Category Archives: Education

Why Do Users Keep Falling for Scams?

This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.


*Social engineering: refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access — Wikipedia

wps_clip_image-25719

It’s unfathomable to me why so many people still get caught out by social engineering techniques, being tricked into clicking that link or opening that attachment.

Social engineering is one of the most prevalent methods used by cybercriminals to infect a system and/or gain a user’s sensitive information. Ransomware, phishing emails, scams, all generally involve an element of social engineering. Why? Because it’s simple, effective, and lucrative. It stands to reason then that the most potent method for eradicating these types of threats would be to make them less effective and less lucrative. The question is; how to achieve that?

You’ve no doubt come across the saying “education is key” – and, when it comes to social engineering, nothing could be truer. Because of the changing nature of socially engineered exploits, security software cannot always protect users from themselves. That’s why Tech blogs are repeatedly issuing the same advice/warnings – don’t click on links in emails from unknown senders, don’t open email attachments from unknown senders, etc., etc., etc. In fact, I recently published yet another list of do’s and don’ts  “10 Golden Rules to Defeat Scammers” . Yet, despite all this, so many people are still falling victim to social engineering.

A large part of the problem I suppose is that the users who need this type of advice the most are generally not the sort of people who tend to visit and read Tech blogs.

I was recently perusing a well-known freeware site and came across a comment from someone complaining that, despite being protected by a commercial grade antivirus, his company’s computers had been infected by ransomware… twice. On both occasions the infection was initiated by an employee clicking on something he or she shouldn’t have clicked on. I suggested to him that perhaps his company needed to review and strengthen its staff training program. Education is key.

My own clientele consists largely of elderly folk and, in my experience, many are highly susceptible to phishing and scams in general. I have a theory about this; I’m sure it’s because they were brought up in an era when trust was inherent; leaving the front door to the house open, leaving the car unlocked and keys in the ignition. Do you know what I mean? It’s not so much that they are gullible, more overly trusting.

These people also tend to be not so computer/security savvy, so rather than hit them with a long list of do’s and don’ts, which might be difficult to follow, I condense it all down to just three rules for them to remember:

1. Treat each and every unsolicited phone call and/or email as highly suspicious.

2. Always be very wary about giving out sensitive personal information over the internet.

3. If it sounds too good to be true, it almost certainly is.

If the more savvy among us would only take the time to pass this type of advice around their own particular circles of family, friends, and acquaintances, I believe that we, collectively, might just make a difference.

image

Advertisements

10 Comments

Filed under cybercrime, Don't Get Hacked, Education, Internet Safety for Seniors, Online Safety, Safe Surfing, System Security, trojans, Viruses, worms

Top 5 Tips to Keep Your Website And Network Secure

imageEvery day, innocent websites are compromised by malicious hackers. Google identifies almost 10,000 malware-infected websites each day, and half of those are genuine websites belonging to legitimate companies. These companies haven’t done anything wrong, but they find themselves blacklisted by Google, and that’s only the edge of the brutal iceberg.

Hackers inject vicious malware into these sites to infect visitors. They confuse and lure users to dodgy websites and they break in and steal important and often sensitive customer information.

It’s a real and constant problem, but there are easy and simple steps you can take to guard against these attacks and keep your site, your network, and your customers safe and sound.

1. Use strong passwords, keep them secure and change them frequently

We all know that we should choose complex passwords, but sometimes laziness takes over and we slack off. This is a crucial mistake. Obviously, you want to choose exceptionally strong passwords for your server and website admin area, because a vulnerable password here is a free ticket for hackers to cripple your site and do untold amounts of damage.

It can be inconvenient to remember frequently changing passwords, but in the end, it’s a simple solution that can save a lot of headaches in the future. It’s also imperative that you enforce good password practices for your users.

Compromised user accounts are a special hell of their own. Demanding that minimum password requirements are met for registration will force users to make smart choices. Insist on eight characters, at least an uppercase letter and a number or special character. It’s a bit of a hassle, but it’s worth it.

Make sure that any passwords are stored as encrypted values. Ideally, you’ll use a one way hashing algorithm like SHA. This method means that during authentication, only encrypted values are ever compared. In a worst-case scenario, if someone hacks in and steals passwords, this will limit the damage.

They can’t decrypt them, and they will be reduced to attempting dictionary or brute force attacks, trying every single combination until a match comes up. It’s time consuming and computationally expensive and just not worth the effort for most people.

Your wireless network password should be seriously strong, and the network should be protected by Wi-Fi Protected Access 2 (WPA2) rather than WEP (Wired Equivalent Privacy). WEP encryption is brittle and hackable in minutes these days and should never be relied upon.

It’s also imperative to ensure that your PCs are well protected against viruses at all times to prevent password theft.

2. Be discreet with your error messages

Make sure your error messages aren’t giving away too much information. If your website requires a login, you should pay attention to how your error messages deliver the message that their login attempt has failed. A quick-and-simple, very generic message such as “incorrect login information” is your best bet.

It doesn’t tell the user if half the query is right (especially not which half!) When a hacker is attempting brute force attacks to gain access to usernames and passwords and the error message identifies one field as correct, that’s valuable information for him. He then knows that he’s halfway there and can concentrate all his attention and effort on the remaining field. Don’t make it easy for them!

3. Keep software up to date

Make sure that you’re consistently and quickly applying security updates to all of your software. From your personal PC’s virus protection, to your server operating system, and website software like content management systems, blogging, forums, and blogging platforms.

Hackers are quick to exploit any known holes and bugs, and you want to get there first. Sign up to the mailing lists and RSS feeds of all your software vendors. They’ll be the first to alert you to any security issues and their solutions. Find out and follow it up.

4. Limit Use of your Administrator Account

Keep your computer’s admin account for installing updates and software, or for reconfiguring the host when you have to. Don’t go online while logged into your admin account. Non-privileged user accounts are not just for guests and visitors: you should have one yourself for everyday use. If you browse the web and read your email with an admin account, you leave yourself open for an attacker to gain entry and access to your host.

5. Ask the experts

You don’t have to do it all on your own. There are good tools out there for monitoring your own website, but not everyone has the time or inclination to stay on top of security 24/7.

It’s possible to find monitoring services for very reasonable prices. These companies will check for malicious activity, give you an alert if your website shows up on a blacklist, scan your site for vulnerabilities, and be there for support and repairs if you do fall prey to a hack.

If you’re dealing with databases of sensitive customer information that are attached to your site, it’s probably worth it to get an expert in from the start, sweeping your code for bugs and building in extra lines of defense from the ground up. For small businesses, companies such as SiteLock and Stop the Hacker offer packages for under $100 a year.

This guest post was provided by Amanda Gareis on behalf of Drexel University Online. Drexel expanded into the online learning sector in 1996 and now offers its recognized curricula to a worldwide audience. Drexel Online offers degrees in Information Science, Information Technology, and Computing and Security Technology. The university also provides an Information Technology Career and Salary Guide resource for those looking to enter the industry.

2 Comments

Filed under Cyber Crime, Education, Guest Writers, Internet Safety

Though There is Much To Be Desired, Online Schools Have Come a Long Way

In today’s guest post, Estelle Shumann explores the recent advances made in online education and the steps still needed before online education will be a viable and secure platform.

imageOnline education has taken enormous strides in 2012. If progress continues at this pace, there may soon be a low-cost, high-quality alternative to traditional education widely available to students of every stripe. In fact, free learning may become a possibility for everyone with an Internet Service Provider (ISP) and computer or mobile device.

In this article, we will take a look at some of the big milestones reached, as well as the areas that need improvement before learning becomes completely democratized.

Why was 2012 such a groundbreaking year? Firstly, Internet connection speeds have increased, so most people can stream video easily and without interruption. This format allows professors to speak directly to students, even if they are thousands of miles apart.

