Heartbleed: Free Tool To Check if That Site is Safe

I’m sure you’ve heard the news about Heartbleed by now (unless you’re in vacation wonderland and have taken a tech break). This is a serious vulnerability in the core of the Internet and is something we all should be concerned about.

heartbleedHeartbleed is a kink in encryption software, discovered by security researchers. It is a vulnerability in OpenSSL and could affect nearly two-thirds of websites online. If exploited, it can leak out your passwords and login names, thus putting your personal information at risk.

That’s why McAfee, part of Intel Security, is responding to the dangerous Heartbleed vulnerability by releasing a free tool to help consumers determine if a website they visit is safe or not. You can access the tool, here: http://tif.mcafee.com/heartbleedtest

McAfee’s Heartbleed Checker tool works by entering any website name to find out if the website is currently vulnerable to Heartbleed.

Steps to protect yourself:

  • Go to McAfee’s Heartbleed Checker tool http://tif.mcafee.com/heartbleedtest and enter any website URL to check if it’s vulnerable.
  • If the site is deemed safe your next step would be to change your password for that site. Remember, changing your password before a site is patched will not protect you and your information.
  • If the site is vulnerable, then your best bet is to monitor the activity on that account frequently looking for unauthorized activity.

Once a site has been patched so it’s no longer vulnerable to the Heartbleed bug, you should change your password. Here’s some tips to remember:

  • Use strong passwords that include a combination of letters, numbers and symbols and are longer than 8 characters in length – heck the longer the better. Below is a good animation on how to create a strong password.
  • Use a password manager, like McAfee SafeKey which is included with McAfee LiveSafe™ service that will help you create strong password and remember them for you.
  • Use two-factor authentication for increased security. You get a one-time code every time someone tries to log into the account, such as those for banks, social networks and email.

Heartbleed aside, passwords are more vulnerable than ever, and just in general, should be changed every 90 days for important accounts. And remember, if your information was exposed, this is a good time to watch out for phishing scams.

A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website.  And if your information is compromised, even if it’s just your email address, scammers could use this to try and get your other sensitive information.

Remember, in this day and age, we all need to be vigilant about protecting ourselves online.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

VPN for Online Security: Hotspot Shield

Online users need a VPN (virtual private network), a kind of service that gives you online security, and Hotspot Shield’s service has a free version. A VPN hides your device’s IP address and interferes with any company trying to track your browsing patterns.

7WMany online companies take peoples’ data without their authorization, and then share it with other entities—again without the user’s permission. A virtual private network will put a stop to this invasion.

Thanks to the fiasco with Edward Snowden and the political messes happening in Venezuela and other parts of the world, many people are turning to VPN services like Hotspot Shield. When you surf the ‘Net on a public network (including using social media), your personal information is up for grabs in the air by vultures.

Why is VPN online security important?

Your personal data is out there literally in the air, to get mopped up by Internet entities wanting your money—or oppressive governments just wanting to snoop or even block internet access to the rest of the world. If you use your device when traveling, you’re at particular risk for suffering some kind of data breach or device infection.

The unprotected public networks of hotel, airport and coffee house Wi-Fis mean open season for crooks and snoops hunting for unprotected data transmissions. The VPN protects these transmissions of data.

In fact, Hotspot Shield was used to escape the prying of government online censors during the Arab Spring uprisings. This VPN has been downloaded hundreds and hundreds of thousands of times.

This VPN service comes with periodic pop-up ads and some banner ads for the free version, but the $30 per year version is free of ads and has malware protection.

What else does a VPN like Hotspot Shield do?

Users are protected from cookies that track where the users visit online. If your online visits are getting tracked, this information can be used against you by lawyers and insurance companies. And who knows what else could happen when tech giants out there know your every cyber move.

More on Hotspot Shield’s VPN

  • Compresses bandwidths. All the traffic on the server side, before it’s sent to the user’s device, is compressed. This way users can stretch data plans.
  • Security. All of your online sessions are encrypted: HTTPS (note the “S”) is implemented for any site you visit including banking sites. You’re protected from those non-secure Wi-Fi networks and malware.
  • Access. Think of the protection as a steel tunnel through which you access the Internet.
  • Privacy. Your IP address is masked, and so is your identity, from tracking cookies.

Hotspot Shield is compatible with iOS, Android, Mac and PC. It runs in the background once it’s installed and guards all of your applications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

McAfee Labs 2014 Predictions

As we wind down the year, it’s a time to reflect, but also to look forward. Some of us may be thinking about resolutions and what we need to do in the upcoming year—exercise more, eat better, have better work/life balance, etc. Others of us will be thinking about how we’re going to ring in the New Year.

This time of year the McAfee Labs™ team is busy looking at what the new threats are going to be and what are new trends they expect to see. Today they released their 2014 Threat Predictions, and here’s what they believe will be in store for us:

Mobile Malware

While this is not new, this category of malware is growing like wildfire and McAfee Labs sees no slow down on this in 2014. And besides continued growth in this category (mostly on the Android platform), they believe that some  types of mobile attacks will become prevalent.

One of these growing attacks is ransomware targeting mobile devices. Once the cybercriminal has control of your device, they will hold your data “hostage” until you pay money (whether that’s conventional or virtual, like Bitcoin) to the perpetrator. But as with traditional ransomware, there’s no guarantee that you really will get your data back.

Other mobile tactics that will increase include exploiting the use of the Near Field Communications (NFC) feature (this lets consumers simply “tap and pay,” or make purchases using close-range wireless communications), now on many Android devices, to corrupt valid apps and steal data without being detected.

Virtual Currencies

While the growth of Bitcoin and other virtual currencies is helping promote economic activity, it also provides cybercriminals using ransomware attacks with a perfect system to collect money from their victims. Historically, payments made from ransomware have been subject to law enforcement actions via the payment processors, but since virtual currency is not regulated and anonymous, this makes it much easier for the hackers to get away with their attacks.

Attacks via Social Networking Sites

We’ve already seen the use of social networks to spread malware and phishing attacks. With the large number of users on Facebook, Twitter, Instagram and the likes, the use of these sites to deliver attacks will continue to grow.

In 2014, McAfee Labs also expects to see attacks that leverage specific features of these social networking sites, like Facebook’s open graph. These features will be exploited to find out more information about your friends, location or personal info and then be used for phishing or real-world crimes.

The other form of social attacks in 2014 will be what McAfee Labs calls “false flag” attacks. These attacks trick consumers by using an “urgent” request to reset one’s password. If you fall for this, your username and password will be stolen, paving the way for collection of your personal information and friend information by the hacker.

2014ThreatPredictions

Here’s some security resolutions to help you stay safe online in 2014:

  • Strengthen your passwords: If you’re still using easy to remember passwords that include your home address and pet’s name, it’s time to get serious about creating strong passwords that are at least eight characters long, and a combination of numbers, letters and symbols. Don’t include any personal information that can be guessed by hackers.
  • Don’t open or click on suspicious emails, text or links: By simply opening an email with a piece of ransomware within it you could be leaving your devices vulnerable to hijacking.
  • Be aware when downloading apps: Since apps are the main way mobile malware is spread today, make sure to do your research before downloading any app and only download from reputable app stores.
  • Limit your use of NFC, Wi-Fi and Bluetooth: If your phone has NFC capabilities, you may be unaware of default settings. Turning this feature off, as well as turning off Bluetooth and Wi-Fi connections, will not only help you save battery life on your devices, but prevent attacks from hackers looking to exploit your wireless connections.
  • Check your bank statements and mobile charges regularly: This way, you can discover and report any suspicious charges
  • Install comprehensive security on all your devices: With the growing amount of threats that we’re seeing, you want to make sure that your all your devices (not just your PC) are protected. Consider installing security software such as McAfee LiveSafe™ service that protects your data, identity and all your devices (PCs, Macs, smartphones and tablets).

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

12 Ways to hide Online

If you feel paranoid about online surveillance, there are ways you can significantly shrink your cyber presence so that it’s more difficult and expensive for anyone and even big intelligent agencies to monitor your online activities.

