Maybe you like the idea of two-factor authentication, but the Google Authenticator smartphone app seems too cumbersome. Or maybe you are not a smartphone owner, because you don’t like the idea of a phone that can track your location to within a few feet, and keeps sharing all your personal data with the apps on your phone. So you own a flip phone with ...
Google Authenticator is my favorite go-to app for setting up two-factor authentication. But what if you want to remove an account from Google Authenticator?
I set up two-factor authentication for Facebook and the Authenticator app did not work. So I tried again, and ended up with two accounts on the Authenticator list, neither of which worked. This pushed other working accounts down far enough ...
Continue Reading →Hardening and securing WordPress websites is one of my specialties. We have reported previously on three of the best WordPress security plugins, Sucuri, Bulletproof, and WordFence. I can tell you that each of these plug-ins performed admirably against the continuous barrage of brute force and password reset attacks that my sites have endured. Security appeared to be strong, but I wanted more.
I have been deploying two-factor authentication (TFA) everywhere I can, in order to overcome the inherent weakness of password ...
Continue Reading →We have all received a fake tech support call from someone claiming to be a Microsoft employee. Now there is a new twist on the scam involving a fake screen pop-up and tech support fakers who claim to be from your Internet service provider. Google has an extensive collection of fake tech support pop-ups, these are all fake. Take a look.
We have reported on this issue several times in this blog. Like here and here and ...
Continue Reading →
One of the easiest ways for an intruder to learn about you is through a compromised email account. And since most email is transmitted in the clear or in plain text, it is a simple thing for a bad actor to read intercepted email traffic. Encrypting your email makes it harder for criminals, competitors, law enforcement, and government spy agencies to read your email messages.
You can set up secure email yourself ...
Continue Reading →
I very rarely will publish a news item or statistics, because we focus on discussing vulnerabilities, exploits, and countermeasures and leave the cyber news to others. This report is important enough I had to share it.
On June 14th the Internet Crime Complaint Center of the FBI reported loss numbers for businesses that succumbed to the “Business Email Compromise” scam. This scam works when an attacker is able to get ...
Continue Reading →
The Apple OSX platform has long held the cache of being invulnerable to attack. Cyber-criminals have be crafting more exploits to target Macs, iPhones, and iPads, especially since 2012. The reason for this, as explored in a recent article on SiliconBeat, is that Apple users tend to have more disposable income. If you willingly pay more to have “the best” or ...
Research shows that over 90% of network breaches happen when an employee falls prey to a phishing email, clicking on the offered link or opening a file attachment, becoming infected with a remote access Trojan, and creating an entry point for the attacker. If only we could get people to stop falling for phishing emails!
This is really not such a hard thing to do. ...
Continue Reading →
Using copy and paste to save text from websites is something all of us commonly do. Nothing could be simpler, right? Highlight your text, then <ctrl> c, and <ctrl> v. It turns out that this can be dangerous.
A new article on Naked Security tells how it is now possible to use copy and paste to inject malware code from a web site ...
Continue Reading →
On Wednesday we discussed the many, many ways your smartphone is vulnerable to attack. Today we will look at solutions. Smart mobile devices need to be secured just as you would a laptop or desktop computer The small size and easy portability of smartphones and tablets make them easier to steal or lose. Some of our recommendations: