There's a new, very serious,  and worrisome threat that can affect any Windows user. Even if you're a Mac or Linux user, keep reading because you inevitably know someone with a Windows PC. Even if you don't know any Windows users, it's only a matter of time before a special version of this threat is made just for you.

Before I describe the ransomware and its very serious threat, let me stress that prevention is the best defense. Do not assume that you are safe just because you have anti-virus or anti-malware software installed.

Follow these recommendations

1. Avoid being tricked by phishing email. 

Do NOT click links in email or open attached applications. If you get an email that looks reasonable and has a link, do not click it unless you are certain about where that link is going to take you. Typically you can mouse over a link (without clicking it) and you will be able to see where it's going to take you. Most browsers show this at the bottom left of the browser window.

2. Avoid the use of Internet Explorer. I have lost faith in Microsoft to adequately secure this browser. They have been endlessly trying and do not seem to be able to do it for any significant length of time. Exploits are frequent. For secure browsing I suggest any of the following browsers for Mac, Windows or Linux users

Firefox, Chrome, Safari (for Mac users) or Opera

3. Avoid web pages that you are unfamiliar with or that look official, but something is not quite right. If you are unsure, do a Google search and look for search results that show the name of the service or company in the first part of their web address. This is not always the case, but very often it is what the company or service will use.

Example:  Although Microsoft has many other websites, you are safest to navigate to a Microsoft satellite website by first starting from www.microsoft.com and searching for what you are looking for from there.

4. Look for secure sites where they should be secure. This is not to say that every site must be secure, but where appropriate, you want to verify that the site is using what is known as an SSL certificate (Secure Socket Layer) and that it is valid.  If your are navigating to your bank for example, it should always start with https:  when you are at the login page, not http:

Your browser should automatically notify you when an SSL certificate is not valid or has been revoked.

Note: Although ihelpinnovate.com does not use an SSL certificate, it is hosted by Google and you can check that it does not contain any threats by using Symantec's Norton Safe Web, where it is registered and has been verified.

View my Norton Safe Web report at https://safeweb.norton.com/

While we're on the topic of site security certificates, any site that asks for you to enter a username and password for an account you hold, should always start with https: when you are at the login stage. Some exceptions are certain sites that have a separate drop-down window for login. This annoying trend practiced by companies like Bell Canada is in-fact connecting you by a secure link. Unfortunately, non-technical users do not have the simple method of verification by looking at the browser address bar before entering confidential username and password information when logging on via their home page. If you're a Bell Canada user and you want to be sure you're logging onto your account via a verifiably secure webpage, use the link https://mybell.bell.ca/

OK, so now that we've reviewed basic prevention, let me tell you about the ransomware and its very serious and costly threat.

There's been a lot written about this and it's been in the mainstream media lately as well. This latest malware threat called CryptoLocker holds victims hostage to pay a $300 ransom within 72 hours. They do this by using a very strong, unbreakable encryption algorithm and systematically applying it to all files on your local disk and attached drives.

In order to decrypt the files, you must obtain what is known as a private key. This is required to "unlock" the encryption. Since this malware attacks "hot" volumes with mapped drive letters, like Drive C, D, E, etc., your files on services like DropBox are also at risk of being encrypted. Even if you've already encrypted your files before storing them, the encrypted files can still be encrypted by the malware, making access by your own decryption software impossible without the private key from the attackers.

If you don't have the files backed up via a "cold" backup solution that is either offline at the time of the infection or that is not backed up via a shared drive letter (i.e. Drive C, D, E, etc.) then you will not be able to regain access to your files unless you pay the ransom, get the decryption key and hopefully, it works. There have been reports of all types. Ranging from the ransom being paid without a decryption key being delivered or the ransom was paid and the key did not decrypt the files, to the ransom was paid and the files were successfully decrypted, making them once again accessible.

It's easy to recommend not paying the ransom because it encourages this kind of criminal activity in the future or you might not regain access to your files anyway. But if you don't have the files safely backed up and you really need them, then there is no other way to decrypt your files. It is not possible to break this encryption level.

Worse still, the ransomware is reported in recent incarnations, to also be deleting windows shadow copies. A shadow copy is the technical term for Microsoft's roll back technology that normally allows you to restore the system to an earlier state, before a problem existed.

In the latest security news covering this, there is apparently a service being offered by the offenders that will get your files back even after the 72 hour period has past, but it will cost you 10 Bitcoin, which is about $3200 at the moment.

One particularly bad result of this is, people who have not backed up might misunderstand the exact severity of this whole thing. Part of the reason I felt compelled to write about this in the first place. If you simply remove the malware, well that may not be what you wanted if you were willing to pay the ransom. It's not so easy to just say goodbye to data that is critically important, when you had no backup and there's a chance for recovery.

It's not all grim. There are some effective means of protection.

1. Use Sandboxie.

http://www.sandboxie.com/

By using this software to "Sandbox" (isolate) your web browser and email client, you are able to stop the malware from encrypting files on your local hard drive or shared drive.

2. Backup your files using products that run backup applications to backup to cloud backup, without mapping the drive. An example is a product like Cryptonite Cloud Backup.

3. If you're a slightly technical user, you can always run your web browser and email inside a virtual machine, like Virtualbox

https://www.virtualbox.org/

4. For now, users of the paid OpenDNS Umbrella service are reportedly safe, because the malware cannot reach the randomly generated domains it needs to, in order to begin encrypting the victims files. However, a solution like this may not last if the attackers modify the malware to generate an encryption key locally that could still be effective at ruining your day.

5. Lastly, there is CryptoPrevent, but this is one of the less favorable forms of protection and it can cause a lot of false positives.

I hope this information helps to prevent you from getting the malware. I'm following this in the security arenas and I'll update this blog if I find some good updates.

Please share this blog. I know it's long, but if not in its entirety, please at least share the information regarding best practices and prevention.

For more information about this, please visit the following safe links, leave me a comment or send me a tweet @dougkrug

http://www.us-cert.gov/ncas/alerts/TA13-309A

https://www.grc.com/sn/sn-427.txt

Whether traveling the world or just crossing town, Voice over Internet Protocol or VoIP for short, can dramatically reduce the cost of reaching out to anyone, anywhere in the world.

Find out more about the gift of freedom this Cloud-based technology can provide you, in my latest Travel Technology post on Solo Traveler Blog.

The Announcements

If you were hoping for revolutionary, and were disappointed by the evolutionary announcements from Apple on September 10, take a break from hype and the haters to see it for what it is. I'm not going to describe every feature and curve of the phone, Apple are masters of that, so start by having a look at their website if you missed what's new.

A7 64bit Processor

64bit processors matter where you're dealing with math that can't fit into 32bit. The obvious winner from this is the iPhone 5S and later owner. This would seem to indicate that Apple is serious about security since one of the key benefits is cryptography.

Another key benefactor of 64bit architecture is graphics. There will be a new iPad soon and having better gaming graphics was highlighted in the iPhone keynote. Harmonizing 64bit apps across the top sellers makes perfect sense.

Touch ID

Apple's mysterious new fingerprint scanner to unlock your phone and purchase items from the App Store, some have commented is one of few innovations in this latest generation of iPhone. On the surface, it definitely sounds as though Apple has taken the time to do this properly out of the gate.

Security-wise, it stores your impression as an encrypted hash. This is good, as it means that even if someone were to somehow gain access to the stored information representative of your fingerprint, it would be useless to them.

Although it's early to make a call, many who understand biometrics are claiming that simply analyzing a print without measuring temperature leaves the iPhone 5S open to spoofing by lifting prints and copying them on a 3D printer. Once the phone is in the hands of the public, we'll have the answer, because you just know there's a line up of hack attempts waiting for it.

Still, the fact that Apple is putting their money where their mouth is by allowing purchases from their store, says a lot about their confidence in this new feature.

The M7 coprocessor

This power saving addition has had very little mention versus the 64bit architecture, Touch ID and what the phone doesn't have. But even though Phil Schiller only mentioned fitness uses for the M7, this isn't to say that it won't have strong benefits to mapping and navigation. Trying to navigate in areas with spotty GPS coverage can be helped tremendously by a low powered coprocessor that can continue to report direction, movement and orientation even durning a loss of coverage.

What's most interesting about the M7 chip is not the stated use, but the potential uses from constantly tracking how an iPhone is oriented and what direction its facing. Is the phone moving and if so, how fast? This is significantly important realtime data.

True Tone Flash

I'm personally an iPhone user and strong admirer of the great innovations in Android and the phones that are challenging Apple to keep their composure. One thing that has kept me content with iPhone is the exceptionally good photos (for a phone anyway).

There's no question that Phil Schiller caused an outburst from many photographers by stating the iPhone 5S camera was in anyway DSLR level. Every iPhone is said to have a better camera than before, higher this and bigger that.

But what is exceptionally important is the idea that we can now have smartphone cameras that will balance flash photography before taking the picture. This is a big deal, since up to this point, smartphone flash photography has been a dismal effort.

iOS 7

Let face facts, the real changes are coming with iOS 7. Borrowing from Android, features like control center to put common settings in one panel will make the iPhone easier to use.

Another long awaited improvement is the ability to store passwords on the iPhone. Perhaps Apple just wasn't satisfied with their previous security capabilities, but it's been odd to have this feature only exist in MacOS until now. Regardless, you won't find me personally giving up the security and convenience of LastPass unless the NSA forces them to shut down.

AirDrop for iPhone makes perfect sense as a simple way to share photos between iPhones. This has been a wonderful feature to use since it was introduce to MacOS. Emailing or sharing via the cloud is not at all difficult, but AirDrop trumps it in terms of easy to use sharing with other iPhone users in close range. Unfortunately, you will need to have at least an iPhone 5, 4th gen iPad, iPad mini, 5th gen iPod Touch and iCloud to take advantage of AirDrop in iOS 7.

iTunes Radio, while seemingly a me too product to competing services like Pandora, Spotify, Rdio, etc., some have pointed out that they are only being served music related ads, which helps with discovery of even more music.

What's missing?

Let's face it, haters are going to hate, so let's put it all out on the table.

NFC

There's no NFC (Near Field Communication) for paying at designated stores and coffee shops. I really wanted this feature when it first stated to appear in the Google Nexus phones, but the adoption in North America has been so slow that technologies like Geo-fencing, used by Square and others have made it almost obsolete before it's really even taken root.

It's rumored that Apple is testing low energy Bluetooth radio as an alternate mobile payment system and will bypass NFC altogether.

5G WiFi

Apple skipped adding the new, faster WiFi known as 802.11ac or 5G. Possibly because of its effect on battery life. I tested a Samsung S4 for 802.11ac performance with the latest Archer C7 router from TP-Link. While the speed was nice, I didn't find that it was a significantly better experience than similar phones with only 802.11n. While my testing did not involve battery capacity, users of the first two phones with 802.11ac, the HTC One and Samsung S4, have complained that their phones need charging more frequently than the previous HTC One and Samsung S3.

Bigger Screen Size

Although many were still hoping to see screen sizes like the Android phones are getting, it was pretty obvious that if the leaked images were true, as they turned out to be, then the next iPhone screen would not grow in size, and that turned out to be accurate.

Apple has no need to follow the other phone manufactures in widening their screen size. While it seems an attractive feature, many don't want a phone that fills their pocket more or feels larger in their hand. I've heard as many complaints as praises for the size of these larger phones. Many think it's what they want until they start using the phone regularly and discover it's larger than what is comfortable for them.

While I'm not betting against Apple eventually increasing the iPhone screen size, I wouldn't be surprised to find that they resist increasing it longer than expected.

What are your thoughts about the iPhone 5S? Has Apple missed the mark or are you planning to purchase when they're available beginning September 20?

What features were you hoping for that you'll now have to wait and see if they appear in iPhone 6?

Please leave me your comments or send me a Tweet @dougkrug

Advances in solid state memory read/write speed and lower manufacturing costs are making Solid State Drives attractive options in new computers. Not to mention that your smartphone, tablet, and USB flash drives all use this technology.

One problem - 

Flash memory cannot actually be erased

A study by researchers at University of California San Diego revealed that between 4% to 75% of a files contents remain completely intact when an attempt is made to erase flash memory. USB flash drives fared worse, were researchers could recover between 0.57% to 84.9% percent of file contents remaining on a USB flash drive after an overwrite attempt was made.

Testing 12 Solid State Drives, UCSD researchers found that none of the available software techniques for erasing individual files proved effective. Erasing entire SSDs with native sanitize commands was most effective, but only when performed correctly. The software techniques were found to work most, but not all of the time. Of the twelve solid state drives they tested using the native "Erase Unit" command, only four were actually erased. One SSD had reported itself to be sanitized, yet the data was recoverable by the researchers.

Additionally, the methods used by the researchers to determine if the data has been truly wiped from flash memory is not available to the average consumer. Without a way for consumers to verify data has actually been completely removed from flash memory, there is no way to know if so called "data sanitation" is truly effective.

The key issues stem from the way that flash memory differs vs a conventional magnetic hard drive. Flash memory works by pushing electrons from one side to another of a barrier. This change of position is monitored and registered as either a 1 or 0, the binary code that is the basis of all modern computing.

Problem is, this pushing of electrons back and forth, causes the material to fatigue rapidly. To combat this, solid state memory manufactures use a method called "Wear Leveling". This moves data around so read/write is not constantly occurring in the same physical spot on the memory.

Wear Leveling creates a security issue

Flash memory doesn't actually erase data at the time new data is written, it just marks it for deletion. Then comes Wear Leveling, duplicating chunks of data and moving it around between the time it's first written and then overwritten. Data marked for deletion is duplicated and moved by wear leveling and the so called "garbage collection" algorithm that was supposed to go back later and erase data marked for deletion, knows nothing about the data that was duplicated by wear leveling.

Since mobile smartphones, tablets and computers with solid state memory are purchased, sold and discarded at an ever increasing rate, it's important going forward that you are aware that your personal information and data cannot simply be permanently "sanitized" from these devices and could be recovered at a later time by someone who should not have it.

One workaround that researchers suggest for manufacturers to employ is called "Crypto-Erasure". But this method requires that the data is encrypted at the time it's first written. The idea is to encrypt all data on the device, so even if it can be recovered later, it will be useless to anyone who does not have the encryption key to access it. For the majority of devices, this is not the case and unsecured data has already been written to flash memory. This means any data already written to the device cannot necessarily ever be made secure.

Why not just use degaussing to erase flash memory?

Degaussing is a method used to render conventional magnetic media unreadable by exposing it to a very powerful magnetic field. For magnetic media, it is very effective, but flash memory is not affected by magnetic fields. In their research document, the method was evaluated and found to be completely ineffective on flash memory.

So what's the answer? How do you protect yourself?

Anyone with a Windows desktop or laptop can use TruCrypt or PGPDisk to protect their data on an SSD or USB flash drive. Mac users can take advantage of the built in FileVault function found in the Security & Privacy settings. Using these methods, the data will be useless without the encryption key, leaving the device or storage media to be erased and securely re-written to again.

For smartphones and tablets, end user privacy and security is largely in the hands of the manufacturer. While some data could be encrypted before storing on the device, native applications on the phone like note pad, address book, etc would not necessarily encrypt the data and protect your privacy when the device is end of life, and no longer in your possession.

Thankfully there are highly affordable, secure solutions such as LastPass and 1Password that can store your passwords, notes, credit card and other personal information securely so they cannot be accessed without a secure master password.

Hopefully these issues will come to the forefront of mainstream media, forcing all manufactures to provide verifiable encryption on all devices that use flash memory, which for now will increasingly be the storage media of choice until the day when data storage using nanostructures, in so called "Superman Memory Crystals" makes the leap from laboratory to commercially viable and affordable.

With all the news over the NSA's intrusion into privacy, the latest poll shows that 50% of users don't care. Where do you stand on the subject?

Do you care if your personal data can be retrieved after you no longer own a device or storage disk?

Please leave me a comment or send me a Tweet @dougkrug

Image courtesy of thanunkorn/Freedigitalphotos.net

Curious about what this so called "Cloud" this is and what it means to you in the future?

Explore Cloud 101 - The ever changing cloud, your privacy and security on boomerbizbuilder.com in Trudy's latest news letter written by your's truly.

I don't typically write about products on launch day, but I'm very excited about Google's announcement today of Chromecast. Streaming from the cloud directly to any HDTV just got incredibly simple and inexpensive.

Not only is the tiny device, a bargain at only $35, but it's also incredibly flexible. No need to learn a new interface or change your behavior, with Chromecast you can send the content you want to your TV with the touch of a button. 

Since Chromecast streams content that is already in the cloud, it doesn't rely on the speed of your device or the speed of the WiFi network between your device and Chromecast, allowing for smooth streaming directly from content already on the internet.

Chromecast currently streams content from Google Play Movies & TV, Google Play Music, YouTube, Netflix, or it can mirror a tab in a Chrome browser on your smart phone, tablet or a computer you already have in your home, allowing you to show content on your TV from sites like Hulu, Amazon Instant Video, Clicker, etc. You can even multi-task on your device, without interrupting the video that's playing on your TV.

How it works:

Chromecast runs a slim version of the Google Chrome browser and communicates with your Andriod, iOS, MacOS or Windows device to discover the content you are watching. With the touch of a button, Chromecast taps into the same content you are streaming on your device and streams it from the exact same point on your HDTV.

No need to download a new application or learn a new interface, since Chromecast simply streams the exact same content you're already watching on your device by pulling it from the cloud at the same time.

Your device becomes the remote, allowing you to control playback and volume. Additionally, playback that started with one device, can be controlled seamlessly with another on the same WiFi network. For example, if someone in your home started streaming from their iPhone, you could easily take over later from your Android tablet.

Control from other apps like Pandora are coming and development is fully open without an approval requirement from Google. As if you weren't already sold on it, the product also comes with a complimentary three months of Netflix. There's little question that this pretty well replaces Google TV as a streaming device for most people, for roughly 1/6 of the price.

Making perfect sense for anyone without an large investment of purchased iTunes content, this is serious competition to the much loved Apple TV. For just over the price of one Apple TV, you can tuck away three of these tiny devices behind the HDTVs in your home, and since you can stream content from Chrome, combine this with a VPN service and you can potentially stream anything on the internet to your TV, except iTunes.

What do you think about this new way of streaming content to your HDTV? Please leave me your comments or send me a Tweet @dougkrug.

Image source - Google - CC

I have to thank Mashable for their well intentioned, but slightly flawed article on improving WiFi signals for inspiring this post.

This is the time of year when being outside is a real pleasure, but using your laptop, tablet, or smartphone while staying connected on your deck or front porch is a struggle for many.

You might think that you need a new WiFi router, and it's possible that you do, but try my tips before you spring for a shiny new box you may not need.

1. Get the WiFi off the floor!

I've seen many WiFi routers tucked underneath a desk and this is the worst place if you're trying to extend your signal range. Get it up high (minimum of 3 feet off the ground) and you'll see an instant improvement.

2. Don't block the signal path

The antennas of WiFi routers may send the signal in multiple directions, but the path to your WiFi enable laptop, tablet or smart phone is a straight line, not around a corner. Some signal bounce occurs, but mostly its just absorb or blocked by building materials and objects in your home. Avoid putting your WiFi router behind a monitor, as the metal shielding they contain works all too well at blocking signals.

3. Centralize the WiFi router in your home

If your goal is even coverage throughout your home, don't put the WiFi router in a corner of your basement and expect a strong signal (or any at all) on the second floor, at the opposite end of your home. Too often I've found WiFi routers tucked in a corner of the basement under a tiled kitchen floor above. When ceramic tile is laid on a flexible surface like the wood subfloor of a house, they use a heavy steel mesh to keep it from flexing at the grout lines. This mesh is a good signal blocker, and obviously not what you want.

