Pittsburgh Tech Guy

Last year, VR and 360° photos and videos took center stage for a lot of major tech companies. Facebook added the ability to view 360° photos and quite a few VR headsets were released. Companies are pushing these two new media formats more than ever but the truth is, VR technology is still too expensive to be massively popular. 360° videos and photos are slightly more affordable to capture if you have the right equipment and they are pretty astounding to look at. SVRF Tabs is a Chrome extension that adds a 360° image to every new tab you open. You can pan around and explore the photo.

Install SVRF Tabs and open a new tab. Chrome will tell you that your new tab page has changed. This is a security measure to prevent extensions from hijacking your new tab page. Click ‘Keep changes’ in the pop-up.

The new tab page will feature an awesome landscape with the current time superimposed on it. Click and drag the cursor on the image to look around. Click inside the Omni bar to search for something.

The images are fairly quick to load and are duly credited to the people who took them. They are sourced from Flickr. You can get a direct link to the photo from a share button at the bottom left of the new tab page.

SVRF Tabs is a pretty neat extension but we should warn you that it will slow Chrome down if your hardware is dated. We’re not saying the extension has the power to freeze your system but it will likely increase CPU usage due to the nature of the content it serves.

This is where the problem lies with distributing 360° content; users need to have reasonably powerful systems to view it. The extension itself is larger than most Chrome extensions are on average and it will tax your systems resources more. If you accidentally leave a new tab page open, Chrome’s CPU usage could rise considerably.

Install SVRF Tabs From The Chrome Web Store

We all know websites collect information from us, either implicitly or explicitly. They get the information via the web browsers we use. You might not trust a shady looking website with your information but you will trust Chrome. The thing is, browsers are the information gateway that websites use. What every Browser knows about you is a web app that shows you the personal information stored by your browser. This information can be accessed by websites without you explicitly allowing them access to it. It also tells you what you can do about the information being freely available to websites.

Visit What every Browser knows about you and start scrolling.

Your browser knows some basic things about you such as your exact location mapped down to longitude and latitude, your current operating system and some hardware specifications. It also knows your local and public IP. The information is categorized and each section has preventive measures you can take to stay safe as well as the risks associated with it.

For the most part, the tool advises you to use private browsing. Unfortunately, for the average user that means a lot of inconvenience. Some of the information saved by the browser is harmless such as which OS you’re running but some of it is a security risk and can result in clickjacking, among other things.

The app itself tells you when certain information puts you at risk and when it doesn’t. Use it as a guide to determine what data you want to keep safe from websites. Remember that the information saved differs from browser to browser. The app doesn’t advise you to favor a particular browser over the other but switching browsers might be a reasonable compromise.

If you think Chrome is storing too much information, try switching to Firefox and run What every Browser knows about you again to see how much of a difference it has made.

Visit What every Browser knows about you

File sharing is a heavily saturated market but most file sharing apps and services work with an intermediate server. Your file is uploaded to an online server or ‘cloud drive’ and you share a link to it. The file is then downloaded from said server by your recipient. This method of sharing files has its advantages e.g., your recipient can download a file whenever they have time and you aren’t bound to be online to send it to them. That said, many people still prefer a P2P transfer whereby your file is sent between two desktops. Take A File is a simple P2P file transfer service that lets you send files between two desktops all from your web browser.

Visit Take a file and click the ‘Drag and drop a file to start’ button. You can select a single file or you can hold down the Ctrl key to select multiple files.

Once you’ve selected the files, the app generates a link for you to share with whoever you want to send the files to. The files do not upload to an intermediate server.

Once your recipient has the link and they open it in their own web browser, the transfer begins. You can view transfer progress in your browser. The transfer begins only after the link has been opened.

You must keep your browser open in order for transfer to start and complete. Furthermore, the tab you have Take a file open in must be active for the transfer to start.

Take a file doesn’t take an abnormally long time to transfer files but transfer time will depend on the file size as well. The app states that there are no limits to how large a file you can transfer using the service. When you transfer multiple files, the app zips them into one archive that your recipient downloads.

