Tag Archives: security

Googling Yourself – It’s really not that vain…

Have you googled yourself recently? Have you googled the name of your business?

Some people reading will be thinking “well, of course I have!” and others may be more along the lines of “Hmm, no, I’ve never needed a reason to”. Well, your name is your brand whether you’re a small business, big business, or an individual person getting by in life :)

Something happened this week that was simply weird, and highlights why you need to Google yourself, today (right now. Seriously, why are you still reading this?)

Living in North London, I’d noticed a new BBQ style restaurant called Brisket by Finsbury Park and had been interested to try it out for some time. This week, I finally decided to go for it, so googled “Brisket finsbury park” to find the website. The top link came up as http://www.brisketbbqkitchen.co.uk/

BBQ Brisket Web Page May 2015
BBQ Brisket Web Page May 2015

Looks pretty basic but does the job. Social links for some reason only go to facebook.com/twitter.com rather than the actual social accounts (which do exist), but the Menu works, there’s opening times & maps and all information someone would need before visiting!

Great – The menu looked awesome but most importantly, their opening times suggested they were open on Thursday evening…!

On turning up to the restaurant, I was very surprised to find that it was closed. It had been closed all week (though there were people inside)! – I called the number from the website and got through to the manager inside who casually informed me that they are closed preparing for a new menu. I asked why they wouldn’t update their own website to say they were closed, and this is where things got super weird.

The manager informed me that they don’t have a website. Huh? What? Now that was a confusing thing to hear. I explained I was outside and had the website on my phone, so he came out and I showed him the site. He confirmed:
1) It is the right phone number
2) It is the right location and name
3) It was a fake logo
4) There was a fake email address
5) It wasn’t a website anyone involved in the restaurant has created

This is by far a very abnormal situation, but let’s take a look at how this might have happened
– Maybe the owner created this long before the current manager was hired, and then forgot about it?
– Maybe there is a scam going on… Someone sees a new restaurant, registers the domain and builds a basic website to build up traffic and increase SEO ranking, and then if the restaurant gets popular, blackmail them into paying or doing something nasty with the website if not..?
– Any other ideas? I guess I could have been lied to, but I have more faith than that!

Ok, so now lets get a bit more technical and do some digging. I’ve checked the contact details of the person who registered the domain and we see this:

Brisketbbqkitchen.co.uk whois data
Brisketbbqkitchen.co.uk whois data

This gets even stranger as while http://www.mtiwebdesign.co.uk/ is a real company (that registered the domain), the address is some random residential address and the name Adam Carter, is from the TV series Spooks. Creepy right?

Google maps image for MTI Web Design
MTI Web Design Head Office

What should Brisket do next? Well, they need to contact MTI Web Design, get the site shut down, and potential start a legal claim to get the domain back in order to be number 1 on Google. Alternatively, buying their own domain and building a good website, with good SEO, would have a similar effect.

People reading this may now still think that regularly googling their own name isn’t necessary, but seriously, the web is a big place – A lot happens on it, and there is a lot of history around your digital footprint. It’s becoming more and more common for employers to google staff names to see what type of digital world they live in, and if that brings up some nasty surprises you could find yourself out of a job!

In summary, make sure you start googling yourself! Pro tip: Use speech marks around your name and add some extra data such as location to get a more accurate result set. If you’re called “John Smith”, then you don’t have to worry too much, but searching for:
“John Smith” Leeds
Will narrow down the results but may bring up your Facebook profile if your location is public.

Happy Googling y’all!

Tweet me @thejsug !

Don’t forget online security!

Since my last post, I have seen quite a few instances of friends or colleagues getting hacked online including:
– Facebook account hijacks
– Email accounts compromised
– Passwords lost/changed and accounts locked

In one case, it was a severe hack which led to a professional business emailing out all customers with a link which then infected other businesses networks when opened! Online security is hugely important for businesses and for people, yet often forgotten.

Small to large businesses should invest in network security, but the realism is that this can be costly, and even when spending big numbers, you can get hacked (sorry Sony!)

North Korea hacks Sony!

As long as you don’t upset North Korea, or political activists, you’re most likely quite safe from a targeted and substantial attack such as the one above – However, there are a lot of automatic bots out there trying to hack the “little people”. End users (you and me) rather than businesses, are generally less secure and thus easier targets.

Most people are aware of the online dangers and do a few things to protect themselves, but all it takes is one email or one “accident” for a potentially serious and frustrating sequence of events. The purpose of this blog post is more of a few tips on how to keep secure online – Follow these and you’ll be much better off!

1) Enable 2-factor-authentication on Email accounts (if compatible, such as Gmail) and Facebook. This means you need a code sent to you via SMS to login… You can save computers so only need to do it once each time. If someone knows your password, they still can’t access your accounts without your phone this way!

2) Make passwords secure – It’s frustrating trying to remember lots of unique complex passwords with letters, numbers, lower case, upper case, symbols and who knows what else. The last thing you want to do is have something like a pet name as your password with a few letters changed to numbers though – This isn’t difficult to “brute force” guess by trying lots of combinations. There are tools to improve your online security such as Lastpass that can do the hard work for you, or you could use letters from phrases! (Don’t forget your password 4 ever would be Dfyp4e for example…)

3) Is that a link in an email? Uh oh – Never, ever, EVER, open a link from an email unless you verify it! It’s as simple as that. Sophisticated attacks can make an email look like your bank, facebook, your email provider, or even a relative or friend! If it looks like a serious email and you really think you need to click the link, CHECK! Either google the first line of the email (to see if this is a common hack), or call the person that sent you it to check it was genuine. If it was from Facebook, or your bank, go to their sites directly by typing in their URL in the address bar. Even if the link is to their website, it may be a phishing attempt (so it’s actually a spoof site setup to steal your details).

4) Is that a link in a tweet? Same thing as point 3. New hacking techniques include facebook or twitter messages from random people including shortened links that do the same thing – Steals passwords or installs viruses. Even if it’s from someone known, they may have been hacked. Always check first before opening! If Alan Sugar tweets a link randomly and tells you all to open it, he’s either been hacked, or he’ll most likely write some text before or after the link explaining what it is. If he posts another tweet after, it’s most likely genuine.

5) Install free virus scanners – There is no need to pay for anti-virus protection. While they can be great software packages to have, there are several free solutions which do jobs as good if not better than the most expensive ones (http://www.avira.com/en/avira-free-antivirus). F-Secure which is £40ish a year (or more) will provide adequate protection, but so will Microsoft for free.

6) Put a pin code on your phone, and tell is to request the pin every single time you take it off standby. It amazes me how many people do not do this (because it can be a little bit annoying). The fact is, if you had your phone stolen without the requirement of a pin, your identity could be stolen in about 2 minutes. How? Well, I imagine it’s sync’d with your email account, social logins and potentially even certain financial accounts (IG.com has saved login details in their app for example.. Terrible idea!)

The above 6 points are fairly obvious to some, and to others maybe something new – Just because you have anti-virus doesn’t mean you’re secure. Either way, follow those points and you’ll hopefully never have to deal with a panicky situation of a compromised account. Online security should be treated like your own personal home/car!

Anti-virus meme

ADDITION:

Paul Johnson correctly suggested that the safest passwords are actually full sentences including spaces. For example:
This is a very hard password to break

Not only is it memorable, but due to the length and punctuation it would be near impossible to brute force. The only problem is not all websites allow passwords to be this long (including spaces). That adds to the complexity of the situation, though something to bear in mind! For those sites, it may be worth using the first letter of each word (and including some numbers of course).

Thanks Paul!

I have also replaced the recommendations for Microsoft Security Essentials with Avira Free-Antivirus (thanks Mike!) – Turns out Microsoft SEC has gone downhill the past few years!

Tweet me @thejsug !

iPhone 5s – Your life at risk? – Updated!

UPDATE on 22/09/2013: James Jeffrey sent me the following article: http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid – Already showing the lack of safety with this technology. Thanks James! I had quite a few Apple “fanboys” blasting my post as incorrect due to the way the fingerprint scanner had been “innovated”. 

For those Apple fanboys out there, as well as pretty much everyone who doesn’t live in a cardboard box, a new iPhone device is on the market.

Yup, the new iPhone 5s boasts a 64-bit processor (a mobile first), improved graphics capability, a new gold colour and, one of the most discussed features, a redesigned home button with a built in fingerprint scanner.

On paper, fingerprint technology is magical – No more would we have to remember complicated passwords and pin codes. Instead, we just press a button and the phone automatically knows it’s the rightful owner. Sounds great, right?

It’s not often a member of the US Senate says something I agree with. I have a particularly cautious view of them since they banned online card playing many years ago… However, I was pleased to hear that Senator Al Franken has written to Apple due to the following concerns:

Al Franken picture
Al Franken

– Whether the fingerprint data stored locally on the mobile phone chip in encrypted form could ever be stolen and converted into digital or visual form that would be usable by hackers or fraudsters
– Whether the iPhone 5S transmits any diagnostic information about the Touch ID system back to Apple or any third parties
– How well customer fingerprint data will be protected and kept private
– The exact legal status of such fingerprint data

After studying bio-metric identification methods at University, it was generally understood that bio-metrics is a long way off becoming a reliable and safe technology. Even “Mythbusters” got in on the action proving that they can be beaten.

The problem doesn’t purely lie with how the phone deals with the data however. It has been proven time and time again that fingerprints can easily be lifted and replicated using simple methods such as sellotape and jelly babies!

If you ever thought you were safe using the iPhone 5s and their touch security system, I would be very very careful with how you protect your identity. With many people syncing mail applications with their phones,in a matter of minutes an attacker may be able to walk into a bank as you and withdraw every last penny!

This is the Apple we know and love folks. They deliver innovative, cool products, but unfortunately it’s all about the bottom line and sales, and less about the user and what they really want…!

My recommendation? If you do get this fantastic looking device, do not use the fingerprint technology for any identification purposes. Keep safe :)

Picture of new iPhone 5s Touch Home button
TouchID


Tweet me @thejsug !