Change Your Passwords!

 

All on line accounts (including email) have passwords. If you have not changed them recently, you are at greater risk of being ‘hacked.’

Most security experts advise changing passwords every 90 days. Until recently this seemed like overkill, but the situation I described in my last column illustrates why changing passwords frequently is important.

I assisted two customers who had their Frontier email accounts hacked. They probably had not changed their passwords in a very long time.

Frontier has used Yahoo as their email provider for several years. If you have a Yahoo email account, you probably recently received notification of a pending class action settlement “relating to data breaches occurring in 2013 through 2016.”

In 2013, malicious actors gained access to all existing Yahoo accounts (approximately three billion worldwide). In 2014, approximately 500 million, and in 2015 and 2016, approximately 32 million. So this illustrates how important it is to change your passwords frequently.

Using a complex password is also important. I see way too many people using simple words or easily guessed combinations of information such as telephone numbers, street addresses, or names of children.

A complex password should be at least 8 characters long and include a mix of uppercase and lower case letters, numbers, and symbols such as @./|$*&-_. It should not should be a just a sequence of numbers or contain any words found in a dictionary.

So something like “password1” is really bad. To create a complex password you can replace letters with symbols or numbers that are similar, for example “p@$$W0rd1.”

Another way is to come up with a sequence of words that makes sense to you, then use the first letter of each word. For example “Excellent advice for you from Peter Newell Affordable Technical Solutions” becomes “EafyfPNATS.” That is a fairly random sequence, but to obfuscate it even further, substitute numbers and symbols: “ea4yfPN@T$.”

Remembering clever complex passwords like this might not be so hard if you didn’t also have to change them often.
The problem is compounded because you absolutely should not use the same or similar password for different accounts, and when you change passwords the new ones should not just be variations of the old ones.

The natural response is to write them down. Experts warn against it but there is just no way most people will remember a large number of passwords that change frequently. If you do write them down on paper, you shouldn’t keep the paper near your computer.

Another way is to keep them in a file on the computer. However, if anyone gets access to your computer, they have all your account information. A simple way to solve this problem is to put the information in to a passworded file. This can be easily done using a spreadsheet program such as Excel or LibreOffice Calc.

Password Managers are another solution. All you need to know is the master password. This is a topic for a future column.

If you have not changed your passwords recently or are not using complex passwords, I advise you to change them as soon as possible. For assistance with all things technical, you can contact me at 315-376-8879, solutions at atspn.com, facebook.com/AffordableTechnicalSolutions.

Original newspaper column published September 2019

A Brief History of the Amateur Radio Emergency Service

In the early 1900s, hams were considered irritations and nuisances to the “real” communicators – the commercial sector and the military. Amateur Radio was almost outlawed, and ultimately relegated what were then considered “useless” frequencies above 1.5 Mhz.

Hams rose to the challenge and figured out how to effectively use the higher frequencies. They also demonstrated that they could actually be of use as a service.

In 1913, college students/hams in Michigan and Ohio passed disaster messages in the aftermath of severe storms and flooding in that part of the country when other means of communications were down.

A Department of Commerce bulletin followed, proposing a dedicated communications network of radio amateurs to serve during disasters. A magazine article noted that amateurs – who were once considered nuisances – were now considered to be essential auxiliary assets of the national public welfare.

The American Radio Relay League was formed in 1914, and disaster response communications provided by radio amateurs became more organized and useful. In 1920, Amateur Radio was used to help recover a stolen car, of all things!

Soon, the use of Amateur Radio for natural disasters emerged, with hams active in deadly flooding in New Mexico and an ice storm in Minnesota.

More organization followed, such as a “MoU” with the American railroad system for Amateur Radio support when the railroad’s wire lines were down.

A major New England flood had amateurs supplying the only efficient means of communications from the devastated areas to the outside world, prompting the chairman of the Federal Radio Commission to say the future of radio depends on the amateurs.

In 1935, the ARRL Emergency Corps was formed with the goal of having an Amateur Radio Emergency Station in every community — a goal that remains just as urgent today as it did then! Just look at today’s emphasis on the neighborhood and community as “first responder” and on self-reliance in the post-disaster survival chain.

In 1936 the ARRL Emergency Corps provided essential communications during major flooding across a 14-state region, solidifying Amateur Radio’s status as a critical disaster response communications asset and public service.

Amateur Radio was shut down during World War II, but communications techniques pioneered by hams were put to use during the war. Many hams joined the War Emergency Radio Service, which provided some disaster communications during the war period. After the war, the ARRL reconstituted its disaster response communications programs and networks, and the first Simulated Emergency Test was run in 1946.

The Radio Amateur Civil Emergency Service (RACES) was formed by the government for civil defense (CD) purposes during the Cold War.

The roles, procedures, protocols, equipment and techniques of Amateur Radio in public service, disaster, and emergency communications continue to evolve, fueled by advances in Amateur Radio technology and its application, and lessons learned from each and every incident that involves amateur communications support.

Commercial and government communications infrastructure has reduced the need for Amateur Radio emergency communications. But these systems still do fail. Many readers of this column experienced just such a failure during the recent torrential rainstorm.

As the ARES Section Emergency Coordinator for Northern New York, I encourage anyone interested in radio communications for emergency preparedness (and just for fun as well) to get involved in ham radio. For more information, contact me at 315-376-8879 or solutions@atspn.com, and visit the Northern New York Amateur Radio Association web site www.nnyara.net.

Original newspaper article published November 2019

Windows 7 Support Ends January 14, 2020

Microsoft will discontinue support for Windows 7 on January 14.

Don’t panic.  Don’t just run out and buy a new computer. You have options. Call me.

“End of support” does not mean Windows 7 will stop working, just that there will be no more security updates from Microsoft.

Over time Windows 7 will  effectively become less secure as additional security flaws are discovered but not patched. Microsoft will issue updates for Windows 8 and 10. Thes updates will be analyzed by hackers to determine what security flaws they fix, and then malware will be written to attack the flaws. Unpatched systems including all Windows 7 computers will be vulnerable because they won’t be updated.

This was a major concern when Microsoft ended support for XP in 2014, although I did not really see this happen with my customers. Many continued to use XP for quite a while without an increase in malware problems. However, it may be worse this time. Windows 7 program code and structure has more similarity to Windows 10 than XP did to Vista and 7.

Most people still using Windows 7 like it and do not want to give it up, especially if they have already tried Windows 10.

If you are a casual home user and your computer has adequate malware protection and you are careful, I think you can get away with continuing to use Windows 7 for a while. But eventually it will become so outdated it just won’t work well on the Internet.

Unfortunately if you are using your computers for business, and particularly if your business or organization is subject to privacy or security regulations, then you probably have little choice but to stop using an ”unsupported” operating system if you want to be in compliance.

Possibly more significant is that within a couple of years support for other software on Windows 7 will be dropped. In particular, out of date Internet-based applications will start to have problems. Anyone who has tried to use an old web browser has already experienced this.

So what can you do?

Many users just go out and buy a new computer with Windows 10, but this is a costly option which may not be necessary. There are alternatives.

You can continue to use Windows 7 for a while as long as you are careful, have all the available updates installed, know your system is clean, and have good antivirus software.

You can update your existing computers from 7 to 10. It is much less expensive than buying a new one. Another advantage is that is you keep your programs, settings, and data.

Most computers in the last 10 years can handle Windows 10. The most likely hardware upgrade required would be an increase in RAM.

But another great option for those who don’t like Windows 10 or Microsoft’s tendency to force you into updates and changes you don’t want, and don’t “need” Windows,  is to dump Microsoft  altogether and switch to Linux.

Web surfing, email, word processing and all the other common things most people do with Windows can be done just as easily with Linux. The graphical user interface of a Linux distribution such as Linux Mint is designed to be very easy for Windows users.

Since Linux is not Windows, it is immune to all Windows malware because programs written specifically for Windows will not install and run.

My favorite Linux distribution is Linux Mint.  The graphical user interface is very similar to Windows and most users have no trouble switching.

So far, I have switched about 30 customers from Windows to Linux. Many of them are still economically and happily using their 10+ year old Windows Vista PCs converted to Linux, but some have just had it with Windows problems on newer computers and dumped Windows 8 or 10 for Linux Mint.

References:
Windows 7 End of Support Information from Microsoft
Switching from Windows to Linux
General Information about Linux on your PC
$79 Risk Free Linux Conversion Offer

Frontier Yahoo Mail Hacked!

In the last few months I have assisted a number of customers in resolving problems with their Frontier Yahoo email. The initial evidence of the hack was that some of their contacts received a bogus email such as the following:

“Subject: Urgent favor

How are you? I need a favor from you. I need to get a Gamestop Gift Card for my Nephew, Its his birthday but i can’t do this now because I’m currently traveling. Can you get it from any store around you? I’ll pay back as soon as i am back. Kindly let me know if you can handle this.”

This email came directly from the hacked Frontier yahoo email account.

In other words, it was not an email from some other account with the sender’s address spoofed. The hacker had direct access to the Frontier Yahoo account. Before sending the scam email, the account settings were changed to add a reply-to address and adding forwarding all incoming email to sophieyyyyyyyy@gmail.com.

Thus any direct reply to the scam message would go to the hacker’s email without the hacked account holder knowing. This would allow him to continue the scam. In addition, while any email sent directly to the hacked account would be received and seen by the account holder, it would also be forwarded to the hacker’s email.

Without checking account settings, the only way the account holder would know is when someone contacted the account holder after spotting the suspicious email, or when they didn’t respond to an email that was sent.

The first two customers contacted Frontier and were advised to change their passwords, which they did. While this most likely prevented further hacking, it did not fully resolve the problem.

Frontier failed to advise them to check other settings. In one case, Frontier actually remoted in to the customer’s computer to assist them. But the “tech” failed to find and remove the bogus reply-to and forwarding.

Consequently, customers called me because they were still having problems receiving emails. Finding and implementing the solution was relatively simple – check account settings and remove the bogus reply-to and forwarding.

Unfortunately, my customers thought that the problem was resolved when Frontier advised them to change the password. This meant that for a week or so they were still using a compromised account. The hacker was receiving copies of all emails sent to the account and replies to all legitimate emails sent by my customers through the account were diverted to the hacker.

When I contacted Frontier about an unrelated matter on a different account, the Frontier support person alluded to the hacking problem without being specific. However, to my knowledge, there was no recent notification from Frontier to their customers of a problem.

Just recently I spotted the problem on another account when I received one of the bogus emails. I was able to call the customer, alert her to the problem, and fix it, but it still required that the customer directly call Frontier in order to change the account password, as well as logging in to the account to eliminate the bogus settings.

It is unclear whether the hacked account problems I just described are due to the massive data breach at Yahoo reported back in 2017 where hackers gained access to credentials for 200 million Yahoo accounts, or if this is some new hack only affecting Frontier Yahoo accounts.

In any case, if you have Frontier Yahoo mail or any Yahoo account, the password should be changed and settings checked immediately. This applies even if you are not actively using the account.

As always, if you need assistance, you can contact me at 315-376-8879, by email, or Facebook.com/AffordableTechnicalSolutions.

Biggest Computer Mistakes

Responding to bogus telephone calls from “Microsoft Support” or “Symantec Norton:”

No one is monitoring your computer for malware or other problems. If you get a phone call from out of the blue, IT IS A SCAM.

Never allow access by anyone who’s identity you can’t verify. Once a scammer has access, you can never be sure what they may have done. It is pretty easy to steal personal data or install monitoring software or a remote access “back door” they can use any time to get in.

Certainly never pay them anything. You are wasting your money and giving away your financial information.

However, allowing remote access from someone you trust is fine. Just make sure you know who you are talking to. Get the phone number from your bill, user manual, or the actual company web site. Do not use search results. They are very misleading.  

Using remote access to get help can be a convenient time-saver. If you call me for support, I will use a remote access tool which is perfectly safe and totally under your control. It only allows access when you run the program and grant access.

Not having a full system backup:

It is very rare these days that you get software installation or “Factory Recovery” disks with a new computer. However, Windows 10 includes the ability to make a recovery drive. Even if your computer is 5 or 10 years old, it’s not too late. Make your recovery media now.

Mobile devices usually have a way to restore to factory defaults.

Not backing up user data on a regular basis:

Reloading the operating system is sometimes the only way to fix problems. However when this is done, all user-installed applications and personal files are deleted.

