Macintosh Categories - Safegadget.com

How to: Anonymous Browsing, Internet Privacy

SafeGadget — Sat, 01 Feb 2020 08:00:44 +0000

Last Updated: 2/20/2022

Check out our Facebook Settings How To Privacy Page

Why should I be concerned about Internet privacy?

Do you like online ads following you around from site to site?
Can you discuss your health problems online without fear of losing insurance?
Do you worry about publishing private information that could lead to stalking, surveillance, or identity theft?
Does your work place monitor your Facebook or Twitter? Could you be fired over a post?
Do you live in a country where you could be arrested or tortured based on what you post online?
Did you know that third-parties collect information the government is not allowed to collect? The government has purchased this information too.
Companies such as FinFisher are selling hacking software to countries and corporations to break into people’s computers and monitor them.
Visit the EFF’s Panopticlick site to see what you are telling the world right now, before using the tools below.
Tactical Technology Collective has tips for journalists and activists on how to increase their privacy.

60% of people polled by the WSJ.com were tremendously worried about the loss of online privacy.

The Internet appears to facilitate privacy and anonymity, but in recent years has been a battleground that pits advertisers on one side and users on the other. It has become increasingly difficult to maintain privacy on the Internet because money has gotten into the game. As online advertising has grown, companies have sprouted up, attempting to optimize Internet advertising performance by combining advertising with profiling. While individual users may not be known by name, they have become ghost profiles that are increasingly matched up with appropriate advertising. If you have found Internet ads following you from site to site, you have been profiled and are seeing the results. In this article, we will examine many methods to enhance our Internet privacy and perform operations anonymously.

One of the main goals of Internet privacy is to make that people have the ability to make informed decisions about how they act online. Users should be told ahead of time how their personal information is used and shared.

The Real Cost of Free Content

While many users assume that most content sites are free, there is a hidden price being paid, the users private information. Most online advertising companies are tracking web browsing activity across many websites in order to build profiles of users. They cross-reference and trade information to generate revenue and better target online advertising and promotions.

Hide your phone number

Once a cybercriminal gets your phone number, they can wreak all sorts of havoc including SIM Swap your phone and take over many accounts. Hide your number or at least used a VoIP number such as Google Voice. Do not allow Google Voice to forwards Texts/Calls to your main number.

Google
- Remove your phone number from myaccount.google.com – Personal information
Microsoft
- Remove your phone number from account.live.com
Facebook
- Select Settings under the drop-down arrow at the top right. First, click on Mobile in the right-side menu, and remove your phone number
Twitter
- Click your avatar, go to Settings and Privacy, and navigate to Mobile on the right hand menu. Remove your number and use an authenticator app

Android

Turn off your advertising ID. This is attached to all you apps, search history, purchases, recent locations and much more.

Settings > Privacy > Ads > Delete Advertising ID

Older Android versions may have Opt Out of Ads Personalization

Chrome

Turn off 3rd party cookie tracking on both Chrome for computers and Chrome App

Settings > Security & Privacy > Block third-party cookies

Privacy Oriented Browser

brave is a browser from a mozilla co-founder, which is focused on privacy.

Internet Browser Cookies

In the past, users have been able to delete their Internet browsers’ cookies and thereby foiling efforts to track the user. Here are instructions for clearing the browser cache in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Below is how to set browsers to not accept third-party cookies. These cookies are typically generated by tracking and advertising companies when you visit a website. Occasionally this technique will cause a website to malfunction, particularly if it uses a third-party to handle tasks like commenting.

To optimize third-party cookie privacy settings in Firefox do the following:

Select Options… from the Tools menu
Select Privacy tab
Select Use custom settings for history
Uncheck Accept third-party cookies
Optionally select Keep until: I close Firefox – This will delete cookies after every browser session, which you may not want to happen.

To optimize third-party cookie privacy settings in Internet Explorer 9 do the following:

Select Internet Options from the Tools menu
Select Privacy tab
Check Never allow websites to request your physical location under Location
Select Advanced
Check Override automatic cookie handling
Check Block under Third-party Cookies
Press OK

CCleaner is useful Windows utility to clear out unnecessary files including temporary files, and cookie files.

Identity Finder helps you remove personally identifiable information from your computer’s files. They have a free Windows and Mac version.

While this technique is still somewhat helpful, the advertisers have gotten smarter and utilize other tracking techniques. Consult our guides to Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox for information.

IRS Tax Filing IP PIN

An IRS IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns.

In 2019, they expanded the states that support this protection.

HTML5 and Privacy

HTML5 represents the latest standard for web design that significantly increases the flexibility and interactiveness of websites. Along with these impressive new features, comes a major privacy issue. HTML5 local storage allows data to be stored in your browser. It can potentially be used to track your movements and regenerate any cookies that you delete. New methods of blocking need to be created to block this intrusive technology.

Google Chrome and Firefox clear HTML5 local storage whenever you clear your cookies. Safari clears this when you select: Preferences -> Privacy tab -> Cookies and other website data -> Remove All Website Data

You can set Firefox to warn you whenever a website is attempting to use HTML5 local storage by selecting: Options -> Advanced -> Network -> Tell me when a website attempts to store data for offline use.

Flash Cookies

Adobe Flash also generates cookies that have been used for tracking and are difficult to remove. Adobe has a special page that requires Flash, in which you can delete your Flash cookies. Also visit this Flash configuration page to prevent 3rd parties from storing Flash content on your PC. You can install a Flash blocker to prevent these cookies from being installed on your system. Flush for the Mac, removes Flash cookies.

Adjusting Google Privacy Settings

In 2018 Google Created this Activity Tracking page to enhance privacy.

To clear Google’s “web history” which includes a log of all your searches, follow the instructions on this page.

To see and revoke access to your Google account by third-party sites, follow the instructions on this page. Also turn on Do Not Track.

To get a copy of everything Google has stored about you, visit Google Takeout. Additional Google services not covered by Takeout are located at Data Liberation.org. To delete the information, you must visit each Google service and delete your data manually.

Privacy App

Jumbo Privacy iOS App helps set Google, Facebook, Ad settings that we have mentioned

Adjusting Facebook Privacy Settings

Our article on Facebook security covers how to adjust Facebook’s privacy settings. Keep in mind that privacy settings only prevent others from seeing your profile. Advertisers and Facebook still have access to your private profile.

AVG Privacyfix.com helps you manage your Facebook privacy settings by showing you which ones need to be fixed.

Logging Off for Privacy

Intentionally logging off a site helps preserve your online privacy. If you were on Amazon, Facebook, or Google, we recommend you log off the site and not click away to a different site. This will help prevent ads from following you.

Fact: When a someone has more information about us, we are more likely to trust them. If your personal details leaked in a company’s data breach, criminals could use that information to craft emails that look more credible.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

Anonymous Browsing

Most modern Internet browsers have options to perform anonymous browsing. You can utilize this function to help hide your identity. Here are instructions for anonymous browsing in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Optional third party browser plug-ins are also available to help enhance Internet privacy.

Adblock Plus is a plug in to block ads. Firefox – Chrome
ChromeBlock is a plugin to help increase privacy. Chrome
Cookie Master is a Firefox plug-in to manage cookies
Disconnect.me is a plugin to help increase privacy. Firefox – Chrome – Safari
Do Not Track Plus is a Firefox plugin to help increase privacy.
Ghostery is a free plug-in to view and block what trackers and advertisers a website uses. Available for most web browsers
NoScript is an extension for both Firefox and Chrome which prevents scripting from automatically running
PrivacySuite is a plugin to help increase privacy. Firefox – Internet Explorer (Soon)
Trackmenot is a Firefox plug in to prevent tracking. Chrome version

Opting Out of Online Ad Personalization – Do Not Track

Advertising companies that are members of the Network Advertising Initiative (NAI) and other self-regulatory efforts allow users to opt out of personalizing ads that are shown. Here are instructions for opting out of online ad personalization in Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.

