Pittsburgh Tech Guy

I like to thank all of you that forward useful sites and information aimed at keeping all of us secure online.  With that said, here is another site you may find informative towards that goal.  The guide covers the range from online shopping, proper social media security and online theft.

I get it: you don’t like websites that push countless ads you, so you’ve just decided that enough is enough and the use of an ad blocker is in order. But make sure you don’t fall for the fake AdPlus Block extension that Google allowed into the official Chrome store.

Some 37,000 people already installed the fake app. If you’ve just added AdBlock Plus to your Chrome browsing experience, better make sure you’ve got the legit one.

First spotted by SwiftOnSecurity, the fake app is now removed from the store.

It’s also unclear what the fraudulent app did on the machines it infected. Yes, infected is the right word, as this is a malicious app created by a “fraudulent developer who clones popular name and spams keywords.” But one user who installed it revealed in a review that the fake AdPlus Block app pushed invasive ads and opened up additional tabs.

Safe to say that you should pay extra attention to your computer if you’re one of the 37,000 users affected by the issue.

Throughout the 90s and early 2000s, Apple was something of a niche company. Sure, the company had an incredibly loyal and vocal fan base, but the company did not enjoy a significant marketshare in any of the product categories it competed in. This dynamic, however, began to change markedly with the release of the iPod in late 2001. By 2004, the iPod completely dominated the MP3 player market. A few years later, Apple released the iPhone and forever changed the way the world interacts with technology.

Today, Apple is a wildly successful company with a market cap in excess of $800 billion. And though it wasn’t all that long ago when owners of Apple products were somewhat hard to find, the situation today couldn’t be any different. Thanks to the iPhone, the iPad and the Mac, 64% of all American households today own at least one Apple product, according to a new survey from CNBC and Hart Research.

“The product is ubiquitous by income group, age, race, sex and region of the country — more than half of nearly all demographic groups report owning at least one Apple product,” the report notes. “The household ownership rate is below 50 percent for only a few groups, including those with incomes under $30,000, retirees and women over age 50.”

Also interesting, though perhaps not surprising given that Apple products are priced at a premium, is that when looking at Americans who earn more than $100,000 per year, 87% of them own at least one Apple device.

Indeed, it’s easy to forget that Apple’s entire business model is predicated on selling premium products at a premium price. That being the case, it stands to reason that Apple’s upcoming iPhone X will sell exceedingly well in spite of its rather lofty $999 pricepoint. On a related note, the rousing success of the iPhone 7 Plus last year underscores that Apple consumers are more than willing to shell out some extra cash for the best products Apple has to offer.

It seems that CCleaner, one of PCWorld’s recommendations for the best free software for new PCs, might not have been keeping your PC so clean after all. In an in-depth probe of the popular optimization and scrubbing software, Cisco Talos has discovered a malicious bit of code injected by hackers that could have affected more than 2 million users who downloaded the most recent update.

On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data.

Cisco Talon suspects that the attacker “compromised a portion of (CCleaner’s) development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization.” As such, customers’ personal information was not at risk.

According to Avast, the malware doesn’t seem to have affected any machines in the wild. In a blog post by vice president of products Paul Yung, he states that the company identified the attack on Sept. 12 and had taken the appropriate action even before Cisco Talos notified them of their discovery. Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version. 

Yung assures customers that the threat has been resolved and the “rogue server” has been taken down. He also says Piriform has shut down the hackers’ access to other servers. Additionally, the company is moving all users to the latest version of the software, which is already available on the company’s website (though the release notes only mention “minor big fixes.”)

Most reassuringly, Yung states that Avast was seemingly able to disarm the threat before it was able to do any harm. The intent of the attack is unclear at this time, though Avast says the code was able to collect information about the local system.

Users can download CCleaner 5.34 from Avast’s website if they haven’t already done so. Previous releases are also still available on the company’s website, but the infected version has been removed from the company’s servers. You’ll also want to perform an antivirus scan on your computer. If you're affected, Cisco Talos recommends using a backup to restore your PC to a state prior to August 15, 2017, which is when the hacked version was released.

The impact on you at home: While users within the target area shouldn’t see any impact from this attempted attack, it’s still a scary notion. While Avast got in front of the issue and resolved it without incident, smaller companies might not be able to react so quickly. For example, earlier this year, it was found that a breach at Ukranian software company MeDoc was responsible for the NotPetya ransomware. Ransomware is becoming a troubling trend, and if hackers are able to infect infect update servers they can spread malware to as many machines as possible.

Chances are, your email inbox is a mix of important messages, Amazon Prime shipping notices, bill alerts, and other easy-to-ignore offers.

But spam creeps in. Sometimes you do it yourself—enter your email address to win that contest!—and sometimes others do it for you. Thanks for the blank­of-the-month club email list, mom.

Luckily, there are easy ways to kill unwanted emails, and they don't involved sending invective-filled rants to the sender.

Unsubscribe Links Made Easy

The cleanest way to get off a list is to use the built-in unsubscribe option. That link is generally buried at the bottom of the message, in tiny type or made to not even look like a link, all the better to keep you subscribed.

(The chance that the unsubscribe link is a trick—a way to confirm you are a real person—is low. Be smart about it; if something looks fishy, just delete.)

Gmail makes it easy to unsubscribe on the desktop. Whenever it notices a working unsubscribe link in a message, it puts its own unsubscribe link at the top of the message, right next to the address of the sender's email. Click it and a giant Unsubscribe button appears.

It's a little harder on mobile. In the Gmail for iOS, the only option at this point is to mark a message as spam; tap the three dots on the top right > Report spam. On Android, touch the menu; if the sender offers an easy unsubscribe option, the word Unsubscribe will appear on the menu.

Prominent unsubscribe links are also found on Outlook.com and the Outlook apps as well. On the web, it says "Getting too much email? Unsubscribe" at the top of a supported message.

On the built-in iOS Mail app, look for a banner reading "This message is from a mailing list. Unsubscribe" atop your messages, which will email the sender with the unsub request.

Email (aka Edison Mail) for iOS and Android both show a large Unsubscribe button at the top of a message and an animation to indicate the request is placed.

What's interesting is, looking at the same messages with Gmail on the desktop and mobile, Email, and other apps with a more prominent unsub option shows that they don't all recognize the links the same way, nor even support it within the same messages.

At least when you're on the mobile apps like Email, which supports multiple services (usually Gmail, Outlook, iCloud, Yahoo, and IMAP accounts), you can unsubscribe across all the services.

Unsubscribe Services

Want to unsubscribe from mail in a big batch? Several services make it possible. The downside: you have to give these services complete access to your inbox for them to find messages with an unsubscribe option; sometimes that includes your contacts. Like Heinlein said: TANSTAAFL.

Unsubscriber

This is as simple as it gets. Put your email address in at GetUnsubscriber.com and the service sticks an Unsubscriber folder/label in your inbox. Drag messages you no longer want into that folder, and Unsubscriber will filter messages out until the unsub request goes through. It works with any email provider, though the site includes quick links for Gmail, Outlook.com, Yahoo Mail, and Aol.

It's free to use, but the service states up front "we collect and share certain information about non-personal email messages (e.g., commercial emails)." The company behind Unsubscriber, Return Path, also offers an extension for Google Chrome called Whisker, which manages unwanted email (including spam).

Unroll.me

Available on the web, or via an iOS app, Unroll.me looks into the heart of your Outlook.com, Gmail/GSuite, Yahoo Mail, and Aol account to locate messages you probably don't want. You can also try an email address from another service.

In return, you get a list of all the senders you could nix; pick the ones you don't want, and Unroll.me does the rest. It also offers a service called The Rollup so you can re-subscribe to select mailings, but they'll get funneled to you via Unroll.me in a daily digest. You can edit (or deactivate) The Rollup any time.

Unroll.me is free, but it does want full access to your messages and contacts. Its parent company, Slice Technologies, says it ignores personal email and anonymizes the messages it sees, but it's using all of the data it can to sell market research based on users.

Unlistr

Remember when companies dropped the "e" before the "r" to make a name? Unlistr does!

There is no web-based interface; Unlistr has a free Android app and a $20 add-on for Outlook (the one in Office, not Outlook.com). You sign up using your email account—any that supports IMAP/POP accounts, plus Gmail, Yahoo, AOL, Outlook.com), and others. Essentially, if you know the incoming and outgoing server settings, it should work. You get a list of senders to unsubscribe from all at once.

Unlistr does all its processing locally on your smartphone, keeps messages encrypted, and avoids trying to un-sub you from known spammers so you won't get more. It doesn't currently collect any information, according to the FAQ.

Heading to Best Buy to purchase a new software security suite? Don't plan on getting one from Kaspersky Lab, because you won't find it there.

As reported by the Minneapolis Star Tribune, Best Buy decided to pull Kaspersky products from its store shelves amid media and US government suspicion about the security firm's link to the Russian government. A Kaspersky Lab spokesperson confirmed the breakup in a Tuesday statement to PCMag.

"Kaspersky Lab and Best Buy have suspended their relationship at this time," the company wrote.

The move comes after Bloomberg in July cited internal Kaspersky Lab emails when reporting that the security vendor "maintained a much closer working relationship with Russia's main intelligence agency, the FSB, than it has publicly admitted" — a claim Kaspersky denied.

"Kaspersky Lab, and its executives, do not have inappropriate ties with any government," the Moscow-based company said in a July statement. "The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."

Around the same time, the Trump administration removed Kaspersky Lab from two lists of approved vendors from which government agencies can purchase technology equipment. The move was reportedly driven by "concerns its products could be used by the Kremlin to gain entry into US networks."

Kaspersky said its CEO and Founder Eugene Kaspersky "repeatedly offered to meet with government officials, testify before the US Congress, and provide the company's source code for an official audit to help address any questions the US government has."

Best Buy declined to comment on the matter when contacted by PCMag, saying: "we don't comment on contracts with specific vendors."

Kaspersky, meanwhile, said its relationship with Best Buy "may be re-evaluated in the future."

"Kaspersky Lab has enjoyed a decade-long partnership with Best Buy and its customer base, and Kaspersky Lab will continue to offer its industry-leading cybersecurity solutions to consumers through its website and other retailers," the company wrote.

The falling out with Best Buy comes after Kaspersky just ended a feud with Microsoft. The antivirus maker had filed suit against Microsoft in Russia and Europe, claiming the Redmond tech giant disabled and removed its antivirus software during a Windows 10 upgrade. Kaspersky dropped the suit last month as Microsoft announced a series of changes to ensure third-party cybersecurity products will no longer face compatibility issues on Windows 10.