October is Cyber Security Awareness Month. Nick Francesco, Democrat & Chronicle columnist, would like to discuss some reminders about cyber security. There are a lot of security risks in our devices, and we need to be more aware every day.
For Android people, earlier this year, a security flaw known as Stagefright was discovered that could potentially allow hackers to control user's Android phones and steal data. Smartphone manufacturers moved to patch the flaw, which affected older Android devices, but many phones are still vulnerable, and now, a new version of the bug has been discovered.
Stagefright 2.0 is a similar security flaw, which occurs when users play certain mp3 audio or mp4 video files on their smartphones. The new Stagefright vulnerabilities are twofold, and all Android devices are vulnerable to at least one, not just older devices running older versions of Android's OS, as was the case with Stagefright 1.0. Google has already included a patch in its upcoming Nexus security update scheduled for next week. However, what about Android devices from other manufacturers? Google installs the patch, but the manufacturers of handsets then have to incorporate them into their versions of Android, then carriers have to get off their fat butts and schedule the upgrades. The Google Play Android Market has several antivirus programs you can install, as well as a Stagefright detector from the great folks at Lookout Mobile Security. If you do have a vulnerability to Stagefright, the app will run down what you can do while waiting for your carrier to get around to updating you.
Apple has just rolled out iOS 9.0.1, and it, unfortunately, has a flaw that gives nosy techies a way to bypass the device's lock screen --- again. It's not easy to do; it takes pretty tight timing to execute, but there are thousands of people out there practicing right now. Until Apple gets a fix out, the only way to avoid it is to disable Siri.
But even if you protect your phone, your data can get out there. And they can be sneaky. Hackers stole the personal data of 15 million T-Mobile customers by going after the company that processes the wireless carrier's credit checks. The US government lost the information of 4 million federal workers. Health insurer Excellus BlueCross BlueShield had 10 million health records exposed. Last year, Home Depot and Target were among the major companies hit by hackers. If you're a member of one of the infected communities, you should, at the very least, change your password. And, of course, if you've used that same password anywhere else (you shouldn't ever do that), change those, too. And take this opportunity to make them all different.
Thousands of medical devices, including MRI scanners, X-ray machines and drug infusion pumps, are vulnerable to hacking, creating significant health risks for patients. Next time you're in your doctor's office or the emergency room or the hospital, don't hesitate to ask if all their devices have been proofed against hackers. Take hesitation for a "no."
A critical remote code execution flaw in WinRAR could put 500 million users at risk of having their computers compromised if they simply open an infected zipped file. Using an antivirus scanner that digs into ZIP files can help mitigate the risk. Lots of them have the option; take a moment to read your documentation (yes, some sort of document file comes with just about every antivirus program). Make sure that option is enabled.
PC support scams net billions of dollars every year. People get ad popups or random phone calls about viruses or errors or privacy issues, and want you to give them money to fix it. Often, they represent themselves as Microsoft or Apple. They aren't. In the entire long history of tech support, no company has ever called up a user to tell them they magically detected a problem in their computer.
How can you protect yourself? The usual ways. Pick long passwords. Use different passwords on different sites and products. Change them often. Check your bank statements and your credit score every month. No vendor will ever call you or email you. Neither will Nigerian princes. If your bank calls, they will give you the last four digits of your account number, and they will never, ever ask for it. After all, if they're legitimately from your bank, they already have it.
Read the full article here.