The FBI's Latest Warning on Connected Routers

The FBI announced on May 25th that a new, dangerous threat to cyber security could be residing on thousands of home an business based wireless routers.

"Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide," the FBI said in a warning released on Friday. The malware, called 'VPNFilter' can do things like scoop up users' personal data and cripple website service.

Western security authorities are warning that Russian hackers may have infected routers in an attempt to gain unauthorized access to personal and corporate information, and that consumer need to be proactive in their efforts to protect themselves. Specifically, the FBI wants all owners of routers to reboot them, which will disrupt the malware's ability to  communicate with other machines under its control. Details on how to properly reboot your router can be found here.

Research released last week from Talos Security Group, a CISCO company, suggests that potentially 500,000 routes may be infected. Cisco Talos listed the definitively affected routers as the Linksys E1200, E2500 and WRVS4400N; the Netgear DGN2200, R6400, R7000, R8000, WNR1000 and WNR2000; and the TP-Link TL-R600VPN SafeStream VPN router. MicroTik Cloud Core routers, mainly used by enterprises, may be affected if they run versions 1016, 1036 or 1072 of the MicroTik RouterOS. The research firm also found that two QNAP networked-attached-storage (NAS) drives, the TS-251 and TS-439 Pro, were also affected by VPNFilter.

The FBI wants everyone with a small business or home office (SOHO) router to reboot so they can track the communications. By seizing control of the domain the mothership, the FBI says it can track the different layers of the malware. But the folks from Talos are warning that is could just be the beginning, and even if you don't see your router make and model on their list, you should reboot anyway. "Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected," Cisco Talos researchers wrote in a blog posting.

Due to the severity of the event, Talo decided to publish its finding early, even thought their research and investigation is ongoing. "Publishing early means that we don't yet have all the answers - we may not even have all the questions. We will update our findings as we continue our investigation" the blog goes on to say.




Home Computer Maintenance 101

Computers are at their best -- and their most secure -- when well-maintained. Without regular cleaning and organization, your hard drive gets cluttered with data, your file system becomes messy, and overall performance slips. Without frequent backups and weeding, your data is less secure. And, unless you occasionally update your software and renew your subscriptions, your programs will not perform optimally.

Even the physical cleanliness of your hardware affects the quality of your computing experience. Monitors get smudged, dust gets into your keyboard and grime builds up under your mouse.

Home computers have become so reliable and convenient that it's easy to take their efficient operation for granted. But, just like your home or your car, your computer requires attention from time to time. The following regular maintenance will keep your computer running safely and smoothly:

Step No. 1: Give your system a checkup  Your computer works harder than you think. It's constantly prioritizing tasks, storing files, executing commands and allocating memory. Over time, however, errors occur on your hard drive, data gets disorganized and references become obsolete. These little problems add up, and as they do, your operating system slows down, system and software crashes occur more frequently, and start-up and shut down operations take longer and longer. In order to get your system back on track, or even better, to keep it from slowing down in the first place, set up a monthly maintenance schedule. Be sure to include these items in your routine:

  • Scan your hard drive for errors and fix any corrupt sectors
  • Defragment your hard drive
  • Remove invalid Registry entries and broken shortcuts

Step No. 2: Do some housekeeping  Removing old programs and drivers frees up memory and reduces the potential for system conflicts. Deleting obsolete and temporary files opens up space for today's important work. And, the fewer unnecessary files you have on your computer, the safer you are from threats like online identity theft. Beyond digital cleanup, it's also important to give the physical parts of your computer some TLC. Left too long, dirt and grime can build up and cause damage to your hardware. So, set aside some time each month to complete the following tasks:

  • Remove old programs and temporary files
  • Delete obsolete data
  • Make sure private and financial data is stored securely
  • Clean your keyboard, mouse, monitor and computer case using manufacturer-recommended cleansers and tools

Step No. 3: Back up often  System crashes happen. So do power outages. And sometimes, no matter how careful you are, you inadvertently delete files. Back up your system regularly to make certain you never lose data. We recommend backing up at least once a month. When you do, always make at least two copies: one for home, and one to be stored in a separate location. For example, you might want to back up to two CDs and keep one disk at home and the other at work.

Or, if you work at home, use an online service to store your data remotely. That way, should you experience fire, flood or theft, your data will be safely stored on a remote server. If you haven't already, you should also create a bootable system disk. With a system disk, you can start your computer from another drive should you be unable to boot from the hard disk. Don't ignore these other basic backup tasks:

  • Back up data at least every month
  • Store your backups in two separate places
  • Create an emergency system disk and store it in a safe place

Step No. 4: Upgrade regularly  From a performance and security standpoint, keeping your software and operating system current is as important as keeping them clean. The new reality is an ever-evolving world where staying on the cutting edge is a clear advantage. To remain current, check for software updates or upgrades each time you perform system maintenance. You should also check your subscriptions and licenses to make certain they haven't expired. This is especially important for security subscriptions. Security threats are in constant flux. New viruses and methods of intrusion appear daily, and you need to keep your security tools up to date in order to stay protected. The next time you do ordinary system maintenance, be sure to add these items to your checklist:

  • Update your software and operating system, paying special attention to security patches
  • Renew any lapsed software subscriptions services
  • Consider upgrading to the latest version of your favorite software

Step No. 5: Stay secure  Now more than ever, you should include a thorough security check in your maintenance routine. At a minimum, your security check should include a virus detection scan and a virus definition update. You should also review your security software settings to make sure they're turned on and functioning to provide the best protection. Beyond these basic tasks, you may want use a tool to perform a full security checkup.

In addition to regular security checkups, you should also review your security setup whenever you make a major change to your system. For example, if you've recently upgraded to DSL or cable Internet service, you should step back and re-evaluate your security situation. You may find you need to take some new precautions, like adding a personal firewall to your configuration. If you take the time to perform periodic security assessments, as well as the following routine tasks, your computer will remain well-protected and secure:

  • Run a weekly virus detection scan using a trusted virus protection program
  • Make sure all your security tools, including your virus definitions, are up-to-date
  • If you have a firewall or a comprehensive security program, review your preferences and settings to make certain they're in-line with your security situation
  • Run a security diagnostic tool on your system to make sure you have the kind of protection you need

Most every part of your computer requires occasional attention, from defragging the hard drive to reviewing security to cleaning the monitor and mouse. If you don't set up a regular schedule, it's likely you'll never get around to many of these tasks. Use this article to build a comprehensive maintenance routine, and run through that routine at least once a month. The payoff will be a healthy, reliable and safe computer.

How to Protect Against Spam

If you have an email account, chances are your inbox has been clogged with spam. Spam is the electronic version of junk mail -- and just like in the offline world, most people don't want unsolicited advertisements.

But when it comes to spam, it can actually harm you or your computer. So-called phishers use spam to rope computer users in to scams that lead to identity theft. Spam can carry viruses that will infect your computer. Some spammers send ads for content that is inappropriate for your children to view, such as pornography. Or spam can hog bandwidth, making it hard for you to receive the legitimate emails you actually want to read.

Even though there are some laws against spam, unsolicited emails continue to pile up for most online users. To better safeguard your family and computer, take these steps to can spam:

1. Install spam filtering/blocking software 
Anti-spam software examines incoming email to try and separate spam from legitimate messages. Filtering software can automatically identify and detect spam, or offensive emails, and prevents those messages from reaching your inbox.

2. Do not respond to suspicious emails 
If you suspect an email is spam, do not respond, just delete it. Do not click on or open any attachments. And do not click on any email links asking to be taken off the sender's list -- sometimes unsubscribe links are phony, and your response only confirms the accuracy of your email address and could result in even more unwanted messages.

3. Set up a disposable email address 
Have a secondary -- or disposable -- email address for public use, such as a free web email account. Use that email when you're registering for web services or signing up for online newsletters. If you like, you can forward these emails to your primary account but spam could get forwarded too. So make sure to activate your secondary email account's spam filter to catch spam before it's redirected to your main inbox.

4. Create an email name that's tough to crack 
Some spammers use computer programs to guess email addresses. Research shows that email addresses containing numbers, letters and underscores are more difficult to guess and tend to receive less spam.

5. View emails in plain text 
Spam written in HTML (the code used to create web pages) can contain programs that re-direct your web browser to an advertising page. Images in emails can be adapted to send messages back to the spammer. Spammers use these images to locate active email addresses for future spamming. To play it safe, from your email program's main menu, select Preferences and choose to read emails in plain text.

6. Create a spam filter for your email 
Most email programs already have a strong defense against spam. If your email program does not have a junk email filter, create one. Go to your programs main menu, select Preferences and create a filter or Rule. Create a filter that checks for messages that do not include your email address in the "To:" or "CC:" fields, which is a common tip-off for spam. Have the filter transfer possible spam messages to a junk or spam folder. Email filters are not 100% effective, however, so from time to time review the junk or spam folder before deleting messages.

7. Do not post links to email addresses on web sites 
Spammers use spambots or web spiders to locate email addresses on web pages, so consider not displaying your complete email address on any web site. Other options include displaying email addresses as images instead of text or using contact forms. Contact forms allow web site visitors to send emails to you by filling out a form that never reveals your email address.

8. Watch out for those checked boxes 
Before signing up for services or newsletters on the web, be meticulous about reading through every option on the registration form. Watch out for text at the end of the registration forms that reads, "YES, I want to be contacted by select third parties concerning products I might be interested in." Sometimes the checkbox next to the text is already checked, so you'll need to unselect those boxes.

9. Report spam 
Most Internet Service Providers (ISP) forbid users from spamming. If you're getting frequent spam from a sender, try to track down the spammer's ISP and report the offense. The spammers email address might include the ISP's name. Or you can forward it to your ISP. If the user is found to have spammed you, the ISP will likely terminate the account. Another option is to file a complaint with the Federal Trade Commission. Visit the FTC spam page to file a complaint or forward a suspicious email to the agency for investigation.

How to Shop and Bank (Safely) Online

Rather than hopping in the car and heading to the mall or bank, most families find it's much easier these days to hop on to the computer to run errands. Yet for all the conveniences that come with shopping, planning vacations or completing financial transactions online, doing business over the Internet also brings security risks.

Among the dangers are threats such as spyware, a program that gets into your computer and collects your passwords as you type them in web sites you visit. Or you might get emails from scam artists known as phishers who pretend to be someone from your bank, favorite online auction site, or brokerage firm. These phishers convincingly direct you to a web site that looks very real, and then instruct you to enter your most private data. Phishers then use this information to steal your identity or money.

But don't let concerns over fraud keep you from shopping or banking online. Instead, use these virtual street smarts to play it safe:

Ramp up your web security

All major web browsers and trustworthy e-commerce or financial sites have security features built into them that aim to make online transactions more secure. For example, sites with encryption will scramble the data you submit over the Internet so your personal information can't be accessed by an unauthorized third party. Additionally, authentication helps verify that a site you're visiting is legitimate.

Before you make an online payment, make sure the web site you are using is encrypted. You'll know by looking at the web address which should begin with https (not http). Additionally, most web browsers display a tiny icon of a lock in the web address bar when encryption is engaged.

Meanwhile, an authentication is basically a unique digital certificate, or electronic signature, that proves the site is who it says it is.  Most browsers have the ability to check for the presence of a valid certificate. In fact, whenever you log into an account or use your credit card over the web, you should make sure the site is authentic and that it's using the strongest encryption available. 

It's also a good habit to update your web browser on a regular basis. Do this by visiting the browser maker's web site and look for free upgrades. Authentication and encryption technologies are always evolving, and you need to make certain your browser can accommodate the latest security features.

Know how your data is used

When you shop or bank online, you end up disclosing a lot of personal information, from your home address to your credit card number. Before handing over your data, read the web site's privacy policy. Will your information be sold? Will it be shared with third parties? What will happen if your data is stolen or compromised? If you're not comfortable with the kind of information the site is requesting -- or don't feel its privacy practices are strong enough -- consider shopping or banking elsewhere. And if a site asks for your social security number, call the company to find out why it needs that sensitive information before divulging it online.

Scrutinize e-mail requests for data
Most legitimate companies you have a relationship with will not solicit your account information or other personal information through email. So if you get an email that seems like it's from your bank asking you to update your account information by clicking on a link, beware -- the email could be from a phisher. If you're not sure about the legitimacy of the email, call the company to confirm whether new account information truly is required, and let the representative know about any fraudulent emails you've received.

Use security software

A lot of Internet fraud is perpetrated through spyware or adware on your computer. Spyware and adware are essentially information gathering programs, and often find their way onto your computer without your knowledge or permission (such as through a virus-laden email). These programs secretly monitor your online activity -- including your shopping and banking habits -- and pass your activity or data on to advertisers or scam artists. Make sure to install an anti-spyware program on your computer to thwart identity theft.

Use credit cards for online purchases

In the United States, if your credit card number is stolen and used for an online shopping spree, your liability is limited by law. Unfortunately, the law doesn't afford as much protection for debit cards. So even though your bank-issued debit card may appear to function like a credit card over the Internet, always use an actual credit card instead. Of course, your credit card company, bank or even the online merchant may provide protection for your debit card. Make sure to read the site's privacy policy for more details.

Bid at auction sites safely

Before bidding at an online auction site, take the time to learn their rules, user validation procedures and payment methods. Watch out for sellers offering too-good-to-be-true items, and be especially careful if you want to buy a unique or rare commodity in an online auction. Do everything you can to assure the items authenticity and to confirm the legitimacy of the seller before bidding on the item. Also, read the online auction site's term of service to understand your options if you're duped by a seller. If you are not comfortable with the rules, don't participate.

