Be Careful with Your Electronic Assistant

I learned, this morning, that researchers have created a number of types of Malware that can infect Alexa and Google Home electronic assistants. The race is on to keep these items blocked. Be on your guard for requests from your smart speaker that don’t seem to make sense.

“Amazon and Google have blocked spying, phishing apps that keep your smart speaker listening after you think it’s gone deaf, lie to you about there being an update you need to install, and then vish (voice-phish) away the password you purportedly need to speak so you can get that bogus install.

Long story short, don’t believe a smart speaker app that asks for your password. No regular app does that.” – naked security by SOPHOS.  Click the link to read the full story.


Back It Up Or Lose It

Today’s post comes to you courtesy of a near disaster in my office. I proved to myself the value of redundant backups. Many of the people who ask me to help with their computers have no current backups.

I, on the other hand, am a probably a bit overboard. I keep redundant in-office and online backups. There are two large hard drives (4tb and 8tb) attached to my computer which alternate hourly backups of everything (files, settings and apps). All of my files are synced either in Dropbox or OneDrive and are also backed daily on iDrive. This may be overkill but I was never so happy as this past week when I had simultaneous failures of the main ssd in my laptop and the auxiliary drive where I store all my images that are the basis of my Art printing business. Everything was gone but recovery took only a relatively short time.

A good medium path for most folks is to have at least one backup plan which includes frequent, incremental saves. This can be on or off site (Cloud based). The main advantage of off site backup is that it is not subject to any disaster that may befall your home or business. The main advantage of on site backup is that it is a much faster restore and it has fewer ongoing costs associated. (It is necessary to replace drives every two or three years.) Ideally, a combination of on and off site backup is safest.

On site backup is reasonably cheap and easy to maintain. One and two terabyte drives can be had for under a hundred dollars and most of those come with their own backup software for Mac or PC. For my Mac I have always found Time Machine to be convenient and very easy to set up, simply plug in the hard drive, make a couple of setting changes and let it do its thing. For PC, I have used both WD and Seagate drives and their software.

Cloud backup is offered from many sources. I use iDrive as a dedicated system that has served me well. I have used Mozie (which is now part of Carbonite). There is backup ability with Google, Amazon, iCloud, Dropbox, Microsoft, Apple and many others (some more and some less reputable). Some internet security packages, such as Norton also offer cloud backup at an additional cost.

I am not advocating here on behalf of any of the companies I have mentioned. This point of this article is simply that everyone needs at least one automated, frequent backup of their most important data. Having one on site and one cloud backup is better, but please set up something. Hard drives fail, coffee gets spilled…

If you need assistance please contact me.

The Second Real Post – Hacking

SilverBear Custom Image

“Hacking” in some form or other happens to just about everybody at some point! It has happened to me and it has happened to very experienced web and security professionals, as I discovered in chasing down what had happened to me. The best you can do is try to minimize the damage that will be done. I learned of my damage when I received a blackmailing email that threatened to expose my questionable online activities unless I paid 400 Bitcoin to a link that was embedded in the email. Fortunately there are no questionable activities to expose.

The email contained my oldest existing email address (which is now gone) and a previous password which I hadn’t used for several years. I learned that the address and password had been stolen in an attack on some website to which I had previously subscribed. Email (or username) and password combinations are offered for sale in lists after they have been stolen.

I replaced the old email address with a new one (a bit of a process with notifications and log-in changes) and reviewed all of my current passwords to ensure that they all meet the following policy.

A couple of years ago after making myself more familiar with web security I created a new password policy for myself.

  1. I never use the same password on multiple sites;
  2. My passwords are between about 16 and 24 random characters, generally as long as a website will accept;
  3. I use a password manager to remember these for me and use a long, complex but memorable password for that;
  4. I have my computer, phone and tablet set to sleep after a short period of inactivity and to require a complex password for reawakening;
  5. I change my passwords at random intervals – the password manager generates long, difficult passwords;
  6. I check the strength of my collection of passwords with a utility in the password manager and last time I checked they were in the top 10%.

Frankly, it’s a bit of a pain sometimes, but it’s much less of a pain than discovering that someone has found a viable password combination and used it to steal from me.

The First Real Post

Owl with laptop

Some of this post forms the basis of the About SilverBear Consulting page.

First and foremost. This site is primarily aimed at a very small segment of the world. Primarily it is meant to serve learners (and everyone is a learner in some aspect of their life) in the Capital Regional District of British Columbia, Canada.

Once upon a time the world was populated with things that worked in a way that was reasonably intuitive to the end user. People who were born and raised during that time are now faced with things that could just as easily work by magic as by technology. The successful approach to coping in this new world is the same as the successful approach to problem-solving and coping with change. After the crying, yelling or whatever other outburst is done, we need to accept that over our lifetimes we have successfully and repeatedly learned new things. If we can take our brains as far back into out childhoods as we can manage we can access that part of our lives when learning was our first and foremost task and the joy of our lives.

If you can you remember that time, bring as much youthful enthusiasm and wonder as you can muster to the tasks of learning how this digital world works. It is not the world we envisioned as we were growing up, but it’s the one we have and we need to learn to succeed in it.

%d bloggers like this: