Poor Password Habits and Data Breaches. 23andMe Hack is a Wake-Up call.

Daily I am presented with spam check requests and questions from people who wonder why spam exists and why it is increasing.  It's simple.  Governments and companies are recording everything one does when on the web, sites visited, preferences, personal and financial info.  The more data a company keeps, the more data is at risk.

Bad actors know this, and breaches occur daily at large firms.  These breaches involve the theft of millions of records containing info about people, names, addresses, phone numbers and SSNs.  The data is then offered for sale on black websites, sometimes given away for free.

23andMe reported they were hacked in October.  The DNA tester reported that 14,000 accounts were compromised by a hacker.  These 14,000 accounts exposed info belonging to 6.9 million people, (14000=6.9 million ???).  The company stated that their computer network wasn't the source of the hack.  THEIR NETWORK wasn't the source?  Who are they sharing their info with?

The passwords used to break into these accounts had been stolen in other data breaches.  This points out the weakness of using the same password for multiple accounts.  This type of attack is called credential stuffing and victims of this kind of attack include Netflix, Nintendo, Zoom and PayPal.  This attack is not unusual but the data stolen from 23andMe is highly sensitive.

“The issue here is that 23andMe is a social site that also has healthcare information,” he said. “And both of these increase the risk of exposure of the data, and the value of the data itself.” 

https://www.wsj.com/tech/personal-tech/23andme-breach-hack-passwords-7587015f?st=xd2av290cqmo6ga&reflink=desktopwebshare_permalink

I have published this link in the past but it is worth revisiting today.  To check and see if your email address and info have been exposed in previous data breaches, please visit the Have I Been Pawned website.

Worldwide problem.

It's not just US citizens.  The Wall Street Journal reports there have been dozens of leaks involving Chinese firms and agencies.  The Chinese government collects massive amounts of data on it's citizenry to maintain social control.  China has created a strict cybersecurity and data protection realm but still breaches happen.  

In June of 2022, an anonymous user on a popular online cybercrime forum put up for sale data of an estimated 1 billion Chinese citizens that was stolen from the Shanghai police. The heist was one of the largest in history and included particularly sensitive data, such as government ID numbers, criminal records, and detailed case summaries such as allegations of rape and domestic abuse.

The Wall Street Journal has since found dozens more Chinese databases offered for sale, and occasionally free, in online cybercrime forums and Telegram communities with thousands of subscribers.

Tens of thousands more databases in China remain exposed on the internet with no security, totaling over 700 terabytes of data, the largest volume of any country, according to LeakIX, a service which tracks such databases.

The same thing is happening in the US.  Our government is as intrusive as China's, and it had/has lots of allies willing to do it's bidding.  Every day when you are on the web, your viewing sites, preferences and personal info are being recorded.

AI today is playing a larger role in this info drama.  It takes little time for a person's image or name to be researched and in less than 24 hours their home address, phone number, children's schools are Doxed and published in the public domain for everyone to see.

There are private professional companies worldwide who are employed by governments, bad actors and others.  Stealing data and infiltration is their forte.  One such company based in India was highlighted recently by Reuters and the WSJ.  Today I can't find the article or info on WSJ and the link I had for Reuters below explains why.  (I posted the link content below, italics)

 How an Indian startup hacked the world (reuters.com)

Editor’s note

Filed Dec. 5, 2023, 10 p.m. GMT

Reuters has temporarily removed the article “How an Indian startup hacked the world” to comply with a preliminary court order issued on Dec. 4, 2023, in a district court in New Delhi, India.

Reuters stands by its reporting and plans to appeal the decision.

The article, published Nov. 16, 2023, was based on interviews with hundreds of people, thousands of documents, and research from several cybersecurity firms.

The order was issued amid a pending lawsuit brought against Reuters in November 2022. As set forth in its court filings, Reuters disputes those claims.

Driving Force Intel based Powerhouse Workstations (not consumer crap!)

Pig Butchering. China cracks down on Internet scammers based in Myanmar

The term Pig Butchering refers to the victims of scammers. The scammers nurture relationships with their targets before luring them in for the kill.

Armies of scammers operating from lawless corners of Southeast Asia—often controlled by Chinese crime bosses—connect with people all over the world through online messages. They foster elaborate, sometimes romantic, relationships, and then coax their targets into making bogus investments. Over time, they make it appear that the investments are growing to get victims to send more money. Then, they disappear.

This is not a new technique, but it is a problem for societies all around the world. It was used by Nigerian scammers during the war on terror who would pose as US servicemen and target gullible victims with fake photos and love letters often coaxing the victims to send money.

There are regions around the world whose strengths lie in language, targeting/scamming societies more closely related to them. The border region shared by China with Myanmar sounds like the problems the US southern border experiences with the Mexican cartels. The differences are there is not the endless stream of unvetted, unvaccinated migrants streaming into China, plus China is doing something about it. I mean who wants to go to communist China anyway?

The link below to a WSJ article in today's paper details the issue and how China is trying to shut down the illicit scam centers.

https://www.wsj.com/world/asia/china-unleashes-crackdown-on-pig-butchering-it-isnt-what-you-think-d623ada3?st=7ej1gyz60xwmdmz&reflink=desktopwebshare_permalink

India with its large English-speaking population is home to villages whose sole industry is internet scamming. I watched a documentary about this. The internet and smartphones have brought the tools for scamming to very smart and desperate people. The gulf between haves and have nots is very great in India even with-it growing prestige and power. Whether its right or wrong does not mean a lot to a poor village.

India has long held a reputation as a home to online scammers targeting victims in far richer nations such as the United States. Last year, federal prosecutors in Georgia announced the indictment of multiple India-based call centers and their directors, charging them with conspiring to forward tens of millions of scam calls to American consumers.

https://www.latimes.com/world-nation/story/2023-03-15/online-scammers-find-a-fertile-market-in-india-as-the-internet-spreads

In summation, be extra vigilant and check the email, test message sources. Check that the email address used by the sender is the correct address associated with that sender if possible. Check the spelling of the domain name in the email address.

Your email address is on hundreds if not thousands of devices. Every client, firm, or friend you deal with has your email address and phone number.  All internet connected devices should have anti-viral software installed but sometimes that is not enough. My larger clients have SonicWALL, anti-virus as well as MS365 protections in place. Does everyone you deal with have the same protections in place?

Be careful.

BTW, I run a Sandbox which is a Virtual Machine that I monitor email for my larger clients 24/7. If an infection occurs within the VM, I can shut it down without any consequences to my machine. If you need help verifying an email, feel free to contact me.

 

 

 

 

 

 

 

 

 

 

Cyberattacks cost Las Vegas casinos and Clorox $100s of million dollars.

 Cyberattack cost MGM Resorts about $100 million, Las Vegas company says

In today's digitally connected world, one must remain vigilant to safeguard devices, info and finances.  

A hacker group called "Scattered Spider" is behind 2 attacks against large corporations.  They hacked and seized the data of 2 large Las Vegas casinos reportedly asking for a $30 million ransom from one to release their data.  

Clorox Security Breach Linked to Group Behind Casino Hacks.

The targeted victims employ a lot of security safeguards, systems and personnel to prevent such attacks.

Imagine what the impact would be to your small business or personal finances if you were hacked. 

The Clorox cyberattack crisis warrants every board’s attention. The consumer-products giant spent over $500 million on IT upgrades and earned a spot on the 2023 Forbes Most Cybersecure Companies list. Nonetheless, an August breach halted its operations with devastating supply chain and business consequences.

With all their sophisticated defenses the weakest link remains to be the human factor.

The security attacks that triggered an FBI probe shatter a public perception that casino security requires an “Oceans 11”-level effort to defeat it.

“Hackers are always fighting for that 0.0001% weakness,” Kim said. “Usually, that weakness is human-related, like phishing.”

The casino attacks caused a myriad of problems from slot machine outages and hotel operation disruptions.  It is estimated to have cost the MGM Resorts $100 million.

MGM, whose prominent casinos along the Las Vegas Strip include the Bellagio and Mandalay Bay, were hacked last month. The company said it deliberately shut down a number of services “to mitigate risk to customer information.”

