Microsoft Windows Updates - December 9, 2015

Installing Microsoft Windows Updates

As part of its monthly "Patch Tuesday" program Microsoft yesterday released 12 updates to address vulnerabilities in Microsoft Windows. 

Per Microsoft, exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

I recommend you close all open programs and check for Windows Updates, then install them. 

You should be notified to reboot your computer so the updates can be installed. 

I recommend checking for updates a second time just after the first batch is installed to ensure you have acquired all the updates. 

Here's how to install updates in Windows 7:

http://windows.microsoft.com/en-us/windows7/install-windows-updates

Here's how in Windows 8:

http://windows.microsoft.com/en-us/windows-8/windows-update-faq

Here are update settings for Windows 10:

http://windows.microsoft.com/en-us/windows-10/getstarted-choose-how-updates-are-installed

And while you're in update mode, I suggest updating your security software as well (AVG, Norton, Kaspersky, Bitdefender, Malwarebytes... whichever you use. And remember to run a full security scan weekly.)

Don't forget to update your browsers too: Firefox, Chrome, Opera etc. 

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Thanks for reading, 

Sam

Please Consider Donating to Mozilla.org

Donate to Mozilla.org

In the spirit of holiday giving, if you enjoy Firefox and other free Mozilla software products as I do, please consider donating to their cause. 

Mozilla is non-profit, non-corporate and non-compromised.

They rely on donations to carry out their mission to keep the Web open and free.

Please consider giving today. 

Here's the link:

https://donate.mozilla.org/en-US/about/

---------- 

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Aloha,

Sam

Parents' Pledge to Foster Online Safety

Parents' Pledge to Foster Online Safety

This holiday season many children will be receiving new electronic gadgets that provide Internet access.  

Parents and guardians have primary responsibly for what children do online in their household. To help in this regard, here’s something to consider: A Parent’s Pledge to foster online safety at home, which I have adapted from this website. This pledge should apply to ALL electronic devices with online access, not just computers. 

Parents' Pledge

1. I will get to know the services and websites my child uses. If I don't know how to use them, I'll have my child show me.

2. I will set reasonable rules and guidelines for computer use by my children, and I will discuss these rules and post them near the computer as a reminder. I'll remember to monitor compliance with these rules, especially when it comes to the amount of time spent on the computer.

3. I will not overreact if my child tells me about a problem he or she is having on the Internet. Instead, we'll work together to try to solve the problem and prevent it from happening again.

4. I promise not to use an Internet-connected device as a babysitter.

5. I will help make the Internet a family activity and ask my child to help plan family events using the Internet.

6. I will try to get to know my child's "online friends" just as I try get to know his or her other friends.

In addition to the above pledge, I highly recommend that parents and guardians set up parental controls on Internet-connected devices whenever possible. Such controls are readily available in Windows and Mac, and with security programs like Norton and Kaspersky. 

I also recommend setting parental controls on your home (and work) router, including changing the DNS addresses. Visit this website to learn more. 

Wishing you safe and secure computing. 

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Thanks for reading, 

Sam

Add-ons for Firefox

In this post I recommend three add-ons to my favorite web browser, Mozilla Firefox. (Why my favorite? It's produced by a non-profit company; it's open source; and it's mostly secure, fast, and very customizable.) 

So, what's an add-on? It's a mini program, also called an extension, that you download and "add-on" to Firefox for more functionality. (Before you try any of the add-ons suggested below, be sure to update Firefox first, getting the latest version.  If you don't have Firefox, you can get it here: https://www.mozilla.org/en-US) 

Here are three add-ons to try: 

1. uBlock Origin. Are you tired of obnoxious pop-up ads interfering with your web browsing experience? Then try this add-on. There are plenty of customizations available with this extension, but installed as is, it should provide a more streamlined browsing experience. After installing it, watch the icon in the browser bar at upper right as uBlock Origin counts the ads it blocks.  This add-on was created by Raymond Hill.  

Here's one good reason to install an ad pop-up blocker: some ad networks have been (inadvertently) serving malware. This means if you visit a page that displays an infected ad, your computer may become infected too, without your having to click or download anything. Sadly, that's the state of our Internet.  

2. Privacy Badger. This add-on is produced by the Electronic Frontier Foundation (EFF), of which I'm a member. Privacy Badger automatically blocks spying ads and invisible trackers as you browse the web. It's there to ensure that companies can't track your browsing without your consent. 

After you install Privacy Badger you can click the icon for this add-on at the upper right of your browser bar. Then you will see one of three states for each tracker: Red means block the tracker; Yellow means Privacy Badger won't send cookies or referrers to the tracker; Green means unblocked. You can click on this same Privacy Badger icon if you'd like to override the automatic blocking settings. 

3. HTTPS Everywhere. HTTPS is an abbreviation for Hyper Text Transfer Protocol Secure. It's the Internet standard for encrypting data transfer on websites, such as banking and e-commerce sites, and increasingly a variety of sites that want to honor user privacy and security. (Another Internet-wide movement in the wake of Edward Snowden's government spying revelations.) 

Many sites on the web offer some limited support for encryption over HTTPS but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. This add-on is also produced by the EFF.  

To find these three or other Firefox add-ons, please visit this website: https://addons.mozilla.org/en-US/firefox. At upper right on this page you'll find a search box. Type in the name of the add-on you'd like to try, find it, then install it. 

Wishing you safe and secure computing. 

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Sam

In-bound Tech Support Scam Calls

In-bound Tech Support Scam Calls

Have you been receiving calls from odd phone numbers in the evening claiming to be from the Windows Technical Department or another official-sounding office? 

These calls are a scam. Microsoft and other tech companies do not make in-bound tech support calls. They may call you back if you called them first, but will never reach out to offer proactive support for your computer. 

If you receive one of these bogus calls just hang up.

Or you can tell the caller that you don't have a computer, that you use an iPad. (When I say that, the caller always hangs up.)

Or you can ask them to take you off their call list - doubtfully effective, but it can't hurt.

Or you can confront them, but that may escalate their aggressiveness, so it's not a good idea. 

These fake tech support companies are using spoofed phone numbers, so there's no one to call back and complain to. 

You could call your phone provider and ask if they can block such calls. 

You can also contact the police and/or the state's attorney general. It can't hurt to try. 

Don't lose any sleep over these calls or being impolite to the callers; they are scam artists looking to take advantage of our trusting nature. 

You may want to read my related blog post here:

http://cybersecurity808.blogspot.com/2015/01/be-careful-when-seeking-tech-support_1.html

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Aloha,

Sam

Tech Support Self-Help Tips

Tech Support Self-Help Tips

If you need tech support and your IT guy or gal is unavailable, here are some self-help troubleshooting steps you can try before he or she can help: 

1. If the computer is giving you trouble (running slow, hanging up, programs won't run...), close all open programs, then shut down the computer. Wait 2-3 minutes, then turn it on again. Also, wait 2-3 minutes to let it fully warm up after starting up (no spinning circle on mouse pointer). During the waiting period I suggest getting away from the computer so you can calm your nerves.

2. If you are still having the same type of trouble, consider any recent changes made to the computer, such as new hardware or software installed. If so, remove it and see if things work better. You can also use System Restore in Windows to roll the computer back to a time it was working properly; you won't lose data in the process. 

3. If you are have having Internet and/or email problems, do step 1 above and turn off your router and/or modem for 2-3 minutes. Then turn on modem first (if you have one), then the router, then the computer. If you are still having problems, call your Internet provider, such as Oceanic Time Warner or Hawaiian Telcom. 

4. As always, be sure to back up important files often, and keep your security programs up to date, running weekly scans. Many infections can cause computer slowdowns and hangups, and even block Internet access. 

Thanks for reading, 
Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Hurricane Season and Electronic Devices

Hurricane Season and Electronic Devices

Another storm will soon be upon us here in Hawaii - Hurricane Ignacio. 

Thanks to advances in meteorology and news broadcasting across many platforms - computer, smartphone, tablet, radio, TV, etc. - we can track a storm's progress and prognosis for impact.  And importantly we can receive alerts for flash flooding while out and about on our cell phones.

When a big storm is imminent, it's best to unplug all your electronic devices at home - TV, sound system, satellite or cable TV receiver, DVD player, computers, printers, modems, routers, etc. Unplug means unplug from the wall outlets. Unplug all surge suppressors from the wall outlets too. 

For businesses, be sure you are running computers on Uninterrupted Power Supplies (UPS units). In the event of thunder and lightning, I suggest turning the computers off and unplugging all equipment from the outlets until the storm passes. (Or at least unplug as many devices as is feasible; you may need to keep one computer running for business operations.) This includes unplugging modems, routers, switches, etc. if possible.  

And, as always, be sure to have a good data backup system in place. Before the storm, back up all critical data files. Then unplug any backup device from the computers (and wall outlets if powered) until the storm passes.  

Like a good boy scout, be prepared for the worst. You'll suffer much less grief concerning electronic device failure if you err on the side of extreme caution before and during storms.

Thanks for reading. Your feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

The Internet of Things (IoT)

The Internet of Things (IoT)

Here's an update to the issue I wrote about in my post below, dated 7/31/15.

From the FBI, 9/10/15...

http://www.ic3.gov/media/2015/150910.aspx

<<Here's my original article>>

Following last month's reported vulnerability of some Chrysler vehicles to Internet hacking, I thought you might benefit from knowing more about The Internet of Things (IoT), which the Chrysler issue concerns. It's an important bit of knowledge for all of us as we become increasingly immersed in connected technologies. (You can read about the Chrysler hack here.)

What is the Internet of Things (IoT)? This term includes any device that sends or receives data via the Internet - from phones and tablets to home appliances, vehicles, and medical devices.

More and more cars, appliances, wearables, lighting, healthcare, and home security systems contain sensing devices that can "talk" to another machine and trigger additional actions. This talking can occur in your home WiFi network and/or remotely over the Internet. The device can be controlled by you via an app on your phone for example, and/or the device can receive downloads from the device manufacturer online without your involvement.

Here are some examples of IoT devices:

• Automated devices which remotely or automatically adjust lighting or HVAC
• Security systems, such as security alarms or Wi-Fi cameras, including video monitors used in nursery and daycare settings
• Medical devices, such as wireless heart monitors or insulin dispensers
• Thermostats
• Wearables, such as fitness devices
• Lighting modules which activate or deactivate lights
• Smart appliances, such as smart refrigerators and TVs
• Office equipment, such as printers
• Entertainment devices to control music or television from a mobile device
• Fuel monitoring systems  

Security of such devices is not guaranteed. Though many security and resilience risks are not new, the scale of interconnectedness created by the IoT increases the consequences of known risks and creates new ones.

What can you do to protect your connected devices in this brave new world? 

• Keep up with the news reported about the IoT and security concerns.
• Respond to threats that pertain to a device you own promptly. 
• Update the software regularly. Do this on the device itself as well as the apps (on your phone and tablet) used to control the device.
• Have a good understanding of how a device works. What is the nature of its connection to the Internet? What information does it store and transmit? Do you feel comfortable about the information it's sharing with the manufacturer? 
• Secure your network. Properly secure the network you use to connect your Internet-enabled devices, which can be wired or wireless. One model I'm recommending is a WiFi router with private and guest access. Connect your home appliances, bluray player, and other such devices to the guest WiFi. Connect your computers, phones, and tablets to the private WiFi. This provides some firewalling of the appliance-type of equipment from your computers in case one of the appliances becomes infected by a new virus or is hacked. 

Thanks for reading. Your feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Update All Your Digital Devices

Update All Your Digital Devices

Many of you are becoming akamai about the importance of installing software updates on your computers. Great! But don't neglect your other devices.

With the rapid increase in digital device hacking, it's very important to keep these devices updated as well:

• smartphones

• tablets

• ebook readers

• bluray devices

• roku boxes

• modems

• routers

• gaming consoles

• video camera systems

• other devices in your home or office connected to the Internet (see my Internet of Things blog post.)

If you'd like to stay on top of this challenge, it can be helpful to make a table or spreadsheet of your Internet-connected equipment. List the type of equipment, the make and model, serial number, date of last update, software version, tech support phone number, notes, etc. 

This way you won't go batty trying to keep track of what's been updated when. (In the office, you could assign this to a staff member; at home, a teenager - put 'em to work!)

Before updating any device, plug it into a reliable power source. And be prepared for it to take longer than you'd expect. For example, don't update your smartphone if you have to use it for an important call in 15 minutes.

Thanks for reading.
Sam

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Update Your Firefox Plugins

Update Your Firefox Plugins

If you're a Mozilla Firefox browser user, like me, be sure to regularly check if you have the latest plugins. 

Plugins are third-party browser add-ons, like Adobe Flash Player, which provide additional features. 

