Category: Security

Your iPhone Records Everywhere You Go–How To Turn Off

Just wanted to give you all a mid-week blast. This came across my desk today and I thought some of you would want to flip the switch to turn it off.

I learned something new today — there is a fairly hidden setting in (Settings > Privacy> Location Services >>  then down to the bottom, System Services) — called Significant Locations.   It is a record of EVERYWHERE you have visited with your phone.    Kind of creepy!

Anyway, you can turn this off.   If you like the iPhone intelligently learning your patterns and making suggestions based on that — by all means leave it on. 

I think I’ll be turning Significant Locations off.

Microsoft–Do It To Me One More Time?

Unfortunately, this is not a Lionel Richie love song.

Here is the reading material — https://www.engadget.com/microsofts-windows-10-updates-printer-bugs-000112943.html

Unfortunately, June’s monthly Windows update (began rolling out 6/9) is messing up printing on what is likely a small but significant number of computers.  The same exact thing happened, including to several of you, back in October.

I remember all that I had to go through with my clients.  I had to come out for a bunch of appointments because of these printing woes caused by Updates.  In numerous instances, I had to delete and re-add your printer in Windows.   In one case, a client had to buy a new printer (which did solve the problem).  In the most extreme scenario, nothing was working for me.  I was ready to give up!   I literally had to back up all the files, erase the computer, and then “clean install” Windows 10 1909 which was the latest version of Windows in December 2019.  That fixed it.

These monthly updates are supposed to mitigate security concerns.   They should not break essential functions like printing.

I hope it doesn’t happen to you now — either again or for the first time.  If you purchased your Windows computer on your own, outside of my guidance, you probably have Windows 10 Home.  You are going to be forced to take the Updates when Microsoft dishes them out.

On all computers I had a hand in ordering — I made sure you have Windows 10 Pro.   With the Pro version — updates can be delayed.   I have likely delayed or instructed you to delay Feature Updates (new versions of Windows) by at least 3 months.  We have never touched Security Updates which are the monthly updates that are screwing with printing right now.   I think that Security Updates should be delayed by 7 days.  I could see doing 14 days, but I wouldn’t want you to go beyond that.  These monthly and “odd times” updates address pressing security matters. 

If you remember how to change these options — you go to — Start Menu >> Settings >> Update & Security   > Advanced Options.   The delay for Feature Updates should be 90 to 120 days.  The delay for quality (aka security) updates should be 7 to 14 days.      If you don’t see these choices in Advanced Options — you have Windows 10 Home.

One good thing is — if you have Windows 10 Home — you can upgrade to Pro for a one time cost of $99.  It’s pretty painless.

Microsoft Defender Good Enough For Most

1. Windows 10 — version 2004 is beginning to roll out.  I hate the naming scheme on this because it makes one think that this is Windows 2004.  The 20 and the 04 refer to the year and month that this version was finalized.   Anyway, there is no rush to install it now on day one.   It will be pushed out to your computer in due time.  If you want my help with a professional install, we can look into that down the road. 

2.  For nearly all clients that I work with, I don’t think you have to pay for a separate anti-virus for your Windows computer.  The built in Microsoft Defender is quite adequate.  Only pay for anti-virus if it offers you something really special for what you are paying.   I used to recommend one particular anti-virus because they offer phone support. I thought when dealing with an older client base, that would mean something. Over the years it really didn’t.  Clients would still call me first if they had an issue.  I don’t want to toot my horn but I haven’t had a client with a Windows security issue in a couple of years.   So what I am saying is that I think the free built in Microsoft Defender is probably just fine.  (If I were going to pay for an anti-virus, the only two that come to mind that I would probably pay for are PC Matic — $50 / yr for up to 5 devices for home use or Malware Bytes $40 /yr 1 device / $80 / yr 5 devices.   This is NOT an endorsement, but I will support you in using either. )   If you are paying for an anti-virus as a home based consumer, I think you can stop at your renewal, but please take #3 below to heart. 

3.  So how do you keep yourself safe?

-Don’t install something you didn’t go looking for

-Treat links in e-mails and attachments skeptically

-Have multiple backups of your data. Carbonite and Backblaze are good online backup services.  If you have a locally attached hard external hard drive, disconnect it from time to time. Macrium Reflect is my favorite Windows backup software.  The built in Windows 10 File History is not terrible either.

-Use an ad-blocker in your browser – preferably uBlock Origin. 

-Keep up to date with Windows Updates.  I rarely shut my computer down and let the updates occur automatically.  If you regularly shut your computer down / disconnect from the internet.  You should be checking for Windows updates weekly or biweekly. 

Watch Out For Google Search Results

Learning About New (to me) Old Technologies During the Pandemic

I will never own a Rolex, or a Tudor, or an Omega.  However, I was given a Seiko — made in Japan — watch for my big birthday last month that was roughly $160.  It sparked an intense period of learning for me.  I became fascinated in these tools for our wrists that are able to keep time and produce 21,000 + vibrations per hour WITHOUT a battery.  I am referring to watches with a mechanical movement, whether they be automatic, hand wound or both.  (Of course, there are wonderful quartz watches out there with batteries too.)  Over the past 6 weeks, I think I have become quite knowledgeable on the sub-$500 watch market.  There are awesome watches you can get out there for under $300 and in some cases under $200 as well.  I haven’t found a way to incorporate this newfound love into my business as some kind of formal proposition, but I would definitely be willing to discuss this arena with you informally by e-mail or perhaps at the back end of an appointment. 

Some insights I would be able to share with you include… There are many fine watches out there with Japanese movements.  It is possible to get affordable Swiss made watches.  I can help you understand the difference between a grey market watch and one from an authorized seller. (My Seiko came from a grey market store in NYC that also has an authorized division as well.)  Sometimes the right strap can make all the difference on a watch, especially a nylon “NATO” strap.  I don’t think we should think of watches by traditional gender distinctions.  A lot of so-called ladies watches are very stylish but not functional.  Why can’t a lady wear a nice man’s watch?  Of course she can!  There are so many possibilities if we think outside the watch box.  There are a lot of garbage watches coming out of China, but I can let you know about the one Chinese made watch that “watch people” really admire.

Watch Out For Google Search Results

Over the past couple years, I have seen some clients come up with bad luck on Google search results.  It often starts with Googling for a phone number for customer service for a particular company.  While Google has improved this type of searching and can often provide you with an obvious and legitimate number, you have to deal with paid search listings.  I have tried to install ad blockers for all of you on your browsers and shown you how to turn that ad blocker on and off.  However, if you do not have an ad blocker installed you are going to see at least 3 search results from Google that are ads.  They should be clearly identified.  However, you may not notice what you are looking at.  Please be careful.  Unfortunately, scam companies have been buying up key word ads from Google.  So that when you search for XYZ bank customer service or Frontier customer service (for example), those first few results may not be what you are looking for.  You will have to scroll beyond the sponsored listings to truly find what you want.  Goggler beware!

Not The Password Boy Who Cried Wolf–Part 127

I hear the birds chirping outside my window, but then again it’s unlike any other May Day in my lifetime.  My cherry blossom tree already bloomed for the year. Hope you’re starting to see those signs of spring as well.


Devices Update

-The new iPhone SE is a winning release for Apple. I will be doing my first remote setups for clients over the next week or so.  You could also buy it to hold for later.  At $399 it is more powerful than almost any Android phone on the market.  Whether you order directly from Apple or from your carrier, you can ask me which is best for you.  In many instances there are interest free payments available.  I think a lot of buyers will just purchase it outright.  Drawbacks?  I thought of one since last week and while it certainly isn’t a minus for me, it may be for some people.  The iPhone SE does not have 5G cellular technology.  Of course, no iPhone on the market has 5G right now.  The new more expensive “iPhone 12” models released in the fall will almost certainly have 5G.  Don’t let that stop you from taking advantage of this extreme value.

– 2020 Mac Book Air — I mentioned a few weeks ago that Apple has finally brought back the old keyboard design on their consumer focused Mac Books and that if you need a Mac Book, you can go ahead and strongly consider the new Air.  https://www.apple.com/macbook-air/   When you choose the base model at $999 ($899 with education discount), you will want to make 1 upgrade during the checkout.  PLEASE – choose the i5 processor for a $100 upgrade.  It’s well worth it.  So for $1099, you have an awesome Mac. 

Not The Password Boy Who Cried Wolf – Part 127

I’ve sent out e-mails like this before.  That is why I am calling it Part 127.  I get these sad stories from clients every so often.   An e-mail account has been compromised.  Requests for payment or money were sent out.  Someone didn’t screen the request properly and actually sent the money.  During this time of Covid19, the scammers have not rested.  This is peak season for them.   Some hackers have software that just keeps guessing at e-mail passwords until they can “crack” them.  The easier your password is, the better the chance that they will crack it quickly.  However, major e-mail providers like Gmail, Yahoo and Microsoft do have systems in place that lock the account after an excessive number of tries.   Yet, if your password is super easy to guess — it’s not going to help you anyway. 

One thing I have noticed during this “stay safe, stay at home” period is that many of you have terrible passwords.  You don’t take this seriously at all.  Think of all of the services you have that can be broken into if a bad actor were to get into your e-mail account.   Here are a few BEST PRACTICES that I have tried to teach to clients over the past 5 years or so.  Unfortunately, I don’t think many are making the grade on this topic. 

3 Ways to Create Better Passwords — Choose 1

-use a professional password manager — like Last Pass, 1Password, or Dashlane. (of course this involves learning a new piece of software and not everyone wants to do this).

– Use a random password generator.  Set length to 12 or greater — and you will get totally randomized passwords to PRINT OUT.  This is a tool I frequently use with clients   https://www.random.org/passwords/

-Finally — a client can come up with their own if they use a good formula  — secure base plus specific ending for each site.   Again, it should be something easy for you to remember, hard for others to guess.    Let’s say for example not many people know I like John Denver music.

My base might be — “Leavingonajetplane”

My password for Microsoft might be Leavingonajetplane20msft

My password for Google might be Leavingonajetplane19goog

And so on.

Again, those would be good passwords, if no one could associate me with that base.


Extra Credit:   And while you have some time — if you do online banking — why don’t you call your bank’s help # and ask them this question.  It’s a very simple one.  What are you doing — beyond my user name and password — to protect my account?   Is there a 2nd factor?  Is there some other security measure? What do they offer beyond user name and password?

Thoughts On Zoom Controversy

Over the past few days, I have read all the bad news about Zoom.  Between updates they put out from Thursday until today, they have corrected all of the issues.  It is alarming some of the flaws they had which are nicely detailed in this WSJ article  https://www.wsj.com/articles/zoom-ceo-i-really-messed-up-on-security-as-coronavirus-drove-video-tools-appeal-11586031129?shareToken=stf921d7c733df40db8c49d2a934d7ada2

However, I also think that as the fresh new kid on the block — Zoom’s success irritated established players that would benefit even from a 10% to 20% downfall from Zoom — Microsoft (with Teams and Skype) and Cisco with Web Ex.   One of the interesting facts about all of this is that one of the lead engineers at the original Web Ex, prior to Cisco’s $3 billion purchase in 2007 was Eric Yuan.  He is the founder of Zoom.     Zoom’s goal was to make live conferencing easy, even without an account.  Unfortunately — when conference rooms were created without passwords (no longer the default as of 4/5/20) anyone could enter them and harass people.   However, a heckler could walk into an AA meeting or a meeting between students and professors in a lecture hall.  Zoom in some ways mimicked real life. 

Joining a Web Ex meeting is really not that much different than joining a Zoom meeting.  It often involves opening a link and an application launching.  The controls and options are laid out in different places.  New life is being breathed into Skype as they have a now have an account-less meeting option.   The online meeting / conference space will see shifts in preferences as companies respond to potential threats.  I hope Zoom can rebound from this.  However, there is no doubt that stumbling by one entity creates opportunities for others. 

Corona Contingencies and Compromised Accounts

Getting Ready for Remote Sessions

I know that the coronavirus and its potential impact on our lives must be on your mind.   I’ve been reading stories like people in Milan going through a “psychosis,” to people stocking up on dry foods, to toilet paper being sold out.  I’m trying to stand on sensible ground and not join a feeding frenzy.  I think it’s important to look for teachable moments in history too.  Let’s look back to how we responded to the H1N1 swine flu in 2009.  1,000 people in this country died.  I don’t remember the mood being quite like it is now.  Nevertheless, I acknowledge that if there comes a time when we won’t be going out as much and resort to working and handling other business from home — reliable technology will be more important than ever.    I think most people know that I have provided remote consultations for years.  I don’t really see text message as effective for this purpose, but I have been known to provide consultations by email such as answering a list of questions you may have or giving some analysis. Phone based consultations will also come into play. Commonly, I will tap into your computers via software that allows you to share your screen with me.  For this, I use Quick Assist an application that is already built into Windows 10.  With my Mac clients, I use Skype (preferred) or also the free version of Team Viewer.   If you are a Mac client of mine, and you do not have Skype or Team Viewer installed, you can install them from Skype.com or TeamViewer.com .   However, I know that installing software is not a comfortable spot for some of you.  And, installing software on the Mac has gotten a little more complicated as of late.  Therefore, if you are a Mac client and need one of these applications installed for our remote sessions — even if we don’t have an upcoming appointment scheduled — I will come and do it for you at no charge when I am in your area.  It will take me all of 5 to 10 minutes.  Please ask.   For remote sessions, I bill by the half hour on a per incident basis.  So when you have a concern that is worth it to you, don’t hesitate to reach out for remote assistance whether by necessity or by choice.  Also for these remote sessions, there is no need to send me a check.  I can take your credit card over the phone or send you a digital invoice. 

Compromised Accounts

It has come to my knowledge that many credit cards and banks are now offering “dark web monitoring” or some type of scanning where they can detect if your credentials have been compromised on the internet. Services like Life Lock do this on a paid basis. Some clients have shared information they were given with me and it seemed hard to decipher.  One of them was simply told that an email address was compromised on a couple of occasions in recent months.  It was not immediately clear whether there was an intrusion on the email account itself or a website that the address was used to sign up for.  I have access to a well known database where I can look up where your identity (based on email addresses) has been compromised and tell you what sites and services were breached.  It does not take long to look up this information.  Some of the information found may be actionable and other bits may not, but at least you will be informed.  Knowledge is power.  A “compromised account search” would be a great activity for a future appointment that we have. Let me know.

Three Cheers for Firefox

You can feel good about using the Firefox browser today!

Not many of my clients use the Firefox browser — as their primary way of reaching the internet but since you do — I want to let you know that you can feel very good about them today

They turned on an encryption feature that makes you browsing even more private than before.

https://www.theverge.com/2020/2/25/21152335/mozilla-firefox-dns-over-https-web-privacy-security-encryption

You know it’s a good thing when the politicians are ticked off about this feature. 

Just about every other browser out there (except Safari) is based some way off of Google Chrome — including Microsoft Edge, Brave, and others.

Firefox is a truly independent and unique browser.   How does Firefox make money?   They make money through ads shown in Google searches.  They have a huge contract with Google.


Password Frustrations

Lately, I’ve become aware of some really sloppy and unsafe password practices that clients have.  I thought we were turning the corner a while back and unfortunately gang, I think it’s getting worse.  For some of you, I have set up professional password managers like Last Pass and 1Password.  These do a very good job of keeping your passwords secure and allowing you to create completely randomized passwords, if you take advantage of this feature.  However, where is your hard copy / print out of these passwords?   Next, some of you choose to use the password managers built into your browsers like Safari, Chrome or Firefox.   If you are syncing these with an Apple, Google or Firefox account – you have a backup.  But where is your printed copy?   Is it even possible to make a printed copy of those passwords?   Are you keeping one copy in duplicate on paper?   These are things you really need to think of, pronto.    Finally, there is an even larger group of you that just keep your passwords on paper.  I don’t have a problem with this necessarily.  But are they on scraps of paper that are scattered all over the place?  Are these passwords mixed in with all of your other notes and documents about your computer?  You can’t keep doing it the same way.  If you are going to go the paper route, these passwords should be in a notebook for passwords only. 

I really hope this scenario doesn’t apply to anyone, but I know that a couple clients keep their passwords in an unprotected Word or Excel document on their hard drives.  This is very unsafe.  I have become aware that Excel 2016 and later can ENCRYPT a spreadsheet at the file level, which is way better than saving it with a password as has been the case in Office apps for years.  This encryption option would be ok in my opinion.

Laptop Talk At The Oscars

Best Moment of Oscars

https://mobile.twitter.com/indiewire/status/1226704317136220160

Filmmaker Taika Watiti (short interview clip – via link), instead of talking about his work, took the opportunity to slam Apple on their awful keyboards in their recent Mac Books.  Can you believe it?  This event was supposed to be about the films, the actors, the great production staff — and it’s Apple’s keyboards that he really to speak of.   Going back to early 2018, I have been really hard on Apple and I have let you know it.  Some of you simply had to get new Macs over the past few years and I was very straight with you, even when Apple wasn’t.   I let you know about the 4 year warranty from date of purchase on the keyboard replacements.  I have also let you know that a Lenovo Thinkpad or Dell Latitude would be a much better investment, if you could see yourself switching from Mac to Windows.   There will likely be some good news around the corner, however.   Between March and June — I expect Apple to release new 13 inch Mac Air and Pro models with the “classic keyboard”.   That would be a keyboard similar to the 2015 models, the last good Mac laptop keyboard.  When those products launch, I will be telling you it’s time to buy. 

The Cadillac of VPN’s

This is a message for the more privacy focused among us.  You may travel a lot.  You may use WiFi at coffee shops and hotels. You may just not like the idea of your internet service provider knows everywhere you go online.  If you are one of those people, you need a VPN.  A VPN is a little app that runs on your computer, smartphone or tablet that creates an encrypted tunnel for all your traffic to flow through. It’s simple to use, you turn it on and  you turn it off.  Your internet provider will never see any of the sites that you visit. A good VPN will cost $8 to $12 per month, give or take.  The best of them will never keep any logs of your activity.  I used to recommend 2 particular VPN services.  I have refined my picks, due to experience.  The Cadillac of VPN’s — the best you can get right now, Is a company called  Express VPN.  They are so easy to use. and they offer 24 hour technical support (via chat on their website).  I know that older technology users like good customer service.  Current pricing is $12.95 month to month and $100 if you paid for 12 months.   My second choice, let’s call them the Volvo of VPN’s, is Private Internet Access — PIA.  PIA’s commitment to privacy has held up in court.  However, like Volvo, they were recently sold to a new company but have promised to keep their past commitments and maintain their legacy. PIA is cheaper than Express VPN.   It remains to be seen, if there will be long term changes under the new management.   If I could tell you to go with only one VPN — go with Express VPN.


Financial Safety Tip of the Week

This is a really simple tip, but very relevant to the scam calls that are going around today.  You may get a message saying they are from your credit card.  Do not call back or answer the call.  Call the customer service number on the back of your card or on your statement.  If you are the type that likes to throw everything out, always keep the last statement of all of your bills in a folder.  That way you have a good number to call.  Not everyone can see the numbers on the back of a credit card without a magnifier.