Posts Tagged: ‘Security’

Cyber Security Awareness Month (2024 10)

September 29, 2024 Posted by Tiny

Thoughts From a Clicker
By Tiny Ruisch

October is National Cybersecurity Awareness Month.  It was created in 2004 as a collaboration between government and industry to provide resources that users need to stay safer and more secure online.  Administered by the Department of Homeland Security, this is a perfect time for all of us review our online practices to avoid falling victim to the many attacks that can compromise our lives.

The theme for Cybersecurity Awareness Month 2024 is “Secure Our World”.  Here are a few web links that you might find useful:

The Cybersecurity & Infrastructure Security Agency home page has links to information on everything the US Government publishes.  You can read the blog, sign up for the newsletter, view many “how-to” articles and much more.

Identity Theft is a Federal Trade Commission Consumer Advice page on how to prevent your personal information from being stolen.

Scam Alerts is a Federal Trade Commission Consumer Advice page with three sections:
1) How To Avoid a Scam;
2) What To Do if You Were Scammed; and
3) Report Fraud, Scams, and Bad Business Practices.

The Internet Crime Complaint Center is a Federal Bureau of Investigation (FBI) site with detailed instructions how how to report on-line crime.

Unfortunately, a web search for Cybersecurity Awareness Month in Louisiana doesn’t reveal much happening in our state.  I did a search on la.gov for cyber security.  The most recent article was in October, 2022.  I also found out that there is a State Cyber Assurance Program.  Now that I know it, I’m sure I’ll soon forget it exists.

The city of Baton Rouge hasn’t changed their Red Stick Ready-Cybersecurity Preparedness page for at least two years.  They do have several links to other helpful information.  As an added bonus, at the bottom of the page there are links to prepare for many other disasters and hazards.

I hope you can use the links in this article to find more information.
Thanks for reading.

Cookie Management (2023-09)

September 3, 2023 Posted by Tiny

Thoughts From a Clicker
By Tiny Ruisch

Here is a question and answer from the FAQ section of one of my favorite websites that I often visit:
Q: Do you put cookies on my computer?
A: Not very often.  Sometimes a section of my site will not operate without a cookie.  When I do that, I usually use chocolate chip cookies.

Since the passing of the ePrivacy Directive (commonly known as the EU Cookie Law), many websites greet you with a big pop-up window telling us how important our privacy is to them.  To continue viewing, we have to accept cookies.  Actually, we don’t have to accept cookies.  Of course, if we don’t, we might not have an optimal experience on the site.

Cookies are just small information files that are stored on your computer.  When you return to the site, the files are read and you theoretically have the same experience as your previous visit.  The problem is with cookies that are placed by third parties.  These are almost always from advertisers.  They can be read by other parties and are often used to track you across different web sites.

What can we do about cookies?  In your web browser settings, you can block all cookies.  Unfortunately, doing so might cause websites not to work as designed.  Almost all web browsers block third party cookies by default.  If not you should enable the setting.

You could also do what I do.  Add a cookie manager browser extension.  If you search in the browser add-ons store, you will find many cookie managers.  It should not be too hard to find one that works for you.

The one I use and can recommend is “Cookie Remover” uploaded by Adam.  It is a simple extension that does one thing.  When you click on the icon in your browser tool bar, all of the site cookies are instantly removed.  It is available for all browsers.  Over the years, I’ve developed the habit of clicking the icon before I close the tab.  It works for me.

That’s all for this month.  I think I’ll go have a cup of coffee and some cookies.
Thanks for reading.

World Backup Day (2023-03)

February 26, 2023 Posted by Tiny

Thoughts From a Clicker
By Tiny Ruisch

It is almost March 31.  World Backup day is a commemorative date celebrated annually by the backup industry and tech industry all over the world.  The World Backup Day highlights the importance of protecting data and keeping systems and computers secure.  It all started with a post on Reddit when a user wrote about losing their hard drive and wishing someone had reminded them about how important it is to backup data.

Even though you might not think so, backups are important.  Its not a question of “if” but “when” your hard drive will fail.  Phones get lost.  Ransomware gets on computers.  Files get accidentally deleted.  I knew one person who gave his phone to another family member who promptly deleted all of their photos.  If not for the fact that he was unknowingly backing them up to Google Drive, I would not have been able to help him.  Accidents happen.

