Home + Mobile

It was only a matter of time before phone hacking rose to the top of the media-driven hysteria list

Thanks to the rapid growth of mobile device adoption and the subsequent rapid growth in mobile threats, phone hacking prevention is a hot topic. A headache reserved for celebrities in the past, smartphone-infiltration concerns have crossed the VIP vs. everyone else blood-brain barrier and now potentially impacts anyone who owns a smartphone.

But is this really a serious problem for us regular folks? Are our voicemail messages so interesting that someone would invade our privacy to listen in? Before we go barking up the narcissism tree, it’s best to examine what phone hacking is and whether you really need to worry about it.

With everything I’ve got going on, do I need to worry about my phone’s security?

This security threat can be broken down into two types: hacking into a live conversation or into someone’s voicemail, and hacking into data stored on one’s smartphone. Just as the majority of abductions are carried out by a member of the abductee’s family—unless you go by code name POTUS or are Hugh Grant—the person most likely to hack into your live conversation or voicemail will be someone that you know who has an ax to grind.

And in today’s mobile world, mobile security is a growing issue. As people increasingly store sensitive data on their mobile devices, the opportunity to exploit privacy weaknesses becomes more tempting to unscrupulous ‘frenemies’, exes or the occasional stranger.

It doesn’t help that there is a cottage industry of software ostensibly developed for legal uses but is easily abused (password crackers aptly named ‘John the Ripper’ and ‘Cain and Abel’ are two examples). Opportunistic hackers can wreak havoc with data deletion or install malicious software that gathers bank account logins and confidential business emails.

So what’s a smartphone owner to do?

If you want to be proactive, there are several measures you can take to protect yourself against this threat, most of which involve common sense. For example:

• Don’t leave your phone unattended in a public place.
• Be sure to change the default password that comes with a new phone to something more complex (resist the usual “1234,” “0000” and 2580)
• Avoid using unprotected Bluetooth networks and turn off your Bluetooth when you aren’t using it.
• Use a protected app to store pin numbers and credit cards, or better yet, don’t store them on the phone at all.

Throwing the baby out with the bathwater

If you’re still worried about your smartphone’s security, there are further steps you can take to protect yourself. However, taking things too far will defeat the purpose of having a smartphone at all.

• Avoid accessing important locations such as bank accounts via public Wi-Fi that may not be secure.
• Turn off your auto complete feature so critical personal data isn’t stored on the phone and must be re-entered every time you need it.
• Regularly delete your browsing history, cookies and cache so your virtual footprint is not available for prying eyes.
• If you have an iPhone, you can enable ‘Find My iPhone’ in your settings, and it will locate your phone if you misplace it before the hackers can lay their hands on it.
• Use a security app that increases protection. For Android owners, Webroot offers the all-in-one SecureAnywhere Mobile app that provides antivirus protection and allows you to remotely locate, lock and wipe your phone in the event you lose track of it.

Remember—if the thought of your smartphone getting breached has you tossing and turning at night, you can just turn the phone off, remove the battery and hide it under your pillow for some sweet lithium-ion induced dreams.

If you’re one of the people who is still stubbornly holding onto Windows XP (which stopped receiving support and security updates as of April 8, 2014), it’s time to let go. Likewise, if you’re using an outdated version of your preferred internet browser, it’s time to update. Right now. Why? In both scenarios, you’re putting your personal online security at risk any time you browse the internet. Without current web browser support and critical security updates from Microsoft, your PC may become vulnerable to any number of harmful viruses, spyware, and other malicious software which can steal or damage your identity, personal finances, and information.

Microsoft Pulls the Plug on Windows XP; Users Should Upgrade

(Source: howtogeek)

Nearly two years ago, Microsoft finally made the decision to stop supporting the widely popular OS (operating system) after a 12 year run. Windows XP faithful (and there were many) were encouraged to say their farewells to the beloved OS and move on to newer Microsoft technologies, or continue to use XP at their own risk as the OS was no longer receiving security updates. Unfortunately, many users chose the latter option, leaving their computers susceptible to a myriad of threats. Worse yet, people stubbornly continue to use Microsoft XP, despite the security risks. If you fall into this category, I strongly advise you to upgrade to a version of Windows that Microsoft still supports.

For more information on the end of XP support as well as how to upgrade, you can check out this Microsoft FAQ.

Using an Up-to-Date Internet Browser on a Supported OS is Important As Well

Making sure your operating system is supported is critical, but it’s not the only step users need to take to stay secure. If you’re using a supported OS, but fail to keep your internet browsers updated, you leave yourself vulnerable every time you browse the web. Likewise, if you’re using an updated browser on an OS that’s no longer supported,  same thing. Thus, browser support is also crucial for a safe internet-using experience. Here’s the current support status of each major web browser:

Internet Explorer:

(Source: Microsoft)

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10. In other words, if you’re using any prior version of I.E., you’re at risk and it’s time to update.

Fortunately, Internet Explorer 11 offers improved security, increased performance, better backward compatibility, and support for the web standards that power today’s websites and services, so the transition should prove a comfortable one. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience. You can download the latest version of Internet Explorer here.

Google Chrome:

(Source: Google Images)

Chrome, Google’s wildly-popular take on the internet browser, came onto the browser scene (and subsequently onto users computers) in 2008. Now, it’s estimated that Chrome is the most widely-used browser on desktops, at 58% worldwide usage share.

Unlike Internet Explorer, Chrome automatically updates each time it detects that there’s a newer version available, so users don’t have to worry about being on a potentially-outdated version of the browser. However, last November, Google announced it will end support for Chrome on some older operating systems by April 2016, which means that less than a month from today, Chrome will stop getting updates if your computer is running any of the following operating systems:

Windows Vista, Windows XP, OS X 10.6 Snow Leopard, OS X 10.7 Lion and OS X 10.8 Mountain Lion

The April 2016 deadline is actually an extension to the life cycle of Google Chrome on Windows XP. Google originally announced back in October 2013 that support for Chrome on XP would end by April 2015, before pushing that deadline back to December 2015. For more information on system requirements as well as download links for different operating systems, check out this Google support page.

Mozilla Firefox:

(Source: Mozilla)

Mozilla’s Firefox, created back in 2002, still remains a popular browser choice for users. Largely thanks to the decline in Internet Explorer usage, Firefox reportedly took over the number two slot for desktop browsers in February 2016.

Like Chrome, Firefox is set by default to automatically update to the latest version. You can find a list of all Firefox releases here.

As far as operating systems go, here are the ones currently supported by Mozilla: Windows XP SP2, Windows Server 2003 SP1, Windows Vista, Windows 7-10, Mac OS X 10.6-10.11. You can learn more about getting the latest version of Firefox on an older version of Windows here (although you should really not be using Windows XP at this point, as outlined earlier).

Safari

(Source: Apple)

Sure, some Mac users prefer to use Chrome or Firefox. However, Safari (the default internet browser on Mac OS X that was originally released in 2003) is also used by many Mac users worldwide.

While the browser doesn’t update automatically, users can easily check for updates by opening the App Store and clicking on ‘Updates’ in the toolbar. If there’s a new version of Safari available, users just need to click the ‘Update’ button (and enter their Apple ID), and the latest version will be installed.

To keep Safari up-to-date, Apple encourages users to upgrade to the latest version of OS X. Safari 9, which is currently in version 9.0.3, comes bundled with the latest version of OS X, El Capitan. However, users who are still using OS X Mavericks can also update to the latest version of Safari. You can find out more information on this Apple support page.

With so many options, updates and upgrades available today, it’s easy to find yourself using an outdated operating system or a internet browser that is no longer supported, and putting yourself at a security risk as a result. Hopefully this blog post and the included hyperlinks will help you take the necessary steps in ensuring your operating system and browsers are up-to-date, which in turn, will help safeguard your identity and personal information. As always, it is also important to have an up-to-date antivirus program installed to protect your computer, in addition to an up-to-date browser and OS.

Myth: There is no link between your real-life location and your digital one.

The truth is that the two are very much connected. Perhaps more importantly, then, is what this means when it comes to your personal security. If the state or city in which you live is a hotbed for cybercriminal activity, your chances of being infected online increase significantly. Couple this with the fact that hackers are constantly refining their attack methods and finding new ways to make a profit, and you have yourself a potential recipe for personal information loss disaster.

Fortunately, you can prevent that from happening and stop those cybercrooks right in their tracks. How? By making sure your devices are protected. With cybersecurity that actually works. It also helps knowing which states and cities hackers choose as their favorite targets. The infographic below breaks it down.

In a 2016 survey of 500 PC gamers, Webroot discovered statistically significant differences in the ways that male and female gamers approach internet security, 3^rd party modifications, and the way they choose to portray their gender online. In fact, we found surprisingly large discrepancies between those who identified as male and those who identified as female in terms of online gaming and security.

The following infographic reveals the findings of our survey:

Here at Webroot, we take security seriously. With that being said, there is always more that you can do to improve your security and privacy while browsing online. Below is a list of browser plugins that we recommend you check out.

Webroot Filtering Extension

This one is pretty much a given as we are Webroot. Our filtering extension provides you with the reputation of websites within your browser and helps to protect you from harmful websites. This extension is available to all Webroot users.

Webroot Password Manager

Password managers are almost a necessity in today’s landscape. You should have multiple passwords that differ across your accounts. The Webroot Password Manager assists with managing and maintaining all of these with the click of the mouse. We also ensure that all of the stored passwords are encrypted and you should always ensure this is the case with any password manager you choose to use. This utility is available to Webroot Internet Security Plus and Webroot Internet Security Complete customers. If you are using a security program (you should be) may as well throw in a password manager.

HTTPS Everywhere

More websites are shifting to HTTPS and should be, but redundancy is never a bad thing when it comes to security. This extension encrypts your communications with major websites to make your browsing even more secure.

Privacy Badger

This one comes as more of a personal preference and an honorable mention to Disconnect here. Privacy Badger blocks ads and trackers that use your browsing information to show you tailored results. Privacy Badger learns from your browsing habits so the more you browse, the better it is going to work for you. While not as strong out of the gate as some of the alternatives, in the long run I feel as if this is more useful.

Adblock Plus

You’ve likely heard of this one before, and for good reason. Adblock Plus helps to block popups, video ads, and malware domains on many different websites. The caveat here is that some websites (we are looking at you, Forbes) will ask that you disable this extension to view the website. This happens because many websites receive revenue from the ads located on their website. Some websites solely rely on this revenue to function and provide content to you.

I hope that these recommendations assist you in securing your browsing experience. With the same layered approach that we recommend for enterprise networks, you can keep enhance the security of your browser, keeping you and any other users safe and secure. Share any additional browser plug-in ideas you have on our Webroot Community.

In support of January being Clean Up Your Computer Month and National Privacy Day on January 28th, here are some great tips to start 2016 off right.

Let’s face it, we are all guilty of letting our computers get out of hand from time to time. I, for one, realized this when cleaning up one of my hard drives and discovered that I had 363 games either installed or ready to install. Typically a person will download something they want or need for a given moment, use it and never get rid of it. This can clutter and bog down your hard drive or even worse, leave personal information openly available. Here are a few tips that will help keep your machine clean.

Keep your desktop tidy! For me this is the pet peeve that my fiancée is guilty of and it drives me crazy. If your desktop looks like someone dumped a bucket of icons all over it then you might want to think of condensing and organizing. This can make for faster boot times, and easier navigation. Don’t let your desktop look like this…

Try to keep everything organized!

