The following alerts have been updated to reflect new and important security protection schemes:
11/21/2017: 184.108.40.206 is a free DNS Domain Name Service that helps hide the sites you goto. Cloudflare runs it and promises no logging.
3/15/2018: ID Thieves are using the IRS and filing fake tax returns. Remember that the IRS never calls or sends email to you. They use old fashion US mail. Sign up for an IRS PIN if possible.
2/8/2018: Lenovo PCs with fingerprint readers need to be updated. Lenovo laptops with certain Broadcom Wi-Fi chips also need an update
1/12/2018: Laptops for Business use may have Intel AMT. You need to configure it or else your open to Intel AMT attacks.
1/5/2018: Meltdown and Spectre are 2 new processor chip bugs that affect most modern computers, smartphones, and tablets. They will need software updates to mitigate this bad bug. More Details – Older system without updates are dangerous to continue to use. Time to buy new hardware.
11/21/2017: Quad9 is a free DNS Domain Name Service that helps prevent users from accessing malicious sites. Run by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA)
11/1/2017: Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update. It works well and should be used by all Windows 10 users.
10/16/2017: KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. Virtually ALL Wi-Fi equipped devices need to be updated. The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks. Using a VPN helps.
Continue reading “Updated Safe Gadget Security News – Security Alerts 2018”
Last Update: March 18, 2018
Internet of Things Scanner
Run this online scanner to see if any of your IOT devices are visible and need to be secured.
October 2017 Wi-Fi KRACK attack Warning
KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. Virtually ALL Wi-Fi equipped devices need to be updated. The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.
Securing Internet of Things, Smart Home Devices
More and more gadgets for the home are connected to the Internet for additional functionality. Refrigerators to Thermostats to Door Locks, the list is never ending. Do not forget about security. You may have created an open door for hackers, become part of an evil Botnet, or illegal activity without your knoawledge.
A vulnerable webcam can give ANYONE on the Internet a view of your home. Secure these home gadgets as strongly as possible. Many can NEVER be updated, which means that you should discontinue their usage.
Wi-Fi Network Connection
Here are some general tips to secure your new IOT or smart home devices:
- Change the default password or credentials of the Device
- Update the device to the latest firmware available. If the company does not have a firmware update page on their website, we would return it. Do this again every couple months.
- Connect your IOT device such as a Dropcam or Nest Smoke Detector to your Guest Wi-Fi network whenever possible. This network should be walled off from the normal network, preventing access to all your Computers. Malicious devices could snoop on your network and quietly send information without your knowledge.
- If the Wireless routers guest network is not secure, it is even better to have 3 routers in a Y configuration. You can purchase an inexpensive router that hooks up to your Cable/DSL modem, then have 2 separate wireless routers connected to this device. Put all Internet of Things devices on one of the Y routers. Connect your computers, smartphones, tablets to the other router.
- Have the Guest network that IOT devices are on, use a different dns server
- Turn off uPNP on your router to prevent ports from being opened up to access IOT devices.
- Never poke a hole through your firewall for a device. It could then be accessed by anyone on the Internet! Use Shields Up! to look for open ports.
- Peer to Peer capabilities are hard to secure. Avoid devices with this.
- Cheaper IOT devices especially no name ones sold on Amazon or eBay should be avoided. Most of these are rarely built with security in mind and are never updated. Stick to brand name, IE Netgear, Google, Ring, etc..
Continue reading “Hacked Internet of Things Database”
Last Updated: March 1, 2018
Google’s Android operating system powers many popular cellphones including the popular Samsung Galaxy S8. Most Android Smartphone users as well as most of the pubic at large do not think very much about security.
If your phone is not running the latest Android security patches, you are open to attack. A recent Wall Street Journal article showed that only 2.8% of Android devices have the latest security patches. Compare that to 79% of iPhones due to Apple’s uniform eco-system.
Google Play Protect
- Be sure your device is running Google Play Protect. It scans for Malware and bad apps. This was release in July 2017 and runs on Google Play Services 11 or higher. This is a unification of Android security systems like Verify Apps, browser protection, and anti-theft measures.
Most Up to Date Android phone
This flagship phone runs the latest Android version and is patched regularly. Sold directly from Google or from a couple carriers.
Continue reading “Android Smartphone Security, How to securely use your Android Smartphone or Tablet”
Security has become an ever more important part of using a personal computer. Increasingly, the daily headlines include news of companies and websites getting hacked. It is important to learn how to properly secure your wireless Internet as well as secure your personal computer.
This article focuses on how to secure your wireless network router so that you do not become part of the statistics. The wireless router typically includes a firewall that defines the perimeter of your network. Think of this as a fence, walling off your network from the Internet. Having a vulnerable wireless network allows criminals to ppossibly steal your data as well as Internet access. You could also become responsible for illegal downloading if your wireless Internet was compromised.
Government Spying via Compromised Wi-Fi Routers
WikiLeaks has confirmed that insecure wireless routers were hacked and users spied probably by the CIA. If you own a router on the list, update its software immediately or buy a new one.
Federal Trade Commission Makes Asus Improve Router Security
In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.
The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.
Continue reading “How to Setup a Secure Wireless Network Router”
Last Updated: 3/1/2018
Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..
Most iPhone users do not think very much about security. The iPhone is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPhone has grown in popularity, the smartphone has become more of a target by hackers and criminals. It is important that iPhone users immediately become more vigilant about smartphone security. Our tutorial covers the iPhone through iPhone 7 Plus and iOS through iOS 11.
0. Obsolete Hardware
If you have an iPhone or iPad that no longer gets updates, we would recycle it and buy a new one RIGHT away. Keep in mind that iOS 10.3.3 is the first version that fixed a Huge Broadcom Wi-Fi bug. Without that fix, you can get hacked by just having a Wi-Fi signal nearby.
1. iPhone Software Updates
Apple upgrades the iOS software for the iPhone from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPhones to a computer in order to update the smartphone’s software. Needless to say, this was inconvenient and led to many iPhones with obsolete software.
Always update to the latest iOS software available as soon as possible.
Continue reading “iPhone Security, How to securely use your iPhone”
Last Update: 5/4/2017
The International Travel Security Problem
Many of us travel internationally but few realize how important computer security can be when we visit other countries. People doing business in countries like China and Russia (or any other country for that matter) need to pay strict attention to their technology security protocols to prevent the real and growing threat of high tech espionage. There have been instances of people returning from abroad and having their laptops or smartphones compromised. A mobile device used internationally and later hooked up to the Company’s network provides an excellent infection vector. The folks intent on stealing information could be government or corporate based.
Learn how to use your iPhone or Android Smartphone in China
How to Protect Yourself When Traveling
Some people might find the following list a bit paranoid, but you never can be too safe. People that work for major corporations, government, or security firms need maximum protection from attackers. There are tools that can detect the location of a mobile device to within 100 feet and can target phones by the phone number, IMEI (International Mobile Equipment Identity) number and intercept all communications from the mobile device.
- Leave your cell phone and laptop at home
- Buy a phone and SIM card in the other country
- Beware of any SMS message especially if they have links
- Do not bring any sensitive data or passwords
- Use temporary or loaner cell phones and laptops which will be erased when you get home
- Make sure all gadgets are fully up to date and have security software enabled. The best encryption should be utilized
- Never let your electronics out of your site
- If your device gets inspected at the border, it should never be connected to the Company’s network again
- Turn off Bluetooth and Wi-Fi
- Avoid public Wi-Fi altogether
- Do not use a public phone charging cable, it could be capturing video while you charge
- Disable microphones and cameras
- During meetings, turn off your devices and remove their batteries. (Prevents possible recording)
- Use a VPN with heavy encryption to connect to the Internet
- Use Google Voice to create a “throw away” voice accounts
- Do not connect to your Company’s or government’s network while abroad
- Use coded language when discussing sensitive matters
- Cut and paste passwords to prevent keylogging
- Change any and all passwords you used on the trip, immediately
- Enable two factor authentication for services that support this; Facebook, Gmail, eBay, etc.
- Two factor authentication system using SMS text messages is not secure, due to the weak SS7 routing system. We suggest only using two factor when you can use a token or a time based authenticator like Googles.
Continue reading “How to International Travel and Maintaining Computer Security Tips”
Last Update: 4/23/2017
Security has become an important part of using a personal computer. Gone are the days of just installing anti-virus and not worrying any further. Increasingly, the headlines include news of companies and websites getting hacked and personal date stolen. It is important to learn how to secure Windows and apply Internet Security, whether it is a notebook or desktop. Microsoft Windows remains the most popular personal computer operating system around. Because of its ubiquity, Windows has become a prime target for cyber criminals intent on stealing your information. This article focuses on how to secure your Windows-based PC so that you do not become part of the statistics. Our other tutorials help you secure your Firefox or Chrome Browser, e-mail, secure your wireless network, online shopping, iPad, smartphone and more.
Before you make any changes to your system, always back it up.
We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.
Physical Hardware Security
If the computer is located in a location accessible by others, it needs to be physically secured. Prevent others from stealing the machine, installing key loggers into the machine’s ports, or other foreign, unapproved devices into your personal computer’s USB interface ports. Consider disabling your USB ports for safety sake. Obviously, if the computer is located in a home, physical hardware security is not as important. Never, plug in a USB flash drive or device that you find on the ground or that unexpectedly arrives.
Consider buying a secure flash drive such as Lok-it that requires a PIN to be entered before it allows access.
Securing the Windows Vista and Windows 7 Operating System.
Continue reading “How to: Windows Internet Security and Windows Security Made Easy”
Welcome to Safegadget.com, the one-stop website for securing your computer and gadgets. Don’t wait until you have become a victim of malware. While it is impossible to prevent all attacks, it is important that we all secure our systems so we aren’t easily hacked. This is akin to wearing a seat belt to prevent an accident.
We feature many different security tutorials.
Harden the Security of your Browser
Boost the Security of your Smartphones and Tablets
Learn how to perform the following Safely and Securely
Continue reading “Welcome to Safegadget.com”
Last Update: August 13, 2017
While SafeGadget has several tutorials geared towards using Wi-Fi securely, we still realize that this is a major problem area. On our recent trip, we encountered insecure Wi-Fi at several airports, hotels, and restaurants. This tutorial is designed to help all users utilize Wi-Fi safely and securely.
Free Wi-Fi is available in many locations, from airports, hotels, local café, Starbucks to McDonald’s and many other restaurants. Using these mostly unsecured, public wireless networks puts your information at risk. It is important to employ several safeguards when surfing at a public hotspot. If you are using a cybercafe’s shared computer, we would only use it to view information, not to even get your e-mail. Chance are high that it is compromised.
Many public wireless networks are completely unencrypted so that users can log on to them easily. Anytime you login to a free Wi-Fi hotspot that does not require a password, assume that a hacker can ease drop and see all information that is being sent and received.
Some Wi-Fi hotspots from vendors like AT&T and Comcast require you to log in with your username and password before you can get access. You need to understand that this is just access restriction and will not create a secure wireless connection.
This opens up a huge security hole as any hacker or sophisticated computer user could easily see all the sensitive data being transmitted. Passwords to online stores or email accounts can be easily captured by increasingly easy to use tools. In this article, we will help you access public wireless networks safely. Settings within your operating system may need to be optimized, additional software installed, and third party services may need to be subscribed to.
Finding Free Wi-Fi Continue reading “How to use Wi-Fi securely in Hotels, Airports, and Beyond”
Updated January 2014 to cover a new TCP 32764 Wireless router Vulnerability.
A major security hole known as WiFi Protected Setup (WPS Bug) PIN brute force vulnerability (US-CERT VU#723755) has been recently found in virtually all modern Wireless Routers used in the home, resulting in a vulnerability that allows hackers to extract your WPA wireless security password in a matter of hours. Wi-Fi Protected Setup (WPS) is a protocol that allows users to press a button on their Wireless Router and connect to their computers without typing in a long cryptic password. A hole in this protocol has been recently found and exploited, allowing hackers easy access to cracking most wireless networks.
Why is this a major security problem?
- Virtually all wireless routers have this problem
- Many wireless routers (Qwest Actiontec, etc) use the same unchangeable PIN 12345670, hackable in seconds
- WPS is turn on by default to get certified by Wi-Fi Alliance
- Wireless routers do not automatically update their software to get a fix
- The number of PIN codes to test is only 11,000 instead of 100 million
- Attack software is available
The biggest issue is that virtually all wireless routers sold in the last 4 of years are hackable. The manufacturers need to update their firmware for these devices in order to fix the security breach. Virtually all wireless routers do not automatically update their firmware. As of January 16th, 2012, no manufacturers have issued updates, leaving millions of wireless networks vulnerable. Adding insult to injury, options to disable Wi-Fi Protected Setup (WPS) have been found to not do anything.
Why is getting your wireless password bad?
There are many reasons why you do not want your wireless password hacked.
- Others could use your Internet Connection Freely
- Spam or other illegal activities could be sent
- Everything you do on your network could be captured and read
- Your online banking and trading would no longer be secure
Continue reading “Major Wireless Network Security Breach – Wi-Fi Protected Setup (WPS Bug) PIN Brute Force Vulnerability – Reaver”
Last updated: 11/7/2015
In June 2013, Edward Snowden revealed to the world that the US Government was spying on Internet traffic and other communication networks. The Government’s PRISM program run by the highly secretive NSA conducted all this work in an effort to prevent terrorism and crime.
The NSA apparently has direct connections through major Internet service providers such AT&T, Comcast, Verizon to copy all traffic passing through and can save it to its huge multi-billion dollar data warehouse in Utah. This has been going on for years and thanks to organizations like the EFF, we have learned about these invasions of privacy. The Government has stated it is using this information mainly on foreigners, but is the FBI using this data domestically?
The UK’s GCHQ is apparently doing the same type of snooping and even sharing information with the NSA.
The Government can see all your Facebook posts, read your email, see who you have called, among other privacy invading tasks.
Other services that are being watched: AOL, Apple, Skype, Microsoft, Paltalk, Yahoo, Youtube.
- Chat- Video
- Stored Data
- File transfers
- Video conferencing
- online social networking
Continue reading “NSA PRISM Program – How to Protect Your Privacy”
Most iPad users do not think very much about security. The iPad is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPad has grown in popularity, the tablet has become more of a target by hackers and criminals. It is important that iPad users immediately become more vigilant about tablet security. Our tutorial covers the iPad, and iPad 2.
1. iPad Software Updates
Apple upgrades the iOS software for the iPad from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPads to a computer in order to update the tablet’s software. Needless to say, this was inconvenient and led to many iPads with obsolete software.
iOS 5 allows updates to occur without the iPad being connected to a computer, allowing users to stay current far easier. We recommend all owners of the iPad and the iPad 2, upgrade to iOS 5 immediately. iOS 5 in fact includes many security fixes.
If you Jailbreak your iPad, you need to be extra careful with regards to security as iOS updates are much more difficult for you. Be careful where you obtain your Jailbroken Apps as malware is much more prevalent.
2. iPad App Security
Apple’s App Store reviews all submissions before adding them. All iPad apps must be authenticated and signed which helps to ensure they haven’t been tampered with or altered. This helps prevent malicious apps from infecting the App Store. Apps are prone to security vulnerabilities, that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. Regularly use the App Store app and select Updates. iOS 7 adds the capability to auto update your apps. Be sure to use this function. Apple has the ability to remotely remove malicious apps from your iPad.
Continue reading “iPad Security, How to securely use your iPad”
Welcome to Safegadget.com. Helping you keep all those gadgets secure with computer security tips galore.