Author: Janet Riley

“Any sufficiently advanced technology is indistinguishable from magic.” ~Arthur C. Clarke

This is a QR Code.  If your smart phone has a QR code scanner, and most of them do, you can scan the code and it will take you to the Comp-U-Talk web site.  (FYI: this is a temporary code that will expire  on March 14-I didn’t ante up any cash to make it permanent)

You might be accustomed to scanning QR codes.   Restaurants have adopted interactive menu QR Codes as a substitute for physical menus (https://scanova.io/blog/qr-code-statistics/).  Businesses are integrating QR Codes for streamlined payments.  Just last week, I bought primer paint.  The paint had a rebate and I asked for the rebate form.  I was pointed towards a QR Code on a shelf rack and scanned it.  The rebate was submitted before I left the store.  It was fast and easy, didn’t require a stamp or an envelope and I had immediate response that the rebate was received.

QR Codes are sweet and fast.  They are also the latest tool in the hacker’s arsenal of evil deeds. 

QR Codes are easy to generate via numerous sites on line.  The QR Code above was generated at: https://app.qr-code-generator.com/getstarted.  It took less than 5 minutes from start to finish to create the code, confirm my email address, upload my logo and download the QR Code.  Children can do this! Criminals are doing this to direct your innocent scans to malicious sites. 

SecurityHQ research says there will be a significant increase in QR phishing (AKA: quishing) emails.  While modern email services are actively filtering out the majority of spam emails containing malicious links, they do not have the ability to scan and filter out malicious QR Codes.  (https://www.msn.com/en-us/money/other/why-you-should-think-twice-before-scanning-qr-codes/ar-AA1lXxQb).  It is up to you to verify the site you are about to open is legitimate. And that is going to be hard.  The QR Code above will eventually take you to www.comp-u-talk.com, but when you scan the code it says you will be taken to https://qrco.de/beq1qM.  Creating a QR Code converts the real web address into a short code that will forward the user to the underlying website .  This is the same technology used at bitly and tinyurl.  I wrote a newsletter about shortening long links via bitly and tinyurl.  If you missed it, you can catch it here: https://comp-u-talk.com/check-your-links/

Ethical hacker and magician, Thomas Webb did a Ted Talk demonstrating how easy it was for him to hack all of the cell phones in an auditorium.  He was successful because the audience volunteered to scan his QR Code.  You can watch it here: https://youtu.be/Tp25LmdYlds

The video is 19 minutes, fun and educational.

That’s the educational news for this month. 

Until Next Month, Stay Happy, Stay Healthy, Stay Safe.  Invest in some lawn chairs!

Janet

Every job is a self-portrait of the person who did it.  Autograph your work with quality.

Happy New Year!

This is amazing!  January 2024 is my 40th year of business anniversary!  It’s been a long and exciting ride.  Here’s a recap:

1984:   Compaq Portable, advertised as the first 100% IBM PC-compatible computer was introduced.  Compaq recorded first year sales of $111 million, the most ever by an American Business in a single year.  And YES, I have one.  It was my first computer! 

1985:   The Compaq Deskpro 386 is introduced. DOS 3.2 announced.  I say “I DO” to the question: Until death do you part?  I also figure out that no where in those vows did I promise to not be the cause of his death!  He has been cautiously fulfilling his vows!

1987:  Comp-U-Talk rents its first commercial location.  Some of you may remember our office on Broadway in Coos Bay.

1989: Intel introduces the 80486 microprocessor.  Affectionately referred to as “486”.  Google is founded.

1990: Windows 3.0 and Microsoft Solitaire Debut.  Tim Berners-Lee writes the first website.  See it here: http://info.cern.ch/hypertext/WWW/TheProject.html.   Our family size increases.  Baby Robin comes to work.

1994:  Nothing notable happening in the computer arena.  Baby Sara joins our family.

1995: Windows 95 appears

1998:   Windows 98 released

1999:   Y2K panic is everywhere.  I birth a Y2K compliant baby!

2000:  Windows ME is introduced

2001:  Windows XP replaces the shoddy Windows ME

2007:  Windows Vista—are you kidding?  This isn’t good!

2009: Windows 7—YEAH!  Finally, an Operating System that Operates!

2011: I consider changing my name to “Charity”.  The IBM computer named Watson is going to play Jeopardy against Ken Jennings and Brad Rutter.  If the computer wins, IBM will donate 1 million to “Charity”.  The complete story can be found here:

http://www.bloomberg.com/news/2010-12-14/ibm-computer-to-match-wits-with-jeopardy-champs-in-1-million-showdown.html

2012: Windows 8, Another shoddy attempt

2014: Windows 10 introduced. Microsoft gives it to Windows 8 users. 

2017: My love of chickens and a bout of flu intersect with a newsletter:   When you find yourself in danger, When you’re threatened by a stranger, When it looks like you will take a lickin’, There is someone waiting, Who will hurry up and rescue you, Just Call for Super Chicken!

In case you have never heard the Superchicken theme song (it was part of the animated TV series, George of the Jungle back in the 60’s) you can play it here: https://youtu.be/FKss2pBYQ6Y .  If you can sing it to us when you drop off the computer for repair we will discount your service $10.

2021: Windows 10 becomes Windows 11.

2024:  Looking forward to more adventures. 

Stay Safe, Stay Healthy, Stay in Touch!!

Janet

“Maybe Christmas, he thought, doesn’t come from a store. Maybe Christmas…perhaps…means a little bit more!” – Theodor Seuss Geisel, How the Grinch Stole Christmas

Merry Christmas!

Recently,  I was asked to explain why Cyber Insurance was necessary if offsite backups have my data protected.  It does sound like you are paying twice for protection but I assure you, Cyber Insurance is much more than a data backup.

First, lets look at how cyber criminals work. Their number one goal is to get access to your systems and data.  They get this through a variety of methods, the most common is a phishing email where an unsuspecting soul clicks a link which installs a backdoor.  Once the backdoor is available, the criminals have options.  Typically, they will encrypt the machine, rendering it useless and demand a ransom to unencrypt it.  Oddly, this is the scenario you hope for, because if they lurk in the shadows for months, gathering data, your problem just got a whole bunch worse! 

Think your data is useless to anyone but you?  Think again.  If you store social security numbers (payroll), insurance information (payroll), bank accounts (payroll), credit card info (customers/vendors), names & addresses (customers/vendors/employees) OR the golden egg:  a spreadsheet with passwords to all of your online accounts, then you have data worth stealing.

So…you wake up one morning and discover you’ve been breached!! What do you do?  First hand knowledge says you Panic!  Then you Vomit!  Then you Pray! Then you call your Cyber Insurance Company!

The Cyber Insurance company will tell you “So Sorry, I don’t think this is covered by your policy!”  (And again, you Panic! You Vomit! You Pray!)  As a courtesy, they assign a lawyer and a forensics team to your case. 

The lawyer tells you not to worry, the insurance call center is not allowed to tell anyone their case is covered.  The forensics team swoops in and either confiscates the computers or takes images of all the infected computers.   If the criminals have been lurking in the shadows, forensics will want to examine the backups as well. 

Each scenario is different, but it is common for the Cyber Security Company to prohibit use of the computers until after the forensics team has given the “okay” .   Sometimes it takes hours, sometimes it takes days or weeks.   

You already know lawyers are expensive.  Lawyer fees look like a gift from God when compared to the fees of the forensics team!  And who gets to pay the lawyer and the forensics team?  The Cyber Insurance Company pays them!  You have Cyber Insurance, right? 

What happens next?  The Forensics team determines if any data has left the building.  If data has been extracted, they figure out who has to be notified of the leak. The Cyber Insurance Company will assist with the notifications and will offer credit monitoring and identity restoration if deemed necessary. 

If backups are corrupt, Cyber Insurance will negotiate the payment of ransoms.  They also assist with public relations expertise.  I don’t sell Cyber Insurance, but I highly recommend it.  No one pays for insurance with the intent to use it, but if calamity strikes, you will be incredibly grateful to have it.

If you need help securing your computers, give me a call.  I would be honored to assist.

 Wishing you a Very Secure & Very Merry Christmas!

For Your Holiday Enjoyment: My Favorite Christmas Play

It’s November and you know what that means:  Your inbox is going to be over flowing with unsolicited holiday emails that are soliciting you to buy stuff!

If you have a coosnet email account, or if Comp-U-Talk is hosting your email, keep reading to see the  steps to tighten up your spam filter.  If your email is associated with gmail, yahoo, or outlook.com, I’ve posted the steps at: https://comp-u-talk.com/configure-spam-filters/

Coosnet users:  Browse to http://webmail.emailsrvr.com

Login with your email address and password.

Once there, click on the triple bars in the top right corner.  It will be to the right of your email address.

Choose Settings from the drop down menu.

Click Spam Settings in the left column. 

Let the aggressions begin.  Not feeling nice?  Set it to exclusive, just remember to add Mom to the Safelist.

Feeling invincible? Delete all spam immediately—but if something gets marked as spam by accident, there is no getting it back. 

The safer option would be to Include [SPAM] at the beginning of the subject of line.  With [SPAM] at the beginning of the subject line you can create a rule to filter all such emails into the Spam folder.  (Filters are also called Rules—just in case you are trying to adapt these directions to a different mail system.)

At the main email screen, highlight the email you want to move into the Spam Folder.  Click the More button and the choose Add new Filter.

Give the Filter a name.  I suggest SPAM. And then fill out the rest of the boxes according to your likes and dislikes.  To move all emails marked as [SPAM] the filter would look like this:

I hope you found this helpful.  Please don’t filter my emails to the SPAM folder.  Doing so will hurt my feelings:(

Janet

Because It Made Me Laugh

“They always say time changes things, but you actually have to change them yourself.”
—Andy Warhol, artist

It’s October and National Security Awareness Month.  That means it’s time to do the annual review of what secure computing means.  

We’ve talked this nearly to death, but just in case you have been temporarily dead and need to learn or relearn what it means to be secure, here is the list:

· Use Strong Passwords – That means nothing less than 8 characters.  Mix it up with UPPER case and lower case letters.  + (Add) some $mybol$ and some numb3rs.

· Don’t reuse passwords.  It’s impossible to remember that many unique passwords so invest in a password manager.  I use Dashlane.  It works.  I don’t get any kickbacks if you purchase.  I recommend it because it works.

· Enable two-factor authentication (2FA) wherever possible.  This will require a working cell phone or email address.  You’ve got both.  Use them.

· Be careful what information you share online.  I’m still confused why people post their vacation pictures to Facebook while they are on vacation.  Nothing could scream “Burglarize my House” louder.  And those questionnaires: Whose your favorite teacher? What was your first car? Where was your first date?  All of those are answers to commonly asked security questions at banks.

· Keep your software up to date.  Really… When Chrome says it wants to update, Let IT!  When windows wants to install updates, Let IT!  It only takes a couple of minutes and you need a legitimate excuse to look at your cell phone. 

· Use a firewall and antivirus software.  The windows firewall is adequate for the majority of the users.  Antivirus software is free to cheap.  No excuses, Just Do IT!

· Be aware of phishing scams.  If it is to good to be true, then stay away.  Also watch for anomalies.  I posted dahlias for sale in Facebook marketplace.  I immediately got the despised “Is this still available?” response with a message that said please text me.  Here is my phone number.  Replying thru marketplace was disabled.  There is NO WAY I’m going to give out my phone number to some random person in a different area code.

· Backup your data regularly.  Backups can be automated using the Windows Backup Utility that comes with Windows 10 & Windows 11.  For better protection you can send backups offsite .  This does require a subscription.  Comp-U-Talk has several to choose from.  Call Us!

· Disregard all of the above advice.  I promised my crew pay incentives if we hit some sales goals.  Your indifference will fund our bonuses.

Stay safe, or NOT. 

It’s your choice. 

Janet

Because it Made Me Laugh!!

“If you think education is expensive, try estimating the cost of ignorance.”  ~Howard Gardner

Welcome to September.  It’s back to school time.  So you don’t feel left out of the back-to-school craze, here is a quick quiz for you:

1.      You need to send an encrypted file to a “Joe”.  “Joe” will need the decryption password.  How do you safely deliver the file and the password?

         A.     Attach the file to an email and include the password in the email
         B.     Send the file via email and send a text message with the password
         C.     Send two separate emails: one with the file, a second with the password.

2. It’s getting late and you have a lot of work left to finish a confidential presentation for the upcoming board meeting.  You decide to leave and work on it from home.  What should you do?

A. Take your secure laptop home with you and log in with your company’s secure VPN
B. Email the presentation to your personal email address
C. Place the file in Dropbox and download it when you get home

3. A good way to destroy an electronic device and its information is to drop the device from a 10-story or taller building.

True
False

4. When you are done with a sensitive file you can delete it forever by dragging it to the trash can.

True
False

5. You find an old external hard drive that you no longer need.  After opening it up, you see bunches of obsolete files.  Your best bet is to reformat (erase) the drive and throw it away.

True
False

And the Answers Are:

1-B, Always use a different service to share the password.  Text and voice calls work nicely.  If a degenerate has access to one email you can believe it has access to all.

2-A, It’s bad juju to store corporate data on personal devices or services.  Trust me! You don’t want to be personally responsible for any breach of data for the business.  And a breach can happen incredibly fast, one click and Hello Ransomware!

3-Tempting, but still False.  Using them for target practice is also a bad idea.  Bullets can ricochet.  You can bring them to Comp-U-Talk and we can military wipe the drives for you.  

4-False, deleting a file only removes the file listing from showing in file explorer.  The file itself is still on the drive.  There are many software utilities available to recover deleted files.  In fact, Windows recycle bin itself will give you the option to restore a file. 

5-False. While it sounds like a good idea to format/erase a drive, there are many free software utilities that can recover huge portions of the data.  At the risk of being redundant, Comp-U-Talk can military wipe those drives for you.

So how did you do?  Did you get a perfect score?  Did your co-workers get a perfect score? 

If not, then I recommend signing up for our end user training.  Mention you saw it in this newsletter and get your entire office staff trained for free in September.

Always Keep Learning,

Janet

Because It Made Me Laugh!!

“Everyone chooses how to approach life.  If you’re proactive, you focus on preparing. If you’re reactive, you end up focusing on repairing.” ~John Maxwell.

Have you heard of Zero-click Malware?

Cybersecurity threats continue to evolve. They pose significant risks to individuals and organizations alike. Zero-click malware is gaining prominence. This form of malware requires no user interaction. It can silently compromise devices and networks.

One example of this type of attack happened due to a missed call. The victim didn’t even have to answer. This infamous WhatsApp breach occurred in 2019, and a zero-day exploit enabled it. The missed call triggered a spyware injection into a resource in the device’s software.

A more recent threat is a new zero-click hack targeting iOS users. This attack initiates when the user receives a message via iMessage. The malicious code will execute without any interaction from the user. The code allows a total device takeover.

Below, we will delve into what zero-click malware is. We’ll also explore effective strategies to combat this growing menace.

Understanding Zero-Click Malware

Zero-click malware refers to malicious software that can exploit vulnerabilities in an app or system with no interaction from the user. It does not require a  user to click on a link or download a file.

The Dangers of Zero-Click Malware

Zero-click malware presents a significant threat due to its stealthy nature and ability to bypass security measures. Once it infects a device, it can execute a range of malicious activities such as data theft, remote control, cryptocurrency mining, spyware, ransomware, and turn devices into botnets for launching attacks.  This type of malware can affect individuals, businesses, and even critical infrastructure. Attacks can lead to financial losses, data breaches, and reputational damage.

Fighting Zero-Click Malware

To protect against zero-click malware, it is crucial to adopt a proactive and multilayered approach to cybersecurity.  Here are some essential strategies to consider:

Keep Software Up to Date

Regularly update software, including operating systems, applications, and security patches. This is vital in preventing zero click malware attacks. Software updates often contain bug fixes and security enhancements.

Put in Place Robust Endpoint Protection

Deploying comprehensive endpoint protection solutions can help detect and block zero-click malware. Use advanced antivirus software, firewalls, and intrusion detection systems.

Educate Users

Human error remains a significant factor in successful malware attacks. Educate users about the risks of zero-click malware and promote good cybersecurity practices. This is crucial. Encourage strong password management. As well as caution when opening email attachments or clicking on unfamiliar links.

Uninstall Unneeded Applications

The more applications on a device, the more vulnerabilities it has. Many users download apps then rarely use them. Yet they remain on their device, vulnerable to an attack.

Only Download Apps from Official App Stores

Be careful where you download apps. You should only download from official app stores.

Need help implementing a security solution?  Give us a call.  We’ve got tools that watch for infiltration,  tools to train your employees and tools to keep your systems patched.  We would love to help you out.

Stay Safe, Stay Cool,

Janet

Because It Made Me Laugh:

“Someone cracked my password. Now I need to rename my puppy.” ~Unknown

Happy July. 

Today I thought I would cover browser hygiene.  Assuming you have been paying attention, you know passwords should be at least eight characters long. You know passwords should be complex, meaning it should contain upper case  letters, lower case letters, numbers and symbols.   You should have a unique password for each site.  But did you know you should NOT save them in your browser?  Here’s why:

If your browser becomes compromised, your passwords are also compromised.

There is a malware going around.  It is called Redline Stealer.  It can bypass antivirus and  tags along via random downloads.  Once it is in your computer it collects the saved user names and passwords for the various sites you have saved.  

If you would like to read a horror story, go here: https://nypost.com/2022/01/02/experts-warn-against-storing-passwords-in-chrome/  Not only did Redline steal a remote worker’s passwords, it also gained access to the employers network. Three months later, bad actors easily accessed the employers networks via a secure VPN.  This is a perfect word picture for chaos.

Browsers remain logged in.

The security of your accounts are only as secure as your browser.  If you login to Chrome or Edge or Firefox, and never log out, then anyone sitting down at your workstation has full access to every site you have saved.  The same is true if your device is lost or stolen.  Were you clever enough to set up double authentication?  Let’s hope it double authenticates to your cell phone and not to your email!  If your email is on the lost or stolen device then double authentication isn’t going to do much to protect you.

Want to stop the browser from saving your passwords?

Step 1: find the Settings menu.  Look in the top right corner of the browser for the 3 dots / lines.  Each browser is unique.  (Wouldn’t want to violate copy right or trademark laws, don’t you know!)

Chrome: Settings -> Autofill and Passwords -> Password Manager -> Toggle off “Offer to save passwords.”

Edge: Settings -> Profiles -> Passwords. Toggle off “Offer to save passwords.”

Firefox: Settings > Privacy & Security. Scroll down to Logins and Passwords and uncheck “Ask to save logins and passwords for websites.”

Want to delete your browsers saved passwords:

Chrome: Settings -> Autofill and Passwords -> Password Manager ->  Click the right pointing triangle next to each password entry, then select “Delete.”

Edge: Settings -> Profiles -> Passwords. Click the three stacked dots next to each password entry, then select “Delete.”

Firefox: Settings -> Privacy & Security. Scroll down to Logins and Passwords and click “Saved Logins.” You’ll be taken to a new tab entitled “Firefox Lockwise” that will list all your saved passwords. In the upper right of the tab, click the three horizontal dots and select “Remove All Logins.” 

If you’d rather remove only some passwords in Firefox and keep others, you can select each entry individually in the left-hand navigation column on the Firefox Lockwise page, then click “Remove” in the upper-right part of the entry displayed in the main part of the page.

Stay Safe, Stay Healthy, Have a Wonderful Summer!

Janet

Life is either a daring adventure or nothing.- Helen Keller

Last month I mentioned April Showers Bring May flowers, and that is very true on the Riley Farm.  This month I will begin the planting of roughly 2000 dahlias.  I threw together a quick website at www.rileyblossom.com.  I have two catalogues available.  The first is of dahlias that are available for sale now, the second shows dahlias that I may or may not continue to grow.  If you see something you like in either catalogue, let me know.  Contact info for the dahlia farm is in the catalogue. 

That’s my shameless plug for personal endeavors, now on to computer related stuff.  I was recently introduced to Microsoft Forms.  This is touted as a free feature of Microsoft 365, but it also works if you have a buy-it-once-and-own-it-forever version of office.   All you need is a Microsoft account.

What Is Microsoft Forms?

Microsoft Forms is a drag-and-drop form, quiz, and survey creator. It’s simple to use and allows you to send out surveys via a link. Recipients can fill out your form online from any device.

How to Get Started in Forms:

1. Visit Forms.office.com and log in with your Microsoft account.

2. Choose “New Form” or “New Quiz” from the top menu.

3. OR you can choose to explore the built-in templates.

4. Click “Add New” to add a new form field. You can choose from field types: Choice (i.e., multiple-choice question), Text,  Rating, Date, Ranking, and more.

5. Enter your questions.

6. When finished, click “Send” at the top. You can distribute the survey using the following options:

Link to a web form, Email, QR code, Embed in a web page, Via Facebook or Twitter.

When the responses start coming in, you will see them on the “Responses” tab.

Advantages of Using Microsoft Forms

1. It’s Free if you have a Microsoft Account

2. It Saves Time -No emailing attachments back and forth, and Forms collates survey responses automatically.

3. Get Charted Results -You can quickly see the results of the survey in meaningful graphs.

4. It’s Easy to Use -The interface is intuitive and simple. The learning curve is low.  Just about everyone can jump in and start using it.

Want to experience it in person?  Take my sample survey here: https://forms.office.com/r/CjsXb567v7

Summary:  Planning the family reunion just got WAY easier!!  Hope you find this useful. 

Stay Safe, Stay Healthy

Janet

Because It Made Me Laugh!!