RING Video doorbell. An internet-connected doorbell isn’t a new idea. The Doorbot of a few years ago was clunky and ugly, but the concept was good: someone rings your doorbell, your smartphone beeps and buzzes, and with a tap, you can initiate a videochat with the visitor. It doesn’t matter if you’re in the kitchen, at the office, or on vacation in the mountains. You can talk to them and see them. They can hear you, but they can’t see you. If it’s a delivery, you can give the guy permission to leave a package and instructions on where to stash it.
The Ring Video Doorbell offers a more refined and comprehensive approach. It adds motion sensing, so it can alert you via your phone when somebody walks through your yard or onto your porch. It also records video and audio of each event (a ringing of the bell or a motion detection) and stores it in the cloud for later review.
The Ring unit costs $199, and you can easily install it yourself. Below the 180 degree camera eye is a circular button surrounded by an LED ring. At the bottom is a speaker allowing you to chat with your friendly FedEx or UPS driver. The companion app is a free downlaod, as is the user account that lets you access the Ring’s features. The cloud storage runs $3 per month or $30 per year.
The Ring Video Doorbell doesn’t offer a live video feed or the ability to constantly record footage, but Ring does say it will allow remote camera access at some point in the future, so you can take a peek out your doorbell even when nothing triggers the camera.
Knock, Knock, Who’s There?
All the tools necessary for installation are included—even caulk and a miniature level. Before you mount the Ring, you charge it using USB (you’ll probably have to take it down and recharge it once per year) and connect it to your Wi-Fi network, which happens through the smartphone app. (Ring is set to release their next generation doorbell that would in place of your current wired bell.)
When someone presses the button on Ring, your smartphone begins to, well, ring. The same goes for the unit itself—it rings to let the person at your door know something is happening. Opening the notification brings up a live video feed, where you can Reject or Accept the invitation to interact.
Bodies in Motion
Using motion sensors built into the camera, Ring can alert you when someone is at your door before they even press the doorbell. This is especially useful when the UPS or FedEx driver leaves a package and refuses to ring your doorbell. Also, before the button is even pressed, Ring detects motion at your door and begins recording video. This makes it possible to view what happened at your door before the bell was pressed. This video recording feature can provide you with the peace of mind in knowing any activity at your door is being recorded – well worth the minimal monthly fee. Not to mention, you can download any of the videos to your mobile device for easy sharing with family members, or in the hopefully unlikely case where it’s necessary, the authorities.
Video of how the Ring Video Doorbell works: https://www.youtube.com/watch?v=f9TRo7JDxFg
Check out their product line: https://ring.com/products
The U.S. Department of Homeland Security has issued a warning to remove Apple’s QuickTime for Windows. The alert came in response to Trend Micro’s report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows.
Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned, and remote attackers could take control of a victim’s computer system. US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center.
“We alerted DHS because we felt the situation was broad enough that people having unpatched vulnerabilities on their system needed to be made aware,” said Christopher Budd, global threat communication manager at Trend Micro. The only mitigation available is to uninstall QuickTime for Windows,” US-CERT’s alert said.
Instructions from Apple can be found here: https://support.apple.com/en-us/HT205771Apple has not discontinued security updates for QuickTime on Apple computer systems – just Windows based systems. It is not clear why Apple made the decision to end Windows support.
Zero Day Warning
Trend Micro’s Zero Day Initiative learned about the vulnerabilities from researcher Steven Seeley of Source Incite, who is named in the warning. ZDI then issued advisories detailing the critical vulnerabilities:
• The Apple QuickTime moov Atom Heap Corruption Remote Code Execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime. The problem first came to ZDI’s attention late last year. The number of users at risk is unknown at this time.
• The QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability allows an attacker to write data outside of an allocated heap buffer by providing an invalid index.
Software makers regularly retire applications, so it’s not unusual that QuickTime would be vulnerable. However, it was odd that Apple did not issue a public statement about ending its support for QuickTime for Windows and that the software was still available for download.
Increasing Software Vulnerability
QuickTime joins a growing list of software that is not supported any longer. That list includes Microsoft Windows XP and Oracle Java 6, which means users of those operating systems increasingly will be vulnerable to attack.
DHS didn’t have any comment to add to its alert, said spokesperson Scott McConnell, who referred questions to Apple. Apple did not respond to requests to comment for this story.
The warnings come amid recent reports about computer system vulnerabilities, including one issued just a few days ago about a vulnerability in Adobe’s Flash Player that could leave computers open to ransomware, which can lock up entire systems until an attacker is paid to release control.
