How does Advanced Identity Protector install on your PC?

We hope some of you must be aware of this Windows-based utility name as “Advanced Identity Protector But, few of them might be still unknown with this term. Isn’t it?

Well, want to know aboutAdvanced Identity Protector in detail, let us undergo the study of What is advanced identity Protector?

remove Advanced Identity Protector

Advanced Identity Protector is a Window-primarily based software that needs to protect your status while online. It allows some characteristics like scanning of net browsers, emails, and registry entries. It can also clean out proofs of private information used at the browser’s online forms.

But, recently a survey regarding Advanced Identity Protector came into existence and the study says:

“The primary executable setup named as advancedidentityprotector.exe. The setup kit usually installs about 19 repositories and usually about 35.16 MB (36,869,660 bytes). Comparative to the overall usage of users who have this installed on their PCs, most are working on Windows 10 and Windows 7 (SP1). While about 89% of users who are a part of Advanced Identity Protector grows through the United States, and it is also widespread in Australia and the “United Kingdom.”

Advanced identity Protector is the PUP (potentially unwanted programs) that uses deceptive methods to block the elimination of the unwanted packages.

Advanced Identity Protector Is safe or unsafe?

Advanced Identification Protector isn’t always an entirely precise application although it demands that it could easily block identity theft.

Instead, it is recognized as a probably unwanted application by using many specialists. Therefore, we can say it’s not completely accurate software.

It’s our responsibility to warn you that it has already been classified as scareware because it prompts fake warnings and then promotes its licensed version. Further, we will this article will provide you the brief information about How does Advanced Identity Protector install on your PC?

Firstly, Advanced Identification Protector appears to be a useful device to shield private records while surfing the net. However, there had been reports that this software connects some adware and potentially unwanted program (pup). Moreover, a few browser redirects force pc users to reach advanced identification Protector’s legitimate website and trick them into downloading and paying for this application. In some instances, the visited web page will trouble a fake warning pointing out several troubles discovered on the computer. Then, it’s going to recommend them to call (855) 737-4053. This customer support is some other phase that aims to lie to the user to download an advanced identification Protector.

Once advanced identification Protector is hooked up at the computer, it can run a scan all through windows start-up. Then, the program will identify dozens of risks found at the pc. The user might be prompted for a group of identity traces; however, solving this difficulty requires the user to pay for the overall version of advanced identification Protector. It’s an explicit money-making scheme by way of rogue software authors. Scare techniques widely used to mislead customers into buying unknown and suspicious tools.

Thus, we can say “Advanced Identity Protector” is a highly controversial application that has marked as “potentially unwanted.”

NOTE: (“Advanced Identity Protector” adds a registry entry for the current user which will enable the application to start whenever it gets rebooted automatically. It might schedule a job to add Windows Task Scheduler to begin the program at scheduled multiple times (Variation in schedule time depends on the version).

Rather than losing money to fix the computer with the registered version of advanced identity Protector, we highly recommend you to remove/ uninstall Advanced Identity Protector as soon as possible. Then, run an intensive scan of the anti-malware software. It may find and delete any items linked to the rogue application and other PUP’s.

Although, there are numerous ways to eliminate such malicious spyware from your PC.

Here, are the few easy approaches with which you can remove Advanced Identity Protector from your PC.

How to remove Advanced Identity Protector?

For the removal of such type of PUP, there are two simple methods mentioned below accordingly:

  • Automatic Mode
  • Manual Mode

Automatic mode

  • Your first step is to download a “Free Malware Removal Tool” like Malware Crusher, ITL Anti-Malware from the approved website.
  • After downloading the removal tool, Install it.
  • After the installation procedure, it will automatically begin the scanning process.
  • Ultimately, your PC is freed from malware.

Manual Method.

Rule 1:

You can uninstall Advanced Identity Protector from Control Panel.

  • Press Ctrl + Shift + Esc concurrently.
  • It will show you the ‘Windows Task Manager.’ Window. But, make sure that you are searching for the application tab. Further, look for Advanced Identity Protector. If found, then select it and click on End Task.
  • Now you can close the task manager.
  • Again, you need to open the control panel from the start menu or by holding Windows key + R key at the same time.
  • It will bring up the “RUN” box now in this box you need to type ‘appwiz.cpl.’ and tap “OK.”
  • From the ‘program and features’ panel, you will see the list of all installed programs.
  • Perform a Right Click on ‘Advanced Identity Protector’ and uninstall it from your system.

Rule 2:

Remove “Advanced Identity Protector” extensions from Chrome, Internet Explorer, and Mozilla Firefox.

Here, are the necessary steps to remove Advanced Identity Protector from various browsers like Chrome, Internet Explorer, Mozilla Firefox, all the removal steps for the same are listed down, please follow them accordingly:

  • Google Chrome

Step 1: Open “Google Chrome” main menu, click to the “Settings” option.

Step 2: Drag down the page to the lowest > select advanced link option.

Now scroll down the page until you get the choice for Reset settings and press the “Reset settings to their specific defaults” button.

Step 3: Click the “Reset” button, to restore settings to their original defaults.

  • Internet Explorer

Step 1: At first launch “Microsoft Internet Explorer” > Click ‘gear’ icon.

(It will navigate you to the drop-down menu on the top-right corner of the internet browser > go to “Internet Options” and click it).

Step 2: In the next window of “internet options,” pick the “advanced” tab, > click on the “Reset” button.

(Microsoft Internet Explorer will open “Reset Internet Explorer settings” dialog box > press the “Delete personal settings” check box to select it > click the “Reset”).

Step 3: As soon as the operation gets done > click the “close” button.

  • Mozilla Firefox

Step 1: Launch Firefox > press the menu button with three horizontal lines shown at the top right corner of the web-browser display screen > click on “help” option at the lowest of the drop-down menu. It’s going to show the slide-out menu.

Step 2: Select the “Troubleshooting information.”

If you can’t access the Help menu, then type “about support” in your address bar and press Enter.

Step 3: Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page.

Pick out “Refresh Firefox” inside the confirmation prompt.

The Firefox will automatically initiate the process to fix issues caused by the adware that responsible for the appearance of Gstatic popup ads.

Once the task gets completed > click the “finish” button.

You can also delete “Advanced Identity Protector” from your system and we highly recommend you to use the Malware Removal Tool, i.e., Malware Crusher (To scan your computer with anti-malware software and let it do its task).

Use Malware Crusher to stay protected from all such type of threats, and make your system performance up-to-date.

Also, recommending you ITL Antimalware- Keeps your system protected from all type of malicious attacks.

Preventing measures to keep your system secure against virus and malware:

As you must be now aware of Advanced Identity Protector. Below mentioned are the few preventing guidelines to keep your gadget Malware free:

  • Set/ Allow permissions to block pop-ups

Pop-up ads, notification on the websites are the most questionable tactics spread by cybercriminals to expand a web of malicious programs.

So, we suggest you to avoid clicking on uncertain sites, software offers, pop-ups, etc.

Suggesting you install an effective ad- blocker for browsers like Chrome, Mozilla, and Internet Explorer.

  • Maintain and Update your Windows

To maintain your system’s performance and keep them free of virus or infections, we recommend you always to keep your Windows updated.

With this operation, you can keep your device free from virus/adware.

  • Avoid “Third-party” installation

An alert not to install any third-party software or program, as it may result in your system in danger.

Stop downloading/ installing “Bundling” software.

  • Daily/ regular Backup for smooth-running of your system

Daily and proper backup of the system helps you to keep your data safe and secure.

For any cause, if your system infected by any virus. Thus, it’s better to keep backup for your important files regularly on a cloud drive or an external hard drive.

  • Try to put on Anti-Virus for your system

Prevention is higher than cure.

We recommend you to install an antivirus or a Malware Removal Tool like Malware Crusher for the betterment of your system to enhance its performance.

Yahoo’s Security Breach Grows Worse

In December 2016, Yahoo revealed it had been hacked back in 2013. It was reported at the time that this security breach by an “unauthorized third party” saw the user data associated with 1 billion accounts stolen. However, it turns out that this epic hack was even worse than Yahoo thought.

This hack didn’t just affect 1 billion random Yahoo users. Instead, it hit every single Yahoo account that existed in August 2013. And there were 3 billion of them at the time. Let that sink in for just a minute: 3. billion. accounts. Making it the largest data breach in history. That we know of…

The Most Epic Security Breach Ever Recorded

Since Yahoo first disclosed the hack Verizon has acquired the company. During that acquisition new intelligence was uncovered that clued Yahoo into the fact it had underestimated just how epic this hack was. Rather than “just” 1 billion users being affected, all 3 billion users were caught up in it.

Yahoo has subsequently sent out a notice revealing the truth. The company states it now believes that “all Yahoo user accounts were affected by the August 2013 theft”. And Yahoo, now called Oath, has drawn this conclusion “following an investigation with the assistance of outside forensic experts”.

Thankfully, although the size of the security breach has been scaled up significantly, the information stolen has remained the same. Which means that “names, email addresses, telephone numbers, dates of birth, hashed passwords […] and, in some cases, encrypted or unencrypted security questions and answers” were stolen.

However, Oath (formerly Yahoo) is ultra keen to stress that no “passwords in clear text, payment card data, or bank account information” was stolen from its servers. This should be of some comfort to anyone who had a Yahoo account in 2013. Which is probably most people reading this right now.

Please Follow Yahoo’s Common Sense Advice

Oath has created a full page of FAQs related to this data breach. And this provides the common sense advice the company suggests you follow in order to safeguard your information. Which basically amounts to changing your passwords and security questions and answers for any and all Yahoo accounts, and, crucially, all other accounts that share the same or similar information.

 

 

 

Mastering Password Managers

It goes without saying that everyone needs to use stronger passwords, and the best way to do that is with a password manager. The truth is, passwords that are hard to hack are very hard to remember, however you really do need long and complex passwords.

Top 3 Password Manager Apps for Android

That’s where password managers come in handy. There are all kinds of password managers out there, including some as basic as your browser’s rudimentary list of saved passwords list and some as elaborate as entire cloud systems that work across multiple devices and platforms.

All of these models have some basics in common: they store your passwords, they auto-fill details on login forms, and they keep your passwords encrypted in databases. The differences are where those databases are kept, the types of encryption and recovery options available.

Weaponized Math: Encrypted Passwords

Your browser can save passwords, but that often isn’t very secure. One of the main appeals of a password manager is that it saves all of your passwords behind one password in a single database.

Of course putting all your plain text passwords in one place isn’t much of a security measure in and of itself. Instead, your passwords must be encrypted, which secures your passwords. But since the amount of control over password databases can vary, you’ll want to figure out which model works best for you.

When boiled down, encryption is the use of math to disguise your data. The key used to transform the plaintext is randomly generated, the strength of the encryption is based on this key size in bits. In layman’s terms: the more bits, the more security. This is because the more compelx the key, the more complex the resulting output is.

Depending on the algorithm, that substitution is repeated. In certain cases, they key is transformed to further obscure the output. This process is creates what’s called a hash, which often has added salt—additional randomization added to the hashing process. This ensures the original value is completely obscured without the correct starting input, key, and salt.

There are additional factors like block size, initialization vectors, and other more advanced concepts. If you’re interested in the gory details, check out our detailed breakdown of encryption

Local Safes: Keeping Control

The best way to keep a secret is to never tell anyone. If you don’t want your passwords anywhere other than on your hard drive, a local password manager is your best option. This keeps your data on a device that you physically control, leaving your security directly in your own hands.

One of the more popular password managers is KeePass, an open source Windows solution with ports on Mac and Linux. It offers a lot of flexibility and control, including the ability to select between multiple encryption algorithms.

best password managers 2016 keepass

And if you’re looking for a complete escape from passwords, you can even use key files to unlock your passwords. (You put key files on a USB drive or other portable storage, then use the physical device as a key to authenticate with the machine.)

The downside to KeePass is the same as its strengths: you control the keys to the kingdom, so if you lose your key files or master password, you’re out of luck. In such a case, your only option would be to start over from scratch and set up every password again.

Your file is also limited to where you save it, so you’re responsible for any backups you want to maintain. If you want mobile sync, you’re going to need to do it manually (or with a separate syncing service like Dropbox) and a compatible reader on your tablet/phone. And if something goes wrong, you’re on your own.

Local managers give you a lot of security and control, but you lose a rescue plan and out-of-the-box portability.

Syncing Systems: Multiple Devices

If you’re juggling multiple devices with many passwords, keeping a master file locked on a PC somewhere is not the best solution — especially if you’re trying to log into Amazon on your phone or check your bank balance on your tablet. Don’t weaken the password just to make it more memorable!

That’s where hybrid approaches like 1Password come in, which uses Dropbox or your local network to automatically sync your password between devices. This gives you the ability to keep everything working across devices, but you are still the only one with the key to your data.

Image result for 1password logo

But you lose some of the crunchier options, such as multiple encryption algorithms and key file logins.

This fixes a lot of the downsides of the local-only option, as you can keep your phone, tablet, and computer all in sync. You’ll also need to trust Dropbox as a cloud host, though 1Password does add an extra layer of security on top with its own strong encryption, so you can rest assured of any security worries.

If you’re really worried about interceptors and other vectors of attack, you can just use your local network to synchronize your passwords across devices. You won’t have any hope of recovering a lost master password if you choose this route, but it does ensure that 1Password won’t have access either.

Cloud Services: Any Device, Anywhere

Keeping all of your passwords in the cloud requires a certain amount of trust in a company to do things the right way. My favorite choice here is LastPass.

LastPass keeps an encrypted copy of your password database in the cloud, making it available on almost every platform and browser imaginable. You will need a premium membership for several of their features, but the basics are there for free.

Image result for lastpass logo

Your devices do all of the encryption and decryption, ensuring that your master password is not on LastPass’s servers. If you don’t have access to the Web, a copy is cached locally so you can still unlock. There is an additional layer of protection in two-step verification as well.

You have to trust their security is as robust as promised, as LastPass makes for an obvious target for hackers. However, with a good master password and two-step verification enabled, you should be confident about the security of your password safe. And if you ever forget your password, you can recover your safe.

Literally the Least You Can Do

If you’re a Mac and/or iOS user, you already have access to a password manager built into your operating system: iCloud Keychain. This is an extension of the OS X keychain that uses iCloud to keep all of your passwords synced across devices.

Windows has a similar feature called Credential Manager, but it does not have the same cross-device syncing.

This is pretty comparable in terms of security to LastPass, but it’s limited to Apple devices. Unless you’re only running exclusively on Apple products, you’re going to be missing your passwords on some of your other devices, which can be a huge nuisance.

Yet even if you’re a big Apple fan, you still may not want to lock yourself into the platform because you never know what kind of other devices you may get in the future.

You Really Need a Password Manager

Unless you have an iron-clad memory, using different passwords across all of your accounts is going to prove difficult. Doing so with hard-to-crack passwords? Near impossible. Getting a password manager ensures that you can keep all of your accounts safe and secure using a single master password.

Find the model that works best with you and find the product that works best for your devices. Almost every manager has a free trial or free tier that you can try out. Once you’ve made your choice, go through all of your online accounts and update the passwords to be more complex.

That’s really all there is to it.

Has Your Password Been Exposed ?

You know by now that you should be changing your passwords regularly. I have have been strongly recommending password managers for several years now. This is because every day there seems to be another cyber security crisis. If you haven’t changed your passwords recently, it’s now officially time: a massive database containing login credentials is floating around the internet.

Image result for password hack

We don’t know who’s behind the breach, but over 560 million leaked emails and passwords — 243.6 million unique email addresses — are compromised. First uncovered by the Kromtech Security Research Center, the leak has been confirmed by security researcher Troy Hunt, who created the “Have I Been Pwned” website.

What kind of information does it have?

The good news is, there hasn’t been a new hack: the trove of credentials is a collection of data from previous breaches at LinkedIn, DropBox, LastFM, MySpace, Adobe, Neopets, Tumblr and others. Some of these breaches are years old.

What makes this database troublesome from a security standpoint is how accessible it makes sensitive information. It basically compiled private data from various prior hacks to create one convenient database for hackers to illegally access.

Who is at risk?

Essentially, anyone who never updated their credentials at the time of the original breach. If you haven’t stayed on top of every hack and checked your status each and every time, then you could be at risk.

How to check if your credentials are compromised

The easiest way to see if your credentials are vulnerable is to go to Hunt’s site — Have I Been Pwned. Here, you can type in your email and find out if your email and password are safe or not.

Image result for pwned

You may have changed your password at the time of a given breach, but let’s be real: you may not remember. If you scroll below the results, the site shows you which breaches you were impacted by. To view information on sensitive breaches, subscription is required. If this is your first time on the site and you get the dreaded “Oh no—pwned!”message, then it’s best take a screenshot of the result and change your password immediately.

Why a screenshot? The site tells you how many “breached sites” it’s on (in other words, how many unique incidents took your credentials) and if there are any “pastes” — a paste is when the information is shared on a public website. Saving this information (you can also jot it down somewhere safely) can let you know in the future if you’ve been breached again if the information in the results change.

Don’t understand what’s going on? It’s okay. Just go change your email password to be safe. And be sure to create a strong password.

Recent DDos Attack Exploits Internet of Things (IoT)

Last week I wrote about the cyber-attack that took out huge portions of the Internet has now led to a major product recall. Hangzhou Xiongmai Technology, a Chinese electronics company, has acknowledged that weak default passwords on many of its devices were partly to blame for the October 21 attack.

ddos

The components maker, which builds parts for everything from security cameras to digital recorders, said it would be recalling millions of Web-enabled cameras that were sold in the U.S. The company described the attack as a major blow to the Internet of Things movement, saying it has shaken customer confidence in the level of security of all Internet-capable devices.

Despite the surprise and devastation achieved during Friday’s attack, it was not inevitable. In fact, Hangzhou Xiongmai reported that it first became aware that some of its cameras had a security flaw last year. The company issued a firmware update to fix the issue last September and urged customers to change the password from the default setting.

Only devices that were sold before April 2015 failed to update their firmware. Those devices were still using the default password and were connected to the Internet when they were exploited.

Hangzhou Xiongmai has now agreed to recall up to 4 million products. While the company primarily makes components for industrial and commercial devices, such as surveillance equipment for banks, stores, and residential areas, most of the devices it sells in the U.S. are for personal and consumer use. That might explain why so many devices were running old firmware using the default password.

Dealing with the Internet of Things

Friday’s attack managed to take out huge parts of the Internet throughout the United States including popular sites such as Twitter and Netflix, by targeting Dyn Inc., a New Hampshire-based company responsible for providing much of the domain name service infrastructure in the US. The group responsible for the attack was able to overwhelm Dyn’s servers with a distributed denial of service attack.

To achieve their goal, the hackers used a malware tool known as Mirai to take control of IoT devices, such as security cameras, using Hangzhou Xiongmai’s hardware components to form a botnet. Once under the hackers’ control, the botnet was able to generate fake network traffic from tens of millions of IP addresses, overwhelming Dyn’s ability to respond.

This was one of the largest and most sophisticated attacks against a major Internet infrastructure provider in history. And the use of IoT devices, rather than laptops or desktops, may represent a chilling new development in the annals of cybercrime.

Such devices are expected to proliferate in the coming years, and many continue to lack sufficient security safeguards. Friday’s attack may prove to be only a glimpse of what’s to come.

DDoS Attack Exposes Growing Concerns

Early this morning, a large distributed denial of service attack (DDoS) directed at the Internet performance management company Dyn caused Web site outages for a number of its customers, including Twitter, Reddit, Spotify and SoundCloud.

Question – What is a DDoS?

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

Why Are Reports Like This a Concern?

While today’s DDoS attack was resolved relatively quickly, a number of news sites described it as having shut down “half the Internet” for users on the East Coast. In addition to customers, such as Twitter and Reddit, Dyn’s client list includes large sites such as About.com, CNBC, Etsy, RedHat and Zillow.

The scale and scope of DDoS attacks have been growing dramatically over the past year or so. Last month, for example, the KrebsOnSecurity Web site was temporarily brought down by a recording-breaking DDoS attack generating traffic levels of up to 620 Gbps. Shortly afterward, the France-based hosting company OVH sustained a DDoS attack that was nearly twice as massive as the one on Krebs’ site.

A Growing Concern

Security experts are blaming the rise of increasingly massive DDoS attacks on the rapidly expanding number of network-connected devices on the Internet of Things (IoT). Earlier this month, researchers identified a 12-year-old vulnerability in the OpenSSH security utilities suite, noted that weak protections on IoT devices has helped to create the “Internet of Unpatchable Things.”

The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices which often include poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers.

What all these connected devices have in common is the existence of security vulnerabilities caused by a flawed software design or gross negligence on the part of their manufacturers that all often use the same factory passwords for all their devices.

internet-of-things

Question – What is The Internet of Things? 

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low — or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.

IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), microservices and the internet. The convergence has helped tear down the silo walls between operational technology (OT) and information technology (IT), allowing unstructured machine-generated data to be analyzed for insights that will drive improvements.

The security of the internet is a complex and often overwhelming challenge. What at one time was simply computers connected together via the internet is now smartphones, mobile devices and technologies of every type from your refrigerator, HVAC system and medical devices such as heart pacers.

The Case for Password Managers

Here is something that probably drives you crazy. Passwords. How many times do you have to reset your password? How much time do you lose trying to figure out just what your password is for a particular website? Do you panic when you hear about another security breach and have you ever feared that your personal information has been stolen?

We are live in a digital world and there is nothing we can do about that. Passwords and security are simply going to continue to become more difficult and harder for us to manage. I believe that the best way for you to safely and efficiently manage your online security is by investing your time (and sometimes a little cash) in a good password manager.

Using a password manager will address these problems that most of us face as we travel through the digital universe.

  1. Error messages galore – It’s annoying to type out a password, especially as password requirements get more complex. And many times, we type them in wrong. This is even more of a problem using the small keyboards on a smartphone or tablet. With a password manager, your password is automatically filled in for you when it detects the login screen, or you can easily tap the password for entry into a mobile app.
  1. The forgotten password lock-out – Enter that password one too many times, and boom – you’re locked out. Again. That’s the last thing you want to deal with when you’re logging in to pay your credit card on time or need to respond to an email quickly. Password managers never forget the stuff you’ve stored in them, and that stuff includes your passwords. Never get locked out again with a password manager.
  1. The reset (the aftermath of the lock-out) – Once you’ve finally admitted that you can’t remember your password, you have to go through the painful and usually time-consuming password reset process. Will the link to reset your password come through immediately? Or in a few hours? No one knows, and no one has time for that.
  1. Creating a tough as $%!t password – With the increased frequency of breaches, many sites are implementing stronger password requirements – 35 characters, 6 symbols, uppercase, lowercase – who can remember all that?! Thankfully, we have the technology of a password manager for that. Not only can it create that complicated password in one click, it remembers it without any work on your part.
  1. What’s your Wi-Fi, again? – You have friends over for game night and everyone wants to control the music from their own phone. But before they can do that, you get the age-old question, “What’s your Wi-Fi password?” And a 15-minute delay ensues as you try to track it down again. Ah! But with a password manager like LastPass, you’ll have it right where you want it. Simply store your Wi-Fi credentials in a Secure Note, and share that Note with your friends so you don’t ever have to dig up and spell out your Wi-Fi password again.
  1. Your billing address is not correct – You’re shopping online, just buying a new pair of shoes, but as soon as you enter your name, the browser populates your billing and shipping information with your office address. As much as you’d love to charge those new shoes to work, that won’t fly. With LastPass, you can create profiles for your credit cards so you don’t need to enter the information each time – LastPass just fills it in for you automatically.
  1. Post-breach password changes – The modern reality is that passwords are a hot commodity and hackers are going to keep trying to steal them. After each new breach, we as consumers run around changing this password or that one, which can be a hassle and quite time-consuming. But password managers like LastPass can help you figure out where you’ve reused the same password that was breached, and will even automatically change passwords for you making it extremely easy to be extremely secure.
  1. Not having a password when you need it – It’s happened to everyone. You’re on the go – running errands, away for the weekend – and you get an email that your electric bill is due – today! Normally that’s not a problem, but the password for your electric company account is stored in your browser or on a sticky note next to your computer, which isn’t helpful now. With a password manager you have access to your passwords wherever you are, from any device. So paying your electric bill from a rest stop on the side of the highway is no big deal.

