Blog

Archive for Mobile Computing

How to Encrypt Your Tablet or Smartphone

How to Encrypt Your Tablet or Smartphone

If you left your smartphone behind in a coffee shop or you were required to pack your tablet in your checked luggage, would your personal data be safely locked away? If you don’t have your device protected by a lock-screen passcode and your data encrypted, your text messages, personal and business contacts, emails, photos and videos and other sensitive information could all be accessible.

What is encryption?

To describe it simply, encryption is the process of jumbling data using an encryption key available only to you in such a way that the information is no longer recognizable or understandable. When you need to use your data, the reverse process of unscrambling, known as decryption, uses your unique encryption key to bring it back to a readable state.

You can think of encryption as a secret code known only to you. If someone were to steal your private journal, the thief wouldn’t be able to understand what’s in it without knowing the secret code you used to encrypt it.

Why encryption is important

Even if you’ve locked down your phone with a strong password, the data behind that wall of defense are still readable — your emails, text messages, photos, everything. So unless you have encrypted your phone, a knowledgeable thief can use various means to crack or bypass your password and then harvest your data.

Since encryption garbles information, it adds another layer of protection to your information by rendering it unusable by anyone who doesn’t hold the key to un-garble it.

Governments encrypt classified information. Businesses guard their corporate secrets with encryption technologies. Doctors and lawyers use encryption to prevent client data from falling into the wrong hands. You can use encryption to shield your personal information against identity and data thieves. In fact, the United Nations Commission on Human Rights considers encryption a human right because it “provide[s] the privacy and security necessary for the exercise of the right to freedom of expression in the digital age.”

If you are preparing to sell or give away your mobile device, encrypt it before resetting it to its factory state, especially if it’s an Android device. Even a full factory reset won’t completely wipe out your personal data on older Android devices. Security company Avast found that information you thought had already been wiped clean still remains on your Android device even after a factory reset. The company’s researchers were able to extract photos, emails, text messages, search histories, personal identities, contacts and more from used Android phones they bought from eBay. Researchers at the University of Cambridge have also found that remnants of your “deleted” data can actually be used to log in to your accounts.

You can avert the potential for data breaches like these by encrypting your mobile device.

How to tell if your iPhone or iPad is encrypted

Apple devices running iOS 8 or higher have encryption baked into the OS and file system itself. However, your device isn’t encrypted until after you’ve set up a lockscreen passcode.

How to encrypt your iPhone or iPad

Go to Settings > Touch ID & Passcode. There, turn on the Passcode feature. Disable Simple Passcode so that you can use longer alphanumeric passcodes that are harder to crack. While you’re at it, set the Require Passcode option to Immediately.

Afterwards, return to Settings > Touch ID & Passcode and scroll down to the bottom. Here, enable the Erase Data option so that your data will be automatically wiped after 10 failed passcode attempts. You should also see “Data protection is enabled” below the option. This means that data encryption is now active and uses your designated passcode as part of the encryption key. Now no one will be able to hand over your data because only you know your passcode.

How to tell if your Android tablet or phone is encrypted

If your phone runs Android 6.0 (Marshmallow) or higher, it’s encrypted by default.

If your phone is running an earlier version of Android, you can head over to Settings > Security (or in some phones Storage). There you will either see that your phone is encrypted or that you have the option to encrypt your phone.

How to encrypt your Android phone or tablet

On Android devices, the steps are similar. Here’s how to do it for Android 4.4 KitKat and Android 5.0 Lollipop. First, you’ll want to plug your device in and ensure you have at least 80 percent charge. Then go to Settings > Lock Screen > Screen Lock. Input  your old passcode and a new one (make sure it’s at least 6 characters). Then go to Settings > System > Security > Encrypt device > Encrypt Phone (or tablet). If you use a microSD card in your phone, you may also select Encrypt external SD card. Than select Encrypt phone (or tablet).

Once you encrypt your Android device, you cannot turn off encryption without performing a full factory reset. An encrypted SD card will only work on the device that encrypted it, so you can pop the card into a reader on your computer or use it in another device. Fortunately, SD card encryption can be undone, unlike full disk encryption of your mobile device. If you want to use your SD card on another phone, you will have to decrypt it first.

Initial encryption can take 30 minutes to about an hour, depending how much data you have. Your phone or tablet will reboot a few times during the process; this is normal. Just let the process complete. Once encryption is finished, you will be asked for your PIN or password to unlock your device.

Montejo, Elmer.  How to Encryt Your Tablet or Smartphone” Techlicious March 27, 2017

Posted in: Mobile Computing

Leave a Comment (0) →

6 Links That Will Show You What Google Knows About You

Want to find out all the things Google knows about you?

Here are 6 links that will show you some of the data Google has about you.

  1. Find out what Google thinks about you

In order to serve relevant ads, Google collects data about you and creates a profile. You can control and review the information Google has on you here:

http://www.google.com/settings/ads/

Google also has a tool called Google Analytics, that helps publishers see what pages you have viewed on their website, how many times you have visited it, how long did you stay etc. You can opt out if you don’t want this type of data to be collected:

http://tools.google.com/dlpage/gaoptout

  1. Find out your location history

If you use Android, your mobile device may be sending your location to Google. You can see your entire location history here:

https://maps.google.com/locationhistory

  1. Find out your entire Google Search history

Google saves every single search you have ever done. On top of that, they record every Google ad you have clicked on. This log is available in Google web history controls:

https://www.google.com/history/

  1. Get a monthly security and privacy report from Google

Google offers an Account activity page that tells you about all the Google services you are using. You can even enable a monthly report that will be sent to your email:

https://www.google.com/settings/dashboard

  1. Find out all the apps and extensions that are accessing your Google data

The Account activity page also offers a list of all the apps that have any type of access to your data. You can see the exact type of permissions granted to the app and revoke access to your data here:

https://security.google.com/settings/security/permissions

  1. Export all of your data out of Google

Google lets you export all your data: bookmarks, emails, contacts, drive files, profile info, your youtube videos, photos and more here:

https://www.google.com/takeout

BONUS

Google also keeps a history of your YouTube searches. You can find it here:

https://www.youtube.com/feed/history/search_history

 “6 Links That Will Show You What Google Knows About You” Cloudfender.com March 2017

Posted in: Mobile Computing, Tech Tips for Business Owners

Leave a Comment (0) →

You’ve Been Charging Your Smartphone Wrong

Yes, we know. Our smartphone batteries are bad because they barely last a day.

But it’s partially our fault because we’ve been charging them wrong this whole time.

Many of us have an ingrained notion that charging our smartphones in small bursts will cause long-term damage to their batteries, and that it’s better to charge them when they’re close to dead.

But we couldn’t be more wrong.

If fact, a site from battery company Cadex, called Battery University, details how the lithium-ion batteries in our smartphones are sensitive to their own versions of “stress.” And, like for humans, extended stress could be damaging your smartphone battery’s long-term lifespan.

If you want to keep your smartphone battery in top condition and go about your day without worrying about battery life, you need to change a few things.

Don’t keep it plugged in when it’s fully charged

According to Battery University, leaving your phone plugged in when it’s fully charged, like you might overnight, is bad for the battery in the long run.

Once your smartphone has reached 100% charge, it gets “trickle charges” to keep it at 100% while plugged in. It keeps the battery in a high-stress, high-tension state, which wears down the chemistry within.

Battery University goes into a bunch of scientific detail explaining why, but it also sums it up nicely: “When fully charged, remove the battery” from its charging device. “This is like relaxing the muscles after strenuous exercise.” You too would be pretty miserable if you worked out nonstop for hours and hours.

In fact, try not to charge it to 100%

At least when you don’t have to.

According to Battery University, “Li-ion does not need to be fully charged, nor is it desirable to do so. In fact, it is better not to fully charge, because a high voltage stresses the battery” and wears it away in the long run.

That might seem counter-intuitive if you’re trying to keep your smartphone charged all day, but just plug it in whenever you can during the day, and you’ll be fine.

Plug in your phone whenever you can

It turns out that the batteries in our smartphones are much happier if you charge them occasionally throughout the day instead of plugging them in for a big charging session when they’re empty.

Charging your phone when it loses 10% of its charge would be the best-case scenario, according to Battery University. Obviously, that’s not practical for most people, so just plug in your smartphone whenever you can. It’s fine to plug and unplug it multiple times a day.

Not only does this keep your smartphone’s battery performing optimally for longer, but it also keeps it topped up throughout the day.

Plus, periodic top-ups also let you use features you might not normally use because they hog your battery life, like location-based features that use your smartphone’s GPS antenna.

Keep it cool

Smartphone batteries are so sensitive to heat that Apple itself suggests you remove certain cases that insulate heat from your iPhone when you charge it. “If you notice that your device gets hot when you charge it, take it out of its case first.” If you’re out in the hot sun, keep your phone covered. It’ll protect your battery’s health.

Villas-Boas,Antonio. “You’ve Been Charging Your Smartphone Wrong”. Business Insider July 2016

Posted in: Mobile Computing, Technology

Leave a Comment (0) →

What is Spearphishing? How to Stay Safe Online From this Effective Cybercrime Technique

Spearphishing? All it takes is a single click, but it doesn’t have to be this way.spear-phising

Hackers, spammers and cybercriminals have a multitude of methods they can use to infiltrate computer systems, steal data, plant malware or compromise your personal information. One of the most long-standing tactics is targeting ‘phishing’, also known as spearphishing.

It has endured because it works: unwitting web users continue to receive malicious messages and still fall victim to their charms. If you are wondering how dangerous they can be, just ask John Podesta: the US political player who lost tens of thousands of email with a single click.

When a spearphishing email lands in your inbox, it’s rarely a mistake. Using your personal information – either hacked from another source or lifted from public social media profile – spammers are able to produce slick, and highly-convincing, messages.

They will appear legitimate, but spearphishing emails usually contain malware, spyware or another form of virus – often hidden in a link. When clicked, the payload will usually download automatically onto your computer and go to work – stealing files, locking records or logging your keystrokes.

Using your own personal information against you, hackers can craft an extremely personalized email message. It will likely be addressed to you by name and will reference a specific event in your life, something that will make you believe the sender is real and trustworthy.

What information could they possibly know?

Using social media, the spammer will likely already know your age, where you work, what school you attended, personal interests, what you eat for dinner, what concerts you have been to recently, where you shop, what films you like, what music you listen to, your sexual preference, and more.

But this is enough. Using the information, a fictitious hacker could easily pose as your friend and ask for further information about you – your phone number, password, even bank details? Not everyone would fall for the scam, but many still do if the recipient believes the identity of the sender.

A hacker using spearphishing may pose as a retailor, online service or bank to fool you into resetting your credentials via a spoofed landing page. The email may ask you to reset your password or re-verify your credit card number because suspicious activity has been monitored on your account.

If the email tempts you to click an embedded link, it could also download a keylogger or Remote Access Trojan (RAT) onto your computer to steal bank details or social media passwords as you type them. Many people re-use passwords across multiple websites, so the danger of hacking is high.

How to stay protected

Stay protected by being aware of the threats and remaining extremely careful about what personal information you put online. Limit what pictures to post to Facebook or Twitter, check where your email is listed and ensure your computer’s security is kept up to date.

Ensure the passwords you use are original, lengthy and, most importantly, unique to every online website or service. A strong password will contain a mixture of characters, numbers and symbols. If possible, enable two-step authentication on every account that offers it.

Finally, know the signs and stay vigilant. If you receive an email from a close friend that asks for personal information – think twice before replying and send them a reply asking them to verify their identity. Also, know that any real business or bank is unlikely to request sensitive data via email.

Unfortunately, it only takes one click of a mouse for the hacker to access your system and despite advanced spam filters on current email providers spearphishing emails will continue to slip through the cracks.

