David Snell

Mac users need to be vigilant!

applewormIf you use a Mac, beware. The Russian cyberspies blamed for the US election hacks are now targeting Macs.  Security researchers have discovered a malware targeting Mac’s that is very likely a variant of the malware used to hack the Democratic National Committee during last year’s election.  What’s worse is that this particular piece of malware is believed to be tied to a group affiliated with the Russian military intelligence service.

Yes, the Russian hackers.  The same hackers that are being talked about by the news media each and every day for their reported efforts to sway the US Presidential election and their potential undue influence over the present Administration. The group, which is known in the security industry under different names, including Fancy Bear, Pawn Storm, and APT28, has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent.

Politics aside, this group is purported to be the most sophisticated hacking organization in the world.  Why they are now targeting Mac computers is not yet known.  Nor is it known how they are distributing the malware, but it’s out there.  If you are using MacKeeper for anti-virus, replace it, a vulnerability in that program appears to be the most plausible point of penetration.

Don’t buy in to popular misconception that Mac’s are not vulnerable to virus and malware attacks.  They are and this certainly proves it.  Be sure you have strong anti-virus and anti-malware protection, keep it updated and perform regular deep scans on your Mac to be sure it’s clean.

Additional MAC Malware information from Bitdefender Labs: https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/

Worried about the “Saying Yes” Scam?

The “Can You Hear Me?” phone scam has generated a lot of interest and concern in recent weeks but do you really have to be worried about it?

This scam has been reported recently by USA Today, NBC News, CBS News, Boston television stations and newspapers across the country including last Sunday’s Globe.

People around the country have reported receiving a phone call from someone who claims to be from a home security agency, cruise line, Social Security Administration, or another agency or business. The scam caller starts the conversation with: “can you hear me?”

If you reply “Yes” which most of us would say automatically, the scammer supposedly records your answer and uses it to sign you up for a product or service. When an invoice arrives in the mail demanding payment and you call the listed number to protest the charge, the scammers say they have your recorded “yes” confirming the purchase. Some folks are worried that by simply saying “yes” they might be out hundreds or even thousands of dollars.

Should you be worried? I don’t think so!!! Snopes.com – one of my favorite sites to dispel rumors, scams and even urban legends posted that there is no evidence of individuals losing money or having their identities stolen due to this scam, only that some people have received phone calls. http://www.snopes.com/can-you-hear-me-scam/

This type of scam has previously been targeted at businesses. The business ends up receiving invoices or bills in the mail for products or services they didn’t order. Even though they are not legally required to pay a bill for any product or service they did not order, sometimes the business owners are so scared of the thought of debt collectors, they pay the bill.

To take money from you, the scammers would need other personal information to successfully charge items on their credit card or take money from their bank account. In those cases and with that information, a recorded “yes” wouldn’t be needed anyway. Even if such a scenario existed, it’s hard to imagine why scammers would need to utilize an actual audio recording of the victim’s repeating the word “yes” rather than simply providing that verbal response themselves.

As far as I know, phone companies, utility companies, and credit card issuers don’t maintain databases of voice recordings of their customers and use them to perform real-time audio matching to verify identities during customer service calls.

If you or a family member gets this type of phone call, your best bet is to simply hang up. Make it a habit to just hang up every time you get an unsolicited phone call from any organization or business. Don’t let these scammers waste your time.

ISPs Abandon Copyright Alert System

You may have never even heard of CAS unless you or a family member regularly downloaded and shared copyrighted media. Last week, major ISPs ended their three-year-old “six strikes” program intended to discourage subscribers from sharing pirated movies, music, and TV shows.

The program, started in 2013 and officially termed the Copyright Alerts System, was designed to send out a series of up to six warnings to people who downloaded or uploaded copyrighted content using file-sharing services such as BitTorrent. It was administered by the Center for Copyright Information, a coalition of entertainment companies and major ISPs, which issued a statement last week explaining its decision to terminate the program.

“After four years of extensive consumer education and engagement, the Copyright Alert System will conclude its work,” according to the statement. “The program demonstrated that real progress is possible when content creators, Internet innovators and consumer advocates come together in a collaborative and consensus-driven process. CAS succeeded in educating many people about the availability of legal content, as well as about issues associated with online infringement.”

The program was primarily intended as an educational measure, since it did not require ISPs to cut off service to customers who shared illegal content more than six times. Instead, each ISP would introduce its own mitigation measures, such as throttling Internet speed, if customers did not respond to the notices.

The CAS tracked illegal file sharing using a fairly simple method: content owners scanned torrents for their copyrighted works, and logged the IP addresses of computers that shared them. While the Center for Copyright Information doesn’t elaborate on the CAS’s technical setup, the Electronic Frontier Foundation reported in 2012 that CAS used software from MarkMonitor to scan torrents.

Major ISPs participating in CAS include AT&T, Comcast, Cablevision, Time Warner Cable, and Verizon. Verizon declined to comment, instead referring requests to the Center for Copyright Information, while the other four companies did not immediately respond to requests for comment.

Steven Fabrizio, executive vice president and global general counsel at the Motion Picture Association of America, suggested that CAS was being withdrawn because of its ineffectiveness at targeting the most egregious offenders.In a statement to Variety, he said that CAS “was simply not set up to deal with the hard-core repeat infringer problem. Ultimately, these persistent infringers must be addressed by ISPs under their ‘repeat infringer’ policies as provided in the Digital Millennium Copyright Act.”

 

Could flashing the “peace” sign in photos lead to fingerprint data being stolen?

PeaceSignForeign and domestic media outlets as well as Facebook posts are reporting that photos of one’s fingers flashing either a “peace sign” or “victory sign” are so high resolution today that hackers are capturing them and using the images for identity theft.

This all started on January 9th when researchers at Japan’s National Institute of Infomatics raised alarm bells over the popular 2 fingered pose.

Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets, laptop computers and electronic door locks.

The proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said.

The NII researchers were able to copy fingerprints based on photos taken by a digital camera three metres (nine feet) away from the subject.

“Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” NII researcher Isao Echizen told the Sankei Shimbun newspaper.

Fingerprint data can be recreated if fingerprints are in focus with strong lighting in a picture. Advanced technology was not necessary and anyone could easily copy fingerprints.

https://www.yahoo.com/tech/japan-researchers-warn-fingerprint-theft-peace-sign-101451701.html

Now “whisper around the world” as media outlets caught this story which they embellished as they reported it with headlines such as the following:

How YOUR selfies are allowing crooks to steal your identity… by zooming in on your FINGERS

HD lenses mean thieves can replicate your fingerprints

Celebrities most at risk, but fraudsters could hack smartphones and workplaces.

Although the articles routinely referenced “identity theft” (commonly interpreted to mean unauthorized use of financial accounts and personal identification documents), they also described hypothetical situations in which a fingerprint passcodes could potentially be replicated. In those instances, the “hackers” would require both a rendering of the fingerprints and personal devices belonging to their targets (such as a smartphone or point of sale access) to do any damage.

No evidence has been presented to demonstrate that hackers are currently using photographs to duplicate fingerprints in order to commit crimes or steal identities. The professor quoted on the possibility works with a laboratory that is developing a technology to secure fingerprints, and noted that technology of any sort was not necessary to copy them, as people leave them on surfaces throughout the day.

While the possibility exists that devices could potentially be compromised in this manner, the exaggerated headlines made the threat sound more plausible and immediate than it really is.

Norton Core Router Gives Home Security a New Design

xl-2017-norton-core-router-1Norton by Symantec on Tuesday announced the Norton Core secure router for smart devices in the connected home at CES in Las Vegas.

The router protects up to 20 PCs, Macs, Android and iOS smartphones and tablets on a home network, and unlimited devices connected to the Internet of Things.

It will update its firmware in background mode automatically, but not the firmware on connected devices, said Ameer Karim, general manager of consumer IoT security at Symantec.

Core Functions The router scans incoming and outgoing network packets across the home network, quarantines infected connected devices to a separate network, and alerts the user.

It provides a real time security score on network and connected device security, and gives users tips on strengthening security settings.

The router has customizable parental controls.

Users will be able to manage their home devices remotely from a connected mobile device.

Lost or stolen smartphones won’t pose a security problem because the router is cloud connected, so users can instantly change the password if necessary.

Users also will be able to add a PIN or Touch ID credentials for additional seciruty.

The Norton Core supports Wave 2 WiFi and simultaneously transmits at both 2.4 GHz and 5 GHz. It uses MU-MIMO technology.

The Norton Core supports speeds of up to 2.5 Gbps for 4K streaming and lag-free gaming.

Stellar WiFi The router combines an omnidirectional antenna design with advanced beam forming to ensure your devices get stellar WiFi anywhere in your home.

It can pause the home network as required, and can identify which devices can and cannot be paused, he said. IoT devices such as alarm systems, door locks, IP cameras, healthcare devices and appliances won’t be paused.

