Helpful Dave LLC

02/01/2022

Tech News Alert from Helpful Dave!

There is a new dangerous exploit that is in MILLIONS of routers!

Your router may be vulnerable but you can test it for free using the link I provided below!

Click here to test your router: https://www.grc.com/x/portprobe=20005

---What's the News?---

Lets break it down in a broad, very simple, and non-technical way. We’ll start with the famous quote “Why re-invent the wheel”. This is how a lot of internet appliances manufacturers operate. Manufacturers who make routers, wifi-outlets, wifi-switches, etc. don’t create everything about the product from scratch.

Try to think about it like a car. The engine, the wheels, and the brakes for example all have the same underlying technology as every other car on the road. These are all publicly available technologies that nobody really owns.

Manufacturers take and borrow from free code libraries that are kind of similar to parts on your car. In my opinion there is nothing wrong with this. The free code libraries are “Open Source” . This means they have multiple people reviewing them and since the code is public anyone can fix it if they find a problem.

Think about the people who review open source code libraries as mechanics!

The problem comes in when a vulnerability is found and your Manufacturer does NOT update they product you purchased from them! Then your Internet Appliance is vulnerable to the exploit and someone more nefarious can use it to harm you and anyone who shares your network!

This has become such a large problem that the FTC has even started warning companies that if they do NOT update products or at least inform consumers that their product will not receiving an update they may face fines.

That’s what is happening right now there is a big library (Kcode library specifically) that a lot of manufactures have been borrowing for years! So there’s a good enough chance that your router may be vulnerable.

So please go to this link and test yourself! https://www.grc.com/x/portprobe=20005

The best result is “Stealth” that means that your router isn’t replying to the request at all so you’re practically invisible to anyone looking to exploit this vulnerability.

If you are vulnerable you should try to update your router’s firmware or see if you can close port 20005 in your router’s configuration screen.

That’s all for now! Please feel free to let me know if you have any questions or comments or want more information.

---Links---

You can read more about this vulnerability here: https://nvd.nist.gov/vuln/detail/CVE-2021-45608

You can read more about the FTC potential fines here: https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability

---Working from Home? Learning from Home? We can help remotely as well!---

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Thanks and have a good week!

-Helpful Dave

Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services.

11/23/2021

NEWS ALERT:

GoDaddy has suffered a massive security breach. If you or anyone you know has an account please make sure to take all necessary steps to secure your site!

Out of an abundance of caution we recommend resetting your passwords to something new and completely unique.

GoDaddy

https://techcrunch.com/2021/11/22/godaddy-breach-million-accounts/

https://www.sec.gov/Archives/edgar/data/1609711/000160971121000122/gddyblogpostnov222021.htm

The web host said an unauthorized person used a compromised password to get access to GoDaddy's systems.

05/25/2021

Hello, once again it’s time for Tech News from your Local IT Business Helpful Dave! Where we try to simplify what’s going on in your tech world!

Do you own any Amazon Alexa or Ring devices? If so, you are automatically being opted in to Amazon’s new Network Sharing plan! That’s right, your home network and devices are going to be shared with neighbors and strangers alike. Is it safe and secure? Maybe. Can you opt out? Definitely! But should you? Let’s find out as we take a deeper dive!

Our Tech Terms for this week are:

Sidewalk – this is referring to Amazon's new data network

Tile – Not what you put on the floor in your Bathroom. It’s actually a small device people attach to items that helps find that item in case it is lost.

---Now onto the news---

Amazon’s Sidewalk program is a new network sharing service that users of Amazon Alexa and some Ring Devices are automatically being opted into. The goal of Sidewalk is to make sure all Amazon devices and Amazon Partner devices (Ring, Tile, etc.) always stay connected to the internet.

How it works is simple. First we have to assume that both you and your neighbor have an Amazon Alexa/Echo or Ring Device.

