The mysterious "Cloud"
Search

Pittsburgh Tech Guy

Phone: 412-256-8674

Email: pghtechguy@hotmail.com

Skype: pghtechguy on Skype

 

How to Backup your computer online for free

Welcome to the Pittsburgh Tech Guy!  Your local source for good, dependable technical support and information!  Keep up with the latest Tech news here!

Remember, all home computer analysis are free!

Monday
Nov192018

Firefox to Display Warning if You Visit a Site That's Been Breached

The Firefox browser will soon issue a warning if you visit a site that recently suffered a data breach.

The warnings will appear on Firefox's desktop browser as pop-up notifications that tell you how many accounts were compromised in the breach.

The same pop-up will show you a link to Firefox Monitor, a free service that lets you check whether any of your internet accounts were ensnared in a data breach. Simply click the link and type in your email address to view whether your accounts were hit.

Firefox Breach Warning

The new function will roll out to Firefox in the coming weeks, at a time when users are demanding more security and privacy features, Mozilla said. "Data breaches are common for online services," company privacy engineer Luke Crouch wrote in a blog post. "Some online services discover, mitigate, and disclose breaches quickly. Others go undetected for years." Making matters worse is that most people simply don't know that a breach has affected them, he added.

The pop-up warnings from Firefox will hopefully change this. It'll also give users a chance to secure their affected accounts—before hackers have a chance to take advantage of the situation. For instance, when a breach occurs, you should change the password on the affected account and enable two-factor authentication if available.

It's also good idea to make sure all your internet accounts are secured with unique passwords. Hackers like to check whether their victims re-used any exposed passwords on other internet accounts.

Mozilla built its notification system using data from security researcher Troy Hunt, who maintains an active library of all the latest data breaches at Haveibeenpawned. His site also lets you type in your email address to check whether it's been affected in a data breach.

So how often will you see these alerts from Firefox? "This alert will appear at most once per site and only for data breaches reported in the previous twelve months," the company said.

You'll see an additional alert if the website you visit experienced another reported breach within the last two months. Mozilla settled on this time-frame to avoid stoking unnecessary fear. "We don't want to alarm users or to create noise by triggering alerts for sites that have long since taken significant steps to protect their users. That noise could decrease the value and usability of an important security feature," Crouch said.

If you get annoyed with the alerts, you can turn them off. Click the drop-down arrow on the pop-up notification, and choose "never show Firefox Monitor alerts."

But if you'd like to know more about the latest data breaches and whether you're affected, sign up for email alerts through the Firefox Monitor service or Haveibeenpawned. They'll notify you if your data crops up in another publicly known breach. You can also read our tips on staying safe online here.

Friday
Nov092018

T-Mobile has blocked one billion spam calls in the last 18 months

We’ve told you in the past about estimates suggesting that your cell phone is going to be bombarded with a ton more spam calls next year. Estimates vary, but the increase is forecasted to mean around half, and maybe more, of all mobile traffic in 2019 will be attributable to such calls.

That’s not to say preparations aren’t being made to fight them. Indeed, T-Mobile today has touted its record over the last 18 months of having blocked 1 billion such spam calls to its customers’ phones, and that its Scam ID and Scam Block technology has helped the so-called Un-carrier flag more than 6 billion calls as “likely” spam.

Building on that, T-Mobile also announced today that it’s rolling out more protections to stop customers from being harassed by such calls. On the heels of the FCC calling on the industry to implement STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) standards, T-Mobile said today that it is the first in the industry to be ready to implement both standards. “When adopted industry-wide,” according to a spokesman, “these standards will allow customers to know the calls they are receiving are verified as authentic and not spoofed or hijacked by scammers.”

Meanwhile, T-Mobile also said today that it’s integrated new spoof identification technology at the network level, “meaning that Scam ID and Scam Block, the Un-carrier’s free scam detection services, can now better catch and stop spoofed numbers from reaching your phone.” the spokesman continued. In terms of other benefits, the Un-carrier also touts its offering of free scam protection on any device without the need for an app or registration.

“In addition to being first to announce readiness for both the new STIR/SHAKEN standards,” T-Mobile said in its announcement today, “T-Mobile improved its popular Scam ID and Scam Block with new protections against the increasingly common ‘Neighborhood Spoofing’ — where scammers temporarily hijack a phone number to match the area code and 3-digit prefix of the person they are targeting, making the incoming call look familiar. Existing protection apps can only black-list against known scam numbers, not legitimate numbers that’ve been temporarily hijacked by scammers.

“Together with partner First Orion, T-Mobile is the only major wireless provider to add and deliver new protections at the network level. That means Un-carrier customers can expect fewer of these types of calls, thanks to intelligent analysis of network-wide data that better pinpoints and identifies the origin of a call before it reaches your phone.”

Friday
Nov022018

How 'free' Wi-Fi hotspots can track your location even when you aren't connected

Before you join the Wi-Fi hotspot at your local cafe, you might want to make sure it won’t follow your footsteps—literally—after you leave.

Ostensibly “free” Wi-Fi hotspots are in hundreds of thousands of businesses and public spaces across the United States. They’re in shopping malls. In airports. In chain restaurants. In local cafes. As a result, it’s easier than ever to get online. If your notebook or phone lacks a reliable data connection, you can still connect to a hotspot. But this convenience often comes at a price: your personal data and privacy.

When you use “free” Wi-Fi, there’s a good chance it’s managed by a third-party provider—which gets you online in exchange for your valuable sign-on data. The sign-on information that hotspots require will vary, but often includes your email address, phone number, social media profile, and other personal information. All can be used to target you with advertising and gain insights on your habits.

For More, check out the complete article at PCWorld here.

Friday
Nov022018

Why Passwords Might (Finally) Go Away

In 2012, Wired's Matt Honan wrote about the disastrous consequences of tying your entire digital life to a string of letters, digits, and symbols. Honan is just one of countless people whose online accounts were hijacked after hackers discovered their passwords; the list of victims also contains high-profile tech executives, including Mark Zuckerberg.

For years, we've been talking about the need to replace passwords with more secure and reliable methods. As recently as last month, the United Nations accidentally revealed employee passwords on publicly shared Trello boards and in Google Docs. Even Facebook's recent hack was related to poor password-based authentication systems. And billions of stolen passwords are changing hands in dark-web markets.

And yet, passwords remain the main method of protecting online accounts.

There has been no small amount of innovation in the authentication space. In 2016, I wrote about authentication technologies that provided secure and easy-to-use alternatives to passwords, but until recently, none had achieved mass adoption.

Now, though, there's hope that we can finally ditch long, complex passwords thanks to a series of regulations and open standards that ease and encourage the implementation of passwordless authentication methods in online applications.

What's Preventing Passwordless Authentication?

"The vast number of passwords needed in our daily lives have become a burden, which is why we see so many reused or weak static credentials," says Stina Ehrensvard, CEO and Founder of Yubico, which manufactures physical security keys like the Yubikey 5 NFC. "We needed to think about how to address this problem in a way that simplifies the login process while adding the highest level of security. Up until now, there hasn't really been a way to do both of those things successfully."

The vulnerabilities of passwords are not lost on the organizations that continue to use them. But before considering alternatives, they must take into account the security, usability, availability, and costs of the technology.

"The reason we haven't replaced passwords before now with something more reliable is that all the alternatives that may have been better for security or usability have not been ubiquitously available to all shapes and sizes of internet-connected devices, nor have they been cost-effective," says Brett McDowell, executive director of the FIDO Alliance, a consortium that develops authentication standards.

Also, password entry is the least expensive and easiest authentication technology to implement in new websites and mobile apps. And while alternatives such as biometric authentication technology have become more widely available on mobile devices, password entry remains the ubiquitous feature that all devices support. Removing it would prevent many users from accessing those services.

Lack of standards also makes it hard to move away from passwords. The overhead cost of adding support for dozens of different authentication technologies in client applications and backend servers is something that most organizations could not bear.

And of course, there's always the human factor. "Some companies and individuals continue to believe that they won't be affected by cyber attacks and that they are not of interest to cybercriminals. A lack of desire and resources to change existing solutions is hindering adoption of new passwordless authentication solutions," says Alex Momot, CEO of REMME, a startup developing a decentralized authentication system.

The Feds Come Knocking

In recent years, there's been an increase in awareness surrounding online security and privacy of users, especially among government agencies and regulators. While previously, organizations could've shrugged off data breaches and security incidents with few legal and financial consequences, that's no longer the case.

"Regulators are as tired of data breach headlines as anyone else, and they are starting to take action, resulting in more businesses adding strong authentication to their data protection practices," says McDowell.

Among the most relevant regulatory actions is the General Data Protection Regulation (GDPR), a set of rules that define how companies collect, handle, and secure user data. GDPR also defines standards for strong user authentication. Companies that fail to comply with the rules and protect their customers' data will be severely fined. GDPR applies to the EU jurisdiction only, but since many companies that aren't based in the EU still do business in the region, it is now considered a golden standard for security.

/

Why Passwords Might (Finally) Go Away

Passwords are still the main method for protecting online accounts. Now, a series of regulations and open standards provide hope that we can finally ditch them.
Why Passwords Might (Finally) Go Away

In 2012, Wired's Matt Honan wrote about the disastrous consequences of tying your entire digital life to a string of letters, digits, and symbols. Honan is just one of countless people whose online accounts were hijacked after hackers discovered their passwords; the list of victims also contains high-profile tech executives, including Mark Zuckerberg.

OpinionsFor years, we've been talking about the need to replace passwords with more secure and reliable methods. As recently as last month, the United Nations accidentally revealed employee passwords on publicly shared Trello boards and in Google Docs. Even Facebook's recent hack was related to poor password-based authentication systems. And billions of stolen passwords are changing hands in dark-web markets.

And yet, passwords remain the main method of protecting online accounts.

There has been no small amount of innovation in the authentication space. In 2016, I wrote about authentication technologies that provided secure and easy-to-use alternatives to passwords, but until recently, none had achieved mass adoption.

Now, though, there's hope that we can finally ditch long, complex passwords thanks to a series of regulations and open standards that ease and encourage the implementation of passwordless authentication methods in online applications.

What's Preventing Passwordless Authentication?

"The vast number of passwords needed in our daily lives have become a burden, which is why we see so many reused or weak static credentials," says Stina Ehrensvard, CEO and Founder of Yubico, which manufactures physical security keys like the Yubikey 5 NFC. "We needed to think about how to address this problem in a way that simplifies the login process while adding the highest level of security. Up until now, there hasn't really been a way to do both of those things successfully."

The vulnerabilities of passwords are not lost on the organizations that continue to use them. But before considering alternatives, they must take into account the security, usability, availability, and costs of the technology.

"The reason we haven't replaced passwords before now with something more reliable is that all the alternatives that may have been better for security or usability have not been ubiquitously available to all shapes and sizes of internet-connected devices, nor have they been cost-effective," says Brett McDowell, executive director of the FIDO Alliance, a consortium that develops authentication standards.

 

Also, password entry is the least expensive and easiest authentication technology to implement in new websites and mobile apps. And while alternatives such as biometric authentication technology have become more widely available on mobile devices, password entry remains the ubiquitous feature that all devices support. Removing it would prevent many users from accessing those services.

Lack of standards also makes it hard to move away from passwords. The overhead cost of adding support for dozens of different authentication technologies in client applications and backend servers is something that most organizations could not bear.

And of course, there's always the human factor. "Some companies and individuals continue to believe that they won't be affected by cyber attacks and that they are not of interest to cybercriminals. A lack of desire and resources to change existing solutions is hindering adoption of new passwordless authentication solutions," says Alex Momot, CEO of REMME, a startup developing a decentralized authentication system.

The Feds Come Knocking

In recent years, there's been an increase in awareness surrounding online security and privacy of users, especially among government agencies and regulators. While previously, organizations could've shrugged off data breaches and security incidents with few legal and financial consequences, that's no longer the case.

"Regulators are as tired of data breach headlines as anyone else, and they are starting to take action, resulting in more businesses adding strong authentication to their data protection practices," says McDowell.

Among the most relevant regulatory actions is the General Data Protection Regulation (GDPR), a set of rules that define how companies collect, handle, and secure user data. GDPR also defines standards for strong user authentication. Companies that fail to comply with the rules and protect their customers' data will be severely fined. GDPR applies to the EU jurisdiction only, but since many companies that aren't based in the EU still do business in the region, it is now considered a golden standard for security.

"At a time when more and more companies are adopting strong authentication, and more and more data breaches are caused by password compromise, it is going to be increasingly difficult for a business to make the case to a GDPR regulator that password-only authentication is appropriate security, potentially exposing their company to fines that are far more expensive than the price of moving from passwords to true strong authentication," McDowell says.

Other industry-specific regulations are more explicit about the use of authentication technology. An example is Payment Services Directive 2 (PSD2), which regulates e-commerce and online financial services in Europe and makes two-factor authentication (2FA) mandatory. PSD2 also encourages the use of security cards, mobile devices, and biometric scanners to improve the user experience without compromising security.

And the National Institute of Standards and Technology (NIST), which defines the criteria for various industries, states in its digital identities guidelines that organizations should move away from passwords and one-time passcodes and adopt modern strong authentication.

"More specifically, NIST recommends authentication in which your modern device creates and uses cryptographic private keys as your new account credentials and securely stores them to your personal device in the same way most smartphones now securely store your fingerprint data," McDowell says.