Keep track of your online accounts

Take time each month to review statements for your credit card, bank and investment. If you discover unusual activity or unauthorized transactions -- online or offline -- immediately contact your credit card company or bank to investigate.

Use strong passwords

It can seem convenient to use the same, easy-to-remember password for all your online accounts. But in exchange for expediency you're giving up security. Instead, use strong passwords for your online accounts and change them often. Don't use your name, phone number or birth date in your usernames and passwords for web sites. And make sure your passwords use a combination of letters, numbers and other characters (if allowable). You may even want to purchase a password management program to help you build strong passwords and store them in a safe place on your computer.

If you take these steps, you'll be better protected when making financial transactions online -- just like you do when shopping or banking on Main Street.

Understanding Common Identity Theft Threats

We've all heard a lot about the dangers of identity theft. These days it's not uncommon for home computer users to be hit by clever online scams that steal personal information -- from social security numbers to financial account passwords -- and exploit it for financial gain. In the wake of identity theft, most victims are left holding the bag with a bad credit report.

Before you can protect your family from online identity theft, you've got to be aware of the threats. Knowing how these thieves strike can help you stay alert so you can protect your private data and avoid being defrauded. Here are the top ways identity theft transpires via the Internet.

Spam  Unsolicited mass email -- spam -- has long been an annoyance, clogging in-boxes with hundreds of junk emails per week. But spam has recently become a security threat as well.

With the world's recent wave of natural disasters, many home users have also been hit by spam asking for contributions to what turns out to be phony charities. These emails ask for personal information like an address, birth date, and credit card numbers -- information which is then used to defraud you.

Phishing  Thieves try to contact you in a number of ways -- using email, instant messaging or even pop-up ads. They try to get you to visit a web site that may look like a well-known company's homepage, but in fact is a fake. You might be asked to correct an urgent problem with your account, or update your contact information. You might even be given a special offer to redeem. If you click on the link a phisher provides, you'll end up at a spoof site that looks legitimate. Once you type in your information, the phisher uses the data to steal your information or money.

Pharming When you click a link in an unsolicited email, an Internet pop-up ad, or downloaded content from the Internet, (such as audio or video files, screensavers, or games), you may get an unwanted computer programming code (known as malicious code) placed on your computer. The next time you go to an online banking or similar site, you are invisibly redirected to a legitimate-looking spoof site and asked for your account information. Pharmers use this stolen private data the same way phishers do.

Spoof sites Identity thieves create web sites that closely -- or exactly -- mimic legitimate sites of trusted companies. If you respond to a phishing email or if you are caught in a pharming scam, then you will be tricked into going to a spoof site. Spoof sites are often created for banks and credit unions, e-commerce sites, and popular services such as the web auction site eBay or the online payment service PayPal. Many spoof sites will even have a legitimate-appearing web address that begins with the address of the legitimate site it is spoofing. In this case, the address will also include a long string of characters after it, such as:

Viruses  A computer virus is a program that alters software on your computer without your permission or knowledge. A virus runs without prompting and infects programs such as word processing software and, as a result, can destroy your data. Like their namesake suggests, viruses are designed to spread. Often a virus will access your email address book and mail itself to everyone you know or will plant itself in attachments you email. Identity thieves use computer viruses, for example, to spread malicious code that can record your keystrokes -- a practice known as keylogging -- to steal your private information.

Worms  A computer worm is a program that enters the computer and spreads in the same way a virus does. But unlike a virus, which attaches itself to another program, a worm is self-contained and can spread on its own. Worms may infest your computer to steal identity information through keylogging or other means.

Spyware and adware  Via viruses or worms, spyware is a program that can be secretly installed on your computer to capture your personal information such as passwords, account names and numbers, or other personal identifiers. This data, along with other content stored on your computer and Internet usage habits, is then relayed to a third party for malicious purposes. Spyware can also help criminals hijack your computer to, for example, send spam from your machine without your knowledge. Adware, on the other hand, may capture and invisibly report user preferences for statistical marketing purposes.

Trojan horse Unlike viruses, Trojan horses do not replicate themselves. A Trojan horse can come to your attention through an email or web site and will disguise itself as a useful program that you have to download or open. Once it's in, a Trojan horse can destroy your hard drive, steal identity information, cause your web browser to redirect to spoof sites, or even hijack the computer's processing power and use it to spread spam or viruses.

Bots  Short for robot, a bot is a program that can access computers connected to the Internet. Even though search engines use legitimate bots to crawl through web sites and index their content, there are also malicious bots that sneak on to computers through phishing or viruses, for example, and use keylogging to gather personal information. Even worse, one bot can be part of a network of bots that are involved in Internet schemes and crimes unbeknownst to you.