As studies and experience have shown, there is simply no decent alternative to watching and listening to a real person discuss a topic. Tone of voice, gestures, and demeanor are crucial to the successful transmission of complex ideas. Moreover, recent experiments have demonstrated that classes are more successful when offered in real-time segments. Lectures may be recorded, but are released on a weekly or bi-weekly basis. The past decade has allowed institutions to gain experience with online class environments, making them more efficient and effective.

The University of Phoenix and Khan Academy are no longer the only entities trying out new ideas. There are now a vast number of traditional universities experimenting with online education. Stanford University has been a pioneer in this arena offering online classes for over a decade. MIT started offering open courseware in 2011, which gave anyone interested access to video-lectures, assignments, tests, and quizzes. In the fall of 2012, MIT and Harvard will join forces and offer a combined platform, called EdX.

Also in 2012, a team of Stanford professors came together and went live with Coursera, a collaborative approach to online education that allows any university to join and offer free classes through its website. Thus far, 16 universities have joined, including Stanford University, Princeton University, University of Pennsylvania, and University of Michigan. Institutions in France, Canada, and the United Kingdom have also joined what is now an international effort. These universities are adding their prestige and pull to Coursera and online education in general.

Despite the advances in online education, there remain some large problems to solve before it will become universally useful to consumers. One major issue involves certification and assessments. Many classes on Coursera, for example, offer certificates signed by professors, but the value of these remains dubious.

The reputation of these certificates is hampered by the possibility of hacking and cheating. It would be impossible for these universities to monitor individual students and ensure fairness. Until there is a secure way to know that students have completed their own work without external help, online classes will not mean very much to prospective employers.

Also problematic is the limitation of single-course offerings. In order to prepare for a profession in the real world, students need to earn some type of certification or degree, which requires a prescribed set of completed classes. Thus, students may still need to attend traditional university programs if they want to significantly improve their earning potential.

Online classes fail to meet the goal of democratizing the education system, but they are progressing rapidly.

Author Bio:

Writing for the education resource OnlineSchools.org, Estelle is familiar with the benefits and drawbacks of both online and traditional schools. Estell’s article builds on a December 2011 post from Bill Mullins’ Weblog, which suggests that online education resources like Khan Academy are proof that the content of online course offerings remains more important than the method of delivery.

2 Comments

Filed under Connected Devices, Education, Guest Writers, Interconnectivity, Online Learning

Four Tips to Simplify Your Tax Time With Nitro PDF Professional

imageDid I ever mention that I love Nitro PDF software? Nitro PDF,  at every level (both the freeware version, and the professional version), has established an enviable reputation for excellence: applications are fast, lightweight, and incorporate customizable security controls, including the option to completely disable JavaScript – no small consideration for security conscious users.

I’m hardly alone in my assessment – so, I’ll throw in a couple of comments from readers following my last review of Nitro PDF Reader 2.0 – June 21, 2011.

It is really awesome. Nitro PDF Reader is the one of the best PDF readers in the market. I am quite excited about what ………

At work, I use Adobe but at home, I have been using Foxit. I just downloaded the new Nitro on your advice and as usual, your advice is spot on. I can now say I just switched my default from Foxit to Nitro.

To help ease the frustrating and time-consuming activities of tax-time, Nitro Software has put together four easy-to-follow tips to help streamline your tax filing.  If you find these tips useful – consider sharing them with others who could benefit.   Smile

Future Proof Your Taxes – Tracking down copies of last year’s tax statements or this year’s lost W-2 can be frustrating, and time-consuming. Avoid the inevitable hours spent searching and create an archive of both physical and digital financial records that can be easily searched and opened by anyone using PDF/A – the digital archival standard.

Portable Document Format is lightweight, secure, and universally accepted – it can be opened by anyone from your accountant to the IRS. Future-proof your financials by creating PDF/A files, an entirely self-contained ISO standard designed to ensure long term support and acceptance, completely independent of the originating data or the system it was created on.

Convert almost any WindowsT file format to PDF – from spreadsheets to statements – and use Optical Character Recognition (OCR) on scanned paper to create convenient, searchable PDF files that can be accessed for years to come.

