Go(oogle) Phish

We've had a lot of clients hit by this phishing attempt today. Some people at one of our security service vendors were even hit, which just goes to show you no one is immune to these types of attacks. Google services for businesses (G Suite) is such a behemoth and in many cases is the "budget" solution. In our experience, being a behemoth means they are a large target. In our experience, the budget solution means they devote a lot fewer employees and a lot less money in protecting their clients and users, compared to their competition. If you are forced to use G Suite or other business solutions from Google, (or even just Gmail for your personal email) your best protection is enabling 2 factor authentication, followed by using password best practices that we have previously written about.

Wish me luck!

Appearing on Jeopardy! is a high priority bucket list item for me. I've loved the show most of my life, I'm pretty good with trivia and random knowledge and Jeopardy! is definitely the top end of the competitive trivia and random knowledge spectrum.

Tonight I am taking the Jeopardy online test for the 5th time. Wish me luck! I need luck because even in the unlikely event I got all the questions correct on the test there is no guarantee I will be picked. They producers contact only a random subset of people who do well.

Here is a recent article from someone who won a game describing the experience.

Another day, another security hole

This article is slightly older, but still relevant. Approximately 900 million Android devices containg Qualcomm add-on software and chipset, are vulnerable to Quadrooter, an enermous number. The good news is the vulnerability has already been patched, so you should be safe as long as you keep your Android device (and all your devices) up to date, a practice we highly recommend and adapt ourselves.

One Less Straw

I feel like I'm pretty diligent when it comes to recycling, especially with plastic and cardboard. It has never been easier as we now have single stream recycling where I live. I make an effort to recycle everything that I use, even sometimes to the annoyance of my family members; but most weeks we have about twice the amount in the recycling bins as trash (by volume).

However, one area where I could certainly improve is consumption; I love frozen drinks, especially in the summer, but even in the winter. Frozen drinks, including coffee drinks have become my most major food weakness. There's something about the texture and the micro ice I can crunch. Unless I make them at home, which I rarely do, these drinks all come in single use plastic or paper cups and all come with straws. I didn't find out until just recently how hard it is to recycle plastic straws, and how many are used daily in the United States. Because they are hard to recycle, most recycling companies filter them back into landfills, where they contribute to a daily volume that would fill 127 school buses every day.

Today is the start of the One Less Straw pledge campaign. https://onelessstraw.org/ Check it out and consider reducing your impact by using re-useable straws and taking the pledge. I have heard good reviews of metal straws, especially for frozen drinks, so that is where I will be looking, but glass, bamboo and even paper are also friendlier alternatives to plastic.

In a perfect world I would make my frozen drinks at home where I can better control the ingredients and caloric value, but also eliminate the paper and plastic cups and straws I use. I pledge to work hard on this!

,

Yahoo!

,

By now you've probably heard about the Yahoo! breach. This is almost certainly the largest known breach of passwords and user information of all time. What makes it worse is that the breach not only includes passwords and email accounts, but also security questions and answers.

If you've ever been a Yahoo! user, which I suspect is almost everyone reading this, you should first change your Yahoo! password and all your security questions and answers, but secondly, and this is very important, you should enable multi-factor authentication for Yahoo! which provides a second layer of protection. You should actually enable multi-factor authentication for any service that allows you to do so, but especially for email accounts, banking and social media (the most likeley targets of hacking).

The worst part about this is that it is likley Yahoo! has known about this for several months, and it may just be coming out now only the purchase of Yahoo! by Verizon.

Good luck, and please contact us with any questions.

Some advice about security questions

Security questions, typically used to recover a forgotten password, are a frankly unheralded hole in password security. Typical questions include your mother's maiden name, the street you grew up on, or your high school mascot.

It is very easy to see that these questions can be answered by almost everyone you know, and can easily be detected by people you don't really know if they look hard enough.

As a best practice, I recommend never answering these questions with the exact answer, either use a short phrase that you know that someone else would not be able to guess, or use a random string of characters. Either way, you should alreayd be using a password manager, which will then allow you to store the questions and the corresponding answers.

Check out this article from Wired for more background.

Remeber, there is no one solution to the problem of password security, a multi-pronged approach is paramount.

Last Day for Free Upgrade to Windows 10

Today, July 29th, is the last day you can upgrade your Windows 7 or Windows 8.1 PC to Windows 10 for free. After today, Microsoft will presumably sell you the upgrade for a fee.

We recommend upgrading to Windows 10 for all home PCs. We recommend to our clients that new business workstations be bought with Windows 10. However, we do not recommend upgrading existing business workstations to Windows 10.