When you’re on Facebook, do you ever get the feeling that you’re being watched? An ad pops up that’s right up your alley, or three new articles show up in your feed that are similar to something you’ve just recently clicked on.
Sometimes it seems like Facebook knows you personally, and that’s because it does. It has algorithms that track what you like, watch and click on. Facebook uses this information to target ads to users on behalf of its paid advertisers.
Facebook itself isn’t the only culprit. Tons of companies use Facebook’s platform as a way to track you. In fact, right now there a probably dozens of companies that are watching your posts, storing your profile information and more, without you even realizing it.
How did this happen in the first place? When Facebook first started out, people rushed to join because of the many perks that it offered. One of those perks, and probably the most appealing, was the fact that Facebook was entirely ad-free. You could use the service to connect with family and friends without being bothered by someone trying to sell you something.
Well, like they say, “All good things must come to an end.” Eventually, Facebook began selling ads like everyone else. And that’s when everything changed.
People realized that Facebook provided a treasure trove of information for advertisers. By clicking “like” users were telling companies exactly what they wanted — more of this, less of that. This led to the big data tracking we now see.
Three sneaky ways companies are tracking you: Most people understand that Facebook is tracking their preferences whenever they use the app. But, few realize they’re being tracked in other ways too. And, that’s what these third-party companies are banking on. If you don’t know you’re being tracked, then you won’t ask them to stop.
Here’s three things to watch out for.
1: Facebook apps: This is when you receive a request to play a Facebook game your friends are obsessed with, and you decide to sign up. If you’ve ever done this before, then you’ve allowed that app developer to track you. These third-party apps integrate with your Facebook profile and can ask Facebook for permission to pull various personal data, from your work history to timeline posts. And although you can edit what information they can access, very few people do.
2: Facebook logins: This is when you visit a site and it says “Log in with Facebook,” and you do, then you’re letting that company track you.
3: Friends’ apps monitoring you: Even if you didn’t download an app, your Facebook settings may allow apps your friends have installed to also see YOU. It’s pretty scary.
You might be wondering why this even matters, and how it really impacts you personally. The easiest way to answer those questions is to point out all of those big data breaches you hear about almost daily. Hackers rarely waste time on individuals these days. They’ve got much bigger fish to fry. Large retailers, for example – or the databases where these third-party companies store the information they’ve gathered. That’s why everyone should take these steps to protect their private information.
Some Options To Help Stop The Tracking Madness:
Review and edit installed apps: To see what apps you’ve installed over the years, open Facebook in your browser, click the down arrow in the upper right corner and select “Settings.” Then click on the “Apps” header in the left column.
To see what information an app is accessing, click the pencil icon next to any of the apps to see and edit the settings. The first setting lets you set who can see that you use the app. It defaults to “Only Me,” so it isn’t a big deal. Below it, however, is another story.
In the case of Skype, for example, it pulls your public profile information along with your list of friends, email address, birthday and hometown.
Remember that this information is being stored on a third-party server. Not every app developer is going to have Microsoft-level security, and hackers are good at turning tiny pieces of stolen information into big gains.
If you want to keep using the app, you can deselect certain items, such as your email address. Be aware that won’t remove the information from the app developer’s servers, however. If you change your email address in the future, however, the developer won’t get the new one.
Remove apps you don’t use: If you don’t want to use the app anymore, you can click the “Remove app” link at the bottom of the page. Just remember that this won’t automatically remove your information from the app developer’s servers. For that you’ll need to contact the app developer directly. Facebook has a link for more information on this under the “Remove info collected by the app” section in the app’s settings.
Turn off apps completely: If you’ve deleted all the apps, and you’re not keen on accidentally installing more in the future, you can turn off the app platform completely. Just note you won’t be able to install apps or log in to third-party sites using Facebook until you turn this back on.
To turn off the app platform, go back to the App Settings page. Under “Apps, Websites and Plugins,” click the “Edit” button. At first, this just looks like a way to disable app notifications and invites from other people, which is a big help on its own. However, you’ll want to click the “Disable Platform” link in the bottom left corner.
Facebook gives you their standard warning about what disabling the platform does. If you’re OK with it, click the “Disable Platform” button. Unfortunately, this won’t remove information that app developers might have collected about you already.
Stop logging into sites using Facebook: In the future, when you’re adding an app or logging into a website try to avoid logging in with your Facebook account. But, if you must use Facebook to log in, then look for the “Log in Anonymously” or “Guest” option so it won’t share your information.
