visitinggeeks

Dick has been in the computer industry for, uh, a long long time. He brings a common sense approach to IT services for home, SOHO professionals and enterprising businesses. He graduated with a S.B. in Computer Engineering at M.I.T. and an MBA in Finance from the University of Chicago.

Dick has been in the computer industry for, uh, a long long time. He brings a common sense approach to IT services for home, SOHO professionals and enterprising businesses. He graduated with a S.B. in Computer Engineering at M.I.T. and an MBA in Finance from the University of Chicago.

Cleanse Your Browser & VPN Services

As mentioned in my newsletter, to keep your Internet activities private, you should cleanse your browser history and cache contents, as well as setting up a VPN connection.

As you know, there are quite a selection of browsers: Internet Explorer, Edge, Chrome, Safari, Firefox, Opera and more.  The procedure to remove history and cache contents is different depending on your browser.  This website (www.refreshyourcache.com) gives excellent instructions on how to accomplish this for all these browsers.

For VPN services, here are 4 alternatives that deserve some attention, among many others:

  1. OpenVPN – free
  2. ExpressVPN  – $6.67 per month.
  3. NordVPN – $2.75 per month.
  4. CyberGhost – $2.75 per month.

They are very easy to install, connect and have different features as well as number of VPN servers around the world. Using VPN ensures your Internet communication is secure and confidential.

May the privacy be with you!

Comcast Website Flaw Exposed Customer WiFi Passwords

ZDNet reports on May 22, 2018 a security flaw uncovered by two security researchers, Karan Saini and Ryan Stevenson.

Using only Comcast account number and the house number, Comcast router/modem activation screen will display the router’s WIFI password in plain text, even though the web form asks for full address.

If a bad actor has a Comcast account number, s/he can simply guesses the house number or apartment number.

This bug also returns the new WIFI password even if the modem/router has already been turned on.

Comcast reportedly corrected this error shortly after ZDNet’s report. Stay tuned.

Email Scam Log Entry #6: Why am I so lucky?

Email Scam: Boston Globe recently was reporting on a woman receiving an email from Publishers’ Sweepstakes she won but need to pay taxes and some fees first.  She called the phone number and a nice young woman congratulate her and urged her to keep it confidential and don’t tell anyone, even her family so it can be a surprise.  Right?!  Below is excerpt of another email received this past week.

“My name is Warren E. Buffett an American business magnate, investor and philanthropist. am the most successful investor in the world. I believe strongly in‘giving while living’ I had one idea that never changed in my mind ? that you should use your wealth to help people and i have decided to give {$1,500,000.00} One Million Five Hundred Thousand United Dollars, to randomly selected individuals worldwide. On receipt of this email, you should count yourself as the lucky individual.”

Visiting Geeks: Am I lucky or what?  Who doesn’t know Warren Buffett, the oracle financier hailed from Omaha?   Forget about grammatical mistakes and typos.  I’ll take ‘United Dollars’ whatever that is.  Smile and hit your <delete> key.

Rabbit Ear

After power was restored Tuesday night after the storm, we found the FIOS interface was fried.  It’s weird without Internet, phone and TV.  As we live just outside of Boston, we can get TV signals using good old antenna.  But we threw that out long long time ago but we found a short coax cable so we connect it to the TV but signal was weak. Adding a booster did the trick.  Our TV receives the usual major channels.  Here’s our signal booster.

Functional Antenna Design

Email Scam Log Entry #5

Scam Email #5: this appears in inbox…”

Good morning.

Dont regard on my English, I am from Japan.We loaded our malicious program on your device.After that I thiefted all private background from your device. Moreover I received some more evidence.The most amusing evidence which I got- its a videotape with your masturbation.I put virus on a porn page and after you loaded it. As soon as you decided with the video and tapped on a play button, my deleterious soft immediately loaded on your device.

After adjusting, your web camera shoot the videotape with you masturbating,  additionally I saved the video you watched. In next week my virus collected all your social media and email contacts.

If you wish to destroy all the compromising evidence- transfer me 980 united state dollar in BTC(cryptocurrency).

I provide you my Btc wallet address – 1FkizUB6vgJzUz6fQyTRZckcu3QBT

You have 24 hours to go from this moment. If I receive transaction I will destroy the evidence forever. Otherwise I will send the record to all your friends.”