To check the plugin status in Firefox, do this:

1. Open Firefox
2. Click the three horizontal bars at upper right
3. Click the Add-ons icon
4. In the next window, at left, click the Plugins icon
5. At the top of this window, click the link "Check to see if your plugins are up to date"

Firefox will now check for you, then notify you what is and is not current. I recommend updating any plugin that's not current. It's a security risk to not do so.

When finished updating your plugins, close Firefox, then re-open it, and check the plugins again, just to be sure you got all the updates. 

Thanks for reading. Your feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Watch Out for Ransomware Attacks - They're Nasty!

I'll start out bluntly with a reminder: Please don’t click on any emails or attachments you don't recognize, and avoid suspicious websites altogether.

This is an especially important practice because there is a type of widespread cyber attack using ransomware schemes to bilk uses out of money once their computers are hijacked and locked by the hacker. 

The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware, the victim’s files become encrypted. In most cases, once the victim pays a ransom fee, he or she regains access to the files that were encrypted. 

The financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. 

Again, be very, very careful these days especially about emails, websites, or phone calls offering computer tech support, no matter how official the offer sounds. 

You can read the full article, which I summarized above, here: 

http://www.ic3.gov/media/2015/150623.aspx

If you suspect your computer is infected by ANY malicious sfotware, unplug if from the Internet immediately and request trusted LOCAL tech support.

Thanks for reading. Your feedback is appreciated!

Aloha, Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

The Myth of the Impervious Mac

The Myth of the Impervious Mac

What's the issue?
Conventional thinking in computer user land - and rightly so for awhile now - is that Macs are unlikely to be infected by viruses. 

That thinking must now change. 

I can attest to working on four infected Macs in the last week prior to writing this article (June 2015). Mac users must start being more Internet-security savvy and protect their computers with security software and best practices.  

Why is this happening?
The infections I cleaned up targeted browser weak points and/or enticed the users to download software - social networking type of exploits. 

In one case the client I helped had downloaded software that launched a webpage prompting her to call a number for tech support. When someone with a thick foreign accent at a call center answered, she was immediately suspicious. When that person asked to remotely connect to her computer, she hung up. Then she called for our help to remove the infection. 

Another client was not so fortunate. She fell for the scam and allowed them remote access to her computer. After she realized the danger and disconnected the remote tech, she called us. I removed 51 infections on her Mac, including some Trojan viruses.

How to not fall victim to tech support scams?
In one of my previous blog posts, linked here, I explained how to be careful about requesting computer tech support. Be suspicious of anyone offering tech support online or calling you. And be very careful about downloading software on your computer. When in doubt, don't do it, or at least spend some time researching it. 

I recommend taking these protective measures on your Mac:

• Back up all important data at once and do so frequently.
• Make sure you have all Apple updates installed, and keep up with doing this.
• Try using Firefox instead of Safari and keep it updated.
• Create an admin account on your Mac, password protect it, then demote your usual account to standard user level and password protect it.
• Install an antivirus program like Sophos, Avast, or AVG and scan you entire Mac; do the scan weekly, or at least monthly.
• Make sure you are behind a hardware firewall in your home or business network.
• Keep up with Mac-specific security news.

Here are some additional Mac-specific security tips, which are a little more techie, such as enabling the Firewall and turning on Vault (to encrypt).

In Sum
Sorry to say it, but Mac users can no longer relax in thinking that Windows systems are the focal point for hackers. It's open season on everyone now. Be careful, and protect yourself the best you can. It's all we can really do, except for limiting computer use on the Internet, which of course, is an option given how much we use our smartphones these days for web and email. I wrote on this subject in this blog post.

Update 5/27/16... here's a post that references the hows and whys of Mac infections...


Thanks for reading,
Sam

You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Windows 10 - Upgrade Optional, Can Wait And See

Here's an alert for Windows 7 and 8 users: Soon, if you haven't already, you may see a little Windows Start icon in your system tray at the lower right of your screen. 

While this image may resemble a spyware program, it is the notice Microsoft is foisting on its Windows 7 and 8 users to promote upgrading to Windows 10. I want to let you know that you DO NOT have to feel any pressure to upgrade to Windows 10, in spite of whatever buzz Microsoft is creating. 

Customers currently running the Windows 7 or Windows 8.1 operating systems have a full year to take advantage of the free Windows 10 download, available from 29 July 2015.

(If you want the notification mentioned above to go away, here's a techie reference for how to do this.)

In my opinion, you SHOULD NOT download Windows 10 without careful consideration of how it will affect your current programs, printer installation, network connections, etc. 