Visit Take A File

One of the biggest security stories of 2016 was the rise of ransomware. 

In August, a study by security company Malwarebytes said that nearly half of all U.S. businesses had been hit by the malware. More recently, Kasperksy said ransomware attacks had increased threefold against businesses worldwide from January to September. And all throughout the year, ransomware that locked down the PCs of everyday users made headlines. 

Hoping to stop ransomware in its tracks, security firm Cybereason announced a new anti-malware security program on Monday called RansomFree.

What is ransomware?

Ransomware is a particularly vicious type of malware. Once it lands on a system, ransomware begins to encrypt business or personal files on the hard drive. After the task finishes, the program demands money from the victim, usually in the form of Bitcoin. Typically, once the ransom is paid the malware assists with the decryption process to release your files—but not always. One 2016 variant, for example, just took the money and deleted the files on the hard drive.

But demanding money is just the tip of the iceberg. “Really, they could ask you for anything,” says Yoel Eilat, a senior product manager with Cybereason. Case in point: The recently discovered Popcorn Time ransomware. If a user doesn’t have the cash to pay the ransom, or doesn’t want to pay the fee, they can share a link with their colleagues and friends to encourage them to download the malware. Anyone who successfully dupes two people into infecting themselves gets off scot-free—minus two friendships, that is.

Protecting yourself

It’s still early days for anti-ransomware solutions. Malwarebytes ran a beta earlier in 2016 for an anti-ransomware program, and advertises Malwarebytes 3.0 as capable of fighting this type of malware.

But Cybereason believes RansomFree has what it takes to lead the charge against ransomware. The desktop program for Windows 7 and up (as well as Windows Server versions 2008 R2 and 2012) uses behavioral analysis instead of regularly updated malware definitions to fight the bad programs. Cybereason took a look at all the ransomware it could find, and analyzed the programs for common characteristics. It then built a program to monitor for those behaviors.

RansomFree’s warning window.

If RansomFree finds any such behavior on your system, it flags that program for your review. By default, the program suspends any activity it deems suspicious—even if it’s a legitimate encryption program that has some behavior in common with ransomware. It’s then up to the user to either enable the program, or allow RansomFree to permanently quarantine the malware.

Using this approach, Eilat says that with RansomFree enabled about four files can end up encrypted before the security program detects the problem and stops it; however, he says, for most ransomware strains “RansomFree manages to stop the ransomware even before any file is encrypted.”

RansomFree is a free download for home users directly from Cybereason’s site. The installation's fairly anti-climactic. It alerts you that the program placed some specially constructed files on your system that help RansomFree do its job. Eilat wouldn’t go into too much detail about what these files do. He would say they were there to be the “victims” of potential ransomware infections and to slow the malware down.

Other than the alert about the files, RansomFree just sits there not doing much of anything—at least to the casual observer. That’s probably what you want from a specialized security program like this, anyway.

The impact on you at home: Using a security program that protects against ransomware is only the first step to keeping your files safe. Cybereason also recommends that users regularly backup their files and verify that those backups can be restored should the worst happen. The usual security advice also applies: keep your operating system and programs up-to-date; disable Java and Flash when possible; don’t download programs or files from sketchy websites; and be doubly cautious downloading attachments or clicking links in email.

Internet giant Yahoo announced a massive data breach Wednesday that affected over one billion accounts, making it by far the largest data breach in history. This follows the disclosure in September of a different breach that affected more than 500 million of the company's customers.

What stands out with this new security compromise is that it occurred over three years ago, in August 2013, and that hackers walked away with password hashes that can be easily cracked.

If you're a Yahoo user you should consider your password compromised and should take all the necessary steps to secure your account. You should follow all of Yahoo's recommendations, but here are a few more that you should have in mind:

1. Don't save emails you don't need

Because space is no longer a problem with most email services, users tend to never delete emails. While that's extremely convenient, it's not a very good idea, because it allows hackers to easily discover what other online accounts are tied to that address by searching for sign-up or notification emails from various online service providers.

Aside from exposing the link between your email address and accounts on other websites, sign-up and notification emails can also expose specific account names that you've chosen and are different from the email address.

You might want to consider cleaning your mailbox of welcome emails, password reset notifications and other such communications. Sure, there might be other ways for hackers to find out if you have an account on a certain website, or even a number of websites, but why make it easier for them to compile a full list?

2. Check your email forwarding and reply-to settings

Email forwarding is one of those "set it and forget it" features. The option is buried somewhere in the email account settings and if it's turned on there's little to no indication that it's active.

Hackers know this. They only need to gain access to your email account once, set up a rule to receive copies of all your emails and never log back in again. This also prevents the service from sending you notifications about repeated suspicious log-ins from unrecognized devices or IP addresses.

Another technique that attackers might use to get a copy of your emails is to change the reply-to address in your email settings, although this is noisier and can be spotted more easily than a forwarding rule.

The reply-to field is included in every email message that you send and allows the recipient's email client to automatically populate the To field with an address you chose when they hit reply. If a hacker changes the reply-to value with an address that he controls, he will receive all email replies intended for you and these typically include the original emails that you sent.

In order to ensure that you also get those replies, the attacker can set up a forwarding rule in their own email account and automatically forward those replies to your address.

3. Two-factor authentication everywhere

Turn on two-factor authentication -- this is sometimes called two-step verification -- for any account that supports it, including Yahoo. This will prompt the online service to ask for a one-time-use code sent via text message, phone call, email or generated by a smartphone app when you try to access the account from a new device. This code is required in addition to your regular password, but Yahoo also has a feature called Account Key that does away with regular passwords completely and instead requires sign-in approval via phone notifications.

Two-factor authentication is an important security feature that could keep your account secure even if hackers steal your password.

4. Never reuse passwords

There are many secure password management solutions available today that work across different platforms. There's really no excuse for not having unique, complex passwords for every single account that you own. If you do want memorable passwords for a few critical accounts use passphrases instead: sentences made up of words, numbers and even punctuation marks.

According to Yahoo, this breach happened in August 2013, at a time when the company hadn't yet switched to the more secure bcrypt password hashing algorithm. As a result, most passwords that were stolen are in the form of MD5 hashes, which are highly vulnerable to cracking.

If you made the mistake of using your Yahoo password elsewhere and haven't changed it yet, you should do so immediately and review the security settings of those accounts too. It's very likely that hackers have already cracked your password and had three years to abuse it.

5. Phishing follows breaches

Large data breaches are typically followed by email phishing attempts, as cybercriminals try to take advantage of the public interest in such incidents. These emails can masquerade as security notifications, can contain instructions to download malicious programs that are passed as security tools or can direct users to websites that ask for additional information under the guise of "verifying" accounts.

Be on the lookout for such emails and make sure that any instructions you decide to follow in response to a security incident came from the affected service provider or a trusted source. Official Yahoo emails are easily recognizable in the Yahoo Mail interface because they are marked with a purple Y icon.

In the future, be selective in what personal information you choose to share and which websites you choose to share it with, even when those websites are legitimate. There's no guarantee that they won't be hacked in the future and you simply don't know how securely they store your details.

In Yahoo's case, the compromised account information includes names, email addresses, telephone numbers, dates of birth and, in some cases, unencrypted security questions and answers. These details can be used to impersonate you or to authenticate you on other websites.

Don't provide real answers to security questions, if you can avoid it. Make something up that you can remember and use that as answer. In fact, Yahoo doesn't even recommend using security questions anymore, so you can go into your account's security settings and delete them.

In 2014, the Heartbleed exploit left everyone's log-in information potentially up for grabs thanks to one itty bitty piece of code. But what is a person afraid for their security to do? Well, you should definitely change your passwords—regularly! By sheer brute force or simple phishing, passwords are, to be honest, a pretty laughable way of authentication.

What you really need is a second factor of authentication. That's why many Internet services, a number of which have felt the pinch of being hacked, have embraced two-factor authentication for their users. It's sometimes called 2FA, or used interchangeably with the terms "two-step" and "verification" depending on the marketing. Even the White House has a campaign asking you #TurnOn2FA.

But exactly what is it?