Category Archives: Articles

“But I don’t have anything a Hacker would want”

“But I don’t have anything a hacker would want”, is often the reply I hear when I’m explaining the importance of strong passwords, software updates, and other tasks to improve their cyber hygiene.

“I don’t do online banking” or “I don’t have personal information stored on my computer” come in as the follow up statements.

What this tells me is that many of us have a false sense of what a cyber criminal wants.

Sure, financial gain does appear to be the motivation for many cyber criminals. Draining a bank account would be a easy pay day, but it could also be risky.

Many cyber criminals are opportunistic. They may not be targeting you specifically but if you don’t take precautions you’ll end up one of the unlucky targets they happen across.

Think of the internet like a car park, and computers as the cars. If you haven’t patched your systems, or make a habit of using a single password, you’re leaving your car unlocked in a public place.

A criminal can walk around the car park trying to unlock each an every car, once inside he might be able to take the loose change in the centre console, or take a laptop sitting on the backseat.

You would notice your laptop missing. But would you notice if the criminal took a few coins from the centre console?

A cyber criminal can scan the internet looking for computers that haven’t had the latest patches installed. These patches fix vulnerabilities in software that could potentially leave your computer “unlocked”.

Passwords are like keys. How convenient would it be to have one key that opens your house, car, safety deposit box, and mailbox? Say you lose one of these keys. How convenient is it for a criminal to then go around and access all your things with the one key?

Sure, in real life you’re probably going to notice a missing key. But digital things work a little differently. You might lose a file, but have an exact copy stored in a backup. You could have a copy of a file, and someone else could have the exact same copy of the file at the same time.

Would you know if a service you use lost a copy of a password?

In a data breach, cyber criminals are able to steal data (lose a key), and the company still maintains a copy of their own. The cyber criminal who initially stole the data can then sell it to other cyber criminals.

If this data happens to hold copies of passwords, a cyber criminal can then use these password to access the account of those users. If you use the same password everywhere, well, you can see where we are going.

You’ve left the car unlocked, you use the same keys for everything, the dog walker lost a copy of your key and didn’t tell you about it. You might still be thinking “But I don’t have anything a hacker would want”.

I’m sorry, but you do.

A DDoS attack (or Denial of Service Attack) is where a cyber criminal floods a website with traffic in order to slow down a website and try and take it offline. This is often done in protest (perhaps the website has different views to the cyber criminal, and she is angry), for the lulz (or for fun as it is known), or even just to cover up a separate attack that the cyber criminal is undertaking on the same site.

Back to our car – perhaps the criminal is going to use it to damage the property of a big corporation in protest. Perhaps he is going to cruise around town doing burnouts and driving through the garden of a local park ‘for the lulz’, or perhaps he has found one of your lost keys and is going to wander in a steal the jewellery in your home, whilst at the exact same time doing a burnout, out the front of your house to keep you distracted. All because you inadvertently left the car unlocked.

While it seams silly that the the criminal is in two places at once, that’s exactly how things are online. A cyber criminal can be doing multiple nefarious activities simultaneously; she can be attacking a website with a DDoS while also stealing the customer database.

To count as a DDoS (Distributed Denial of Service), the attack has to come from multiple sources. Computers (or other devices) that an attacker has compromised will be added to what is known as a botnet. This network of thousands of computers can have their resources pooled together to undertake malicious activities.

Resources such as storage are also something a cyber criminal requires. Perhaps she has some questionable material and need somewhere to store it. Perhaps she is selling the data stolen from another website. Instead of hosting it on her own servers, she might provide access to your computer and the buyer can download the information from there.

The car analogy still works here. Your car (the vulnerable un-patched computer), that you think is safe and locked, is sitting in a car park (the internet), completely open for anyone to access.

Remember the dog walker that lost a copy of your key (passwords) earlier. We’ll apparently he lost a copy of all his clients keys. The criminal who found them is storing them in your car. He found a buyer who will pop by your car later on to collect them. It doesn’t even matter if your using the car when the buyer comes along, he’s almost invisible.

This is really convenient for the cyber criminal because its your computer and not tied directly to him.

The purchaser of these stolen passwords, can use your email and password combination to then attempt to log into other service you use online.

Remember before I mentioned how convenient it was that you had a single key that opened the car, house, mailbox, and everything else? Yep. Ouch.

You might be thinking again, “But I don’t have anything a hacker would want”.

Facebook is a trove of information and everyone likes to overshare. “Happy Birthday Grandma”. Grandma is pretty tech savvy these days. We only communicate over Facebook.

“Hi Grandma! I’m in a bit of a pickle, I’m overseas at the moment and I have just had my wallet and phone stolen. I’ve been able to setup a temporary bank account and was wondering if you could transfer a couple of hundred dollars to it. The details are xxxxx. Thanks Grandma, I’ll be back home (hopefully) in time to pop by and wish you happy Birthday. Love from your Grandson and definitely not the cyber criminal who just bought access to this account.”

Look at that, you had exactly what a cyber criminal wanted. Access to Grandmas money.

It might not go down exactly like that, but your accounts as well as your computer can be used to attack other unsuspecting people.