Visiting Geeks: This sounds pretty alarming for the recipient but it’s a scam. Unfortunately, scammers can buy emails by the thousands and simply blasts this type of scary emails out to demand money. Ignore it.  We are testing email screening software to cut down these types of nonsense.  Stay tuned.

Top Robocallers According to YouMail

Estimated volumes of top phone scams in March 2018.

Category Type Volume
Interest rates “0% interest rates” 122.9m
Credit cards “Problem with your credit card” 82.5m
Student loans “Forgive/lower student debt” 71.0m
Business loans “Preapproved for business loan” 53.4m
I.R.S. “Owe money to the I.R.S.” 43.4m
Search listings “Listing has a problem” 31.0m
Travel “Free/discount trip” 27.0m
Preapproved loans “Ready to wire – just need info” 26.2m
Home security “Free service/installation” 26.1m
Utilities “Save money – need your info” 19.2m

Source: YouMail

Cybersecurity 101

My first encounter of computer breach happened almost 40 years ago when I just started as a systems programmer after graduating from MIT. My computer terminal was mis-behaving at random intervals.  Sensing a potential intruder, I wrote a small system utility to monitor and trap the offender.  Once trapped, my utility would identify and lock the hacker’s computer, display a 5-second count down clock and promptly crash the computer when the clock ticked to 0.  It didn’t take long to identify and confront the culprit. I smacked his head with a rolled up newspaper!

Fast forward to now. With the proliferation of Internet, cyberhackings are much more frequent, complex and damaging nowadays.  We hear and remember high-profile ones like Equifax, Home Depot, Target, Sony…  But according to 2016 State of SMB Cybersecurity Report, almost 50% of small businesses got hacked.

“Most small-business owners don’t think they’re at risk. As a result, … they are indeed ill-prepared to safeguard against an attack,” said Bryan Seely, a network engineer famous for hacking into the FBI.

You, my business customers, are small businesses.  I have to care. I don’t want you to fail. Yes, I know about antivirus software, firewalls and encryption.  But that’s baby stuff and I know there’s so much that I don’t know. So,

In a moment of insanity, I signed up a course on Cybersecurity: Technology, Application and Poilicy from MIT xPro.  I instantly regretted my witless decision after looking at the ridiculous syllabus, plus there’s a test weekly for 6 weeks before the final exam. Arrrrgh.

It started this week….  and I’m happy to report that MIT professors haven’t changed.  It’s fire hose water boarding time.  I just took week 1 assessment test…. We’ll see.

Drop me a line if you are curious about information flow tracking, taint propagation, trusted computing base, fully homomorphic encryption or obliviuos random access memory.

Am I having fun yet?!

Computer Scam Log Entry #4

Fake Email #4: Accountant receives email from colleague with invoice to pay vendor via wire payment.

Visiting Geeks: The from email address was correct and clicking the blue “from email” link shows colleague’s correct email address.  Forwarding the invoice was also usual procedure except the content to wire payment raised suspicion from the accountant and alerted Visiting Geeks. Visiting Geeks examines the email message routing details and determined that it was sent from Lagos, Nigeria.  This kind of spoofing is done frequently by criminals and not too difficult to carry out.  It doesn’t necessary mean that the colleague or the accountant’s  computers were compromised.

Take Away:  Even legitimate looking emails could be a scam. Anything out of the ordinary should raise an alarm.

 

 

Computer Worm Log Entry# 4 – WannaCry

Worm #4:  The message “Oops, your important files are encrypted.” or “Hello, dear friend! All you files have been ENCRYPTED.” displays on your screen and a ransom is demanded.

Visiting Geeks: These are classified as ransomware. Some computers at the City of Atlanta, Baltimore’s 911 system and Boeing were all attacked recently with a crypto-virus derived from a vulnerability uncovered by the NSA.  This type of malware is classified as a WORM.  Once a computer is infected, this WORM will seek out other computers on the same local network and try to infect them as well.  Phishing is the typical way of gaining entry.  Data is encrypted and cannot be recovered unless ransom is paid. To protect your computer, be vigilant on incoming emails, apply latest Microsoft security updates as well as having a real-time anti-virus protection, plus a off-site/cloud backup for your data.