The shutdown had severe impacts for MGM. Some hotel customers couldn’t use key cards to enter their rooms. Employees were locked out of corporate emails for days. The tech news website 404 Media found entire sections of slot machines at MGM casinos roped off.

MGM said that despite system shutdowns some customer info was accessed by the hacker group.

Rival Casino operator Caesar's reportedly paid the hackers a ransom to go away according to a SEC filing by the company.

For more about the casino attacks click on the following links;

https://www.nbcnews.com/business/business-news/cyberattack-cost-mgm-resorts-100-million-las-vegas-company-says-rcna119138

https://apnews.com/article/vegas-casinos-mgm-caesars-cyberattack-59644d2cb0f2a765770d30f268b81a11

Clorox Crisis Shows Cyber Risk’s Harsh Business Downside

The attack on Clorox presented quite a different set of problems.  Automated systems in their manufacturing and distribution systems were shut down forcing the company to resort to manual processes.  The attack left the supply chain compromised and both retailers and customers were without product.

I was watching CNBC last week when Clorox reported the incident and it's impact on quarterly sales which cause the stock price to tumble.  The financial impact for FY2024 Q1 is as follows;

·         “Order processing delays and significant product outages” dented quarterly sales by 23-28%. That’s likely well over $500 million in lost revenue.

·         Lower gross margins are anticipated, as “the impact of the cybersecurity attack more than offset the benefits of pricing, cost savings and supply chain optimization [and] lower cost absorption driven by lower volume.”

·         Quarterly earnings per share will show a loss rather than positive result.

·         Remediation efforts and expenditures will extend well into FY 2024.

https://www.forbes.com/sites/noahbarsky/2023/10/06/clorox-crisis-shows-cyber-risks-harsh-business-downside/?sh=5fb91b87632b

https://www.bloomberg.com/news/articles/2023-10-04/clorox-suspected-of-being-hacked-by-same-scattered-spider-group-that-hit-mgm?utm_source=website&utm_medium=share&utm_campaign=copy

Always double check and be wary of both cell phone text messages and emails.

The following is an example;

I received a text today on my phone, supposedly from USPS that my package was delayed.  I needed to copy a link and paste it into the Safari app on my iPhone.  I copied the link down, opened MS Edge on my desktop and typed the link.  It brought up the USPS website.  I then entered the Tracking number and this is appeared.

However when I followed the instruction in the message and opened the same link using Apple's Safari browser, a different result.   

 In the PC browser, the USPS site appeared and I checked the tracking number.  In the phone's Safari browser, their phishing attempt was allowed to continue.

 Be careful and check everything.

 

 

 

 

 

QUISHING!!! QR code Phishing... new Email Threat.

QR Code phishing while not new is on the rise.  QR codes (Quick Response codes) became widely popular during and after the pandemic.  Many legitimate uses such as scanning a QR code to retrieve an online restaurant menu became the norm as well the use of digital wallets for contactless transactions.  The ubiquity of QR codes have made users susceptible to scammers.

Recently I received from clients spam emails containing QR codes.  I scanned the enclosed QR codes and found the following; one took me to a website advertising Website Creation Software.  While it could be legit, I'd be afraid to download.  Two others directed me to the same fraudulent website that had already been taken down, probably due to malicious downloads.

In each case above, I did the scan using my mobile device and recorded the underlying URL  I then used a Sandbox Virtual machine to browse to the URL to minimize any damage.  I would advise against using your mobile device to scan and connect to a URL via a QR code.  Some of the initial scams were Word documents containing instructions with a QR code to scan and complete with personal and financial data online.  Other attacks would request payment via a QR code for a service.

With online wallets such as Apple Wallet and ID be very careful and be sure of the sender, call and verify first.

