Posts

What is a Cache?

Perhaps someone has told you that you need to “clear your cache,” but what does this mean and why should you do it? A cache is a folder of recently visited webpages, which is stored on your computer’s hard drive, and maintained by your Internet browser.

1DThe purpose of a cache is to speed up the loading of webpages. Your computer’s hard drive collects data from websites that you visit, so that when you visit them again, certain aspects of the previously visited pages (such as graphics) don’t have to be reloaded the next time, and this makes the loading time a little bit shorter.

But the space your cache has on your hard drive is limited, and over time, it can get congested. Data that hasn’t been accessed for a while gets tossed out to make room for new data from the new pages that you visit.

And sometimes, the cache process doesn’t work properly. The result is an incompletely loaded page, or a page that looks odd because it’s supposed to load new content but it’s showing old content. (Sometimes, page loading problems aren’t caused by a faulty cache, but this is such a common cause that you’ve probably heard people say, “You need to clear your browser’s cache.”)

So, now you know what a cache is, here are some specific steps to clear it on different browsers:

How to clear your cache in Chrome:

  • In the upper right of the browser click the little icon that says “Customize and control Google Chrome” when you hover over it with your cursor
  • Click History
  • Click “Clear browsing data”

How to clear your cache in Internet Explorer:

  • In the upper right of Internet Explorer, click the gear icon or “Tools”
  • Click Internet Options
  • Under “Browsing History” you’ll see a delete button; click that.

If you use another browser, and there are a few, search online for instructions on how to clear your cache.

Another option you have is to use software (free or paid) designed to clean the clutter from your computer and devices. These programs often work well, but sometimes they work too well and clean more than they are supposed to. It’s always a good idea to backup your information before cleaning your computer.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

What is the Cloud?

You’ve probably heard of people storing information in “the cloud,” but what does that really mean, and is it safe to put your data there?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294The cloud is best described as a network of servers offering different functions. Some servers allow you to store and access data, while others provide an online service. You may be familiar with “cloud services” offered by companies such as Google and Adobe.

The term “cloud” comes from cloud computing, which is essentially using a group of computer resources to maximize their effectiveness.

The cloud is now comprised of millions of servers worldwide, and chances are you access it on a regular basis. For instance, you may have uploaded a picture from your smartphone to Instagram, which stores images in the cloud, or you could be using cloud storage service.

Because the cloud allows you to upload and access data and services from any Internet-connected device, it’s certainly convenient, but that doesn’t mean that it’s always safe.

Many worry about hackers getting into clouds, especially ones in which the services do not offer two-factor authentication. (This is when you need two different components to gain access to an account, such a something you know, like a password, and something you have, like a unique fingerprint.) Another potential vulnerability is that hackers might intercept data as it’s being sent to the cloud, especially if that data isn’t encrypted, or scrambled, to keep it from being read by unauthorized third parties.

Cloud customers must have faith that the service provider is doing all it can protect their prized data.

Not all cloud providers operate the same way, with the same security, but there are minimum standards, which they must meet. It’s important to know about the different levels of security, so you can make the right choices about your service providers.

A few cloud service providers:

  • Windows Live
  • iCloud
  • Google
  • Amazon Cloud Drive
  • Dropbox

Lots of storage can be obtained for free. Rates vary and getting cheaper by the day.

Cloud providers have everything to lose and nothing to gain be being insecure. It is well known that poor security can damage a brand. However, cloud security generally begins with the user and not the cloud itself. If your devices are old, outdated, poorly utilized, or don’t have the proper security, you could be the weak link.

So, make sure that your devices and security software are up-to-date and look for cloud providers that offer advanced security options such as encryption and two-factor authentication. And, if you really want your sensitive information to stay secure (such as tax returns and other financial and personal information), you might consider saving those files on a backup hard drive rather than putting it in the cloud.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

The most horrible Craigslist Killing ever

Beware. This is tough to read. An expectant woman had spotted an ad on Craigslist asking for baby clothes, so she contacted the ad placer—a woman—then went to her Longmont, Colorado house alone.

2HThe woman stabbed the would-be seller and removed the seven-month-old fetus. The baby died but the victim survived.

When police arrived, the 26-year-old victim was there but the fetus was gone. The 34-year-old psycho supposedly did not know the victim. She had her husband drive her to the same hospital that the victim went to, claiming that the fetus, which she had with her, was a miscarriage.

Oddly, the stabber has two kids already, and her husband is not a suspect.