If you have a computer running Windows 7 or 8 that you want to tinker with, then by all means, download the upgrade. Just be aware it could not go well. (After all, this may be one giant beta test on the public.) Or it could go perfectly fine and delight you. But it's a risk. 

In my opinion, businesses especially should play the wait and see game. 

I'll provide more info as this issue unfolds. 

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Microsoft Windows Updates - June 9, 2015

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. 

Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges.

I recommend you close all your open programs and check for Microsoft Windows Updates asap, then install them. 

Here's how to install updates in Windows 7:

http://windows.microsoft.com/en-us/windows7/install-windows-updates

Here's how in Windows 8:

http://windows.microsoft.com/en-us/windows-8/windows-update-faq

You should be notified to reboot your computer so the updates can be installed. I recommend checking for updates a second time just after the first batch is installed to ensure you have acquired all the updates. 

And while you're in update mode, I suggest updating your security software as well. 

Refence: https://technet.microsoft.com/en-us/library/security/ms15-jun.aspx

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Google Chrome Browser Security Update - 43.0.2357.65

Google has released another update to its Chrome browser, now version 43.0.2357.65.

This update applies to Windows, Mac, and Linux to address multiple vulnerabilities. 

Per Google, exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

I recommend updating Google Chrome if you have it.

To update the browser: 

1. Open Google Chrome.
2. Click at upper right on the three horizontal bars.
3. Click Help, About Google Chrome near the bottom.
4. Chrome will then check for updates and install if any.

While you're in the update mode, I suggest you check for OS (Operating System) updates for Windows, Mac, or Linux, whichever you are running (on all computers you own); and update your AV (Anti Virus) software.

---

If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send. 

Be Careful Which Data You Store on the Internet

Be Careful Which Data You Store on the Internet

What's the issue?
Photos, videos, emails, documents, spreadsheets, etc. - all the stuff you create on your digital devices and post or store on the Internet - are accessible to other people, and not just people you've shared them with. 

The internet is a public network and as such is a tempting target for hackers. Whether it's called the Web, the Net, or the Cloud, all services are running on a public platform.  

Cloud storage companies that host your email, your personal or company files, your precious pictures of family, etc. are usually doing their best to limit access to authorized users only, i.e. those users having passwords or other means of authentication. 

But the potential to score some valuable confidential data is very tempting. So cyberthieves are thriving by exploiting weak points in software all across the internet. 

Why is software so vulnerable?
Software - whether a web browser, PDF reader, email program, cloud application, etc. - is inherently insecure the moment it's released, whether it's a free or paid version. 

Computer code is too complicated to be perfectly debugged. That's why all software companies and programmers issue fixes, patches, updates, etc. for their programs. There's no way around it. 

Given this fact, and the growing opportunity and enthusiasm for cybercrime, we users must be suspicious from the outset whenever we do anything online, especially posting, storing, and sharing our data.  

How to improve protection of your data?
First decide what's confidential. Usually this includes anything you don't want others to see besides yourself or trusted people. Confidential data can range from the obvious - a bank account number - to the seemingly innocuous, such as a carefree photo taken of you at the beach. Data is like a gun; its potential for good or ill depends on the intent of the person wielding it.

If you are running a business and need to store confidential data online for staff access make sure there is strong encryption during the transmission and storage of the data. (I will write more about encryption in a subsequent article.)

When should you take action?
As soon as possible, take stock of the data you store online. 

After you determine which files you consider confidential, decide your risk tolerance for storing those files online. Translation: If the site storing the files got hacked, how vulnerable would you feel? 

And this begs the question: Why are you storing any confidential data online? (There are secure ways of storing passwords, data, account info, etc. using websites like lastpass.com)

Where can you find more info on this topic?
Here's an article posted on a Boston University page outlining the concerns of storing data in the cloud and which addresses the importance of encryption. 

Who can help?
If this all seems too technical but you are concerned and want to be better protected, you may want to hire an IT consultant. This is an especially good investment if you are responsible for data security in an office environment. 

In Sum
We don't leave our car doors unlocked or windows rolled down in public parking lots. We don't leave our home doors and windows unsecured when we're on vacation. We have some common sense in these areas. In this new digital age, we need to develop common sense concerning our private data. Not doing so can be very damaging to our finances, our identity, and our reputation. 

Thanks for reading.
-Sam