Consumers can preorder the Norton Core now; it will begin shipping in the United States this summer.

The router is priced at $200, which includes a one-year subscription to Norton Core Security Plus. The subscription will cost $10 a year after that.

Layers of Security The Norton Core device raises the question of whether your hardware and software solutions should be integrated into a single platform. Software needs to change so quickly, and it seems like the top security software solutions always change over time.

The Norton Core is designed as a geodesic dome, and there’s a reason why the best routers are funky looking. They need to optimize the number and location of the antennas.

Still, there is no easy answer when it comes to security. You have to have layers of security, and while the Norton Core is a good potential solution … it shouldn’t be the only one you rely on.

Get more information and pre-order here: https://us.norton.com/core

NORAD ready to track Santa’s flight again

noradsanta2016The North American Aerospace Defense Command is celebrating the 61st Anniversary of tracking Santa’s yuletide journey! The NORAD Tracks Santa website, www.noradsanta.org, launching Dec 1, features Santa’s North Pole Village, which includes a holiday countdown, games, activities, and more. The website is available in eight languages: English, French, Spanish, German, Italian, Japanese, Portuguese, and Chinese.

Official NORAD Tracks Santa apps are also available in the Windows, Apple and Google Play stores, so parents and children can countdown the days until Santa’s launch on their smart phones and tablets! Tracking opportunities are also offered on Facebook, Twitter, YouTube, Instagram and Google+. Santa followers just need to type “@noradsanta” into each search engine to get started.

Starting at 2:01 a.m. EST on Dec. 24, website visitors can watch Santa make preparations for his flight. NORAD’s “Santa Cams” will stream videos on the website as Santa makes his way over various locations. Then, at 6 a.m. EST, trackers worldwide can speak with a live phone operator to inquire as to Santa’s whereabouts by dialing the toll-free number 1-877-Hi-NORAD (1-877-446-6723) or by sending an email to noradtrackssanta@outlook.com. Any time on Dec. 24, Windows Phone users can ask Cortana for Santa’s location, and OnStar subscribers can press the OnStar button in their vehicles to locate Santa.

NORAD Tracks Santa is truly a global experience, delighting generations of families everywhere. This is due, in large part, to the efforts and services of numerous program contributors.
It all started back in 1955 when a local Sears & Roebuck advertisement directed children to call Santa directly – only the phone number was misprinted. Instead of reaching Santa, the phone rang through to the Crew Commander on duty, Colonel Harry Shoup at the Continental Air Defense Command Operations Center. Thus began the tradition, which NORAD has carried on since it was created in 1958.

Here’s a link to a video of Colonel Shoup talking about how this beloved tradition began.
http://noradsanta.wikia.com/wiki/In_Memory_of_Colonel_(Retired)_Harry_Shoup,_USAF

This year’s contributers include: the 21st Space Wing, Acuity Scheduling, Adobe, Alaska NORAD Region, America Forces Network, Analytical Graphics, Inc., Agingo, Avaya, BeMerry! Santa / Noerr Programs, Bing®, Canadian NORAD Region, Chirpon, The Citadel Mall, Civil Air Patrol, Christmas in the Park, Colorado Springs Business Alliance, Continental NORAD Region, CradlePoint, Defense Video & Imagery Distribution Systems, DoD News, The Elf on the Shelf, Extended Stay America, Getty Images, Globelink Foreign Language Center, Harris, Hewlett Packard, Historic Arkansas Riverwalk of Pueblo, iLink-Systems, ikaria consulting, Kids.gov, Level 3 Communications, Marine Toys for Tots Foundation, Meshbox, Microsoft®, Office Depot/Office Max, Naden Band of Maritime Forces Pacific, Newsline360, OneRender, OnStar, PCI Broadband, Portable North Pole/Ugroup Media, Ronald McDonald House Charities of Southern Colorado, SiriusXM®, Space Foundation, Spil Games, Strategic Air & Space Museum, U.S. Air Force Academy Band, U.S. Department of State Family Liaison Office, Verizon, Windows Azure, and Zillow.

5 common Facebook “friend request” scams

Thank you to ThatsNonsense.com for this information.

Needless to say, there are plenty of scams on Facebook. Whether it’s fake giveaways, like-farming pages, phishing attacks and spamming links, you only need to scroll through your newsfeed for a few moments before you come across something suspicious.

A portion of these scams are initiated via a simple friend request. You login, and that red number appears over your Contacts icon at the top of your newsfeed.

Of course it could be a legitimate request from someone you know wanting to be a Facebook friend. Or it could be the beginning of any of the following five scams….

Number 5 happened to me this past weekend thus the motivation to prepare this article. I’ve also included some info at the end of this article to help YOU fix this type of problem referring to an easy to follow graphic.

  1. Facebook Profile Cloning Scam – If the Facebook request comes from someone you know, and in fact are already friends with on Facebook, then alarm bells should already be ringing, because this could be a cloning scam.

Facebook profiling cloning scams (a.k.a. Friend Imposter scams) are surprisingly effective yet simple to execute. A scammer searches for a Facebook profile with a friends list that is public to anyone. Most people do not make their friends list private, so the scammer has plenty of profiles to choose from.

The scammer then copies both the profile name and profile picture of the account they pick – both of which are also public – and creates a brand new account with that information, thus creating a clone account. If the Facebook account targeted by the scammer has any other public photos, the scammer may well upload those photos to the new cloned account as well.

From there the scammer sends friend requests to the friends of the account they cloned, in the hope a number of them will accept the request under the thinking that it is the friend that has either created a new account of that they were accidentally deleted and being duly re-added.

Once an invitation has been accepted the scammer can now see information on that account only intended for friends. Any number of scams can be carried out on the person who accepted the friend request, such as the “Friend in Crisis” scam, or any of the following three scams on this list.

Always verify friend requests before accepting, and make your friends list private so scammers don’t pick your account and impersonate you to your friends.

  1. Malware linker – Most typically these friend requests will appear to come from an attractive member of the opposite sex, but the scam itself is rather rudimentary (unless combined with above Facebook cloning scam for a more personal touch) but essentially involve the scammer sending you an unsolicited friend request and – if accepted – following that up by sending you links to malicious websites that will attempt to install malware onto your computer when visited.

Either that or you’ll be sent to a survey scam, which harvest personal information by luring you into completing intrusive questionnaires. If you’re fooled into downloading a suspicious file to your computer, run an antivirus scan right away.

  1. Phishing linker – Very much like the above malware linker, the stranger you just accepted (again often posing as a member of the opposite sex – or again it may be combined with the Facebook cloning scam) will send you links to spoof phishing websites.

Typically these sites will be designed to look like the Facebook login page, asking for your Facebook username and password, which are then duly sent to the scammer, compromising your Facebook account.

  1. The “Looking for Love” Romancer – Finding love on the Internet is increasingly common, and this fact is exploited by scammers who target the lonely and vulnerable. This scam can be initiated on dating websites, through email, or on social media websites like Facebook. Scammers locate profiles to target and send a friend request. Upon the victim accepting the friend request, they are sent messages from the scammer who is attempting to strike a romantic relationship online with the ultimate goal of gaining the trust of the victim.

Once that trust has been established, the scammer will use one of a number of techniques to attempt to extort money from the victim. For example the scammer will tell the victim they want to visit but cannot afford transportation costs, or that the victim needs money for emergency medical bills, or money for equipment that will allow them to keep in contact with the victim.

  1. The Identity Thief  – Many of us share plenty of information with our friends. Photos, birthdays, home towns and a plethora of statuses containing a variety of personal information about us. And while this information can look innocuous and harmless, if it falls into the wrong hands it can be an identity thieves treasure chest.

If you accept the friend request of a stranger, or a stranger posing as a friend, then they can accumulate a lot of information about you based on what you continually upload onto the site. This information can be used to compromise other online accounts, create new accounts in your name and just generally impersonate you on the Internet or even in real life.

Identity theft is serious and can take victims years to recover from. So always make sure that your Facebook friends are who they say they are and never share too much information on your accounts just in case someone does compromise your account

Dispelling a myth There are plenty of legitimate scams on Facebook, but there are also plenty of myths as well. One such myth is the fallacy of friend requests that can “hack” your computer, “erase your hard drive” as well as other types of pseudo-jargon drivel that sounds more akin to Hollywood’s take on computer security.

As you can see from the list above, there are plenty of scams that can be initiated by a simple friend request. But don’t be confused. There is no such thing as magical hackers that can do anything they please by merely being accepted as a friend on Facebook. Friend requests can initiate a scam but they still require the victim to take further actions, such as giving away too much information, or by visiting a dangerous website.

how-to-report-fake-imposter-facebook-accounts

Images from Facebook and LinkedIn can instantly infect your computer

facebooklinkedinA new virus, specifically a form of ransomware, might be targeting your computer through shared pictures on social media websites like Facebook and LinkedIn. The new attack vector called ImageGate is the culprit. Researchers from Check Point say that this new type of ransomware has been making the rounds, and is better known as Locky. The Locky ransomware is one of the most notorious malware attacks to arrive on the scene in recent months.

