration using a health care website. They also let you know how to fix the issue if you use Firefox and what to do if you are using Google Chrome.

You can find the full post on their blog…

https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/?utm_source=list&utm_medium=email&utm_campaign=041417

 

Are RoboCalls Taking Their Toll On You?

If you’re like most people, you happily answer your home phone hoping perhaps it’s a friend or family member only to hear seconds of silence…. before you realize your mistake.

Few things can be more annoying than answering the phone while you’re in the middle of something — and then being greeted by a recording or perhaps a sales person trying their best to sell you something you don’t want or need.

The FCC says, If you receive a robocall trying to sell you something (and you haven’t given the caller your written permission), it’s an illegal call. You should hang up. Then, file a complaint with the FTC and the National Do Not Call Registry.

I’m all for following the FCC’s directions but if I followed their reporting steps for every unwanted robocall, I’d be spending all my free time filling out reports and forms trying to stop something I never opted in for in the first place.

Now there’s another way to try and beat these callers. Say hello to NoMoRobo!

How does Nomorobo work? Nomorobo uses a feature known as “Simultaneous Ring”.  When simultaneous ring is enabled, your phone will ring on more than one number at the same time. The first device to pick it up gets the call and the other phones stop ringing.

So, when the Nomorobo number is enabled as a simultaneous ring number it is the first number to screen the call. If it’s a legitimate call, the call goes through to your number. If the call is an illegal robocaller, Nomorobo intercepts the call and hangs up for you. Your phone will ring once letting you know that the robocall has been answered and stopped.

WHAT HAPPENS WHEN NOMOROBO BLOCKS A CALL? When NoMoRobo blocks a call it gives them a message saying we have blocked the call. The message requests that the caller re-enter the phone number of the person they are calling. If by chance a legitimate caller gets stopped they will know the number to enter. RoboCalls and RoboSales people have no idea what number was dialed so they can’t respond and they get disconnected.

WHO CAN USE NOMOROBO? The NoMoRobo service works with phone lines provided by Verizon FIOS, Comcast Xfinity, AT&T, Vonage Time Warner and a host or other landline providers.

WHAT DOES NOMOROBO COST The best thing about NoMoRobo is that the service is absolutely FREE for landlines. This makes it pretty much a no brainer for many of us. They also have a version that works on mobile phones as well which only cost $1.99 per month. If you have one of those phone plans that charge for minutes, then this $1.99 could save you money if you get numerous RoBoCalls on your cell. I’ve just started getting these unwanted calls on my cell recently and it seems they are becoming much more frequent as time goes by.

For more information and to sign up for either the free or paid service here’s the link to their site: www.NoMoRobo.com

I’ve only just signed up so my “first hand” experience is limited. There are other Call Blocker technologies out there but they all cost some amount of money. NoMoRobo is the only FREE service currently available.

Landmark FCC Privacy Rule Reversed

Internet providers now just need a signature from President Trump before they’re free to take, share, and even sell your web browsing history without your permission.

The House of Representatives passed a resolution last Thursday overturning an Obama-era FCC rule that required internet providers to get customers’ permission before sharing their browsing history with other companies. The rules also required internet providers to protect that data from hackers and inform customers of any breaches.

The resolution was first passed by the Senate last week and now heads to the president, who’s expected to sign it. At that point, there’ll only be a vague baseline of privacy rules governing internet providers and some promises from them not to misbehave.

It’s hard to see this as anything but a major loss for consumers.
While reversing the FCC’s privacy rules will technically just maintain the status quo — internet providers have actually been able to sell our web browsing data forever (it’s just not a thing we think about all that much) — they were about to lose permission to keep doing it, unless they got explicit consent or anonymized the info.

This is an increasingly important issue as Americans spend more and more time online — and keep more and more devices with us at all times. Internet providers can see what sites you visit and what apps you use, and they can see how long you’re using them for. That information is extremely revealing, and it’s easy to imagine most people would prefer to keep their reading habits private.

So why did Congress block the rules from being implemented?
Republicans bought into internet providers’ arguments that the rules discriminated against them and could confuse consumers. The rules would prevent internet providers from selling your web browsing history even though, the argument goes, websites like Google and Facebook would remain free to do the same thing. ISPs say that’s unfair and makes it hard for consumers to understand who gets to see their browsing data.

Internet providers want to pretend they’re just like Google and Facebook
But the argument is extremely misleading, if not outright wrong: Google and Facebook can’t see your web browsing history, they can only see what you click on while you’re on their own websites or on websites connected to their ad networks. Meanwhile, internet providers get to see a bit of nearly everything you do and visit; and even with the rules in place, they have every right to build the kind of ad-tracking websites that Google and Facebook have built. It’s just hard work, and they don’t want to do it.

Here’s a link to more information as well as a list of the 265 members of congress who sold us out to ISP’s and how much it cost to buy them.

http://www.theverge.com/2017/3/29/15100620/congress-fcc-isp-web-browsing-privacy-fire-sale

It’s important to note that the communications industry has always been one of the largest lobbying groups in US history; internet providers and the telephone companies before them were notorious for spreading wealth across the aisle.

Special thanks for background info from THEVERGE.COM – one of our favorite information resources.

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: