WannaCry Ransomware

Aaaand we’re back! No prizes for guessing the topic of our latest blog entry! The NHS has been targeted by a piece of ‘Ransomware’ known as WannaCry. The centrepiece of this attack is the encryption of all their data. The actual virus is fairly easy to remove, but the damage is done by way of encrypting any data on an infected machine with an encryption key held only by the designers of the ransomware. A ransom is then sought for the encrypted data. Microsoft Windows operating systems are currently only affected, but it is worth keeping all operating systems updated. Modern Windows operating systems are protected by way of security updates. Windows XP, which most, if not all, of the NHS runs on, is no longer supported by Microsoft. Therefore, if you are running Windows XP, you are putting yourself at risk, and we advise that you upgrade your computer to a later operating system as soon as possible

Malicious Software

The internet is a dangerous place. There is no denying it. However, at the same time, it is a wonderful source of information. In order to stay safe on the internet, it is important to not click, or install, any software that can compromise your computer.

While researching for this post, I found a video on YouTube from Jim Browning. In this short film, he explains how a particular piece of software, known as ‘System Diagnostic Tool’ defrauds it’s customers. The ‘program’ in question, reports to remove, or clean, your PC of infections and junk. In reality, it does nothing. The video is well worth a watch.

System Diagnostic Tool is a product of Sparksgen Limited, retailing through http://www.safeapzz.com, who are both well known within the IT industry as fraudsters. Please do not install this, or any of their software mentioned in the video. Should you have already installed this, or any of their software, please remove it immediately and run an antivirus/anti-malware scan of your computer.

The one app you should never use…

Edward Snowden, the former CIA employee and NSA whistleblower, has just given Google’s new messaging app, Allo, a damning review.

“Free for download today: Google Mail, Google Maps, and Google Surveillance,” he wrote on Twitter. “That’s #Allo. Don’t use Allo.”

Screenshot 2017-01-24 20.22.56.png

Google Allo is the new ‘smart’ messaging app, and bears similar features to the likes of WhatsApp or Facebook Messenger. It also offers the added help of Google smart assistant, just add the @google chat bot to your conversation and it’ll interact with you like a real personal assistant.

But, there is one significant downside; privacy. As you probably guessed. The default setting in the app is for Google to collect all of your conversations, forever. Google initially stated that they would only access your messages on an ‘ad-hoc’ basis, to improve the Google AI. Now, it seems, Google have changed their position. On launching Allo, Google now collects all your conversations, unless you start a conversation in incognito mode. This, for Snowden, is a big problem.

In his tweet, he goes on to say; “Thinking about #Allo? Last year, our secret court approved 100 per cent of requests for surveillance. They would cover Allo.”

Snowden is basically saying that it gives the U.S. Government 100% access to your messages. There isn’t any news, or opinion, on how this relates to us in the UK, and Europe. Snowden advises to play it safe and use a secure client, such as Tor or Signal, which send encrypted messages that are stored only on the recipients device.

 

Facebook – Keep it secret, keep it safe

In today’s world, your data is worth more than gold to companies large and small. It is also of high value to the more unscrupulous persons of the world. While Facebook pushes you to add more and more personal data, most people are unaware of how Facebook uses that data. In this blog, we will outline seven things you should remove from your Facebook profile.

1. Your phone number

 

If your Facebook profile isn’t set to be private (and it should be), and you’ve added your phone number, then your number can be ‘skimmed’ by the aforementioned unscrupulous members of society to be sold on to cold callers, among others. There really is no need to have your number listed on your profile, and is akin to shouting it from the rooftops, given the number of users Facebook has (1.79 billion)!

2. Remove those ‘funny’ drunk photos

Even though it seemed like a great idea at the time (like most things when you’ve had one too many!), drunken pictures are not only embarrassing, but can affect your career. Social media checks are now standard for would-be employers, and seeing you with your head in a bucket, does not give a good impression.

3. Your date of birth

Along with your phone number and address, your date of birth is something that identifies you personally on the internet. Using your date of birth, identity thieves can impersonate you to do no good. Surely not having your identity compromised is more important than your Facebook ‘friends’ knowing when to copy and paste their generic birthday wishes, right?

4. Your location

Adding your address is pointless. All you’re doing is giving away where you live and, as we’ve already seen, that’s just one of the bits needed to give away your identity.

Along with the above, there are plenty of other places you shouldn’t be tagging yourself either. Dropping the kids off at school, for example. It’s not the best idea to let everyone know where your kids go to school.

5. Your holiday snaps

It’s very tempting to share pictures of your tan when you’re away in an attempt to make your friends stuck in the cold and rain, jealous. We’ve all done it (me included!), but it is smart to wait until you some home. Unless, that is, you want the 756 ‘friends’ (how many do you really know) to know when your house is empty!

6. Your boss

Managed to get that job you’re after? Maybe even your dream job? Well, adding them on Facebook, especially if our advice on drunk photos hasn’t been heeded, is not advisable. There have been multiple instances of Facebook users losing their jobs for views and opinions they have expressed. Plus, when your friends tag you in photos of that day out at the beach when you called in sick, you’re going to get rumbled. It’s a no brainer really.

7. Being tagged in inappropriate posts

We’ve all got that one friend. The one who still thinks it’s hilarious to tag you in questionable memes and straight up inappropriate images. Well, there’s a solution to this problem. It’s called ‘Timeline Review’ and can be enabled by going to: Settings > Timeline and Tagging > Who can add things to my timeline and switch the ‘review posts’ option to ‘on’. This way you’ll get a notification to approve posts your tagged in. Yes, it’s a bit more hassle for the majority of posts your tagged in, but it can be useful for the ones that are not so innocent.

 

WhatsApp Scam

A quick post this Sunday morning. I have just received a WhatsApp message from a friend, offering a £250 voucher for M&S. The message reads: ‘Hey, have you seen this? http://www.marksandspencer.co.uk-gift.com/ Free gift cards from Marks & Spencer. They are giving away £250 gift cards to celebrate the new shopping season. It’s a limited offer so you better claim one while it lasts. I got mine’

There has been a similar message sent, with Sainsbury’s as the company mentioned. Sainsbury’s have tweeted this:

Screenshot 2017-01-15 11.41.15.png

It goes without saying; its a scam. Do not click on the link, and delete it straight away.

Autofill Vulnerability

Today brought news of another danger to our online security. Finnish web developer and hacker Viljami Kuosmanen discovered that several web browsers, including Google’s Chrome, Apple’s Safari and Opera, as well as some plugins and utilities such as LastPass, can be fooled into giving away your personal information through their autofill systems.

Many people around the world use the autofill feature of the browsers mentioned above. While it is a handy convenience, the risk of giving away your data must surely outweigh the time taken to fill in your email, or postal address.

Users of Mozilla’s Firefox browser are safe, as the program doesn’t offer an autofill feature.

We are advising users to disable the autofill feature on the browsers we have outlined, until a fix is released.