Tag: security

Posted on

Prevention and protection from Scams

And so we turn to passwords and online security. I’ve dealt with this at some length previously in a post entitled “Keeping safe online” which I last updated in May 2023, and although much of it is still relevant and most, if not all, of the links are still working, I thought to write something from scratch, rather than do another edit/revision.

I’m going to skip to the content at the end of the article referred to above and pick-up the theme of Passwords, Passkeys and Two-Factor Authentication (TFA).

First-of-all – you want a fright? Try typing your favourite password(s) – you do have more than one, don’t you? – into this website.

Secondly, check to see just how vulnerable your email address might be, using …

Screenshot

… go to haveibeenpwned? – and if you want to know what pwned means, and how to pronounce it, look here. If a service you use is in this list, you seriously should change your password!

Another approach is to use a tool that looks at your “digital footprint” to examine where you might be exposed. Such a tool is this one from Malwarebytes.

So that’s got your attention, right? You really need to deploy/use a Password Manager to hold your passwords – preferably one that is usable/consistent across all your devices. Two such products are 1Password and Dashlane. Both of which get very good reviews.

The alternative to using a Password Manager application is to use the password security offered by your browser. In Apple’s case this is iCloud Keychain – which stores the passwords – with its associated Passwords app; in Google’s case this is Google Password Manager. Both of these now offer support from one ecosystem to the other – so multi-platform users can choose one or the other. Microsoft also offer a Password Manager using the Edge browser, but its features are possibly not as well developed as those of Apple or Google, nor of dedicated password manager applications such as 1Password or Dashlane which score best with users who have a mixture of Microsoft, Apple and Google devices and applications.

And now we have Passkeys. When assessing whether you want to move to a Password Manager, you MUST check that the chosen one supports Passkeys as defined in the FIDO Alliance …

… and the key to its success and inter-operability is its integration with biometric signatures. So Passkeys are the platform for increased and improved internet security and should be welcomed with open arms – for Apple, for Google and for Microsoft.

If a Passkey can’t be employed on your favourite website, or even if they are, you may be asked to use 2FA (two-factor authentication). Using this means that when you’ve typed in your username and password you’ll be challenged to provide a code from a mobile phone, an authenticator app such as Google Authenticator, or go to another app (particularly if its a Google app), and do that extra second step (hence 2FA) to authenticate you are who you are.

We’re entering the passwordless world. It’s long overdue!

Finally, some other links to help you navigate the digital security world.

7 phone apps you need to secure right away – if you value your privacy – this could have formed the basis of an article in itself. It’s important to just check you’re doing the best you can to secure your favourite apps.

Best antivirus: Which? Best Buys and expert buying advice – a review for both PCs and Macs of anti-virus software – of course you could just be relying and using Windows Defender (for Windows) or nothing at all (if on a Mac), both of which are acceptable decisions, which then leads into …

Everything you need to know about cybersecurity basics – an inventory of terms, some with links to free tests, and the option to purchase tools. The definitions of terms are good.

Online learning events from the u3a – especially a recurring event “Staying Safe Online – A u3a Presentation with Q&A”

Posted on

Notes of Hybrid meeting – 8th September 2022

Our new home??
Room layout at Sight Life

Back (almost) to normality. Thanks Jim for the two shots that show how we set up the room for the meeting, with quite a lot of room unused, both towards the windows, and behind the people sat at the tables.

We welcomed Tony Baines to his first meeting and noted the “virtual” presence of David Hughes, Renee, Jenny and latterly Fred. Paul would also have been with us on Zoom but for Dolly breaking her arm and being in A&E – we wished her well. Apologies were received from Mike Payne, Mike Chapple, Sally Semlow, Margaret Lewis, Ann, Christine and Don.

I started the meeting by describing the trials and tribulations of trying to get URC to install 4G Mobile WiFi which would if it had been installed, meant that we might well have stayed in the Upper Room. However I pointed to the tea and coffee offered to us at Sight Life as an additional bonus to the good WiFi we would now be take advantage of. This will be our home until Christmas at least and we look to having a full room after the “Meet the Groups” event on October 11th. I asked if anyone would be willing to assist on the Computer Group desk and after the meeting John, Jonathan and Sianed volunteered. Thanks.

I suggested that we did the “issues and updates” first because I had such a lot of “news” – all posted on Flipboard since our last meeting. I also noted that it was a bit Apple-centric (as usual, some might say) and wondered whether any member might like to offer a different and wider perspective. Jonathan volunteered to take a look at Microsoft/Windows news. I committed to helping setting up a workflow to help him. So … what were the “issues and updates”?

Jonathan had a real issue with his laptop (having dropped it). He was using his wife’s for the moment and Neil is currently trying to source a replacement screen for him. He expects it to cost £180 which just about makes it an economic proposition for a four-year old laptop. In addition he’d been having difficulties (prior to the accident) with Lightroom and I had been trying to assist him with that. Otherwise his grandson was providing tuition device _ something I think we can all say “yep! That sounds about it.”

Ralph had done quite a large hardware swap out and was now concentrating on getting more out of his new phone. I commented, and others agreed, that there were a lot of features on the iPhone I was not making use of, and didn’t know how to use. I suggested that we might have an in depth session on using iOS and Android mobiles as soon as possible. Ralph commented that we used to expect a standardised interface, but that it now allowed so much more personalisation. That’s great for those who are open to change, but perhaps that’s not so readily possible for those of us third agers! Sianed made a comment about Siri not recognising her voice. We offered the possibly light-hearted suggestion that she tried speaking in Welsh. We await the report back!

Tony had (at the beginning of the meeting) given us a brief insight to his use of IT and then presented us with a problem of Word maximising on his screen (when he didn’t want it to). We all offered solutions, but in the end he found the solution himself!! He also re-enforced the suggestion to learn more about what he could do with his phone. Noted! He then described a problem he was having with the VPN installed as part of his MacAfee security suite. He asked whether it was needed. That led to a discussion on the use of VPNs, whether they were necessary or not. I expressed the view that even though I’d purchased a copy of the NordNet VPN, I was of the opinion it wasn’t really necessary for our type of use. It obviously was of value to have installed on your mobile device(s), but not really on your desktop. Even then, if you didn’t do more than web browsing and email when out’n’about, it probably wasn’t needed. It was however commented that one value of a VPN was to “spoof” your location by choosing a VPN server in a different country. You can then, for instance, view iPlayer and UK-TV when in Australia! We then had a discussion on how to uninstall MacAfee (or Norton, or Kasperski security suites) as they all seemed to leave “stuff” behind after the uninstall. I followed this up with some suggestions to members on what to do in emails. [We possibly need to cover this in a meeting as well.] Finally Tony raised an issue on the use of organising his Gmail. Members suggested a number of options, including labelling. I offered the suggestion that archiving everything and starting from scratch using Folders might be the best idea.

John had a “flash new iPhone” that he was coming to grips with. He also expressed his views on Edge, he didn’t like it. We reminded him that there were plenty of alternatives, and for Tony’s benefit I mentioned that I’d done a review of browsers and search engines at the end of the last session.

Stella had installed Windows 11 and all was well so far. She told us about Lebara (a Vodafone 4G service) currently available for 1p per month for a number of months and then £4.99 – sounds a good 3Gb SIM-only deal!

Steve had also had an IT-refresh including a new iPhone 11, and noted that Chrome was quick. [Yes it can be, but it slows down if you don’t clear your cache out.] He’d invested in more iCloud storage (50Gb) – a good choice (imho). He’d got Bitwarden, and Nordstream as a VPN and wondered whether to use it (see comments above).

Jim had a problem with his new 1Tb external SSD in that it was losing EXIF data from photos. He’d taken the advice to re-format his drive as NTFS and the problem had gone. Sorted!! He’d also had a curious problem of a laptop draining power when a USB disk had been left connected to it. The only reason for this I could suggest was that the disk was “polling” to see if the laptop was switched on.

Renee had negotiated a new contract with VirginMedia and had saved some money (so had I just recently).

Jenny reported that her iCloud storage had filled-up, but she had been able to increase it with the help of her daughter. She enquired how safe it was to use a mobile device in a cafe. I said completely as long as you didn’t do anything that you wouldn’t sensibly do, ie financial transactions, or anything involving sharing personal information. I also expressed the view that it was unlikely that any of us would be “targets” of anyone wanting to get our information. So generally speaking – relax!

Sianed reminded us that the paper £20 and £50 notes were soon to be taken out of circulation, and the non-barcoded stamps would be not able to be used after January.

I reviewed a couple of things that I had reported to the group on Signal over the summer and then went through the items that I’d put up on Flipboard. I encourage members to go and have a look at what’s been happening, particularly with the new Apple devices. I did however discuss the recent scam/fraud reported on Twitter involving Santander and a journalist. I promised to write a specific blog post on the issue, but in the short-term I suggested that members did not keep their credit/debit cards in the same wallet as their iPhone (and probably Android phone for that matter), and secondly that they investigate and implement locking their SIM to their phone. This would mean that a SIM taken out of your phone with your information on it, could not be used on another phone.

Posted on

Home networks – some notes

I’ve written and talked about this subject on a number of occasions. I’ll bring these together in one place, before delving into the specifics of router configuration which prompted the subject for the meeting on Feb 4th, 2021.

For many of us home networking means WiFi, and the first article I wrote was on the subject of “Flaky WiFi” on October 11th, 2016. Members of the group had commented on their WiFi connection appearing to drop and in this article I tried to explain how all the bits and pieces hung together and how you could test your network to see it was working the way your Internet Service Provider (ISP) was proclaiming it should be!

Then, later on (January 26th, 2017), we discussed “Broadband speeds, WiFi routers (their type and security), and extenders or boosters” and as the title suggests we focussed on networking in the house and how it is provided by Internet Service Providers, such as VirginMedia, BT, Sky or TalkTalk.

I described “How the Internet works” in this post on June 29th, 2017, with links to a few videos and policy documents which hopefully explain the topic better than I could. Not much has changed since then; IPv6 is still to appear in the domestic market, so we still use IPv4 for internet addressing.

Finally, on July 27th, 2020, I wrote about “Improving home network performance” which is really what I’m going to revisit in this post.

So … what do you need to take a look at?

On your router:

If you’re using an integrated modem/router – often called a hub, typing in the IP address 192.168.1.1 will bring up a screen something similar to this …

… mine is different because I’ve disabled the router functionality so that I can use my own router – a Netgear Orbi Mesh Network – so to just access the modem part of MY hub I use the IP address 192.168.100.1. You can see from the above that only the Modem is active.

So for most users with an integrated modem/router, the first thing you need to be able to do is to access your Router’s Admin Dashboard. This article explains how to do it using the cmd prompt in Windows, but it is probable that your hub/router has an application you can start to do this, or that you can access it from a browser window. For most you would just enter the IP address 192.168.1.1 and supply the UserID admin and the password that I’ve created – the default is quite commonly ‘password’, so you ought to change that!!!

The above screen is for my mesh network, but non-mesh would be similar. Clicking on Internet will give you the ability to change some of the settings for your connection.

Of these the most useful to change is the Domain Name Server (DNS) – these are the servers that translate a URL (eg thoughtgrazing.org) into an IP address. I’ve chosen to replace the default DNS supplied for my VirginMedia (ie 194.168.4.100) Hub (I’ve disabled the router functionality on the SuperHub so that it only acts as a modem) for two servers run by Google (1.1.1.1 and 8.8.4.4). The reason I’ve done this is that these servers are replicated around the internet and will almost certainly be closer to my router than VirginMedia which I think the closest one is in Bristol.

All the other settings can probably be left as they are. The next option is where you configure the name of your network and the channels you’re going to use.

If you don’t like the name supplied to your network by your ISP, you can change the SSID. I did to make it a little more meaningful. You should then consider changing the 2.4Ghz Channel. If you can set the channel to Auto – you should do so because generally the router will then find the best channel for your network. If that’s not possible and you have found your WiFi to be “flaky” due to you and your neighbour using the same Channel(s), try setting the channel manually to one that’s not being used. The article I mentioned before describes how you can find the best Channels for a Mac, and this one identifies a Windows Tool that does the same thing – there’s a Download link at the bottom of that documentation. Here’s an article that describes all the possibilities.

Generally 2.4GHz has a wider range of signal but lesser bandwidth (throughput), and 5Ghz the opposite – shorter distance, but higher bandwidth. On my system my 2.4GHz channel gives me 400Mbps and the 5Ghz channel 866.7Mbps.

You’ll want to look at your Security Options and make sure that you choose the best for the devices that you’re going to connect to your router. Generally, for a home network, WPA2-PSK [AES] should be sufficient.

This article from the Apple website provides a very thorough and detailed examination of what settings you should deploy for your router, and why. Worth a read, even if you’re not an Apple Fanboy!

On your device …

Make sure the security settings match that you’ve just set on your router; remember the SSID and Password you’ve created, and re-connect to your network.

And that’s about it … I hope. Questions??

Posted on

Sextortion, Have I been pwned and Password Managers

We’ve discussed this a couple of times now this term, so I was interested in seeing it pop-up on the BBC website. Here’s the link to a short video …
www.bbc.co.uk/news/stories-46323625
I’ll be looking at password managers next time, but in case you can’t make it, I’ll write-up a post as well. I use LastPass, but there are others. I also pay a small amount for it so that it can be used on more than one device.

Posted on

How much do you know about computer fraud?


Recently in a U3A meeting we discussed Computer Fraud. We often do, or so it seems. If it’s not fraud, it’s security online, or scams and what’s done with our data … but more about that later!!!
This short post is just to alert people to a simple, short quiz (or test) that has been produced in conjunction with the UK Government to help people recognise fraudulent activity.
Go to this website, satisfy yourself it’s genuine and is a government backed initiative, and take the test and see how you do. According to the Daily Mail – so it must be true – only 9% of people taking the test were able to accurately recognise all the scams and false messages, that despite a claim that 80% felt that they were able to recognise a fraudulent message.
For further guidance try this link.

Posted on

Let's start at the beginning …

So … you’ve dipped your toe in the water, got that computer that your son/daughter has persuaded you to get, allowed the telecommunications company to install broadband in your house with that WiFi thing and you don’t exactly know what to do with it – apart from send them emails to say you’re still alright and still alive – and oh yes,  there’s online shopping – that must be a good idea.

I don’t intend to replicate by way of providing a guide all the things you should or should not do as a silver surfer, just point you in certain directions and provide as impartial follow-up advice as I can, should you require it. Therefore what follows is not a comprehensive guide to getting started, just some of the things that appear to me to be most important. At the bottom of this post I provide links to some resources that are a) reputable, and b) authoritative which I would encourage you to also look at.

So we start with Internet Security and Safety Online. Yes, I know it’s not exciting, and yes … it’s a bit scarey as well. I’m not trying to put you off before you even start but it is important to get the basics of security and safety right, at the beginning, because habits picked-up when you start something have a habit of providing a good basis for ongoing practice. Now … didn’t my mother say something similar to that many, many years ago!

The basics are very simple actually and can be summarised in one sentence. Don’t do anything online that you wouldn’t be prepared to do with a stranger you’ve met for the first time in the street, or in a shop. In practice of course it’s a little bit more complex and so a few guidelines follow.

1) Everything falls apart if you don’t have a strong password to anything you do online. Your password is like the key to your front door. You wouldn’t give that to a stranger, or make it easy to find under the doormat, so why put so little value on your password? Furthermore, why use one key to unlock all the doors in your house (online information). Make it a bit more difficult for the burgler (hacker) by using different keys (passwords). But creating and more importantly remembering lots of passwords is a bit of a pain and so my suggestion for a password is to think of a phrase that means something to you and then create the password from it using a combination of letters, numbers and “odd” characters and then add a couple of letters to that to distinguish the site you’re accessing with that password from any others you might use.

So, an example. The phrase … “Cardiff won the Cup once in 1927”, and the site … say “Amazon”. For this I might construct a password like this – “Amzn_Cwtc01n27”. Replacing the vowels o and i with 0 and 1, and changing “nineteen” (as you would say the year) to “n”. Using a technique like this would make your password both unique and very difficult to guess … as long as you didn’t give it to anyone else.

By the way, I wouldn’t recommend basing a phrase on a hobby, or anything connected to you – so the example above would not be a great idea for a Cardiff City fan!

I’ll return to this theme a little later on when I post about Password Managers, a really useful tool to assist the “little grey cells” that have difficulty remembering passwords.

2) Don’t give away information you don’t really think the person asking for it really needs to know! I remember being really shocked when a colleague once told me that he had for years been providing incorrect information when shops required a post code, telephone number or address. However when you think about it, they usually only want it for marketing purposes and once they have it … do you have ownership of it anymore? Can you be sure they haven’t sold it on? Of course, it’s much better to just refuse to provide the information in the first place and I’m really not advocating dumping unwanted communications on some poor imaginary soul in Thornhill – but … ??? Similarly your date of birth is perhaps the single most important piece of personal information that you hold. Don’t give that away easily.

3) Have more than one email account. Keep one private for friends and family. Use the other(s) when asked for online. At the very least this will reduce the amount of spam (unwanted messages) you receive; at best this may stop your online identity being stolen (someone posing as you) and your email being hacked (broken into). Some email providers (certainly Yahoo! and Google) allow you easily to setup disposable email addresses on your account. [Psst – researching this has been useful for me too! I didn’t know how to do this with gmail until I wrote this post.]

4) Be very careful in the links you follow. Phishing is a very disturbing and distressing presence on the internet. You’re drawn into clicking on a link on a webpage and from there … the consequences are many. Be realistic … do you have an unknown relative in Georgia? Should you be sending online gifts to Africa  – how do they know your email address anyway (see 3 above)? Is it likely that the Revenue, Insurance Company, Bank would approach you online offering to give you money. Be very aware. Be very careful!

As I said before, this is really only a gloss over the subject. Boring it may be, but essential it most certainly is. The following links are generally authoritative, mainly UK-focussed and worth more than a glance.

Advice from elsewhere:
The Guardian – Eight ways to protect your privacy online
McAfee (Internet Security specialists) – 10 tips to stay safe online
Get the facts” from the Metropolitan Police
Get Safe Online – a very authoritative and useful UK organisation
Age UK has some useful advice too for Internet Security and
Microsoft have a couple of useful pages on What you need to know about your information the Internet, and how to Protect your Privacy on the Internet.

[Some of these links may not work anymore due to the age of the post!!!]