Updated Safe Gadget Security News – Security Alerts 2017

The following alerts have been updated to reflect new and important security protection schemes:

11/21/2017: Quad9 is a free DNS Domain Name Service that helps prevent users from accessing malicious sites.  Run by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA)

11/1/2017: Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update.  It works well and should be used by all Windows 10 users.

10/16/2017: KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks. Using a VPN helps.

10/6/2017: Kaspersky has been implicated in stealing data from the NSA.  Uninstall any of their antivirus software right away.  It is now banned in the US government. Best Buy has stopped selling it.

9/8/2017: In September 2017, Equifax got hacked affecting 143 Million customers. (Almost everyone!) Equifax is offering complimentary identity theft protection. – Do more! Setup a Credit Freeze.

9/1/2017: Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.

5/12/2017: Wanna Cry ransomware is spreading fast.  It exploits a Microsoft bug that was patched in March 2017.  It is more infectious because it can spread throughout a local network.

WannaKiwi – Decrypts files WannaCryp ransomware. Do not reboot after getting infected.

Continue reading “Updated Safe Gadget Security News – Security Alerts 2017”

Hacked Internet of Things Database

Last Update: November 5, 2017

October 2017 Wi-Fi KRACK attack

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

More and more gadgets for the home are connected to the Internet for additional functionality. Refrigerators to Thermostats to Door Locks, the list is never ending. Do not forget about security. You may have created an open door for hackers, become part of an evil Botnet, or illegal activity without your knoawledge.

A vulnerable webcam can give ANYONE on the Internet a view of your home. Secure these home gadgets as strongly as possible. Many can NEVER be updated, which means that you should discontinue their usage.

Wi-Fi Network Connection

Here are some general tips to secure your devices at home:

  1. Change the default password of the Device
  2. Update the device to the latest firmware available. If the company does not have a firmware update page, we would return it.
  3. Connect your IOT device such as a Dropcam or Nest Smoke Detector to your Guest Wi-Fi network whenever possible.  This network should be walled off from the normal network, preventing access to all your Computers.  Malicious devices could snoop on your network and quietly send information without your knowledge.
  4. If the Wireless routers guest network is not secure, it is even better to have 3 routers in a Y configuration. You can purchase an inexpensive router that hooks up to your Cable/DSL modem, then have 2 separate wireless routers connected to this device. Put all Internet of Things devices on one of the Y routers. Connect your computers, smartphones, tablets to the other router.
  5. Have the Guest network that IOT devices are on, use a different dns server
  6. Turn off uPNP on your router to prevent ports from being opened up to access IOT devices.

Even the NSA is loving the rise of all these IOT devices to let them hack more easily. CCTV cameras were involved in a DDoS attacks, taking down small businesses who did not pay ransom.

Continue reading “Hacked Internet of Things Database”

How to: Safe and Secure E-mail

Last Update: 8/26/2017

Spam, can of spam less sodium

Every computer user uses e-mail. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their e-mail safe and secure.

E-mail is the major way most malware is transmitted across the Internet. E-mail is the largest attack vector against large companies, as it is far more difficult to physically infiltrate a company. In this article, we will help you use e-mail more securely.

A recent experiment of 150,000 test emails sent by Verizon Enterprise Solutions found that 23% of recipients opened the email, 11% click on the attachment. One person clicking on the attachment would have infected the organization.  The human is the weakest link.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

The Golden rules of the Internet:

  • Do not trust anyone
  • If it is too good to be true, it probably is
  • Don’t install software from anonymous sources
  • Don’t automatically hit “yes” to any pop-up
  • If it looks suspicious, run

Secure Your Router

Continue reading “How to: Safe and Secure E-mail”

Android Smartphone Security, How to securely use your Android Smartphone or Tablet

Last Updated: August 26, 2017

Android Smartphone,Samsung Galaxy 2, T-Mobile

Google’s Android operating system powers many popular cellphones including the popular Samsung Galaxy S8. Most Android Smartphone users as well as most of the pubic at large do not think very much about security.

If your phone is not running the latest Android security patches, you are open to attack. A recent Wall Street Journal article showed that only 2.8% of Android devices have the latest security patches. Compare that to 79% of iPhones due to Apple’s uniform eco-system.

Google Play Protect

  • Be sure your device is running Google Play Protect.  It scans for Malware and bad apps. This was release in July 2017 and runs on Google Play Services 11 or higher. This is a unification of Android security systems like Verify Apps, browser protection, and anti-theft measures.

Most Up to Date Android phone

This flagship phone runs the latest Android version and is patched regularly. Sold directly from Google or from a couple carriers.