Stop friends’ apps from seeing your info: Apps can still get your information through your friends. As your friends install apps, those apps can request permission to get info about you.
To put a stop to this, go back to the App Settings page. Then under “Apps Others Use” click the “Edit” button. You’ll see everything that your friends’ apps can see about you. Go through and uncheck every option listed on the page, and then click “Save.” Now companies can’t track new information about you.
It’s up to each of us to monitor and maintain what information we want shared with others. I’m sure you’ll be very surprised when you log in and check your Facebook app settings.
Do you own an older Kindle that’s been gathering dust? Get it updated before March 22 or you won’t be able to get online and download your books any more.
This is pretty much their final warning: If you have a Kindle, you need to update it before March 22 or it’s going to lose Internet connectivity.
That outcome would be very bad, because without the update you’ll no longer be able to access the Kindle Store or sync your device with the cloud, not to mention any other Kindle services you might be using. According to Amazon, the update is required to ensure the Kindle remains compliant with continuously evolving industry web standards.
You’ll know if your Kindle didn’t get updated in time because you’ll see the following message on your device: “Your Kindle is unable to connect at this time. Please make sure you are within wireless range and try again. If the problem persists, please restart your Kindle from the Menu in Settings and try again”
If you’ve been using your Kindle regularly then it’s most likely going to be fine. Kindles will update automatically via Wi-Fi, but if the device has been turned off or out of battery for a while, charge it up and make sure you Sync and Check for Items.
When the update has been applied you’ll find a confirmation letter called “03-2016 Successful Update” on your device. You can check for it by viewing all Recent items in your Kindle Library.
The following devices don’t need the update:
Kindle Paperwhite (6th and 7th generation)
Kindle 7th Generation
Kindle Voyage 7th Generation
If you’ve got one of the following, you do need the update:
Kindle 1st Generation (2007)
Kindle 2nd Generation (2009)
Kindle DX 2nd Generation (2009)
Kindle Keyboard 3rd Generation (2010)
Kindle 4th Generation (2011)
Kindle 5th Generation (2012)
Kindle Touch 4th Generation (2011)
Kindle Paperwhite 5th Generation (2012)
Amazon also points out that the Kindle Keyboard 3rd Generation, the Kindle Touch 4th Generation and the Kindle Paperwhite 5th Generation will only update via Wi-Fi, even if you have the 3G connection active.
If you do miss today’s deadline, you’ll need to manually download and install the required update. You can get more information on that process here.
More than 200 million users are currently running Windows 10 and that number is growing rapidly. The temptation to save money with Microsoft’s free upgrade might be so strong that you’re ready to upgrade now.
Should you upgrade now? There are certainly many great reasons to upgrade but a word of caution before you proceed.
Now may be the perfect time for a conversation about upgrading your Windows operating system. This newsletter is designed to make you pause and give serious deliberation to your decision to implement the Windows 10 operating system at this time. As a Microsoft business partner we certainly see the benefits to Windows 10 for many people, but some businesses may want to take more time and do more planning because once you upgrade there is no turning back. (Well, you can downgrade, so long as you have not deleted the windows.old folder. Users have a month to go back without any change in files, on best case installations.)
As you probably know, Microsoft is offering a free Windows 10 upgrade available through July of this year. Upgrading to Windows 10 seems like an easy process, with just a couple of clicks you are up and running.
The decision to upgrade should be made very carefully as it will impact your business and the performance of your IT environment. While it certainly makes sense for Microsoft’s business model and moving to Windows 10 is likely to be inevitable at some point for your business, we recommend that you take the time to more fully understand what is involved in moving from your current operating system to the new Windows 10 environment.
Here are some things to consider:
1. There are different editions of Windows 10. There’s Windows 10 home and Windows 10 Professional. If you choose the free Windows upgrade, you have no choice in the version that you will be receiving. It depends on what you’re upgrading from but in any case it may make sense financially to take advantage of the free upgrade.
2. You also have the ability to control whether your upgrade will take place automatically or manually. I recommend “manually” performing the upgrade just so you are the one in control of the process rather than be surprised the next time you turn on your PC.
3. If you are planning to purchase new PCs or notebooks, we recommend that you consider purchasing a Windows 10 PC. It might be tempting to shop for Windows 8 PCs and upgrade for free but we are not convinced this is the smartest option. Individuals should seriously consider the Windows 10 operating system. In the business world you are likely using a Windows 7 system and possibly considering upgrading for free, while it’s available. It all depends on the line of business applications your company is running.
4. As with any upgrade or downgrade plan you will want to complete a full backup of your data beforehand to avoid any potential problems.
5. Keep in mind that not all PCs can support Windows 10. Before a PC will be upgraded to Windows 10, Microsoft uses a vetting process to help insure your system can handle the upgrade. If you’re buying Windows 10 compatible hardware, then you’re going to be assured of a successful migration.
In summary, you have until the end of July of this year to take advantage of the free Windows 10 upgrade. Deciding whether or not to upgrade now is an important decision for you, especially if saving money is a consideration. To plan the upgrade you’ll need to have a strategy in place very soon.
Windows 7 and 8 are fast approaching their end of sales date for PC’s with Windows preinstalled. That means that as of October 2016, major OEM’s like Dell and HP will no longer be selling PC’s with Windows 7 or 8 preinstalled – so if you replace a PC after this date you will only be able to get one with Windows 10. Keep that in mind especially if your primary line of business application is not supported under Windows 10.
We believe Windows 10 is a solid upgrade for most users, but it’s not for everyone just yet. In some cases, if your primary business software is not compatible with Windows 10 then it may not be for you at all.
Below is a chart showing the Microsoft Windows End of Sale lifecycle to help with planning you upgrade.
People who don’t want to pay for Netflix services can buy stolen log-in credentials on the black market for rock-bottom prices, Symantec reports.
The online security company said it found advertisements and software aimed at cheapskate streamers, though it didn’t mention the names of the shady sites and forums.
Netflix Logins For Sale. The ads, which show Netflix logins for sale for as little as a quarter each, proudly display guarantees of “freshly cracked” accounts. They also ask their “customers” not to spoil the fun by changing passwords or messing with payments, either of which would alert the paying user to the fact that their account has been breached.
It is, of course, illegal — these are stolen accounts, gathered through nefarious means like malware and phishing. But since Netflix takes a laissez-faire approach to sharing accounts, paying users could easily be watching shows at the same time as someone who bought their login for a quarter on the Dark Web.
Netflix CEO Reed Hastings has said in the past that he doesn’t consider password sharing a big problem, and as long as the user base keeps growing (the service just passed 65 million subscribers globally), this common practice is likely to stay that way
Sharing your Netflix log-in? Turns out you might not be the only one who lets a friend or family member log into your Netflix account. In fact, if you don’t, you’re in the minority, according to a poll of over 5,000 Netflix users conducted by Global Web Index.
Only 35 percent of users claimed to be the sole user of the account — 30 percent shared it with one other person, 16 percent with two people, and 19 percent shared it with three or more.
Netflix has plans that permit multiple streams to multiple screens at once, which means they’re fine with accounts being shared to a certain degree. Two spouses and a kid watching a movie shouldn’t require three accounts, of course — but spreading the login among four or five friends might be something the company would like to stop.
Could your account be on one of these lists? It’s hard to say, but one easy way to check is to look at your recently watched shows. If you see a lot you don’t recognize and don’t seem like your style (or that of anyone you share with), you might want to change your password. That simple action will immediately stop your account from being used by others without your permission.
The “Internet of Things” security is badly broken and getting worse. The Shodan search engine is only the latest reminder of why we need to fix IoT security.
Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.
The feed includes images of marijuana plantations, back rooms of banks, infants and children in their homes, kitchens, living rooms, garages, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on.
While the privacy implications here are obvious, Shodan’s new image feed also highlights the dismal state of IoT security, and raises questions about what we are going to do to fix the problem.
Of course insecure webcams are not exactly a new thing. The last several years have seen report after report hammer home the point. In 2013, the FTC sanctioned webcam manufacturer TRENDnet for exposing “the private lives of hundreds of consumers to public viewing on the Internet.” Today it’s estimated that there are now millions of such insecure webcams connected and easily discoverable with Shodan. That number will only continue to grow.
So why are things getting worse and not better? Webcam manufacturers are in a race to gain market share. Consumers do not perceive value in security and privacy and have not shown a willingness to pay for such things. As a result, webcam manufacturers slash costs to maximize their profit, often on narrow margins. Many webcams now sell for as little as $20.
The problem: Consumers are saying we’re not supposed to know anything about this cybersecurity stuff and the manufacturers don’t want to lift a finger to help users because it costs them money.
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? You may remember in November the story about a 2008-era malware – Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
The bigger picture here is not just personal privacy, but the security of IoT devices. As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby’s crib.
