Category Archives: Security

WhatsApp Supermarket Phishing Scam



There’s a WhatsApp phishing scam doing the rounds here in the UK based on free gift vouchers from big supermarket retailers. It’s doing well because (a) people are receiving the links from friends and (b) they’re disguising the false links with foreign letters.

Here’s two that I received in the last few days.

 

Check the subtle dot over the c of Tesco and the line on the d of Asda. They got my scam senses tingling but many people seem to have fallen for it based on the couple of messages I received. Apparently there’s a variant for Aldi too.

If you do follow the links (and I recommend you don’t), the first part asks for more friends to pass on the message to, and the next bit starts collecting personal info so they can send out the vouchers. Yeah, right. Fortunately, friends I’ve spoken to became more suspicious on the second section and dropped out.

This scam can easily be moved to other retailers in other countries so watch out for it, though the basic scam has been around for awhile. It’s the use of special characters that seems to be new. I imagine that they can be creative with other letters in addition to c and d. More at the BBC.


Stay Safer with 2FA and a YubiKey



In the past couple of weeks I’ve received three notifications from haveibeenpwnd informing me that a couple of organisations didn’t do a good enough job keeping my info secure. While it’s always going to be a good idea to change your login and password, any sites that use 2FA significantly reduce the value of stolen credentials (as long as you’ve signed up for the 2FA option!)

What’s 2FA? Two Factor Authentication. Still not clear? Maybe you’ve used a web site that’s texted your phone with an extra number or code that needs typed in before you are let in to your account. That number is a “second factor” and you’re using 2FA to get into the web site. Excellent choice. 2FA is good because it means that even if ne’er-do-wells steal your details from a sloppy site, they don’t have access to your phone, so they can’t get any further. However, SMS authentication is not perfect – there are some vulnerabilities typically using “man in the middle” attacks.

If you want to take your online authentication to the next level, you might want to consider a physical security key for your second factor. This isn’t a key like you’d use in a lock, but a USB key that doesn’t look too dissimilar to a memory stick. A good example is Yubico‘s YubiKey 4 series range, which supports a wide range of protocols including “FIDO U2F, smart card (PIV), Yubico OTP, Code Signing, OpenPGP, OATH-TOTP, OATH-HOTP, and Challenge-Response” and can be used with many of the big names like Google, Facebook and Dropbox. The keys can be used for authentication when logging onto PCs too (depending on OS, version etc.)

As an end user, you don’t need to know all the technical stuff, only that it’s a very safe way of authentication and it’s simple to use. To get started, you first associate the security key with your account, and the next time you try to logon to the service, you’ll be prompted to insert the security key into a USB slot (or swipe for NFC keys). You can use one key for multiple sites.

Yubico provides YubiKeys for different use cases. There’s the standard YubiKey 4 which is designed to go on a keyring (keychain) and works with USB A. The YubiKey 4C  also goes on a keyring but works with USB C. The 4 Nano and 4C Nano are smaller and are intended for semi-permanent installation in USB A and C sockets respectively. For NFC applications, such as suitably-equipped smartphones, there’s the YubiKey NEO. Physically, the keys are tough. Allegedly, they can go through the washing machine and get run over by a car, though I didn’t try any of these.

Here I have a YubiKey 4 and 4 Nano (shown left) and they both work in the same way – the only difference is the size and what you touch to activate the key. Let’s take a look at getting Google setup with a YubiKey.

Login to your Google account, say via Gmail. Click up on the top right where your “headshot” is and then click again on “My Account”.

Head on into “Signing in to Google”. I’ve blanked out a few sensitive items.

2-Step Verification is what you want. Hopefully, you’ve already got this turned on but if not, go ahead and get this sorted out. This page shows the factors you can use for 2FA. Security keys are topmost with text messages and backup codes below (not shown).

Click on “Add Security Key”.

Get the YubiKey ready and insert when instructed. Hit Next.

On the YubiKey 4, the “Y” logo on the key will flash – tap with your finger to confirm. On the Nano, tap inwards on the end of the key. Once the YubiKey has registered, you can give it a name.

And that’s it – all set and ready to go. The next time you login to Google on a computer that you haven’t used before you’ll be prompted to insert your YubiKey to prove who you are. Super secure!

Other services are similar. Here’s part of the Dropbox procedure.

And Facebook…

Supported sites are listed here and you’ll recognise a good few of the names.

If you can see the benefits of secure 2FA, the YubiKeys can be purchased from the Yubico online store. The YubiKey 4 is US$40 and the 4 Nano is US$50, with similar prices in GB£ from amazon.co.uk.

The 4 series can do a whole lot more, and if you just want the basics, then a YubiKey 3 at only US$18 is a good start. I personally bought one of these awhile ago to secure my Google account.

Thanks to Yubico for providing the YubiKeys for review.


Keep Prying Eyes Away with the InvizBox 2



Perhaps I’m just old and suspicious, but I’m increasingly concerned about the personal information that I give away to companies like Google and Facebook for their services. I’ve had enough of being the product. As for the information gathered surreptitiously by third parties, such as ISPs and government agencies, I’ve had enough of snooping and I don’t accept that if I’ve nothing to fear, I’ve nothing to hide. It’s simply none of their business.

Consequently, I’m working on a couple of strategies to mitigate my exposure, including some fake personas for simple things like compulsory registrations. While I’m not a social media superstar, I’m present on most social media platforms and it’ll take time to balance out the public and private. Fortunately in the UK, it’s not illegal to take a new identity unless the intention is criminal (so I’m told).

On a more practical side, I’ve already signed up for protonmail.com to secure my email correspondence and I’m going to move away from the big name providers in a gradual process. The other area of interest is VPNs and for those who aren’t in the know, a VPN is a Virtual Private Network. It hides your activity from the owner or maintainer of any local network connection – think of it as an opaque pipe within a transparent tube – so it’s good for protecting against both nosy ISPs wanting to sell your browsing history, and defending against nefarious activity on public wifi hotspots.

I’ve been tinkering with some of the software-based VPNs both for both mobile and home use as my ISP provided-modem/router doesn’t have any VPN capability. Software solutions are fine if you have one or two devices, but when you’ve umpteen tablets and laptops in the house, it’s a pain.

An alternative is a dedicated VPN hardware solution and this Kickstarter campaign from InvizBox caught my eye. Simply, the InvizBox 2 is a wireless access point that connects to your home router, and then encrypts all the traffic over a VPN (or the Tor network). There’s no need for individual configuration as everything that connects to the access point benefits from the VPN. Your local ISP is then completely unable to track your activities and sell them on. Even better, the ISP can’t throttle your traffic based on type of use, or use of competing services.

Obviously these are benefits enjoyed by all VPNs, but as a neat hardware package, the InvizBox 2 looks attractive. Other features on the InvizBox 2 include ad blocking and parental controls. The latter is useful as the VPN will bypass any controls implemented on your router or by your ISP, so you might need to defend against inquisitive teens. You can get round geo-blocking too – that’s where you can’t see some content because you are visiting from the wrong country. As with most VPNs, a regular subscription is required (allow around US$5 / €5 per month) but there are some deals there too.

The standard InvizBox 2 is currently at €109 and the Pro is €149 if you get in quick, both with a year of VPN service. Other deals are available and delivery is expected in April next year. The team has already hit their goal of €50,000 and there’s still a week to go, so the project is going to be funded. As background, the InvizBox team are based in Dublin, Ireland and have a track record of delivery from previous Kickstarters, so there’s a good level of confidence. However, as with all Kickstarter campaigns, consider yourself a patron rather than a customer until the product is in your hands.

I might actually plonk down some cash for this….


Macate Genio Coming To UK



US multinational Macate are coming to the UK with the intention of launching their secure smartphone here later in the year. Setting up in Kensington, London, the Genio smartphone is a mid-range Android device with an emphasis on security.

The bare specs are a 5″ HD screen driven by a 1.3 GHz quad core processor with 2GB RAM and 16GB storage, though this can be expanded with a microSD card. The Genio has two cameras: a 13 MP rear camera and a 5 MP front selfie shooter. For lovers of stock Android, it’ll run Nougat 7 out of the box.

The Genio is encrypted as standard (AES256) and comes with secure messaging app NetMe from Macate’s software development team Codetel. The NetMe supports all the usual features of text, audio and video messaging and attachment sharing. They’ve also an encrypting email app too which I imagine will be pre-installed too.

The new UK team will be headed up by Darren Gillan, previously of Vertu, and he said, “We’re excited to be adding a UK base to our growing global network. Mobile security is a big issue for many consumers; they need a device that operates seamlessly but also securely. At Macate we’re dedicated to the development of cybersecurity and we’re delighted to be bringing that expertise to the UK mobile market in the form of Genio.”

Once on sale, the Genio will come in four colours, white, light golden, black and (pink) champagne, and will retail for £249. Obviously at this stage it’s hard to tell what the phone will be like, but hopefully we will get more details closer to the launch.


Bitdefender BOX Protects the Smart Home at CES



With the arrival of the Internet of Things, installing antivirus software on a PC isn’t going address malware lurking on a smart home control unit. A different approach is needed and Bitdefender’s BOX might be the solution. Dan talks to Todd about what Box offers over traditional security products.

The Bitdefender Box is a small hardware device which is connected into a free port on the main router – it’s similar in size to the control units for SmartThings or Hue. Once configured via Bitdefender’s Central Account or the companion smartphone app, it monitors the network traffic for suspicious activity. Box provides several layers of security over and above standard antivirus with everything from URL filtering to anomaly detection.

Bitdefender Box is available now for US$129 in the first year, with an annual subscription of $99. The next gen Box is expected in the summer, priced at $199. Box is currently only available in the USA.

Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.

Become a GNC Insider today!

Support my CES 2017 Sponsor:
30% off on New GoDaddy Orders cjcgnc30
$.99 for a New or Transferred .com cjcgnc99 @ GoDaddy.com
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgnc1hs
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgncwp1
Proximity Beacons for Android Course.



First Alert Connects Safety and Simplicity at CES 2017



Today’s connected home technology meets common sense functionality and excellence in design with the expanded Onelink by First Alert portfolio of home safety and security products. Onelink by First Alert brought five products to CES 2017.

The Onelink by First Alert portfolio includes a range of home monitoring devices designed to seamlessly integrate with today’s most secure connected home platform, Apple HomeKit. Additionally, the Onelink lineup conveniently connects users to their homes via the Onelink Home App, providing one location for all devices and security and peace of mind from anywhere, anytime.

Onelink by First Alert Smoke + Carbon Monoxide (CO) Alarm

This 2-in-1 wireless combination smoke and CO alarm offers premium safety features and sensing technologies. In the event of a fire or carbon monoxide emergency, the alarm will sound and send push notifications to the user’s mobile device. Exclusive voice and location technology will alert users to the type of danger and its location. The sleek, modern-designed alarm is Apple HomeKit-enabled and works with Amazon Alexa, where users can ask Alexa the status of alarms or to help develop a family fire escape plan.

Onelink by First Alert Envirocam

Parents will benefit from this revolutionary device that offers non-contact respiration rate monitoring. The Onelink Envirocam features a patented design that detect micro-movements to monitor breathing directly from the smart camera, eliminating the hassle of other respiration monitoring devices that require physical contact with the child. The camera also monitors environmental conditions. The Onelink Home app dashboard offers critical information such as sleep data, temperature, low and high carbon monoxide levels, and humidity at the parents’ fingertips.

Onelink First Alert Environment Monitor

This smart device features advanced sensing technologies to monitor both high- and low-levels of carbon monoxide (CO), both of which can be harmful. Compatible with Apple HomeKit and enhanced to be compatible with Amazon Alexa, the Onelink Environment Monitor monitors temperature and humidity and notifies users of any changes.

Onelink by First Alert Safe

Ideal for homes and small businesses, this smart safe combine’s best-in-class security with smart home functionality. Users can unlock the safe with their mobile device using the Onelink Home app with Touch ID and passcode verification. It also features tamper and motion detection, sending push notifications to the user if a disturbance or tampering is detected by the safe. The Onelink Safe is fire-rated and waterproof to protect valuables against unexpected emergencies, and features exclusive Bolt Down Technology that allows the safe to be bolted directly to the floor, without compromising fire and water protection.

Onelink by First Alert Wi-Fi Thermostat

This programable smart device connects easily to Wi-Fi and enables users to control their heating and cooling directly from their mobile devices via the app. It works seamlessly with Google Home and Amazon Alexa, allowing users to integrate with the smart home platform of their choice. With these virtual assistants, users do not even need to touch their phones – simply speak aloud and with hands-free commands to adjust or inquire about the temperature.

Onelink by First Alert will be at CES 2017 at the First Alert Booth in the Sands Expo at booth #41330.


Cognitive Systems Launches Aura at CES 2017



Cognitive Systems, an advanced RF technology company, today announced the launch of Aura, a thoughtful security system for the home that uses patented spectrum analytics technology to detect and monitor motion, without using cameras.

Aura is a home security system that uses technology patented by Cognitive Systems to monitor the disruption of wireless signals caused by the movement in the home, without the use of cameras. Household members are notified on their smartphones of unauthorized motion that occurs anywhere in the home. With the simple two-piece system, Aura provides full coverage for the average home, even in rooms where people are typically unwilling to place cameras. Aura can also recognize the presence of known members, show motion patterns in the home, and provide a timeline of activity, deliver tailored notifications to homeowners’ smartphones, and interact with other smart home systems.

Aura is powered by a custom chipset from Cognitive Systems that monitors and analyzes wireless signal patters that occur when movement takes place within an home, and alerts the user if unauthorized motion is detected. Aura is more accurate than other motion detectors since the system is not dependent on light and it understands the difference between human and non-human movement (e.g. a fan, shadows, drapes blowing, etc.) Aura will be launching with IFTTT integration so that it can connect with other smart home systems as desired.

Aura is set up and managed via a free app available in the Apple Store and on Google Play. The app allows homeowners to see three different views of motion: Live, 12 hour, and Weekly. Consumers can also use the app to see who is currently at home, a timeline of household activity, arm or disarm the system, and more.

Aura is available for preorder with MSRP of $299. However, for CES fans, Aura will be available at a special pre-order price of $399 for a limited time. Orders will ship by February 28, 2017.

Cognitive Systems will be at CES 2017 in the Sands Expo Smart Home at Booth #42124.


Adieu Yahoo!



Dear Yahoo,

I’m sorry but I’m breaking up with you, and I’m afraid that it’s you, not me. We’ve been together for over ten years, from the early days of Flickr and Yahoo Groups, but you’ve hurt my feelings twice now and I think you’ve been cheating on me. It’s been fun but it’s not going to work out. There’s no longer any trust between us.

I’ll get my stuff out of your properties and return the keys as soon as I can. Goodbyee!

P.S. If anyone else wants to break up with Yahoo!, here’s the link https://edit.yahoo.com/config/delete_user.


Enhanced Security Measures Continue for CES 2017



PrintThe Consumer Technology Association (CTA), owner and producer of CES, has announced that it will continue to implement advanced security measures at the upcoming CES 2017 to maximize the safety of all attendees. The security measures are designed to provide a safe and secure environment while ensuring attendees have an efficient and productive experience.

CTA is working closely with law enforcement officials at all levels to maximize security on-site at CES 2017. This year’s security measures include bag restrictions and metal detectors.

Only two bags, each smaller than 12”x17”x6” may be brought into official show venues. Rolling bags of any size will not be permitted on the show floor. This includes luggage, carry-ons, laptop and computer bags and rolling luggage carts. All attendees are encouraged to consider their bag type and use clear bags (mesh, plastic, vinyl, etc.) to expedite the process of going through metal detectors and check points.

While all attendees will be subject to metal detector screening upon entering show premises, CTA will conduct searches at specific points to ensure quick and easy access to exhibit halls and reduce the number of times attendees have to go through security.

For efficient entry on-site, all attendees must have an official CES badge and government-issued photo ID before entering CES show venues. To speed entrance at all venues, attendees are strongly encouraged to register online and to pick up badges at the airport or hotels before arriving at the show.


Blink Wins Second Consecutive CES Innovation Awards Honoree Recognition



blink-logoBlink, the ultra-affordable, truly wire-free and battery-powered home security and HD video monitoring system, announced that it has been named as a CES 2017 Innovation Awards Honoree. The brand won recognition for its Blink 2.0 system, marking the second consecutive CES Innovation Award victory for the brand within the Smart Home category.

Unveiled earlier this fall, Blink 2.0 takes the brand’s signature features – unmatched battery life and ease of use – to the next level. In an effort to further solidify Blink’s competitive advantage, the company’s world-class engineering team did not simply increase battery life, they doubled it. Blink’s revolutionary cameras now run for an industry-leading two years on just two AA lithium batteries, with the ability to record up to 60 second and auto-stop recording when motion is no longer detected.

Blink upended the smart home security industry last year, taking CES and the consumer tech market by storm with an unbeatable price point ($99), unprecedented battery life, and unmatched ease of installation and use. Blink has continued this momentum as demonstrated by its announcement of two-year battery life and the title of CES Innovation Award Honoree for the second year in a row.

Blink will be at CES Unveiled on January 3 and CES 2017 from January 5-8 at Booth #40136 in the Smart Home section of the Sands, Hall A-D.