Ransomware now targets Smart TV's

And the saga continues...... just when you thought it couldn't get any worse some ass just created a strain of ransomware that can infect Smart Tv's. Lets set the mood, you come home from a stressful day at the office get some dinner and sit down to watch your favorite channel to discover a message demanding bitcoin to gain access to your Tv, now I'm guessing that will put you in great form for the evening. Thanks to a new version of the Frantic Locker (better known as FLocker) Ransomware has now the ability to infect and lock down your Smart TVs until you pay up the ransom making the above scenario much more realistic.


Researchers at Trend Micro have discovered the updated version of FLocker that is capable of locking Android smartphones as well as Smart TVs. Originally launched in May 2015, the FLocker ransomware initially targeted Android smartphones with its developers constantly updating the ransomware and adding support for new Android system changes. So what exactly does Smart Tv locking ransomware do ? is it the same as the other nasty laptop/desktop strains ? Well the answer to those questions is yes and no. 

• FLocker locks the device's screen.
• Displays a fake notice from United States Cyber Police or other law enforcement agency, accusing potential victims of crimes they did not commit.
• Demands $200 worth of iTunes gift card as Ransom to unlock the infected TV.

Trend Micro says the malware is configured to deactivate itself in some regions including Russia, Bulgaria, Hungary, Ukraine, Georgia, Kazakhstan, Azerbaijan, Armenia, and Belarus.

However, if FLocker detects devices outside these countries, the malware will wait for 30 minutes before requesting admin privileges for the device. If the victim rejects the request, FLocker freezes the screen, faking a system update.


"The C&C [command and control] then delivers a new payload misspelled.apk and the ‘ransom’ HTML file with a JavaScript (JS) interface enabled," Trend Micro said. "This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page."

Although the new variant of FLocker does not encrypt files on the infected device, it has the capability of stealing data from the device, including contacts, the phone number, device information and location data. Trend Micro's report does not make it clear that how FLocker infects smart TVs, but it does note that typically ransomware infection arrives via SMSes or malicious links.
Therefore, like always you should be wary while browsing the Internet, and receiving text messages or emails from unknown sources. In the event that you do get hit with Flocker there are a number of steps that you can take to get your device back. 

 

How to Remove FLocker from Your Smart TV?

If your Android smart TV gets infected, you should contact the device vendor (phone carrier or TV merchant), or if you are kind of technical, you can remove the ransomware after removing its device admin privileges.

"Users can connect their device with a PC and launch the ADB shell and execute the command 'PM clear %pkg%'," Trend Micro said. "This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app."

 I would advise however that you contact your vendor first before you go all tech wizard on your Tv. Just incase you get infected by some new strain that may not have been thought up yet as this may signal the start of a new targeting faze in the age of the iot.
   

 

Disable that annoying Windows 10 Update Forever!

For the past few month's Microsoft have been on a mission to put there new Windows 10 operating system onto every machine in the world. Now this is great if you actually want the new Windows 10 OS but if you don't well then the constant pop up stating "Your FREE Windows 10 upgrade is ready!" may be driving you crazy. Lucky for anyone who doesn't want to update a one click solution has now come to light saving non Windows 10 inclined users all over the world.

A new free tool, dubbed Never10, provides the user a one-click solution to disable Windows 10 upgrade until the user explicitly gives permission to install Windows 10.

Never10 has been developed by Steve Gibson, the well-known software developer and founder of Gibson Research, which is why the tool is also known as "Gibson's Never10."

So lets do this, if your ready to disable that update do the following:

1. Go to Gibson's Never10 official site and click on the Download.
2. Once downloaded, the program detects if the upgrade to Windows 10 is enabled or disabled on your system and then shows a pop-up. If enabled, Click 'Disable Win10 Upgrade' button.
3. You’ll again see a pop-up that now shows Windows 10 upgrade is disabled on your system, with two buttons to 'Enable Win10 Upgrade' and 'Exit.' Click on Exit button.

The best part of this tool is that you don't have to install an application on your PC to do this. Gibson’s Never 10 is an executable. So you just need to run it, and it doesn’t install anything on your computer. You can delete it when you're done.

For more technical details on how this tool works, you can head on to this link.

Prepare Against Ransomware

In recent months you may have come across articles depicting the chaos that ransomware is causing to businesses and individuals alike across the globe. You may ask what is ransomware? In short it is a malicious software that encrypts your computer system so you are unable to access your data. The reason for this is that the distributor of this software is a criminal and they want you to pay them a fee to release your files. Now the fact that they are a criminal you should not pay but in some cases such as hospitals and other critical services where not paying may have a worse knock on effect then sometimes business and individuals are left with little choice but to cough up the dough. In recent month's however a number of companies and state bodies have started to crack different strains of ransomware and release the keys so if you get infected have a look to see if your key is out there you might get lucky. For the rest of you I have compiled a list if useful precautions to take.


Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Don’t enable macros in document attachments received via email. Many ransomware attacks arrive in documents, and rely on persuading you to enable macros (embedded document scripts). Don’t do it: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure.

Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!

Be cautious about unsolicited attachments. Crooks who send malware in documents are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.

Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

 UPDATE:
In the past week I came across a case of the .Locky strain of ransomware which seems to be particularly nasty. In researching this strain I came across the below article and it is very much worth a read. You can find the original article here.
-------------------------------------------------------------------------------------------------------------------------

How Just Opening an MS Word Doc Can Hijack Every File On Your System

If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.
Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.

So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.

Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.

Microsoft MACROS are Back

It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'

This is where the point to appreciate hacker's sheer brilliance of tactics.

Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."
Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

How Does Locky Work?

Once a user opens a malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file and found the content scrambled and a popup that states "enable macros".
Here comes the bad part:

• Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
• This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.

Locky ransomware affects nearly all file formats and encrypts all the files and replace the filename with .locky extension.
Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.
Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.
One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files

The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.
A researcher named Kevin Beaumont along with Larry Abrahms of BleepingComputer initiallydiscovered the existence of Locky encrypted virus.
To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.

"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.

One hour of infection Statistics:

Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia

What is a DROWN attack?

If you have been online in the past few day's chances are that you have seen the headline "new vulnerability discovered in OpenSSL" or something along those lines. This new vulnerability has been dubbed as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), and it is said to effect over 11 million websites and email services worldwide.

DROWN is a cross-protocol attack that uses weaknesses in the SSLv2 implementation against transport layer security (TLS), and that can "decrypt passively collected TLS sessions from up-to-date clients." While latest versions don't allow SSLv2 connections by default, administrators sometimes, unintentionally override those settings in an attempt to optimize applications and this is where the problem lies. The DROWN attack could allow an attacker to decrypt HTTPS connections by sending specially crafted malicious packets to a server or if the certificate is shared on another server, potentially performing a successful Man-in-the-Middle (MitM) attack. It has been reported that more than 33% of all HTTPS servers are vulnerable to DROWN based MITM attacks. 

If you want to see if your website is vulnerable to this critical security hole you can check out https://drownattack.com/. If your website is vulnerable there is good news in the fact that an academic researchers uncovered the DROWN security hole and a patch for the vulnerability has already been made available with an OpenSSL update. And just in case you get to happy the Bad news is that the DROWN attack can be conducted in just under a minute and now that the bug has been disclosed, it may be actively used by hackers to attack servers. So really this isnt something that you want to be putting on the long finger, OpenSSL 1.0.2 users are strongly advised to upgrade to OpenSSL 1.0.2g and OpenSSL 1.0.1 users are recommended to upgrade to OpenSSL 1.0.1s. And if you are using another version of OpenSSL for security, you should move up to the newer versions 1.0.2g or 1.0.1s.

In order to protect yourself against the DROWN attack, you should ensure SSLv2 is disabled, as well as make sure that the private key isn’t shared across any other servers. Those already vulnerable to DROWN attack do not need to re-issue certificates but are recommended to take action in order to prevent the attack immediately. And remember the fact that this has been widely publicized you can be sure that hackers are actively targeting websites that have not implemented the above so get your IT team moving.

Is Facebook tracking me?

Have you logged onto Facebook in the past few months and been targeted with an advert relating to something you recently looked up on your device? For the majority of people the answer to this will be yes. Only a few days ago I searched for the new Jaguar using safari on my iPhone, that evening when I opened the Facebook app I was met with an advert for the new Jaguar XF. This was a very strategically placed targeted advert, and you need to remember that the reason Facebook is free is because we the users are the product. It was reported in the states that Facebook makes approx $7 a year for each and every user by giving marketers access to a defined market based on search history and social patterns of users. Now I have no issue with this, my issue however is I was carrying out searches for the above Jaguar car on safari and not through the Facebook app and this is where it gets a little scary. If I did not use the Facebook app to carry out a search how did I get an advert targeting me for this item? Well my guess is that Facebook is actually monitoring my activity on my phone even though I have it pretty well shutdown. You will notice on all of these adverts that at the top right hand corner there is a little arrow when you click this you get a drop down menu. On this drop down menu you will see the option "why am I seeing this?" This is Facebook's way of telling you why you have been targeted with a specific advert when I clicked on this I got the below information.

As you can see it specifically notes that this information is based on information from your profile and here is the important part AND YOUR DEVICE! Now you can limit Facebook right down by enabling all of your privacy setting but there is no option to click that says "stop spying on my applications outside of Facebook". The issue is if I have limited all of my privacy setting to the highest level how is this information still been obtained? And what information is Facebook gathering from my device? We know that tracking cookies are more than lightly the reason that Facebook can obtain this information so there is one way to stop this, you could stop your device from receiving cookies. This however is not a great solution as you need cookies enabled in order to log into any site where you may have a user account otherwise your session won't run so you can see where the issue lies if you were to turn them off. This means that until someone comes up with an iron clad way to stop tracking cookies from monitoring your online activity it's up to you how much information you really want to share. 

                                     

  

  

5 golden rules for staying safe online

If you have been reading my posts you will notice that a number of points keep popping up. The reason for this is of course that these particular points are vital to keeping yourself safe online. For the few out there who want to do the minimum in order to stay safe I am laying out 5 golden rules to follow.

1) Keep your software updated

Updating software, whether it be on your phone, laptop, or television, is extremely important. When hackers discover new ways to steal your data, gadget and software companies usually work quickly to release fixes for those vulnerabilities. Once a fix is in place an update becomes available and you should download this update, I try to set as many applications as possible to do automatic updates or in the case of my phone I set it running at night time when its not been used.

2) STOP using the same password everywhere

You are living in an age of big hacks and data breaches if you use the same password everywhere once your details are stolen once all your accounts are compromised. And you can be guaranteed that there is a high possibility your details have already been stolen from somewhere.  

3) Don't fall for phishing scams

These scams are getting more and more frequent and the attacks been used are becoming more professional. I recently received an email claiming to be a free password security tester, the email asked me to enter my password to test how strong it is and of course I deleted it as its purpose was of course to steal my password. Be smart when you receive phone calls and emails that you are not expecting and never open an application you receive in an email with the file extension .exe.

4) Add recovery contact information to your accounts

This is important you should always have two different contact methods on your accounts. The reason for this is if you forget your password and lose your phone well then your snookered and you may be locked out of that account forever, leaving your information hanging in cyber space. The second reason for this is If your account is compromised, companies will probably try to let you know. But that’s only possible if they have some means of getting in touch with you on file.

