We have a great show today filled with simple things you can do to avoid the major hacks and attacks happening on the internet right now. No computer science degree necessary – just do it yourself!
Our guest is Shahid Buttar of the Electronic Frontier Foundation, speaking about net neutrality and privacy issues.
Also, we answer questions from our listeners. Plus, we have a packed list of news items, including:
– Meltdown and Spectre – a problem that could effect practically every computer, tablet and smartphone
– Problems with WD My Cloud products issue that are easy to fix
– an issue preventing Windows updates for people who don’t use Microsoft Defender
– an unusual hack involving SONOS and Bose
– A new product that Facebook is testing that everyone should avoid
– Something you need to know if you let your internet browser remember store your passwords
– a new low in personal data collection.
TARGET – everyone
FIX – update software and OS
Much bigger problem for big companies, and IT people. You will hear IT people use ‘catastrophic.’ Don’t panic – just follow these steps. Home users, student, small business – you can handle this.
Fix – find updates for your software (not hardware) Will discuss how to safely update soon.
Priority – Stop what you are doing and update your browsers now. Then update other programs you use (word, adobe, everything)
Cost – expect your computer to run slower – approximately 5% to 30% slower.
What’s the problem.
- Chips (a.k.a. processors) make your computer perform
- Performance speed matters
- Intel, AMD and ARM constantly trying to improve speed of performance.
- Decades ago, chips started taking shortcuts. Processing code out-of-order, mapping or caching results of parts of the code, etc..
- Research figured out how to EXPLOIT this:
- Meltdown: Full local system compromise. Meaning all data can be accessed, which can include personal data and passwords.
- Multiple experts have called this catastrophic, if you consider a 30% slowdown catastrophic.
Good news: It was discovered by researchers, not because anyone found active virus attacking computers (yet).
More good news: Software vendors were notified back in July, 2017, public announcement was January 3, 2018. Most OS vendors (apple, Microsoft, Linux) and browsers (chrome, explorer, firefox, and safari) used the time in between to fix most software.
WARNING: older products (Linux kernel, 4.14.1 or earlier) have not all updated as of this recording, so look for updates and run them as soon as you can. This link tells you how to check: https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/
Next segment – how to update.
Breaks down barriers between programs – one program could be tricked into divulging its memory and activity to a virus. It is harder for a hacker to use (good news) but it is also much harder to fix (bad news).
How to (safely) update your software:
- Never, never, never click the friendly pop up box. Never.
- Find “Check for updates’ in your program. Usually, you can click on “About” on most programs find the ‘check for update’ button. Or, click ‘help.’ May find button or search term.
- All else fails, Google “How to check for update for [PROGRAM NAME].”
FIX: update your software – update to version 2.30.174 or later
Hard-coded backdoor – unchangeable username and password written into the software that runs the device.
MUST make sure you are on version 2.30.174 or later
Google: “update wd my cloud”
If you are using windows without any antivirus software other than Security Essentials or Defender (default) – you will not get the updates. And you need the updates due to regular security patches. Disable 3rd party software.
FIX: Update the firmware from app
Can steal log-in details for your internet music accounts
Firefox quantum – in settings you can change Tracking protection AND Do Not Track Signal to “always;” Chrome can’t/
Effectively an ad blocker for sites that honor do not track. Note: this will reduce advertising revenue.
Don’t do it.
Change one pixel, and plan fails.
What if pic is compromised in transit?
If you have a pic, delete it. If you have a backup, delete that. If you boyfriend, girlfriend, spouse – anyone – has a pic of you that you don’t want to show up on Google images, do the best you can to delete all copies and backups.
Anyone who uses their browser to store passwords.
More Info: Google “freedom tinker login”
Really disturbing profiles at AudienceInsights.net, which is run by Adthink.com. Using the password manager flaw.
On their website, they say they collect info like,
- events related to your activity on the partner’s website (such as the number of pages viewed or your searches made on the partner’s website),
- information provided by trusted partners that may include socio-demographic data such as age range.
- We do not collect any personal information. We do not know who you are. We do not know your residential address, your email address, your phone number or any other personally identifiable information about you.
- We do not collect sensitive information (such as medical condition, bank account…).
BUT – according to
- birth date
- BMI (body mass index)
- hair color
- relationship states
- model year
- fuel type
Opt out through Audience Insights
On audience insights.com, about halfway down the page, click “check my status” then “click to opt out.”
How to block through your browser:
- For Mozilla Firefox:
- Select the “Tools” menu then “Options”
- Click on the “Privacy” icon
- Find the “Cookies” menu and select the options that suit you.
- For Microsoft Internet Explorer:
- Select the “Tools” menu, then “Internet Options”
- Click on the “Privacy” tab
- Select the desired level using the cursor.
- For Google Chrome:
- Click on the “wrench” icon in the browser’s tool bar
- Select the “Options” menu then click on “Advanced Options”
- Click on “Content settings” in the “Privacy” section
- Click on the “Cookies” tab and select the appropriate options
- For Opera 6.0 and beyond:
- Select the “File” > “Preferences” menu
To learn more about third party online advertising and to withdraw from this type of advertising, visit the following Web sites:
Digital Advertising Alliance: http://www.aboutads.info/choices/
Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp