Tag Archives: Michael McKinnon

Highlights from CeBIT Australia 2015

This week Sydney put on its finest weather for the CeBIT Australia 2015 trade show held at the famous city’s Olympic Park.  Featuring a diverse mix of technologies and innovation from the APAC region there was something for everyone, from 3D printing, robotics, low-power LED lighting, to enterprise and business computing.

The Australian-based AVG Business team was also there for the 8th consecutive year to capture the action and showcase AVG’s Secure-Sign-On, identity as a service, cloud, backup and IT management platforms.

On the security side, a particular highlight was the keynote talk from infamous black-hat turned white-hat hacker, Kevin Mitnick.  Mitnick captivated the audience with shocking revelations of devastatingly simple social engineering antics.

Mitnick

 

As is common-place at technology conventions these days, there were plenty of drones, and they’re getting smarter too.  One demonstrator walked in a circle around his drone while it faithfully hovered mid-air – and as he circled it, the drone rotated itself automatically, sensing where he was.

Drone CeBIT

 

And while we’re talking about smart gadgets, a return visitor to CeBIT was the kid-size humanoid robot soccer league – or more specifically the NUbot team from Newcastle University who are previous RoboCup world champions.

Nubot

 

What is RoboCup I hear you ask?  Well, imagine foot-high robots running (okay, shuffling) around a ridiculously undersized soccer pitch kicking a ball trying to score goals.  Hilariously, some of them kept falling over, as if to feign an injury (or so I imagined), and I found myself wondering if there had been any Italian inspired coding involved.

Green tech was once again a major feature at CeBIT with San Francisco based electric car manufacturer Tesla displaying one of their cars, a Model 85 – accompanied by a constant queue of people wanting to sit in the driver’s seat for a selfie!

Tesla

 

Were you at CeBIT Australia 2015? What were your highlights from the show? Let me know on Facebook or Twitter!

Sports fans, avoid these weak passwords!

Earlier this week, a list of 25 worst sporting passwords was released by SplashData, and includes a whole raft of easily guessable passwords,  the most common being “baseball” and “football”.

Worst Sporting Passwords

 

In fact, baseball and football are so common that they appeared on the list of overall worst passwords published earlier in 2015.

It goes without saying that if you see your password among this list it really is time to change it. Having a weak password can make it easy for attackers or scammers to gain access to your accounts and the data stored within.

 

How to create a strong password:

Creating a strong password is much easier than winning the World Series and in a few simple steps you can have a password that can help keep your data secure while also being easy to remember.

For tips on what to avoid when getting a new password, be sure to check out this video from AVG Security Expert Michael McKinnon.

Video

Four password mistakes to avoid

World Back Up Day: Five Tips for choosing a Cloud Storage Provider

Billions of people use the Internet every day. We use it to work, play, create and share memories. World Back Up Day is an annual reminder to protect our most precious files from being lost forever.

After all, what would you miss if you lost everything?

Cloud based back up services are incredibly cost effective and most allow you to access your files from anywhere in the world.

So if you’re ready to celebrate World Back Up Day, I have five tips on how you can pick a secure cloud storage service.

Is it for business or personal use?

There are plenty of free options, before you trust a service with your personal or critical business files you should make sure it is reliable and secure.

What type of files are you storing and why?
Different cloud services offer various features and options that might suite your particular need. For example video or photos back up.

What level of encryption do they offer?

Does the cloud storage service offer encryption? If the provider is hacked, your data will be vulnerable. If the provider don’t provide encryption then you should consider encrypting it yourself before you upload.

Are there additional security features?
If possible, use additional security features like two-factor authentication and login notifications to help prevent unwanted breaches.

Do you have adequate backups?
Don’t rely on a single backup, especially for your critical files. You should also backup regularly.

 

Until next World Back Up Day, stay safe out there.

USB Killer reminds us what untrusted really means

If this “USB Killer” invention is real, then plugging in one of these unknown devices could electrocute your defenseless PC or Mac, and damage it beyond repair.

It’s a far cry from today’s worst-case-scenario of getting infected by malware and it’s a timely reminder to anybody who stumbles across a USB device by chance – you’ll want to think twice before plugging it in.

Indeed the natural curiosity of what happens when someone finds a USB stick in a public place is well documented, and as far back as 2010 it even spawned the concept of the USB dead drop.

This latest news adds to a growing concern around the security of all USB devices.  Last year researchers Karsten Nohl and Jacob Lell revealed a number of attacks known as BadUSB that has since uncovered a swathe of problems where malware could be transferred at a hardware layer with very little ability to protect against this type of threat.

But we have previously warned about the dangers of anything ‘untrusted’ – be it software, apps and hardware devices.  Your security these days relies more on trust than ever before, as outlined recently by our CEO Gary Kovacs in his keynote speech at Mobile World Congress.

 

What to do if you find an unknown USB device?

NEVER connect it to your PC or Mac. At best it will contain Malware, or at worst it may be a USB Killer (although unlikely).

Try to return it to its owner. Ask around or check if it has a label on it; or leave it where you found it, in case the owner returns to find it.

Consider destroying the USB device. Remember, if the device isn’t yours – neither is the data that it might contain.

Until next time, stay safe out there.

Five Tips for choosing a Cloud Storage Service

Cloud services are incredibly convenient and can also be a great cost saving measure. But you shouldn’t blindly place trust in cloud services without doing some research first.

If you are considering using a cloud service, I would strongly advise finding the answers to the following questions before signing on the dotted line.

Is it for personal or business?
There are plenty of free options, but you need to determine which is the most reliable and secure, especially if your business will depend on it.

What are you storing and why?
The different cloud services that are currently available offer a variety of features and options that may be better suited to a particular need.

What sort of encryption is available?
Does the cloud storage service offer encryption? If the provider is hacked, your data will be vulnerable. So if they don’t offer encryption then you might want to encrypt your vital documents before uploading

Does the service offer extra security?
Where possible use additional security features like two-factor authentication and login notifications to ensure you have the added layer of security to prevent unwanted breaches.

Do you have adequate backups?
Don’t rely on a single backup, especially for your critical files. You should also backup regularly.

How To Spot a Fake Twitter Account

Social media is a great way of communicating with friends and family, but’s also a fantastic tool to meet new people with similar interests. You should be careful though, as popular social networks can have fake accounts which can pose a risk to your privacy or security.

One way to help stay safe is to learn how to spot these fake accounts and how to report them to the social network.

Beware of bio links

Spammers, scammers and hackers often use links in their Twitter bios (as as their feed) to get users to visit malicious sites.

Compare their followers

Fake or spam Twitter accounts follow thousands of users of users but have very few followers themselves

Watch out for strange mentions from strangers

You may get a random tweet from or mention thats makes no sense, This is often a sure sign that it’s a fake or malicious account

Beware of links tweeted with popular hashtags

Scammers often use trending or popular hashtags to tweet malicious links or get you to view their bio link

 

Until next time, stay safe out there!

Five permissions to check when installing Android apps

Apps are what make our smartphones truly useful. They help us stay in touch with family and friends, guide us, educate us and sometimes simply entertain us. With the average person having nearly 30 apps on their device, it’s clear that we’re no strangers to downloading and installing apps.

However a word of caution. You should always check the permissions that an app requests while installing.

In this video I have outlined five permissions that you should be aware of and give careful consideration when granting it to an app.

 

Five permissions to check when installing Android apps

1. Access to Internet: be careful that the permission being asked for is appropriate to the app

2. Access to phone and call information: apps will be able to view your call history, send text messages and incur additional costs without you knowing.

3. GPS & precise location: does the app really need your precise location or even access to your GPS?

4.Access to photos/media/files: ensure you only give access to trustworthy apps, with this permissions they have the ability to access a lot of data on your phone.

5. Camera & Microphone access: Apps can access them at anytime and take photos or record audio without you knowing. Make sure you provide access to apps you trust.

If you’re unsure about why the app is asking for you to provide a particular permissions, you can always contact the developer and ask them to clarify.

How to activate Two Factor Authentication on Apple services

This February Apple announced that they would be making Two Factor Authentication available on iMessage and FaceTime in a bid to help users secure their online identities.

What is Two Factor Authentication?

Two Factor Authentication is method of securing your online accounts or services through the addition of another layer of security when you login. This is usually a code which is sent to your mobile device, either in form of a text message or via an app.

Video

What is Two Factor Authentication

 

Activating Apple’s Two Factor Authentication

Implementing Two Factor Authentication on Apple services is very straightforward.

 

  1. Go to My Apple ID.
  2. Select Manage your Apple ID and sign in.
  3. Select Password and Security.
  4. Under Two-Step Verification, select Get Started and follow the onscreen instructions.

 

Apple Two Factor

 

For help and advice on implementing Two Factor Authentitcation on Apple services, I’d recommend visiting the official Apple FAQ page.

Why iOS devices could be one tap away from disaster

Users who don’t pay attention to warning messages on their iPhones or iPads run the risk of becoming infected with malware that can steal their personal information such as text messages, contact lists, pictures and even their location.

If you’ve followed our advice in the past for keeping your iOS device secure, you’ll know that you should be doing the following:

  • Install updates – keep up to date, and that includes your apps too.
  • Keep a backup – use iCloud or Dropbox for photos and backup your device.
  • Never “jailbreak” – this is the method for breaking the factory security.
  • Activate anti-theft – such as “Find my iPhone/iPad” to locate a lost or stolen device.

BUT despite this, did you know you could still be just one tap away from disaster?

As reported in Macworld, security researchers uncovered spyware dubbed “XAgent” that is delivered via a phishing attack and can spread to other iOS users via contacts in your address book.

For more tips on staying safe from phishing, check out my blog “How To Protect Yourself from Phishing Attacks”

The good news is that you can do something about this, as all the users affected by this particular threat (and previous ones using the same technique) almost certainly “infected themselves” by ignoring vital warning message prompts.

Apple advise iOS users here to be mindful to only download and install apps from the Apple App Store and to be cautious of so-called “enterprise apps” that are only intended for employees of large businesses.

Therefore, if you don’t work for a company that is specifically requesting you to install an app and you see these following prompts – make sure you answer them correctly to protect yourself from inadvertently installing malware.

iOS Install Warning

To protect yourself in this example you click CANCEL

 

iOS Trust Warning

 

To protect yourself in this example you click DON’T TRUST

You might have also seen a similar Trust or Don’t Trust option available when connecting your iPhone or iPad to a friends computer – and again the safer option is always Don’t Trust.

Until next time, stay safe out there.

Title image courtesy of iMore

How secure is your new car?

Car manufacturers regularly introduce new features to make our motoring lives easier and more secure. However in recent week, vulnerabilities have emerged that highlight potential dangers of smart car connectivity.

As reported by The Register, a vulnerability was discovered affecting BMW cars allowing an attacker to open doors and windows via a weakness in the My BMW Remote smartphone app.

BMW have reportedly deployed a software patch for all affected models remotely, but it is worth double-checking with your dealer to make sure it has been applied.

Worryingly, this type of vulnerability is not new.  Keyless entry systems for cars built within the last decade have increasingly come under attack, and exploits only get more sophisticated over time.

In 2011, Swiss security researchers from ETH Zurich University conducted experiments covering 10 cars from different manufacturers and found serious flaws that could allow someone to open the doors and start the engine of your car using a “relay station attack”.

 

Relay Attack

Image courtesy of Wikipedia

 

The research demonstrated that some modern cars using a “Passive Keyless Entry System” (PKES), where you don’t need to insert a key into the car to start it, could be stolen by using a trick to amplify the radio signal transmitted by your keyless remote.

When you park your car at night, where do you leave your keys?  I’ll be placing mine inside a lead box from now on – or taking the battery out!  And let’s hope the car manufacturers eventually get it right in the meantime.

Until next time, stay safe out there.