Another Major site hacked

In the last few months we see a uptick in Big Web sites being hacked – We saw  last month AOL compromised. AOL Inc urged its tens of millions of email account holders to change their passwords and security questions, saying a cyber attack compromised about 2 percent of its accounts

Yesterday EBAY announced that attack carried months had compromised customer data. and EBAY  urged 145 million users of its online commerce platform to change their passwords.

You should NOT use the same password for all you sites, you need to use different password for your web sites. However when I say this to user, they say it to hard to do.

I have been a user of some technology for years that helps user accomplish this task. There are Password Manager application that will save all your password in an encrypted system and you just need to remember the master password.

While Password Manager applications will not stop web sited from being hacked they will limit the possibility of a user name/ password that you use on 1 site being used on another site.

You can have each site with very strong password that are unique to each application.

For the purpose of this Blog i will show you a product call Roboform.

to use Roboform you do the following steps

Step 1 Install software

Step 2 Create a Master Password –  Your Master Password is the one password you’ll need to remember. This password will encrypt and secure all of your RoboForm data and do not forget it.

Choose your master password screenshot.

Step 3  Go to a web site and add you login info RoboForm automatically offers to save your Login information. It’s that simple.

Click on the RoboForm icon to remember an existing password.

Step 4 Now when you go to the site again Roboform will enter the login and password automatically.

Choose your master password screenshot.

 

Some other features for you include

  • RoboForm Identities feature to securely store your name, address, email, credit cards, and all your other information. Just click on your RoboForm Identity to fill entire web forms automatically.

  • Generate really Strong Passwords that you can use 1 per site and not have to remember

Access your passwords using RoboForm Everywhere.

You can find out more about Roboform Here

FYI I have nothing to do with Roboform, I do not sell it, i just use it

 

Have you Jailbreak your Iphone or Ipad If so Warning !

Active malware campaign Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads..

On the SophosLabs site there is an article about this new attack “Unflod Baby Panda”

This malware will do the following :

Hooks the SSLWrite function

When loaded and initialised, the Unflod library hooks the SSLWrite function, used when sending encrpyted data over a secure connection.

That means the malware gets to peek at confidential data before it is encryption for transmission.

then it  Watches out for the presence of AppleID credential data.

Uploads credential data it finds to one of two hardcoded IP addresses

What to do?

If you haven’t jailbroken your iOS device, you don’t need to worry.

If you are a jailbreaker and you have been circumspect in what you choose to install, you probably don’t need to worry.

Nevertheless, just in case, Sophos products detect this malware as iPh/PWS-CFX.

Of course, because a proper anti-virus isn’t possible on an unjailbroken iOS device (though, by the same token, malware is in general very unlikely on such devices), there isn’t such a thing as Sophos Anti-Virus for iOS.

So, if you want to scan your iPhone or iPad, you’ll need to install software that lets you access the files on iDevice remotely so you can scan them with an anti-virus on your desktop or laptop computer.

And to do that you’ll need to jailbreak your iDevice…

PS. If you allow remote access to your iDevice by installing the SSH daemon, don’t forget that Apple gives the accounts root and mobile the same password on all iDevices (it’s “alpine”, and yes, hard-wired passwords are a terrible idea). So if you enable sshd, you must change the password on those accounts, as explained here.

The full article is posted here

 

Think before you click

This is a new campaign from Microsoft that i think we need to remind people to THINK FIRST before you CLICK

logo

 

  • Think before you click.
  • Only download software from websites you trust. For more information, see How do I know if I can trust a website?
  • Turn on automatic updating so that you’re always using the latest, most secure versions of the software installed on your computer.
  • Make sure you’re using antivirus software and keeping it up to date.
  • Use newer software whenever possible.
  • You can prevent most computer issues if you THINK FIRST

     

    Source Microsoft 

    Do you Teach and use PowerPoint

    Turn your PowerPoint presentation into an interactive online lesson. We call this a mix. Everything you need to create and share your mix is included. Add audio and video of yourself giving your presentation, write on slides as you talk to them, insert quizzes, practice exercises, and more – all from within PowerPoint. It’s like a screen cast, but better. This is a new Customer Preview

    for the Add in Called Office MIX

    Bring your PowerPoint presentations to life by adding interactive quizzes, online videos, and even web pages.

    Check it out at https://mix.office.com/

    to learn more about Office Mix go here