5) Enable two factor authentication 

Two-factor authentication adds an extra layer of security to your accounts by requiring another code in addition to your memorized password. That code can be sent to your smartphone via a text or generated by an app. With two-factor authentication, even if a hacker has your username and password, he or she won’t be able to access your account unless they also have your smartphone — not a likely scenario. I ask if you don't do any of the above at least do this one and give yourself some chance of staying protected.

Securing your iot devices

2016 has been named the year that the internet of things (iot) takes hold, with a reported 50 million plus devices sold worldwide to date with everything from smart fridges to smart plugs iot is here to stay. It must be noted however with all of this extra connectivity comes a juicy threat surface for cyber criminals to prey on. The main thing consumers need to remember that if you bough a devices that connects to the internet then you can be guaranteed that it needs to be secured. In this post I am going to outline a number of steps you can take to help protect yourself and your family from becoming victims of a cyber attack.

1) Keep your devices up to date

This goes for all devices that connect to the internet but I would especially recommend it for iot devices as new exploits are exposed manufactures may push down patches to solve the vulnerability and therefor you should regularly check to make sure your device is running the latest software.

2) Change the default password on your device

This is a very important step to take as the majority of iot devices are mass produced with a default login and not changing this on day one will leave yourself vulnerable to attack. May I suggest using a password that is at least 10 character long with special characters and capitals and numbers i.e don't use your last name and type 123 after it.

3) Be familiar with your devices privacy section

What kind of information are you saving or sharing through this device and what guarantees are put in place that this information is been protected. Don't assume just because the manufacturer says its a secure device to use that it is and make sure your information isn't been shared with third parties.

4) Be carefully buying a second hand device or selling your own device

Buying a second hand device on line may come pre-installed with malware or a backdoor only buy second hand devices from a reputable dealer. On the flip side think long and hard about selling your device, resetting a device may look like all your data has been cleared but with a little know how a lot of this information may be retrieved. There are a number of programs out there that ensure proper data erasure and this may be something you should look into first.

Protecting Windows 10 (The Basics)

Over the past few months Microsoft have been firing out their new operating system Windows 10 to the world for free. This blog is more aimed at anyone who is just after installing the operating system as chances are if you are a windows user you may have already upgraded or will be doing so in the near future. Like most things that come fresh out of the box to make them work to a level you might expect takes some tweaking. I am going to focus on a few basic steps you should take right away to make your new operating system secure.

1) Run the windows update straight away, I know you may have spend an hour or two installing the dam thing but running windows update will make sure your operating system has the latest patches. To find windows update just click the little search bar at the bottom of your screen and type "windows update" once opened just hit "check for updates" and your done.

2) System restore is turned off by default in Windows 10 so you might want to turn this on. Microsoft have renamed this function as "system protection" so to turn this on head back down to the little search bar and type "This PC" when the logo appears right click on it and select "Properties" click on "system protection" then click "Configure" and turn system protection on.

3) Check your Windows 10 privacy setting by default everything and I mean everything in here is turned on. To get here you go to START > Settings> Privacy spend a bit of time looking over this and make sure you are happy with it.

4) Make sure that all of your applications are updated in an earlier post I mentioned that Secunia PSI was a good application to check this.

5) Make sure you have your anti-virus turned on if you don't have an anti-virus Windows has a build in AV called Windows Defender. You can find Defender by going to the search bar and typing "Windows Defender".

Steps to take after the Vtech Hack

In the last week the figures released from toymaker VTech surrounding the massive hack they have suffered is startling. The worst part about this hack is it shows that children are not immune to cyber crime. It is important to first realise the scale of this attack and just how many children have been affected worldwide. Below are statistics detailing how many individuals data has been leaked and in what countries along with if the data was that of an adult or a child. As you can see from the statistics below I have highlighted Ireland, the only reason for this is that I am Irish.

Country                         Parent Accounts                             Child Profiles

United States                  2,212,863                                             2,894,091

France                             868,650                                                1,173,497

United Kingdom             560,487                                                727,155

Germany                         390,985                                                508,806

Canada                            237,949                                                316,482

Others                             168,394                                                223,943

Spain                               115,155                                                138,847

Belgium                          102,119                                                133,179

Netherlands                    100,828                                                124,730

Republic of Ireland      40,244                                                  55,102

Latin America                28,105                                                  36,716

Australia                        18,151                                                   23,096

Denmark                        4,504                                                     5,547

Luxembourg                  4,190                                                     5,014

New Zealand                 1,585                                                     2,304

What I find the most frighting about all of this is that a particular VTech service known as Kid Connect was hacked and the information stolen. You may ask why is this frighting and I am going to explain why. Kid Connect is set-up to allow parents and their kids to communicate. That information includes kids head-shots and chat logs between parents and children. Most, if not all, of these cases, the logs, pictures, and recordings can be traced back to specific usernames, allowing anyone in possession of the hacked data to identify the people chatting as well as those in the pictures.

This may lead to a lot more unforeseen problems down the road but as it stands is just a very uncomfortable situation for parents to be in, and yet again starkly highlights the dangers for children in the digital age.

If you have been affected by this attack you might want to know what steps do you need to take now.

Luckily for you its coming up to Christmas so the VTech spin doctors are in full flight trying to somehow roll out reassuring and efficient damage control to save what's left of the companies reputation. In response to the attacks they have posted a very detailed breakdown of all of the events and the VTech response that can be found here. If you just want the main points I have pulled them out and you can find the below. 

What kind of information are stored in the database?

Parent account information including name, email address, secret question and answer for password retrieval, IP address, mailing address, download history and encrypted password.
Kids profiles include name, genders and birthdates.
Encrypted Learning Lodge’s contents including, Kid Connect’s profile photos, undelivered Kid Connect messages, bulletin board postings and Learning Lodge content (ebooks, apps, games etc).
Download sales report logs.
Progress logs to track kids games, for parents’ reference.
It does not contain any credit card information. VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.
It does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).

Was any credit card information stolen?

No, our Learning Lodge website database does not contain any credit card information and VTech does not process or store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.

Why do you need this customer information?

Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products. Customers need to set up an account for such transactions. The information is used to identify the customer and track their downloads. As customer safety and privacy are of utmost importance to us, we are making all necessary adjustments to our system security, which will include only storing such information as is required for our customers to download and enjoy our services. All other information will be deleted from our servers.

Is there anything I can do to better protect myself?

Whilst all personal customer passwords are encrypted, even encrypted data can be susceptible to skilled hackers, so we are advising you to immediately change your passwords on any other sites that may use the same email, secret question and answer, and password combination.

What is VTech doing to protect data stored on Kid Connect?

The Kid Connect service has been temporarily suspended. We are reviewing our security protocols and will delete all unsent messages before we restart the service.

How can I change my password or delete my Learning Lodge account and personal data stored on your servers?

As an precautionary measure, we have temporarily suspended Learning Lodge and Kid Connect service along with a number of other websites to conduct a thorough security assessment and whilst we implement additional security protocols. We will advise our customers of further action when the websites are ready to be reactivated.

When can we expect that Learning Lodge will be online again? Should I then register again?

We are working as fast as possible to resume our service. We will advise our customers of further action when the websites are ready to be reactivated.

Is it safe for my kids to play with the toys with Learning Lodge app? Could the hacker reach my kids through the devices, trace their activity or location?

Our investigation to date suggests the breach is on the server, not on the device itself. There is no evidence to suggest the toys are not safe at this time. We will continue to investigate and share more information as it becomes available.

Has there been any customer data found leaked on the internet?

We have no evidence that any of the data has been used or distributed criminally. Whilst all personal customer passwords are encrypted, even encrypted data can be susceptible to skilled hackers, so we are advising you to immediately change your passwords on any other sites that may use the same email, secret question and answer, and password combination.

Protecting your children online

For parents the risks of the internet to your child can be over looked. Coming up to Christmas you may be tempted to buy the next great gadget for your child however with the Vtech cyber attack this week as one example, how safe is the data your children are inputting into these devices? I would always advise parents if they are giving their children access to tablets and smart phones at a young age they should always consider a number of factors.

1) Don't put your child's personal data into any device when setting it up! Use your own details if you have to otherwise create throw away credentials to enter in any applications that don't require factual information.

2) Set boundaries! balance is key, create times of use around their devices avoid your children becoming addicted to their devices.

3) Educate your children to the dangers of the internet and the fact that everything they do online is there for life! Snapchat is a popular example to use and I suggest you give this article a quick read.

4) Put safe guards in place to monitor your child's online activity, this will give your child the device they want and you can have the piece of mind that they are not putting themselves at danger online.

5) Keep you kids off social media until they are an appropriate age, most sites don't allow children until they are 13 years of age but this can be easily overcome by entering a fake date of birth.

6) Make sure you need to enter a password to download apps and games don't leave your credit card information signed in on the device they use. This will allow you greater control over what applications they are using, it may also stop a nasty credit card bill from unseen app charges.

The internet is a great place but the dangers it poses are very real, take a few minutes to watch the video below before disregarding this post.

Below are some tools for monitoring or limiting the amount of time your child's device is in use.

For Window's users: 

When you create an account designated as a child’s account, you get the option to enable Family Safety settings. Family Safety allows you to monitor and /or time the usage from your child’s account, block certain applications or sites, and get weekly reports reviewing the activity on the account.

For Mac users:
Log on as Administrator on your child’s Mac, go to the Sharing preferences and choose Screen Sharing. Continue to “Allow Access For” and choose Administrators. When you are on your Mac, go to the Finder and choose Go: Network to see your child’s Mac. Click on Share Screen to see the activity.

For Smartphones:
Backing up your child's phone’s content to your own PC or Mac is a good way of keeping tabs on things. This will allow you to see which apps are being used on the phone, and you’ll be able to see what calls and text messages your child is making. Be sure to activate the basic security features, as well as any further limitations on usage you want, I have already done a blog on securing iPhone's.

There are also many products on the market that will allow you to use GPS tracking and more in-depth monitoring of all your kids devices. One free option that allows some of this functionality is Norton Family Online. The free version lets you monitor every site your kids visit, examine a list of everything they search for, and track their activity across social media via any Internet connection. You can tell Norton to always allow (whitelist) or block (blacklist) certain sites, customize the settings for each child, and set time limits so you can boot them offline when it’s time for bed. A premier version lets you monitor their instant messages, video consumption and mobile devices. This is just one product that I am aware of but their are many similar software type packages out there.

I hope that you have found this post of some help and if you need advice on anything just pop a comment below and I will do my best to give you a constructive answer,

Securing your laptop

For most people laptops are a normal part of their daily lives, however how much thought do people actually put into how secure these devices are? We use laptops for work, banking, our personal data photographs etc so why don't we spend more time securing the devices that we spend so much of our lives on? The main reason is probably effort, it just takes to much effort to worry about all that crap. Whats the worst thing that could happen anyway? I suppose worst case scenario is identity theft followed by all your bank accounts reset to zero and an email to everyone in your contacts of that inappropriate picture you took on a late Saturday night and forgot to erase. But lets not think about what could happen as I am going to give you a list of 5 things you can do to hopefully prevent some of the above.

1) Patch your operating system/ applications

This one is pretty straight forward, Microsoft and Apple both send out regular patches for their operating systems you should take the time to install these and keep your operating system up to date. Most attackers will try and exploit weaknesses in an operating system so by keeping your system patched you are staying a step ahead of at least some attacks.

For information on how to do this on Windows click here

And for apple click here


Once you have your operating system all patched your focus should turn to your applications as the same applies here. A handy tool that I use for this is the free software vulnerability scanner Secunia PSI that can be downloaded here. I don't believe that this works with mac but the link above on apple explains how you can keep all of your iOS applications updated. You should also install an anti-virus software AVG is a good free one for malware you can also install malware bytes this is free for a trial period which should be long enough to get rid of any nasty malware on your system.

2) Create a backup

This is very important and with the flurry of ransomware attacks happening at the moment it may also save you losing a week or twos wages to get your data back. Creating a backup in Windows is actually pretty straight forward.

go to Control Panel - Backup and Restore - Create a system image

Once you get here you need to plug in a hard drive or multiple cds/dvds for your machine to backup to. It takes about 2 hours depending on your system but might save you a major headache long term!

Apple has a number of backup options that can be found here. 

3) Encrypt your hard drive

This is important it also takes a bit of time so do it last thing in the evening as it does effect the performance of your machine whilst running. Remember encrypting your hard drive will keep your data safe if your machine is ever lost or stolen. Windows uses BitLocker to encrypt drives and can be turned on by going to the search bar at the bottom of your screen and typing in "Manage Bitlocker"

this will open up the Bitlocker manager here you can turn bit locker on. If you get an error message about TPM you will need to do the following before you proceed:

1) Log on to Windows 10 computer with the account that has administrative privileges.

2) Click Start and at the bottom of the menu in search box type GPEDIT.MSC command and press enter key.

3) On the opened Local Group Policy Editor snap-in from the left pane expand Computer Configuration > Administrative Templates > Windows Components > Bit Locker Drive Encryption and from the expanded list click to select Operating System Devices.

4) From the right pane double-click “Require additional authentication” at startup.

5) On the opened box click to select Enabled radio button and ensure that under Options section Allow Bit Locker without a compatible TPM checkbox is checked.

6) Once done, click Ok button to allow the changes to take effect and close Local Group Policy Editor snap-in.

Once this is done return to the Bitlocker manager and turn Bitlocker on, it is very important that you keep the recovery password you are given in a safe place as you will need this if you ever forget your password.

Apple uses FileVault to do this and the instruction to do this can be found here.

4) Invest in a VPN

I know I have said this before but I can not stress it enough if you want to keep your online data away from prying eyes and protect yourself whilst using wireless networks a VPN is a must have!! There are tons of premium VPNs on the market so do some home work and find one that suits your budget and expectations. Like I said before I use AirVPN I haven't had any issues with it yet other than a few lingerings DNS issues that may be linked more so to Windows 10 than the VPN. My plan costs €30 for six months and I have unlimited bandwidth, but like I said do your own research and pick a VPN that suits your needs. Stay away from free services unless you really trust to provider even then be wary.

5) Lock-down Windows 10 

Microsoft has more or less given anyone who wants Windows 10 the operating system for free. Now when large multi-nations start giving their products away for free its only natural to ask why. I don't have the answer on this just yet but I am guessing it has something to do with the large amount of access and data their new operating system gives them if a load of options are not turned off. After researching Windows 10 I have altered my privacy settings from on to off as I do not want to share my location, microphone, camera or calendar with Microsoft or any third party applications. The fact that all of these settings are turned on by default is a bit worrying as many non-tech users are unknowingly sharing all of their private information with both Microsoft and third party applications. To turn all of these setting to off navigate to the bottom right of your screen and click on the notification manager. This is the little box that looks like a chat icon. From here select the all settings tab, you can now navigate to privacy and choose what setting you want turned on or off. I recommended turning everything off unless you rely on an application that requires some of these features left on. And next time you get something for free maybe consider what the motive is for such a generous giveaway in an age where data is the new gold.

If you want to read a bit more about Windows 10 and get more indepth advice on how to lock down certain features I suggest reading: How to secure Windows 10: The paranoid's guide