2P1. End-to end Encryption

This tactic encrypts your data from the beginning point of communication to the receiving end. The tool of choice for you and your message-recipients to install is OTR (off-the-record) messaging. This start-to-finish encryption will keep snoopers in the dark.

2. Maximal Encryption

If you can’t do end-to-end, at least encrypt as many communications as possible. This can be done with EFF’s HTTPS Everywhere browser add-on for Firefox or Chrome. It maximizes amount of data that you protect by making Web sites encrypt Web pages when possible. Encrypt your USB flash drive with TrueCrypt.

3. Encrypt Hard Drive

Latest versions of Macs, Windows, Android and iOS have ways to encrypt local storage. Turn this on so that anyone who uses your computer can’t copy its contents.

4. Strong & long Passwords

Forget short, easy to remember passwords like the name of your pet. Make them very long—all passwords. A password manager will eliminate having to remember a bunch of super long passwords. Diceware.com will help you create an unforgettable, strong master password.

5. Virtual private network software

Unencrypted data is highly vulnerable to prying eyes. Use a virtual private network (VPN); this ensures that all online transactions (e.g., filling out forms, downloading, shopping) are secured through HTTPS.

Hotspot Shield VPN is free and reliable, available for Mac, PC, Android and iPhone. This service also encrypts all mobile data and protects the user’s identity. VPNs can also be used for visiting sites you don’t trust much.

6. Use Tor

Installation and use of Tor will conceal your origins from mass and corporate surveillance. Giants like the NSA do not like Tor, and there’s a reason for that; it works.

7. Two-step authentication

This involves typing in a password and then a routinely altered confirmation number to protect against attacks on cloud and Web services.

8. Never click Attachments
Your computer can be hijacked when you click on a link sent via e-mail—a link accompanied by a hyped up message that’s designed to get you emotional rather than logical. Tell your friends and family to send you information in text whenever possible. If they must send a file, double check that it’s really from them.

9. Don’t open Emails with a blank Subject Line

An e-mail with a blank subject line may be an innocent lapse in judgment from a person you know, but the blank subject line is also a possible sign of a virus attack waiting for you if you open the e-mail.

If you receive blank subject lines apparently from someone you know, send a message to the sender by creating a new message and asking if they just sent something. Require everyone you know to fill in the subject line.

10. Anti-virus, updated software

Make sure your computer has anti-virus software and that it’s always kept up-to-date.

11. Be an ally
Teach others all you know about hiding online. Even install for others tools like Tor. Ask them to sign up for Stop Watching Us to guard against mass spying. Throw a “cryptoparty.”

12. Offline data

Keep your most secret data written down in a notebook and place where nobody would think to search for it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Holiday Shopping: Beware of Unethical Online Merchants

We have all encountered a sales clerk who was rude, a customer service representative who was incompetent and an online purchase that went south. Even I’ve been scammed out of an entire order and spent dozens of hours trying to get a return on another.

But when it comes to outrageous and shocking, including threats of violence and outright fraud, this story takes the cake.  An online merchant based in Brooklyn New York retailing designer sunglasses, some counterfeit and some real, thrives on bad customer service, over charging, making threats, stalking and abusing clients into giving up the fight over what’s right.

The merchant prides himself on getting negative feedback on consumer advocacy and review sites such as Get Satisfaction, ComplaintsBoard.comConsumerAffairs.com, RipoffReport.com, Yelp and Epinions.

He thrives on – for example “DO NOT ORDER ANYTHING FROM THIS COMPANY. This has been the most horrific experience EVER. I have extensive knowledge of website management and customer service, and they pretty much break every rule imagined. They are a total scam

The strategy of negativity gets this merchants website ranked high on search when listed with all the different opinion sites. Google and other search engines often rank a website to show on the first page of search based on how many links point to it from other prominent sites. So even though all the negative links are pointing to the unethical site from opinion sites, it still ranks on the first page of search helping its sales.

Beware of making purchases on any website based on how they rank in search. Even a first page organic hit can lead to a scammy company.

Learn from others bad experiences. ALWAYS search “Name Of Company” in Google before you make a purchase. The review sites almost always show on the first page of search when “Name Of Company” has been blacklisted.

More on THIS STORY.

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.