Take a look back at this list. How many of these frustrations have you dealt with just in the last month? Passwords aren’t going away; they’re actually becoming more of a pain, but they don’t have to be.

My favorite password manager is LastPass but there are others out there as well. You can learn about many of the best password managers by checking out this PC Magazine article.

Outlawing Ransomware?

Legislation has yet to catch up with technology. Perhaps – finally legislators will begin to understand that they have some power to actually protect consumers where new technologies are concerned. There is hope coming out of California where tech law is concerned.

State legislation to outlaw ransomware is drawing broad support from tech leaders and lawmakers, spurred by an uptick in that type of cybercrime and a series of recent attacks on hospitals in Southern California.

The bill, authored by state Sen. Bob Hertzberg (D-Van Nuys), would update the state’s penal code, making it a felony to knowingly use ransomware, a type of malware or intrusive software that is injected into a computer or network and allows a hacker to hold data hostage until money is paid.

Ransomware has become a lucrative industry over the last three years, affecting schools, police departments and healthcare businesses. Trojans that work like viruses, such as CryptoLocker — which began appearing in 2013 — can be unleashed by users with few technical skills and reel in profits.

Proponents say the proposed ransomware law is the right step to counter attacks difficult to prosecute under existing statutes that are not tailored to combat computer crime. But some question just who will get caught in the dragnet, as such incidents are tough to trace and culprits are often overseas.

Victims nationwide lost more than $209 million in ransomware payments in the first three months of 2016 alone, compared with $25 million in all of 2015, according to the FBI.

But no arrests were made. Nor were arrests made in more than half a dozen of ransomware incidents investigated by the Cyber Investigation Response Team of the Los Angeles County district attorney’s office, which is a co-sponsor of the bill.

 

Ransomware Defined

Ransomware attacks are instigated when a person clicks on a compromised website or opens an infected email. The programs encrypt files, such as photographs, videos or documents, and they cannot be accessed without an encryption key.

Security researchers first saw similar attacks in 1989, when the so-called AIDS Trojan virus locked people out of their files if they clicked through a quiz about their sexual and drug habits. Ransomware has evolved over the last decade with the creation of “police screen lockers,” pop-up screens that appear to be created by law enforcement agencies that fraudulently order people to pay fines after accusing them of downloading pirated movies or child pornography.

At the federal level, prosecutors can use the Computer Fraud and Abuse Act to target ransomware. But state prosecutors typically must pursue such cases under laws against extortion, or those that target threats to injure a person or property that have not been acted upon.

Android Users Beware “Godless”

If you are an Android user – you have have reason to fear “Godless”, a new
family of malware targeting Android mobile devices that has been detected by digital security firm Trend Micro. The malware, named after the ANDROIDOS_GODLESS.HRX filename it uses, uses multiple exploits to root users’ devices.

