WireLurker: Yet Another iOS Malware threat that you don’t have to worry about

November 8, 2014 at 6:27 pm (Apple, Current Events, iDevices, iPhone/iPod Touch) (, , , )

Get ready to start defending your common sense practices again with regard to your iDevices.  A Computerworld magazine screams, “Panic!” regarding “Horrible Apple iOS virus; vectored via USB: WireLurker is ‘new brand of threat’”. I’m sure Chicken Little is running around somewhere with his cute little hardhat in place to protect said cute head from the fallout of the latest malware threat.  As usual, the majority of users need not worry.  

This latest malware threat is called WireLurker, a catchy name for this critter that spreads via “trojanized/repackaged OS X applications” found on a third-party Mac app store in China.  The Maiyadi App Store has nearly 500 apps that have been infected, and those infected apps have been downloaded over 350,000 times.  The app store is quite popular because it allegedly offers popular Mac apps for free.  Step right up and get your infected copy of Angry Birds, The Sims, and more. 

Remember, if it seems too good to be true, it probably is.  Saving a buck or two is just not worth it when it comes to the well-being of your iDevices, not to mention you’re cheating developers out of their hard-earned money.  What makes this malware different from others is that WireLurker can hop from an infected OS X computer to a non-jailbroken iDevice via USB. However, the user still has to trust the computer and approve the installation.  Nothing new here, kids.  As long as you don’t say, “Ok, I trust you, now let’s go ahead and continue to install and run the free version of this app that I know I should have paid for but I didn’t”, you should be ok. Is it really worth the risk to save two bucks and cheat the developer out of the money he should have gotten for making this cool app? As long as you use common sense, only download apps from the Apple store, and don’t download software from third party sites (especially in China), you should be just fine.  

Permalink Leave a Comment

1Password App Extension Coming in iOS 8

August 6, 2014 at 9:48 am (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch, Productivity) (, , , )

One of the really cool things announced at Apple’s WWCD this year was the addition of app extensions for iOS 8 (iOS is the operating system that runs our iDevices).  When you log in to an app on an iDevice, you have to do the copy and paste dance of going to 1Password (or your notes or wherever you have your login info), go back and forth between the screens a couple of times, until you submit the info and successfully log in to the app…unless you use the same password for everything, but you don’t do that, right?  Because that’s just wrong, and setting yourself up for a world of hurt.  So, the announcement about app extensions was fantastic!  Because now, you won’t have to do that do-si-do anymore.  There is a short video at 1Password’s blog where you can get a look at the coolness of it.  More info will be coming soon, but I can’t wait for this feature.  Be sure to let your favorite app developers know that you want them to use the 1Password extension with their apps. 

Permalink Leave a Comment

Too Hot for Spot

July 10, 2014 at 9:34 pm (Current Events, Personal, Pets) (, , , )

Every year when school starts back, there are always stories about kids who have been left in a car or bus and succumbed to heat stroke.  But another  common issue is that of pets that are left in vehicles, often with fatal results.  

 

What many people don’t realize is that the temperature inside a vehicle can exceed 100ºF in just a few minutes, even in what seems to be pleasant outdoor conditions of 75º.  

 

Some things you can do if you must take your pet with you include keeping fresh drinking water and a bowl (keep water in a cooler or insulated bag with cold packs) and take your pet with you (on a leash) into pet-friendly stores.  You cannot rely on leaving the air-conditioning on, because it could malfunction and begin blowing hot air or shut off altogether. 


Dogs cannot cool themselves as easily as we do, and they don’t sweat like us.  They release heat by panting and thru their paws.  Their paw pads are sensitive and can burn easily.  If the asphalt and sidewalk are hot to you, they are hot for your pet. Walk them on grass or dirt instead of on the pavement.  

 

If you’re out and about and see an animal in a hot car, call animal control or 911 and stay until help arrives. Local law enforcement officials can enter the vehicle and rescue the pet. You can also alert store managers at local businesses.

   

 

VehicleTempChart

 This graph shows the outside temperature and the corresponding temperature inside a vehicle. As you can see, it only takes a few minutes for the temperature inside the vehicle to reach very dangerous levels. 


Symptoms of heatstroke include excessive panting, vomiting, discoloration of the tongue, rapid heart rate, glazed eyes, dizziness, and lethargy.  If your dog exhibits any of these symptoms, gradually lower their temperature by giving them water, placing a cold towel or ice pack on the head, neck, and chest, or immersing them in cool (not cold) water.  Call your veterinarian for further instructions and please take your pet to the vet for follow up care.


If you routinely travel with your pet, it is a good idea to keep a canine first aid kit with you.  Partnership for Animal Welfare has an excellent resource on their website for Canine First Aid Kits and Emergency Treatment, including a list of necessary supplies for you to make your own “Doggie First Aid Kit”. There are also links to ready-made kits that can be purchased. 

 


There are several flyers available online for free download.  Keep a few of these available with you to place on vehicles while you’re out and help educate others. 

 

Too Hot for Spot from PETA:  http://www.mediapeta.com/peta/pdf/toohotforspot_parkingspace.pdf

 

Overheating Kills  from ASPCA:  https://www.aspca.org/sites/default/files/pets-in-hot-cars.pdf

 

Hot Car Flyers from Humane Society: http://www.humanesociety.org/assets/pdfs/pets/hot_car_flyer.pdf


Taking a few minutes to get involved might save a dog’s life. 


Permalink Leave a Comment

Where do you keep your Passwords? No More Sticky Notes!

June 8, 2014 at 11:31 am (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch, Productivity, Products, shareware) (, , , , )

I realize I’ve been hyping the fantastic 1Password app quite a bit lately.  There’s a good reason for that.  It’s the best.  If you care anything about your data, you owe it to yourself to protect it.  That means using 1Password. 

 

Friends frequently ask me what 1Password is, what it does, why they need it, and many other questions.  I’d gotten my “elevator spiel” down to about a minute or so, but I was afraid of being inconsistent, or leaving out something important, (especially with all the new features added recently), or just freezing up (it happens sometimes). But, now there is something even better. 


Now there is a real video, complete with snazzy soundtrack, that can be clicked and watched again and again. Keep watching until you realize that you cannot go another minute without the muscle that 1Password provides.   

 

Enjoy this brief video, then head on over to 1Password and pick up a copy today.  


Permalink Leave a Comment

Apple iDevices Held for Ransom Down Under: Don’t Reuse Those Passwords, Mate

May 29, 2014 at 2:13 pm (1Password, Apple, Applications, Current Events, iDevices, iPhone/iPod Touch) (, , , )

Something interesting happened in Australia recently when Mac, iPhone, and iPad users were hacked using Apple’s Find My iPhone feature to lock devices and send ransom messages to the owners. They demanded a $50 “unlock fee” to be paid via PayPal payment from the owners. 

 

While it wasn’t immediately evident how these hackers gained access to the devices, it was soon ascertained that they obtained the information from a data breach. Because many people reuse passwords, it is likely that the hackers found people who used the same passwords for the accounts from the data breach and their Apple ID, which then allowed them control of  the iDevices. 

 

Apple made a brief statement to let people know that iCloud was not compromised.  They also advised those affected to change their passwords. They can also go to their local Apple store or call Apple Care if they need additional assistance. 

 

This reinforces the sensibility of utilizing two-step authentication whenever possible, and reminds users to never reuse the same password across accounts. It also reiterates the need to use a good password manager such as 1Password to create strong passwords for all your accounts. Until next time, be safe with those passwords folks. Friends don’t let friends reuse passwords.  


