Tag Archives: Michael McKinnon

World’s 25 worst passwords revealed! Is yours one of them?

According to this report, the world’s most used passwords from 2015 were “123456” followed closely by “password” itself. And to make matters worse, out of the Top 25 over a third (40%) were lazy combinations of those first two passwords.

Also on the list were shockers such as “solo”, “starwars” and even “princess” more than likely referring to the latest Star Wars movie that has been top of mind for many.

Perennial favorites like “qwerty” and “1qaz2wsx” also appear on the list, as people continue to think that using a pattern on their keyboard will thwart the cybercriminals – who, by the way, have known about that technique for years!

 

1 123456
2 password
3 12345678
4 qwerty
5 12345
6 123456789
7 football
8 1234
9 1234567
10 baseball
11 welcome
12 1234567890
13 abc123
14 111111
15 1qaz2wsx
16 dragon
17 master
18 monkey
19 letmein
20 login
21 princess
22 qwertyuiop
23 solo
24 passw0rd
25 starwars

 

Okay yes, I’ll put my hand up, I’ve been guilty of using one of these passwords myself – have you? But the important question is why we do it.

Having to think of a new and unique password these days is annoying and frustrating, especially when we’re all being told to create different passwords for every online account we have.  For some of us, that’s hundreds of accounts!

So what is the solution?  Here are some password tips.

  1. Watch this video on why you should never use the same password twice – and understand how you can “separate” a common password for use across multiple sites in a reasonably secure way.
  2. When thinking up a new password, learn about the four common mistakes that people make with passwords, as I explain in this video.
  3. Where available, especially for important accounts like Email, Banking and Facebook, consider activating “2-Factor” or “2-Step” authentication where you can – it’s no excuse for creating a lazy password, but it does add another layer of security.

Until next time, stay safe out there.

 

Is free Wi-Fi Safe?

Public networks are so convenient, they’ve popped up everywhere: cafes, airports, shopping centers. They’re almost everywhere.

But be warned: since your data is traveling through the air—sometimes completely unprotected—hackers could be listening in.

Bad guys could:

  • Eavesdrop on what you are doing
  • Steal your passwords
  • Intercept your communications and alter them, aka a Man-in-the-middle attack

When you’re connecting to an unknown Wi-Fi or network, ask yourself these questions:

  • Who owns the network?
  • Who else is on the network?

If you don’t know the answers to those questions, don’t do sensitive things like shop or bank online. Wait until you’re home or on a network you trust.

If you absolutely must access your bank accounts or shop for things, use a VPN like AVG Safe Surf to stay protected.

 

AVG AntiVirus for Android “Marshmallow” update, now easier to use

At AVG we are constantly improving our products, ensuring you get the best experience and features to help keep your digital world safer and more secure.

We’ve recently updated our popular AVG AntiVirus for Android app. It provides compatibility with the latest version of Android, and it has improved performance and is even easier to use.

 Google’s latest Android operating system update (called ‘Marshmallow’) has been released, so we’ve ensured AVG AntiVirus for Android is compatible and ready to install, so that there’s no disruption to the security and protection of your device and its data.

We’ve also taken the easy-to-use interface and improved it further! The design has been updated in line with Google’s Material Design principles for a more attractive and unified experience on your Android device.

AVG Anti-Theft & App Lock now share the same PIN. That’s one less code you need to remember to access your advanced security features.

If you don’t already use the Anti-Theft feature, you’ll want to consider enabling it to help secure your data in case your device is ever lost or stolen. It allows you to:

  • Sound an alarm on your device
  • Lock your device
  • Locate your device on Google Maps
  • Wipe your personal data

The ability to erase your personal data from a device is very useful these days, if not essential. Once enabled, it will help you avoid a potential data breach which, as we’ve seen, can have serious consequences.

We’ve also introduced some additional fixes and improvements behind-the-scenes to ensure you get the best experience and protection for your mobile device.

If you haven’t already updated AVG AntiVirus for Android, we recommend you update now. If you don’t have security software installed yet, download AVG AntiVirus for Android for free from Google Play to help protect your devices against viruses, malware and spyware.

Getting the care you deserve for your digital life

Being connected and enjoying your digital life these days means dealing with many devices.  Computers, smartphones, tablets, game consoles, printers, and don’t forget they all need a reliable Internet connection too!

And despite all that money you spend on your technology, when things go wrong and you spend hours searching for a solution that doesn’t work, it can be very frustrating and lonely.

Having to solve a technical problem quickly when you don’t know the answer can feel a bit like you are the contestant on a live TV game show!  The only difference is there’s no 50/50 or “ask the audience” option – instead you’re only left with “phone a friend”.

Then what happens when your friend can’t help?  Or if you know that calling your “friend” is going to leave you with more questions than answers, or you’re going to get “that look” they give you; like you’re the dumbest person on the planet.

Instead, let me suggest a new friend, a really smart and non-judgmental friend, who will help you with technical problems on your PC, Mac, tablet, smartphone or game console.

Your new friend is called AVG Go :)

AVG Go offers remote technical support 24 hours a day, 7 days a week. I bet your other friends are never THAT available!

Our dedicated tech experts can help you with:

  • troubleshooting operating system issues
  • installing and configuring software
  • setting-up and configuring your router and Wi-FI to get you online
  • diagnosing and removing viruses, spyware, & malware.

If you sign up for the AVG Go Total Care Plan, you also get our award-winning protection and performance products for unlimited devices with AVG Ultimate. All of these products are included:

  • AVG Internet Security for Windows
  • AVG AntiVirus PRO for Android
  • AVG AntiVirus for Mac
  • AVG PC TuneUp for Windows
  • AVG Cleaner for Mac
  • AVG Cleaner PRO for Android.

For more information visit AVG Go or, if you’re in the US or Canada, call 1-844-234-6038* now for your FREE consultation.

*AVG Go is currently available in the US and Canada and we hope to bring you more locations in the future.

Google drops Chrome support for old operating systems

Are you still running an old PC operating system like Windows XP or Vista?

There are some risks running an unsupported operating system — the biggest is falling behind with security updates and fixes.

As years roll by it’s necessary for companies to “deprecate” (a fancy way of saying “make obsolete”) older versions of their software. This becomes necessary because it’s hard coordinating and supporting many different versions.

Google has announced that from April 2016 they will no longer be supporting their popular Chrome web browser for certain older operating systems.

The operating systems affected are:

  • Windows XP
  • Windows Vista
  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

How does this affect me?

Chrome will continue to work on the operating systems mentioned above, but will no longer receive updates and security fixes.

If you continue to use an old operating system, and software that is no longer supported, then you will likely be more vulnerable to new and emerging security threats.

What can I do?

To avoid vulnerabilities and the risk of infection from malware and viruses, we recommend that you always keep your operating system and all your software up-to-date.

Consider upgrading your operating system where possible for the best protection and productivity, and if this means upgrading your old computer, it may well be worth exploring.  Think about it, the cost of data loss from a security breach could be costlier than the price of new hardware.

And while you’re at it, installing an effective antivirus and security suite is worth it for peace of mind — PC users can download AVG AntiVirus Free, and Mac users can download our free AVG AntiVirus for Mac.

AVG boosts Bugcrowd bounty

One of the ways we proactively improve our security is through participation in the AVG bug bounty program on Bugcrowd.  We have recently reviewed the rewards offered as part of this program and now offer up to USD$1,000 per bug.

We appreciate and reward the efforts of security researchers who, within the strict terms of the bounty program, are able to responsibly disclose vulnerabilities found in our nominated PC based client side applications.

If you have skills and experience reverse engineering binary code, or you like breaking AntiVirus engines in your spare time, then this could be the stimulating and rewarding challenge you’ve been looking for.

Bugcrowd is a great community of like-minded security geeks who get to pentest, hack and crack great companies like AVG, Fitbit, Dropbox and even Tesla Motors – all in the name of responsible disclosure for rewards and kudos!

So, if you’re a 1337 h4x0r then start finding bugs today by signing up to Bugcrowd as a researcher, and then join the AVG program.

We look forward to seeing what juicy vulnerabilities you’ll uncover, and in return get rewarded for helping us keep over 200 million friends safe and secure.

Get cracking! And until next time, stay safe out there.

The dangers of geotagging via photos & social media

Did you know you could be unwillingly revealing your location via geotagging in photos you upload with social media applications?

AVG’s Michael McKinnon walks you through some things to be aware of when it comes to geotagging.

Did you know:

  1. Photos can contain location information stored in metadata (EXIF data) within the image itself.
  2. Location data can be automatically applied to your GPS enabled smartphone photos.
  3.  The location data usually includes the precise GPS co-ordinates of where the photo was taken, as well as the time and date it was captured.

Here are some ways to protect your privacy when it comes to geotagging on your mobiles device:

  • Disable location services on your mobile devices.
  • Remove EXIF data from images before uploading to social media networks or file sharing sites.
  • Be aware of location options in apps or online services and social media.

For more great tips on getting the most out of your devices, visit us at www.now.avg.com and follow us on twitter or Facebook.

Stay safe out there.

#ShredFest helping protect against Identity Theft

It’s no secret that personal data and private information left lying about, either in physical or digital form, can be used by thieves to steal your identity.  The problem is that securely destroying old documents, especially if you have boxes and boxes of them, can be time-consuming and frustrating.

And if you don’t destroy your data securely the consequences of being a victim to identity theft can range from outright theft of money, to unexplained debts, leaving you feeling like somebody else has taken over your life.

But thanks to a growing movement called #ShredFest originally from New York, things might get a little easier. It’s a subsidised program designed to provide secure document destruction free-of-charge. You might already have something similar in your local area, sometimes run by local banks and communities once or twice a year – or perhaps this is your opportunity to make-it-happen!

The statistics on Identity theft are nothing short of shocking. In the United States the Federal Trade Commission reports that in 2014 it received 332,646 complaints making ID theft the number one reported crime for the 15th year in a row. 

Stolen identities used in the United States in 2014 were used mostly for Government and benefits related fraud (30%) followed by Credit Card fraud (26%), Phone/Utilities fraud (16%) and Bank fraud (10%).

With the ability for criminals to collude easily on a global scale, it’s not inconceivable that we will see ID theft attempts in the future combine information obtained from the litany of online data breaches (for example, Ashley Madison), along with tidbits obtained through “dumpster diving” right at your own back door.

Fortunately, with a few simple precautions and some dedication to properly destroying the remnants of your online correspondence, and other important paperwork (that you’re no longer required to keep by law), you should be able to reduce the risk of ID theft happening to you.

Destroying Physical Documents

Got boxes of documents that you should be securely destroying? Despite #ShredFest only being available in a small number of locations at the moment, a quick search online reveals many companies that provide shredding services for a small fee.

But weighed up against the risk of ID theft against you at any time, it may well be worth it at any cost; and think of how a quick trip to your local shredding depot with a car-load of documents is not only going to put your mind at ease – but all that storage space you’ll get back at home!

Another alternative is to purchase your own document shredder – something that I have owned for many years and highly recommend – however, those boxes of tax paperwork may still be inescapable, so an annual trip to #ShredFest is likely still needed.

If you do purchase your own shredder, however, consider one that has a “cross-cut” feature (that cuts the paper into smaller pieces) which is considered a little more secure, and also there are models that can shred old CD-ROMS and DVDs which can come in handy.

Shredding Computer Files

Did you know that selecting a file and pressing delete, or simply moving the file to the trash (even after you empty it) isn’t enough to securely remove it?  It’s important to understand how to securely delete digital files on all your devices – not just your PCs, but also Mobile devices.

We’ve covered in the past how easy it is to use features like AVG’s File Shredder which can overwrite your private and personal files multiple times to ensure they cannot be recovered again.

Also if you’re recycling your old PC’s or Mobile devices, including disposing of them permanently, ensure you have taken all reasonable steps to correctly erase the data on them – this sometimes isn’t as easy as a simple factory-reset, particularly with older Android mobile devices.

Lastly, if you have an online email account (such as Gmail, Yahoo or Outlook.com) you’re likely holding on to years worth of old email that could prove to be extremely valuable to an ID thief.  As I suggest in these tips about securing your online email account, make sure you purge all your old and unwanted email too.

Until next time, stay safe out there.

Ashley Madison Hack – what has been leaked?

As with all privacy breaches there are multiple victims here. The customers whose personal data has been leaked, as well as the company trusted to keep it secure; a trust that may never be regained.

However, what makes this case highly significant is the collateral damage that will likely spread beyond just the direct privacy breach.  Family ‘secrets’ are revealed and victims are ‘ousted’ – seemingly at the hands of anonymous hackers with a point to prove.

Another oddity in this case is that AshleyMadison.com charges only men for their subscriptions and message credits, while female users are able to use the site free of charge.  This has resulted in the victims consisting mostly of men, connected by way of their credit card transaction histories, causing an asymmetry rarely seen in data breaches made public.

While the hackers have released the data in what could best be described as a harsh and judgmental way, they do offer some clues about how trustworthy the data may or may not be, “Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles.”

On that note, remember that the information obtained and released by hackers in data breaches by their very definition is never verified by the companies who are breached, and so this brings into question the integrity of all the data, regardless of how authentic it might seem.  For example, there may be deliberately false information inserted by the hackers designed to damage reputations or serve another agenda.

Accordingly, as already reported the hackers also provided this disclaimer of sorts, “Chances are your man signed up on the world’s biggest affair site, but never had one.”  In short, make sure you have all the facts before a potentially dangerous and damaging real-life Internet hoax unfolds in your own backyard.

Here’s a summary of the exact data that was breached:

  • Full names and addresses
  • Birthdates
  • Email addresses
  • Credit card transactions
  • GPS Coordinates
  • User Names & Passwords
  • Sexual Preference
  • Height, Weight, physical characteristics
  • Smoking and drinking habits

Lastly, while it may be easy to fall into the trap of victim-blaming and judging based on your own set of moral or ethical standards in this case – as social media opinions begin to rush forth in the coming days and beyond, it’s important to keep sight of the broader picture of what is transpiring.

Today’s breach may well affect nearly 30 million victims, and maybe you don’t know any of them… this time.  Next time, in another context, it could be you.

In the meantime, let’s hope that the active investigation into the perpetrators behind this hack are brought to justice, because as the statement from Avid Life Media rightly asserts, this is an act of criminality.

Until next time, stay safe out there.