Category Archives: AVG

AVG

AVG

Three reasons to be excited about: drones

Much like selfies, drones have a love/hate status with the public. On one hand, they are fun and useful tool for hobbyists and scientists but their popularity has been hampered by privacy and security concerns.

Several large scale public events such as the Super Bowl have announced they are “No Drone Zones” and the reasons are certainly understandable. The highly affordable nature of drones and their ability to carry a payload (either a camera or something more nefarious) can be a major security concern for officials.

While authorities and companies grapple with the complexities of bringing drone services to the market and how to legislate them, it leaves us some time to contemplate the exciting ways that drones could be used in the future.

 

Transport:

Just this week a Canadian broke the Guinness World Record for the longest hover-board flight standing on a large drone.

Video

World Record Hover Board Attempt

While this is still some way away from being a viable transport alternative, the proof of concept shows that humans, as much as anything else, can be viable cargo for drones.

As we continue to look for viable and more environmentally friendly personalized transport, drones could well hint at a solution.

 

Conservation:

One of the most inspiring use for drones that I’ve seen in recent months is the Air Shepherd project in Africa where rangers are using drones to help combat poaching of big game animals such as rhinos and elephants.

Faced with a limited budget and vast swathes of land to protect, drones have become a vital tool to help conservationists patrol boundaries, track animals and crack down on illegal hunting and poaching even at night.

Video

Air Shepherd Project

 

Business:

Companies like Amazon have brought drone delivery into the public conscience and it’s easy to see why they are keen to get the service off the ground. Using drones to deliver goods and services to clients brings a whole raft of new opportunities for businesses and a new world of convenience for purchasers.

Video

Amazon Prime Air

The idea that within moments of placing an order online, whether for a tin of paint or for a pizza, a drone will be sent directly to your exact location carrying your order is nothing short of incredible.

The days of having to stay home to take a delivery look numbered and very soon anything we could need will be just a click away from flying directly to us.

 

What are the uses for drones that most excite you? Let me know on Twitter or on Facebook.

 

Title image courtest of The Volt Report

AVG

Android’s factory reset may leave data behind

We’ve given tips in the past about what you could do with an older smartphone, and a few of those involved donating it to charity or selling it. A vital step before doing either of these is to perform a factory reset to clear out your data. New research has emerged that says that a factory reset may not be enough to keep your data safe from some more advanced data retrieval techniques.

Researchers at Cambridge University have just released a study outlining several flaws in the way most Android handsets handle factory resets. The issue arises from the way devices store information on flash memory. Reading data has a negligible impact on flash drives, but writing new data to them can cause considerable wear.

To prolong the drive’s health, instead of deleting content directly (“writing off” the data), flash drives will instead designate memory blocks where the data resided as “logically deleted”–meaning they are available to be overwritten.

So when you perform a factory reset, those “logically deleted” content blocks aren’t being overwritten, as they are already considered “empty” by the system. Given enough time and the right tools, the researchers were able to retrieve personal data such as photos and chat logs. They were also able to retrieve the master tokens for automatically signing in to Gmail and other Google apps as well as Facebook apps an alarming 80% of the time.

 

How to protect your data

If you are looking to sell or donate your phone, there are a few things you can do  to help keep your data private. We suggest you do all of these steps:

 

Encrypt your phone before factory resetting your data.

Devices running Android 3+ or above all allow you to encrypt your phone. The option can generally be found in the settings under the Security tab. Encrypting your phone before the reset ensures that any data that survives the factory reset has to be decrypted.

The Cambridge researchers were able to retrieve some encrypted data and run brute strength attacks until they found the right passwords. So make sure you create a long password of over 15 characters, using upper and lower cases, numbers and symbols: a longer, more complex password would take years to crack. Ideally, use a password generator: you don’t have to remember this password, since you’re “erasing this data”. Now complete the factory reset.

 

Remove your device from your Google account

From a browser on a new device, go to myaccount.google.com. Under Sign-in & Security you’ll find the Device activity & notifications section, which allows you to review all the devices currently connected to your account.

Device Activity

Select your old device, and Remove it. This will prevent any automatic sign-ins from your old device.

Remove device

 

Change your account passwords

Changing passwords regularly is simply good digital hygiene, so it makes a lot of sense to change your passwords when changing devices. Even if a hacker were to somehow retrieve your passwords to your Facebook or Google accounts after the factory reset, they would no longer work.

 

Though the risks of your data being exploited this way are relatively low, it pays to take extra precautions. With these three steps, you should be reasonably secure from even a determined criminal.

As always, stay safe out there!

 

AVG

No such thing as a free lunch, but there is ‘free coffee’ at Starbucks

Have you added up your spending on Starbucks coffee lately?  If like me you grab a coffee five days a week at $3.65 then you have an annual bill of just under $1000. When I saw that a hacker had found a way to get unlimited free coffee it caught my interest, especially see that there have been a number of Starbucks related issues over the last 12 months.

Egor Homakov’s hack is more a logic mistake or bug than a hack, you can read his blog on how he did it in detail here. He started by purchasing three gift cards with a value of $5, the type anyone can purchase over the register.

Registering the cards online at starbucks.com then allows you to move money between cards and top them up as necessary. Homakov then started sending requests to move the cash between the cards using 2 different browsers at the same time. Doing this, he managed to break the logic and transfer the same $5 from card A to card B twice confusing the Starbucks system and gaining $5 in the process, thus making himself an extra $5.

This was possible thanks to what is known as a Race Condition in the way the transaction is processed.  It takes place in two steps, the request and the acknowledgement.

In theory, this exploit could be run indefinitely to generate an unlimited amount of funds on a gift card.

Homakov did not do this though, after gaining the extra cash he tested the cards in a store purchasing coffee and a sandwich at a total of $16.70, proving he had more than he started with but limiting the loss to Starbucks to just $1.70.

Receipt

Image courtesy of sakurity.com

As a responsible security expert he contacted Starbucks through their support system on March 23 and did not receive a response until April 29, and the bug has now been closed.

There seems to be a pattern of hacks and bugs at Starbucks, just a few weeks ago there was another issue with gift cards and the transfer of funds linked to bank account, see the analysis here. And last year there was an issue that passwords on the Starbucks app for iOS were being held in clear text, this one had a similar experience with Starbucks taking time to answer the disclosure from the expert, see the article here.

Starbucks mentioned the word ‘fraud’ when talking with Homakov rather than understanding that a responsible expert may have just saved them millions of pounds and saying thank you.

Personally I think he should be rewarded with at least a years free coffee, at $1000 it would seem a small price to pay.

You can follow me on Twitter @TonyatAVG

 

 

 

 

AVG

Smart Gift Ideas for Grads

A newly released annual Graduation Spending survey by the National Retail Federation (NRF) found the majority of us will give money, with more than 50% giving cash and another 30% presenting gift cards as their graduation gift.  Cash and gift cards are especially popular in gifting for people between ages 45-54, who also likely to give/spend more, according to the NRF Survey.

The NRF found, on average, people will spend $102.50 for two grad gifts. More than 10% will buy electronics as a grad gift.  And, not surprising, the tech purchasing is trending up from last year, when only 8% bought something tech related.

So what are the best tech gifts for grads?

Recent research indicates that laptops remain among the most popular and practical gifts, especially for high school grads heading off to college. A survey of high school grads, conducted by Impulse Research in 2014 found the majority of students (65 percent) felt a laptop was among the greatest gifts. And, of course, their price point is much more affordable these days.

I suspect smartphones and tablets are not far behind laptops and rising in popularity in terms of your high school grads’ desires – if your grad doesn’t already have a smartphone. (According to comScore, as of December 2014, north of 86% of 13- to 25-year-olds are smartphone owners.) It’s a particularly great gift coming from Mom or Dad, or Grandparents.

 

CNet has done its expert comparison of the latest in smartphone options, as well as host of other popular smart tech gifts for grads. Among the other top categories on a multitude of grad gift guide lists this year are:

  • Apple Watch, no doubt, is driving this category’s interest.
  • Digital cameras. Smartphones have become the primary imaging device for people of all ages, but YouTube video creation is driving high interest is in GoPro.
  • Headphones and Bluetooth wireless speakers. Fueled by brands like Beats and Jawbone, this is a growing category in the consumer electronics industry.
  • Digital TV streaming devices, channel apps and services. Who wouldn’t appreciate a gift of Hulu, Netflix and Amazon Fire TV or Google Chromecast.

Many of the tech gifts listed above skew in appeal toward men 18-34, but not all. Consumer research consistently reveals that women not only use technology, they are early adopters and buy more than men in certain cases – especially when it comes to social media.

So what’s a good tech-oriented gift for the women grads in your life?

At the top of my list for the young women I know is Sheryl Sandberg’s book Lean In for Graduates.  Her original and inspirational Lean In book has been expanded and updated with six additional chapters offering advice on finding and getting the most out of a first job; résumé writing; best interviewing practices; salary negotiating, and more – including leaning in for millennial men.

As for me personally, I have always believed cash to be a safe gift, especially for grads I didn’t know very well. Though, I admit, giving cash is not nearly as satisfying as picking out a thoughtful gift you know the recipient wants. But the latter point is key…

According to a Stanford research study conducted in 2011, gift recipients also more appreciative of gifts they explicitly request than those they do not. The research revealed that recipients appreciated receiving items from their wish list and perceived the requested items to be more thoughtful and considerate. Though the research found the opposite perception among gift givers, who assume that both solicited and unsolicited gifts will be equally appreciated. Likewise, contrary to gift givers’ perception, the research study showed recipients appreciate receiving money much more than receiving an unsolicited gift.

So, perhaps, the best and most thoughtful plan is to ask your grad, in advance, what’s on their wish list— if you don’t already know. That’s what I intend to do…

Happy graduation to all of those who are celebrating this milestone of new beginnings in 2015!

Title image courtesy of collegelife.about.com

AVG

Fake IRS claims: What happens when data falls into the wrong hands

Over the past 18 months we have witnessed monumental data breaches affecting tens of millions of users. As consumers though, do we worry about what happens to our leaked data?  Are attackers aggregating it with other sources, are they applying for credit in my name or even using medical services?

We should be concerned and the latest disclosure from the I.R.S. demonstrates what can be done when  attackers gain access to our valuable personal information. Using Social Security numbers, dates of birth, home addresses and other personal information, cyber criminals have accessed over 100,000 past tax returns.

Once they have the past return, they can file a new return with new data including the refund destination account. As a result, the IRS issued $50 million in refunds before detecting the intrusion method.

Fraudulent tax claims are nothing new to the I.R.S. In 2013 the agency paid out a massive $5.8 billion in falsely claimed refunds. IRS spokesperson, John Koskinen, said “These are extremely sophisticated criminals with access to a tremendous amount of data.”

Cyber criminals have amassed a huge amount of data through the many data breaches but also through our own propensity to share our data without due consideration. The IRS has successfully put a stop to this particular form of attack, but  with so much data available, it’s only a matter of time before the bad guys work out another way to make fraudulent use of it.

 

What can you do to protect against identity theft?

Avoid Cold Calls: If you don’t know the person calling then do not hand over payment or personal details. If in doubt, hang up and call the organization directly to establish you are talking to legitimate operators.

Set privacy Settings: Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.

Destroy documents: Make sure you shred documents before disposing of them as they can contain a lot of personal information.

Check statements and correspondence: Receipts for transactions that you don’t recognize could show up in your mail.

Use strong passwords and two factor authentication: See my previous blog post on this, complex passwords can be remembered simply!

Check that sites are secure: When you are sending personal data online, check that the site is secure – there should be a padlock in the address or status bar or the address should have a ‘https’ at the start. The ‘s’ stands for secure.

Updated security software: Always have updated antivirus software as it will block access to many phishing sites that will ask you for your personal data.

 

If you believe that you have been affected by a data breach, be sure to take out any identity protection service offered to you as compensation. These services scour the Internet looking for your data being misused or sold.

 

You can follow me on twitter @tonyatavg

 Title image courtesy of dineshdsouza

 

 

 

AVG

The New AVG Business Center of Excellence in Ottawa

It seems appropriate that in the year when Ottawa is host to the International Symposium on Integrated Network Management, AVG Business also chooses the city to be home to its new, state-of-the-art, global center of excellence for small-to-medium business IT management.

Our AVG Business unit has grown tremendously over the last year and we’ve evolved into a focused organization designed and dedicated to the success of our Partners. To accomplish this we need to continue to develop and improve the tools and solutions we already provide; listen and anticipating your technology needs and respond with solutions; and be proactive in our support of your efforts.

Reception

This year we’ve already released significant updates to Managed Workplace and CloudCare, introduced new Secure Sign On and Backup and Disaster Recovery solutions and are preparing to introduce the 2016 update to our Business AntiVirus and Internet Security products.  At the same time we realize we can improve our development and support efforts. After critically reviewing our teams, talent and the ability to support Partners around the world, we chose Ottawa our center of excellence for Managed Workplace and have brought together our experts in support, engineering, sales and product management and marketing together for the first time.

Flowers

As we join the over 1800 technology companies that have made this historic and cultural city a global technology center, we look forward to supporting your continued growth and association with AVG Business.

AVG

Is your “secret answer” hard to guess?

When it comes to recovering our account details, we are all familiar with questions such as “what is the name of your favorite sports team” or “what city were you born in”. Know the answer to this question and you’re well on your way to resetting a password and getting back into your account.

However, Google has just released a paper documenting its findings after analyzing the strength of hundreds of millions of secret questions and answers.

The findings led the search giant to conclude that secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism. That’s because they suffer from a fundamental flaw: their answers are either somewhat secure or easy to remember—but rarely both.”

The most obvious example of a weak secret question in action was the answer to “what is your favorite food”, giving hackers a 19.7% chance of cracking it in a single guess among English-speaking users.

On the other hand, just as with passwords, secure answers to secret questions are often very difficult to remember. One example of a strong secret answer was “what is your frequent flyer number” but that only had a recall rate of 22%.

So if easy to remember answers are too simple and secure answers are too difficult to remember, what should we do?

The most important recommendation that Google provided to adding extra security to the account recovery process was to add an SMS or secondary email address. Just like adding two-factor authentication for a password, including one of these two extra steps will help dramatically reduce the risk that an attacker could maliciously recover your account details.

For more information on Google’s report check out the infographic below:

Google Secret Answer Infographic

 

 

 

 

 

AVG

Dating, Chatting and the Weather: Are These the World’s Greediest Smartphone Apps?

AMSTERDAM – May 18, 2015 – AVG Technologies, N.V. (NYSE: AVG), the online security company™ for 200 million active users, releases today its latest app performance report for January to March 2015. During the first three months of the year, AVG tracked a surge in dating and chatting apps including POF Free Dating, WeChat and ooVoo Video Call in the top social installs, top battery drainers and top data plan consumption lists. In addition, no less than four weather apps, such as Yahoo Weather and Weather Channel, also appeared for the first time, making the top 10 list of Android apps most likely to burn through your data allowance, while Weather & Clock Widget Android also appeared in the top battery drainers table.

The top findings from the report are:

  • Casino games topped the charts for most overall time spent per app: This quarter saw a massive spike in time spent on Card and Casino games as well as blockbuster Arcade games, with the likes of Solitaire and Zynga’s Livepoker entering the charts. On the flip side, we spent far less time playing casual, strategy, puzzle or family games.
  • Dating app enters Top 10 installed social apps: With Valentine’s Day falling within this quarter, it’s no surprise a free dating app, POF Free Dating, entered the Top 10 most installed apps.
  • Chat apps are still the greediest apps: Mirroring previous reports, social media and chat apps continue to rank as the greediest Android apps, with Facebook, BBM, Instagram, Facebook Messenger and WeChat accounting for five of the top six most resource-hungry ‘auto-running’ apps.

 

With the host of new apps entering the charts for popularity and impact on our smartphones, AVG broke down the top 10 overall impact findings to identify impact differences between apps which require the user to initiate them and apps that auto-run all the time.

 

Autorun                                   User Run

# Name # Name
1 Facebook 1 Spotify Music
2 BBM 2 Amazon Kindle
3 8 Ball Pool 3 LINE: Free Calls & Messages
4 Instagram 4 Samsung WatchON (Video)
5 Messenger 5 Snapchat
6 WeChat 6 Netflix
7 Facebook Pages Manager 7 SoundCloud – Music & Audio
8 ooVoo Video Call Text & Voice 8 Clean Master (Speed Booster)
9 KakaoTalk: Free Calls & Text 9 Tumblr
10 Vine 10 PicsArt Photo Studio

 

  • Silent smartphone sapping apps: Facebook kept its top slot in the list for apps that drain phone resources, but a more surprising entrant was the 2D game, 8 Ball Pool, which wouldn’t seem necessary to register as a startup app and run constantly in the background.
  • Start up and drain down: although users may choose to start these apps, they may not be aware of the potential impact of using them. For example, Spotify allows 3,333 songs to be stored locally which can eat up storage, while its data-heavy music and video service can drain your data plan allowance. Many of the other apps in this category are also content-heavy and should be used with care.

 

“Many of us take every day practical apps like weather and chat for granted and despite spending little time on them, the impact on our devices is actually quite significant,” said Tony Anscombe, Senior Security Evangelist, AVG Technologies. “A number of unexpected apps such as these are consuming battery, storage, and data traffic without users knowledge – and, in many cases, for no good reason. So if you’re wondering why you’re not getting the best performance out of your device, this could well be why.”

Analyzing aggregated, anonymous data from over one million AVG Android app users, the quarterly AVG Android App Performance Report aims to reveal the top performance-affecting apps worldwide – analyzing their overall impact and performance against three key categories – battery drain, storage consumption, and data traffic use.

The full report, which breaks down the performance impact further according to battery drain, storage consumption and data traffic, can be downloaded from AVG Now.

AVG

Ideas for Families to Celebrate Memorial Day 2015

But the real reason we celebrate Memorial Day is to honor the memory of those who have served and fall in the U.S. Armed Forces.

As a product of the U.S. Army, it has always been a special observance in my family. I’m aware of the many opportunities the military gave me to learn, and the skills that I was able to develop. I’m also aware of the many sacrifices – sometimes the ultimate one – that come with the job. Some of the biggest sacrifices are made not only by those who serve but also by their spouses and children.

I think Memorial Day is a great opportunity to teach children the full meaning of the day. While children may not understand the full implications of Memorial Day, it’s good to instill the values of bravery and sacrifice.

We are keenly interested in children’s education at AVG, whether it’s online safety (via our Magda and Mo series) or online learning. I would encourage all parents, grandparents, and uncles and aunts to seize this day as a learning opportunity.

In that spirit, here are a few tech and non-tech ideas to help celebrate the holiday – and get the summer started for families, both military and civilian.

 

Start with a Parade!

I’m sure your town or one near you has a Memorial Day parade. It’s a great way to get out and also get children to talk about the day in a natural way. You can see a parade listing, by state, on VetFriends here.

 

Go To Museums Free

Blue Star Museums, a collaboration by the National Endowment for the Arts, Blue Star Families and the Department of Defense, offers free admission to more than 2,000 museums across the U.S. to the nation’s active-duty military personnel and their families (including National Guard and Reserve). Check out the Blue Star Museum site and click on a state to find the museums that are participating. The museums are free starting on Memorial Day, May 25 through Labor Day, September 7, 2015.

 

Explore Memorials, Monuments and More

You can explore the history behind the War War II Memorial at the National Mall in Washington, D.C. and learn about the war via the World War II Memorial App.  The app provides fun and educational interactive experiences, including a map and timeline, search for the names of service members who died during World War II, and photographs of the Memorial. The app was made possible in partnership with Altria, the Dr. Scholl Foundation, the Friends of the National WWII Memorial, and the National Park Service.

Or, try EveryTrail to take a walking tour of monuments, war memorials and national parks nearest you. EveryTrail offers sight seeing tours, road trip, hiking, cycling, flying and more with geo-tagged community generated travel content. There are trips collected from over 80 countries in the world, and you can create your own.

You can also visit a national cemetery. This isn’t as morbid as it may sound at first. The cemeteries are quiet and reverent; a great place to reflect on sacrifice and honor. Children – even young children –understand that people die, and if you put the event in context, I think this can be a very rewarding experience. You can find a listing of these cemeteries here .

 

Take a Scavenger Hunt

Education World offers a number of activities online, including a crossword puzzle and ideas for a scavenger hunt to help children learn about the history of Memorial Day. Check it out here.

 

Explore Military Service Records for Free

Want to learn more about your own family’s military history? From May 21-25 you can explore military records of your relatives for free on Ancestory.com.

Happy Memorial Day, everyone. And, thank you, to all of our military personnel and their families – past and present – for their service and sacrifice!