The Network Advertising Initiative also has a page that allows you to opt out of online ad personalization from a variety of member advertising companies.

Other Opt-out pages:

AOL
Apple iAds
Mastercard
SelectOut – Optout of almost 200 trackers
Self-Regulatory Program for Online Behavioral Advertising
Yahoo

Using Linux for Internet Privacy

Linux can be utilized to enhance our Internet privacy. We can set up a bootable Linux USB key or CD, which allows us to start up our computer into a totally clean operating system, devoid of cookies and the like. Use one that has a write lock physical switch. Consult our article Creating a Bootable Linux USB Key or CD for more information.

Using a VPN for Internet Privacy

A VPN or Virtual Private Network allows you to tunnel your Internet traffic through a third party provider, making your traffic appear to come from a different location. While this option is more complex to implement, when combined with the suggestions listed above, a VPN connection forms a very powerful tool to protect your privacy. Consult our article How to Use Wireless Networks or WiFi Safely in Public for more information. Make sure you select one that is located outside the USA and which does not logging.

Email Snooping

Yahoo was exposed in 2016 to having scan all its customer’s emails looking at incoming email streams for a digital signature associated with a known terror organization.

The ultimate way to prevent email snopping is by running your own email server. This has a cost and can result in your emails not going through.

Credit Card Privacy

Privacy.com creates secure virtual credit card numbers, hiding your real card.

Secure Instant Messaging

Privacy relates to how easy it is to ease drop into a messaging client. Can the government listen in? Is it encrypted?

The EFF has a great Secure Messaging Scorecard page.
Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

Silent Circle
Redphone
OSTel
Chat Secure
Signal (Formerly Textsecure)

Anonymous Registration

It is annoying registering for forums and many content sites where your real information is not necessary. When asked for personal information, we suggest you enter bogus information if you wish to remain anonymous. Create an email address that is tied to this information and save this information as a profile within password management utilities.

MySudo helps you create temporary emails address and phone numbers. Free Trial. You can also this by create multiple gmail and google voice accounts.

Removing Yourself from Online Databases

There are several large databases that contain personal information that is culled from telephone books, court records, and other third parties. You can opt out of their data by visiting the following links.

A paid service DeleteMe helps automate this for $129/year

Identity Theft Protection

If you are a Comcast subscriber, you are eligible for free Identity Guard (discontinued). Consult your ISP to see if they have any free identity theft programs.

Social Security Account Setup

While we are on the subject of protecting you from identity theft. If you have not already setup your Social Security Account, you should set one up before a thieve makes one before you.

Or better yet, block Electronic access to your Social Security Record.

TV Privacy

If you have a Smart TV, it may be watching or listening to you. In March 2017 a Wikileaks CIA leak indicated that they are listening in on those with Samsung TVs.

Turn off any Smart TV Functions on your TV
Use an external Roku or AppleTV box instead
Use a power strip and turn off the TV’s power that way

Opting out of TV data

Many TV content suppliers log your viewing habits and sell them to other companies. Opt-Out of this madness! Cable and satellite television networks have their own opt-out for anonymous-viewer information.

DirectTV – Contact the company by phone, email, or mail to opt-out.
TiVo
Optimum.net – They removed their opt-out page.
Comcast
AT&T
Vizio – Vizio TVs spied on what people were viewing, causing the FTC to sue them. The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.

Turn off iPhone Diagnostic Log Sending

To turn off sending of diagnostics data to Apple do the following:

Open Settings
Select General
Select About
Select Diagnostics & Usage
Click on Don’t Send

Color Laser Printer & Color Copier Privacy Issues

The Electronic Frontier Foundation (EFF) discovered that most color copiers and color laser printers have been adding invisible tracking codes to every single printed page they produce. The government asked printer makers to do this in an effort to prevent counterfeiting. The dots help track what type of printer and its serial number as well as when the document was printed.

This relativity little known tactic can undermine anonymity for political, religious, or any other reason. Users need to understand this and tell printer manufacturers that they do not like this hidden invasion of privacy. For more information, take a look at this webpage and support their efforts.

If you are purchasing a new color laser printer, try to purchase one that does not print these invisible codes.

Kindle eBook Privacy issues

Reading in the new age via eReaders such as the Kindle expose users to additional privacy issues. Previously, with physical books, it was difficult for bookstores and publishers to know whether you had really finished a book, highlighted specific passages in the book, or what book you purchased next.

With eReaders such as the Kindle your privacy has gone out the door. Kindle users have to agree to allow Amazon to store information on the device and Amazon’s servers including where you left off in the book, notes, highlights, bookmarks, and more. With all of this information, the Electronic Frontier Foundation (EFF) is pushing for legislation to prevent eBook sellers from reveling people’s reading habits without a court’s approval.

If you are concerned about your privacy, you may want to steer clear of eReaders or utilize an eReader that does not any have Internet connectivity. Find one that allows eBooks to be downloaded to a computer and manually added to your eReader.

More Resources

privacy tools.io – Lists many resources that can help you reclaim your privacy

With some leg work, we can significantly improve the privacy of our online activities.

How to Create, Store, and Use Secure Passwords

SafeGadget — Tue, 01 Jan 2019 08:00:36 +0000

Last Update: 1/1/2020

Passwords are one of the biggest security problems on the Internet, possibly even more so than Malware. Poorly chosen passwords and security questions are making online accounts easily hackable by cyber-criminals.

Check to see if you have a compromised account
See if a password you used has been hacked

Everyone knows it’s important to create and use complex passwords, ones that do not include:

Words from the dictionary of any language
Personal information such as names of your kids, pets, addresses, etc.
The same password for more than one site
Ones that are written down

Few people follow this type of policy. If you are guilty of one or more of the above, you are at risk of getting hacked. Hackers are able to use brute force attacks to test over 200,000 passwords per hour. As technology improves, they will be able to test passwords even faster. In this article we will help you create, store, and easily use secure passwords.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

Better Usernames

We suggest users first start with a non-obvious username. Don’t use your first name or first name + last name as your username throughout your online accounts. Make up a name or alias. Include numbers and/or upper and lowercase letters. Better yet, use a different username on every site. The password managers recommended below will automatically remember all your logins.

What is a good password?

1. Characters, numbers, symbols, length, complexity

A good password has alphabetical characters of both upper and lower case, numbers, symbols. The password should be at least 12 characters in length. Length is more important than complexity. Computers have gotten so fast that they are able to password crack shorter passwords in no time especially with high speed GPUs. Keep in mind that some online services have limits as to what characters are valid and how long a password can be.

Examples of good passwords include: 9F1%6!Q(&3mdIOe39 or f7aX3z&a8L2;’\]

These are pretty hard to remember, aren’t they? We will include suggestions on how to create strong and easy to remember passwords below.

2. What passwords not to use

There should be no words from the dictionary of any language, present in your password. No personal information should be in your password including birthdays, names, addresses, phone numbers, etc. Develop a mnemonic system for remembering complex passwords.

Examples of bad passwords include: 12345 or john or 123elm or password

If you have to use one of these passwords, at least harden them with some extra symbols and length.

Examples of better passwords include: 12345!!!!???? or !!!!john!!!! or $$$$123elm$$$$ or %%password!! or {[password]}

Not only are the passwords only slightly more difficult to remember, but the security is enhanced by orders of magnitude.

3. Every website you visit should have a different password. The average Internet user has over 25 password protected accounts. If you only use one password, you would be in danger of losing your entire universe, if only one site got hacked and they stored passwords in plain text.

Examples of better passwords include: 12345!!!!????ebay or 12345!!!!????gmail

Another way to create an easy to remember but secure password is to come up with a memorable sentence or phrase and use the first character of each word. Append onto the end of each site’s password, the name of each website and a symbol and a number.

Example sentence: Jack and Jill went up the hill to fetch a pail of water

Website: gmail.com

Password: JaJwuthtfapowgmail!1

4. How often to change your password

Passwords should be changed every so often, especially if you think it has been compromised. Changing a password too often causes major logistical problems. Some companies require password changes every XX weeks. This causes more harm than good. Works will then reuse old passwords or slight variants of them. The focus should be on changing the most important and most used passwords every couple months. US-CERT has additional password tips.

5. Avoid sites that are not making security a priority. See the posts on Plain text Offenders.

How to create secure passwords

Read the National Institute on Standards and Technology’s 2017 password guidelines.

1. Manually creating passwords

You will basically pick numbers, characters, and symbols at random and keep doing so until you have created a fairly long password. The upside is that it is easy to do, but the downside is that you will probably not pick very random passwords.

2. Web pages that create secure passwords

There are several websites that help you generate secure passwords. Keep in mind that having to visit a website every time you need to generate a password, becomes inconvenient really fast.

GRC has a password haystack page that helps compute how long it would take to hack a given password.
GRC also has a page that generates high-security passwords.
PC Tools helps you generate secure passwords with customizable criteria

3. Software Utilities

Several free software programs can also help you generate secure passwords. Most of these programs also store the passwords, so they’ll be covered in the section below.

4. Password testers

It is best to test your password’s security with the hacking tools the expert hackers use. Windows-based password hacking utilities include: John the Ripper password cracker, Cain and Abel (Windows only)

5. Password recovery questions or security questions

We recommend that users enter secure passwords in these fields and not the true answer. Hackers can and have mined social media including Facebook to extract answers to these questions. You can alternately put in the correct answer and then consistently append a word to it.

6. Need to register and generate a password to see content?

BugMeNot.com is a database of usernames and passwords for sites that require logging in to see content.

7. If you use Steam, turn on Steam Guard so you need to respond to an email or use a mobile code every time you login to Steam from a new computer. Blizzard has an addon two factor authentication app to protect their gaming logins for iOS, and they also have a hardware authenticator for sale.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

Many sites give alternate methods of logging in, if you do not have your second factor available. Commonly these are using your social security number or birthday, data that could be publically found. This helps negates the advantage of two factor.

In the end, using Two Factor authentication is better than not using it.

These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).

8. There are password cracking utilities from companies like Elcomsoft that can break the encryption on many programs and even smartphones. Keep this in mind when assessing the security of a product.

9. If you are buying a new notebook, consider buying one with a hardware security module built-in. The new Intel Ultrabook lightweight notebook specification includes support for a IPT Identity Protection Technology hardware security module or Trusted Platform Module (TPM) that can enhance security by requiring both a password and this hardware key to access certain websites.

How to store and use secure passwords

1. Do not store your passwords in a simple Word or text document. Also, do not write your passwords on a piece of paper or Post-it note. Obviously, your passwords could be easily stolen this way. Storing password in a browser is also a no-no. They have been hacked easily. If you really need to write down your passwords, only write down parts of your passwords and or login, and leave the rest blank.

2. The best place to generate and store passwords is a password wallet utility program. Our goal is to find a Multi-platform PC, Mac, iOS and Android compatible program that can create secure passwords, save the passwords, and automatically fill forms with the secure passwords. Here are some examples:

Lastpass – A password manager that works on Windows, Mac, Apple iOS, Linux, WebOS, Windows phone, Symbian, Android, and Blackberry. Stores data on the web for access anywhere and at anytime. Automatic form filling, one click login. Supports Yubikey, multi-factor authentication including Google two step authentication. Free for mobile users starting in August 2015. Make sure you have Password Iterations set higher than 1. Downside: Mobile version costs money, data is stored on their servers. A two factor authentication system using SMS text messages is not secure.
KeePass – Open source password manager with auto type capabilities. Available for Windows. Unofficial versions for Apple iOS, Android, Mac, Linux. Be sure to select the options to:
- Lock workspace after KeePass inactivity
- Lock workspace after global user inactivity
- Lock workspace when minimizing main window
- Lock workspace when locking the computer or switching the user
- Lock workspace when the computer is about to be suspended
- Lock workspace when the remote control mode changes
- Downside: Password database is stored locally, no online synchronization.
1Password -A $49.99 password and identity manager that automatically save and fill website logins. Supports Apple iOS, Android, Mac, and Windows.
Downside: Cost, Can’t retrieve master password.
Passpack – Free version supports up to 100 logins. Windows only. Supports most browsers. Supports yubikey. Uses Adobe Air. Allows sharing of logins.
Downside: Adobe AIR only. (No iOS support)
Password Safe – Open source password manager for Windows.
Downside: Windows only.
Roboform – A password and wallet manager for Mac and Windows that is complete with 1-Click form filling. One identity is Free, Unlimited Logins, Identities, Bookmarks, Safenotes and more cost $29.95.
Roboform everywhere supports Apple iOS devices, Windows phone, symbian, Palm, Android, and Blackberry. It costs $9.95 for the first year. $19.99/year thereafter.
Downside: Cost, occasionally pops up when not needed, smartphone apps can’t fill forms, remote access doesn’t allow editing form-fill data.
Clipperz – Free Online password manager from an Italian company.
Downside: Web based, requires connection.
SafePad – Is a notepad with password protection

Our recommendation is to use one of the password managers above for most of your passwords, while remembering a couple important passwords through memorization. Your e-mail, online banking, and online trading passwords should not be stored within these password managers.

Important: If you use a password manager and use its convenient form filler, DO NOT enable automatic form filling. You could be brought to a malicious page and have all your information automatically entered on it, before you realized it.

3. Never send your password via email, over a social network like Facebook, or via phone.

4. Do not forget to backup your Google account with Google Takeout

We have covered many ways for you to create, store, and use secure passwords. If more people utilized the techniques covered above, fewer password intrusions would occur.

How to: Safe Online Shopping

SafeGadget — Tue, 01 Jan 2019 08:00:32 +0000

Last Update: 1/22/2020

Online shopping has been gaining market share every year. Security breaches make headlines almost daily. With more and more shoppers going online, consumers are worried more than ever about keeping their online shopping safe and secure. In this article, we will help you shop more securely.

Secure your computer, web browser, Internet connection

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online shopping when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.

4. Make sure you are shopping at a reputable online store that has a good reputation. Gone are the days when you could score a stellar deal on a iPad from a no-name vendor. Online shops need to buy and sell in volume to produce low prices. Check vendor review sites like Google Product Search, BBB online, or Reseller ratings for feedback.

5. Type the URL for the shop directly in the address bar, do not rely on a link from email. This helps prevent phishing scans. Make sure you are accessing the online store’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the online store takes orders over the phone.

6. When creating an account at the online store, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions. Using Paypal, Apple Pay, or Google Pay also solves the unique password problem.

7. Pay for your purchase with a credit card and not a debit card or check. This gives you the best purchase protection, under Federal law your liability is limited to $50.

Some credit cards allow you to create single use, virtual, or disposable credit card numbers. Try to use these unique credit card numbers whenever possible. Check your credit card issuer’s website to see if they offer this feature.

If possible, do not allow the online store to save your credit card number.

Remove your credit card and use prepaid gift cards on Facebook, iTunes, Playstation Network, and Xbox Live.

8. Another method to avoid transmitting your credit card number is by using Google pay or PayPal access. These checkout systems store your credit card number and prevent the number from being seen by the online store. Additionally when paying with PayPal, select the option that causes payment to come from your credit card, not from your bank account. This gives you more recourse in case of problems.

9. If you are using PayPal or buying from eBay, consider purchasing their PayPal Security Key that adds an additional log on step. You need to hit the button on the security key and type in the security code it displays before you can log into eBay or PayPal.

A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

10. Sign up for alerts from your credit card vendor by email or text message. This will allow you to respond to any credit card fraud rapidly. Also carefully check each month’s credit card statement for erroneous or fraudulent charges. Consider checking your outstanding charges every couple of weeks via the credit card company’s website.

11. When shopping on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

12. Explicitly logout of a website after you are finished. Do not just close the browser. This helps terminate your session officially.

13. Print out the confirmation screen of your order to ensure you do not get overcharged.

Things Not To Do

1. Do not shop when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.

Do you perform all the above? Do you have other security tips?

How to use Wireless Networks or Wi-Fi securely in Public

SafeGadget — Thu, 08 Feb 2018 08:00:26 +0000

Last Update: June 18, 2019

Free Wi-Fi is available in many locations, from your local café or Starbucks to McDonald’s and many other restaurants. Using these mostly unsecured, public wireless networks puts your information at risk. It is important to employ several safeguards when surfing at a public hotspot. If you are using a cybercafe’s shared computer, we would only use it to view information, not to even get your e-mail. Chance are high that it is compromised.

Many public wireless networks are completely unencrypted so that users can log on to them easily. This opens up a huge security hole as any hacker or sophisticated computer user could easily see all the sensitive data being transmitted. Passwords to online stores or email accounts can be easily captured by increasingly easy to use tools. In this article, we will help you access public wireless networks safely. Settings within your operating system may need to be optimized, additional software installed, and third party services may need to be subscribed to.

Finding Free Wi-Fi

Boingo has a Wi-Fi locator. The Starbucks and McDonald’s entries are free.
There are several free apps that help you find Wi-Fi – search the app stores for Wi-Fi

Secure your computer, web browser, Internet connection

Secure web browsing using HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie – https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

Disable File Sharing

Prevent sharing of any files or folders that are unnecessary. This should be obvious, but becomes a large problem if you are connected outside the home, to a public network. When you are on a public network, you do not want to share files, printers, or any computer resources. To turn off file sharing under Windows 7 do the following:

Click Start Button
Type Network and Sharing Center into Start menu’s Search Box
Select Network and Sharing Center from the results
Select Choose homegroup and sharing options then select Files and Printers to be unshared, if necessary.

If you are using a Macintosh, consult this article on how to turn off sharing.

Enable your firewall

A firewall prevents unauthorized users from accessing your computer. Windows 7 and Windows Vista have a built-in firewall that is enabled by default. If you are running on the Mac, consult this article on how to turn on your firewall.

Connecting to a Public Wi-Fi Network

When you are setting up a new network connection, Windows will prompt you to choose what type of network this is. The choices are Home Network, Office Network, or Public Network. A Home Network is the most open network because all computers on the network will be treated as friendly, allowing for easy sharing of folders and files, and also allowing the creation of a Home Group for all computers on the network.

Office Network is slightly more strict, but the Public Network is the most strict. Selecting Public Network will hide your computer on the network and disable file and print sharing. This is recommended if you are running a notebook and connect to external networks often. If the computer is only used at home and file or printer sharing is used, do not change the setting.

If you need more control when connecting to different networks, try the Window’s Utility NetSetMan. Macintosh users can try AirPort Location.

Setup a VPN or virtual private network

A virtual private network (VPN) is a secure, encrypted tunnel for your computer to communicate with the Internet. All traffic travels over this secure connection, preventing hackers or your ISP from eavesdropping. VPNs help secure Internet traffic that is not sent using SSL secure connections.

The tunnel starts on your computer, travels over the public wireless network, and connects you with either a VPN server in your home or one that you subscribe to. Your data travels over a secure, private network even though you may be accessing a public insecure network. There are several free VPN options as well as many companies selling VPN access.

Be aware that using a VPN to order products online may cause some unforseen problems. The VPN will make your IP address appear to be located wherever the VPN server is located, which could be in another state or even country. If you order an item and have it shipped to a location different from where your VPN server was located, some fraud detection systems might flag the order as being fraudulent.

Some VPN services log your activity or many be required to do so by where they are located. They may claim no logging but the fine print indicates otherwise. We recommend not using the Free services.

Here are some free VPN options:

CyberGhost VPN free – Installs software on your machine to access their free service. This service is usually overloaded during daytime hours and requires users to wait in a queue for free access. They also have paid accounts that do not require the wait. One downside of this service is that we found several sites which are not accessible through this VPN. PC only; no Mac version.
Ultrasurf – This free VPN service was mainly designed to circumvent the firewall in China. This VPN only supports web traffic and not other internet traffic like FTP or VOIP. We found that this VPN service does not support certain websites, including WordPress administration pages. PC only; no Mac version.
Hotspot Shield – A free service for Windows that is slow and filled with ads, spys on you, but works. Paid version eliminates ads. Warnings
proXPN – Free version is bandwidth throttled and does not allow you to select a country.
Tor – Is not really a VPN but it will shield your traffic.

All the free VPN services have limitations. If you can work within their limits, we suggest you utilize one. Many users require more robust VPN access and will have to either set up a VPN server on their home computer or sign up for a paid VPN service. Note that most VPNs and Proxy services will not tolerate illegal activities and will cooperate with authorities.

Some proxy servers intentionally strip HTTPS secure connections. Test your proxy at proxycheck.

Setting Up Your Own VPN Server

There are several options for setting up your own VPN server. Most of them require advanced user knowledge of PCs and/or Linux. While this option requires a lot of user intervention and computer hardware, the resultant VPN can be very feature-rich and is essentially free.

Algo VPN – Easy to use scripts to setup a VPN on DigitalOcean (most user friendly), Amazon EC2, Google Compute Engine, and Microsoft Azure.
Asus Wireless router – Several Asus routers have VPN servers built in.
Adito – This VPN server is written in Java and requires a Linux installation on your machine. Adito is very feature-rich.
OpenVPN ALS – This VPN server is a descendant of Adito and also requires Linux.
Logmein Hamachi – This zero-configuration freeware VPN tool allows users to easily connect to computers behind network routers. Users can use this software to access their home computers from a Public wireless network or any other location. Hamachi helps to make it appear that you are actually located on your home network, so you have full access to resources such as your printer, music server, files, and other computers. Both Clients must have Hamachi installed on their computers and join the same group for Hamachi to work. Many people use this software to play network games. This software is partly controlled by the company that makes LogMeIn remote control software. It works on Macs and PCs. Lifehacker has a tutorial on how to use Hamachi.

Signing Up for a Paid VPN Server

Users who travel or are not satisfied by the options we listed above, should sign up for a paid VPN account. This type of VPN access gives the use maximum flexibility and compatibility with various applications.

PPTP protocol is built into Windows and is the VPN protocol of choice, but is easy to block. Open VPN requires a software download for installation. Open VPN will work in places where PPTP VPN is blocked, typically countries in the Middle East or China.

