Category: Security

How to Stop Your USB Cable from Spying on You

Let’s be honest, not all of us are using the original USB cables that came with our phones and tablets when we bought them. Maybe it is lost, or maybe one cord just isn’t enough. Cords are cheap online, so why not grab a few extras? As it turns out, not all cables are created equal. Some could be used to steal your information.

How Can a USB Cable Be Dangerous?

Cables seem like pretty basic items, and it seems odd that an item without an electronic “brain” could pose a danger. Remember, though, that USB cables can be used to transfer data as well as charge hardware. If you want to put a picture from your phone onto your computer, you could plug it in and copy it over.

This same functionality could be used by bad actors to trigger a data transfer any time you use that wire in a device – even at a public charging station. You would assume that because it is branded as a charging station, that is all it does. But there is no good way to check if your wire is trying to do more. Some devices will not initiate data transfer without a confirmation prompt on the device, but that is not always the case. The only way to be sure your data remains safe would be to use an adapter that disables the data wires in the USB, allowing it to charge only.

USB Data Blocking Adapter

One inexpensive product that can protect you from unauthorized data transfers is a USB data-blocking adapter. It is a small dongle you place between your wire and the charger (or other devices) with the data wires removed so that it can only charge your device.

PortaPow (available at Amazon) is a trusted name in data-blocking technology, but neither I nor the library receives any compensation for mentioning them. No matter which brand you use, make sure there are no data wires at the end that plugs into the charging device.

Summary

If you are using after-market cables or public charging stations, it’s a sensible safety precaution to use a USB data blocker. At under $10 per adapter, this is one of the least expensive ways to secure your data. Do you use a USB data blocker? If so, let us know in the comments.

Access 20+ Free Tools to Enhance Your Online Presence

If you create online content, whether for fun or profit, you know there are lots of tools out there to help you design and secure your creation. Some are free or low-cost, while others can be staggeringly expensive. While in search of free tools to help me with simple graphic design, I stumbled upon a treasure trove of them in a variety of categories.

Experte.com

When I needed one, I found a background remover for images on Experte.com’s design tools page. I found it so helpful, I blogged about it. That page also revealed some other tools I thought may be of use, such as an image cleaner that could help remove unwanted elements from an image. Of course, all of these tools are available in software like Photoshop and GIMP, but sometimes you just want a simple tool to do a simple job.

After finding the design gems, I poked around Experte.com to see what else was on their site. I was really impressed with the number of website tools on offer, and I have made use of several of them. Google, W3C, and other providers offer free tools for testing your site’s speed, validating your code, checking mobile compatibility, etc., but Experte.com has put several of these website tools on one page for easy access. Using these in conjunction with other, similar tools may help you get a more complete picture of how your website is functioning.

Experte.com also offers tools for IT security and business. To access any of the tools on this site, hover over a menu item (e.g., Design) and select the sub-item at the bottom of the list labeled “tools.” There is a page of tools for each top-level menu item (except About).

Summary

Lots of free tools exist from a variety of sources on the internet to assist online content creators in putting their best foot forward. Experte.com helpfully gathered many key tools in one place for their users. Have you tried any of the tools at Experte.com? Let us know what you thought in the comments.

Unsure How To Stay Safe Online? Help Is Available!

Given today’s online climate, cybersecurity is more important than ever. Our recent technology survey revealed that this was one of the top concerns among our library users, prompting us to plan more events and education on that topic. Even if you’ve had security training in the past, security recommendations are changing all the time. As the person in charge of technology security at the library, I can tell you it’s no small feat to secure a network and online services from intruders. Even if you put all of the proper measures in place, all it takes is one user to click the wrong link or open an unknown attachment and the worst-case scenario could happen.

As such, the best line of defense is to make sure individual users know how to recognize and avoid traps and how to practice good technology hygiene (like keeping your computer and its software up-to-date). Once upon a time, it was easy to spot a scam. You knew no Nigerian prince would contact you looking for help, and those weird characters in the middle of the word to trick spam filters were a dead giveaway. These days, criminals are getting a lot better at spoofing emails and other communications to make them look legitimate.

Even if you think you know everything about cybersecurity, you still have more to learn. Fortunately, there is a reliable online resource that can teach you general concepts and help you with your cybersecurity questions, presented by the National Cybersecurity Alliance. There is a lot of information there, so I would suggest starting with these two sections of the website:

One of my favorite things about this resource is that the topics are broken down into short, easy-to-understand parts with practical advice. As an example, one of the longer articles is an 8-minute read called How To Tell If Your Computer Has a Virus and What To Do About It. Dating scams, travel tips, hacked accounts, smartphone security, and many other topics are represented in articles all estimated to take less than 10 minutes to read.

One drawback to this resource is the fact that almost all of their education resources are written. If you prefer your education in video format, try this Tech-Talk collection or GCFLearnFree.org.

What are your biggest cybersecurity concerns? Let us know in the comments. Until then, stay safe!

Is It a Social Media Game or a Clever Hack?

If you’ve been on social media sites such as Facebook and Twitter, chances are you’ve seen them. Posts that appear to be innocuous enough, asking for a combination of personal info to find out things like what your Bridgerton name would be by asking you to name your grandmother’s name combined with the street you grew up on.

The problem with these types of posts is that they are not innocuous – far from it. These attempts by various entities to gather personal information are a type of social engineering.

What is Social Engineering?

According to this helpful article on Imperva, social engineering is “the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.”

The types of posts you may see on social media sites will ask all sorts of questions related to personal information that is often the same type of information used in security questions used to retrieve a forgotten password. A single question may appear innocent enough, but the way these scammers often operate is to gather information through multiple questions. For example, to gain access to someone’s account by answering security questions, you will often need to enter your birth date. These social engineering posts will be clever in the way they ask for information. Instead of, “post your birthday!” they will instead ask things that combine your birth month or number combined with other information. If you were to comment that you were born in January, they would have one piece of information. Another post may ask when you graduated high school, or what age you were in a certain year. When pieced together, the perpetrators have your birth date.

Type "Halloween" and the year you were born in the GIF bar. That's your costume this year.
Example of a social engineering meme

Answering security questions can be used to retrieve a forgotten password or as an extra security measure to log in to some websites. Some common security questions ask about the street you grew up on, your favorite pet’s name, or the name of your firstborn child. To get this information, the perpetrators will word it in a different way such as, “what’s the name of the child who made you a mom?” A question that sounds innocent, but has malicious intent.

What Do They Do With the Information?

There are several ways the perpetrators can use your information. The easiest way is security questions. Once they have your information, they can visit your various accounts, be it Google, Yahoo, or even your bank account, and use the information to reset your password. What about the example question mentioned above about the name of the child that made you a mom? A common security question asks the name of your firstborn child. Your favorite subject in high school is another common question asked in Facebook posts that people answer without hesitation.

Besides answers to security questions, this information gives a heads up to those attempting to guess passwords. If hackers have a starting point, for instance, if your password contains the name of your childhood pet or your first born, it makes it easier to guess the rest of the password, especially if they are using hacking programs that can automate the process.

Men laughing with text "we posted a Facebook quiz with password security questions and they not only answered the questions, they shared it with their friends.

An Easy Solution

An easy way to combat this problem is to not share personal information on social media. While you may think only your friends will see the answers, once you comment on a public post, anyone on the internet can see the information you provided. Another way to avoid this problem is to not use security questions when given the choice. Instead, opt for a backup email address or a text message as a way to verify your account in the case of a forgotten password.

While the attempts to find out personal information on social media are plentiful, with due diligence, you can keep your information away from these information harvesting attempts by scrolling right past them.

Have you noticed these types of posts on social media? Let us know in the comments.

Have Your Passwords Been Compromised?

These days, security breaches are in the news so often you may think there is no way to avoid having your information stolen. While no credentials are fully safe from hacking, using good password hygiene (not reusing passwords, using complex passwords, etc.) and staying on top of which of your accounts has been hacked can go a long way in keeping you safe.

Even if you watch or read news 24/7, it is impossible to keep up with all of the account breaches yourself. Luckily, https://haveibeenpwned.com/ exists to keep track of this for you.

The process is simple and free. Point your internet browser to https://haveibeenpwned.com/ and enter your email address.

When I put my personal email in, I got this message:

If I scroll down a bit, I can see the individual instances in which my information was compromised, along with more information about each particular hack:

What Do I Do with This Information?

Just because you have an account with a service that was breached doesn’t mean someone is actively using your account. It just means your information may be in the wrong hands. Knowing which accounts have been compromised can help you in the following ways:

  • Quickly change passwords and/or associated email addresses to prevent someone taking over your account. Also change credentials for any other account that uses the same email/password combination.
  • Get a heads up to check and make sure no unauthorized activity has happened on your compromised account.
  • Evaluate whether this is a service/account you really need. If not, delete your account, if possible.
  • Discover services you forgot you had signed up for!

Try It Out

Now it’s your turn to see if any of your email addresses have been pwned. If they have, there is no need to panic. Just follow the steps above to re-secure your accounts.