New Internet Explorer Vulnerability Exposed

New Internet Explorer Vulnerability Exposed

On Sunday, Microsoft issued a rare press release warning users of all versions of Internet Explorer of a vulnerability in the software that they’re working to patch.  What makes this notable, is that this is the first major exploit that has been announced since Windows XP’s end of life earlier this month, and Microsoft will NOT be patching this problem for Windows XP users.  The moral of the story is that if you’re still using Windows XP, it’s critical that you stop using Internet Explorer and use an alternative browser ASAP.

For more information, check out this link: http://time.com/78828/internet-explorer-microsoft-security-flaw/internet-Security

Find And Manage Your Online Accounts

Find And Manage Your Online Accounts

Security is a major concern these days….from credit card fraud at a major retailer, to internet security threats like Heartbleed and other big viruses…. and everyone should be concerned about threats to their identity.  Online, one of the best things you can do is to minimize the amount of accounts you have tied to your email.  Many of us have had an online presence for 10 or more years, and have likely signed up for numerous accounts and services that we’ve forgotten about or no longer use.  Lifehacker.com posted an interesting tip to help you review some of those lost email accounts, pending you don’t always delete your email.  In your email client (gmail, yahoo, hotmail, Outlook, etc.), search for “confirm your email” in quotes.  This is a popular phrase in emails sent to new users setting up accounts for the first time, and should give you some sites to check.  Visit the websites associated with your account that you once created, and if you don’t need them anymore, find the option to cancel or delete your account.  A simple search through my 10+ years of email showed nearly 50 accounts to review….and many of them needed to be closed.  Minimizing your web presence is a great way to start to limit online threats.

 

See the rest of the article at: http://lifehacker.com/find-and-delete-unused-accounts-with-a-simple-email-sea-1565539305aq1crzdcfuc65ukvxn17

Enabling Two-Step Security

Enabling Two-Step Security

In the wake of all of the security talk from last week’s Heartbleed virus disaster, one of the best things you can do to protect yourself from future exploits (besides changing your password often) is to set up two-step security.  Many websites now have this option, and it’s an important and easy way to add another level of security to your online identities. In a nutshell, two-step security (or two-factor verification as it’s also called)  requires another form of verification besides just a password in order to gain access to your account on a different computer.  In most cases, that’s a text message or a call to your cell phone, verifying that you authorize this activity.  This prevents people who don’t have access to both your cell phone and your passwords from gaining access to your account.  Trust me….the mild annoyance it is to have to punch in a code from your phone when you’re using your account on a new computer is quickly squashed when you breathe a little lighter the next time another super-virus or security exploit comes around.

This site from the Wall Street Journal gives a great, easy-to-understand description of how to add two-step security to 11 of the top websites.  Read it, and make sure you have protected your various online accounts!

http://blogs.wsj.com/personal-technology/2014/04/11/safety-first-how-to-sign-up-for-two-step-verification-on-11-top-online-services/

How Does Heartbleed Affect Me?

How Does Heartbleed Affect Me?

Heartbleed was all over the news yesterday, as it was exposed to be one of the biggest exploits on servers we’ve ever seen.  What does that really mean for the average computer user? The Heartbleed super-virus won’t directly affect your personal computer, but it will affect the servers that run many of the websites you visit and log in to every day.  In a nutshell, sites that run OpenSSL (many sites with https:// logins) have the potential to compromise your login information, exposing it to hackers, and since many of us re-use our usernames and passwords on multiple sites, it’s a big deal.  Use the following steps to take action and protect yourself against this bug:

1.  Check what sites are impacted.  Cnet has a listing of popular sites that have already been patched (http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/).  Obviously, since that was published, many sites could have already fixed the exploit, so you can check individual sites by typing them in here:http://filippo.io/Heartbleed/.

2.  Change your password.  For any websites you have logins at, once their site has been fixed, you should change your password.  If you change it before they patch the bug on their site, your new password will still be vulnerable until the website’s server is fixed….so for the best protection, you should change your password right now, and then change it again once the website is fixed….but for most of us, simply changing it once the site is fixed is good enough.

UPDATE: (Please see our newest blog post on how to set up two-factor security!)

How do you know what sites you have logins at?  The big sites might be obvious, but don’t forget the little ones too.  You can review your stored passwords by reviewing what logins you have saved in your browser (Internet Explorer, Google Chrome, Mozilla Firefox).

As always, it’s good to pick a strong password, one that’s easy to remember, but not easy for someone else to guess.  You can google search for good random word generators to get you started (I like this one)- but don’t use that verbatum….change up a bit.  I’ve always been a fan of recommending addresses as passwords- they have numbers and memorable words, which are easy for you to remember, but harder for a computer to hack.  Nothing is unhackable, and while “123password” is memorable, and “%$~ajsfsl198y78o” is  not, nothing is completely safe.

Lastly, it’s a good time to consider using a password storage program.  Many people have found that with the increase in passwords you need for work and home, password managers (specifically ones that sync with your smartphone) are helpful.  Using programs like 1Password or Datavault are probably safe enough for personal use- provided you properly safeguard your smartphone in the event it is stolen.

Please pass this email on to friends and family!!

how-to-treat-heartbleed-bug-imageFileLarge-6-a-6731

Windows 8.1 Update Is Here

Windows 8.1 Update Is Here

While most of the media attention to Windows today is on the final nail in the coffin for Windows XP….but Windows 8 has some big news as well….Windows 8.1 Update that was released today.  While it won’t bring back the beloved start menu just yet (it’s coming soon!), this update will give you the ability to boot directly to the desktop, another top annoyance.  A small step, but a big one towards making customers happier and more comfortable working with Windows 8.  To update, please update via the Windows store, or in control panel via search for updates.

More information on the other features in this update are here: http://www.pcworld.com/article/2140720/the-windows-8-1-update-finally-makes-microsofts-metro-future-pc-friendly.html

w8.1leaks_primary-100244591-large-100248144-gallery-100249647-gallery