Murock, Jason. “What is Spearphishing? How to stay safe online from this effective cypbercrime technique”. IBT. December 2016

Posted in: E-mail, Mobile Computing, Security

Leave a Comment (0) →

Prepare Your Digital Devices for Holiday Travel

holiday-travelDecember is the season for getting out on the road — or in the air, or on the tracks, or maybe even on the water. And during our travels, many of us will carry along an assortment of digital devices.

Here are some tips for entertainment and security when you’re away from your usual home/office Wi-Fi networks.

Watch your Netflix favorites offline

On the last day of November, Netflix announced that it was finally offering offline video viewing, free to subscribers. It was excellent news for anyone wanting video entertainment while away from high-speed broadband.

But the new service was not ubiquitous: some Netflix content — probably newer and more popular shows — will still not allow offline viewing. Also important to know, Netflix’s offline viewing is currently limited to iOS 8.0 and higher and Android 4.4.2 and higher. (You also need to upgrade to the latest Netflix app.) In other words, you can’t call up Netflix in your laptop browser and download a video for viewing offline.

Why mobile devices only? Most likely, it’s because mobile operating systems such as iOS don’t have a true user-friendly file-management systems. That makes it easier for Netflix and other media apps to control access to the downloaded video files.

On my iPad, it took about three minutes to download a 46-minute episode of Doc Martin. The download took about 170MB of space, both on an iPad and iPhone. It did not seem to matter whether my default playback setting on the Netflix site was set to Medium or High resolution. The app’s own Video Quality option was set to Standard by default; changing to High increased the file size of my Doc Martin episode to more than double — 384MB. (You might want to switch the higher resolution if you’re casting the video to a full-sized TV.)

So with the right settings, you can pack hours of entertainment on a typical mobile device, assuming you haven’t soaked up a lot of storage space with music, photos, and videos from sources other than Netflix.

The mobile Netflix app offers other important settings for controlling downloads. By default, the featue is limited to Wi-Fi connections; turning that setting off allows downloading videos over a cellular connection. But just to make things a bit more confusing, there’s also a Cellular Date Usage setting for streaming videos. Six options let you control the amount of data used for streaming. You can, for example, limit streaming to Wi-Fi connections only or use the Unlimited option if you’re one of the lucky few who still have an unlimited cellular-data plan. The default setting is Automatic.

Netflix’s offline viewing tool is nicely designed. If the feature is available for a particular video, you’ll see a down-arrow (see Figure 1) next to the title and description. Another window lists your downloaded media (along with length and file size) and makes it easy to delete shows you’re done with.

netflix-windows-secrets

Figure 1. Download shows for offline viewing by tapping the down-arrow icon.

(Amazon Prime also allows some content downloading. Check your subscriptions for details. Expect other streaming services to enhance or add downloading options.)

The timing of the Netflix announcement was somewhat ironic. While researching traveling with digital devices, I ran across the PlayOn app (site), which also lets you download and play streaming video offline. You might think that Netflix’s announcement would put the company out of business, but the PlayOn service works on both PCs (PlayOn Desktop) and iOS devices (PlayOn Cloud), and it has other significant differences.

Here’s the catch: Like any old-style personal video recorder, the desktop recording requires playing the video at standard speed. You can’t just do a quick download of a video file. PlayOn Cloud records a chosen show on a cloud-based virtual machine, and the full recording is then downloaded as an .mp4 file to the iOS device.

Note that the service lives in a gray area of legality. Services such as Netflix do not allow recording of streaming content. But in the 1980s battle over recording broadcast TV shows on VCRs, the U.S. Supreme Courts ruled that personal, non-commercial video recording was legal. PlayOn claims that its service falls under that ruling. And apparently it hasn’t been sued in the year it’s been in business.

PlayOn, of course, isn’t free: The desktop edition costs U.S. $2.50 per month, and the iOS version is priced at $.99 per recording.

Listening to audio content when on the road

Years ago, I did numerous drives alone between San Francisco and Seattle. Interstate 5 can get really boring over hours and hours of driving. My solution was an Audible.com subscription, which I’d had since the early 2000s. With little free time for actually reading a book, I now listen books while taking my daily dog walks.

Unfortunately, Audible is relatively expensive; my subscription costs $14.95 per month for one book. So when I saw a promo for Amazon’s Kindle Unlimited (more info), I decided to try it out. For $10 a month, the service lets you check out Kindle-based books from the Unlimited library of over a million publications (magazine, books, etc.). You can have up to 10 titles checked out at any one time.

Having subscriptions to both Audible and Kindle Unlimited might seem redundant, for numerous reasons. Both are owned by Amazon, and both offer a smaller selection of books in audio and text formats. For example, I can sit and read a few chapters on my tablet, then switch to listening on my phone while out with the dogs or on the road. (I maintain that listening to a book in the car is probably less distracting than trying to hold a conversation with a passenger.)

But there are some important differences between the two services. With Audible, you have actually bought a book — you own it and can re-read it as often as you like. If you cancel your subscription, you can still listen to books you’ve downloaded. You can also download a book to as many as four computers and download the Audible app to as many as ten mobile devices. (It’s not clear whether you can have the same book on ten tablets and smartphones.)

With Kindle Unlimited, you are renting the books. It’s like paying to use a classic library. If you cancel your subscription, you can access checked-out books only until your monthly subscription is up for renewal.

In one of those creepy/convenient features found in our connected world, Kindle keeps track of your reading. If I put down my tablet, I can pick my phone and continue from the same page.

I can’t say that one service is better than the other. Audible is listening focused and has a much better selection of books. Kindle Unlimited is less expensive if you do a lot of actual reading, but the selection is relatively limited, depending on topic. Fortunately for me, I like reading primarily history and science fiction, and Kindle Unlimited has an extensive offering of sci-fi titles. (I use Audible for history books.)

Setting up a personal and portable Wi-Fi network

I spend many weekends on my small, rural farm. It’s so rural that there are few options for Internet connections. Until recently, I used tethering on my phone to set up local Wi-Fi and connect tablets and other devices to the Net. But the process has always been a bit of a pain.w20161206-fn-velocity

So recently, I purchased a cellular-based, mobile-hotspot box from AT&T. The Velocity device shares my smartphone’s data plan (currently 6GB per month), at the cost of an additional $20 per month (two-year contract) to my cell-service bill. The local Wi-Fi network it creates supports up to 10 devices — in my case, two tablets and an Apple TV.

The box provides a better Wi-Fi signal than my tethered phone, and it can be left up and running as I come and go. It’s fully password protected, and a handy status screen gives a quick indication of your data-plan status. With multiple devices attached, you need to watch data consumption carefully. The device also has separate on/off switches for Wi-Fi and cellular connections to help prevent unintended data use.

Verizon, too, offers a mobile hot-spot device. According to its info page, the Jetpack supports up to 15 devices and costs $50. But you can also use it to give an emergency charge to your cellphone.

Digital security when away from home or office

There have been many stories on the dangers of connecting to public Wi-Fi hotspots. And those threats are real. Before heading out on your holiday travels, check that your digital devices are fully secured.

  • Whenever possible, check that your browser is connecting to a Web server with secure HTTPS. Note that on some sites, this can be confusing: you might get a security warning because some links on a webpage — for ads, images, etc. — are not using HTTPS.
  • Set up a Virtual Private Network service. VPNs add an additional layer of encryption and privacy. There are a few free services but paid services such as CyberGhost typically provide better performance.
  • Prepare your devices for travelOne key tip: Make sure all your devices are fully backed up before you leave.
  • Ensure that your portable PC is fully locked down.
  • Use your smartphone for online banking? It might well be that banking over a cellphone is more secure than using your PC. Banks have beefed up the security of their mobile apps, layering on encryption on top of the encrypted cell signal. The better banking apps also require two-factor sign in.

    Check your bank’s site for its mobile-security features and policies. US Bank, for example, offers an “Online Risk-Free Guarantee” (more info) for its mobile app. And as I discovered over Thanksgiving, some mobile apps make it easy to transfer money to traveling family members on a tight budget.

Our digital devices are essential for holiday travel. But while you’re visiting friends and family, take some time to put the devices away and have a real conversation!

Capen, Tracey. “Prepare Your Digital Devices for Holiday Travel.” Windows Secrets Dec. 2016.

 


If you have any questions or need assistance, one of our experienced professionals would be available to discuss your options or assist you in setting up a portable wi-fi network.

Give us a call at (732) 780-8615 or send us an email at support@trinityww.com to schedule a consultation.

Posted in: Mobile Computing, Tech Tips for Business Owners

Leave a Comment (0) →

Like-farming Facebook scams: Look before you “like”

If you’re a regular Facebfb-farmingook user, you’re pretty much guaranteed to run across lots of “like-farming” scammers – maybe without ever even realizing it.

At best, these like-farming pages clutter your friends’ feeds, crowding out content they actually want to see (and possibly making them annoyed with you, for drowning their feeds in such noise); at worst they put your personal information in the hands of unscrupulous marketers, or help spread dangerous computer viruses and other forms of malware.

But what is like-farming? Facebook policy forbids it, though of course scammers and con artists by definition tend not to follow the rules. Like-farmers start pages and fill them with content dedicated to collecting as many “likes” or “shares” as possible in the shortest amount of time.

Since Facebook’s algorithms place a high value on popularity (as measured by likes and shares), these highly liked and shared pages therefore have a much higher chance of appearing in people’s “Feeds” and being seen by other Facebook users.

Then, once the page has a sufficiently high popularity rating, the like-farmer either removes the page’s original content and replaces it with something else (usually malware or scam advertising); leaves the page as is and uses it as a platform for continued like-farming in order to spread malware, collect people’s marketing information or engage in other harmful activities; or outright sells the highly liked site to cybercriminals in a black market web forum.

Appeals to emotion

How do like-farmers lure people into liking or sharing their content? As with any scam, it appears in multiple forms.

Many like-farmers rely on appeals to emotion: anytime you’re urged to “like” or “share” a post that pulls at your heartstrings or pushes your buttons, there’s likely a like-farmer behind it. “This poor little girl with cancer lost her hair to chemotherapy — ‘like’ this post to let her know she’s still beautiful!” “This new government policy is outrageous — ‘like’ this post if you’re outraged, too!”

Confession: I fell for a couple such like-farming scams myself, back when I was still new to Facebook. And I didn’t even realize it until a couple weeks ago, when I went on a nostalgia-crawl though my old Facebook “activity log” and was appalled to see that back in 2010 or so, I’d allegedly “liked” a couple pages advertising some scammy pseudo-scientific quack medications.

But of course I never “liked” any such nonsense; I’d actually “liked” posts shared by various friends of mine – probably posts to the effect of “’Like’ to let this little bald girl know she’s beautiful!” or “’Like’ if you’re outraged by this new policy!” – and only later, after the page collected enough “likes” for a high Facebook popularity ranking, did the page owner scrub the original content and replace it with ads for scam products.

Valuable prizes

Not all like-farmers rely on appeals to emotion, though. Others will claim to offer valuable prizes to people who “like” or “share” a post; those posts you see promising the chance to win a free Macbook or latest-gen iPhone, free chain-store gift card or some other valuable freebie are pretty much guaranteed to be scams.

Last week, for example, the anti-scam website Hoax-Slayer issued an alert about a fraudulent Facebook page promising to give away 100 Macbook laptops: all you have to do is like and share the post, and specify whether you want a white or black one.

The “Fans of Mac” page has 22,925 “likes” in the screenshot Hoax-Slayer included in its alert; as of this writing, that number had grown to 25,660. The “About” section says that Fans of Mac is “Facebook’s LARGEST and most vibrant Apple community with worldwide fans! If you LOVE Apple … then join us today!”

Yet the page contains no posts from fans discussing the pros and cons of the latest Apple iThing, nor even links to media coverage of the latest iThings. There are, as of press time, only eight posts visible on the entire page, and every single post claims to offer valuable free iStuff to people who like and share it. A post from April 7 claims “We have got 100 boxes of Macbooks that can’t be sold because they have been unsealed. Therefore we are giving them away for free. Want one of them? Just Share this photo & Like our page.”

fans-of-mac_large

Even by the standards of fake-free-stuff postings that makes no sense: since when does Apple or any other tech company have the policy “If the packaging on our expensive new latest-gen products becomes ‘unsealed,’ those products cannot be sold or even destroyed; we’ll just give ’em away for free”? They don’t.

Unsurprisingly, if you scroll a bit further down the Fans of Mac page you’ll see the exact same post on Nov. 25, 2014: “We have got 100 boxes of Macbooks that can’t be sold because they have been unsealed. Therefore we are giving them away for free….”

No free iPhones

The first post on that page is dated Sept. 23, barely two weeks after Apple unveiled its then-new iPhone6, and it said: “We have got 10 boxes of iPhone 6’s [sic] that can’t be sold because they have been unsealed. Therefore we are giving them away for free.” (Coincidentally, Sept. 23 is also the day we here at ConsumerAffairs published an article headlined: “Watch out for these iPhone6 scams; nobody’s giving free phones away over Facebook or email, either.”)

Anytime you see a Facebook post offering free valuable items in exchange for “Likes” and “Shares,” you’re almost certain to find a similarly scammy Facebook page behind it.

Still other like-farming posts are high-tech variants of the old chain-letter scam, promising good though vague results if you forward the post. Just this week, one of my own Facebook “friends” shared a photo showing thick stacks of $20 and $100 bills, over a caption reading “Money will come to you sometime this month say Amen and Share” [sic]. As of this writing, that one single photo and caption has 14,441 “likes” and 284,926 “shares.”

Another insidious form of like-farming presents itself almost as a religious duty: “’Share’ this post if you’re willing to publicly proclaim that Jesus Christ is your Lord and Savior!” (Consider: even if you need to share your faith on Facebook — why would you need to “share” that particular post, rather than simply write your own announcement on your Wall?)

Just clickbait

A close cousin of like-farming might better be called “response farming,” or just clickbait: posts designed solely to elicit a response. It differs from like-farming in that like-farming is done by actual scammers, whereas response-farming is usually promoted by actual companies to increase their Facebook popularity rankings. Look at the promotional Facebook page of a typical genre-music FM radio station, for example, and you’re almost certain to see lots of response-farming memes.

One such meme that’s been around since at least early 2013 involves asking a ridiculously easy question, usually followed by commentary suggesting the question is actually quite difficult:

Can you name a band that

has no letter “T” anywhere

in their name?

This is harder than you

think!

Post your answers below,

and share with friends.

Most people think they can

do this but fail, can you do

it?

Or this:

Name a ‘FISH’

That does not

have the LETTER

‘A’ in it.

I bet you can’t 😉

Some of these non-challenging intelligence tests came from like-farmers, but most were local-radio or business clickbait — still driving up like-counts and cluttering your friends’ Facebook feeds, but at least they won’t likely spread malware or put money in a scammer’s pockets the way like-farming pages do.

If you’re going through your own old Facebook archives and discover you’ve “liked” a scammy page you don’t recognize, you can send Facebook a scam report for that page, and then click the “unlike” button to remove your own name from it.

Abel, By Jennifer. “Like-farming Facebook Scams: Look before You.”ConsumerAffairs. ConsumerAffairs, July 2016. Web. Oct. 2016.


Like- farming, phishing, spearfishing, socially engineered email and links are designed to get your employees to open the door to malicious attacks, and they appear in various ways. We believe that the best approach is to take a defensive stance by arming your staff with the most updated information.  And since we believe that knowledge is power, we have put together a presentation to explain the many deceptive tricks of hackers, as well as the most common mistakes made by end users. We also have a method to reinforce training by creating a phishing scheme which will test who will “take the bait”.

Give us a call at (732) 780-8615 or send us an email at support@trinityww.com to set up an appointment for a security consultation.

Posted in: Mobile Computing, Security, Social Media Marketing

Leave a Comment (0) →

How to protect your Apple ID with Two-Factor Authentication

ios-9-two-factor-authenticationTwo-Factor Authentication strengthens the security of your Apple ID by preventing anyone from accessing or using it, even if they know your password. With Two-Factor Authentication, one of your trusted devices generates a one-time code when you make a purchase or sign in to your Apple ID, iCloud, iCloud.com, iMessage, FaceTime or Game Center account on a new device. Two-Factor Authentication is also required for Auto Unlock so you can unlock your Mac by wearing an Apple Watch.

In this tutorial we’ll show you how to protect your Apple ID with Two-Factor Authentication or, if you’re still using the older and less secure Two-Step Verification, upgrade to Two-Factor Authentication.

Two-Factor Authentication vs. Two-Step Verification

Two-Factor Authentication is the preferred protection system for Apple IDs.

It replaces Two-Step Verification and is more secure because it’s integrated deeply into the bowels of iOS and macOS. The older, less reliable Two-Step Verification system relies on different methods to trust devices and deliver verification codes.

With Two-Factor Authentication enabled, a six-digit code is required to verify your identity using one of your devices or another approved method before you can:

  • Sign in to your Apple ID account page on the web
  • Sign in to iCloud on a new device
  • Sing in at iCloud.com in a web browser
  • Sign in to iMessage, Game Center or FaceTime or a new device
  • Make an iTunes, iBooks or App Store purchase from a new device
  • Get Apple ID related support from Apple

See Apple’s support document for more information about Two-Factor Authentication, including an up-to-date list of countries where this feature is available.

System requirements for Two-Factor Authentication

In order to use Two-Factor Authentication, you must own one of the following devices:

  • iPhone, iPad or iPod touch with iOS 9 or later
  • Mac with OS X El Capitan or later and iTunes 12.3 or newer
  • Apple Watch with watchOS 2 and up
  • Windows PC with iCloud for Windows v5.0 or later and iTunes 12.3.3 and up

Logging into your Apple ID on a device that has software earlier than specified above may yield a message saying Two-Factor Authentication is unavailable so make sure your gadgets meet the requirements and run the latest software.

Protecting Apple ID with Two-Factor Authentication

If your Apple ID is protected with the older Two-Step Verification method, you must first disable it before you can opt in to Two-Factor Authentication, Unfortunately, Apple does not provide a direct upgrade path for Two-Factor Authentication.

If you already use the newer Two-Step Verification system, skip this section and proceed with the steps outlined in the section titled “Enabling Two-Factor Authentication”.

Disabling Two-Step Verification

1) Sign in to your Apple ID account page using a desktop web browser.

2) Click Edit under the Security heading.

3) Click Turn Off Two-Step Verification, then create three new security questions and verify your birth date and phone number when asked.

apple-id-1

You will receive an email from Apple confirming that Two-Step Verification for your Apple ID account has been turned off and the Apple ID account page will reflect the change.

apple-id-2

You can now protect your Apple ID with Two-Factor Authentication.

Enabling Two-Factor Authentication

1) Go to System Preferences → iCloud → Account Details → Security on your Mac. Alternatively, open Settings → iCloud → your Apple ID → Password & Security on your iPhone, iPad or iPod touch.

2) Click Set Up Two-Factor Authentication and follow the onscreen instructions.

apple-id-3

You must provide three security questions and answers, verify your birth date, add a rescue email and verify a mobile phone number where Apple will send you verification codes when your trusted devices are unavailable.

If you see a message that some of your devices are incompatible with Two-Factor Authentication, hit Turn On Anyway to continue. Enrolling in Two-Factor Authentication will replace your iCloud Security Code with your device passcode.

To enable Two-Factor Authentication on the web: log into the Apple ID account page, clickEdit under the Security heading, hit the link “Get Started…” below the Two-Step Verification heading and follow the onscreen instructions.

apple-id-4

The Apple ID account page lists under the Trusted Devices heading all your Apple devices which are capable of generating Two-Factor Authentication codes. Any iOS device with Find My iPhone enabled can generate these codes.

Now all that’s left for you to do is double-check that Two-Factor Authentication has really been enabled by following the instructions below.

Verifying that Two-Factor Verification is enabled

To double check that you’re using Two-Factor Authentication or that you’ve successfully upgraded your Apple ID from the older Two-Step Authentication system to the more secure Two-Factor Verification, do the following:

1) On your Mac, open System Preferences → iCloud, click the Account Details button, then click the Security tab and make sure Two-Factor Authentication is on.

apple-id-5

2) On your iPhone, iPad or iPod touch, go to Settings → iCloud, tap your name to reveal account details, then tap Password and Security and make sure that Two-Factor Authentication is on.

apple-id-6

3) If you own an Apple Watch, open the companion Watch app, go to My Watch → General → Apple ID and verify your Apple ID is showing.apple-id-watch-7

That’s it, your Apple ID account is now protected with Two-Step Verification.

How to use Two-Factor Authentication

With Two-Factor Authentication enabled, you’ll verify your identity by entering both your Apple ID password and a six-digit verification code any time you sign in to the Apple ID page or iCloud.com, make an iTunes, iBooks or App Store purchase from a new device or sign in to iMessage, FaceTime or Game Center on a new device.

apple-id-8

A prompt that goes up on your trusted devices includes a mini-map showing you where the sign-in attempt is coming from. Tap Allow to get a one-time six-digit verification code that you must type into your other device to verify the login attempt.

How to manually generate Two-Factor Authentication codes

You can also manually generate a verification code at any time:

On your iOS device, go to Settings → iCloud, tap on your account name at the top, then hit Password & Security and select Get Verification Code.

apple-id-9

On your Mac, click the Account Details button in System Preferences → iCloud, then click the button labeled Get A Verification Code found under the Security tab.

apple-id-10

Now enter your six-digit verification code into your other device to sign in.

With Two-Step Verification enabled, your Apple ID account will be more secure than ever and you will be able to use advanced features like Auto Unlock in macOS Sierra and watch OS 3 which lets you get into your Mac simply by wearing an authenticated watch.

Zibreg, Christian. “How to Protect Your Apple ID with Two-Factor Authentication.” Mid Atlantic Consulting Blog. idownload Blog, 21 Sept. 2016. Web.


Although the above article pertains to Apple ID, you can add this higher level of security to just about any of your accounts and/or devices.  One thing to realize is that two-factor authentication (2FA) is not a new solution and over the years many different 2FA options have developed. We know that narrowing down your options can be an overwhelming task, so we have done that part for you. We have a few solutions to the problem and will work with you to find the right one to suit your particular needs.

One of our experienced professionals would be a happy to discuss the best options for you and your organization.

Give us a call at (732) 780-8615 or send us an email at support@trinityww.com to schedule a consultation.

Posted in: IT Support, Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (0) →

10 mobile security myths that need debunking

smartphone securityMobile devices have introduced plenty of legitimate concerns, but there are some misconceptions floating around that may lead companies to focus on the wrong issues–or to ignore the real risks.

Securing mobile devices is a continuing challenge for enterprises as they deploy more mobile applications. In some cases, security risks are overblown; in others, they are underestimated. What myths about mobile security should IT security managers be aware of?

1: Mobile devices don’t need encryption

A surprising number of companies don’t implement data encryption on mobile devices. If these devices are being used as thin clients only, with enterprise data being stored in the cloud, there is less need for encryption. However, more and more mobile devices store contacts lists, photos, price lists, sales notes, and other sensitive information. The localized storage enables field-based personnel to keep working even if the cloud becomes unavailable. For these reasons alone, encryption should more widely considered.

2: Wearables don’t need to have security practices applied

Wearable devices are just beginning to make an entry into enterprises. In early applications, they are used for things like capturing photos of crime scenes in police work and photos of equipment in the field that needs repair and must be referred to an internal company expert. However, less than 60% of these devices are secured, according to a recent Tech Pro Research mobile security report. As more of these devices are dispensed for field operations, IT might need to rethink this.

3: It’s okay to skip mobile security evaluations in IT audits

When it comes to mobile devices, organizations tend to focus their mobile security audits on the network and its centralized monitoring and downloads to these devices. They should also focus security audits on employee mobile device practices in the field and on the security measures that are resident on devices themselves.

4: Mobile devices are inherently less secure than desktop devices

Mobile device security doesn’t have to be less robust than the security found on desktops. In some cases (such as the ability to track and shut down mobile devices remotely), mobile devices might even be more secure. Mobile devices also have small data footprints, using the cloud to store data, so they are unlike “fat client” laptop counterparts that have hard drives full of data. As a result, less data may be exposed to security breaches on mobile devices.

5: BYOD devices promote lax security practices

This isn’t necessarily the case. If IT has firm guidelines for qualifying which mobile devices will be accepted in its BYOD program, coupled with usage practices and IT security practices that are uniformly enabled, monitored, and administered on these devices, BYOD can be just as secure as enterprise-issued mobile devices.

6: Mobile devices have more security software vulnerabilities

Mobile devices do not have any more software security vulnerabilities than desktop computers. The difference is that mobile devices are in the field, so IT has to enact a centralized method of delivering new security and software patches down to these devices from the network as soon as patches are available.

7: Mobile devices don’t need two-factor authentication

Mobile devices are prone to being misplaced or lost, so the additional security sign-in code that goes beyond just user ID and password can help to secure them. It’s advisable for all mobile devices to use two-factor authentication, which require a secret signing code (e.g., where you went to high school) as well as a user ID and password for access.

8: Laptops are less vulnerable to security breaches than tablets and mobiles

Laptops and desktops in the office aren’t necessarily more secure than mobile devices. A primary reason is that many laptops and desktops still contain resident hard drives that store sensitive data. This creates greater risk that data can be stolen, comprised, or shared with unauthorized users.

9: Desktop PCs and laptops don’t get lost

Laptops and desktops do get lost, although not at the same rates as mobile devices. Even five years ago, lost laptops were costing organizations $18 billion annually—and the problem still exists today. IT should track this equipment with asset management software and other measures, in the same way it tracks lost or misplaced mobile devices.

10: Public app stores are safe

Smaller companies lacking their own network infrastructures for downloads will sometimes use public app stores to effect these downloads to their users—and in many cases, companies of all sizes will use public app stores to download handy applications to their end customers. These app stores have taken numerous precautions to ensure that downloads are safe and secure—but it doesn’t mean that they don’t experience security breaches, malware threats, and hacks. The best policy (especially for internal application downloads) is to create your own download procedures that your network administrator directly oversees.

Shacklett, Mary. TechRepublic, “10 mobile security myths that need debunking” July 2016

Posted in: Mobile Computing, Security

Leave a Comment (0) →

Tips for getting more from Dropbox cloud storage

Although there are many good cloud-storage services to choose from, I continue to mostly use Dropbox, primarily for its flexibility and level of cross-platform support.

dropboxHere are some tricks and tips for getting the most out of the service.

Using selective synching to manage local storage

I have a paid 1TB Dropbox account that I mostly use so store over 600MB of digital photos. The service lets me view, edit, and otherwise manage those images on a desktop PC, notebook, tablet, and even my smartphone. But only the desktop has sufficient storage for the entire collection of images. I keep subsets of the images on the other devices.

For example, I keep only recent photos on my notebook, where I can do an initial cut and also process them in Adobe Lightroom (site).

About six months to a year after an image is created, I move it to an “Archives” folder, which shows up only on the desktop system.

I use Dropbox’s Selective sync feature to create and manage what’s stored locally on each device. (I keep a small subset of “favorite” images on my tablet and phone.) Unfortunately, Dropbox doesn’t make accessing Selective sync especially easy. To do so, you must right-click the Dropbox icon in the taskbar and select the gear icon in the upper-right corner of the status box. Next, click Preferences/Account/Selective Sync.

The Selective sync dialog box will display a list of all folders in your Dropbox account. (You can’t selectively synch individual files.) On each device, you put a checkmark next to the folders that you want on both the local Dropbox folder and in the cloud, as shown in Figure 1.

Dropbox article figure 1

Figure 1. Dropbox’s Selective Sync tool lets you control which files are stored locally on various devices.

(Note: Microsoft’s OneDrive also supports selective synching. Right-click the OneDrive folder in Explorer and click “Choose OneDrive folder to sync.”)

The quirks of selective synching is changing and/or moving a locally synched subfolder to cloud only. Unchecking a folder in the Selective sync manager deletes the folder and its contents from the local drive but not from the cloud or other devices. But on my notebook, to move a subfolder of images from the local “Recent” to the unsynched “Archives,” I must do so either online or on the desktop, which contains all my Dropbox files. (Perhaps I need to reconsider my image-organization thinking.) Fortunately, Dropbox is working on a fix for that problem; more on that below.)

Tip: Use Dropbox and Selective Sync to easily share and manage a collection of favorite background images across multiple devices.

Add a Dropbox icon to your Gmail account

If you’re a Chrome and Gmail user, install the Dropbox for Gmail add-on (site); it’ll place a Dropbox icon at the bottom of the message-entry box. When you create, forward, or reply to an email, clicking the Dropbox icon (Figure 2) opens the online version of the service. You can then attach a file stored either locally or in the cloud.

Dropbox article figure 2

Figure 2. The Dropbox add-on for Gmail and Chrome

So far as I know, there are not equivalent add-ons for Outlook.com or other email systems. There are, however, third-party helper apps for Dropbox, many of them email and sharing related. An online search will turn up dozens.

Double-up your Dropbox sign-in security

If you maintain sensitive information in your Dropbox account, you can improve its safety with two-step sign-in verification. To set it up, open your Dropbox account online and click your name in the upper-right corner of the window. Click Settings/Security and then look for the “Two-step verification” section. Select the “click to enable” link and follow the prompts (see Figure 3).

Dropbox article figure 3

Figure 3. Keep others out of your Dropbox account with two-step sign-in verification.

To add additional protection to the cloud-stored data, download and install an encryption app such as BoxCryptor (site), which also supports Box, Google Drive, and OneDrive. A limited version is free; if you want to protect multiple devices and cloud-storage services, BoxCryptor starts at U.S. $48 per year. For a quick review of the app, see the Feb. 18 On Security story, “Encrypted backup kicks ransomware to the curb.”

And for other ways to encrypt files stored in the cloud, see the Dec. 12 Top Story, “Pre-encryption makes cloud-based storage safer.”

Recover previous versions of a file

I use a number of templates to produce articles. But I have a bad habit of not saving the template under another name before I add text and make changes. So about once or twice a week, I use Dropbox to recover the original “clean” copy of a file.

The process is quite easy; simply right click a file in the local Dropbox folder and select “View previous version.” That will open the online version of the service in a browser with a list of recent versions. On personal accounts, previous versions are saved for up to 30 days.

Also keep in mind that the online version of Dropbox can also restore deleted files, which, again, are retained for up to 30 days. Note that deleting a shared folder removes it from your account, but it remains on other shared accounts. (Tip: According to a Dropbox Help Center page, you might also find lost files in the local Dropbox cache file. Look for the section titled “Restoring a missing file from cache.”)

Manage your Office-file collaboration

If you’ve recently opened an Office document stored in Dropbox, you might have tripped over the Dropbox Badge. It appears on the right border of the open document. Clicking the badge gives you quick access to sharing options and the file’s version history.

I find the badge annoying because I rarely share my Office-based docs. Fortunately, there’s a way to manage or disable this feature. Click the badge icon and select the Preferences link. That will open your Dropbox preferences dialog box. In the General section, look for the Dropbox Badge drop-down menu. Your options are ”Always show” (the default, naturally), “If others present,” and “Never show.”

Future Dropbox: Paper and Project Infinite

It’s hard to know where Dropbox is going with its beta Paper (Figure 4) — and extremely simple text editor that lives within the online version of the service. You can use it to create quick notes or paste images and simple text. You can’t, on the other hand, drag and drop formatted files such as a Word document. But you can clip and paste information from open documents and websites. For more on Paper, check out the YouTube video “Welcome to Dropbox Paper”.

Dropbox article figure 4

Figure 4. Dropbox Paper lets you create simple documents using any browser and your Dropbox account.

This past April 26, a DropboxBusiness Blog post announced its Project Infinite initiative. The concept is one Microsoft put into OneDrive — and then removed. The new Dropbox technology allows for virtual files and folders on digital devices. In essence, it lets you see all data stored on Dropbox, but keep only a selected set of physical files locally.

Think of this as an extension of selective synching. With the new feature, you could apply selective synching to specific folders and still see the files stored in the cloud in your local Windows/File Explorer. Clicking a virtual file should take you online, where you can view and open the file as needed.

Given the current limitations with selective synching, I’m eagerly waiting for Project Infinite to go live. Where is it Dropbox? Also, the original post is in the DropboxBusiness blog. If the new feature is not included with personal accounts, I’ll be extremely disappointed.

Capen, Tracey. Windows Secrets, “Tips for getting more from Dropbox cloud storageJuly 2016

Posted in: Cloud Computing, Mobile Computing, Tech Tips for Business Owners

Leave a Comment (0) →

Update your Apple devices now to fix a terrifying security bug

apple 2

There are gaping security holes in Apple’s operating systems that can be exploited through its default messaging, web browsing, or email software. For instance, hackers could grab your passwords just by sending you an infected iMessage—and all they’d need is your phone number.

The security gaps were discovered by Tyler Bohan, a researcher with Cisco Talos, a unit of Cisco that works on security. Forbes was the first to report on the findings. The hacks strike at the heart of Apple’s mobile and desktop operating systems, exploiting the way they deal with importing and exporting images.

Here’s how the attack works: A hacker creates malware that’s formatted as a TIFF file, which is just another image format like JPG or GIF. The hacker then sends it to a target using iMessage. This is especially effective because the messaging app automatically renders images on its default settings.

Once the infected file is received, malicious code can be executed on the target device, giving an attacker access to the device’s memory and stored passwords. The victim wouldn’t even have had a chance to prevent it. The same attack can be delivered by email, or by making the user visit a website that contains the infected image, using Apple’s Safari browser.

It gets worse. Bohan found that the security hole is present in all versions of iOS and OS X except for the very latest ones, which were published on July 18. Bohan had shared his discoveries with Apple ahead of time, and the latest versions of its OS address the vulnerabilities. That means the safe version of iOS is 9.3.3 and for OS X it’s El Capitan 10.11.6.

There’s another quick fix, as security research firm Sophos points out: Turn off iMessage on your iPhone, and also disable MMS messaging. This means you’ll be limited to receiving text messages only. Image files won’t be received.

The scale of the vulnerability is staggering. According to Apple, about 14% of iOS devices run iOS 8 or earlier. There are over 690 million active iOS devices, according to one estimate, which means at least 97 million devices running Apple’s mobile operating system are vulnerable to the hack. That’s not even accounting for the mobile devices that aren’t running the absolutely newest version of iOS 9, or Macs that aren’t up to date. Apple has said it has over 1 billion active devices worldwide, but doesn’t break down that figure in detail.

This Apple security problem has been likened to a flaw in Android, Google’s mobile operating system, called Stagefright that was discovered last year. That security hole also relied on texting infected images, and some 950 million Android devices were exposed. It was discovered by a researcher at Zimperium zLabs in April 2015 who shared his findings with Google, which then issued an update fixing the problems.

Wong, Joon Ian.  Quartz – Quick Fix “Update Your Apple Devices now to fix a Terrifying Security bug”, July 2016

Posted in: Computer Maintenance, Mobile Computing, Security, Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 3 123