New 'Godless' Malware Targets Android Mobile Devices

Godless can target virtually any Android device running on Android 5.1 (Lollipop) or earlier. Today almost 90 percent of Android devices run on Android 5.1 or earlier. Apparently malicious apps related to this threat can be found in all over Android app stores, including Google Play, and has affected over 850,000 devices worldwide.

Godless is similar to an exploit kit. Both use a type of open source rooting framework called android-rooting-tools. The framework has various exploits in its arsenal that it can use to root a number of different Android-based devices. The two most prominent vulnerabilities targeted by the rooting kit are CVE-2015-3636 (used by the PingPongRoot exploit) and CVE-2014-3153 (used by the Towelroot exploit).

By gaining root privilege, Godless can connect to a command-and-control (C&C) server capable of delivering remote instructions that force the device to download and install additional apps without the user’s knowledge. At best, an iunfected user receives unwanted apps on the phones. At worst, the same technique can be used to install a backdoor on the phone in order to spy on the user.

Google is apparently aware of the threat, and has stated that they are taking “appropriate actions”. I would recommend that should review the developers listed for apps whenever you download new programs from any app store. You should also be suspicious about unknown developers. All apps should also be downloaded from trusted stores such as Google or Amazon.

Netflix & Amazon Urge Users to Change Their Passwords

Both Netflix and Amazon are warning some customers that their accounts may be at risk and are urging them to change their passwords. This appears to be the first major effects of the massive database breaches that have surfaced during the past month.

The emails, which have started to surface in more and more inboxes recently, warn the recipient that their credentials may have been found in a cache of passwords and emails that made their way online. Both Amazon and Netflix assure their customers that neither company was directly breached.

In both the cases of Netflix and Amazon, the services have created temporary passwords for users who have been caught in the leaks. The security step was taken because “many customers reuse their passwords on multiple websites,” according to the email delivered by Amazon.

The belief that users have reused passwords is probably a correct one. Many people still use the same password across many accounts, which is a major problem and why Amazon and Netflix are moving forward with there urging of their customers to change their password.

This precautions taken by Netflix and Amazon follows several weeks of an unprecedented amount of usernames and passwords stolen from major sites and services.

Recent History of Large Services Hacked

A total of 167 million accounts from LinkedIn, the result of a 2012 breach, surfaced in May after appearing available for sale on a dark net marketplace. Just weeks later, 427 million credentials from MySpace appeared online, the result of an apparently unreported breach of the social network’s databases. Sixty-five million Tumblr accounts that were stolen in 2013 were acquired at the end of May. In June, 32 million credentials from Twitter users were put up for sale on the dark web, though Twitter denies it was ever the victim of a hack.

Screenshot of Netflix’s Password Change Notification

Change Your Passwords

Even if you don’t get an email from Netflix or Amazon—or any other company taking extra steps to protect their customers—suggesting a password change, now is the perfect opportunity to do it.

First, you can check to see if your account appears in any of the recent breaches by using the free tools offered by LeakedSource, an online database of stolen credentials, or Have I Been Pwned, a collection of compromised usernames and passwords maintained by security expert Troy Hunt. Regardless if you appear on either list, it never hurts to refresh your current protection.

When filling out the password form, make sure to use a unique combination that isn’t in use for any other account belonging to you; a breach of one service can create a domino effect and compromise you later.

Make sure to use a combination of words, numbers, symbols, and upper and lowercase letters. Try to avoid anything easily guessable—anything on the list of most common passwords is a nonstarter—and keep away from publicly available personal information like your birthday.

Use a Password Manager

I have suggested this countless times here, on this fine technology blog as well as to my workmates, friends and family. Invest in a Password Manager like “LastPass”. Password Managers can take a daunting job (like having strong, encrypted and unique passwords) and making is very easy. Those of us using a password manager have very little to fear from security hacks like the ones mentioned here.

Consider Two-Factor Authentication

Consider using “two-factor authentication” for your important online accounts, especially financial accounts. These are becoming easier to use. The one I recommend is Google’s Authentication.

1 2 3 14