A message to RVtravel.com readers about safe internet use

11
A message to RVtravel.com readers about safe internet use
Some of our readers received this message when trying to access our website or newsletters.

By Kim Christiansen
Today, January 5, 2018, more than 1.4 billion usernames and passwords were posted to the Dark Web, a part of the internet that is not publicly available but frequented by hackers and criminals. These hackers then used thousands of computers to target hundreds of thousands WordPress servers, which is the most popular publishing platform, and the one used by RVtravel.com. This leak is combined of names and passwords from known breaches and new leaks. More than 196 million of the usernames/password combinations have never been seen before.

The security software RVtravel.com uses to block the attacks ended up further blocking some of the worst offending networks. This resulted in us inadvertently blocking some RVtravel.com readers from our websites and newsletters: they just so happened to be on the same network as computers attacking our site. We have since unblocked those readers and are monitoring the situation closely.


New Vulnerability in Hardware of Computers, Phones and Tablets

A message to RVtravel.com readers about safe internet use
Where our hackers attacked us from during the last week.

On January 3, Google’s Project Zero, or GPZ, released details of new vulnerabilities that exist in almost every single computer currently in use. There are actually two vulnerabilities, one called Meltdown and another called Spectre.

Meltdown allows a hacker to read information in a computer’s memory chips, the computer’s work space if you will. Normally, this area is off limits but with this new vulnerability hackers could access the memory of a computer directly and read the information. 

Spectre is a new flaw found in the speculative speed enhancements in modern computer processors. Processors have programs that try to guess what you’re going to do next and then they hold that information close by to speed up any requests that need it. With this flaw, hackers could use code to read that data.

These are fairly serious problems in the underlying hardware that makes our modern world possible. There will have to be significant updates to both software and hardware in the coming weeks to plug these holes.

Watch for your computer or phone to warn you about available updates and apply those updates as soon as they arrive. As a general rule you should always keep your computer and mobile devices up to date. Security is an ever-moving target and the people who make these devices and software are working hard to make sure your device is safe to use.

Because the two above-mentioned vulnerabilities deal with speed enhancements in hardware, you may notice an impact in the performance of your computer or mobile device after it has been patched. For most users, the impact will be minimal, if even felt at all. For more high-end users, though, the impact could be as much as a 30% reduction in speed. We’ll just have to wait and see how the patches affect performance in day-to-day computer use.

Safe computing is a term for how I recommend people use the internet on their smart phones and PCs (Mac or Windows). This can be summed up in these easy steps:

1. Never use the same username and password combination.
Even though we all have done this and many of us still do, it’s the most insecure thing you can do. If hackers break into someone you have done business with and get that username and password, they get instant access to your entire digital life where you used that password.

2. Never use passwords that are easy to guess or very common.
Passwords like “password” or “1234” or your home address or phone number are easy to find or guess. Try to use a pass phrase or, better yet, obtain a password locker program such as 1password or LastPass (there are several more available). And yes, the most common password is still “password.”

3. Avoid online quiz or tests that ask for personal information.
Don’t answer any quizzes or tests on social media like Facebook that ask for personal info like what month you were born in, what your favorite color is, etc. While many of these are harmless, they have been used to compile data by hackers. Know who you are giving such information to. Online polls aren’t bad things, but they can be and are abused by hackers.

4. Always use an anti-virus program for your computer, tablet or phone.
It doesn’t matter if you have Mac or Windows, you need to run an anti-virus program and you need to pay for the yearly updates. Hackers aren’t sitting still – they are actively trying to steal your information and infect your computer in new ways. While the current Mac and Windows operating systems are way more secure than they used to be, they aren’t perfect, and this is an important part of owning a computer. If you have an Android phone, this is important for you as well, since the Android marketplace has had several instances of infected apps. iOS is more secure because Apple limits access to developers, but having another layer of protection is recommended.

5. Never, ever, ever use public Wi-Fi.
All of those coffee shops that offer free Wi-Fi are fertile ground for hackers. They don’t even need to be IN the coffee shop – they could be sitting nearby.  Everything you send over public, shared Wi-Fi is readable to any hacker over the age of 8 with readily available tools they can download online. Think of it like this: Would you share a cup of coffee with someone you didn’t know? Imagine if a coffee shop had one big mug that everyone took a sip from. That’s disgusting, isn’t it? That’s the real-world equivalent of everyone in the shop using the same Wi-Fi password. Just don’t do it. Check with your mobile phone provider for tethering options, and if you must use your computer in a public space, connect to the internet through your phone or tablet’s Wi-Fi connection. If you’re on your phone or tablet, use your mobile provider’s data connection at all times unless you are on a Wi-Fi network that you know is secure, like your home network, a friend or family member’s network, or at work.

6. If you are on the road and need a reliable/secure internet connection.
Consider purchasing a virtual private network connection or VPN. A VPN is a service that you subscribe to that encrypts all of the information you send over the internet so even though a hacker might be able to intercept your data, it will be unintelligible to them. This keeps you and your data safe. Another method of remote access is to obtain a Wi-Fi Hot-Spot from your mobile provider. You connect your computer to the Hot-Spot over Wi-Fi and then it connects to the internet via your mobile provider’s network. They are secure and easy to use. Many RVers may already have these, as internet connections on the road can be spotty at best.

7. Don’t underestimate the value of your online information.
The damage identity thieves can do to you with even a minimal amount of information is daunting. They can use a few bits of information to get access to more. The holy grail is your mother’s maiden name, the last four digits of your social security number, or your entire social security number, and your date of birth. From the Equifax data breach alone they have access to all of that information readily available to them. Once an identity thief gets their hooks into you, the amount of time and money you will spend trying to clear your good name will far outstrip the time and money spent upfront practicing Safe Computing.

11
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
JB

Another way to help alleviate hackers,although not a sure fire one,is to use a form of Linux,such as Ubuntu.I stopped using Microsoft long ago because of their bloated software which is full of bugs when shipped. Linux just does a better job of updating and runs way smoother on older PC’s than anything MS puts out. Try it,you might just like it.

Gord

Question about ‘public wifi networks’. Is using HTTPS (SSL/SSH) not a secure way to use these public networks?

George

Was the start of the article “Today, December 5, 2018” as test to see who reads the details? Did I pass?

WhiteHat

Kim: Great writeup of a complex technical issue! Ironically I am both a security expert and one of the ones blocked last weekend while traveling north, so I appreciate the challenge of an ever moving target.

I haven’t read through all the technicalities of how predictive caching is being exploited *this* time, but I wonder if Linux (my usual OS) suffers quite the same software vulnerabilities — already generally much faster than winDOZE, I expect it’s more atomic patching method to lessen the performance hit of any software remedy, but we’ll see.

Another “mobile secure network” option is operating your OWN free VPN if you have a stable home base. Traveling RV folks here would tunnel from a more public ISP through their own private VPN back to their home internet connection, which is presumably (maybe?) more secure. Slightly more techie, but not much harder to do than a paid VPN.

By the way, you failed to mention the most secure way to protect your data — I have two airgapped networks (and who doesn’t have multiple computers?). Put simply, the machine(s) that have sensitive data don’t have external internet most of the time, and AT ALL other than through a heavily encrypted channel. They don’t run “social” or data-promiscuous software or visit questionable sites. To access that network, you’d have to physically plug into my lab’s router. Conversely, I have a “frozen” virtual machine for exploring those suspect sites when needed (which of course “forgets” any infection every shutdown).

Because I’m evil, I also operate a dead-end honeypot virtual machine to caution me when someone is even trying to attack my networks, but that’s an extra layer of paranoia. 🙂 It is horrifying to watch all the incoming port scans et al… Most users have no idea how often someone “rattles their doorknob”…

Stay safe!

Mike

Thanks for the reminders. I’ve been hit by hackers involving ransom bitcoin payment about a year ago and that was a eye opener for taking things for granted. Keep up the good work.