The download folder can be your worst nightmare on a device. I find this to be the one area that I am horrible at keeping track of. I need a picture for a blog or a gif to send to a coworker… months later I find myself questioning why I have a random gif of a plane crash on my computer. This folder can build and build until it is out of hand. Minimize the amount of files you have in here, if it is old .dmg files then trash them. This will greatly reduce clutter on most people’s macs. The mail downloads folder is another location that people tend to ignore. You can get to it using spotlight and typing in mail downloads or In the Finder, select Go > Go to Folder. Type ~/Library/Containers/com.apple.mail/Data/Library/Mail Downloads in the text field (This is only for people that use the built-in Email app).

Just as most of us adapted to cleaning the cache on Windows, you should do the same for your Mac. This doesn’t just relate to web browser cache, OS X stores lots of information in cache to allow for a faster loading time. You can go to the caches location and do a clean-up yourself (which I only advise for those who know what they are doing) or you can simply go to utilities in Webroot SecureAnywhere and click “Optimize Now”. This will clean up certain caches and logs for you.

A key to having a clean computer is not just removing known junk but also removing unwanted Apps. Be sure to remove applications that you are no longer in need of. I like keeping a spreadsheet with my license keys, in case I need one of the apps in the future. Unused or unwanted apps can take up massive amounts of hard drive space and can post a threat to your internet security.

My final tip… Most macs come with a microfiber screen cloth… Use it.

A physically dirty computer is something that no one wants to look at. Apple has a page dedicated to recommendations and guidelines for cleaning their products. https://support.apple.com/en-us/HT204172

It’s that magical time of year for all technically minded folks: sysadmins, IT pros, nerds and gamers.  It’s that time where you get to go home to family, gather around the fire, and fix their computers.

That’s right; it’s not about the turkey or the giving of presents, it’s about cleaning toolbars off grandma’s computer.

For those of you who go through this annual ritual, here’s a few things to make the process easier for everyone:

1. Facelift: SSD, memory, larger screen.  One of the cheapest ways to give aging hardware a boost is getting easier every day.  SSD prices are bombing like your boss’s jokes at the holiday party, RAM has been cheap for a while, and bigger screens are always cheap around the holidays.  Replacing an HDD with an SSD will make them think you gave them a whole new computer.  For moving the boot drive, I recommend Paragon Software’s Migrate OS to SSD software: https://www.paragon-software.com/technologies/components/migrate-OS-to-SSD/ That way you don’t have to do a fresh install, and you can just leave the migration running while you eat dessert.  Combine that with a USB to SATA cable: http://www.amazon.com/gp/product/B00HJZJI84 and you only have to open up the case once to swap the drive out after the migration is complete.  While the case is open, slap in some extra RAM so that when Chrome tabs gobble up all the memory their computer doesn’t grind to a halt.  And finally those aging eyes will benefit from the jump to a larger screen.  27 inches seems to be the pricing sweet spot lately.  And you can take home the replaced screens to use as second, third, fourth and fifth monitors for yourself while playing Fallout 4.
2. Auto-reset the internet.  How tired are you of asking people if they’ve tried turning it off and on again?  For one aspect you can now automate the process.  They make plugs that detect when the Internet connection goes down that automatically power cycle the cable modem and/or router: http://www.amazon.com/PI-Manufacturing-Internet-Controllable-Automatic/dp/B006PPISCG That will save you from having to explain to your parents which device they have to try turning off and on again when the Internet goes out.
3. Setup easier remote access – Have you ever had this conversation: “Go to the address bar.  That thing at the top.  Type in: H-T-T-P-colon-slash – the one that leans to the right, not the left, now another slash.  Yes the same direction as the last one.  Now L-O-G.  No, G as in Get a clue…”  You get the picture.  While you’re home, why not setup a shortcut on the desktop that goes directly to your preferred remote support website?  That way grandma knows what to click on when you have to remote in to uninstall the latest toolbar she installed.
4. Install antivirus that allows central management – obviously I’m going to recommend Webroot: https://www.webroot.com/us/en/home But no matter what you choose, it’s nice to have something that has a central online console. This allows you to see whether mom’s computer has run a scan in the last decade and how many viruses your younger brother managed to catch while visiting those sites he likes to go to.  With Webroot you can also kick off scans and reboots from anywhere you can get online.
5. Protect their credit – everyone’s had their information stolen at this point so you might as well put a freeze on your credit.  Mom and dad probably aren’t getting a lot of loans these days therefore this won’t be a big inconvenience for them.   Here’s how to go about it: http://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs This just means they’ll need to call in and unfreeze with their password before they get any more lines of credit, and it will stop the bad guys from taking out loans in their name.  Because face it, they already have all of your personal information.  Protect your inheritance.
6. Install an ad blocker and privacy protection – ads are a huge vector for malware these days.  I like uBlock Origin to stop ads and Privacy Badger to stop companies following you around the web with tracking cookies.  Put those browser extensions in place and teach mom and dad how to turn them on or off for individual sites for when they break core functionality.
7. Get them on a better browser – if they’re still using Internet Explorer then you should be ashamed of yourself.  Protip: change the existing IE icon on the desktop to open up Chrome or Firefox instead, so they don’t have to learn to click on anything new.
8. Power protection – get some cheap UPS and surge protection so that any desktop devices & cable modems won’t go haywire if the power blips: http://www.amazon.com/Eaton-Electrical-3S350-External-UPS/dp/B00906CH8S
9. Setup online backup – I like Backblaze: https://www.backblaze.com/ $5 a month for unlimited storage on each computer.  Now your baby pictures aren’t in danger of going up in a puff of magic smoke.  Restores are easy and you get email reports letting you know that the backups are successful.
10. Get better wireless – Ubiquiti has awesome and affordable prosumer APs that will give you a signal from two streets over: http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O No longer will the neighbor’s Wifi interfere.  I use one to cover an entire three-story house from top to bottom.
11. Connect the house with powerline Ethernet – save the wireless for devices that move.  For anything static, from streaming devices on your TV to media servers, wired is the way to go.  Powerline Ethernet is now rock solid and you can turn your whole house into a hub by plugging these into any outlet: http://www.amazon.com/TP-LINK-TL-PA4010KIT-Powerline-Adapter-Starter/dp/B00AWRUICG No running cables throughout the house required.
12. Stop bundleware – next time dad installs an update, you don’t have to worry about uninstalling a toolbar with this one simple trick: http://unchecky.com/ This software automatically unchecks the bundleware checkboxes so that you don’t have to use a cattle prod to train family to uncheck anything.
13. Install a password manager – anything to get people to use good passwords without having to teach their aging brains to remember anything new.  If you use an online password manager, then you can automatically change their passwords and update the password manager for them whenever there’s a report of a breach on a site your family uses.
14. Follow Swift on Security on Twitter.  A parody account that is both funny and useful.  Taylor Swift’s Infosec alter ego will keep you up-to-date on the latest security news and breaches, all while serenading you with the latest hits: https://twitter.com/swiftonsecurity/

Hopefully this list will help you get through the holidays at home without having to resort to hiding in the basement.  Make a few of these changes and it should make the next year of family tech support that much easier.  May the force help you live long and prosper.

With the two most hectic shopping days of the year rapidly approaching, you may be preparing to nab a deal… but identity thieves are just as busy trying to nab your financial information. While you’re out looking for the best deals
online and in retail shops on Black Friday and Cyber Monday, keep these security tips in mind to protect your identity:

• Try to use a secure payment method whenever possible. This includes Paypal, prepaid limited use debit cards, and credit cards that are separate from your primary bank account. Using a debit card that is tied to your primary bank
  account is the least secure form of payment, as a security breach poses the greatest financial risk.
• When you purchase something from a small independent business online, make sure that the checkout process is a “Secure Site”. Look for a yellow padlock in the browser bar as well as “HTTPS” at the beginning of the website (as compared to “HTTP” with no “S” at the end, which stands for “Secure”).
• Make sure that your operating system and security software are up to date. If you use Webroot SecureAnywhere, your software should automatically update itself whenever new versions are released. If you’re interested in using Webroot SecureAnywhere to protect your devices, CLICK HERE for a 14-Day Free Trial.
• Don’t make online purchases while using public WiFi connections, such as restaurant or mall hotspots, because these networks are prime targets for identity thieves and hackers. Shop only from trusted wireless connections such as home and cellular networks.
• Never send sensitive information such as Social Security Numbers, passwords, bank account numbers, or credit card numbers through e-mail. This is not a secure way to send sensitive information and legitimate companies will ask you to use some form of secure site to transmit the necessary information.
• When using an ATM, inspect the card reader before swiping to ensure that it isn’t fake. Lately, identity thieves have been planting card skimmers over ATM card slots in order to trick people into providing their PIN and magnetic strip information, and this technique is on the rise.
• Watch cashiers for skimming, which is when your card is swiped once at the register and again through a hand-held scanner the size of a cigarette lighter. Most registers allow you to swipe your card yourself; if a cashier asks to swipe your card by hand and turns away or puts both hands out of your sight while holding your card, ask to see a manager.
• Review your credit card and bank statements to ensure that there are no unusual or fraudulent transactions. If you identify any suspicious activity, contact the appropriate financial institution immediately to address anny accounts that may have been compromised.

We hope that keeping these security tips in mind will allow you to shop with confidence and safety during the upcoming sales events.

Cyber-criminals love to hit consumers where it hurts, and I’d say the most vulnerable location would have to be our wallets.

I frequently receive inquiries asking how a consumer can better secure their credit card and financial accounts. This ultimately led to me authoring this blog as a point of reference. Fortunately the industry is beginning to implement better practice and new methods to prevent this, and as always, someone, somewhere, will eventually find a way around that.

I’ve included a few tips here that everyone should acknowledge, and a few that may not be relevant to your environment. Obviously there are a TON of steps you can take to better your security, but if I wrote them all down, we would have a novel as opposed to a blog post. For the sake of being concise, I’ve kept this short and sweet, so to speak.

• Physical security is important, keep your credit and debit cards in a secure location that only you can access.
• Never write down your PIN, and make sure it is not personally identifiable information such as birthdays, phone numbers, etc. Cover it up when entering it publicly.
• Make sure that you add your signature to your card, this is something that most neglect or have neglected to do in the past. I know I’ve certainly been guilty of it.
• Regularly review your statements for transactions you do not recognize. Cyber criminals will frequently make minuscule charges first to see if you are checking your statements, and if not, make larger transactions. Some of the most successful campaigns such as this have accrued countless amounts of money with charges as small as a penny at a time.
• Before using your card at a public ATM, ensure that the machine has not been tampered with. Skimmers are becoming smaller and more popular methods for scraping card data.
• Confirm that when making a withdrawal, the amount on the receipt matches the amount withdrawn. Shred the receipt before disposing of it.
• If you receive a new card, completely destroy the old one.
• When purchasing anything online, ensure that the website utilizes HTTPS. Never submit financial or personal data via unencrypted connection.
• As stated in my previous blog, always log out of a website, app, or platform when you are done using it. Most websites and banking apps now implement a time-out policy that requires re-authentication after a certain time frame.
• Never write down your entire card number on a physical medium and never mail it.
• Always keep your card within sight of you. If a teller needs to take it to a machine, request that you accompany them, or ask them to bring the machine to you.
• Avoid using public computers whenever possible and never make important transactions on an unsecured network.
• As we move into chipped base cards that offer more protection, cyber criminals now have the ability to scan these cards. While in its early stages and having limited range, this technology will continue to improve. If you utilize one of these cards, invest in an RFID sleeve to prevent your data from being swiped.

There is a lot more that could be added to this and as we see security measures improve, we will also see the technology to compromise them improve as well. What is secure today, may not be tomorrow.