Files can also be accidentally erased. File systems can get corrupted Ransomware can render data inaccessible. Storage devices can physically fail.

USB flash drives and hard drives are cheap and easy to use. You can get a few gigabytes of free “cloud” storage from DropBox , Microsoft, and many other places. iCloud and Google drive are ideally suited for iOS and Android devices, respectively.

You can simply copy important files to backup storage, or you can automate backup using tools built in to the operating system, or by using a third-party backup program. Backing up to at least 2 other locations is recommended.

Installing junk software:

“Potentially Unwanted Programs” get installed in Windows either by tricking you in to thinking they are actually useful, or as “drive-by downloads” when installing some other program or program update. Be careful what you download and install. Most of the “free” driver updaters, system optimizers, bargain finders, toolbars, and similar programs do more harm than good.

Problems tend to accumulate until the computer becomes slow or actually unusable. An ounce of prevention is worth a pound of cure.

Apps on mobile devices eat up memory. There are many questionable apps that are spyware, just like on the PC. Be careful.

Head off problems with a periodic professional computer checkup and tune up. I can usually do a basic check and tune by remote access. Call me at 315-376-8879. 

Original newspaper column published January 2019

Keep Track of User Accounts and Program Installers

When helping customers, I frequently run in to the problem of unknown account names, passwords, and license keys and unavailable program installation media or files.

If you forgot your password I can usually get you back in to your computer or at least recover data. It is not so easy on mobile devices or on-line accounts.

Mobile device security is generally much tighter on the assumption that a tablet or phone is easily lost or stolen. Be particularly careful about repeatedly trying different passwords, because some devices will permanently lock you out after a number of incorrect entries.

The only way to make the device usable again may to do a full reset. This will erase all apps, settings, and stored data. If you don’t have your pictures and other files backed up somewhere else, they will be permanently lost.

If you have an on-line account associated with the device, and you have used that account to back up everything, and you have access to that account, it may provide a way to recover without permanent data loss. Typically this involves connecting the device to a computer, running a program, logging in, resetting the device, then restoring from the backup you hopefully created.

The key is that you still need to back up and to know the credentials to log in to the on line account.

Most computing device problems are software problems. Some problems are easily found and fixed, but in other cases it’s like looking for needles in a haystack in the dark.

Many times the only practical method is to reload the operating system from scratch. This means all installed application software must also be reinstalled.

If you are using Linux, this is probably not an issue, since it is likely you are using all open source applications. They can be downloaded and installed directly from the program repositories using the built-in software manager or appropriate commands.

The same is not true on Windows or MacOS, or your mobile device. You may have downloaded and installed some free programs, but chances are you have purchased others. They may have been downloaded and installed, or on a computer installed from physical installation media such as a CD. Either way, you need to have the installers and the activation keys.

If you have the install media or file but no key, you are out of luck. If you have the key but no actual installer, you are out of luck. If you have purchase records that are only in email or a digital file you can’t access, you are out of luck.

Key point one is that you must have adequate records of all your user accounts, passwords, purchases, and product keys. This means write the information down and keep more than one copy of it in safe places.

Key point two is that you must save installation media or files. You must also do regular backups of any other important files. This means copying them to at least one other place, whether it is another computer, a flash drive, or on-line storage.

If you need assistance in sorting out your records and creating backups, you can call me at 315-376-8879. 

Original newspaper column published January 2019

User File Cleanup

A customer asks:

Morning Peter – I have a question, do I need this file? [CNET_TechTracker_2_0_1_51_Update] I am committed to cleaning up my file space in 2019. I have just begun. I found the article below on Tech Tracker, which states some say YES keep it others NO.

Answer:

Good for you. File maintenance is a very important task that most people avoid doing and end up with user folders so cluttered and unorganized they can’t find anything.

The screenshot you sent shows Windows indicates this file is an ‘application.’ It appears to be a 2010 update to CNET TechTracker. It is ancient and not needed. Delete it.

CNET Tech Tracker may or may not be installed on your computer. It is a non-essential ‘free’ program that helps keep software on your computer up to date. Other than that I do not know anything about it. CNET is a fairly reputable outfit, but I am skeptical of supposedly free helper programs like this. CNET is making or hopes to make money somehow. Either by delivering advertising, collecting data,  or trying to convince you to pay for a premium version or to download some of the updates.