Six weeks prior, Craigslist got negative attention when an elderly couple was murdered after responding to an ad for a car.

It’s a novelty to point out that these ads were placed on Craigslist, but there is nothing inherent about this medium for advertising that makes it dangerous.

The root of the problem is that of meeting strangers alone in secluded or barren locations. Making this worse is when the ad responder is physically compromised, such as from elderly age or pregnancy. What on earth are they thinking?

One solution is the so-called safe zone, a designated trading spot where Craigslist sellers and buyers meet, out in the open, around other people, such as at a police station parking lot.

Currently there are safe zones in 22 states; they are listed on the Safe Trade Stations website.

If your state doesn’t have one, or if the one in your state is far away, then the next best thing is to arrange to meet the seller or buyer in a public spot full of people such as at a busy café, if the item they’re selling is small enough. And bring someone with you.

If it’s a car or other very large item for sale, this makes things more challenging as far as location of the meeting. Bring two people with you, and try to arrange the meeting in a public spot, if at all possible. If you can’t find anyone to accompany you, and the item for sale can’t be transported to a public spot, then pass up the deal.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Protect Yourself from Online Fraud

Yes, it’s possible: preventing fraudsters from getting you via online trickery and other stealthy actions. Yes, it’s possible to be thinking one step ahead of cyber criminals. Let’s begin with e-mails—the conduit through which so many cyber crimes like ID theft occur. 9D

  • Imagine snail-mailing vital information like your SSN, bank account number, a duplicate of your driver’s license and your credit card number. At some point in the delivery process, someone opens the letter and see the contents. Electronic messages are not entirely private. Recognize this risk before sending knowing that in transmission there is a chance your information can be seen. Sometimes the telephone is a better option.
  • Ignore sensationalistic offers in your in-box like some ridiculously low price on the same kind of prescription drug you pay out of pocket for; it’s likely a scam.
  • Ever get an e-mail from a familiar sender, and all that’s in it is a link? Don’t click on it; it may trigger a viral attack. As for the sender, it’s a crook compromised your friends email and who figured out a way to make it look like the e-mail is from someone you know.
  • In line with the above, never open an attachment from an unfamiliar sender; otherwise you may let in a virus.
  • If someone you know sends you an unexpected attachment, e-mail or call that person for verification before opening it.
  • Enable your e-mail’s filtering software to help weed out malicious e-mails.
  • Ignore e-mails asking for “verification” of account information. Duh.

Passwords

  • Don’t put your passwords on stickies and then tape them to your computer.
  • Do a password inventory and make sure all of them contain a mix of letters, numbers and characters, even if this means you must replace all of them. They also should not include actual words or names. Bad password: 789Jeff; good password: 0$8huQP#. Resist the temptation to use a pet’s name or hobby in your password.
  • Every one of your accounts gets a different password and change them often.

General

  • Make sure your computer and smartphone are protected with antivirus/anti-malware and a firewall. And keep these updated!
  • Your Wi-Fi router has a default password; change it because cyber thieves know what they are.
  • When purchasing online, patronize only well-established merchants.
  • Try to limit online transactions to only sites that have an “https” rather than “http.” A secure site also has a padlock icon before the https.
  • Make sure you never make a typo when typing into the URL; some con artists have created phony sites that reflect typos, and once you’re on and begin entering your account information, a crook will have it in his hands.
  • Access your financial or medical accounts only on your computer, never a public one.
  • Ignore e-mails or pop-ups that ask for account or personal information.
  • When you’re done using a financial site, log out.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Trolls get Dose of Reality

Well, you know that old saying: The viciousness of an online bully’s attack is inversely proportional to the size of his (you fill in the blank), I was thinking ego.

12DMany online bullies are female, but in the case of former Red Sox pitcher Curt Schilling’s daughter, the trolls are collectively male.

Recently Schilling tweeted how proud he was that his daughter, Gabby, will be playing softball as a pitcher for Salve Regina University. Schilling got a lot of responses. And some were disgusting, including one that mentioned assault (yeah, I’d like to see the dude who posted that try to mess with a collegiate pitcher—these young women aren’t to be messed with).

Other repulsive acts and terminology came up in the comments. Sometimes, as Schilling set out to prove, it’s not best to just ignore the bullies, thinking they’ll go away.

In the case with 17-year-old Gabby, the “bullies” are more like pond scum idiots who, in real life, would probably scurry like a mouse if a woman got in their face.

Schilling quickly tracked down the names and schools, plus some other details, of the bullys. As a result, says the athlete, nine of these maggots have been either fired from their jobs or kicked off their sports teams. The Twitter accounts of two of the trolls have been deactivated.

Schilling received apologies from them, but only after the fact. Too late. And why did these young men make the posts in the first place? They don’t even know Gabby. Do they have a teen or young adult sister? How would they feel if their teen sister were the subject of such vile posts? Some of the trolls told Schilling to chill. Would they themselves chill if their sister, girlfriend or mother were the object of vulgar comments?

Hopefully, Gabby is internally stable enough not to take extreme measures as a result of the online bullying, like the many kids who have taken their own lives. But still…internal stability or not…nobody, especially a proud dad, should have to receive vulgar posts about themselves when they’ve done nothing wrong.

If you still think this is no big deal, remember: Once you post something, it’ll probably be out there for all time—waiting to smear your reputation, or hurt someone, real real bad.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

5 Online Security Tips You need to know

It’s up to the potential victim—the user—YOU—to make your computer or smartphone very difficult for Joe Hackster to infiltrate.

7WPasswords

  • Being that cyber crime has been a fixture of modern living for over a decade, you’d think that everyone and his brother would know to use strong, long passwords, and a different password for each account. But people—including those who’ve been around for a long time—continue using the same password and ridiculously weak passwords, like password1 and princess.
  • A very strong password will go a long way in preventing hacking incidents. It should be at least 12 characters and a mixed salad at that: different cases, numbers and symbols, and no words.
  • Every single account should have a different password.
  • Learn which accounts offer two-factor authentication, then activate it. This way, if someone gets your password they still can’t get into your account unless they have your smartphone.

The cloud is cool but not 100 percent secure

  • Sounds funky: “cloud storage.” But the vulnerabilities aren’t necessarily in the cloud service, but in your device security. If your device is vulnerable, if you don’t have security software or update your operating system, you become the criminals path to the cloud service.
  • Because the cloud is such a huge vault for holding all kinds of data, more things just simply can go wrong. The user must decide who’s better at protecting his data: a system with more resources (the cloud), or the user himself?

New doesn’t mean safe.

  • A brand-new computer or mobile device may come with preinstalled “back doors” for hackers. This is legal so that law enforcement can more easily track the bad guys in life. These back doors are vulnerabilities that can let in hackers. Do your research when making an investment in technology and install antivirus immediately.

No software is perfect.

  • Think of antivirus and antimalware as the “exterminator” who comes to your house to get rid of bugs. There’s a reason that pest control companies no longer refer to themselves as exterminators. This term implies they can kill every last bug and its eggs. They can’t. There will always be a bug somewhere, but the pest control technician can at least prevent infestations and swarms. Likewise, protective software is not 100 percent infallible, but it goes a long way in preventing computer infections.
  • So even though it’s not perfect, you absolutely must use protective software.

Mind the software update messages.

  • Don’t get annoyed by these; allow them to take place. Don’t hit “remind me later,” because chances are this will become a habit. You don’t want to delay the updates. They mean a security hole was detected, and now it can be patched. Don’t wait till later! Better yet, set all security software to automatically update.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

6 Ways to halt Online Tracking

“On the Internet, you can be ANYBODY!”

1PNot quite. Remaining anonymous in cyber space isn’t as easy as it used to be. Your browsing habits can be tracked, leading to your true identity. But there are things you can do to remain as anonymous as possible.

  • Don’t feel you must use your full, real name when filling out forms or whatever, just because it’s asked or even a “required field.” Of course, you’ll want to use your real name when registering online with a bank, for instance, or making a purchase. But sometimes, the real name just isn’t necessary, such as when registering with a site so that you can post comments on its news articles, or registering with an online community so that you can participate in forums.
  • Stop “liking” things. Does your vote really matter in a sea of thousands anyways? But you can still be tracked even if you don’t hit “like” buttons, so always log off of social media sites when done. This means hit the “log out” button, not just close out the page.
  • Twitter has options to control how much it tracks you, so check those out.
  • Clear your browser cookies automatically every day.
  • Use a disposable e-mail address; these expire after a set time.
  • Firefox users get a browser add-on called NoScript to block JavaScript. JavaScript gets information on you, especially when you fill out a form. However, JavaScript has many other functions, so if you block it, this may impair ease of use of the websites you like to navigate.

Virtual Private Network

You may not think it’s a big deal that your browsing habits get tracked, but this can be used against you in a way that you cannot possibly imagine.

