Monday, May 9, 2011

Are the Feds Really Tracking My Smartphone?


Well, Apple seems to have another worm. Not the annoying kind that causes us to use profanity with an electronic device, but the kind that is keeping Apple's public relations department and lawyers up at night. That snoopy news media has discovered something that is not necessarily news, but that is most certainly newsworthy, and it is getting a lot of coverage and lawsuits, although the Supreme Court refused to take the case. People are discovering that the device that links them to the world, also links the world to us.
It is true--your iPhone, or any smart phone, can be tracked to your exact location, but this is nothing new. We have found this Apple iPhone geo-tracking debate interesting and amusing. One of the hats we wear at Computer PRO is micro-forensics, a really cool thing that people love in TV shows such as CSI, but apparently hate in the real world. Micro-Forensics, put very simply, is using ultra-cerebral and super sneaky high technology to track criminal movement and computer data. We have had the opportunity to attend some very interesting seminars in Micro-Forensics, where the FBI and Homeland Security report on specific case studies, and give fascinating stories of how they used the superior technology of the US government to nab some really bad guys. The stories were fascinating, except maybe when the young FBI agent told of being on the team that was assigned, begrudgingly, to find the kid who hacked into Sarah Palin's email. There are very strict privacy guards in place for Micro-Forensic professionals, for example, you need a court order to retrieve data from an ISP (Internet Service Provider) so that you can track what someone has been researching on the Internet. So, if someone comes to us wanting to see what their wife has been doing online, or where her iPhone has been, they are out of luck. On the other hand, if you are worried about what Google is keeping about you on your Internet searches, it might be particularly calming to learn that only a judge can grant someone access to their Internet habits (although anyone can view a limited and deletable version in the history of any computer) If you are worried about your iPhone, be aware that ANY GPS enabled device can be tracked, whether it is a Garmin, a Tom Tom, or any phone with navigation in it. We were shown one case study where the FBI was tracking drug runners who were using maritime GPS to travel by boat at night from Florida to Cuba to run drugs. They could see the exact path they were taking, and even discovered an island they were using to refuel by their GPS system, and see where exactly they were docking in Cuba. The FBI was able to use this information to guide the Coast Guard to tell them exactly where and what time to drop by to intercept and shut down this drug ring. Another example is, if a bad guy murders someone and he happens to have GPS navigation on his phone (or GPS navigation in his car), this could be used to track his exact movements, not only to place him at the scene of the crime, but to track his movements prior to it. If a terrorist comes to the US on a student visa and buys a GPS unit, most often the FIRST place he turns it on is when he gets home and gets it out of the box. This first "ping" is often very important information to have. Many times where a bad guy lives, and who he visits are easily found this way. Aren't you glad the FBI can do this? When Osama bin Laden was killed last week, computers, hard drives, and cell phones were found. There is very important "chain of evidence" documentation that begins from the moment the hardware and data are siezed, how it is stored under strict lock-and-key, and who has access to the data at all times. If this is not carefully and completely documented, it won't be admissible in court. Right now, they are likely combing through the hard-drives with the best FBI forensic agents we have, but I suspect the cell phones may be the most important evidence they have. From those cell phones, the movement (times and locations)of the terrorists can be tracked-- and if they have GPS, the EXACT addresses or coordinates can be tracked of where these cell phones have been and exactly WHEN they were there. So this is not new technology in the least, but law-abiding citizens have nothing to worry about. these types of investigations are pricey, and very hard to do because of the court orders that are required to view this information. If you don't want to be tracked, you can just turn off the GPS, although if the phone is turned on, it will still ping on cell phone towers which give a position within 300 yards. However, if you want to be found if you ever disappear, turn it on--it could save your life if you are laying in a ditch somewhere.
I, for one, am VERY glad my smart phone can track me in case I need help. Big Brother is way too busy looking at the abundance of terrorists and child porn perps to worry about how many times I went to Wal Mart last week.

Wednesday, December 8, 2010

Shopping Online Safely


It is possible to shop and bank online safely, as long as you learn how the hackers attack shoppers, and how to out-smart the jerks. It really isn't that hard, with the proper tools and skills.
First of all, you need to understand HOW hackers can access your credit card numbers, your log-ins to Facebook, bank accounts, and places where they can steal your information. Primarily, there are two ways hackers can access this information--through installing a "keylogger" on your computer, or by remotely accessing your computer where they can actually see your screen and navigate through your computer. Both of these are considered malware, or a virus, and should be repaired by a professional to ensure that the bug is gone for good. (see how to avoid viruses in our other blogs on this site)
Keyloggers are programs that are installed on your computer by hackers where they can capture everything you type, and sift through it to steal credit card numbers, logins--just think of everything you type! Remote access is exactly that--someone on the other side of the world has installed a program on your computer and he/she can actually take control of your computer and see everything in it, and watch you as you type. One of the scariest remote access repairs we ever did was brought in when the hacker used her webcam to take a picture of her sitting at her computer and displayed it on her screen! This is not for the weak of heart, and we must be extremely well-informed of the possibilities of hackers.
There are several precautions that will protect you, and allow you to shop and bank safely online.
1) Wireless internet: to protect your wireless connection, consider installing a hardware firewall.
2) Make 100% certain that you are shopping on a safe, secure website. Look for https in the web address, and if this is not present, under no circumstances shop there. If you are suspicious of a website, submit it to http://safeweb.norton.com/ for a free evaluation to ensure that the site does not contain a virus, or a malicious software application.
3) Use a credit card or Paypal, over a debit card. Credit cards have some built-in protection, and Paypal is quite safe.
4) It is absolutely imperative these days to have some type of identity theft software. We recommend Norton Internet Security (NOT antivirus or Norton 360). Norton Internet Security maintains the highest ratings, year after year, as to efficiency, and the newer identity theft feature is a MUST for online shoppers or people on social networks. It is all we sell at Computer PRO. You set up the software to store all of your log-ins, passwords, credit card numbers, billing address, mailing address, expiration date of the card, even the little security code on the back. You can password this information twice in the software, so that it is only available to you and not to anyone who is on your computer. When you get to the log-in part of a website, Norton's will ask you if you want to organize this log-in, and the next time you go to the website, Norton's will automatically log you in! This enables you to avoid typing in the log-in and password--therefore not falling prey to a keylogger, and it encrypts the information so that even if a hacker can access your computer, they cannot read the log-in. This is a MUST for those of us who do online banking or bill-pay. The software does the same thing when you are shopping--when it gets to the check-out page, it automatically fills in everything--shipping address, credit card, and billing address. The unexpected beauty of it is that you no longer have to dig out your credit card, and type all of that in. Again, the information is not available to keyloggers, and it is safely encrypted.
Also, be aware of the security of the system you are on--never shop online at a public computer, like in a library, and be very careful in hotels and wi-fi areas. There have been reports of hackers with a laptop sitting in the parking lot at a coffee house stealing information from people inside.
If you follow these steps, you should have no problems spending your money online.

Monday, July 19, 2010

Is YouTube Safe?



Okay, here’s the scoop on whether YouTube is safe. We all love to watch them and post them on Facebook, Twitter, or other social networks. The videos on YouTube are streamed to your computer using a program called Flash, a viewing software developed by Macromedia that has been bought by Adobe. To be able to play flash-modules you need a Flash Player, that is installed as a Plug-in, into your web browser (Internet Explorer, AOL, FireFox, etc). In general, these video cannot actually read or write anything on your computer. They are actually kind of like a printed out picture that you look at. The video plays but it cannot affect your computer in any way.

Where the danger comes in is loading the Flash Player. Like all software the Flash Player can contain bugs. A hacker will use these bugs to load a virus, spyware or malware on your computer. Your computer should already have flash on it so it doesn’t need to be reloaded. If ever in doubt about it, go to www.adobe.com and click on the “FLASH” download. That is the only safe way to load flash. If you are asked to click on something to load flash on your computer so you can view the video, be aware. They can seem perfectly innocent. They show up in your email from attachments, on internet Web sites, on your Facebook, MySpace or other social networking, or in ads and popups. Depending on the severity of the bug many things can happen. Starting from simply annoying things like the popup of an advertisement even with a popup-blocker being active to more dangerous things like installing viruses, spyware, or malware.

If a hacker uses a bug, then it is possible to read and write on the harddrive, or executing programs on the system (outside the browser) without you ever knowing about it. These things would allow the installation of trojan horses, viruses or other things.

If you want to be on the absolute safe side, you should ONLY open YouTube videos from the YouTube site. You can simply take the title of the video from the link (do not paste and copy) and search You Tube to find the video that was sent to you. They do not have a guarantee that every video is safe but they say they check out every video for viewing. These issues can also happen with Java. Java is another program that plays videos, cartoon ads, or games.
In general, do not click on or roll over ANY popup. If Flash, Java, or even your anti-virus pops up, ignore it, close the pop-up from the bottom task-bar (or the task manager), and either open your anti-virus directly to see what it needs you to do (if anything), or go directly to www.adobe.com, or www.java.com and upload the update there. This is truly the only safe way to be sure. ALWAYS keep in mind that hackers are out there, and the only way they can get you is for you to click.

Wednesday, March 10, 2010

Are Hackers Targeting ME?


One of the questions I hear all of the time is "who are these hackers, and why are they targeting me?" Most people erroneously assume that hackers are poorly behaved super-smart kids--geeks that get a kick out of manipulating the system and causing mischief. They envision poorly supervised teenagers sitting around a computer trying this and that until they crack into a system. Many of us remember the movie "War Games" where Matthew Broderick plays a lovable, super-smart high school student who hacks into the school's computers to manipulate his grades, and who accidentally hacks into the Defense Department's war games computer and nearly starts a nuclear war.
Today, hacking is no longer kid's stuff, but a multi-billion dollar industry that spans the globe. Some experts believe that as many as 25% of all computers are infected by hacker's software. In my first blog, I explained that we are involved in computer forensics, and as such, attend conferences where we listen to reports from the FBI, Defense Department, and Homeland Security on the newest problems out there right now. Part of what we do at Computer PRO (besides fix what hackers do to our customer's computers, along with anything else, and build new computers and networks)is to educate people on how to stay out of the hacker's line of fire. Having said that, let me try to describe what hacker's goals are.
Visualize a robot. Mindless, emotionless, silent unless it comes to life. A big part of what hackers do is to turn your computer into a robot. The tech name for this is a BOT-network, actually. Suppose you go on the Internet and download something--perhaps a song, some freeware, a game--you will never know that download is infected. (however, PLEASE read my articles on learning how to spot these sites) When you click download, you not only get your music, but the download will install hidden software deep inside your computer that will turn your computer into a robot. This software is called a virus, a worm, spy ware, malware, or a Trojan horse. The hackers gather thousands of bot computers into a bot network, and these computers are used to send infected files to thousands of other computers. If the attack is caught and traced, it is traced to you, not to the hacker. There are a few symptoms that your computer is a BOT--mainly that it slows down because the hacker is using your resources, but often you get pop-ups, and the computer starts performing unusually and locking up. Often the ISP (Internet Service Provider--such as Road Runner) will catch this, and shut down your Internet connection. We have people come in our business all of the time who are incensed because their ISP has shut them down for sending spam. They are always understandably upset, and don't understand until we explain to them that they have been hacked. Once we fix their computer, the ISP will hook them back up. Don't worry, the Internet Police are definitely not going to show up at your door and arrest you for sending spam, everyone knows what is going on here, but your computer MUST be cleaned up before it is put back on the Internet. Your computer is being used to steal identities, and rob people--by a person who may be on the other side of the world! There are actually businesses who sell time on their bot-nets, for bad guys to send their malicious software to thousands of unsuspecting computers! This leads me to the next type of hacker--the phisher.
The main goal of hackers is to gather information to steal money. Phishing is pronounced fishing--and it is the same thing--fishing for information. The phishers have a variety of ways to steal your information, all of which require YOUR action--clicking on something. A main way for phishers to gather your banking information is to send you an email (through a bot-network) that tells you that your banking information needs updating, and that your account has been frozen until you resolve this. You may have gotten such an email, it may be confusing because it is not from your bank. These guys know that among the thousands of phishing emails that are sent, some of the recipients will be customers of that bank. According to the FBI, as many as 3% of the recipients of these phishing emails actually input their bank passwords and pins. With one click, their identity is stolen, and their bank account drained.
Another type of phishing works like the bot-network, you download a file, and get hidden software installed deep in your computer, hidden from view. This type of software is called a Key logger. This creepy software allows the hackers to see everything you type-and remotely see, and go through your computer files. The goal is to find passwords, credit card numbers, names, addresses, social security numbers, email passwords--in other words, your identity. When you log onto your bank account, or type in your credit card number, it is as though the hacker is looking over your shoulder. These identities are gathered and sold on websites to bad guys who will steal your identity and rob you. They are sold in groups--like complete identities (including name, address, passwords, credit cards, and mother's maiden name), partial identities, or just credit card numbers. Sometimes these creeps even have buy-one-get-one-free sales of people's identities! The FBI has a whole department that monitors these websites, and works diligently to catch the cyber-crooks. However, many of them are in places in the world where extradition to the US for prosecution is complicated, often Russia or Nigeria.
I do not mean to give you the impression that you are helpless in this, and that you should never use your computer again! There are ways to out-smart them. First, if you haven't read my earlier posts about hackers and cyber-intrusions, read them. However, I am finding that one of the best new tools to combat key loggers is software where you enter your log-ins and passwords (and credit card numbers), and when you need to log in or enter your passwords, pins, credit card numbers, name, address--anything that can be stolen from you, the software automatically enters it in an encrypted format. You never type this on your keyboard so the keys can't be captured, and if the bad guys can see your computer, what they see is encrypted. We like Norton's Internet Security 2010, because it has this feature. We also recommend that the time has come to make your passwords tough to crack--long, a combination of numbers and letters, unpredictable. For example, your first grade teacher's name followed by a number combination followed by the name of a river you know. I know this is hard, but it is important to have unpredictable and long passwords as a part of your cyber-safety routine.
This problem is not going away, in fact it is slated to get worse. Hackers are not only targeting individuals, but governments, banks, and large companies. So strap on your cyber-pistols and meet those creeps on their own turf--knowledge!

Thursday, February 25, 2010

How to Out-Think the Hackers and Avoid Viruses

More and more, we are seeing people who have serious infestations of viruses, worms, spyware, and malware and who have active, updated, top dollar anti-virus software on their computers. This is a serious, expensive repair, and more importantly it exposes computer users to identity theft as well! They ask a very good question: "how can I get a virus if I have anti-virus software?"
The truth is that today computer users need to be much more vigilent in arming their minds in a way to watch for and avoid all of the threats out there. According to Symantec, 15,000 new viruses and threats are released EVERY DAY. This provides an excellent opportunity for me to remind you that your anti-virus software needs to automatically update itself on an ongoing basis, so that as these 15,000 new viruses are discovered each day, your computer will be protected.
However, even with these updates, it is not enough. Anti-Virus Software is sort of like taking vitamins. They absolutely help you keep from getting sick, but if you walk in the rain, or don't get enough sleep, or expose yourself to someone else who may be sick, then the vitamins won't prevent you from getting sick.
So, I am sure you are wondering "what is the tech equilivent of walking in the rain?" The truth is, it is a lot of things, but most of them fall under some basic principles that everyone should be practicing every time they go on the internet or check their email.
1. Be paranoid. Be suspicious of everything. If what really looks like your antivirus pops-up and says "scan now" or "you are about to expire" or "OMG you are infected by a zillion viruses" or starts counting infected files, DO NOT CLICK ON IT. Do not roll over it, do not close it on the little red X, or click on "no thanks" or "fix now". DO NOT CLICK ON IT. As a matter of fact, try not to even look at it because it will make you go blind. (not really) If you don't know how to close a window without clicking on it, use the task manager to close it. After the monster is off of your screen, manually open your antivirus and see if it really was your antivirus, and if so, what did they want? If your anti-virus doesn't want anything, do a full system scan because you have been in the presence of a bad guy.
Fake antivirus scans are one of the best ways to get infected these days. Some poor souls even give them their credit cards and pay them to infect their computers and steal their identites!
2. Be paranoid. If you open a website and a pop-up comes up and says you need to upload Flash, or Java, or whatever--DO NOT CLICK ON IT! (are you seeing a pattern?) Close the pop-up without touching it via task bar or task manager, and go to the Adobe website and try to load Flash there. There is a new virus out right now that is asking people to load fake Flash updates.
3. You need to develop pristine habits, almost like "computer hygiene" or something. It is almost like practicing safe....well you know what I mean, but we want you to have fun, but you have to learn some safe practices so it doesn't kill you. Make the habit of pulling your curser off to the side after you click a link so that you don't accidentally roll over some ad that will make your computer miserable. Remember that roll over activation is a valid way to get infected! When you search the internet, carefully examine the results and see that the web address is the right one, or that what you searched is not just inserted into some random words. Also rememeber what your mother taught you--stay away from online porn, gambling, beware of ANYTHING free--just common sense things apply to the internet. These three areas are some of the most common ways of infestation. Do not expose your computer to sick computers via file sharing, like free music, etc. Whenever you get free music this way, you are also getting the viruses on the other person's computer--and they are NOT free. Pay for your music--it is a lot cheaper.
4. Emails. Don't get me started. Be Suspicious. You just cannot open those forwarded emails, you know, the ones that say Fw or Fw Fw in front of the subject. Although it is really tempting to see those cute pictures of puppies or something, it will cost you money in the long run when those puppies infect your computer! Also, NEVER click links in emails or fall for those email scams that tell you that your bank needs information etc. In fact, be suspicious of ANYTHING that sounds urgent. One of the most common ways people get scammed is to open a virused email that came from someone you know. Scammers steal address books all of the time and send troubles to everyone on their list. If your good friend sends you an urgent request for money--DON'T CLICK ON IT! (Unless your good friend does this all of the time anyway...) Call your friend and ask them if they sent it.
4. Videos. Be Suspicious. YouTube is full of viruses. Now that doesn't mean to never look at a video--we know you are going to do that, but it means that if you watch a lot of videos, you may end up with a virus at some point.
5. Back up and scan your data for viruses and keep it somewhere safe. It will save you money if you DO get a virus later, and possibly even keep you from loosing it.
Once you adopt some simple habits, you will reduce your liklihood of getting an infestation. Back to the anti-virus--this is an absolute MUST these days. If you can't afford the good stuff, get free antivirus at the least. Now that you are all enthused about getting on your computer--HAVE FUN! Seriously.

Thursday, January 21, 2010

To RAM or Not to RAM

I can’t tell you how many time people come in my store and say “I NEED MORE MEMORY”. I usually just say “Drink plenty of water, take 2 ginko bilobas, and call me in the morning”. Of course, if they say their COMPUTER needs more memory I take a more technical approach.

Most of the time when a computer slows down, people listen to some “guru” that says “add more memory”. Those “gurus” remind me of the old man on “My Big Fat Greek Wedding” where when someone burns their finger he always says “Put Windex”. For you who do not know, RAM is the same thing as memory. RAM stands for Random Access Memory. RAM is a volatile memory on the computer. Volatile memory means it is “Temporary” - it does not require an ongoing power source. That means when you turn off your computer, it is erased. Non-volatile memory would be like your hard drive, where all your programs, pictures, and stuff are saved.

So, how do you know if you need more memory? If your computer formally ran fast and you were happy with it and you have not added a lot of programs or games on your computer, then you probably don’t need more. If your computer is slowing down there are several issues that can be the culprit.

1. Virus – it doesn’t matter if you have a virus protection or not (but you better), if you do certain activities on your computer, such as go to those Web sites your momma wouldn’t approve of, open “FWD: etc” email, open email that is considered “SPAM”, then you are more likely to have your antivirus disabled and a virus will be installed on your computer. You DON’T need more memory here.

2. Overload – if you have loaded a lot of programs or games on your computer you are likely to slow it down. Of course the more you have opened up at one time the slower it can get. You DO need more memory here.

3. Too much stuff – if you have a lot of pictures, music, movies, and/or data on your computer and your hard drive is getting close to 80% capacity, then it will slow down. It can also crash. You DON’T need more memory here.

4. Hardware issues – you can start having hardware problems such as video, hard drive, power supply or any other components of your computer if they deteriorate. Of course if it is the memory going bad then you definitely need more memory. Any other components, you DON’T need more.

5. Aging – an old computer is like an old man. It starts to slow down naturally. Electronic parts DO wear out. How would you like to have a bunch of electrons running through your body all day? Sometimes more memory will help but most of the time not.

If you are in question if you need more memory, drink plenty of water, take 2 ginko biloba, and bring your computer to me or any other QUALIFIED technician. That “guru” probably doesn’t know what he is talking about.

Wednesday, January 20, 2010

Intruders in your cyberworld


Hi, welcome to the ComputerPRO blog. I am Dennis Kilcrease, owner of Computer PRO. The purpose of this blog is to share information, and to answer questions.
We are seeing a huge influx of intrusions at Computer PRO these days. When I say intrusions, I mean viruses, Trojans, Malware, Spyware, worms and other varmits that attack your computer. You have got to be really savy these days to avoid what is an inconvieniance at best, and a major problem and big expense at worse.
The ComputerPRO staff just attended a conference on Micro Forensics, where we got to work with FBI agents, staff from Homeland Security, and attorneys from the Justice Department. We learned about the bottom-dwellers that try to worm (literally) their way into the lives of innocent citizens, mainly for the reason of stealing identities. They are a varied bunch, many from northern Europe, where extradition for prosecution in the US is complicated, and some are long-haired hermits with Cheeto bags laying around holed up in their houses here in the US. Once they infect your computer, they can gain access to your world--your information, your finances, and your IP address. There are literally websites where these creeps go to buy and sell identities--almost like a drug pusher selling from his car.
I have a strong background in security, working as the Chief Network Engineer for Army Space Command, and on the SPPRnet project for the Pentagon email, among work with other international companies such as General Dynamics and SI International. I have seen first hand what these intrusions can do to a major network, as well as a home computer.
People often assume that all they need to do is to put half-way decent anti-virus protection on their computers and they are bullet-proof. While having anti-virus is essential, it is also crucial to educate yourself in safe practice so that you don't manually load a virus. Any computer that is fully covered with anti-virus is still susceptable to viruses if the operator uses unsafe practices.
Over the next days, I will talking more about out-smarting the bad guys and reducing the liklihood of becoming infected. I also will be talking about basic care and feeding of computers, and some hints on Vista, Windows 7, and organizing files on the computer. Thanks for reading today.