PPTP VPN typically offers less secure 128-bit encryption compared to OpenVPN based VPN servers who can offer up to 2048-bit encryption.

Overcome geographic locks on website access. Hulu.com and Pandora.com are only accessible from within the United States. Users can purchase a VPN account from a service that makes you appear to be located in the U.S. even though you are abroad.
Access the internet anonymously. Your IP address will be anonymous and cannot be tracked.
Security. Use public wireless hotspots securely and prevent others from stealing your identity.
Bypass firewalls. Access sites that are banned in your country. Log in to Facebook when you are in China.
Skype discount. You can appear to be located in another country and make “local” calls within that country.

What to Look for in a VPN Provider

Price – Obviously, the cheaper, the better, but the cheapest providers have a limited feature set and slow performance. Open VPN support cost more.
Payment – Bitcoin support helps improve your privacy
Length of Contract – The longer period you commit to, the lower the price.
Countries – Different VPN providers have servers in different countries.
Encryption Strength – The stronger the encryption, the higher the price.
VPN Software Compatibility – Some VPN servers require special client software for higher security access like OpenVPN.
Logging – Make sure your VPN provider is not logging your Internet activities. You cannot really take their word for it though.
Speed – Some lower cost providers overload their servers and Internet connections, slowing access.
Location – Pick someone outside the US and UK, if you really want to be private.
Blocking – Avoid picking a large VPN provider that may have access blocked to certain large websites.
DNS and IPv6 leaks – Avoid VPNs that have problems with this.

One of the biggest problems, especially with the well known VPN providers, is websites blocking them.

With PrivateInternetAccess, we found we could not visit certain websites, including Target.com and BestBuy.com! Make sure you have a limited time trial to test the service.

Users should examine their needs and budget, and select a VPN provider that fulfills their requirements. It is wise to Google search the provider, looking for problems or disgruntled users before signing up. Google search for VPN providers is almost useless as there is so much affiliate spam that finding honest reviews is hard.

privacy tools.io has a list of VPN providers with minimal logging some of the lower cost ones are:

NordVPN – Panama – $48 a year
Cryptostorm.is – Iceland – $52 a year
We have used AirVPN and find it ok, but their Mac Client is buggy.

We have tried some that are based outside the US and the connection speeds were very slow, even with their US nodes.

VPN Discovery

VPN Hunter is a service that scans a specific domain name looking for VPN servers and then classifying them by the manufacturer and possible security holes.

SSH Tunneling For Security

Power users could setup a SOCKS Proxy over SSH tunnel to increase security even more when using a Public wireless network. This basically sends all web traffic through an encrypted SSH connection to another computer that you have set up elsewhere. Web browsers need to be configured to use a proxy server, so using a VPN server is a lot easier and allows all types of Internet traffic to flow through it.

Advanced Security Tools to prevent man in the middle attacks

Many people have their smartphones and laptops set to automatically log into wireless networks such as their home’s and free Wi-Fi hotspots like McDonald’s, Starbucks, or attwifi. Your device will keep looking for these names and automatically join you to their network. Hackers could set up wireless hotspots with exactly the same name to lure your device to join their network automatically. They would then start capturing all your traffic while sending it across the Internet. We suggest you manually join wireless networks and disable automatic joining.

To prevent man in the middle attacks, where a hacker is pretending to be a wireless access point and capturing all your information, you need to install special software to prevent ARP cache poisoning attacks like this software utility.

When You are Finished Using a Public Wi-Fi Hotspot

When you have finished your online activities, it is important that you turn off your Wi-Fi connection to the public wireless network. Intentionally logging off will prevent any accidental data leakage. In Windows, you can simply right-click on the wireless signal bar icon in the task bar to disconnect from a wireless network.

With some attention to security, free public Wi-Fi can be a useful tool and a safe one.

This concludes our How to use Wireless Networks or Wi-Fi securely in Public article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Secure Firefox Browsing

SafeGadget — Mon, 01 Jan 2018 08:00:46 +0000

Secure your tech presentation

Firefox is one of the most popular web browser for Windows and other platforms. This makes it a large target for malware and cybercrime. We will focus on securing Firefox, and will significantly increase the browser’s security through add-ins and special hardening settings. We are avoiding earlier versions of Firefox and recommend users to upgrade to the latest version of Firefox. We also recommend running under Windows 7, 8 or 10, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

Secure your computer, web browser, Internet connection

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Firefox includes the following security oriented features:

Instant Web ID
Do not Track
Private Browsing
Clear Recent History
Customized Security Setting

The Golden rules of the Internet:

Do not trust anyone
If it is too good to be true, it probably is
Don’t install software from anonymous sources
Don’t automatically hit “yes” to any pop-up
If it looks suspicious, run

Before you make any changes to your system, always back it up.

Firefox Add-ons to UNINSTALL

Software that enhances Firefox can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Firefox to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Firefox through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

Adobe Reader or Adobe Acrobat – This is a major source of internet threats, so consider using an alternative PDF reader such as Foxit Reader, or PDF-XChange.
Flash Player – This animation enhancement plug-in is widely used but full of security holes, leading to many updates. If you need Flash, you will have to update it constantly.
Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
Silverlight – We recommend removing it from your system unless you really need it. This software is another possible time bomb waiting for exploitation.

Hardening Firefox’s Settings

Firefox can be secured even more with several key changes to the browser’s settings. We have selected all the Critical settings for Firefox.

1. Prevent Firefox from saving passwords

Firefox can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

Launch Firefox
Click on the Tools Menu
Select Options
Select Security Tab
Make sure Remember password for sites and Use master password are not checked
Click Saved Passwords
Click Remove All to remove saved passwords

2. Mark Valuable Data Inaccessible to Firefox

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Firefox. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

Press Start menu
Go to All Programs
Go to Accessories
Right-Click on Command Prompt
Select Run as Administrator
Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
Press Enter to Execute the Command
Type Exit to end the Command Prompt

3. Allow Firefox to update itself

Firefox automatically tries to update itself, which is a good thing, but it asks whether it is ok to install a newer version. Be sure allow Firefox to update itself tot he latest version available, so that you have all the latest security fixes.

4. Prevent Firefox from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They were first supported in Firefox 4. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem.

Helpful Firefox Add-ins

NoScript – Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting. Make Sure you go into the Options – Whitelist – And remove all sites from it, so you start from scratch without trusting anyone.

HTTPS Everywhere – Automatically makes Firefox try to use https secure connections whenever available.

Simple URL Extender – Replaces short URLs with the originals so you can see where links actually link to. Essential for Twitter.

URLs List – Shows the URLs of all the tabs of a webpage.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

Cocoon – All-in-one plugin that tunnels your traffic through a SSL-encrypted proxy for privacy and security.

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Firefox already includes the SmartScreen Filter that detects dangerous websites and warns you. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Firefox to secure your browsing.

Internet Security Software – Supplemental internet security software including Anti-Virus and Anti-Spyware software is a necessity when surfing on the Internet. See our Free Internet Security Software article for links to various free software utilities.

Password Managers – It is critical that you generate, store, and use secure passwords on the Internet. See our How to Create, Store, and Use Secure Passwords article for details on several password management programs.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Firefox from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Firefox Security Enhancements

Google Public DNS – A high performance domain name server (DNS) replacement for your ISP’s DNS. Protects against Spoofing attacks and DoS and amplification attacks. Be sure to write down your existing DNS settings before changing them.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Firefox, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins.

