test

10 ways to keep yourself secure online against cyber attacks

Have you ever received emails from unknown sources claiming to offer insurance, lottery tickets or advertisements? You may have noticed that such emails always have a link that they prompt you to click. What lies on the other side of the link can be any one of many ways to phish users into giving away their important login credentials. 

You obviously don’t want any confidential information such as credit card numbers or account passwords to be misused or imagine a scenario where you have downloaded a file which turned out to be malware and now your system is infected with nasty ransomware.

In this article, you’ll find effective tips that can help you stay secure online. 


#1. Set Robust Passwords

The most basic mistake that users make is setting easily guessed passwords so they don’t forget them and the attackers happily use this as a weakness by figuring out commonly used passwords. Don’t make it easy for hackers to get access to your online accounts and set strong passwords with different combinations of uppercase and lowercase letters along with numerals and special characters. 

Make a logical function or method to set passwords for each site so that you don’t have to remember every single password, just apply the function and recall your password using logic. If you still have trouble with this, use password managers that help you organize your passwords and remind you to change them frequently. Never use the same password again.


#2. Enforce Email Security

Emails are one of the common ways used by attackers to send you phishing and malicious links to download viruses and other malware. Most users send substantial information via emails. Emails also remain open to future attacks as they are stored in the cloud. Therefore, it’s of utmost importance to keep your emails secure and protected from attacks and infiltrations. 

You can go to settings of your email account and modify them to allow you further control over sent emails such as set a time period until which you can undo sending an email and get notified instantly when an unknown device accesses your emails. 

You can even seek the aid of online security services such as EPRIVO that provide a private email account to secure your email accounts from phishing or malicious/compromised websites without accessing any of your emails. 


#3. Beware of Unknown Links

Keep your mouse pointer away from links which look suspicious. Attackers try to present fake links as secure and use phishing techniques to get your sensitive information such as bank account details or login id and password. 

Some links, when clicked, start executing code which gets your device’s network information and can alter the metadata in the header as well as the content whenever you send information. Fuertmore,  attackers can attach download links to emails or web pages which drop malware on your computer. 

Make sure you don’t click on any link that seems untrustworthy and do keep track of your downloads, so your device is not being slowed down by malware running in the background. Also, use VirusTotal to scan malicious links and files for free. 


#4. Use a Reliable Antivirus Software

Like it or not, a reliable anti-virus software protects your device from various kinds of malicious attacks. There are several antivirus software that are available for free, but if you invest in paid services, it’ll definitely be worth the money as your device will be more secure from pinging unreliable websites and downloading from unknown sources. 

#5. Secure Your Network Details with a VPN

VPN (Virtual Private Network) shields your network’s true identity and protects your device from being tapped into for sniffing data. Whenever you’re using an unknown Wi-Fi network from the airportcoffee shop or a hotel, it’s safer to turn on a VPN before surfing on the internet. 

This way, no one will be able to find out your device’s IP address or location and your communications will be encrypted and routed through the VPN’s server and remain secure. 
See: Is Your VPN Provider in a 14 Eyes Country? (What is 14 Eyes?)


#6. Perform Periodic Data Backups

In the unfortunate event
 of a malware corrupting the data on your device or in case of a ransomware attack, you will not be vulnerable to any loss if you perform periodic backups and upload your data to a trusted and secure cloud server or save it in some external storage. You can simply reset your device and restore your data from your backup source and the problem will be solved. 


#7. Use Security Tools

There are various OS-based security tools available online that you can install on your device. These tools help you keep track of all the activity in your network, encrypt all the data you send and receive, scan files for malware before downloading them, look for potential points of attacks, and much more.

You can even perform testing by attacking your own device and identifying the weaknesses post which the tools will guide you on what steps to take to secure your device. 


#8. Clear Cache and Browsing History

Browsers constantly store information that will make things run faster should you ever perform the same action again such as revisiting a website or keeping your account status logged in for days or weeks. 

Your passwords and user ids are stored in cookies, web pages are stored as cache and browsers conveniently use this information for their own analysis purposes. Therefore, it’s recommended that you clear cache, cookies and browsing history on a regular basis and erase all such information for good. 


#9. Use an Account Manager

Some websites subscribe you to their newsletters or advertisement emails when you sign up. Sometimes, you want to access a document or a video which prompts you to sign up and you do so while disregarding the security risks. 

