Author: Ashley Murphy

Tech nerd, nature lover, animal enthusiast.
Critical Security Flaw Discovered In MacOS High Sierra

Critical Security Flaw Discovered In MacOS High Sierra

 

If you’re a regular here on Digital Security World, then you already know how much we stress the need for strong password protection. Even if this is your first time here, you probably know something about password security and its importance. That being said, what could possibly be worse for account security than having a weak password? How about having no password at all. Incredibly, this was the state of all Mac devices running the macOS High Sierra 10.13.1 software last week. This coming from one of the most prominent tech companies in the world, a company which prides itself on the security of its devices.

The following devices are compatible with MacOS High Sierra software:

  • iMac
  • MacBook
  • iMac Pro
  • Mac Pro
  • MacBook Pro
  • MacBook Air
  • Mac Mini
  • MacBook Retina

The High Sierra Vulnerability

Critical Security Flaw Discovered In MacOS High Sierra
The “root” vulnerability affects every Apple device running the macOS 10.13.1 High Sierra software.

First reported by developer Lemi Orhan Ergin, the vulnerability in the 10.13.1 version of High Sierra gives anyone access to the above devices without having to know the login information. Simply typing the word “root” into the username field while leaving the password field blank will award full access to the computer. Even worse, accessing the device in this way will grant the user administrator status. This is relevant because a user with administrator status can easily access any file or location on the computer, including areas that a standard user would not have access to. For example, if you happen to have your iPhone synced to your Mac or iCloud, an intruder could spy on your text messages.

While it’s easy to see the massive security risk associated with this particular vulnerability, Apple was able to put out a quick patch to address the issue (MacOS 10.13.2 High Sierra). Unfortunately, some users have noted an issue with updating from the base version of High Sierra (MacOS 10.13) to the latest update. So if you happened to skip the MacOS 10.13.1 update, just make sure you reapply the latest version and restart your computer afterward. This will fix the root vulnerability.

Were any of your devices affected by the root vulnerability? Have a question regarding High Sierra? If so, leave a comment below.

You May Also Like: Does The iPhone X Face ID Pose A Security Threat?

Can Two Factor Authentication Replace The Need For Passwords?

Can Two Factor Authentication Replace The Need For Passwords?

 

The Problem With Passwords

Think back to the last online account you’ve created. Whether it was for a new social media platform or an online forum, chances are you were asked to create a password. A common misconception about passwords is that they need to contain random numbers and special characters to be considered “strong.” In fact, most websites won’t even let you finish creating an account until your password is strong enough. In reality though, following these password recommendations could result in an easy to crack password. Now, security researchers are suggesting the use of long phrases as a replacement, however, there is still an issue with this as well.

While remembering a single, long phrase is easy to do, trying to remember a separate one for each of your online accounts can become confusing. And if you choose to use the same phrase for each of your online accounts, you’ll be putting them all at risk in the event of another data breach. Luckily, passwords are not the only way to secure online accounts.

Can Two Factor Authentication Replace The Need For Passwords?
Would you consider using alternative methods of account verification over passwords?

Biometrics As A Password Replacement

Biometric scanning is a relatively new alternative to the standard password. And thanks to popular smartphones such as the iPhone X and Galaxy S8, biometric scanning has gone mainstream. From fingerprint readers to facial recognition software, there are multiple ways in which you can choose to protect your devices as well as your online accounts.

Biometric scans are not without their own faults however. For instance, this past week a flight from Doha to Bali was grounded after a woman discovered her husband had been cheating on her. How did she find out? She had used her husband’s finger to unlock his smartphone while he was sleeping. While that’s certainly one way to catch a cheater, it does raise some concerns about the use of biometric scanning as the primary way to access sensitive information.

The Fast Identity Online Alliance

What we need is a way to combine the convenience of biometric scanning with stronger security. This is where the FIDO (Fast Identity Online) Alliance comes in. The FIDO Alliance is an authentication standard that is quickly growing in popularity among the world’s tech giants. Adopted by Android and iOS devices, along with popular browsers such as Firefox and Google Chrome, the FIDO Alliance looks to enhance the standard username and password experience. They offer multiple authentication options, including password-less login and second-factor verification. The password-less experience allows you to use your preferred biometric scan (usually done through your smartphone) as a way to access your online accounts.

