Gimnicher Computer Services
  • Home
  • About
  • Testimonials
  • Technology Blog
  • Newsletters prior to 2015
  • Remote Support
  • Contact
  • Search this Site

Start Using Two Factor Authentication NOW (repeat)

1/1/2023

0 Comments

 
This is a repeat of a blog I published six years ago.  It is as relevant and important now as it was then.

Here is the blog:

Here is a scenario: a hacker figures out your iCloud/AppleID password and logs into your account over the web. He changes your password, immediately locking you out of your account, breaking your ability to send email and messages via your iCloud account. He takes note of your birthday, billing address, alternate email addresses, and that you have a credit card stored. He looks at your sent and received emails, notes, calendar entries, iCloud drive documents, contacts, etc. He appreciates your photos and takes note of the places you like to visit. 

He will be very busy now seeing if he can hack into your other accounts using the same or a similar password and creating spam and/or viruses for all your contacts. But first, he needs to do a bit of shopping. He grabs an iPhone and logs into your iCloud account using his new password. He downloads all your past applications, songs, and movie purchases and then buys a bunch more, using the credit card associated with your account. 

Pretty scary, huh? This actually happened to someone I know. She thought she had a strong password, but obviously it was not strong enough. Many of us use Apple’s iCloud because it is so convenient for storing our data and using that stored data to automatically synchronize that data across our various devices. But, because it is such a vast and varied repository of our personal information, it is also a keen target for hackers.

We all know by now that our passwords have to be long, made up of non-real words plus a mixture of upper case, lower case, and special characters. And, the password needs to be unique for every website. Unfortunately, I suspect that many of you do not follow this advice. Whether you do or don’t, what else can be done to keep hackers from being able to log into our web-based accounts?

The answer is Two Factor Authentication (commonly known as 2FA). 2FA provides an extra layer of security to help prevent unauthorized access to your web accounts. Some websites implement it by default, but most offer it as an option that you have to explicitly enable. Dashlane, Lastpass, Amazon, Dropbox, Facebook, Apple, Google, Microsoft, Yahoo, Wells Fargo, and Chase are examples of websites that offer 2FA. 

The way 2FA works is to require one extra step in logging into your account. Once you have successfully entered the correct account id and password, the website will ask you for a code. That code can be set up in advance to be texted or emailed to a specific phone number or email address. If the code is not used within a short period of time, it will expire. The code is different with each login. That code represents the second factor in authentication and is delivered to you via something personal that presumably only your have (like your cell phone). No correct code entry, no successful login. So you can see that without this second piece of information, a hacker will not be able to log into your account. Most websites allow you to specify whether 2FA should be used with every login or only with logins from devices that have never accessed the website before.

What I have described is a simplified version of implementing 2FA and it can be a bit more complicated in actual set up. But regardless, if you care about protecting your web-accessible data, start using Two Factor Authentication NOW!!!
0 Comments

Email Hacked (repeat)

11/30/2022

0 Comments

 
This is a repeat of a blog I published two years ago.  I am repeating it because I continue to get calls from customers who either have fallen for this scam or are about to.

Here is the blog:

Over the past two weeks, I’ve had two customers hacked in very similar ways. Both involved the hacker gaining access to my customers’ email accounts and then sending emails out to all of their contacts. One was a sbcglobal.net account and the other was an att.net account. Both these email systems are actually implemented by Yahoo, so really they were both hacks of Yahoo accounts.

In the first case, my customer was pretty sure that she fell for a phishing attack in which she thought she was entering her email password for a legitimate reason (securing her account), but really she was entering her password on a forged website made to look legitimate. In the second case, my customer had no idea how the hacker got her email password. Yahoo has had several massive attacks where accounts and passwords were stolen, so perhaps that is how it happened. 

In the first case, this is the email the hacker sent out from my customer’s account:

Subject: Favor…..<customer’s name>

Hi there,

I need a favor from you. I’d appreciate if you could email me back asap.

Thanks
<customer’s name>

If replied to, this was followed by:


I need to get a Nordstrom Gift Card for my Nephew, Its his birthday but i can't do this now because I'm currently traveling. Can you get it from any store around you? I'll pay back as soon as i am back.

Kindly let me know if you can handle this.

 <customer’s name>

In the second case, this is the email the hacker sent out:

Subject: Help…...<customer’s name>

I hope your week is going great? Actually, Please I need to get an eBay Gift Card for my niece, its her birthday but I can’t do this now because I’m currently traveling, Can you help get it from any store around you? I’ll pay back as soon as I am back. Kindly let me know if you can handle this so I can tell you how much to get.

Thank you so much,

<customer’s name>

If the victim (i.e, the person receiving the email) falls for this, the hacker will then ask for the gift card numbers after which they can easily drain the gift card of it’s cash value.

Upon being contacted by my customers, here is what I did and what you should do should this happen to you:

1) Via any web browser, log into your email account
2) Change the password. If you used the same or similar password on other accounts, change them there too. Pick great passwords!
3) Check all your email settings to make sure they are correct. In particular:
. Check the reply to field to make sure it is your email address
. Check if an automatic forward or automatic reply has been set (if you can’t find these settings, you may need to change your email view to basic; this is the case on Yahoo)
. Check email rules and filters to make sure none have been set
. Check your signature if you have one
. Check your account recovery information
. Add two factor authentication
. Change the answers to your security questions so that they are false. You should do this here and everywhere. It can simply be done by adding another word to the end of your security question answer.
4) Email all your contacts and let them know you have been hacked and to ignore any emails asking for gift cards or looking unusual in any way. Encourage them to call you if they receive a strange email from you before replying to make sure it really came from you.

In my customers’ cases, I found the following settings:
. Every email was automatically forwarded. In one case, a gmail account had been created in the customer’s name to receive the forwarded emails
. A rule with the name of “.” was created to move every received email into either the Archive folder or the Trash folder
These settings meant that every email my customer received would be sent to the hacker and deleted from my customer’s inbox.​

This hack can happen to anyone. Be vigilant in case it happens to you!

0 Comments

Preparing for macOS Ventura (and a Word about Windows 11)

11/1/2022

0 Comments

 
The latest macOS operating system is now available. It is called Ventura or macOS 13. Like all new major operating system releases, it has many new features and is free to install on existing hardware. In this blog, I will tell you how to prepare your Mac for installation.

Let me begin by recommending that you do NOT install Ventura – at least not yet. A new major operating system release is a big deal and I always recommend that you wait until one or two bug releases have been made available. 

Supported Macs

These are the computers that you can install Ventura on if and when you are ready to proceed:

  • 2017 iMac/iMac Pro and later
  • 2018 MacBook Air and later
  • 2017 MacBook Pro and later
  • 2019 Mac Pro and later
  • 2018 Mac mini and later
  • 2017 MacBook and later
  • 2022 Mac Studio and later
If your Mac is older than the above models, know that Apple still releases security updates and new Safari updates for Big Sur (macOS 11) and Monterey (macOS 12) and large app developers such as Google and Microsoft usually support even older versions, at least for a year or two. But be aware that if you are running the latest version of iOS on your iPhone or iPad, you might run into some compatibility issues if you fall behind on your Mac.
Storage
You can check on your storage situation by going to About This Mac and selecting the Storage tab. Ventura requires about 35gb of free storage. So, if you don’t have at least that much free, you need to get busy deleting.
Backup
Before beginning the installation process, make sure you have a current backup. Use of Apple’s Time Machine and an external hard drive is the simplest way to create a robust backup.
Installation
The simplest way to install Ventura is to either go to System Preferences and select “Software Update” or go to the Apple Store and find it there.
There are many new features in Ventura you will find interesting. Just Google “macOS Ventura features” to learn all about them.
Finally a word about Windows 11: if you are being nagged to install Windows 11, that means your computer is compatible with Windows 11 and you certainly good go ahead and upgrade. However, there is no rush since Windows 10 will be supported until October 14, 2025. There are many things different about the Windows 11 user interface, so if you don’t like change, I would stay with Windows 10 for now. However, if you like the challenge of learning new things, then Windows 11 might be just for you. If you do decide to upgrade to Windows 11, be sure to back up your files first. And if you do upgrade and decide you don’t like Windows 11, you have 10 days in which you can roll back to Windows 10.
Good luck!
0 Comments

Don't Fall for Tech Support Scams (repeat)

6/5/2022

0 Comments

 
This is a repeat of a blog I published two years ago.  I am repeating it because I continue to get calls from customers who either have fallen for this scam or are about to.  In particular, the pop-up warning approach (the second bullet below) seems to be particularly prevalent.  If you experience the pop-up, simply restart your computer (by if necessary holding down the power button until the computer shuts down and then starting it up again) and it should disappear.  

Here is the blog:
At least once a quarter one or more of my customers fall for a tech support scam. These scammers want you to believe your computer is full of viruses and that you need to hire them to resolve these issues. They get you to allow them to remotely connect to your computer and they ask for hundreds of dollars for services or products you don’t need. They might also take the opportunity to steal your passwords, upload other personal data, and install their own viruses.

These scams typically occur in one of three ways:

  • Phone Calls: your phone rings and the callers state they are from Dell, Microsoft, Apple, or some other well known company. They say they have detected a serious problem with your computer and they need to access your computer to run a diagnostic test.
  • Pop-up Warnings: a window suddenly appears typically while surfing the internet, often with blaring background sounds, stating that a serious issue has been detected and that you must call a provided telephone number immediately.
  • Online Ads and Search Results: you are searching for help and the resulting ads or search results lead you to the scammer instead of a legitimate company.
Legitimate tech companies will never contact you by phone, email or text message to tell you there is a problem with your computer, and security pop-up warnings will never ask you to call a phone number.

If you are scammed to the point where you allowed the scammer to remotely connect to your computer, then you should assume that the scammer now has all of your online passwords and that your computer is now compromised. Your should immediately do the following:

  • Power off your computer. On another computer, change all your online passwords and take the opportunity to create very strong passwords.
  • If you paid the tech support scammer with a credit or debit card, call the credit card company or bank and try and stop the payment and cancel the card. If you paid with a gift card, contact the company that issued the gift card and see if you can get a refund.
  • If you have a backup system image prior to the scam, restore the computer from that system image. If you don’t have a system image, then reinstall the operating system and all the apps (of course backing up your data first).
These scammers are really convincing and experts at what they do. Falling for a tech support scam is extremely frustrating, costly, disruptive, and time consuming. Don’t give away your passwords, credit card info, social security number, driver’s license number, or any other personal information to a stranger over the phone. Don’t let this happen to you!!!!!

0 Comments

Ready or Not Here Comes Windows 11

10/4/2021

0 Comments

 
Beginning October 5th, Microsoft will officially start to release Windows 11. There are some very specific hardware requirements necessary to be able to upgrade to Windows 11. You can check whether your pc meets those requirements by running this application: https://aka.ms/GetPCHealthCheckApp When you launch the app, it might be a bit before you see anything further on your screen. If your PC is a few years old, it likely will not meet the requirements to be able to upgrade to a fully supported version of Windows 11.

Support for Windows 10 will end on October 14, 2025. After that, it will continue to work, but will not receive any updates from Microsoft. Over time, support for devices and applications running on Windows 10 will also erode just as has happened for Windows 7, Windows XP, and other old Windows versions.

Beginning very soon, any new PCs will come with Windows 11. Even if you are able to upgrade your current computer to Windows 11, it is wise not do that immediately, giving time for Windows 11 to “mature”. Furthermore, never upgrade without making sure all your backups are current and confirming with the vendor that your critical applications and devices will run on Windows 11.

If you wish to learn more about Windows 11, I refer you to: https://www.microsoft.com/en-us/windows/

0 Comments

Ransomware Attacks Are Devastating: Be Prepared!

6/6/2021

0 Comments

 
Ransomware attacks are in the news almost daily now. As a small business owner or home user, you might think you are not a target, but trust me you could not be more wrong.

For those that need a refresher, ransomware is a very nasty and sophisticated virus that gets into your computer, typically either via an email attachment or a bogus website, and then encrypts your data and other fundamental files. At the end of the encryption, a window appears providing you information on to how to pay the ransom to purchase a decryption key to recover your files. It is rarely possible to decrypt the files without the decryption key. Ransomware attacks are mostly on Windows-based computers, but Macs are not immune.

Of course keeping your applications and operating system current, updated, and supported and using antivirus software is very important, but that is not enough to protect yourself from ransomware. You also need to backup your data in a way that protects your backed up data should a ransomware attack occur. To achieve this level of protection, your backed up data needs to be untouchable by ransomware.

There are two basic forms of backup: file backup and system image backup. File backup means making a copy of all the files you care about; system image is a copy of everything on your computer (operating system, applications, settings, files, etc) in a form that allows complete or selective restoration. Typically backup copies are stored on an online storage device separate from your computer’s internal storage, but to protect against ransomware, more preparations are required.

The very best thing you can do to recover from a ransomware attack is at a minimum to maintain at least one offline copy of your critical files and/or system images in addition to your online backup. Offline prevents a ransomware virus from being able to encrypt your backups on that offline drive.

Storing your individual files in the cloud is practical and a fairly simple way to protect your data. Most cloud services keep multiple copies of your data (typically up to 30 days worth), so if your current copy were to get encrypted, there would be other copies to recover from. A system image is typically very large, so storing it “in the cloud” is not very practical. For your system image backups (and optionally file backups as well should you not wish to use the cloud), I recommend you rotate your backups among two or three external hard drives, one online connected to your computer and the other(s) offline. You should rotate the drives as often as you wish to keep the offline copy current (e.g., daily, weekly, or monthly). The rational for having multiple offline drives is to have extra protection should one offline drive become encrypted by ransomware when brought online.

I know this can be somewhat confusing, but the reality is that you are not immune from a ransomware attack and really should implement the steps I describe in this blog. Feel free to contact me if I can be of assistance.
0 Comments

Adobe Flash is Dead

11/17/2020

0 Comments

 
Adobe Flash was predominantly a web browser platform that expanded a browser’s capabilities with features like streaming video and gaming graphics. It was originally developed by a company called Macromedia in the late 1990s and was acquired by Adobe who intended to make it the cross platform programming technology for streaming and gaming. Many software development companies embraced it, including YouTube, HBO, and Disney. But unfortunately it was riddled with security risks and other problems which led developers to slowly abandon it. Things really went downhill for Flash when Steve Jobs barred Flash from the iPhone. In 2017, Adobe set December 31, 2020 as the date for the end of life of Flash.​

Browser developers have made it increasingly difficult to enable Flash and now that the end of 2020 is near, have begun to eliminate it completely. Furthermore, if you have Flash installed, you may have already noticed messages telling you to uninstall it.

Since the end of life announcement in 2017, software developers have been moving away from Flash to other platforms. You may have heard of HTML5 which is one of the more standard choices.

In general, you can safely uninstall Flash, unless you are running an old application or accessing an old website which has not been updated to use something besides Flash. If you are, you best start looking around for a replacement, because one way or another, Flash will either disappear from your system or stop working.
0 Comments

Support for Office 2010 Is Ending - Now What?

9/16/2020

0 Comments

 
On October 13th Microsoft is ending support for Office 2010. This does not mean that the Office 2010 suite (Word, Excel, Powerpoint, Outlook, and others) will stop working the next day, but it does mean that updates that fix bugs and close security holes will end, resulting in increased risk with continued usage.

You could chose to continue using the Office 2010 suite at your own peril, or switch to one of these options:

Office on the web: this free option from Microsoft only requires a Microsoft account, but these web versions of Word, Excel, PowerPoint, and OneNote are limited, scaled down versions that require you to be on line at all times.

LibreOffice: this option is also free and may be used in commercial environments. I blogged about it last September, so you can read about it here: https://steve.gimnicher.com/technology-blog/libreoffice I’m a big fan because it is completely free and unrestricted, offers a lot of functionality, and it supports the Microsoft Office file formats.

Office 2019: this is likely the last Office version that can be purchased for a one-time license, but you will be locked into whatever functionality it comes with (i.e., Microsoft will not be adding new functions via updates). Also, you must have internet access to use this suite. Office 2019 comes in three different versions, ranging from about $150 to $440 from Microsoft.​

Microsoft/Office 365: this option is where Microsoft would like you to go and offers continuous updates and support as long as you are paying the monthly or yearly subscription prices. There are different packages for Home and Business, so be sure you purchase the right option that meets your needs.
0 Comments

What Computer Parts Should I Grab in an Evacuation

8/26/2020

0 Comments

 
I have blogged a lot about how important backups are to protect your crucial data in the event of computer failure, virus attack, or theft. Now there is a new reason to backup your data: mandatory evacuation.

Living in California, the possibility of a mandatory evacuation due to the threat of fire seems to be the new normal. Obviously, you will want to grab things like medication, money, face masks, etc, but what about your computer?

If you have been implementing a comprehensive backup strategy, then depending on your approach, you won’t need to grab much. If you are backing up your data files to one of many available cloud-based storage services (e.g., OneDrive, Dropbox, Google Drive, iCloud Drive, Box, iDrive, or others), then in terms of those files, you don’t need to grab anything. If you are backing up your files to an external hard drive or a network drive via backup software (e.g., Windows 10 File History, Macrium Reflect, Apple Time Machine, etc), then you just need to grab the drive.

A common mistake is not checking whether the backups are actually working. Things change on your computer all the time. Just because backups were working at one time does not mean they are still working. It is crucial that you periodically confirm that current backups are taking place.

If you don’t have a backup strategy or backups aren’t working, then you will have no choice but to grab the entire computer, but that is certainly not ideal.​

Setting up backups is not difficult. Why take the risk of losing documents and pictures? Please – if you haven’t done so, get backups in place; if you have set up backups, make sure they are working!
0 Comments

5G Cellular: What You Need to Know

6/24/2020

1 Comment

 
5G cellular networks are beginning to role out. As of this writing (June, 2020) all four major major US carriers now have some form of 5G cellular wireless. There are three major variations of 5G, which makes the offering confusing. But it is important to understand the differences.

Historically, when new cellular technology roles out, there are early implementations of networks and devices, which don’t work very well. As the networks expand, the implementations in the devices improve. Finally, as the networks and devices become robust, new applications appear that leverage the faster speeds. This was the case with 1G, 2G, 3G, 4G, and is the case with the fifth generation of cellular wireless technology: 5G. This entire sequence can take years to become stable, reliable, and widespread.

With each evolution of cellular wireless technology, the wireless channels get bigger (to increase the speed of data), latency is reduced (to improve responsiveness), and the capacity increases (to be able to connect more devices).

So, with that as a background, lets clarify the confusing part. With 5G, there are three options: low, middle, and high.

Low-band 5G
​In practical terms, low-band 5G won’t be much faster than 4G. But it’s spread and capacity are much greater. One low-band 5G tower can cover up to hundreds of square miles. Published download speeds vary greatly, but on average expect around 50Mbit/s.

Mid-band 5G
Mid-band is likely to become the common offering in all major metropolitan areas of the United States. It offers about double the speed of low-band, but towers need to be a few miles apart. This is the sweet spot of 5G. You can expect download speeds to be between 100 and 400 Mbit/s.

High-band 5G
High-band is really the ground breaking technology, offering blazing speeds, low latency, and huge capacity. But, distance is very limited. You can expect to see high-band 5G towers in locations that serve huge numbers of people, such as dense urban environments, sporting and concert venues, and conventions centers. Unless you are very lucky to live very close to a high-band 5G tower, you will not be able to take advantage of what it offers. In perfect conditions, download speeds can be 1Gbit/s or even faster.

The emerging deployment of 5G is very exciting and will certainly affect all of us in a positive way. But, be knowledgable about the differences and set your expectations accordingly.
Picture
1 Comment
<<Previous

    Author

    Hi!  This is Steve. I've created this blog to share technology information relevant to you: the home or small business user of computers and mobile devices.

    Archives

    January 2023
    November 2022
    June 2022
    October 2021
    June 2021
    November 2020
    September 2020
    August 2020
    June 2020
    May 2020
    March 2020
    February 2020
    January 2020
    December 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    January 2019
    November 2018
    October 2018
    September 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015

    Categories

    All

    RSS Feed

    Subscribe to our mailing list

    * indicates required

This site follows Gimnicher Computer Services’ standard Privacy Policy and Terms of Use.
​Redwood City Business License Tax # 48438

Copyright © 2015