To avoid your email being spammed by such websites, you can create a separate email id that you use for unsafe websites and don’t associate this email with other recovery numbers or email ids so your primary email id will be free from such spam emails. You can use some account managing software that keeps track of which email you have used to sign up on which website, so things don’t get complicated for you to organize. 


#10. Employ Multi-factor Authentication 

Multi-factor authentication means that you have to go through multiple phases of authentication before you can access your accounts. This strengthens the process of authentication noticeably and you can rest assured that a simple brute force attack can’t hurt your privacy. 

You don’t have to worry about data corruption or leaking of confidential information. There are several companies who have adopted this method of authenticating their employees. Instead of making logging in a complicated process, multi-factor authentication is secure enough that it can be used as a single login point and as a result, you will be logged in to multiple applications on your device. 

Conclusion

With the fast-growing internet services, online threats are ever-increasing. You never know how your data is being used for analysis by giants like Facebook and Google. You must’ve surely noticed that just one search of a product on Amazon results into that same product being advertised to you on Facebook and Instagram. While this is acceptable for receiving recommendations, your privacy is of utmost importance. Therefore, be sure that you do your part by following the above guidelines and securing yourself on the internet. 

READ ORIGINAL ARTICLE...

Google still keeps a list of everything you ever bought using Gmail, even if you delete all your emails

Google and other tech companies have been under fire recently for a variety of issues, including failing to protect user datafailing to disclose how data is collected and used and failing to police the content posted to their services.

Companies such as Google have embedded themselves in our lives with useful services including Gmail, Google Maps and Google Search, as well as smart products such as the Google Assistant which can answer our questions on a whim. The benefits of these tools come at the cost of our privacy, however, because while Google says that privacy should not be a “luxury good, ” it’s still going to great lengths to collect as much detail as possible about its users and making it more difficult than necessary for users to track what’s collected about them and delete it.

Here’s the latest case in point.

In May, I wrote up something weird I spotted on Google’s account management page. I noticed that Google uses Gmail to store a list of everything you’ve purchased, if you used Gmail or your Gmail address in any part of the transaction.

If you have a confirmation for a prescription you picked up at a pharmacy that went into your Gmail account, Google logs it. If you have a receipt from Macy’s, Google keeps it. If you bought food for delivery and the receipt went to your Gmail, Google stores that, too.

You get the idea, and you can see your own purchase history by going to Google’s Purchases page.

Google says it does this so you can use Google Assistant to track packages or reorder things, even if that’s not an option for some purchases that aren’t mailed or wouldn’t be reordered, like something you bought a store.



At the time of my original story, Google said users can delete everything by tapping into a purchase and removing the Gmail. It seemed to work if you did this for each purchase, one by one. This isn’t easy — for years worth of purchases, this would take hours or even days of time.

So, since Google doesn’t let you bulk-delete this purchases list, I decided to delete everything in my Gmail inbox. That meant removing every last message I’ve sent or received since I opened my Gmail account more than a decade ago.

Despite Google’s assurances, it didn’t work.



Like a horror movie villain that just won’t die

On Friday, three weeks after I deleted every Gmail, I checked my purchases list.

I still see receipts for things I bought years ago. Prescriptions, food deliveries, books I bought on Amazon, music I purchased from iTunes, a subscription to Xbox Live I bought from Microsoft -- it’s all there.



CNBC Tech: Google Purchases
Google continues to show me purchases I’ve made recently, too.

I can’t delete anything and I can’t turn it off.

When I click on an individual purchase and try to remove it — it says I can do this by deleting the email, after all — it just redirects to my inbox and not to the original email message for me to delete, since that email no longer exists.

So Google is caching or saving this private information somewhere else that isn’t just tied to my Gmail account.

When I wrote my original story, a Google spokesperson insisted this list is only for my use, and said the company views it as a convenience. Later, the company followed up to say this data is used to “help you get things done, like track a package or reorder food.”

But it’s a convenience I never asked for, and the fact that Google compiles and stores this information regardless of what I say or do is a bit creepy.

A spokesperson was not immediately available to comment on this latest development.

But it shows once again how tech companies often treat user privacy as a low-priority afterthought and will only make changes if user outrage forces their hand.

Read Original Article...


DNA Data Storage Is Closer Than You Think

Every minute in 2018, Google conducted 3.88 million searches, and people watched 4.33 million videos on YouTube, sent 159,362,760 e-mails, tweeted 473,000 times and posted 49,000 photos on Instagram, according to software company Domo. By 2020 an estimated 1.7 megabytes of data will be created per second per person globally, which translates to about 418 zettabytes in a single year (418 billion one-terabyte hard drive’s worth of information), assuming a world population of 7.8 billion. The magnetic or optical data-storage systems that currently hold this volume of 0s and 1s typically cannot last for more than a century, if that. Further, running data centers takes huge amounts of energy. In short, we are about to have a serious data-storage problem that will only become more severe over time.  

An alternative to hard drives is progressing: DNA-based data storage. DNA—which consists of long chains of the nucleotides A, T, C and G—is life’s information-storage material. Data can be stored in the sequence of these letters, turning DNA into a new form of information technology. It is already routinely sequenced (read), synthesized (written to) and accurately copied with ease. DNA is also incredibly stable, as has been demonstrated by the complete genome sequencing of a fossil horse that lived more than 500,000 years ago. And storing it does not require much energy.

But it is the storage capacity that shines. DNA can accurately stow massive amounts of data at a density far exceeding that of electronic devices. The simple bacterium Escherichia coli, for instance, has a storage density of about 1019 bits per cubic centimeter, according to calculations published in 2016 in Nature Materials by George Church of Harvard University and his colleagues. At that density, all the world’s current storage needs for a year could be well met by a cube of DNA measuring about one meter on a side.

The prospect of DNA data storage is not merely theoretical. In 2017, for instance, Church’s group at Harvard adopted CRISPR DNA-editing technology to record images of a human hand into the genome of E. coli, which were read out with higher than 90 percent accuracy. And researchers at the University of Washington and Microsoft Research have developed a fully automated system for writing, storing and reading data encoded in DNA. A number of companies, including Microsoft and Twist Bioscience, are working to advance DNA-storage technology.
Meanwhile DNA is already being used to manage data in a different way, by researchers who grapple with making sense of tremendous volumes of data. Recent advancements in next-generation sequencing techniques allow for billions of DNA sequences to be read easily and simultaneously. With this ability, investigators can employ bar coding—use of DNA sequences as molecular identification “tags”—to keep track of experimental results. DNA bar coding is now being used to dramatically accelerate the pace of research in fields such as chemical engineering, materials science and nanotechnology. At the Georgia Institute of Technology, for example, James E. Dahlman’s laboratory is rapidly identifying safer gene therapies; others are figuring out how to combat drug resistance and prevent cancer metastasis.

Among the challenges to making DNA data storage commonplace are the costs and speed of reading and writing DNA, which need to drop even further if the approach is to compete with electronic storage. Even if DNA does not become a ubiquitous storage material, it will almost certainly be used for generating information at entirely new scales and preserving certain types of data over the long term.

Read Original Aritcle... 

The SIM Swapping Bible: What To Do When SIM-Swapping Happens To You

MyCrypto and CipherBlade have collaborated on this article to help you understand the dangers of a SIM-jacking attack, and how best to defend yourself against and attack, and how to recover from such an event. This article aims to be a “one-stop” article to read, reference, and share with your friends and colleagues. It's not short, but it's thorough. We encourage you to ask questions and leave comments as you read. Whether you are a newcomer to this space or a long-time security expert, your commentary helps make this guide more comprehensive and keep it up-to-date. If you have more in-depth feedback, start a conversation with us. Note: SIM jacking is also commonly referred to as "SIM-swapping," "SIM porting," "port out fraud," "phone porting," and "SIM hijacking." We use these phrases interchangeably in this article. Of course, SIM-swapping isn’t the only risk that exists in this digital world. It’s a good idea to audit your online security overall, and we recommend referencing MyCrypto’s Security Guide For Dummies And Smart People Too. Table of Contents INTRO: What is SIM jacking? How do they get your SIM / phone number? How do you know if you’ve been SIM swapped? What happens once they get your SIM? PART 1: What to do before you get SIM jacked Reduce the chances of an attacker successfully swapping your SIM Separating Concerns Securing your Google Accounts Securing your Apple / iCloud Accounts Securing your Password Manager Securing your Authy Securing your Telegram Securing ALL The Things Last Step: Prepare Yourself Bonus Round! PART 2: What to do if you literally just had your SIM jacked Panic Correctly Call Your Phone Provider Lock Down Your Accounts Access or Return to Any Accounts You Haven’t Pull Logs From Call your phone provider again File a report with law enforcement PART 3: What to do after you’ve been SIM jacked Inform your network Fully audit & secure literally all of your accounts Do not engage with the attacker Decide What Information to Share with People Decide What Information to Share with the Service Providers of Breached Accounts Protect Your KYC & Identity Documents Accept Some Harsh Realities & Work to Move Forward Consider Hiring Professional Help CONCLUSION INTRO: What is SIM-jacking? Sim-jacking is an attack in which your phone number is migrated away from your SIM card / phone to a different SIM card / phone that an attacker controls. The attacker then uses this access to your phone number, usually via text message, to gain access to your other internet accounts. They do this by “recovering” access to an account (e.g., Google) or in conjunction with other information or access they have (e.g., using a previously leaked password + SMS 2FA). “But I'm not famous / wealthy enough to have this happen to me!” If you are reading this article, we guarantee that you are a potential victim of this attack. It doesn't matter how "famous" you are or how well-known or little-known you are. While there are certain actions that may make you a bigger target, we have seen far more people with increasingly smaller profiles falling victim to these attacks lately. Why? The ROI for attackers getting their hands on your crypto is huge. Crypto is very unique — it's decentralized, it can be easily anonymized, and it has real monetary value. This attack is relatively easy, requires no code, and is becoming increasingly reported upon, inspiring more and more attackers to give it a shot. Basically you right now. In addition, your cryptocurrency isn’t the only thing that can be stolen. 2019 saw a transition from stealing crypto to stealing sensitive data, such as business documents, personal information, or other data. The SIM swappers no longer need to rely on directly stealing funds—they can also succeed via extortion. Lastly, all the information an attacker needs in order to socially engineer a mobile phone provider's support representative is readily available via social media or sites like TruthFinder. Because most people (including possibly you) don’t realize the consequences of gaining unauthorized access to one’s phone number, it’s an area that is not secured in the same way other things can be secured. All of the above results in more people attempting more attacks with more success. In turn, it's not just famous people, the "top 100 influencers," or high-profile traders who are under attack. It's anyone and everyone who is involved in crypto. You are at risk. Accept this. Take action now before it is too late. How do they get your SIM / phone number? One of the reasons SIM-swap attacks have been so successful is that many mobile phone carrier representatives are extremely easy to socially engineer. An attacker can call up your phone provider’s support line, pretend to be you or another authorized party, and spin some story to get the support agent to transfer your number to the attacker's SIM. If they run into any friction, the attacker hangs up and immediately tries again with the next support agent. While this shouldn’t be possible, especially if you have a PIN number or other protection enabled, it still is. Unfortunately, there is no fool-proof way to prevent your phone number from being ported. Support agents aren’t trained on this type of attack and are able to migrate your phone number, regardless of the information “you” provide or don’t provide. 99% of their calls are from people who legitimately broke their phone or got a new phone and need this action taken. Support agents are typically paid next to nothing and their performance is judged by computers. There is little incentive for them to protect you from an attack they know nothing about, and a high incentive for them to help "you," keep "you" happy, and keep their average call times down. To make matters worse, any notes on your account are not prominently displayed to support agents and are completely inaccessible to them if you have an additional PIN / password on your account. Yup, that’ll solve it. How do you know if you’ve been SIM-swapped? You may receive a call or text from your phone carrier’s support agent if the attacker disconnects in order to try again. Typically they’ll say something like, “Sorry we got disconnected...” Don’t ignore this! They were just talking to someone who was pretending to be you. You will suddenly and unexpectedly have NO cell reception. None whatsoever. Restarting your phone doesn’t resolve. You may have notifications that came through before your phone lost service or if you still are connected via Wi-Fi, like emails from your phone carrier or password reset emails from various services. You may have a system notification stating that you can no longer access a phone-level account (like your Apple ID or Google account) and need to re-enter your password. On Android, you may have a “this account was added to a new device” notification. On iOS or your Mac computer, you may have a "are you attempting to log in from Los Angeles, California?" pop-up. If you use any non-SMS 2FA mechanisms that have push notifications (e.g., Microsoft Authenticator, Apple), you may have a “here’s the code you requested” or “are you trying to log in?" notification. What happens once they get your SIM? They start “recovering” access to your accounts one-by-one, gathering data, personal information, passwords, and a list of products and services you use as they go. Let’s look at one SIMple example. Keep in mind, this is not a comprehensive look at what an attacker could do to you. An attacker successfully gets your phone number on their device, allowing them to receive all your incoming text messages and phone calls. The attacker attempts to log in to your primary Google account and clicks “Forgot password?” The attacker clicks “Try another way” until they get to the “Get a verification code sent to (XXX) XXX-XXXX” screen. The attacker receives the SMS sent to your phone number that they now control and successfully resets your password and gains access to your Google account. The attacker changes your phone number and recovery email to ones that only they control, ensuring you cannot easily regain access to your account. The attacker looks through your email and sees emails from Coinbase and Kraken. The attacker goes to these exchanges, clicks “Forgot Password?,” and enters your email address (that they now control). The attacker withdraws all your crypto from your exchange account to their own crypto addresses (approving all trades and withdraws because they have access to your email and text messages). The attacker buys more crypto with any USD holdings you have, linked credit/debit cards, or linked bank accounts. If these transactions are processed before you regain access to your Google or exchange accounts, your bank account will be emptied, sold for crypto, and in the attacker’s sole control. Note: because the attacker has access to your email and SMS, they are able to intercept and then delete any emails or texts regarding your new password or withdrawals. This means you may not realize which accounts have been accessed or emptied until much, much later. Needless to say, it is incredibly damaging, especially if a bad actor is able to take over a critical account—think Google, Apple, or your password manager—that allows them to gain access to other accounts. PART 1: What to do before you get SIM-jacked There is no guaranteed way to prevent your SIM from being swapped. Therefore, we must approach this from two angles. Reduce the chances of an attacker successfully swapping your SIM. Reduce the consequences if your SIM is indeed swapped. The actionable items described below should take you three or four hours to complete. Please, take the time to secure yourself and your cryptocurrency. If you don't, perhaps consider that these decentralized, irreversible assets may not be a good fit for you right now. We applaud you for making it this far. You’ve invested more time into educating yourself about personal security than most. This is essential in a space where there is no centralized party, government, or bank to fix things if they go wrong. Reduce the chance of an attacker successfully swapping your SIM Depending on your phone carrier, you will typically have the following options for authorizing the transfer of a phone number to a new device: A numerical passcode, like 1234. Except, please don’t use 1234, nor the last four of your social, nor your birth date. A passphrase, like “password1234.” Except, please don’t use “password1234,” nor your pet’s name, nor a password you use elsewhere. Requiring in-person presence at a store with government issued ID. Obviously, #3 is the best option. We've worked with dozens of people who have been SIM-swapped and we have yet to see an attacker successfully swap a SIM in-store, with ID (although we do know of one case where it was attempted). This makes sense as it requires a lot of risk and effort on the part of the criminal. The downside is that mobile carriers have not established a sterling reputation for adhering to any of these security measures and, even if they do “put a note on your account,” it does not mean that the support agent who handles a call regarding your account will heed the request. Nonetheless, these steps are still worth taking, as it reduces the likelihood of a successful attack, makes it harder and more time-consuming for the attacker, and gives you the ability to prove you took these steps, which can allow you to pursue a civil case against your phone carrier, such as the one Michael Terpin has filed against AT&T. Action Items Log into your mobile phone carrier account and change your password to a strong, unique password. Enable 2FA or an additional PIN or passphrase if you can. In any unused fields, like middle name or address #2, add your own notes. Like: “DO NOT SWAP SIM” or “REQUIRE IN-STORE VISIT FOR ACCT CHANGES!!” or “DON’T YOU DARE PUT MY # ON A NEW PHONE!” If you have multiple people on the account, see if you can remove yourself as a person with authorized access to make account changes. Imagine you are an irresponsible 12-year-old teenager and the other person on the account is your mom

READ ORIGINAL ARTICLE... 
Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted

download