I’m often asked by club members on what is the best way to back their data.  The answer is that there isn’t a best way.  What works for me won’t work for everyone.  The first thing you need to do is determine what to backup.  Some people backup everything on their computer.  Others are like me and only identify items that are important to them.  This may include items like photographs, medical files, personal data, newsletter files and a few other things.

I do believe in using the 3-2-1 backup strategy rule. This simply states that you need three copies of any important data.  At least two of the copies should be on different storage media, such as a hard drive, removable drive, cloud storage drive, etc.  Finally, one of the copies should be kept off site in case of a disaster.

There are many ways to back up your data.  The simple and easy method is to copy and paste.  All Operating Systems have this method built-in.  There are many file syncing programs that you can use to automatically duplicate your files.  Most cloud storage services can be set to automatically backup.  Of course, there are hundreds of backup programs you can install to copy files or image your hard drives.  Pick one that is easy for you to use.  By doing so, you will be more likely to routinely backup.

One final thing to remember, a backup that you can’t restore is no worse than not having a backup.  You should test your backup data to make sure it is usable.  Unfortunately, this can be dangerous to do.  If you are restoring an image backup to test it and something goes wrong, you can destroy the files you backed up.  Avoid this by stopping at the very last step before the restore would begin.  This will verify that your recovery disk works and the backup program can access what’s necessary to perform the restore.

If you decide not to do any backups, maybe the NSA will be able to give you a copy from their files.
Thanks for reading.

National Call Registry (2019-11)

July 12, 2022 Posted by Tiny

Thoughts From a Clicker
By Tiny Ruisch

At last month’s monthly meeting, Lt. Brian Blache, a forensic computer examiner in the Financial Crimes Division of the East Baton Rouge Sheriff’s Office, gave an informative talk.  One of his comments was that if you don’t answer your phone, eventually you will get few scam calls.  I can attest that this is true.  For many years, if a caller isn’t in my contacts list, they are transferred immediately to voice mail.  I hardly get these calls anymore.  His talk also reminded me of a column I wrote for another computer club in April 2014.  It was my thoughts about the National Call Registry.  I hope no one will mind too much if I repeat it here this month.

Does anyone remember the Perry Mason television show that aired back in the 1950’s and 60’s?  Perry was a lawyer that had an extra phone line installed in his office.  The only people who had this second telephone number were his secretary and a private detective.  That way, when the phone rang, Perry knew it was important and would answer it immediately.

Here we are, sixty years later.  Almost everyone has a telephone they can carry in a pocket or purse wherever they go.  Isn’t technology great?  Now we can get a call almost everywhere we are.  Gone are the days of running to the telephone from the other side of the house, picking it up and hearing a dial tone.

Hardly anyone has to miss a call anymore.  You can answer it in the mall, behind the steering wheel, walking down the street or sitting on your throne.  How wonderful!

Unfortunately, behind every silver lining, there is a cloud.  It is so easy for telemarketers to program their computers to call you and everyone else that has a phone number.  Don’t you just love all of those interruptions?  Me neither.  I sure wish the government would save us.

Wait a minute!  I nearly forgot!  The government is already protecting us from unwanted calls.  On March 11, 2003, President George W. Bush signed into law the Do Not Call Implementation Act.  The law established the FTC’s National Do Not Call Registry in order to facilitate compliance with the Telephone Consumer Protection Act of 1991.  This law is working so good that compliance complaints have increased every year except one.  You would think that complaints would decrease until unwanted calls are a thing of the past.

Could it be that people are complaining because of the law’s exemptions?  A person may still receive calls from political organizations.  Luckily for me, I don’t get any of those types of calls.

A person may still receive calls from not for profit organizations.  Once again, I’ve been lucky.  I don’t get any of those types of calls.

A person may still receive calls from companies with which he or she has an existing business relationship for up to eighteen months after their last purchase, payment or delivery from it.  I can’t believe how my luck is holding.  I don’t get any of those types of calls either.

My personal favorite exemption is that a person may still receive calls from companies conducting surveys.  Turns out that some of these companies call with a survey and then ask for permission to make a follow up call.  The follow up is an attempt to sell you something.  Guess what?  I haven’t gotten any survey calls.

Even though I have never registered for the Do Not Call list, I expect that my luck will continue to be pretty good.  I don’t really care who has my phone number.  If I receive a call from a number that isn’t in my contacts list, it goes straight to my voice mail.  When my phone actually rings, I know that it is a call I might want to answer.  Like Perry Mason, I don’t get calls from unwanted people.

Keep on clicking and thanks for reading.

Another Facebook Hack (2021-06)

May 22, 2021 Posted by Tiny

Thoughts From a Clicker
By Tiny Ruisch

I’d like to take a minute to give Facebook a big thank you for giving me a subject for an article for this newsletter.  I often have a problem deciding what to write about.  Facebook made this one a “no‑brainer”.

With less than 50 friends, I’m not a big user of the service.  I usually log on only once day for about 15-20 minutes.  I don’t have any of the mobile apps installed, have never hit a “like” button and seldom post anything.  The only reason I haven’t closed my account is I have many relatives that keep me informed of what is happening.

People that know are aware that I don’t answer my phone for any calls that are not in my contact list.  If I don’t answer for them, I can’t really come to the phone.  Facebook caused me to do some research on calls that have been rejected.  From January 1 through April 5, there were exactly 7 of them.  Things changed for a couple of weeks:

April Date Rejected Calls
06 32
07 18
08 46
09 42
10 6
11 0
12 22
13 8
14 14
15 12
16 14
17 4
18 2

After a two week onslaught of unwanted calls, they have finally started to taper off to around 2-5 per day.  It wasn’t hard to figure out what happened.  In early April, more than half a billion phone numbers from Facebook accounts were posted on hacker forums.  Of course, the company went into “Public Relations” mode and announced that they believed the data was “scraped” from accounts in 2019.  We were assured that everything has been fixed.  Funny thing is, I don’t remember knowing that two years ago.

If you’ve had an increase in spam calls and have a Facebook account, you might now know why.  Once again, thanks Facebook.  You’ve helped me prove what I’ve said for years.  I don’t much care who has my phone number.  I don’t pay much attention to it anyway.  Facebook has also given credo to the fact that the “National Do Not Call Registry” doesn’t work well.

Thanks for reading and keep on clicking.

I Want To Believe – Originally Published March 2020

March 4, 2020 Posted by Tiny

A Pain in the Whatchamacallit
By Tiny Ruisch

I’ve been re‑watching the X‑Files, which has always been one of my favorite television programs.  I often think of this show whenever I read another article about people falling for a phishing scam.  Almost every day, there are more companies and people that get compromised.  I often wonder how many don’t ever get reported.

Why does the X‑Files remind me of scams?  Fox Mulder had a poster in his office that said, “I Want To Believe”.  I think that is why phishing scams work so well.  People want to believe that there is really a Nigerian prince that wants to give them money.

These con games have been around long before there was an internet.  Older people will remember getting chain letters.  Just send five dollars to the top name(s) on the list and add people you don’t want to keep as friends to the bottom.  Send the letter on to them and soon your mail box will be packed with envelopes containing money.  I wonder how many readers won the Irish Sweepstakes without even buying a lottery ticket?  No, you didn’t really win an all expenses paid vacation that requires a small processing fee.

When governments, companies, school districts, etc. get ransomware installed, it is often because an employee clicked on a link in an e‑mail.  They wanted to believe that their boss wanted them to do something, that their schedule had been updated or that there is another important event happening.

I’m knocking on the wood of my computer desk as I tell you that I have never had a virus or malware on any of my many computers.  This is despite the fact that I sometimes visit some “shady” web sites.  On those rare occasions, you can bet that I’ve opened my browser in a sandbox.

So how do I avoid all the evils? I just follow a few simple rules.

• I almost never click on a link received in an e‑mail.  This includes messages that I’m fairly sure are safe.  Even my bank doesn’t like me that much.
• When I visit those “risky” web sites I mentioned earlier, I definitely don’t click any links.  If anything interests me, I usually open a new tab and do a search.
• I only download programs from the creators website.  The same goes for software updates.  Only from the program and not a popup on my computer.
• Whenever I install new programs or updates, I carefully check every screen before clicking next.  That includes EULAs.
• I never download or install a browser extension, a program or a plug‑in that I didn’t look for.  If a website tells me I need to do something special, I do something special.  I leave the site.
• I disable auto‑run on all my drives.
• I use a password manager.
• I never, ever click links on social media sites (especially Facebook).

Stay safe on the internet.  Use common sense.  Try not to believe.  Trust no one.
That’s all for this month.  Thanks for reading.