Future proof your taxes and create PDF/A compliant archives from over 300 different file formats with Nitro PDF Professional (free 14 day trial).

Fill and Save Tax forms – Just about any government form can be downloaded as a PDF file, and businesses both big and small often utilize forms to gather information from their clients. Active PDF forms are designed to be filled easily and quickly, with many allowing you to submit the completed file with the click of a button.

Form functionality goes even further with the capability to process mathematical calculations automatically; no more time spent trying to work out 8.5% of box B divided by the sum of boxes A, C, and D, raised to the power of E=MC2.  Unfortunately the same can’t be said for paper forms, but you can avoid starting from scratch every time you make a mistake by scanning them to PDF and completing them electronically. Type text anywhere on the page, sign them digitally (if required) and even add them to your PDF/A archive for record-keeping.

Using the free Nitro PDF Reader you can fill in any PDF forms – print them, save them, export their data, and submit them to a web or email destination. Sitting on a stack of paper documentation you’ve been avoiding? Scan them as PDF files and free yourself from clutter today.

Safeguard Your Taxes – Financial information should always be considered highly sensitive and treated accordingly. Whether you need to email a document or use a web-based submission service, security controls form a powerful toolset to protect your information, and should always be on your checklist when preparing your taxes.

Safeguard your private financial data using military-grade 256-bit AES encryption to secure your PDF files with password protection and digital certificates, and specify usage permissions to manage how people interact with your documents and prevent individual activity such as copying, editing, or printing.

Nitro PDF Professional (trial) covers you for encrypting and decrypting tax documents, certifying and signing, managing the public keys of your trusted contacts, and password-protecting PDF files to control access and usage. The free Nitro PDF Reader allows you to add basic password security to PDF files you create.

Combine and Streamline Your Tax Documentation – Many people today receive a pay stub (or pay slip) in PDF format. Regardless of whether you’re paid weekly or monthly, that’s one serious paper trail, and an organizational nightmare come tax time. Simply combine all the pay stubs into one ‘master’ PDF file to avoid hours wasted by you or your accountant trying to work with 52 individual files.

Combining files in Nitro PDF Professional couldn’t be easier, and the resultant PDF comprising all your pay-stubs allows you and your accountant to easily scroll through the entire financial year within the one PDF document – no more piles of invoices, receipts, bank statements, or financial reports.

Interesting factoid: Though over 70% of the taxpaying American population uses e-filing to log their taxes, most people still supplement their electronic submission with hardcopy paper documents (e.g. W2s, pay-stubs, receipts).

2 Comments

Filed under downloads, Education, Free PDF Software, Income Tax Tips, Software, Software Trial Versions

Four Windows Boot Optimization Tips You Can Trust

Guest post by: Tibor Schiemann, President and Managing Director, TuneUp.

Does it take an eternity for your PC to boot up? Have you trolled the web for some tips on improving it? Unfortunately, there are some really bad tuning advices out there, but here are four Windows boot optimization tweaks you can definitely trust.

Turn off unnecessary start-up programs. Third-party applications can slow things down quite a bit depending on your system, so go through the list of start-up entries and get rid of the programs you’ll never use or need. This won’t just help improve boot time; it should also reduce the number of annoying pop-ups informing you to take various actions.

image

I actually tested this tip by disabling 19 start-up entries on one system and 25 start-up entries on another. It was surprising to see that neither machine had significant improvements in terms of boot time, but I noticed that my systems were much more responsive right after logging on and during general use. This is because disk usage significantly decreased once these start-up entries were turned off.

Since much less is going on during the boot-up process with the start-up entries disabled, you can start working with your computer much more quickly after logging on. You’ll also regain both CPU and RAM resources, which will help speed up the applications you’re actively working with. While you probably won’t notice a huge improvement in boot time like in my test, this tip will help you be more productive and conserve system resources.

Disable devices in Device Manager. PCs and laptops come with several built-in devices or other components that you may not need, such as a Bluetooth transmitter, an Ethernet adapter, a web camera or a sound chip. Windows does not need to reserve interrupt requests (IRQs) and memory resources and load up drivers if the devices are disabled, so turning them off should improve boot time.

image

I again put this tip to the test and used Device Manager to turn off several devices, including a webcam, virtual DVD drives and all USB ports and controllers. Boot time went down by a couple of seconds on both of my test machines once the devices were disabled. This tip also had a neat side effect—it helped me preserve battery power on the laptops.

Get more RAM for your PC. This is always a good thing to do, but does it really help improve boot time if you’re just upgrading from 1 GB to 2 GB or from 2 GB to 4 GB? Since core Windows system files, drivers and basic services all amount to less than 1 GB, boot time shouldn’t be affected. However, more RAM should drastically reduce swapping memory to the disk.

I used msconfig to limit the total memory used by my test systems and see how upgrading RAM affected boot time. As expected, the computers’ start-up times steadily improved as more GBs of RAM was added, and on an Asus tablet (Core i5, 4 GB of RAM, SSD drive), boot time decreased noticeably.

image

Tweak your BIOS, which may slow down boot time due to unnecessary checks or settings. To combat this, set boot priority to your hard disk, for example, and disable booting from your DVD drive, USB port or network; by doing so, you should be able to shave a couple of seconds off your system’s boot time.

Try to find the “Boot” category in your BIOS, and set your PC to look only for a bootable operating system on your hard disk. But, don’t forget to set it back in case you decide to install a new operating system or run a USB rescue environment. Also, try to find the “Quick Boot” option and set it to “Enabled” to skip the boot analysis of hardware components.

These are the four most effective (and safe) ways of improving Windows’ boot time. Visit the TuneUp Blog about Windows (http://blog.tune-up.com), where we’ve sifted through misleading optimization tips and tuning information, to learn more and make sure that you are maximizing PC performance.

12 Comments

Filed under Computer Maintenance, Education, Guest Writers, System Tweaks, TuneUp Utilities

Save Your Sanity – Let Teach Parents Tech.Org Handle Those “Help Me Out” Calls

imageHigh level computer users are often seen as built in tech support by family, friends, neighbors, co-workers; the good looking chick you’re chatting up at a party – the list goes on.

So, a “help me out” call, during the Christmas Season, is not at all an uncommon occurrence – if, you’re a high level computer user. But, you know that – which is why you’re going to change your telephone number to “unlisted”, or move out of the country.

From a personal perspective, I’ve learned over the years, that a verbal “solve my computer problem” walkthrough is a non-starter – in most instances. It’s a virtual certainty that some/most/all of the instructions, will have to be repeated – any number of times.

If you’re the type of “helpful friend” who has extraordinary patience, you’ll probably buy into this awkward arrangement. But, you will need prodigious patience – and, you’ll have plenty of opportunity to test it.

Rather than trudge down this twisty winding path, you might be better off directing your “client” to a terrific free resource  “TeachParentsTech.org”; a site developed by a group of Google employees which is, as they put it “ designed to help “kids” teach their parents about computer basics.” The group has developed a series of 50 plus instructional videos, dealing with computer basics – the type of basic issues that often confuse new users.

The following screen captures will give you some idea of what’s available on the site, and just how easy it is to link up with the correct instructional video. Click on a graphic to expand it to its original size.

image

image

This graphic illustrates how easy it is to select a video, choose the email message and get it ready to go.

image

Note: Make it clear that you expect active participation. In fact, insist on it. Unless you do, I can assure you that you will be the one doing all the heavy lifting. And, it’s this heavy lifting that, over time, sours many tech savvy users on staying in the “I’m a helpful tech savvy kind of person” game.

It doesn’t have to be that way.

If you sometimes think that you have a sign painted on your back, that calls out to the world – “I’m the go-to guy for all your computer woes”, you might just find this site invaluable.

Check it out here: Teach Parents Tech.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Education, Help, Recommended Web Sites, Windows Tips and Tools