But if you’re truly concerned about the security of your online accounts, you can use FIDO’s two factor authentication process instead. This authentication method takes account security to the next level by adding a USB security key to the login process. That way if someone were to try and remotely access your accounts, they would require your physical USB security key to do so.

What is your take on the future of the password? Do you think biometric scanning is strong enough to replace passwords altogether? Let us know below!

Related: Does The iPhone X Face ID Pose A Security Threat?

 

Top 4 Hidden Vulnerabilities In Your Wifi Connection

Top 4 Hidden Vulnerabilities In Your Wifi Connection

 

The average internet user knows that not all wifi networks are secure. If they’re smart about it, they already have done a review of security software to be certain their computer is safe from a hacked network. However, aside from a weak password, what are the potential hidden vulnerabilities in your wifi connection?

 

Here are 4 vulnerabilities in your wifi connection that you probably didn’t know about:

 

1. Default or shared password

Although the SSID and password that your network came with might seem randomized and, thus, more secure, skilled hackers will be able to crack into your system much easier than if you were to change them to something more personalized. Using a password randomizer is the best way to go about this, but if you don’t think you’ll be able to remember what it is, be sure it’s saved in a safe place.

 

2. Unsecured hardware

Top 4 Hidden Vulnerabilities In Your Wifi Connection

If someone can physically mess with your hardware, they can interrupt or corrupt your wifi connection. Furthermore, many users leave the SSID and password taped to the side or bottom of the router. If your modem and router aren’t locked away in a secured location, you run the risk of having your information stolen.

 

3. Not using enterprise mode

Enterprise mode is much more secure for those with more than one user than traditional WPS pin authentication is. For starters, pin authentication is easier to crack and allows hackers to decode the password. However, enterprise mode is also protected against internal user spying. This means users already connected to the network cannot spy on the wireless traffic of others.

 

4. Automatic connection to neighboring networks

Top 4 Hidden Vulnerabilities In Your Wifi Connection

If your wifi connection isn’t the greatest and often lags or takes a long time to connect, users may instead automatically connect to nearby public networks. If this occurs, they may be accidentally hooking up to a false or hacked network that will steal their data. Always be sure you have a data recovery software like DDI Utilities installed in case this happens accidentally. Furthermore, if the users connects to an alternate network, the users on the other network will have the ability to snoop on that computer’s traffic and private files. This can be especially detrimental for business computers.

 

Especially for corporations, securing your wifi network is vital to keeping your private information safe from harm. These vulnerabilities are the lesser known ones, but if you’re struggling to protect your wifi at a basic level, check out our related post: 7 Ways To Create A Secure Password And Protect Your Data

7 Ways To Create A Secure Password And Protect Your Data

7 Ways To Create A Secure Password And Protect Your Data

 

With all the reports of websites and computers being hacked these days, it’s important to ensure your data is protected with the most secure passwords possible. You certainly don’t want anyone to be able to access your financial information in CreditSesame.com or messages from matches in your Sugardaddie.com account. Many people struggle with password generation and end up creating something generic that is easy to crack. If you are someone who needs help finding ways to create a secure password, we’ve got you covered.

 

Here are 7 ways to create a strong, secure password for optimal data protection:

 

1. Make it as long as possible

The longer your password is, the harder it is for a hacker to crack. Most experts recommend a minimum of 8 characters, but more than that is ideal.

 

2. Use a mix of characters

7 Ways To Create A Secure Password And Protect Your Data

If your password consists of only letters or only numbers, it provides less potential combinations for a hacker to decode–thus, it’s easier to steal your information! Always include at least 1 letter, 1 number, and 1 special character like an ampersand (&), asterisk (*), or dollar sign ($). The goal is to make it as difficult as possible for someone to guess what you’ve chosen.

 

3. Do not reuse old passwords

As time goes on, encryption technology becomes increasingly secure. So a site that you signed up for 10 years ago will be less safe than a site you sign up for today. That being said, now the older site is easier to hack into, and your information is at risk! If the hacker then tries to get into your other accounts and you are still using the same password, they will have no difficulty accessing your important and private data. This is why it is so imperative that you use different passwords and change them over time.

 

4. Opt for multi-factor protection

7 Ways To Create A Secure Password And Protect Your Data

Some websites will allow you to choose multiple methods of protection for your account. If you have the option, always go for 2 or more factors. This may include a standard password coupled with a CAPTCHA system, fingerprint scanner (for mobile devices), text message verification code, or a security question. This is especially important for companies that house your sensitive information like online banks or your student loan servicer.