Android App Permissions – Originally Published June 2018

June 10, 2018 Posted by Tiny

From the Dark Side
by Tiny Ruisch

Would you mind if I came to your home and looked through your house to get some ideas for things to write about in this column?  If I find anything useful, I promise not to tell anyone where I got the information.  I promise that I will keep any details about your private life secret.  Of course, if I change my mind later, you won’t be able to do anything about it because you gave me permission.

If as I suspect you answered “no”, I hope you are as diligent with your Android phone.  When you install an application, do you give it permission to look through your data and use it for marketing or other purposes?  Over the years, there have been many Android programs that have wanted to do similar things on your phone.

Android forces apps to declare the permissions they require when they install them.  You can protect your privacy, security, and cell phone bill by paying attention to Android app permissions when installing those apps.  Prior to Android 6.0 (Marshmallow) all applications declared their permissions before installing.  You could either accept and install, or decline and not install.  The problem with this system was that many users didn’t pay attention. An application for a game could potentially harvest all of a users contact data.

In newer versions of Android, apps have to individually request each permission. Keep in mind that if you deny a permission, the application might not work as designed.

It is easy to check the permissions of an Android application.  If you have already installed it on your device, go to Settings>Apps.  Scroll down to the app you want to examine and tap it.  Click the permissions field.  If it is an application you are thinking of installing, open the Google Play Store and go to the app.  Then click on the “Permission Details” tab.

Why is it important to check permissions?  Simply because our phones contain so much personal information.  They have our exact location, contact data, personal pictures and more.  They can record everything we say and do.  In short, access to your Android device is access to you.

An internet search will find millions of sites that tell you what each permission is.  Probably the best place to research permissions is Google Support.  There are two informative articles:
1. Review app permissions thru Android 5.9
2. Control your app permissions on Android 6.0 and up

Use common sense when you install apps. If a flashlight program asks to read contact information, it might not be the best one to install. Reputable app developers will tell you why their software needs each permission.

Thanks for reading.

Choosing a VPN – Originally Published May 2017

May 4, 2017 Posted by Tiny

A Pain in the Whatchamacallit
By Tiny Ruisch

Should you be using a Virtual Private Network (VPN)?  If you’re connected to a public Wi-Fi network, the answer is definitely yes.  If you’re connected to your home network, you may or may not need to.  Personally, I connect to a VPN almost every time I connect to the internet.

Simply defined, a VPN extends your private network (internet connection) to a public network by creating an encrypted “tunnel”.  In effect, you mask your computer from places you visit when you are online.  A VPN will not make your online connection completely anonymous, but it will increase your privacy and security.

You’ve probably heard that your internet speed will slow down when you are using a VPN.  This is true, but in most cases, the slowdown is so negligible that you will probably not notice it.  Most of the slower VPN services are the “free” ones.  I have used a paid VPN for several years now.  There have only been a few times that I’ve cursed my downloading speed.

Many sites on the internet are restricted to certain locales.  By utilizing a VPN you can easily bypass them and appear to be browsing from a completely different place in the world.  If you do a lot of online shopping, you can often get a lower price by using your VPN.  Many companies offer different prices, depending on where you live.  I’ll let you determine the legality of doing these things.

There are many other reasons you might want to use a VPN.  I won’t bore you by trying to list them all in this article.  An internet search will give you a much more thorough and precise list.  Just remember, all VPNs are not created equal.  If it is free, find out what the real cost is.

Selecting which VPN to use can be the most difficult part of using a service.  Besides cost, some things to check is how many servers the company has and where they are located.  Many VPN providers just buy bandwidth from other companies and resell it.  Should the service go down, you might have a wait.  Another important thing to check is whether or not the provider keeps a log of your internet surfing.  Like many other things, this will vary among companies, so make sure you read the fine print.  If you want privacy, you don’t want a record kept of your internet browsing.  Be careful when reading online reviews.  Many of them are in reality paid for by the VPN service.  The article headline will usually be something like “The Best VPN” and then not do a comparison.  Another giveaway headline is something similar to “Get a Lifetime Subscription to ??? VPN For Only X Dollars.

I have one last suggestion.  Make one of your first search stops That One Privacy Site.  There you can find an excellent tutorial on how to choose your VPN.  The site doesn’t recommend a VPN but instead has an excellent, frequently updated chart of almost 200 services.  There are comparison columns for trustworthiness, affiliates, jurisdiction, logging polices, price and many more.

I’m wishing you some happy and secure online activities.
Thanks for reading.