Continue reading “Android Smartphone Security, How to securely use your Android Smartphone or Tablet”

How to: Safe Online Banking and Online Trading

Last Update: 8/26/2017

PC, desktop computer

Online banking and online trading have been gaining market share every year. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their online banking and online trading safe and secure. In this article, we will help you bank and trade more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online banking and online trading when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

Continue reading “How to: Safe Online Banking and Online Trading”

How to Create, Store, and Use Secure Passwords

Last Update: 8/11/2017
iPad password entry screen

Passwords are one of the biggest security problems on the Internet, possibly even more so than Malware. Poorly chosen passwords and security questions are making online accounts easily hackable by cyber-criminals.

Everyone knows it’s important to create and use complex passwords, ones that do not include:

  • Words from the dictionary of any language
  • Personal information such as names of your kids, pets, addresses, etc.
  • The same password for more than one site
  • Ones that are written down

Few people follow this type of policy. If you are guilty of one or more of the above, you are at risk of getting hacked. Hackers are able to use brute force attacks to test over 200,000 passwords per hour. As technology improves, they will be able to test passwords even faster. In this article we will help you create, store, and easily use secure passwords.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

Better Usernames

We suggest users first start with a non-obvious username. Don’t use your first name or first name + last name as your username throughout your online accounts. Make up a name or alias. Include numbers and/or upper and lowercase letters. Better yet, use a different username on every site. The password managers recommended below will automatically remember all your logins.

Continue reading “How to Create, Store, and Use Secure Passwords”

iPhone Security, How to securely use your iPhone

Last Update: 10/10/2017

Apple iPhone 3GS

Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..

Most iPhone users do not think very much about security. The iPhone is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPhone has grown in popularity, the smartphone has become more of a target by hackers and criminals. It is important that iPhone users immediately become more vigilant about smartphone security.  Our tutorial covers the iPhone through iPhone 7 Plus and iOS through iOS 11.

0. Obsolete Hardware

If you have an iPhone or iPad that no longer gets updates, we would recycle it and buy a new one RIGHT away. Keep in mind that iOS 10.3.3 is the first version that fixed a Huge Broadcom Wi-Fi bug. Without that fix, you can get hacked by just having a Wi-Fi signal nearby.

1. iPhone Software Updates

Apple upgrades the iOS software for the iPhone from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPhones to a computer in order to update the smartphone’s software. Needless to say, this was inconvenient and led to many iPhones with obsolete software.

Always update to the latest iOS software available as soon as possible.

Continue reading “iPhone Security, How to securely use your iPhone”

How to: Safe Online Shopping

Last Update: 3/22/2017

PC, desktop computer

Online shopping has been gaining market share every year. Security breaches make headlines almost daily. With more and more shoppers going online, consumers are worried more than ever about keeping their online shopping safe and secure. In this article, we will help you shop more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online shopping when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

Continue reading “How to: Safe Online Shopping”

How to International Travel and Maintaining Computer Security Tips

Last Update: 5/4/2017

Apple iPhone 3GS

The International Travel Security Problem

Many of us travel internationally but few realize how important computer security can be when we visit other countries. People doing business in countries like China and Russia (or any other country for that matter) need to pay strict attention to their technology security protocols to prevent the real and growing threat of high tech espionage. There have been instances of people returning from abroad and having their laptops or smartphones compromised. A mobile device used internationally and later hooked up to the Company’s network provides an excellent infection vector. The folks intent on stealing information could be government or corporate based.

Learn how to use your iPhone or Android Smartphone in China

How to Protect Yourself When Traveling

Some people might find the following list a bit paranoid, but you never can be too safe. People that work for major corporations, government, or security firms need maximum protection from attackers. There are tools that can detect the location of a mobile device to within 100 feet and can target phones by the phone number, IMEI (International Mobile Equipment Identity) number and intercept all communications from the mobile device.

  • Leave your cell phone and laptop at home
  • Buy a phone and SIM card in the other country
  • Beware of any SMS message especially if they have links
  • Do not bring any sensitive data or passwords
  • Use temporary or loaner cell phones and laptops which will be erased when you get home
  • Make sure all gadgets are fully up to date and have security software enabled. The best encryption should be utilized
  • Never let your electronics out of your site
  • If your device gets inspected at the border, it should never be connected to the Company’s network again
  • Turn off Bluetooth and Wi-Fi
  • Avoid public Wi-Fi altogether
  • Do not use a public phone charging cable, it could be capturing video while you charge
  • Disable microphones and cameras
  • During meetings, turn off your devices and remove their batteries. (Prevents possible recording)
  • Use a VPN with heavy encryption to connect to the Internet
  • Use Google Voice to create a “throw away” voice accounts
  • Do not connect to your Company’s or government’s network while abroad
  • Use coded language when discussing sensitive matters
  • Cut and paste passwords to prevent keylogging
  • Change any and all passwords you used on the trip, immediately
  • Enable two factor authentication for services that support this; Facebook, Gmail, eBay, etc.
  • Two factor authentication system using SMS text messages is not secure, due to the weak SS7 routing system. We suggest only using two factor when you can use a token or a time based authenticator like Googles.