Malware attacks like this do not necessarily attack your PC through browsers and operating systems only. Hackers understand the flaws in the treatment of images by both Facebook and LinkedIn and use it to their advantage by forcing users to download malicious codes through the pictures which eventually hijacks the computer when you open them. The ransomware quickly encrypts your files and attackers don’t give them back to the user until the requested amount of ransom is paid.

Check Point representatives stated that they informed both LinkedIn and Facebook but it’s difficult to gauge what actions have been taken. Roman Ziakin and Dikla Barda, members of Check Points Research team wrote, “The attackers have built a new attack to embed malicious code into an image file and successfully upload it to the social media websites. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file,” It has also been reported that hackers are using Facebook Messenger to spread the ransomware using .SVG files

This is another reminder that we should not take Facebook-like sites for granted. It’s always easier to prevent threats than react to them after the damage has been done. After all, there’s no guarantee that you will get your data back even if you pay the ‘ransom’.

As more and more people are joining social networks, cyber criminals are focusing on using new techniques like ransomware. The new and inexperienced users easily fall into their traps.

If you have clicked on an image and your browser starts downloading a file, do not open it . Social media websites show a preview of the picture without downloading any files. They’ve also asked users of Facebook and LinkedIn not to open files with weird extensions like JS, HVG, HTA, SVG.

 

7 Tech Products You Should Plan to Buy on Black Friday

Black Friday is a fun but often hectic way to kick off the holiday shopping season. Deals abound in every store and in every corner of the internet, but when it comes to gadgets, it can be difficult to sort out which promotions are worth the hype. It pays to be aware of a few do’s and don’ts of finding the best Black Friday deals. And it’s also useful to know that, as a rule, some kinds of tech deals are worth pursuing on Black Friday, while others are rarely worth the trouble.

Before you stock up on Black Friday fliers, read dozens of blog posts about the holiday weekend’s best promotions, or steel yourself to head to your local electronics store at some ungodly hour of the night or morning, it’s a good idea to know which kinds of gadgets you can really save money on during the Black Friday hype. Read on to check out the kinds of tech products that are worth buying on Black Friday.

1: Televisions

2: Budget-friendly laptops and Chromebooks

3: High-end smartphones

4: Tablets

5: e-Readers

6: Cameras

7: Video games, DVDs and Blu-Rays

To make your Black Friday shopping even easier, here’s a list of websites where you can find all the best deals from the comfort of your home.

Black Friday Ads (bfads.net)
If you’re not sure which store will have which deal, head to Black Friday Ads, which scans and tags Black Friday circulars from all the major retailers. Those circulars are then searchable, so you can, for example, see all the computer deals from Dell or electronics at Sam’s Club. It’s a little easier than sifting through newspaper circulars at your dining room table.

BlackFriday@GottaDeal.com
Black Friday@GottaDeal lists all the Black Friday ads as they are made available. You can search by category and see which stores have deals on electronics or televisions, for example.

Amazon.com
At Amazon, it’s not really Black Friday, it’s a month+ of deals. Things got started last week with a Black Friday Deals Store and over a dozen curated gift guides. Accessible through Dec. 22, the Deals Store features discounts on electronics, toys, clothing, kitchen items, and more.

Offers.com
On Offers.com, you can search by store or peruse Black Friday circulars ahead of the big day. Among other things, see which TVs will be on sale at Newegg and Samsung and which laptops you can pick up from the Microsoft Store or Amazon.

TechBargains.com
TechBargains.com is already compiling early Black Friday deals, but you can also shop by store, including Amazon, Dell, HP, and more.

BestBlackFriday.com
BestBlackFriday.com has the usual Black Friday deals fare— deals, ad scans, coupons, curated buying guides, and news — but also conducts market research, studies, and polls around the biggest shopping day of the year.

Brad’s Deals
BradsDeals.com mixes the usual Black Friday circulars with blog posts that provide tips and tricks ahead of Nov. 25.

DealTaker.com
At DealTaker.com, view a basic list deals from around the Web, including Black Friday offerings, which are bound to become more plentiful as we get closer to Nov. 25.

Have fun and stay safe!

 

 

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: