The way you hold your smartphone can “give away” passwords and PINs to hackers

The way you hold your smartphone can “give away” passwords and PINs to hackersBy analysing the movement of a device as the keyboard was used, Cyber Experts at Newcastle University say they were able to reveal just how easy it is for malicious websites and apps to spy on users using the motion sensors in smartphones and tablets.

The team were able to identify 25 different sensors which are standard on most smart devices and could be used to give information about the user, and were able to crack four-digit Pins with 70% accuracy on the first guess and 100% by the fifth guess.

Apps and website do not need to ask users’ permission to access sensors, such as GPS, cameras and microphones, explained the lead author of the study, Dr Maryam Mehrnezhad, a research fellow in the School of Computing Science.

This means malicious programs can “covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, Pins and passwords.” Dr Mehrnezhad continued.

They discovered that each touch action (clicking, scrolling, holding and tapping) created a unique orientation and motion trace; and if this was done on a known web page, a hacker would know what the user was clicking on and what they were typing.  If this were to be done on an online banking website – passwords could be compromised.

The study went on to explain that despite the industry being aware of the problem, no solution has been found; partly because there is no uniform way of managing sensors across the industry.

In the study published this month in the International Journal of Information Security, the team also found that if one of the malicious apps or websites remains open in a tab, it can spy on the details you enter.

Dr Mehrnezhad pointed out that even when phones were locked – if the tab remained open it could still be collecting data.

The team will next be looking into the additional risks posed by personal fitness trackers that are linked to online user profiles.

What is a VPN & Top VPNs 2017

What is a VPNs & Top VPNs 2017

What is a VPN?

What’s is a VPN & Top VPNs 2017 Virtual Private NetworkIf you’re concerned about online privacy and want to spies away, a virtual private network (VPN) is what you require.. We round up the best VPN services for you to protect your location and allowing you to access blocked content and blocked websites.

Why you need a VPN

Public awareness of VPNs has grown over the past few years, but there are still a lot of people using the web who know nothing about them.

We all like to watch catch-up TV, however, most of the content is to be watched in home territories. The BBC iPlayer and Sky Go, to name only a couple, are only meant to be viewed in the UK, and while Netflix is accessible around the globe, the content available varies across different countries.

This means you can’t watch your favorite TV shows while travelling overseas. More importantly, though, a VPN can help protect your identity online and keep you safe from prying eyes and protects your identity from websites.

How does a VPN work?

A Virtual Private Network creates a private data tunnel over the internet to a web server. This can be located in the same country as you or located somewhere else. This means that, in theory, you can watch your favourite UK show because that’s where it thinks you are. Crucially, all data traffic sent over the VPN is encrypted, so it cannot be intercepted.

To get started you’ll need to install software on your PC, Laptop, Mac or mobile device. Once you’ve logged in, choose a server in the location where you’d like to ‘virtually’ appear. You then just carry on as normal, safe in the knowledge that your activities are protected.

Are free VPNs any good?

There are plenty of free VPNs out there, but some of them have their drawbacks. They may be slow, unreliable or collect information about your web browsing habits, which of course defeats the object. Netflix is also now actively clamping down on VPNs both free and paid, so there’s no guarantee that they will work.

How a VPN can protect you

Your ISP will keep records of all the websites you visit and your online activity and if so ordered by the government will hand over that information. If you don’t like the sound of that, using a VPN makes sense good sense.

One of the really exposed and unsafe areas of using the internet is via a public network, These are notorious for problems and you should never do online banking unless running a reliable VPN.

Five Eyes

It’s important to know where your VPN is located. Some countries have got together to agree to exchange information freely, nominally in a bid to enhance everyone’s security. However, many groups are critical of this behaviour believing that mass surveillance impinges on our freedoms. These countries are known as the Five Eyes: USA, UK, Australia, Canada and New Zealand. If you want complete privacy you will need to pick a VPN provider based outside of one of these countries.

VPN logs

Many VPN providers have different levels of logging. Some choose to log connection time, IP address and bandwidth used. Others choose to log nothing at all. Needless to say you have to trust the VPN provider that it is NOT monitoring your traffic, otherwise you are not protecting yourself.

What should I look for in a VPN?

Most VPNs support all the major platforms but some offer more unusual platforms such as Kindle or Google Chrome. Also look out for restrictions on usage – some ban P2P, while others are fine with it. Free and trial versions normally have speed restrictions, while paid-for versions should have none. Note that encryption can slow down connections. OpenVPN provides more protection, while PPTP is faster but less secure. You should be able to switch between them depending on need.

Also if you’re connecting to a server that’s geographically far away, you are less likely to get the full speed that your ISP provides. Look out for server speed claims and make sure that you conduct tests to check whether you are happy early on, so you can get a refund within the time limit if you’re not.

Top VPNs to check out

CyberGhost www.cyberghostvpn.com HIGHLY RECOMMENDED…!
Free and paid for

NordVPN www.nordvpn.com
Paid

IPVanish www.ipvanish.com
Paid

PureVPN www.purevpn.com
Paid

ExpressVPN www.expressvpn.com
Paid

Buffered www.buffered.com
Paid

ZenMate www.zenmate.co.uk
Free

StrongVPN www.strongvpn.com
Paid

Total VPN www.totalvpn.com
Free

Hide My Ass! Pro VPN www.hidemyass.com
Paid

Private Internet Access www.privateinternetaccess.com
Paid

HideIPVPN www.hideipvpn.com
Paid

TorGuard www.torguard.net
Paid

Security and Choice of Password

Security and Choice of PasswordChoose your passwords carefully…

According to recent report by Verizon which you can read here , the biggest issue regarding data security is your choice of password and the steps you take to protect it.  With “63% of confirmed data breaches involved weak, default or stolen passwords”.

The report outlines the fact that we can still be naive with respect to phishing attacks, …almost a third (30%) of phishing messages were opened up from 23% in 2014. And 12% of targets went on to open the malicious attachment or click the link about the same as 2014 (11%). So with almost a third of unsafe emails being opened we really do need to make a serious effort to train all our staff in a few fundamentals.

Laurance Dine, a Managing Principal for the Investigative Response Unit at Verizon, commented that, “user security awareness continues to be overlooked as organisations fail to understand that they need to make their employees the first line of defence”

So what can business owners and managers do?

Security and Choice of Password Security and Choice of Password Firstly create strong passwords. Take a look at Splash Data’s list of Worst 25 passwords and cringe slightly if any of them is yours!

password
12345678
qwerty
12345
123456789
letmein

football
1234
1234567
baseball
welcome
monkey

1234567890
abc123
111111
1qaz2wsx
dragon
master

login
princess
qwertyuiop
passw0rd
starwars

Secondly, once you have created a strong password, don’t share it or use it again. It won’t matter if it is the strongest password in the world if the whole world knows about it!

Thirdly, make yourself and your staff fully aware of the risks of data breach. There are plenty of recent examples, and none of us wishes to be added to the ever growing list and serious breaches of the Data Protection Act carries with it the likelihood of serious fines by the information commissioner (ICO).

Understanding Phishing and the need for Cyber Essentials

Understanding Phishing and the need for Cyber EssentialsPhishing

Understanding Phishing and the need for Cyber Essentials Russian high-tech crime investigating company Group-IB have recently reported that cyber criminals have stolen £18.7 million from banks in Russia between August 2015 and February 2016 using spear phishing emails.

Phishing has been defined by security software giant Symantec (Norton Antivirus) as an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC.

Staff training

But it is not just banks and other financial institutions that need to guard against this threat. With these phishing attacks aggressively being aimed at your staff, as an employer you need to look at how to identify possible phishing attacks, and how to effectively pass this information on to your employees.

How do you tell?

Well, you can’t always, scam artists will do their utmost to perfectly re create logos and familiar headers and footers in emails but there are a few things that you can do to guard against this threat.  It is not a bad idea to train your staff to get into these habits for all email traffic.

What to look for

For starters, before opening any emails check the senders address/domain and not just the familiar looking senders name. For example an email pretending to be from a familiar energy company should have a recognisable email address john@energycompany.com rather than john@465msl.co.uk. This is a simplistic example, but you get the general idea. If you are unsure, then go directly to the company website or call them and check if the email is genuine.

The really important bit…

Phishing emails contain a document link that needs to be opened in order for the malware to infect your system NEVER OPEN A LINK unless you are expecting it! Always check with the original company if you have any doubts whatsoever. It may take a few minutes but it could be well worth it.

Warning Increased Threat from Ransomware

Warning Increased Threat from RansomwareScareware – Don’t be Held to Ransom

Warning: Increased Threat from Ransomware. The BBC has today highlighted a growing problem with “ransomware”. This is not industry news in itself, this malicious software has been around for years, but its current alarming growth and activity is.  The BBC quote Raj Samani, Intel Security’s chief technology officer in Europe, the Middle East and Africa who said there has been “enormous growth in ransomware certainly over the last 12 months” and who believes the UK to be particularly vulnerable. With ransomware hackers now attacking all of the popular operating systems even machines using Linux it seems that no one is immune to attack.

Ransomware 101

Generally ransomware invades your PC in the guise of cleverly faked rogue antivirus software which alerts you to numerous issues they have detected on your system. You are then advised that by installing their clean-up tools you will be able to remove the issues. Once you have installed the fake program you are then besieged by pop up messages which prevent you from using your PC for anything meaningful. This latest activity now actually locks away your files and holds your data to ransom until you pay for its release, often closing the screen down and leaving a digital “ransom note” on your desktop for payment by voucher or bitcoin.

Difficult Recovery

The encryption methods used by the hackers on your personal files can make the situation very difficult to resolve and of course paying a ransom fee does not simply make the problem go away there will undoubtedly be a further cost. There are reported incidents of ransom leading to further demands and or restored files not having fully restored functionality. As with most things, prevention is better than cure.