Archive for the ‘Uncategorized’ Category

Update Adobe Flash

Posted by

flash

How To Upgrade Adobe Flash Player

Click on the following link to go to the adobe site

https://www.adobe.com/software/flash/about/

Click on the Player Download Center link.  The following screen (or something similar) will come up. Make sure to uncheck the boxes in the middle “Optional offers” section and then click Install Now in the lower right hand corner of the screen.

If you are using a Windows machine you must do Internet Explorer Brower

If you use other browser, you must do the same for them.

adobe1

 

Be sure to UNCHECK Optional Offers….

Adobe2

 

It will likely pop up with a query asking if you want to run or save the program as seen below.  Click Run

adobe3

You may get a screen at this point that requires a YES to continue

The program will install.  When it is done click on the FINISH button in the lower right hand corner (as shown below)

adobe4

Simply close the window at this point.

adobe5

Wipe Old Data

Posted by

Old Data

You’ve upgraded your electronic devices, and you’re planning to sell or donate your old equipment.

Just make sure that you clean out all your sensitive data before you do so.

The Naked Security blog recently offered up a cautionary tale of why it’s essential  to take this important step. A Canadian used-computer dealer claims to have a pile of data which he pulled off servers originally belonging to an international professional-services firm. He and that company are now in court battling over the disposition of that data.

Need more convincing? USA Today reported that Robert Siciliano, an identity-theft expert for security firm McAfee, bought 30 used devices off Craiglists. Half the devices were thoroughly wiped clean, while the other half still maintained such data as bank account and Social Security numbers to work documents and bank records.

A recent survey by Internet security company AVG revealed that nearly 60 percent of Americans use three or more Internet-connected devices at home across three different operating systems. Those collect a lot of sensitive data over a short period of time.

So what can the average person or company do when retiring an older machine?:

Personal computers:

You’ve decided to recycle your old laptop or desktop. The simplest and most secure solution is to physically remove the hard drive. It can then be installed in your new computer or put in a USB hard drive enclosure to be used as a backup or portable storage.

If that’s beyond your skill set, commit to a secure wipe. That starts with backing up anything you value from the hard drive on your old machine onto an external hard drive or an online backup service, generically known as “the cloud.”

Next perform a secure wipe. Among the more popular data-destruction programs are DBAN (http://sourceforge.net/projects/dban/), CBL Data Shredder (http://www.cbldatarecovery.com/data-shredder/download) and ErAce (http://sourceforge.net/projects/erace/). These programs not only delete the data, but overwrite it a certain number of times, making the data much more difficult to retrieve.

This process can take hours and even days, depending on the size of the drives, so allow sufficient time for the process.

Also be sure to remove any portable storage, such as DVDs or flash drives.

HCP can take care of all of this for you. Contact us at http://www.hcp4biz.com/support-request/.

Mobile devices:

  • First, transfer whatever information you wish to save to your new device. Then use the factory reset to wipe your old device. For more specialized directions for your particular device, check your owner’s manual or look for such information online from the manufacturer.
  • Second, remove or erase SIM and SD cards.
  • Finally, double check your phone book, call logs, voicemails, emails and text messages, downloads and other folders, search histories and personal photos.

For gaming consoles, start with the standard factory reset, then remove or securely erase any media cards. Check your owner’s manual or go online for specialized directions for your console.

Remember, a little time invested in obliterating your precious information can save you time and money in the long run.

STAY SAFE!

For help with a computer problem, visit http://www.hcp4biz.com/support-request/.

Strong Passwords

Posted by

Strong password2

Passwords are part of the lock which safeguards your computer and online world.

They control access to your personal and financial information and should be made as effective as possible, to keep intruders out.

Weak passwords are those that are easily guessed by hackers (such as “password123”). A password shouldn’t include your name, common names of people or places, technical jargon, repeating sequences or keyboard sequences.

But passwords need to be easily remembered by its creator. So the dilemma is coming up with a strong password that also can be simply recalled.

A strong password must be at least eight characters long. It must include a character from the following four character sets: lower-case letters, upper-case letters, numbers, and character symbols (+, =, (, ), &, %, !, ?, <, >). It shouldn’t include three or more consecutive characters from your login or full name.

Some other password no-no’s:

bad passwords

  • If you must write down your passwords, keep them in a secure place, away from your computer;
  • Don’t use the same password on multiple accounts, because if one account gets breached, they would all be at risk;
  • Don’t enter passwords when others can see what you’re typing;
  • Don’t share your password with anyone;
  • Don’t walk away from a shared computer without logging off;
  • Don’t leave an application unattended if it is logged in or unless a password-protected screen saver is in place.
  • Do not store your passwords on your computer in an unencrypted format.  Saved password options in many browsers are not encrypted.
  • Do not store your passwords online in an unencrypted form

There are several programs that can be used to store your passwords in an encrypted form.  Two that are highly recommended are LastPass, and Dashlane.   The biggest advantage/disadvantage is that you only have to use one password to access all your passwords.  These programs rate the passwords you enter, so make sure to make them complex enough not to guess, but easy enough to remember using the guidelines listed above.

Developing multiple strong passwords may take some time and effort, but it beats the alternative of trying to restore your ruined financial record.

Stay safe!

SPAM – Some tips to help avoid it.

Posted by

SPAM 1

 Everyone with an email account is unfortunately familiar with “spam,” that electronic cousin of junk mail.

But with a little prevention, you can limit the amount of this unwanted commercial email in your in-box.

Cutting your spam

Here’s some easy ways to limit the spam you receive:

  • Email filter – See if your email account provides a tool to filter out potential spam or to channel spam in a bulk email folder. Keep such a tool in mind when choosing an ISP or email service.
  • Limit exposure – Use two addresses, one for personal messages and one for shopping, newsletters, chat-rooms and coupons, or set up a disposable email address that forwards messages to your permanent address. Also don’t display your email address in public, as spammers harvest the web for email addresses.
  • Utilize privacy policies – Read privacy policies before signing up for a web site, to see if that company sells your email address to others. Also uncheck pre-checked boxes to opt out of mass email updates.
  • Create a unique email address – Instead of your name with numbers behind it, make it more difficult, perhaps using a nickname or an abbreviated version instead. Don’t make it too difficult, though, as you need to remember it.

 SPAM 2

Protecting others from spam

Hackers and spammers try to locate computers without up-to-date security software, which they can control remotely by installing hidden software, or malware. Thousands of such computers linked together become a “botnet,” a network used by spammer to send out millions of emails at once. Most spam is sent this way.

Your first defense would be to keep spammers out of your computer. Steps you could use include disconnecting your computer from the internet when not in use and being cautious about opening attachments and downloading free software, which could be hiding malware.

Signs of malware include weird emails which friends receive from you, email messages in your send folder that you didn’t send, and your computer operating more sluggishly. Disconnect from the internet if you feel your computer has been hacked or infected, then follow these steps to remove malware (http://www.onguardonline.gov/articles/0011-malware).

Report spam

Forward unwanted or deceptive messages to the Federal Trade Commission at spam@uce.gov, your email provider and the sender’s email provider. If you try to unsubscribe from an email list and your request is not honored, file a complaint with the FTC (http://www.ftc.gov/complaint).

Stay Safe

EBay Passwords Compromised:

Posted by

ebay break

A frequently heard topic on this blog is about passwords.  They are the entry point into protected systems, services, and devices that everyone uses.  Well, unfortunately this week, the online auction giant eBay has fallen victim to cyber-attacks that have compromised many of the user account passwords stored on the site.  Hackers were able to compromise a limited set of non-user but system account passwords to gain access to the eBay systems and internal network.  eBay has stated that no un-authorized activity has been detected for any users nor did any financial information get stolen as of yet.  eBay states that this information is kept completely separate from your initial login information and is stored encrypted.  The breach also appears to have been closed but it is not known how long the attackers were in eBay’s systems.  Today eBay is advising all users to change their passwords, regardless of how recently they have done so.  It would be a good time to change your PayPal account password if you have one, as the company is a subsidiary of eBay and in your account you can link your PayPal account to your eBay account.  Pick a strong password as always consisting of length and complexity using letters upper and lower case, numbers, and special characters.  Also again make it memorable for you.  The following site securely creates passwords called passphrases that would work for a good eBay password – https://xuntroubled.merchantquest.net/pwgen/ppgen.cgi

 While eBay doesn’t directly support two-factor authentication, you can enable this on PayPal to make sure your actual payments sent or received for eBay are that much more protected. 

Stay safe

Find us on thumbtack

Posted by

promo_4

Look for HCP on Thumbtack

HCP is now on thumbtack follow the link above and give us a look.

By connecting local professionals directly with new clients,
thumbtack enable these talented pros to work independently so they can grow their businesses.
Thumbtack is empowering more than 250,000 pros across all 50 states to achieve their personal and professional goals. 

 A great service.

 Mark

Apple has a hole

Posted by

Apple HoleApple is now scrambling to create a patch for a security flaw in iOS7, discovered by researcher Andreas Kurtz, which leaves email attachments unencrypted on iPhones and iPads, so that those can be accessed by attackers using “well-known techniques,” Kurtz wrote.

This isn’t considered a major problem, as it seems that an attacker can’t use the bug to read your email attachments remotely, but Apple is working on a fix now.

To keep your iDevices secure, enable data protection and use a passcode, the longer the better, to lock the device.

The iPhone 5 offers the option of fingerprint authentication instead of a passcode. But the fingerprint scanner can be hacked, as researchers have proven that it’s possible to create a fake fingerprint from a photo of the victim’s print.

A more effective kind of data protection would be two-factor (or two-step) authentication. In addition to a passcode, the institution responsible for the site being accessed will email or text a second, six-digit code which must be entered as well to allow access.

For more information about Apple security updates, visit http://support.apple.com/kb/ht4175

 Stay Safe

Passwords Passwords Passwords

Posted by

PasswordPasswords

By Greg Gagne

In today’s digital world, passwords are often the most neglected first line of defense against data and security breaches.  They can be a hassle, to be secure you shouldn’t repeat passwords, or even ways of generating passwords between sites and services to maintain absolute security for yourself.  The most secure passwords are long, with randomized letters, numbers, and special characters.  In addition, frequent changes of passwords are needed to keep your data secure.  Depending on how many sites, services, or software you have to use daily, a list of passwords to remember correctly and change on a frequent basis could grow to be unbearable and even impossible. 

There are numerous online services and offline software that generate very secure passwords and will remember and/or auto-fill these passwords for you.  These services/software usually range from being free but ad-supported to more than $50, depending on the features you may want.  The problem is that consumers are putting all their eggs in the same basket.  As happened recently with the Heartbleed vulnerability outbreak, the behind-the-scenes security that should keep this bundle of passwords securely stored was broken.  Who’s to say that someone out there doesn’t have access to all your passwords that you put into one of these convenient services?  This entirely negates the convenience of this software when you have to regenerate your passwords again and trust that in fact they are secure from anyone but you. 

For me, I use the following method to generate passwords that are secure enough.  I say secure enough because most sites, ironically enough most banking sites for example, do not let you use truly secure passwords.  For instance my bank only allows an eight-character password using only capital and non-capital letters and numbers.  I can’t use any special or extended characters such as an asterisk or spaces which would make the password all that more secure.  Their password policy is the bare minimum truly to be somewhat secure

So I do the following for creating a password.  I come up with an easy-to-remember sentence that is meaningful to me, for instance “I am graduating in 2014.”  To make this into a password, I take the first letter of each word and combine them.  This would be Iagi2014.  I then randomly add a special character if it is allowed.  I make sure to make a sentence with frequent upper-case and lower-case letter usage and it has to have some numerical value in it. 

I also try to make a nonsensical sentence that would be very grammatically incorrect, as this helps to spoil the efforts made by hackers using dictionary libraries.  What makes a password secure is if you combine length, inability for words to be found in a dictionary, and complexity which comes with upper case, lower case, numerals, and special characters.  In order to remember all these passwords, I write them down and carry them on a sheet of paper in my wallet.  Before anyone says this is totally insecure, I encrypt these by changing around the ordering depending on the site/service and add an indication of what site or service it pertains to.  For example I used the phrase “The Moon is blue tonight!”  The password would be TMibt2014* and I’m using it on amazon.com I write down on the paper *4102tbiMTamz (the amz letting me know its Amazon).  This isn’t totally foolproof but it would keep the casual person confused as I don’t directly write down Amazon.com User name: xxxxx Password: xxxx on this sheet of paper.  Figure out an “encryption” that works for you. 

Unfortunately passwords are only as secure as you make them and how long they’ve been used.  For me, as much as a hassle as it is, I tend to change passwords on a frequent basis depending on how critical the service, site, or system is.  For anything financial, I change on at least a monthly basis if not more often. For that kind of data, frequent changes are really the only true-and-tried security in addition to the password being complex and long.  This adds another barrier to entry on your accounts.  Again do not share like or exact passwords between sites; this is the biggest reason accounts, services and systems get hacked, directly after easy- to-guess passwords.

Also, when it comes time to set up your methods of recovering a password, such as putting in your mother’s maiden name or high school friend, do not actually use an answer that is true.  For instance, my high school friend’s name was Dustin Johns.  Nowadays finding out this piece of information through scalping of social networking or any various forms of social engineering is too easy.  I’d change this to something I could remember but makes no sense, such as Marvin the Martian or something along those lines.  This is an often-neglected area of password security – how easy you make it to recover a password.  Another good thing to do is to make a note if possible, on any account that allows it, to not allow password resets of any kind through a telephone call. This is a far-too-easy venue for hackers to capitalize on using social engineering to gain access to your accounts. 

Make access to your accounts about as difficult as possible on all avenues, including passwords, password resets, and frequent password changes to spoil any attempts by attackers.  Unless you’re being specifically targeted for a reason, if you make it difficult enough, an attacker will give up after a certain amount of time.  They are looking for the most gains with the least amount of work.  

Stay Safe

Internet Explorer Vulnerability: How safe are you?

Posted by

IE IconA recently disclosed Zero day vulnerability (“Zero day” indicates a vulnerability that was already being exploited when it was discovered) has put those using Internet Explorer at risk.  This vulnerability affects those using IE versions 6 through 11, although only attacks against IE 9 through 11 have been documented. Microsoft has described such attacks as “limited and targeted.”

According to Microsoft, this Internet Explorer Vulnerability would allow a cyber-criminal to remotely take control of your computer. A security advisory from the computer giant said, “An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

HCP Computers supports the recommendation of the U.S. Department of Homeland Security’s Computer Emergency Readiness Team to switch to a different browser, such as Google Chrome  or Mozilla Firefox, at least until such time as Microsoft issues a fix. Downloads can be found at http://www.google.com/chrome/ and http://www.mozilla.org/en-US/firefox/new/ respectively.

Such a cyber attack would be initiated through Adobe’s Flash Player. As a result, Adobe has issued patches covering IE and also Google’s Chrome browser for Windows, Macintosh and Linux.  (http://helpx.adobe.com/security/products/flash-player/apsb14-13.html) However, for Internet Explorer, the Adobe patch only applies to IE10 and IE11 on computers running Windows 8, Windows Server 2012 and Windows RT, and Windows 8.1 Windows Server 2012 R2 and Windows RT 8.1 respectively.  That leaves vulnerable any users running IE10 on Windows 7 and higher, and IE9 running on Windows Vista and higher – although they could upgrade their browsers.  An additional problem affects the 20 percent of PC users still running Windows XP, for which Microsoft ended support on April 8. This means that no fix will be forthcoming for those using that operating system. The solution that Microsoft recommends is to migrate to a modern operating system, such as Windows 7 or Windows 8.1. 

Stay Safe

Heartbleed: What it means? What you should do?

Posted by

 

safe_imageAs you probably all know there is a major flaw out in the wild called Heartbleed.  It’s been all over the news.  So what is heartbleed one might ask?  It’s a flaw in the security framework called open ssl.  The name comes from a technical term related to the programming framework.  The flaw has been discovered to have been open since 2012 when the newest version of the Open SSL technology was released.  Normally this wouldn’t be such a big issue, but this underlying technology is used everywhere in today’s world to keep communications related to the web secure.  The flaw allows an attacker to get into a server and retrieve critical information that would allow them to easily get to your passwords and eventually personal data on the server.  It would also allow an attacker to monitor communications and grab anything newer on a server that hasn’t been patched for the flaw.  The biggest problem is normally an attacker leaves some type of trace on a server that something has happened no matter how insignificant, but with this flaw in how it works there is no trace left whatsoever.  You therefore have to assume things are compromised.  Now what is one to do about this flaw.  Unfortunately you are at the hands of the site, provider, company, or whoever holds your information to update their server to fix this flaw.  The biggest recommendation is to change all your passwords especially if you use common passwords between sites or even common ways of generating passwords for sites.  We recommend not doing this though until the site(s) are patched because if they aren’t patched yet you’ll just have to do this again after they are.  Also if any of your sites contain financial information it is strongly recommend to keep an eye on your accounts for fraudulent activity and/or at the very least run a credit report every so often.  While it isn’t the end of the world, as most companies at this point are working towards or have patched this flaw, it is something to take seriously.  In order to find out if a site or service has been patched enter the name of the site into this website. https://filippo.io/Heartbleed/ It checks the underlying technology to see if this flaw applies or if it does if it has been patched.

Stay Safe.