Tuesday, 26 February 2013

Donald Trump’s Twitter Account Hacked. Tweets only slightly crazier than usual.

Every day, we at SumRando work hard to make sure none of our subscribers are victims of data theft or hacking. We are truly passionate about internet security and are, on principal, opposed to any type of cracking, hacking, or any other kind of digital compromise.

But let’s be honest. Donald Trump tweeting rap lyrics is just funny.

The lyrics are from Lil’ Wayne’s verses in the will.i.am song Scream & Shout. Fortunately for The Donald, the hack was short lived and he quickly regained control of his account.

At which point he decided to direct his anger at Twitter.

Or maybe you should just use a decent password...
No information is currently available that explains exactly how his account was hacked. The most likely scenario is a weak password or the same password used on multiple sites. USE STRONG PASSWORDS, PEOPLE! But we should all be glad the hack wasn’t worse.

What if the compromised account offered links to scam sites under the guise of a contest or giveaway? Most people wouldn’t think twice to trust a link on the feed of a high-profile celebrity.

Just a reminder to always stay vigilant. 

Thursday, 21 February 2013

OMG my second-cousin's great uncle is a Nigerian prince!

Dear Sir or Madam,
First I must solicit your confidence in this transaction. This is by virtue of its nature as being utterly confidential and top secret. We are top officials of the Federal Government Contract Review Panel who are interested in importation of goods into our country with funds which are presently trapped in Nigeria. In order to commence this business we solicit your assistance to enable us RECEIVE the said trapped funds ABROAD. For your kindly assistance we can reward you with the sum of $14 million...

This is Eddie Murphy, not a Nigerian prince.
But he's more likely to send you vast amounts
of money than the guy in your inbox.
I think it's safe to say we've all received an email that started off something like this. Conveniently, I usually only find scams like this floating among other bogus offers in the abyss of my spam folder. Unfortunately, Google says you might start seeing offers like this in your inboxand sent from your friends' addresses.

Basically, not very many people are falling for the rich Nigerian prince ruse anymore. Though, the fact that anyone is still falling for it is pretty depressing. Anyhow, to make phishing scams like these seem legitimate, scammers are now sending messages from the hacked accounts of your friends.

This means many spammers are turning into account thieves. Every day, cyber criminals break into websites to steal databases of usernames and passwordsthe online "keys" to accounts. They put the databases up for sale on the black market, or use them for their own nefarious purposes. Because many people reuse the same password across different accounts, stolen passwords from one site are often valid on others [Google].

Google has a ton of great info on their blog, but the gist is, if you're prompted to change your password, do it. And no, "password", "123456", and "myownname" are not acceptable passwords. Your best bet is going to be to keep a different password for each site or service you use and use a client like 1password to manage them. That way, even if say, your Facebook password gets leaked, your email and other accounts will still be safe.

Friday, 15 February 2013

Return of the iPhone lock screen hack

Like the killer in a bad horror movie, iOS’s lock screen hack just won’t die. The issue first popped up in iOS 2.0 and allowed ne’er-do-wells without the phone’s password to access contacts and photos. Back then, all it took was a quick double click from the emergency call screen to break the lock. The newest vulnerability is a little more complex, but concerning none-the-less.


Ok, so here’s how the new hack works.

1.  Hit the “Emergency Call” button on the lockscreen.

2.  Hold down the power button like you’re going to turn the phone off. Once you’re prompted to turn the phone off, instead of using the slider, hit “Cancel.”

3. Now that you're back at the Emergency Call screen dial your local emergency number (112 in the EU, 911 in the States) – please do not actually attempt this – and hit the call button, but immediately hang up the call.

4. Hit the power button once and put the phone into standby.

5. Hit the power button again to return to the lock screen.

6. Swipe the slider to get back to the Emergency Call screen.

7.  Hold down the power button for about four seconds. While still holding the button down, press the Emergency Call button.

8. Release the power button and immediately hit the Home button to avoid powering off the phone.

9. Et voila! You’re looking at the Contacts page!

  Here’s a YouTube video courtesy of The Verge showing exactly how this works.

We can only imagine the number of accidental emergency calls that must be going out in lieu of this discovery.

The good news is, hackers will only be able to access content available through your phone app and won’t have access to email or messages. Furthermore, Apple has acknowledged the problem and has promised an update imminently.

Wednesday, 13 February 2013

Governments are preparing for cyberwar. Are you ready?

"America must also face the rapidly growing threat from cyber attacks. Now, we know hackers steal people's identities and infiltrate private emails…. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems…. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

The above is an excerpt from President Obama’s State of the Union address last night. Now, obviously, the American president is speaking in the context of big companies, utilities and the government. But we’d be mistaken to not take this as a call for personal security as well.

After all, like a conventional war, collateral damage will certainly happen. So what can you do to make sure your data doesn’t become a casualty?

1.     Keep your anti-virus software updated

In cyberwar, malware will be the weapon of choice. And while we will certainly see a plethora of zero-day attacks, updated anti-virus software will keep your system safe from fallout damage after the fact.

2.     Use strong passwords

If your email password is “password”, “qwerty”, or any other cliché example of terrible security, you’re basically standing on Omaha beach in your undies. A strong password should be at least eight characters long, involve lower and upper case letters, have a couple numbers and preferably some kind of symbol. Any hacker-wannabe can crack a password made of simple words, but it will take even a supercomputer ages to crack a well-developed sting of characters.

3.     Use encrypted email

This should go without saying, but a surprising number of people – especially those using desktop email clients – don’t have any built-in encryption when they send a message.

If you’re using a web client like Gmail or Hotmail, check to make sure there is an “https://” before the URL of your mail client. The “s” means you’re hidden behind SSL encryption – the same thing your bank uses to keep your account information safe.

Securing a desktop client like Outlook of Thunderbird can be a little more involved, but totally worth it. You’re going to want to secure the connection from your email provider, your messages in transit, and messages stored on your computer. Here’s an excellent write-up by PC World on exactly how to do that.

4.     VPN your connection

If you hadn’t guessed, we’re big fans of VPNs. They really are the best option for securing your online activity. Whether you’re sending emails, banking online, or looking at cat pictures, a VPN ensures that nobody can see what you’re doing. It accomplishes this by establishing a private connection between your computer and the VPN server. Your data will be both encrypted and hidden in a secure VPN tunnel.

The best part is that it’s probably the easiest of the steps mentioned here. Just download the client, pick a plan, and turn it on. Boom. Done. Whenever you want to go under the radar, you only need to click a button.

There are a ton of great VPN options out there, but we think ours is pretty awesome. Plus it’s free. Can’t beat that.

Look, we don’t know if cyberwar is going to break out in the next few months or the next few years. But experts agree that it’s a matter of “if”, not “when”. So take our advice and be prepared!

Thursday, 7 February 2013

Announcing our AWESOME new web proxy!

Howzit Randos?

We wanted to take a minute and let you know about our AWESOME new proxy service.

On a friend’s computer? Using a machine at the library? Sometimes you just don’t have access to a VPN. Our web proxy saves the day — providing you with privacy in a pinch.

Remember, our VPN will still give you the fastest connection and toughest security. But when you simply don’t have access, our web proxy is the next best thing.

With our proxy you can…

Our proxy is like a super hero. 
Saving the day when 
you don’t have VPN access!

ü  Browse anonymously
ü  Hide your IP address
ü  Get around country filters
ü  Enjoy 128-bit SSL encryption
Yep, our web proxy is pretty amazing. Did we mention it’s free? It is.

What are you waiting for? Give it a try!

Safe surfing,
The SumRando Team