FTC to the Rescue? When it comes to strong-arming manufacturers, government entities like the US Federal Trade Commission (FTC) may be able to help. Maneesha Mithal, associate director of the FTC’s division of privacy and identity protection, was quick to mention several examples where the organization went after at-fault companies. In recent years according to Mithal, the FTC has prosecuted more than 50 cases against companies that did not reasonably secure their networks, products, or services.
The FTC takes action against companies engaged in deceptive or unfair business practices, she explained. That includes IoT manufacturers who fail to take reasonable measures to secure their devices.
In addition to the enforcement action against TRENDnet, the FTC also issued security best practices for IoT manufacturers back in January 2015, urging them to build in security at the design phase rather than bolting it on as an afterthought. These practices could be a “defense-in-depth” strategy to mitigate risks, pushing security patches to connected devices for the duration of the product life cycle, and so on.
As consumers of IoT products it’s our responsibility to learn about the individual security and password settings for the devices we use and secure them to the best of our ability. Just don’t rely on the manufacturer to protect you – they probably won’t.
Data Privacy Day – January 28, 2016
Data Privacy Day (DPD) is an effort to empower people to protect their privacy, control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Held annually on January 28th, Data Privacy Day aims to increase awareness of privacy and data protection issues among consumers, organizations, and government officials. DPD helps industry, academia, and advocates to highlight consumer privacy efforts.
Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on Jan. 28.
Data Privacy Day is led by the National Cyber Security Alliance, a non-profit, public private partnership focused on cyber security education for all online citizens. StaySafeOnline.org has many resources to help you, your family and your business stay safe online.
Free Security Check-Ups Check your computer for known viruses, spyware, and discover if your computer is vulnerable to cyber attacks.
Check Your Privacy Settings One-stop shop for easy instructions to update your privacy settings wherever and however you go online.
Parent Resources Information regarding cyberbullying, child identity theft, Facebook for parents, social networking, etc.
Educator Resources Prepared educational materials for the classroom, K – 12th grades.
Business Resources Informational resources for businesses regarding bring your own device, information security, document destruction, compliance, data breach, and risk management. https://www.staysafeonline.org/data-privacy-day/business-resources
Privacy and Domestic Violence Resources for domestic violence survivors and victims to help safeguard the privacy of their personal information.
I received an email yesterday from John McAfee. Yup – he’s the guy that founded McAfee Antivirus, he’s the libertarian party candidate in the 2016 presidential election and he’s also promoting his new security technology device called Everykey!
Everykey is a brand new product designed to replace your passwords and keys. When Everykey is close to your phone, laptop, tablet, house door, car door, or another access-controlled device, it unlocks that device. When you walk away, that device locks back down. Everykey can also log you into your website accounts. If you lose your Everykey, you can remotely freeze it, so no one else can use it.
Using the EveryKey App, you pair your key to your devices, manage key settings such as the active range and even freeze your key if it is lost or stolen. The EveryKey app also pushes the latest over-the-air software updates to your key so you stay up to date with features and updated security standards.
There are currently 2 different device options.
A Wrist Band: This wearable accessory turns EveryKey into a sleek and stylish fashion statement. Just pop your key into the pocket on the back of the band and wear it wherever you go.
Key ring: One day, Everykey will replace all of your keys on that big bulky keychain. Until that day, you can use the Everykey Rey Ring Accessory as a convenient way to carry your keys.
Current pricing which includes 1 Key Ring Accessory and 1 charging cable for each EveryKey device purchased.
1 EveryKey – $128
2 Pack: $230
4 Pack: $435
10 Pack: $1,024
Expect the first EveryKey devices to ship in March of 2016
For additional information: https://everykey.com/
Get regular updates and additional information about Everykey here: https://www.indiegogo.com/projects/everykey-your-only-key#/updates
Free commercial-grade security for the home. Sophos Home (currently in beta) protects every Mac and PC in your home from malicious software, inappropriate websites and viruses.
It uses the same award-winning technology that IT professionals trust to protect their business systems. Best of all, you can manage security settings for the whole family from any browser.
* Please note that this free version of Sophos Home is for private and non-commercial use, letting you protect up to ten computers per account
Log in to our ridiculously simple web dashboard from any browser. In no time every PC and Mac in your home will be protected.
Sophos Home keeps nasty viruses at bay, stops malware from slowing down your computer, and helps prevent unwelcome hackers from gaining access to sensitive personal information.
Sophos Home protects you from online threats and unsuitable content. With just a few clicks, block access to sites that may contain inappropriate content or malicious software.