How to prevent quishing attacks

As with any type of phishing, the best defense against quishing attacks is an educated user base. Enterprises should provide security awareness training that includes the following best practices:

• Never scan a QR code from an unfamiliar source.
• If you receive a QR code from a trusted source via email, confirm via a separate medium -- e.g., text message, voice call, etc. -- that the message is legitimate.
• Stay alert for hallmarks of phishing campaigns, such as a sense of urgency and appeals to your emotions -- e.g., sympathy, fear, etc.
• Review the preview of the QR code's URL before opening it to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn't have obvious misspellings and has a trusted domain. Don't click on unfamiliar or shortened links.
• Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.
• Observe good password hygiene by changing your email password frequently and never using the same password for more than one account.

https://www.techtarget.com/searchsecurity/feature/Quishing-on-the-rise-How-to-prevent-QR-code-phishing

AI and your information; What does it know about you and your business. it's more intrusive that you think

I encourage my clients to forward questionable emails to me for analysis to check if they are valid or not.  Recently a forwarded email came from a client that she received from someone claiming to be the owner of the firm she works for asking for her cell phone number.  Problem was the alleged owner wasn't anyone we knew.

-----Original Message-----

From: xxxxx xxxxxxxxxx <xxxxxxxxx0029@gmail.com> 

Sent: Friday, August 11, 2023 8:58 AM

To: xxxxx xxxxxxx <xxxxx@clientemail.com>

Subject: 

Hi Xxxxx

I need you to work on a request for me. Send me your cell phone number. I love working with great people.

First LastName

Owner at CompanyName, LLC

Normally, I would have dispelled this as another phishing attempt.  However, I knew that this firm had some private investors and decided to Google the name in the email along with the client's company.  What I found was a page published on a website of ZoomInfo that listed not only the sender as the owner but also an almost complete list of present and past employees.

The site has the firm's correct address listed but to obtain phone numbers and emails you have accept and download ZoomInfo software which I suspect then looks at your contact list.

I provide an example of the listing they have for Driving Force.  I got this listing by googling "driving force software zoominfo".  However the example of the client above I found by googling the name of the alleged owner and firm name.  ZoomInfo was a the top of the search results.

As you can see below, they've published my phone number and website.  They have my NACIS and SIC codes correct.  However they list our operations as;

Driving Force Software is a company that operates in the Museums and Institutions industry. It employs 11-20 people and has $1M-$5M of revenue. The company is headquartered in Atlanta, Georgia.

I have checked other clients and the results are astounding.  A lot of info about them, some correct and much incorrect.

Where does ZoomInfo source its data?

ZoomInfo employ AI, Artificial Intelligence to scour the web and the following sources;

Unstructured Public Information: ZoomInfo's technologies extract and parse unstructured information found on webpages, newsfeeds, blogs, and other public sources and then match that information with entities it has previously identified.Jan 19, 2023

If you research and find your business on their site, do not download and install their software.  I'm not sure but I suspect they will browse your contacts and harvest more info.  Instead do the following;

How do I remove my info from ZoomInfo?

Go to https://www.zoominfo.com/privacy-center/update/remove and “Verify” your email address. Check your mailbox and take a note of your 4-digits code. Enter the 4-digits code and click “Confirm” Tick the checkbox next to “I would like to delete my information”, solve the CAPTCHA, and click “REMOVE”Jan 31, 2023

https://www.zoominfo.com/privacy-center/update/remove

Microsoft Office 365 inks deal with Meta, introduces MS365 with AI

CNBC recently had a CEO of a large corporation appear on one of their shows.  The topic was about  employees refusal to return to work in the office.  He said, the argument that the employees had about being able to perform just as well remotely only helped the employer's position.  If companies are going to have a remote workforce, they will hire competent workers from overseas for 25% the cost of a US worker.

Now Microsoft is adding AI to it's MS365 apps, specifically Word and Outlook that will write, edit and send correspondence.  Microsoft plans to charge $30/month for the added capability.

Microsoft has joined with Meta to challenge Google's Bard for dominance in the AI market.

Hackers are already using AI to write and distribute malware.  See WSJ article about Chinese hackers being in Microsoft's 365 sites below.

The following from Barrons.com;

Microsoft Shows Investors the Money from AI.  Why its Meta deal threatens Google.

 Microsoft has just closed the gap between the hype and the reality when it comes to AI.

The tech giant unveiled its plan to monetize the technology Tuesday, answering a key question surrounding the recent AI stock boom. The company plans to charge businesses $30 a month for its artificial intelligence-powered Microsoft Office apps.

That was more than expected and sent the stock to a record high. It also highlights the pricing power of AI, and is driving another move higher for the usual suspects, including Nvidia, C3.ai, and Palantir.

The frenzy around AI and the desire to be at the forefront of its boom is making Big Tech companies do funny things. Microsoft, alive to the threat of Meta Platform's new free AI language model Llama 2, has teamed up with its peer to make the software available to companies.

Llama 2 is a direct challenger to OpenAI, in which Microsoft has invested billions, but the tech giant has acted decisively -- after all, it's better to keep its enemies close. Given that more open-source models are likely to appear, is Microsoft's plan to go after them all?

The unlikely partnership only adds to the pressure on Alphabet's Google, which has more to lose than gain -- especially when it comes to its search engine dominance.

Microsoft is displaying a ruthless streak to maintain its position as an early leader in AI but the other places at the top table are still up for grabs.

Tech earnings season, which begins in earnest Wednesday, will reveal more about who's winning and losing the AI race.

-- Callum Keown

Stock Hits Record High After Software Move

Shares of software giant Microsoft rallied to a record, gaining $102.3 billion in market cap on Tuesday, after it announced it is adding generative artificial-intelligence capabilities to its Microsoft 365 software, which includes Word, PowerPoint, Excel, Outlook, and Teams. It will cost business customers $30 a month.

   -- Microsoft said the plan offers AI to users to draft emails in Outlook and
      write documents in Word, among other functions. Bernstein analyst Mark
      Moerdler said the price is an increase of between 53% and 240%, depending
      on which version of Microsoft 365 a customer is using.

   -- Citi analyst Tyler Radke said pricing was well above the $5 to $20 a
      month he projected. Although months from being widely available, it's
      still "an incremental positive" for Microsoft stock, he wrote.

   -- Microsoft is also steering business clients to Bing Chat Enterprise, its
      search engine chatbot that is included in some subscriptions. The company
      is racing to offer generative AI tools in competition with Alphabet's
      Google, IBM and others.

   -- Microsoft and Meta Platforms are releasing a new version of Meta's AI
      language model called Llama 2. It will be free and available to
      developers who are building software on Microsoft's Azure cloud platform,
      the companies said.

What's Next: In making Llama 2 available to its Azure customers, Microsoft is demonstrating it is willing to reach beyond the ChatGPT tools by OpenAI, a company in which Microsoft has invested billions of dollars. Cloud computing rivals Amazon and Google have positioned themselves as neutral platforms.

-- Eric J. Savtiz and Janet H. Cho

***

Apple's performance comparisons to Windows PCs continue to be hilarious and ridiculous

T-Mobile Suffers Another Data Breach

T-Mobile Suffers Another Data Breach

35,000 PayPal accounts hacked, and users could’ve prevented it

Story by PC World • 5h ago

35,000 PayPal accounts hacked, and users could’ve prevented it Story by PC World • 5h ago

Apple's performance comparisons to Windows PCs continue to be hilarious and ridiculous

Today is one of those days Apple fans get excited because they don't get new hardware that often. They're not treated to the smorgasbord of desktop and laptop machines that Windows users have to choose from. But today, there are new laptops and desktops for those guys. Good for them. 

People are already trying to get ChatGPT to write malware

Analysis of chatter on dark web forums shows that efforts are already under way to use OpenAI's chatbot to help script malware.

People are already trying to get ChatGPT to write malware

Georgia is now one of 4 states to allow Digital Driver License or ID to be added to Apple Wallet.

Georgia is now one of 4 states to allow Digital Driver License or ID to be added to Apple Wallet.

Georgian's now have the option of adding their driver license or ID to their iPhone.  Georgia is one of four states that you can securely present your identity with your iPhone or Apple Watch.  The other states that are Arizona, Colorado and Maryland.

Now you can add your Georgia driver's license or state ID to Apple Wallet on iPhone and Apple Watch. This makes TSA checkpoints quick, easy and secure. While it is not a replacement for your physical copy, your Georgia Digital ID on iPhone and Apple Watch can speed up the process at select TSA checkpoints. 

It's taken 6 months since I first found out about this for it to become reality.  It's very handy since I don't carry my wallet with me to the gyms.  Apple Pay took care of money/purchase issues and now I have my ID in case it's needed.

To add your ID to your iPhone, you must set up your Face ID.  The entire process is easy and a video demonstrating the process is accessible at the Georgia DDS site.  Link below;

GA Digital Driver's License | Georgia Department of Driver Services

US Marshals Service suffer Ransomware breach, TikTok Bans continue to grow

US Marshals computer system hit by ransomware attack

The US Marshals Service computer system suffered a major breach last month.  The incident was discovered on February 17 and the affected system was disconnected.  It was determined that the hackers stole personnel data and info about investigation targets.

On the same date CNN reported a breach in an FBI computer system at the agency's New York field office.

The attacks are the latest in a trend targeting government agencies and has some questioning cybersecurity protocols at the Justice Department.

These attacks should serve as a warning to all computer users to be vigilant about maintaining security firewalls and software.

https://apnews.com/article/marshals-hackers-ransomware-breach-cybercrime-67de6b7f0f30445ab2eb341679f857bb

Here are the countries that have bans on TikTok

The number of U.S. States banning the use of TikTok on government devices has now grown to over 25.  The ban applies only to government devices.

However, it's not just the U.S. that has banned the use of TikTok.  Other countries include;

INDIA

TAIWAN

CANADA

EUROPEAN UNION

PAKISTAN

AFGHANISTAN

The U.S., India, Taiwan, Canada and the European Union, cite national security concerns.

Pakistani authorities have temporarily banned TikTok at least four times since October 2020, citing concerns that app promotes immoral content.

Afghanistan’s Taliban leadership banned TikTok and the game PUBG in 2022 on the grounds of protecting youths from “being misled.”

Who is monitoring your devices?

https://apnews.com/article/tiktok-ban-privacy-cybersecurity-bytedance-china-2dce297f0aed056efe53309bbcd44a04

Identity Theft and RansomWare are growing problems.

Identity thieves bypass security questions to access Experian credit reports

When I read this article, I thought if people you don't know, already have your name, address, SSN and birthdate, perhaps you have another problem other than your credit report being accessed illegally.  But then, this information is all over the place, in offices, firms and online.

There is no telling how many places your name, address, SSN and birthdate are stored on the internet.  These key pieces of data are in multiple databases related to insurance, credit cards, banks, etc., etc.  Many of these sites have already been breached, hacked, stolen!

After a tip from a Telegram user who frequented identity theft channels, Brian Krebs tested and confirmed that anyone who knew your name, address, social security number (SSN), and birthday could view your full credit report at Experian.

Protect yourself and please read;

Identity thieves bypass security questions to access Experian credit reports

Ransomware has now become a problem for everyone, and not just tech

Ransomware attacks have rumbled on for years and show no signs of slowing down. It's time we faced the threat head on.

In 2022, ransomware affected

    - 1981 schools

    - 290 hospitals

    - 105 local governments

    - 44 universities and colleges

Researchers suggest that much of the rise in reported ransomware attacks against local governments can be linked to a single incident in Miller County, Arkansas, where one compromised mainframe resulted in malware being spread to endpoints in 55 different counties. 

The above figures are for the public sector only.  The private sector isn't required to publicly disclose malware attacks so the full damage caused by malware isn't known.

Ransomware and Cyber Crime are threats to everyone.  To protect against these threats, companies and individuals should apply security patches and updates as soon as available to prevent criminals from attacking known vulnerabilities and delivering their malware payload.

MFA should be imperative for all accounts in the event a username or password is stolen.  Multi Factor Authentication makes it harder to abuse compromised accounts.

I see data backups not being taken seriously.  There should be multiple and redundant backups with some form of storing a backup offline in case of attack.

Of the local government agencies hit with ransomware in 2022, only one organization is known to have paid a ransom, which amounted to $500,000. The largest ransom demand made by attackers against a government entity demanded $5 million -- which wasn't paid. 

Education remains a key target for cyber criminal ransomware groups, the number of schools affected by attackers almost doubled in a year. In 2021, ransomware reached a combined total of 1,043 schools, while the number hit in 2022 was 1,981.

According to Emsisoft, at least three victims paid a ransom demand for a decryption key, with one known to have cost $400,000.

Hospitals have long been a target for ransomware attacks.  Hospitals need their systems to be operating to treat patients but many hospital networks still rely on old, often unsupported software. 

The attacks continued in 2022, with 25 incidents against hospitals and multi-hospital health systems, impacting patient care at up to 290 hospitals, 

for further info, please read;

Ransomware has now become a problem for everyone, and not just tech

The ransomware problem isn't going away, and these grim figures prove it

The real cost of ransomware is even bigger than we realised

Ransomware attacks are often talked about in terms of the financial cost. But in reality, these incidents can have a much bigger impact.

On this day in history, Jan. 9, 2007, Steve Jobs introduced the Apple iPhone to the world at Macworld in San Francisco

On this day in history, Jan. 9, 2007, Steve Jobs introduced the Apple iPhone to the world at Macworld in San Francisco

January 9, 2007 - Apple Introduces iPhone

iPhone, a crappy device?

Not everyone was a fan however.  This review from the AJC Business section, June 2007.  (previously published 11/17/15, DforceATL-iPhone post

The iPhone was made available to the U.S. consumer on June 29, 2007 to much fanfare but not everyone was impressed.  An article in the AJC Atlanta Journal Constitution opined that it was too trendy and consumer would not shell out the dough for the pricey novelty.  LOL, see AJC Tech writer's review below.

A Breach at LastPass Has Password Lessons for Us All, Who is using your Home WIFI, Patch Tuesday

 

LastPass Password Manager suffers a Breach.

I always hear gripes about passwords, their complexity and the need to change.  This is not a subject to be taken lightly.  A password is all that stands between your personal/financial info and bad guys trying to steal your info or monies.

Everyone needs some system to record these keys and protect this information.  I personally use a contact located in an Outlook PST file that is password protected.  You could also use an Excel spreadsheet to record your passwords and then password protect it.  However, this is another password you need to remember.  Also, there are utilities available for purchase that will break Excel password protection.

Some people use the password managers built into browsers.  These too are vulnerable and if anyone knows your login password, they can expose your saved passwords in a browser.  please see my prior post from 2019 about this,  Browser Password Security

So what is one to do?  Many have paid for online password managers such as LastPass.  LastPass is an online password manager with a personal Premium version available for $3/month billed annually.

There have been many online credit card, bank, credit union as well as other breaches of user information.  Why would an online password manager be any different?  It's not, LastPass has been breached exposing tens of millions of customer credentials and keys.

In other words, the hackers hit the lottery.  From an article on the NY Times;

When you use a password manager like LastPass or 1Password, it stores a list containing all of the user names and passwords for the sites and apps you use, including banking, health care, email and social networking accounts. It keeps track of that list, called the vault, in its online cloud so you have easy access to your passwords from any device. LastPass said hackers had stolen copies of the list of user names and passwords of every customer from the company’s servers.

If you are a LastPass customer, please read the article in the link below to determine what steps you need to take to safeguard your valuable information.

LastPass Hack-NY Times

Keeping your Home WIFI/internet connection secure.

If the above doesn't shake you, there is more good news.

You need to keep your home internet connection secured.  There are courses available online that teaches how to expose and connect to WIFI networks.  These are the ones that can be seen via available networks.  Has anyone watched the TV series, Mr. Robot?  In the series, the main character/hacker uses Kali Linux to break into networks and computers to fight big (overreaching industry).

Kali Linux is a hacker's dream OS and is loaded with tools for breaching systems.

Anytime you are in public and connect to a Mall's WIFI or any guest WIFI, be aware that all your info is being transmitted without encryption including user name and password.  So don't access bank or credit card info while using these networks.  I get dragged to Perimeter mall by Boss Lady and I am usually stuck outside the coffee bar at Nordstrom's waiting. I have witnessed many times the same 2 characters armed with a notebook and an external WIFI adapter which is needed by Kali to intercept internet traffic.  The internal WIFI adapters built into computers aren't any good for hacking.

With that warning said, back to your home internet, please see the info in the following link;

How To Tell If Someone Is Using Your WiFi, And How Remove Them (msn.com)

FYI, Next Tuesday is Microsoft Patch Tuesday.