 

5. Use the strength analyzer

Many sites will tell you how strong your password is as you type it in when creating your account. Utilize this feature! If it says your password is weak, it is. Make sure your password is the highest level of difficulty. If the site doesn’t have this included, you can use a third party site to analyze it for you.

 

6. Store them safely

If you’re following our tips thus far, you now have a different password for each account. Realistically, these are going to be difficult for you to remember. Writing them down is likely the easiest solution, but it’s not the most secure. Read security software reviews to find a program that will save your password information in an encrypted, protected file that no one else can access.

 

7. Keep it to yourself

7 Ways To Create A Secure Password And Protect Your Data

Last, but not least, always remember to keep your passwords to yourself. Don’t share them with anyone, even the people you trust most. The more people that know your password, the higher the likelihood of your data being at risk.

 

Consider these tips the next time you sign up for an account somewhere. And if you’re in violation of any of them, go back and change your passwords. Don’t take the chance of losing important information or having your data stolen due to something that is easily preventable!

 

There are many scammers out there looking to steal your password information under false pretenses. Keep yourself safe by checking out our related post: 4 Signs For Recognizing An Email Scam

6 Symptoms Of An Infected Computer

6 Symptoms Of An Infected Computer

 

Without installing a top antivirus software, your computer is at risk for viruses, malware, hacking, and all kinds of suspicious activity. So if your device isn’t protected, how can you know if you’ve got a computer virus?

 

Here are the 6 most common symptoms of an infected computer:

 

1. Slow speed

Both the internet and your computer itself will significantly slow down if you’ve got a virus. This can happen because the attacker has uploaded a large application or multiple malicious files to your computer, bogging it down with excess data. It can also be that the purpose of the virus is to slow down your system enough that the hacker can obtain your private information.

 

2. The Blue Screen of Death

6 Symptoms Of An Infected Computer

Especially on older systems, the Blue Screen of Death would appear when crashing to inform you that there is a technical error. This error is typically caused by malware altering or overloading the computer and preventing it from starting up properly. These days, the actual blue screen is less common, but if your computer or any specific applications are regularly crashing, you are most likely dealing with an infection.

 

3. Low disk space

If you’ve never had a storage space issue in the past and aren’t excessively downloading or creating files, you shouldn’t have any problems with this. So when you get a message telling you your disk space is low, be suspicious. This is possibly due to the unwarranted loading of files or applications onto your system by hackers and viruses. Some people incorrectly attribute this to an antivirus software. However, that will not be the culprit here, especially if you use a cloud-based system like Panda Global Protection.

 

4. Excessive toolbars

6 Symptoms Of An Infected Computer

When you install something from an unknown source, it can result in the addition of toolbars and extra search bars to your default browser. These are usually just a front for the real, malware-carrying application that is being transferred to your computer.

 

5. Strange messages or pop-ups

6 Symptoms Of An Infected Computer

Pop-ups are a normal part of surfing the web. Most websites will have pop-up advertisements on them, but this doesn’t mean you should click on them without caution. And if you’re getting pop-ups and unsolicited messages on the device itself without the browser being open, it’s likely due to a virus.

 

6. Disappearing files

If you ever think to yourself, “Hey, where did my files go?” this is a huge red flag for a computer infection. Your files will never just hide themselves on their own. The most probable explanation is that your computer has been the target of an attack. Hopefully, you will have a backup plan to retrieve your lost files, but if not you should be looking up data recovery software reviews to find something that will assist you if this sort of thing ever happens with your device.

 

The best way to prevent ever having to diagnose your computer with a virus is to be proactive. Install an antivirus or security software to your computer, tablet, and cell phone to ensure you never have to deal with this problem again.

If you’re worried about the content of your emails potentially being a source of viruses or malware, read our related post: 4 Signs For Recognizing An Email Scam

5 Strategies For Protecting Your Business Assets And Ideas From Fraud Or Theft

5 Strategies For Protecting Your Business Assets And Ideas From Fraud Or Theft

 

As a business owner, you should do everything in your power to make sure your company grows to be successful and is always safe from dangerous threats. In order to do so, it is important to make sure you have a plan in place to protect and secure all of your precious data and information.

