White Collar Handyman
In-Home and In-Office Technology Concierge Services
Lessons & Tutoring • Repair • Troubleshooting • Upgrades & Installation
Fast Response • Reasonable Rates • In Your Home or Office • Same Day Service Available
(781) 989-2373
Hey! We've moved to a new URL to better reflect who we are and what we do! Please visit Rob Falk Technology Concierge Services at http://robfalk.net and update your bookmarks.

Wednesday, May 28, 2014

Need another reason to use strong passwords and two-factor authentication? iPhones Held Hostage!

One of the of the security features offered by Apple for its computers, iPhones and iPads has turned around and bitten several Australian users who found that they were suddenly locked out of their devices and asked to pay a ransom of up to $100 to a hacker holding access to their devices hostage. 

Find My Phone is a great security feature that allows an iPhone owner to remotely lock his or her device should it be lost or stolen, thereby securing all the data on the phone and rendering it useless without the entry of a security code. But, problems arose for the Aussies when a hacker going by the name of Oleg Pliss somehow obtained usernames and passwords, and locked the rightful owners out. Apple says it has not been the victim of any security breach and suggests that credentials were gained either by phishing or because of password reuse.

Phishing attacks are just a modern form of film flam and trickery. A scammer sends an email that looks authentic, and the dupe dutifully responds with all kinds of information that is best not shared with bad guys. Phishing can be thwarted by never clicking on links in emails. If a legitimate web site needs information from you, you will be able to find their inquiry on their website. If you get an email asking for any information:

1. Make note of what website it is supposedly from.
2. Delete the email.
3. Go to the subject website by opening your browser and using your own bookmark. If you do not have a bookmark, enter the URL for the website you are trying to reach, or use a trusted search engine to bring you to the genuine site.
4. Log in and look for a message to you.

Follow this method for dealing with emailed information requests and you will avoid falling prey to almost all phishing attacks.

I've discussed Password Reuse before. In a word, it's bad. If you use the same username and password at more than one site, once a hacker gets information from one web site breach, he has access to every account you have that uses that username/password combo.

Finally, Two-Factor Authentication: In a word, it's great! Here is a large list of websites indicating which do and which do not have 2-Factor Authentication. In short, without rehashing what's been said before, if a provider offers 2-Factor Authentication, use it, and if they don't, encourage them to do so.

No comments:

Post a Comment