I mentioned before whether or not you would notice a few coins missing from your centre console. You probably wouldn’t at first glance, but perhaps down the track.

If this was a cyber criminal taking files (the coins) from your PC, you probably wouldn’t notice at all because you are left with a copy even when she takes a copy.

What files do you store on your PC? Photos? Is there something that could be used for blackmail?

Do you have data that could be used for identity theft?

What about the drivers licence you scanned and emailed to the car dealership that time? What about the bill that Telstra insists on sending digitally? It has your name, address, and phone number listed on it.

You might not be doing online banking, but that’s not the only way you can lose money. A cyber criminal can use these details for identity fraud and have an expenses paid online shopping experience on your dollar.

“But I don’t have anything a hacker would want”, except for everything.

How do you protect yourself?

Passwords are hard. This is why we are all using the same old Petsname1! or Farm2810$ for our passwords. Don’t use the same password for everything. Even a variation of the same password is a bad idea.

Use a unique passwords for every account you have. This can make it difficult to remember, but it is OK to have them written down in a notebook stored securely at home. A password manager would be an even better choice.

To increase your password security, enable 2FA (Two Factor authentication) on all accounts that support it. If you are not sure if a services offers 2FA you can look it up on Two Factor Auth List.

Update software and Operating Systems. Windows can be updated by holding the Windows Key and pressing R. In the run dialog box type in control update and then press enter. Click the button that says Check for Updates.

Running a Windows Operating System that is out of support means it is no longer being maintained and therefore not receiving any security patches. If you are running Windows Vista or XP you really need to upgrade. Vista has been out of support for almost two years. Windows XP a lot longer.

If you are running Windows 7, your should aim to upgrade before January 2020.

Other software can be updated via its own menus within the software. It can be hard to keep track of versions when we have multiple programs installed. PatchMyPC is a free program for home users to easily update all the software on their PC.

While these task aren’t going to make you 100% secure, it is a good start. I have written multiple articles in the past on how to stay secure online. Check out our Tech Tips articles for more information.

Office 2007 End of Support

Office 2007 was released on the 10th of January 2007.  This year sees Office 2007 reaching its 10th anniversary. As with most Microsoft products, 10 years will see the end of extended support.

Office 2007 was the first to take on the modern look. Microsoft replaced the traditional menu with the Office button and replaced the traditional menu drop-downs with the ribbon. The ribbon replaces the text with icons. While the office button didn’t make it to the next version, the ribbon has stayed.

Unsupported software misses important software upgrades. These upgrades patch critical vulnerabilities. These vulnerabilities, if left unpatched, can potentially be exploited by an attacker. Depending on the type of vulnerability, the attacker may be able to access your data remotely.

Extended support for Office 2007 will end on the 10th of October 2017. It is recommended to upgrade to a newer version of Office sooner rather than later.

Extended support for Windows Vista will also end this year. The official date being the 11th April 2017.




Free tools to help keep your PC secure

While computer security seams hard, it doesn’t have to be. I recently wrote a post with 7 tips to stay secure online. This post is a follow up with some additional tools that can be installed to help keep your PC secure.

These tools are not a replacement for your Antivirus. They are designed to run alongside your current AV to ensure you are getting the best protection. My recommendation for paid AV is ESET. If you are short on cash, I would stick to Microsoft Security Essentials.

OpenDNS –  OpenDNS is free for home users and improves your Internet Services Providers DNS by adding web filtering/content blocking, identity theft protection, and the ability to monitor what is happening on your network. OpenDNS can be setup in your home router to protect your entire home network.

This is simple to set up; You create an account with OpenDNS, select the categories you wish to block, and then upgrade your routers DNS.

DNS (Domain Name System) is a service that translates domains names, i.e., into IP address, i.e. Computers talk in IP addresses, which is hard for us Humans to remember, hence DNS. OpenDNS blocks these untrusted IPs so that your devices are unable to access them.

Cybereason RansomFree – Ransomfree is a tool to help protect against ransomware. It creates and monitors several groups of files on your machine. If these files are modified, Ransomfree will attempt to neutralise the attack.

Ransomware is a nasty kind of malware that encrypts the user’s data, requiring payment to have the files decrypted. If you are hit with ransomware, there is no guarantee that paying the ransom will result in the decryption of your files. My advice to recover from ransomware is to reinstall windows, and restore from a backup.

Ransomware is often delivered via email and installs on your device via macros or by taking advantage of vulnerabilities in software. My previous post outlines how to avoid these kinds of attacks.

Microsoft Malicious Software Removal Tool – A free tool from Microsoft that is downloaded and run each month as a part of Windows Updates. While this runs each month it only performs a quick scan.

I recommend running a full scan once a month. This can be performed by:

  1. Holding the Windows Key and Press R
  2. Type in ‘MRT’ (without quotes) and press Enter
  3. Confirm the UAC prompt to allow the software to run as administrator
  4. Click Next, Select Full Scan, and then click Next again

You should see the version (in form of Month Year) at the top of the Window. If this doesn’t have your current date and year you may have to run Windows Update to install the latest version. If ‘Patch Tuesday’ for the current calendar month has not yet happened, then of course you will still be running the previous month’s version.

For more articles visit our Tech Tips page.