There's debate over whether government regulation will hamper or encourage innovation. But at this point, we might need a regulatory push toward the adoption of more secure authentication mechanisms.

"Governments can play a critical role in the adoption of open standards," says Ehrensvard. "Take a look at the seatbelt, for example. It too is an open standard, and its use was regulated by the government. Because of this, there are 10 times more cars on the road today but a lower total number of fatal car accidents."

Getting on the Same Page

Widespread replacement of password-only authentication needs more than regulations. Without a set of standard protocols, organizations and companies will struggle to find an authentication technology that keeps them in line with security regulations while making their applications available to their users.

That was the problem FIDO was set to solve. FIDO Authentication is based on a set of free and open technology standards, developed in partnership with the World Wide Web Consortium (W3C). The aim is to create interoperability among devices and services by enabling the entire consumer electronics industry to integrate the technology into their products and platforms.

FIDO replaces passwords with public key cryptography. This means that instead of passwords, users are identified with a pair of public and private keys. Anything encrypted with a public key can be decrypted only by its corresponding private key. When a user signs up with an online service that supports FIDO authentication, the service generates a key pair and stores the public key on its servers. The private key is stored on the user's device only. When logging in, the client application is presented with a cryptographic challenge generated with the public key, which can only be solved by the private key. Users must verify their identity with their device (through fingerprint, face, or PIN) to unlock their private key and solve the challenge.

The advantage of this model is that it provides multi-factor authentication without requiring the storage and exchange of passwords. Even if hackers manage to breach the servers of the service provider, they'll get access only to public keys, which are useless without the corresponding private keys stored on users' devices. If the hackers steal a user's device, they'll still need to bypass the local identity verification to obtain the private key. From a user's perspective, this obviates the need to memorize long, complex passwords for each account while providing superior security.

But FIDO's greater achievement is getting widespread support from the tech industry. The alliance has brought together big names such as Google, Microsoft, Amazon, and Intel to develop standards that would be easy to implement on different device types and operating systems.

"The businesses that came together to form FIDO Alliance understood that replacing passwords for online authentication could only ever become commercially viable at scale through a combination of free and open technology standards, a vastly superior user experience, and a fundamentally different approach to the security model," McDowell says.

FIDO recently released the FIDO2, an extension to its standard which adds support for public key authentication to browsers and a wide range of application frameworks. The standard is supported by Windows 10, Google Play Services on Android, and the Chrome, Firefox, and Edge web browsers. WebKit, the technology behind Apple's Safari browser, might also add support for FIDO2 soon.

"The FIDO2 standard enables the replacement of weak password-based authentication with strong hardware-based authentication that utilizes public key cryptography," says Ehrensvard, whose company Yubico is among the key members of FIDO. "This standard allows for passwordless authentication in several forms, including via USB and tap-and-go NFC, which provides an optimal user experience, and drastically improves security and productivity."

When Will Passwords Finally Go Away?

Although the industry has come a long way toward developing alternative authentication methods, passwords won't disappear overnight. "We should take into account that we have a lot of 'legacy' software and information systems. That's why it's not always possible to easily change established rules of authentication including those that are password based," says Momot, the chief executive from REMME.

Other experts such as Sandor Palfy, CTO of LogMeIn, believe passwords will remain a central facet to identifying users. He also believes the industry should focus on improving the password experience.

Sunday
Oct212018

How to check the Mac Model 

New Mac models do not come out as often as new iPhone models do. Even iPads, as popular as they are, aren’t refreshed annually. The model to model difference between Macs often isn’t that noticeable either so it might not be easy to tell, at a glance, what your Mac model is. In fact, for some iPhone models, you cannot tell them apart unless you actually use the device and notice the difference in features. Macs, like iPhones, have a built in method to check the Mac model of a MacBook or iMac, or Mac mini.

Check Mac Model

On your Mac, go to the Apple menu and select About this Mac.

This will open a window giving you an overview of the Mac. The window, by default opens to the Overview tab that ought to tell you what your model is. The screenshot below shows that the Mac in question is a MacBook Pro but it doesn’t give the year.

To get the year, you can copy the serial number given on this same tab, and enter it on Apple’s page for checking service and support coverage.

Sunday
Oct212018

Review: Dyson SV11 Animal Extra Vacuum

I usually do not do reviews, especially of household items, but recently purchased the Dyson V7 Animal stick vacuum and I must say that it is the best vacuum I ever used.  Light, agile and the best power I have ever seen.  I am about to find out how good customer service and the warranty is due to my wife doing something very dumb with it that it now requires a service call.  Will update.