For example, you suffer whiplash injury in a car accident and want to sue the erroneous driver who caused it. However, your nephew asks your advice on weight lifting equipment, so you decide to visit some websites on weight lifting equipment since you know a lot about this.

The defendant’s attorney gets wind of this online search and can use it against you, claiming you don’t really have any whiplash injuries. How can you prove you were searching this information for your nephew?

A VPN will scramble your browsing activities so that you can freely roam the virtual world wherever you are without worrying you’re being tracked. Your IP address will be hidden. One such VPN service is Hotspot Shield, which can be used on iOS, Android, Mac and PC.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How to recognize Online Risks

Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294One of the most common ways this is done is through phishing.

  • The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
  • The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
  • These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
  • Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
  • These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
  • Sometime the e-mail will contain an attachment. Opening it can download a virus.
  • What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
  • You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
  • Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?

Passwords

  • Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
  • Never use keyboard sequences; again, a hacker’s tool can find these.
  • Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
  • Use a different password for every account.

Anti-malware Software

  • You should have a complete system that’s regularly updated.
  • Have a firewall too.

Virtual Private Network

  • Download Hotspot Shield to encrypt your data on public WiFi hotspots.
  • Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.

Secure Sites

  • Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.

A padlock icon before the https means the site is secure.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is a Remote Administration Tool (RAT)?

Ever felt like your computer was possessed? Or that you aren’t the only one using your tablet? I think I smell a rat. Literally, a RAT.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813A RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.

RATs can be used legitimately. For example, when you have a technical problem on your work computer, sometimes your corporate IT guys will use a RAT to access your computer and fix the issue.

Unfortunately, usually the people who use RATs  are hackers (or rats) trying to do harm to your device or gain access to your information for malicious purposes. These type of RATs are also called remote access   as they are often downloaded invisibly without your knowledge, with a legitimate  program you requested—such as a game.

Once the RAT is installed on your device, the hacker  can wreak havoc. They could steal your sensitive information, block your keyboard so you can’t type, install other malware, and even render your devices useless. They  could also

A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid  a RAT.

  • Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
  • Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
  • Use comprehensive security software on all your devices. Make sure you install a security suite like McAfee LiveSafe™ service, which protects your data and identity on all your PCs, Macs, tablets and smartphones.

Keep your devices RAT free!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

How to Spot a Splog

I really enjoy reading blogs. And since you are here, reading my blog post, I’m guessing you do too. Blogs are a great way of gaining information and learning about different perspectives on a wide variety of topics. Unfortunately, spammers have tainted this medium with splogs.

7WThe word splog is a combination of the words spam and blog (from my perspective, it could easily be called  blam as well). And that’s exactly what it is, a blog full of spam.  Splogs are blogs that usually have plagiarized content and have a ton of banner ads and hyperlinks. Splogs also can have repetitive content—basically the same article but using different targeted keywords each time since the main goal of a splog is to direct to you sites the scammer wants you to visit

Spammers use search engine optimization (SEO), also known as manipulating a website’s page ranking on a search engine, to attract innocent visitors to the splog. To increase page ranking, splogs will use content filled with phrases or key words that get ranked high in search results.  That way, when you are searching for a particular search term, the splog will appear on the first few pages of search results.

Spammers primarily use splogs for two reasons. First and foremost, they use splogs to make money. The splogs have ads that link to partner websites and when you click on one of those ads, the spammer gets paid by the partner for directing you to the site. The second reason is more malicious. Scammers will use a splog to direct you to their fake site that is used to capture your personal information such as your credit card, email, or phone number or download  Once they have your personal information, they can use sell your information or generate phishing attacks to get money from you. Or if they automatically download malware to your device, they could be using the malware to find out more information or hold your device hostage.

Because blogs are relatively easy to create, it doesn’t take that much time to create hundreds and thousands of splogs, especially since the scammers aren’t creating original content and are often duplicating the same content. These splogs are then crawled by the search engines, thus appearing in search results for you to click on and making it harder for you to find the actual information you are searching for online.

Splogs are annoying and can get in the way of your web experience. Here is how you can spot a splog:

  • Splog posts are usually 50 to 100 words long and riddled with hyperlinks. Also, there might be hundreds of posts a month; you can check this by looking at the blog archive.
  • The URLs are unusually long and include keywords for SEO purposes.
  • They often use the domain (URL suffix) of .info rather than the widely used .com because those domains are cheaper. So if you see a blog.sample.info you should proceed with caution.

Don’t let a splog fool you. Share these tips with your friends and family. As  less people visit these sites and click on advertisements, spammers will be less likely to use this growing spam technique.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.