4. Optimize the WiFi router settings

As explained in the Masable article, its a good idea to turn off features you don't need like 802.11b for older devices, but while these improve speed, they won't boost signal strength. What you need for distance is a lower frequency setting (2.4 GHz WiFi), but this comes at a price. If your WiFi router is operating at 2.4 GHz (Gigahertz signal frequency) you are more susceptible to interference from your neighbor's WiFi, Microwave ovens and some cordless phones that don't use the newer DECT 6.0 technology. To combat interference from neighboring WiFi, search for WiFi channels that are not in use near the location of your WiFi router. You can use free software like iStumbler for Mac or inSSIDer on a PC to discover what WiFi channels are in use around you and manually set your router to an unused channel or to one with a weak signal from your neighbors.

There's a common misconception that 5 GHz WiFi will solve all your problems and that is false. While you'll gain some independence from the common sources of interference, this higher frequency (shorter radio waves) cannot penetrate walls and objects in your home as effectively as the 2.4 GHz frequency range can. Also, don't be mislead into thinking that the new 802.11ac standard is going to boost signal, because it won't. The new 802.11ac gives you faster throughput, but operates in the 5GHz frequency range, so the same issues occur whether your router is using 802.11n @ 5 GHz or 802.11ac @ 5 GHz.

5. Spend money wisely

I've tried repeaters or range extenders with unimpressive results. Keep in mind that depending on the type and settings, these can actually slow down the entire WiFi network in your home. If positioning the Internet Service Provider's combination modem/WiFi router is limited by where the cable or phone line enters your home, consider running a physical ethernet cable from the ISP modem/router to your own WiFi router in a better location for signals. This will allow you to either have two separately located WiFi points of access in your home, or a single optimally located WiFi router for maximum coverage. If fishing an ethernet cable through your home is not your thing, consider using Home Plug to extend your wired network to a WiFi router placed in an optimal location for good signal reception.

Secure advice

The technician your Internet Service Provider sends out will not always have your personal security in mind. Take control and make sure no matter how you access WiFi that it is secured with WPA2 encryption. NEVER USE WEP encryption. WEP is old encryption that was permanently compromised not long after it became available. Anyone can download software that will quickly break into a wireless network encrypted with WEP. The WiFi Alliance and all responsible router manufacturers do not recommend it and new routers often default to WPA2 encryption out of the box, but if you have an older WiFi router or a 2WIRE modem/router, these may be set to WEP security by default. You can easily check this yourself. When you are connected to a WiFi network, it will often be shown in the WiFi connection settings. On a Macintosh, hold down the Option key and click on the WiFi signal icon to see what security type your connection is using.

Make sure you have the SPI Firewall of your WiFi router enabled and disable UPnP (Universal Plug and Play) if your router does not pass a stealth test, which you can find here at Steve Gibson's Sheilds UP!! You can also check the full security of your router using Steve's complete test by clicking "All Service Ports" on the Shields UP!! Home page. With these two tests, you can make sure your router is not inviting in the bad guys.

If you find you're not getting the signal strength you need from your WiFi or you discover your security is compromised, I'm here to help. Send me a tweet, drop me an email or give me a call and enjoy your tech on the deck this summer!

If you were to ask most people how much cash they're OK with losing, the answer would be zero, but if some pocket change goes missing they're not overly distraught by the event. What if your business is overspending on technology by $410 per month? A bit disconcerting isn't it?

You can protect yourself from much hardship in life and business with insurance. It's money well spent when something unavoidable happens. Similarly, every business owner will have technology expenses that are unavoidable, but by simply having help to make the right choices, you can dramatically cut losses.

The reality is, $410 per month is a low average. Most small business owners are needlessly overspending by much more than that amount every single month, because they have been misled into purchasing technology and services that never pay for themselves.

If you're a small business owner, here's a list of the average amounts after taxes and fees you are likely spending on your technology, just to "Keep the Lights On" as it's said:

Whether you're traveling to see the Terracotta Soldiers, or just to sit down with a Black Cat Espresso at Intelligentsia, having your files safe and secure online can keep you calm and in control when disaster strikes. Checkout my latest post on Solo Traveler for tips on storing your irreplaceable documents on a cloud storage server and seamlessly keeping them locked for your eyes only.

If you want to know more about how to keep important documents, files and photos safe and secure from fire, theft or other disaster, please leave me a comment or send me a tweet @dougkrug