Interestingly, Netflix is cool with you sharing your account password with others. Within reason. It probably goes towards building new customers.
MacOS and iOS users: patch as soon as possible
The always excellent naked security blog at Sophos has released a warning against a major security hole in Apple software, including MacOS and iOS. We recommend patching as soon as possible to avoid becoming a victim of this malware.
A note about password sharing and the law
News in the fight against ransomware
Here's some promising news in the fight against the onslaught of ransomware.
Help Your Family and Friends
I think many of my friends will find this very helpful! Sophos has created a new tool for those among us who are the go-to IT person for their own family and friends. Check it out!
Make Encryption Work For You
Device encryption is a hot topic lately. In the past, device encryption technology has been just out of reach of the average consumer, due to local or national laws, efficiency, cost, processing power, or some combination thereof. Now, pretty much all of those factors have been mitigated with modern devices and software capable of full disk encryption on the fly.
I recommend using encryption wherever possible - encryption protects you, your data, and it even protects your employer, your family and friends. Every once in a while I hear a story about someone who has lost a phone with no password and no way to remotely wipe the device. Their data, potentially their employer's data, or personal details of their family are all exposed to any person who happens to pick up their device; this is a huge risk.
I've also heard stories of people's laptops being stolen, this is a common concern in business. If your disk is not encrypted, then anyone can grab data off of it without needing your password. Encryption can help stop this.
All About Passwords
Passwords are a bit of a problem. Everyday I hear new horror stories about massive website breaches, and the theft of millions of username and password pairs. Some of the major sites that have been hit and have been in the news are LinkedIn, MySpace and Twitter.
Passwords are not the best / ultimate solution to security, but they are the best compromise we currently have in the debate of security vs. ease of use. I highly recommend my clients, family and friends use reliable password management software.
Here are the most basic, universal guidelines for password use in today's current climate of data security.
- Use a password manager! It will make the rest of the items on this list easier to accomplish. I need to track thousands of passwords and I also need to follow the very best practices as an IT expert. I have been using LastPass for 4 years and I highly recommend it. I used KeePass before that, it is also highly recommended and I still use it for certain things.
- Do not use the same password at multiple sites - in fact use a different password for each and every website / login you use. This is particularly true for email accounts, social media, and banking, the top targets for hackers. The reason behind this is that if you use the same username and/or password at multiple sites, if one becomes compromised, they are all compromisd.
- Length is more important than complexity! A 16 character password that is all lowercase numbers is several orders of magnitude more secure than a 10 character password that uses lowercase, uppercase, numbers and punctuation. This is due to the way passwords are cracked. The longer the password, the better. I recommend using the max allowable length at each site, where possible.
- Passwords should be hard to remember and impossible to guess. A long string of randomly generated characters is far safer than a short phrase and certainly more safe than your dog's name.
- Changing your password occasionally is a good practice, though not as important as it used to be.
- Use multi-factor authentication wherever possible and feasible, this is especially true for sensitive sites such as your password manager, email, banking and social media.
Another reason to upgrade to Windows 10
I'm a big fan of Windows 10, I've been using it for over a year. Microsoft has built in a handy tool to get your system fresh out of the box, but without all the bloatware that PC manufacturers get paid to deploy to you. This is a great innovation in my opionin. In the past when I've gotten a new PC, the first thing I have done is reinstall the OS fresh from scrath -- this tool will save a lot of time!
Here's the details: http://www.zdnet.com/article/microsoft-pushes-new-test-tool-to-kill-pc-bloatware/
Uninstall Adobe Flash
Adobe Flash is problematic software. It is software that tends to linger on computers unpatched and full of vulnerabilities, and so has become a common vector for malware and ransomware infections. A 4th zero day exploint in 4 months has been announced, which means more ways your computer can become compromised. In addition to the security problems, it is also a resource hog. This is the main reason Flash has never been allowed to run on Apple iOS devices.
Here is a comprehensive explainer, all you need to know.
So seriously, uninstall flash where possible. If you absolutely do need it, make sure it is set to install patches automatically.
First post
Welcome, we are up and running. This is our first blog post. Check back soon for security bulletins, client updates, puppy pictures, etc.