Secure Web Browsing with HTTPS

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Firefox settings, we can significantly increase the security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Secure Google Chrome Browsing

SafeGadget — Mon, 01 Jan 2018 08:00:02 +0000

Last Update: 10/3/2018

Google Chrome is one of the most popular web browser for Windows, Mac, and Linux. This makes it a large target for malware and cybercrime. We will focus on securing Google Chrome, and will significantly increase the browser’s security through add-ins and special hardening settings. We also recommend running under Windows 10 or Windows 7, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

The #1 Tip for Chrome Security

Keep it updated. Google fixes bugs quickly and updates an internal Flash plug regularly. When you start Chrome, you should select from the Chrome menu – Settings – About – If it shows a newer version, download it and relaunch before doing ANY browsing.

Why Chrome?

Chrome is a much newer browser than Firefox or Internet Explorer. It is not saddled with all the baggage of IE, where a change needs to be regression tested with many parts of Windows. Firefox has been around for a while and is also slowed down with lots of historical code.

A recent security test from Accuvant Labs found Chrome more secure, primarily due to its Sandbox technology.

Secure your computer, web browser, Internet connection

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Google Chrome includes the following security oriented features:

Safe Browsing
Sandboxing
Auto-updates
Built in PDF viewer
Built in Adobe Flash – Kept up to date by Chrome

The Golden rules of the Internet:

Do not trust anyone
If it is too good to be true, it probably is
Don’t install software from anonymous sources
Don’t automatically hit “yes” to any pop-up
If it looks suspicious, run

Before you make any changes to your system, always back it up.

Google Chrome Add-ons

Software that enhances Google Chrome can become targets of malware, adding new entry points into your computer. It is mandatory that you keep any third-party add-ons up to date, so allow Google Chrome to update plugins when necessary. Consider removing an add-on if it is rarely used, as you will also be increasing the security of Google Chrome through its removal.

Plugins are also one of the biggest sources of malware, so only install plugins from trusted developers.

Adobe Flash is built in to Chrome. A pdf viewer is also built in. We recommend Disabling it
- Type the following where you would normally type a URL:
  chrome://plugins
- Locate the Flash Player in the list of plug-ins. You may see more than one Flash Player listed.
- Select Disable for each Flash Player listed
Java – This language allows many cross platform programs to run in the browser, but is another huge target of malware. We recommend removing it unless you really need it for a particular application. This page checks if Java is installed. At a minimum disable Java in the browser by going into the Java Control Panel – Security Tab – Uncheck Enable Java content in the browser
Quicktime – Is installed when older version of iTunes was installed in your system. Remove it, as it is not being updated any more.
Silverlight – Is disable by default on newer version of Chrome. We recommend removing it from your system unless you really need it.
- Type the following where you would normally type a URL:
  chrome://plugins
- Locate the Silverlight in the list of plug-ins.
- Select Disable for each one listed

Hardening Google Chrome’s Settings

Google Chrome can be secured even more with several key changes to the browser’s settings. We have selected all the Critical settings for Google Chrome.

1. Prevent Google Chrome from saving passwords

Google Chrome can save passwords for different websites. We recommend that you do not use this feature because it is not as secure or flexible as using a password management program.

Launch Google Chrome
Click on the Dashes Icon on the far right
Select Options
Select Personal Stuff on the left hand column
Make sure Never save password is checked
Click Manage Saved Passwords
Click and remove all saved passwords

2. Mark Valuable Data Inaccessible to Google Chrome

Download chml.exe and run it to change the permissions on your valuable files and folders on your system as unreadable to Google Chrome. (Better yet, use Truecrypt and keep the volume unmounted!)
For example if your sensitive data is stored in the folder C:\Sensitive_Data – You would do:

Press Start menu
Go to All Programs
Go to Accessories
Right-Click on Command Prompt
Select Run as Administrator
Type “chml C:\Sensitive_Data -i:m -nr -nx -nw“
Press Enter to Execute the Command
Type Exit to end the Command Prompt

3. Allow Google Chrome to update itself

Google Chrome automatically tries to update itself, which is a good thing, but if it asks whether it is ok to restart the browser to use the new version, be sure to say yes right away.

4. Google Chrome secure website warnings

Google Chrome displays warning icons when you visit a website that has possibly dangerous information on it. Look for the following icons right next to the https:// in the browser.

The site uses SSL, but Google Chrome has detected insecure content on the page. Be careful if you’re entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page.

The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

5. Sandbox Google Chrome plugins

Google Chrome has an option to for plugins to be run in a safe sandbox. Make the following change to enable this feature. Note: Files and folders marked with the everyone permission, will only be accessible.

Press Start menu
Right click on Google Chrome
Select Properties
Add the following text to the Target field, right after “chrome.exe ” –safe-plugins. Make sure there is a space after .exe.
Click OK

6. Prevent Chrome from using a GPU

There have been several bugs related to using a Graphics processor or GPU. They are supported in the latest Chrome. This hardware level access can spell trouble. Disable GPU support to prevent this possible problem by adding the following when launching Chrome:

--disable-accelerated-compositing

7. Enable Server Certificate Revocation Checking

Note: This was removed in later versions of Chrome

Most browsers do not have a setting enabled by default to check Security certificates to see if they have been revoked. It is important to do this, otherwise you could be access a sign with a stolen certificate and it appears to work fine.

Click on the Dashes Icon on the far right
Select Settings
Select Show advanced Settings.. at the bottom
Scroll down to HTTPS/SSL and Check Check for server certificate revocation

8. Check for Compromised Digital Certificates

The NSA has a PDF that describes a way to help Windows defend against Compromised Certificates.

You can also run the RCC program to check for untrusted root certificates.

Helpful Google Chrome Add-ins

Docs PDF/PowerPoint Viewer – Automatically previews pdfs, powerpoint presentations, and other documents in Google Docs Viewer. No need to download pdf files to your computer and potentially have a bug in Acrobat cause a security problem.

WOT – Know Which Websites to Trust – Shows you which websites are trustworthy based on millions of users’ experiences.

ScriptNo – A ‘NoScript-like’ extension for a safer and faster Chrome. Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks. By default, new websites that you visit will be loaded without scripting, maximizing safety. You can easily allow safe websites to allow scripting.

KB SSL Enforcer – Automatic security, browse encrypted using HTTPS secure connections whenever possible, automatically.

Flashblock – Blocks Flash so it won’t get in your way

Adblock Plus – Block those pesky banner ads.

Qualys BrowserCheck – Performs a security scan on your browser and its plug-ins (Windows)

uBlock Origin – Filter out ads, trackers, and other sites.

Helpful Internet Security Add-ins

Phising Toolbars – Google Chrome can warn you if it detects that the site you’re trying to visit is suspected of phishing or containing malware. If you would like to install a supplemental toolbar add-in, see our Free Internet Security Software article. BitDefender TrafficLight works with Google Chrome to secure your browsing.

Sandboxie – Creates a sandbox or safe environment in which programs execute. This sandbox is a isolated space which prevents programs like Google Chrome from making permanent changes to other programs and data in your computer. Free for 30-days, then 29 euros.

Other Google Chrome Security Enhancements

Norton ConnectSafe for Home – Similar to Google DNS, but includes options to filter porn or be family friendly.

Dyn Internet Guide – Free Web content filtering.

Microsoft Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer and Firefox pre-installed. You can manually install Google Chrome. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. Keep in mind some malware is capable of detecting virtual machines and acting innocent until you move into your main system.
If you use VMware Player, you can add the following line to your .vmx file so that it writes all changes to a temporary file, which will be deleted when you power off the virtual machine.:ide0:0.mode = “independent-nonpersistent”

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins. You can manually install Google Chrome.

Secure Web Browsing with HTTPS

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

By applying special Google Chrome settings and adding add-ons, we can significantly increase the security of our Windows notebook and desktop PCs.

How to: Safe and Secure E-mail

SafeGadget — Sat, 25 Feb 2017 08:00:22 +0000

Last Update: 8/26/2017

Every computer user uses e-mail. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their e-mail safe and secure.

E-mail is the major way most malware is transmitted across the Internet. E-mail is the largest attack vector against large companies, as it is far more difficult to physically infiltrate a company. In this article, we will help you use e-mail more securely.

A recent experiment of 150,000 test emails sent by Verizon Enterprise Solutions found that 23% of recipients opened the email, 11% click on the attachment. One person clicking on the attachment would have infected the organization. The human is the weakest link.

Secure your computer, web browser, Internet connection

The Golden rules of the Internet:

Do not trust anyone
If it is too good to be true, it probably is
Don’t install software from anonymous sources
Don’t automatically hit “yes” to any pop-up
If it looks suspicious, run

Secure Your Router

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, access your e-mail when connected by a hardwired connection such as Ethernet.

Update and Secure Operating System

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Secure Internet Browsers

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.

Pick a Good Email Provider

4. Most people already have an e-mail address that they are connected to. If you are considering a new e-mail address, consider examining how sophisticated the provider is. Infrastructure and state-of-the-art spam filtering are not inexpensive. We recommend users consider e-mail addresses from providers like Lavabit, Google and Hushmail. These companies are committed to staying on the leading edge, and are accessible anywhere. ISP based e-mail is convenient, but locks you in to the ISP. The same argument applies to school or company based e-mail addresses.You can always access these e-mail account via POP access in Gmail. This will allow your email account to utilize Gmail’s excellent spam filters.

Look for e-mail providers that have good spam filters and allow you to control attachments and HTML within e-mail messages.

Make Sure Email is using HTTPS

5. Make sure you are accessing the e-mail provider’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure.

Use Unique Passwords

6. When creating an account at the e-mail provider’s website, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.

Create Multiple Email Accounts

7. We recommend creating multiple email accounts for different purposes, in order to maximize online safety. Having multiple email accounts linking to different accounts online. One example would be to have one email account for forums, one for banking, and one for shopping. Do not have all your emergency recovery email address be the same. This way if one email account gets compromised, the others are safe.

Use Two Factor Authentication if Available

8. Some e-mail providers support two factor authentication which requires users log in with both a password and a phrase generated on a smartphone, smartcard, or printed on a piece of paper. Gmail is a leading e-mail provider that supports this 2-factor authentication. Yahoo mail added 2-factor support at the end of 2011. A hacker who had your password could not log on without a second means of authentication. This is especially good for people that travel out of the country.

Two factor authentication system using SMS text messages is not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s.

Use 3G/4G connection instead of Public WiFi when checking Email

9. When accessing e-mail on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

Don’t open suspicious links and/or attachments

10. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.

Spear Phishing is utilizing realistic looking e-mails with personalized information, possibly emanating from a known person to steal your login password, run a attachment that contains malware, or force you to visit a web page containing malware.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account. From there, you can use Google Docs to open Word Processing, Spreadsheets, etc. No need to endanger your own computer.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

Fight SPAM

11. Spam unfortunately, remains a unfortunate element in e-mail. Leading e-mail providers are pretty good at fighting spam, but no one is perfect. Unintended consequences include good mail ending up in a spam folder. Be very careful when accessing the spam folder as many a penetration has been enabled when workers accidentally click on links within spam folder e-mails that look legitimate.

Don’t Display HTML

12. For maximum security set your e-mail provider’s configuration to not display HTML when displaying e-mail. A less secure setting is to allow HTML but not to display images. This additional security tactic helps prevent rogue pages from being displayed within e-mail. (Windows Live Hotmail does not allow you to control this.)

We suggest these settings for Gmail:

Select Mail Settings from the Gear Icon in the upper right corner
In the General Tab, next to External Content: Select Ask before displaying external content

Use SSL to access Mail Servers

13. It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobileMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.

To enable SSL with Yahoo Mail (not enabled by default) follow these steps:

Login to your Yahoo Mail account
Click the Gear icon on the upper-right corner
Select “Mail Options“
Click General on the Left, Under Mail Options
Check the Box next to “Turn on SSL“
Click Save at the top of the screen.

14. If you have applications other than your web browser accessing your E-mail IE. A desktop mail client suck as Windows Live Mail, Outlook, or Mail.app, make sure you enable SSL secure connections within each application. Here is a tutorial on using Gmail with Windows Live Mail.

Be careful of Short URLs

15. Do not click on shortened URLs, expand them first using a site like URL Expander or run them through a service like Virustotal.

Report Phishing

16. If you encounter phishing emails you can forward them to:

reportphishing@antiphishing.org
spam@uce.gov
Internet Crime Complaint Center
Anti-Phishing Working Group
Stay Safe Online has spam reporting information on the top 10 ISPs

Check to see if any Email addresses have been compromised

17. There are databases of email addresses that have been compromised. If you are listed, immediately change all your passwords connected to that email account.

haveibeenpwned.com

18. Someday phishing will hopefully fade in volume. DMARC.org which stands for “Domain-based Message Authentication, Reporting & Conformance” may help reduce the volume of problematic emails.

Encrypt the contents of Email

19. Email uses an insecure SMTP protocol to send data between servers. All the data sent is unencrypted. This factor has nothing to do with using SSL to connect your email provider. You need to use tools like PGP (pretty good privacy) to encrypt the contents of your emails to ensure privacy. Never send a password in email.

Email Attachment

Next to clicking a link in an email, clicking an attachment is the second most dangerous way to get infected.

Block attachments in your email client.

Gmail automatically blocks:

.ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH

We recommend you supplement this by blocking these file types that are not used very often any more. Select Create a new filter from Filters and Blocked Addresss

Things Not To Do

1. Do not access your e-mail from public wifi hot spots unprotected or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

2. Always log out web-based e-mail account, do not simply close the browser.

3. Do not have a single email address where everything goes. If everything is linked together, you entire security chain can get compromised with one break in.

How to International Travel and Maintaining Computer Security Tips

SafeGadget — Sat, 26 Mar 2016 08:00:10 +0000

Last Update: 5/4/2017

The International Travel Security Problem

Many of us travel internationally but few realize how important computer security can be when we visit other countries. People doing business in countries like China and Russia (or any other country for that matter) need to pay strict attention to their technology security protocols to prevent the real and growing threat of high tech espionage. There have been instances of people returning from abroad and having their laptops or smartphones compromised. A mobile device used internationally and later hooked up to the Company’s network provides an excellent infection vector. The folks intent on stealing information could be government or corporate based.

Learn how to use your iPhone or Android Smartphone in China

How to Protect Yourself When Traveling

Some people might find the following list a bit paranoid, but you never can be too safe. People that work for major corporations, government, or security firms need maximum protection from attackers. There are tools that can detect the location of a mobile device to within 100 feet and can target phones by the phone number, IMEI (International Mobile Equipment Identity) number and intercept all communications from the mobile device.

Leave your cell phone and laptop at home
Buy a phone and SIM card in the other country
Beware of any SMS message especially if they have links
Do not bring any sensitive data or passwords
Use temporary or loaner cell phones and laptops which will be erased when you get home
Make sure all gadgets are fully up to date and have security software enabled. The best encryption should be utilized
Never let your electronics out of your site
If your device gets inspected at the border, it should never be connected to the Company’s network again
Turn off Bluetooth and Wi-Fi
Avoid public Wi-Fi altogether
Do not use a public phone charging cable, it could be capturing video while you charge
Disable microphones and cameras
During meetings, turn off your devices and remove their batteries. (Prevents possible recording)
Use a VPN with heavy encryption to connect to the Internet
Use Google Voice to create a “throw away” voice accounts
Do not connect to your Company’s or government’s network while abroad
Use coded language when discussing sensitive matters
Cut and paste passwords to prevent keylogging
Change any and all passwords you used on the trip, immediately
Enable two factor authentication for services that support this; Facebook, Gmail, eBay, etc.
Two factor authentication system using SMS text messages is not secure, due to the weak SS7 routing system. We suggest only using two factor when you can use a token or a time based authenticator like Googles.

Following the safeguards listed above will help prevent hack attacks against yourself and your Company. The measures may sound extreme, but the danger is real.

Welcome to Safegadget.com

SafeGadget — Mon, 15 Jun 2015 08:02:31 +0000

Welcome to Safegadget.com, the one-stop website for securing your computer and gadgets. Don’t wait until you have become a victim of malware. While it is impossible to prevent all attacks, it is important that we all secure our systems so we aren’t easily hacked. This is akin to wearing a seat belt to prevent an accident.

We feature many different security tutorials.

Learn how to secure your PC, find free anti-virus software, and find Windows security software
Secure your Mac and find free Mac security software
Use Linux for secure online banking, online trading, and online shopping
Secure your wireless network (Wi-Fi)
Learn how to create, store and use secure passwords

Harden the Security of your Browser

Boost the Security of your Smartphones and Tablets

Learn how to perform the following Safely and Securely

Internet for Kids – Parental Controls

SafeGadget — Mon, 02 Jan 2012 08:00:05 +0000

The Internet is a scary place for kids and a constant worry for their parents. Inappropriate content, predators, and malware lurk around every corner. It is critical that we teach our kids how to use the Internet safely as well as equip our computers with necessary safeguards. First we will cover some foundational security information, then we will delve into tools and settings to help secure the Internet for kids.

Consumers Union found that households containing people under 18 had a larger propensity to being infected with malware. The following situations can easily occur:

A child might post on Facebook that the family is going on vacation
Children download apps without understanding the hazards or reading the reviews
Younger kids may click on links within email, without thinking about the risks
Not downloading copyrighted material needs to be taught to minors
Popup warnings from security software are usually ignored

Educating Your Kids

The most important element in creating a safe place for your kids to use the Internet is Education. No piece of software or hardware can replace teaching your kids right from wrong, and candidly discussing all the bad topics that can be found on the Internet.

Some topics parents should cover:

Do not reveal your passwords
Use social networking safely
Do not reveal too much personal information
Beware of online fraud

We suggest you monitor your kids closely and place computers in a central location, not hidden away in their rooms. A family room or kitchen that is easily seen is a good bet.

Microsoft has a very useful article on teaching kids online security basics.

Secure your computer, web browser, Internet connection

Built-in Parental Controls

Many operating systems have parental controls already built in. There is no need to add additional software or hardware to enable them.

Microsoft
Macintosh OS X
Apple iOS
Android does not include parental controls

Apple’s iOS 5 or newer includes an option to shut off In-App Purchases. We suggest you enable this option to prevent kids from purchasing items within games.

Software Parental Controls

Parental control software helps filter inappropriate content from the Internet. This software interfaces with your browser and operating system to do the following:

Block specific websites
Filter inappropriate content
Monitor Internet usage
Manage Internet access

Most software products have long lists of sites that they block. These lists are constantly updated.

Internet Access Control for Kids using Software

Computers can be configured to block inappropriate websites utilizing several different techniques. Some involve customized browser software, while others strengthen the lower level plumbing in one’s computer.The following software packages include parental controls and content filtering.

K9 Web Protection – Free software to control browsing. No controls for email, instant messaging, games. Windows, iOS (iPhone, iPad), and Macintosh.

Norton Online Family – Free software to control browsing, instant messaging, limit computer use, monitor usage. Free version with limited functionality. Windows and Macintosh.

Windows Live Family Safety – Free parental control software for Windows 7 and Windows Vista. Get usage reports, choose websites, games, programs they can access. Control time periods when they can use the computer.

Most parents install this type of parental control software to help manage their kid’s Internet access.

Internet Access Control for Kids using Domain Name Filtering

The following free options allow you to set your Internet router to automatically block inappropriate content.

OpenDNS – has a free family service which incorporates parental controls to block inappropriate content.

Norton ConnectSafe for Home – Configures the domain name servers that your computer uses to special ones that include options to filter porn or to be family friendly.

Using Virtual Machines for Kids

A virtual machine is software that allows a computer and its operating system to run within your existing computer. The software emulates another computer, so you can set it up with a configuration that is more optimized for kids. Here are several free options for you to deploy virtual machines in an effort to create a safe environment for kids. The kids should do all their surfing within the virtual machine, so that your main computer will not polluted with their usage.

Dell KACE – has a free secure browser based on a virtualized and contained Firefox Browser with Adobe Reader and Flash plug-ins. You can manually install Google Chrome.

Creating an Account for Your Kids

It is wise to create a separate user account just for your kids. This will prevent them from altering or adding to your software, add-ons, bookmarks, etc. To create an additional account under Windows 7, do the following:

Setup a Standard user or non-administrative user account and allow your kids to use that instead. A non-administrative account or Standard user account can use most software and change system settings that do not affect other users on the same computer, nor can this user affect the security of the computer. Note: Some malware, has from time to time, found the ability to grant itself administrator privileges bypassing Internet Security. Running as a standard user still minimizes risk. There will be times when using the Standard user account is annoying, due to lack of sufficient privileges to complete certain tasks. In the end the security increase is worthwhile. To create a Standard user account follow these steps:

Click Start Button
Type Create Standard user account into Start menu’s Search Box
Select Create Standard user account from the results
Click on Standard user
Enter a new account name in the dialog
Click Create Account

Children’s Online Privacy Protection Act (COPPA) of 1998

Children’s Online Privacy Protection Act is intended to help parents by banning any child under the age of 13 from joining social media platforms such as Facebook or from setting up general purpose communications accounts such as email or Skype.

While this is a noble goal, in practice many parents help their kids circumvent this Act, by setting up accounts with these services anyway. Any kid under the age of 13 who has an email account is skirting this Act. 38% of children on Facebook are 12 and under per a recent poll by MinorMonitor.

Facebook Parental Control

Facebook is everywhere and is widely used by kids. Protect your kids on Facebook with our How to Safely use Facebook article as well as add on software.

MinorMonitor – Helps identify possible bullying, drug use, sexual references, and more.

Apple iOS – iPhone and iPad Internet Safety

Kids are seen using their parents’ iPhones and iPads all over the place. It is important that we take steps to control their access to these ever-more present devices. Starting with iOS 12, Apple has added extensive parental control features with the screen time feature. Here are some additional free apps to help you accomplish this:

Parental Control App (Kidslox) – Has app blocking, content filtering, and daily limits on screen time.

Android Parental Control Apps

Android has no built in parental controls outside of app store restrictions, so users need to install third party apps to fill this void.

Cloudacl Safe Browser – Cloud based content filtering browser.

Google Family Link – Set digital ground rules and monitor online activity.

There are many resources to help insure your kids are using the Internet safely. Parental control software is available, but in the end it is important to educate your children regarding safe Internet usage.