Permalink Leave a Comment

The Heartbleed Bug, 1Password, Watchtower, and You

April 18, 2014 at 6:58 pm (1Password, Apple, Current Events, iDevices) (, , , , , )

Anyone who has spent any time with me knows that 1Password is one of my favorite applications.  It ranks right up there with Evernote, TextExpander, and Dropbox for must-have, can’t live without applications for Mac and iDevices alike (and even Android and Windows folks are covered).  1Password has long been my go-to app for password management, secure note storage, software license info, and general account and login information. It even helps me complete online orders quickly, easily, and securely. 

 

Heartbleed logo

 There was a new bug discovered recently called Heartbleed.  This bug is of the electronic variety, not the pesky outdoor variety…although both have the potential to be particularly troublesome.  The Heartbleed bug affects most all of us in one way or another.  It has been shown to be a serious vulnerability with SSL encryption, which is used to provide security over the internet for many applications such as instant messaging, web applications, email, and some virtual private networks (VPNs). SSL is the ’s’ in https, or to break it down a little more, it is what usually keeps your information secure and is shown by the little padlock icon in your browser’s address bar.  Without getting too technical, the Heartbleed bug essentially allows the bad guys to access what the user thought was their secure data, such as account user names, passwords, and possibly even the actual content. 

 

In order to fix it and recover, the owners of the services and the service providers must patch the vulnerabilities and distribute new versions that clients will implement generally by upgrading their software. Additionally, users should change their passwords, 

 

Most everyone is affected in some way, largely because of the widespread popularity of OpenSSL. In addition to being used by many social networking sites, blogging sites, ecommerce sites, and even some government sites, OpenSSL is also used for mail and chat servers, and VPNs (virtual private networks). It is very difficult to detect because the bug leaves no trace of abnormalities in the user logs. 


Dave Teare, co-founder of AgileBits, and developer of the aforementioned awesome password management software, 1Password, released a newsletter to users to inform them of the Heartbleed bug, and to let them know how 1Password can help them defend themselves. 

 

1Password was not affected by Heartbleed because it uses a different type of encryption. The data within 1Password is completely safe.  However, you will need to change your password for any websites that were affected.   

 

1P logo

 1Password makes it incredibly easy to change your passwords. They have a terrific feature that enables you to do something called a security audit. With a click of a button, it tells you which of your passwords are weak, which are duplicates (bad!), and which are older (6-12 months, 1-3 years, 3+ years) which is especially good if you use time sensitive passwords or work somewhere that requires they be changed monthly or quarterly.  I could never keep up with the timing on those when I worked at Apple, and it never failed that I would have to change my password at the most inconvenient time.   

 

One of the most common questions after Heartbleed was publicized was, “Which passwords do I need to change?” but part of the problem was that folks didn’t know whether a particular site had patched (or fixed) their vulnerability without going to every single website for which they had an account.  Talk about a huge time suck.  I could have spent a few days just checking websites.  Then, I would have had to note which sites were fixed, and which sites I needed to follow up with if they had not been patched.  Surely there was an easier way, right?  Yep, and the wonderful folks at 1Password helped us with that. 

 

Watchtower

 Enter 1Password Watchtower. Talk about slick!  I am so loving this new feature.  It will let you know the status of the websites affected by Heartbleed.   For example, it will let you know if you need to avoid the site until it is fixed, if it has been fixed and you need to change your password (see example screen grab), or if it was never vulnerable and therefore not affected, so you don’t have to change your password for that particular site.   The danger of reusing passwords (using the same password for multiple sites) is because if you use a password on a site that was vulnerable, the bad guys could have accessed your user name and password.  Then they could go to a site that wasn’t vulnerable on its own, but they didn’t need it to be vulnerable, because you had already handed them your user name and password on one of the other sites. Does that help to better explain why it’s such a bad idea to use the same user name and password for everything?  Here is more information on the new Watchtower service.  


Cult of Mac published a very helpful article  that walks one through the process of resetting affected passwords quickly and easily.  They have also listed links to the password reset page of popular websites such as Facebook, Google, Amazon, Instagram, IFTTT, and many others. Using the Security Audit feature, you simply start at the top of the list and follow the step-by-step instructions to change your password.  Once you’ve finished with that website, just go to the next one on the list until you’ve finished all of them.  How much time it takes will obviously vary depending on how many passwords you need to change, but it really is a fairly quick and painless process.  Plus, it should go without saying that now you will have peace of mind that your login information is safe again. 

If you don’t already have it, pick up 1Password today and get started on your path to a safer online experience.  Then, next time your friends are freaking out because “ACME Data” got breached, you can say, “Meh, I have 1Password. Not worried.” and keep on watching your videos.


For more information about Heartbleed, 1Password, and Watchtower, head over to 1Password’s website.  Their terrific blog has all the latest information about things that would be rocking your world in a bad way, were it not for 1Password keeping things in balance.  Cheers!


Permalink Leave a Comment

End the Backlog of Unprocessed Rape Kits

January 18, 2014 at 4:31 am (Current Events, inspiration, Personal) (, , , , , , , , )

NewImage

An episode of Law & Order: SVU a couple years ago highlighted the backlog of unprocessed rape kits across the country.  Mariska Hargitay has portrayed Detective Olivia Benson since the show’s spin-off from Law & Order 13 years ago.  Jennifer Love Hewitt guest-starred on this particular show, giving an incredibly emotional performance as a repeat rape survivor.  Women are traumatized along the way after they survive the actual rape.  They must endure the agonizingly slow and invasive process of evidence collection, which can take 4-6 hours, to obtain the hair and body fluids for DNA collection.  The victims are tended by health care workers (hopefully, but not always, by a trained Sexual Assault Nurse Examiner). They must tell and re-tell their experience to police officers, legal representatives, mental health professionals, and more. Much of the time, the victim has no idea if her assailant has been arrested, if he is incarcerated, or if he is still out there, free to terrorize others. It is actually up to the victim to follow up and see if their kit has been tested. 

The DNA evidence is often instrumental in the identification and conviction of the rapist.  That is why it is essential that the victims go thru each step of the difficult process.  It is ridiculous that the victim has to follow up on whether or not her rape kit has been tested, but for many tens of thousands of women across the country, that’s just what they must do.  

NewImageDriven to become an advocate for sexual assault survivors after receiving so many moving letters from women telling her what they had endured, Mariska Hargitay founded the Joyful Heart Foundation in 2004 to help the survivors of sexual assault and domestic violence “heal and reclaim their lives”.  The Joyful Heart Foundation is committed to helping end the rape kit backlog. To this end, they have launched endthebacklog.org, with the goal of ending the backlog of untested rape kits, and identifying best practices for eliminating this backlog by increasing public awareness at every level: local, state, and federal.

Every two minutes, someone is raped in America. One staggering statistic from the FBI notes that only 24% of reported rape cases result in an arrest. The enormous backlog in untested rape kits has a lot to do with it.  At an average cost of $1200 for each kit tested, many crime labs and police departments simply do not have the necessary resources to process the kits. The backlog not only allows the rapist to get away with his crime, it also prevents the victim from getting justice.  In many cases, the rapist will rape again and again.  Survivors deserve justice.  

In New York City, the arrest rate for rape went from 40% to 70% after the city eliminated its rape kit backlog in 2003.  In Detroit, after testing began on more than 11,000 kits, over 100 potential serial rapists were identified from just the first 1600 kits tested.  In August, a $500,000 grant was awarded to the Memphis Police Department to screen untested rape kits.  They would be able to send 2226 kits for preliminary testing, which would still leave over 10,000 kits untested, some of those dating from the 1980’s.  It makes me sick to my stomach to think about over 10,000 untested kits sitting on a shelf somewhere in my hometown, kits that could put criminals behind bars for the rest of their lives, and kits that could bring closure and peace to some of my friends. 

What can you do?  Help spread the word about the rape kit backlog.  Use social media to tell others.  They have an excellent and informative website, and the pages can be quickly and easily shared, just by clicking the Twitter or Facebook icons.  You can help end the backlog.  
 

Permalink Leave a Comment