 

To help you plan, review these 5 strategies for protecting your business assets and ideas from fraud or theft:

 

1. Trademark, watermark, patent

Keep others from stealing your creations by trademarking names, watermarking photos and videos, and patenting your ideas. By using these methods, you can safeguard your things effectively and legally. Watermarking can even be done on your own, using a watermark software to make the process quick and easy. You can’t prevent someone from stealing your photo this way, but you can make sure everyone who sees it knows it’s really yours.

 

2. Data encryption

5 Strategies For Protecting Your Business Assets And Ideas From Fraud Or Theft

Your business data is valuable to you. If it were to fall into the wrong hands, the repercussions for your company could be detrimental. To ensure this doesn’t happen, you need to encrypt your files. Encryption scrambles the data or makes it password protected to hide it from prying eyes.

 

3. Due diligence

When working with anyone other than yourself, whether it be clients, partners, or employees, you need to do your due diligence. This means running a background check and thoroughly vetting them to ensure they are trustworthy. They must be willing and able to keep your company secrets.

 

4. Non-Disclosure Agreements

5 Strategies For Protecting Your Business Assets And Ideas From Fraud Or Theft

Having your partners and employees sign a Non-Disclosure Agreement (NDA) ensures that they by law cannot share your secrets. So even if they turn out to be untrustworthy, there are legal repercussions for them that will allow you to take action against the offending party.

 

5. Secure your devices

Your company cell phones, tablets, computers, and all electronic devices are susceptible to being hacked or infected with a virus. To prevent these issues, consider browsing reviews of security software to find the program that best suits your business needs. These programs can include special features that you may find more useful to you than others, so it’s important to do your research before committing.

 

Protect your business today. If you fail to follow these safety precautions, then you are ultimately leaving yourself, along with everything you have worked so hard to build, vulnerable.

 

If you’re interested in learning more about data protection and security, take a look at our related post: 3 Easy Ways To Protect Your Data

 

5 Strategies For Protecting Your Business Assets And Ideas From Fraud Or Theft

4 Things That Can Affect Your Online Reputation

4 Things That Can Affect Your Online Reputation

 

For businesses and individuals alike, search results can reveal a lot. Just as you wouldn’t want someone saying negative things about you to the people in the neighborhood, you don’t want negative comments to be posted or ideas to be formed about you (or your company) based on information that is available to internet users worldwide. Protect yourself and ensure your digital exposure is a positive one by understanding what aspects make a difference.

 

Here are 4 things that can affect your online reputation:

 

1. Social media posts

Even if you, yourself, are careful with your privacy settings on social media sites like Facebook or Twitter, you have little to no control over what is posted about you by others. If you run a company, this can mean Facebook reviews by consumers. If you’re an individual, it means that video of you killing the beer pong competition at a frat party last weekend may have been posted by a party-goer for everyone to see. Look out for these posts so you can take action towards addressing any issues or having the offending items removed.

 

2. Published content

4 Things That Can Affect Your Online Reputation

For companies especially, publishing content such as blog posts or press releases can help stifle any negative search results. Using a software such as SEO Powersuite will help you to build links that positively affect your ranking, as bad links are also a major source of a negative internet presence. For the average Joe, anything that you publish to your blog or submit to other sites is recorded. Make sure the things you post are things that you will still be proud to have representing you years down the line.

 

3. Public record

Have a felony? Filed for bankruptcy? These details are public information that can be found by anyone with an inkling of solid googling skills. There is no real way to avoid these aside from not doing them in the first place. If they’re already out there for the world to see, you’ll want to work on managing your reputation to hide the results from immediate view.

 

4. Photos

4 Things That Can Affect Your Online Reputation

Search engines don’t only show written results for you or your organization. There’s also an images tab, which shows any photograph even remotely related to your name. Even if you aren’t the one that posted the image, it may still have a tag or keyword associated with it that links back to you or your company. Sometimes, these photos are even linked to spam that can erase data from your computer when you click on it, which is even worse since you are now associated with malware.

 

The first step in preventing this issue from arising is to make sure your devices are protected by reading reviews for data recovery software and choosing one that’s right for your system. The second step is contacting the domain hosts and getting them to remove the harmful content. If that doesn’t work, your best bet is always to do a little bit of SEO recon to bury the negative images with positive or neutral ones of your own.

 

Your online reputation has a lot more weight in these times than it ever did before. In fact, it may even be more important than your reputation amongst the small circle of people you know personally. Remember these ideas when you are doing anything online to ensure your search results are ones that you would be proud for your grandmother to see when you teach her all about “The Google.”

Related Post: How To Safely Browse The Internet

3 Ways Your Phone Is Tracking You

3 Ways Your Phone Is Tracking You

 

We are never alone, even when we are physically isolated. As cell phone users our every move is being watched, although not everyone is aware of this. There may not be someone on the other end actually looking at you, but your mobile device is collecting data on you every second that it’s powered on.

 

Here are 3 ways your phone is tracking you:

 

1. Location

3 Ways Your Phone Is Tracking You

If you check your phone’s settings, you’ll see a tab specifically for location services. Websites and applications use this data to tell you where the nearest store is, give you directions, and tailor advertisements to items and retailers in your vicinity.

 

2. Passwords

3 Ways Your Phone Is Tracking You

Every site makes you use a different password. Sometimes you need only letters and numbers, sometimes a special character or symbol is required, and oftentimes if you have used a password before, the site will not let you use it again. Who can keep track? Our phones can. And they do. Ensure your passwords are varied to prevent unethical site owners from gaining access to your other personal data.

 

3. Apps

3 Ways Your Phone Is Tracking You

Even the most harmless mobile applications are saving your data. Sometimes it’s for your own benefit, such as the Fitbit app keeping track of your breathing rate, heart rate, and general exercise data. Sometimes it’s to keep track of the statistics of their user base. Unfortunately, your information, such as your email address or phone number, is often sold to other companies, which is a major source of email spam.

 

So what do we do?

A majority of the reasons why your phone is keeping tabs on you are beneficial, which is why there isn’t more outrage over this topic. Sometimes, though, this information can be used maliciously. Protect your phone and your mobile data from attackers that target you based on their collected data using an antivirus program. Most antivirus computer software also comes in a mobile app version, so check out these antivirus software reviews to determine if any of their functionalities works for your device.

 

Related Post: The Importance Of Updating Your Phone Software: Why You Need To Regularly Update Your Apple or Android Device

4 Signs For Recognizing An Email Scam

4 Signs For Recognizing An Email Scam

 

Email phishing, the practice of scamming users with a fake email in order to obtain private or secure information, is not always caught by your provider’s spam folder. Each year, attackers improve at avoiding the various firewalls and safety nets that are meant to prevent them from achieving their malicious goals. You can no longer rely solely on email providers to do the work for you. It’s important to be vigilant about the various hints that suggest an email may be from a false source.

 

Here are 4 signs for recognizing an email scam:

 

1. Poor spelling or grammar.

Reputable companies always do their due diligence when it comes to hiring employees. Spelling and grammar standards are high, especially for the individuals that write their content or deal in customer service. Any legitimate email from a reputable company will be flawlessly edited. Of course, human error is always a possibility, but if mistakes are frequent or flagrant the sender most likely is not who he says he is.

 

2. Asking for money or personal information.

Any company you hold an account with knows your personal information and will not solicit this (or monetary compensation) from you via email. Sometimes attackers will pretend to be someone you know, like a family member needing money for an emergency or a friend sending a funny attachment that actually contains ransomware. Ransomware can hold your entire computer hostage, so without a data recovery program like Acronis True Image or DDI Utilities you will be unable to regain access to any of your files. Never give out this information or click on anything that you are unsure of without contacting the sender directly through another method. If it’s your bank, call the customer service line to verify. If it’s your family member, call them first to ensure they are the one who sent you the message.

 

3. Irrelevant email address.

The email address of the sender is another clue to the validity of an email source, but an often overlooked one. Be sure to check that the address is relevant to the company. For example, an email from an employee at Microsoft will have an address of personsname@microsoft.com. If the address is something irrelevant like microsoft@money4u.net, it will definitely not be from someone at that company.

 

4. Unsolicited and unfamiliar contact.

If you ever get an email that makes you think, “Hm, I can’t remember registering for this” do not ignore that feeling! This is a common first sign for an email scam that many users brush aside. If you don’t remember signing up for it, you probably didn’t, and you should use that feeling to prompt you to be alert for other signs of phishing. It is rare for a company to make first contact with a user. It’s even rarer for said company to link to an external site asking you to download something or provide personal information, so beware of this!

 

Thousands of people every day lose personal data from their computers by falling prey to these vicious scams. Check out some reviews for data recovery software to find a program that will help protect your files in case your “scammy senses” fail to tingle.

 

Good luck and stay vigilant!
Related post: 5 Types of Digital Threats To Beware Of And How To Prevent Them