Continue reading “How to International Travel and Maintaining Computer Security Tips”

Secure Firefox Browsing

Last Updated: 4/14/2016

firefox browser

Firefox is one of the most popular web browser for Windows and other platforms. This makes it a large target for malware and cybercrime. We will focus on securing Firefox, and will significantly increase the browser’s security through add-ins and special hardening settings. We are avoiding earlier versions of Firefox and recommend users to upgrade to the latest version of Firefox. We also recommend running under Windows 7, 8 or 10, so if you are running under an older version of Windows, we recommend you to upgrade or buy a new computer. Older versions of Windows like Windows XP were not built with security in mind.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Firefox includes the following security oriented features:

  • Instant Web ID
  • Do not Track
  • Private Browsing
  • Clear Recent History
  • Customized Security Setting

The Golden rules of the Internet: Continue reading “Secure Firefox Browsing”

Welcome to Safegadget.com

Welcome to Safegadget.com, the one-stop website for securing your computer and gadgets. Don’t wait until you have become a victim of malware. While it is impossible to prevent all attacks, it is important that we all secure our systems so we aren’t easily hacked. This is akin to wearing a seat belt to prevent an accident.

We feature many different security tutorials.

Harden the Security of your Browser

Boost the Security of your Smartphones and Tablets

Learn how to perform the following Safely and Securely
Continue reading “Welcome to Safegadget.com”

Major Wireless Network Security Breach – Wi-Fi Protected Setup (WPS Bug) PIN Brute Force Vulnerability – Reaver

Linksys wireless router, Linksys router, WRT54G

Updated January 2014 to cover a new TCP 32764 Wireless router Vulnerability.

A major security hole known as WiFi Protected Setup (WPS Bug) PIN brute force vulnerability (US-CERT VU#723755) has been recently found in virtually all modern Wireless Routers used in the home, resulting in a vulnerability that allows hackers to extract your WPA wireless security password in a matter of hours. Wi-Fi Protected Setup (WPS) is a protocol that allows users to press a button on their Wireless Router and connect to their computers without typing in a long cryptic password. A hole in this protocol has been recently found and exploited, allowing hackers easy access to cracking most wireless networks.

Why is this a major security problem?

  • Virtually all wireless routers have this problem
  • Many wireless routers (Qwest Actiontec, etc) use the same unchangeable PIN 12345670, hackable in seconds
  • WPS is turn on by default to get certified by Wi-Fi Alliance
  • Wireless routers do not automatically update their software to get a fix
  • The number of PIN codes to test is only 11,000 instead of 100 million
  • Attack software is available

The biggest issue is that virtually all wireless routers sold in the last 4 of years are hackable. The manufacturers need to update their firmware for these devices in order to fix the security breach. Virtually all wireless routers do not automatically update their firmware. As of January 16th, 2012, no manufacturers have issued updates, leaving millions of wireless networks vulnerable. Adding insult to injury, options to disable Wi-Fi Protected Setup (WPS) have been found to not do anything.

Why is getting your wireless password bad?

There are many reasons why you do not want your wireless password hacked.

  • Others could use your Internet Connection Freely
  • Spam or other illegal activities could be sent
  • Everything you do on your network could be captured and read
  • Your online banking and trading would no longer be secure

Continue reading “Major Wireless Network Security Breach – Wi-Fi Protected Setup (WPS Bug) PIN Brute Force Vulnerability – Reaver”

iPad Security, How to securely use your iPad

Apple iPad, tablet computer

Most iPad users do not think very much about security. The iPad is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPad has grown in popularity, the tablet has become more of a target by hackers and criminals. It is important that iPad users immediately become more vigilant about tablet security. Our tutorial covers the iPad, and iPad 2.

1. iPad Software Updates

Apple upgrades the iOS software for the iPad from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPads to a computer in order to update the tablet’s software. Needless to say, this was inconvenient and led to many iPads with obsolete software.

iOS 5 allows updates to occur without the iPad being connected to a computer, allowing users to stay current far easier. We recommend all owners of the iPad and the iPad 2, upgrade to iOS 5 immediately. iOS 5 in fact includes many security fixes.

If you Jailbreak your iPad, you need to be extra careful with regards to security as iOS updates are much more difficult for you. Be careful where you obtain your Jailbroken Apps as malware is much more prevalent.

2. iPad App Security

Apple’s App Store reviews all submissions before adding them. All iPad apps must be authenticated and signed which helps to ensure they haven’t been tampered with or altered. This helps prevent malicious apps from infecting the App Store. Apps are prone to security vulnerabilities, that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. Regularly use the App Store app and select Updates. iOS 7 adds the capability to auto update your apps. Be sure to use this function. Apple has the ability to remotely remove malicious apps from your iPad.

Continue reading “iPad Security, How to securely use your iPad”