The holidays are coming. Are you protected while shopping online?
It’s holiday shopping season. If you’re like millions of other shoppers, you like to do your shopping online, however, online shopping also comes with risk.
Here are some tips to help protect you while shopping online.
- Secure your mobile device and computer. Make sure your anti-virus software is up to date.
- Use strong passwords. If you need to create an account, use a strong password, and use a unique password for each site.
- Do not use public computers or public wireless networks for your online shopping. Criminals may be intercepting traffic on public wireless networks to steal credit card numbers and other confidential information.
- Pay by credit card, not debit card. Credit cards are covered by the Fair Credit Billing Act, which may limit your liability if your information is used improperly. Check your statements regularly.
- Limit your online shopping to merchants you know and trust. If you have questions about a merchant, check with the Better Business Bureau or the Federal Trade Commission. Confirm the online seller’s address and phone number.
- Look for “https” when making an online purchase. The “s” in “https” stands for “secure.”
- Do not respond to pop-ups. When a window pops up promising you cash or gift cards for answering a question or taking a survey, close it by pressing Control + F4 for Windows and Command + W for Macs.
- Hover over links in emails before clicking on them to verify where you’re being directed. If you question the validity of an email, contact the source directly.
- Do not auto-save your personal information. t is always safest to opt out of auto-save and enter in your information manually every time.
- Don’t ever give your financial or personal information by email or text. Information on many current scams can be found on the FBI Internet Crime Complaint Center.
- Review privacy policies. Know what information the merchant is collecting about you, how it will be stored, how it will be used, and if it will be shared with others.
- Keep all receipts and documents. Make sure you print out a copy of the receipt once you have finished your purchase.
At some point in their life everyone has to grow up, and the same goes for Philips’ flexible Hue Lightstrips. Once the perfect way to subtly turn your living room into a colorful rave, the LED strips can now be tuned to generate more natural white light for reading the paper, or just relaxing with some knitting.
But that doesn’t mean the party’s completely over. The new Philips Hue Lightstrip Plus, which comes with an adhesive backing so it can be easily installed out-of-sight as accent lightning (under your couch, above a kitchen counter, or below a cabinet), can still be tuned to produce almost any color you can imagine. And at 1,600 lumens they’re now brighter than the original version—perfect for anyone whose living room doubles as a nightclub on the weekends.
Available starting in October, a six-and-a-half-feet long version, which includes a power adapter, will sell for $90. But you’ll also need the Philips Hue base station connected to your home’s wifi network to make it work with the Hue smartphone app. And if that’s not long enough for your needs, there will also be $30 three-foot extensions available that can be easily clipped onto the end of the longer version without gobbling up additional outlets.
It’s Black Hat season, meaning that we are getting a new batch of zero-day exploits showing how insecure our gadgets are. Xeno Kovah and Trammell Hudson found a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status.
This zero-day exploit dubbed Thunderstrike 2 targets your Mac’s firmware thanks to an attached Thunderbolt accessory, such as an Ethernet adaptor or an external hard drive. After receiving the code via a phishing email or a malicious web site, malware code could look for connected Thunderbolt accessories and flash their option ROMs.
If you reboot your Mac with this infected Thunderbolt accessory plugged in, the EFI will execute the option ROM before booting OS X. As this option ROM has been infected, it will execute malicious code infecting the EFI itself. For example, it could simply make your Mac’s firmware refuse to boot OS X, turning your Mac into a useless machine. And if your firmware is compromised, there is no way to boot OS X, update the firmware and remove the malicious code.
The best part of this zero-day vulnerability is that your Thunderbolt accessory remains infected. If you plug your Ethernet adaptor into a new Mac, this Mac will get infected as well when it reboots. It’s not as harmful as malware that spreads through the Internet, but it could make some serious damage in an office environment for example.
Malwarebytes already spotted an adware creator who uses this zero-day vulnerability to get root permission and then execute a script to install a bunch of applications — the VSearch adware, the Genieo adware and the MacKeeper junkware. It also makes the Mac App Store unusable at it will endlessly prompt you to install Download Shuttle.
Apple already fixed DYLD in El Capitan’s beta but not in the current Yosemite version. It has also added applications using these exploits to its malware blacklist, but it’s just a temporary cat-and-mouse fix. The company will issue security patches for both OS X Yosemite and OS X El Capitan beta. In the mean time, be careful when you download something and unplug all your Thunderbolt devices before rebooting your Mac — just in case.