If you were to set Windows to show file extensions, you would see that full name is CNET_TechTracker_2_0_1_51_Update.exe This indicates it is an executable file, in other words a program.. “Application” or “app” is the in-vogue name for a program.

You should look very closely at any ‘application’ in any of your user data folders because it is not a document, picture, etc. it is a program which will execute when you ‘open’ it. This means it can install itself or do virtually anything else. This is a primary way that computers get infected with malware and other junk programs.

In particular, there should be no ‘applications’ in your Documents folder unless you put them there for a very specific reason such as to save an installer for some program that you purchased.

Another folder you should clean up is your Downloads folder. It is very typical that all kinds of program installers, updates, and a lot of other junk accumulates here. If you have actual ‘documents’ or pictures that you want to save (maybe downloaded as email attachments or from some web page link), move them to the appropriate place. If there are installers for program you purposely downloaded, you should make a special folder for them so you don’t delete them accidentally. Delete all the other accumulated junk.

No legitimate program should be permanently installed or running from Documents or Downloads, so deleting anything there should not screw up the computer.

There are many other hidden folders that should also be checked and cleaned up. Some of the places questionable programs install themselves are the application data folders because it is easier for junk programs and malware to get themselves ‘installed’ in to these folders compared to a proper installation in the Program Files folder. So any time I do a diagnostic and see something is running from an appdata folder I am suspicious of it.

Describing how to do a thorough check and clean up is beyond the scope of this column. If you need help, call me. I can do routine clean up by remote access. 315-376-8879.

Original newspaper column published January 2019

Facebook ‘Legal Notice’ Privacy Hoax

Facebook can be very useful but it is also a source of misinformation.

There is outright fake news promulgated by people and organizations with an agenda. In other cases it is just incorrect information that is picked up and shared, but it can also be something that was purposely started as a hoax.

The latest hoax, appearing conveniently around the end of the year, is a dire warning that “Everything you’ve ever posted [on Facebook] becomes public from tomorrow” because “Facebook is now a public entity.” The post contains some wording that is supposedly a legal notice you should post to prevent this, citing laws “UCC 1-308- 1 1 308-103 and the Rome Statute.”

Another variation of this hoax starts out with the supposed legal notice and then adds a note that “all members must post a note like this.”

It appears very convincing, particularly in light of recent allegations of less than completely trustworthy behavior on the part of Facebook.

Although this is the first time I have seen it, this is in fact an old hoax, apparently first appearing in 2012.

There was a related hoax that tries to convince users they can (or have to) pay Facebook “to keep the subscription of your status to be set to private.” But supposedly “If you paste the [hoax] message on your page, it will be offered free…” 

Facebook explicitly states “Our terms say clearly: You own all of the content and information you post on Facebook, and you can control how it’s shared through your privacy and application settings. That’s how it works, and this hasn’t changed.”

You can read the entire notice and find out more by going to https://www.facebook.com/fbfacts/1573108242983244.

Social media has made spreading hoaxes and misinformation really easy. Before social media, email was also very effective.

The thing is that the Internet has also made it relatively easy to check on the validity of information. Although we know that there are many sources of “fake news” and others that are heavily slanted in one direction or another, there are certainly enough reputable sources that can debunk outright hoaxes like this one.

Just pick some of the key words or phrases and do a search. In this case if you use the search on “Facebook UCC 1-308- 1 1 308-103 and the Rome Statute” you will get a ton of results including articles from major news outlets.

Speaking of search, you should be careful what search engine you use. Google is the undisputed king of search engines but I try to avoid it because Google tracks everything. I use DuckDuckGo.com because it doesn’t track you personally.

You can set your web browser to use any search engine. The problem is that this setting can also be hijacked without your explicit consent. Your start page and default search provider can be changed to some fake search engine that gives only results they want you to see. This could be to only their advertising partners or worse, to infected web pages.

I see this all the time on computers that come in for service. Please make sure you are using a reputable major search engine when you search.

Call me if you need help. 315-376-8879.

Original newspaper column published January 2019