First the Scary Part:

Now let’s assume your neighbor’s internet goes out but someone is ringing his Ring Video Doorbell.

This is where Amazon Sidewalk will come in.

Your neighbors Device whether it be a light, doorbell, or garage door opener, will connect to your home's internet and transmit data back and forth to your neighbor’s house. It's possible that these devices can eventually transmit audio and even possibly video. We know it's possible because one of the frequencies (900Mhz) is currently being used for radios (walkie talkies) for emergency service (police, fire, etc.).

So, here’s the question. How can anyone be sure that your devices aren’t being snooped on when they connect to someone else's network? Well Amazon stated they are taking measures to secure the data including multiple layers of encryption. As a matter of fact the way the encryption is setup, according to Amazon, is even Amazon won’t be able to see what you are transmitting back and forth.

However, we have all seen large companies get hacked and have data breaches before.

Now the Benefits:

You may be asking, why would anyone WANT to leave Amazon Sidewalk enabled?

That’s because Sidewalk does have some benefits that Amazon is touting.

Remember Tile that we mentioned earlier? If you haven’t heard of it, Tile has been making tags for a long time that help you find things you have lost. You attach the tag to a device and if you ever lose it you can use your smartphone to help you find it again.

The problem is devices like Tile are all very limited by range. With Amazon’s Sidewalk, Tile can now use all of the existing connections in the Sidewalk network so whoever loses and item can find it.

But Dave, you’ll say, I don’t care about helping some guy find his sunglasses! Sure, that’s fine. But according to Amazon they are expanding a lot of their services. They will also be including products that you’ll be able to attach to your dog’s collar, or maybe to an elderly relative’s watch or Life Alert device. So that way if they are lost, they can be located as well through the sidewalk network.

This is why Amazon is opting everyone in automatically without their consent. Amazon’s argument is that in the future it will do more good than harm. Amazon also states that the impact on your home network will be minimal (less than 500MB/half a gigabyte a month).

How do I Opt Out?:

If you own an Alexa Device:

1. Open the Alexa app
2. Open More and select Settings.
3. Select Account Settings.
4. Select Amazon Sidewalk.
5. Turn Amazon Sidewalk On or Off for your account.

Amazon Official Instructions: https://www.amazon.com/gp/help/customer/display.html?nodeId=GZ4VSNFMBDHLRJUK

If you own a Ring Device:

1. Open your Ring App
2. Tap the three-lined icon in the upper left-hand corner of the screen.
3. Tap Control Center.
4. Tap Sidewalk.
5. Tap the Sidewalk slider button.
6. You will see a screen asking you to confirm that you want to disable Sidewalk.
7. Confirm that you wish to disable Sidewalk.

Ring Official Instructions Below:
https://support.ring.com/hc/en-us/articles/360032524592-Opting-In-and-Out-of-Sidewalk

I hope this information proves helpful to everyone! If you have any questions feel free to contact us!

---Working from Home? Learning from Home? We can help remotely as well!---

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

05/18/2021

Tech News from Helpful Dave!

Hello, once again it’s time for Tech News from Helpful Dave!

Do you use an ParkMobile to pay your parking meter in Bloomfield? They were recently the victim of a breach and your data was possibly leaked. Are your passwords safe? We’ll talk about that in this update!

Our Tech Terms for this week are:

Hash and Salt: Sound delicious, but they are actually about passwords! Just like any good dish you cook up make sure companies are adding salt to your passwords!

RAINBOW Table: Not just for show, it’s used to steal your password!

---Now onto the news---

ParkMobile data was breached last month and they released a statement that reads:

“Our investigation concluded that encrypted passwords, but not the encryption keys needed to read them, were accessed. While we protect user passwords by encrypting them with advanced hashing and salting technologies, as an added precaution, users may consider changing their passwords in the “Settings” section of [your account].”

So why, if your password was protected against with hashing and salting, do they still recommend you change your password? That’s because these techniques, just like any sort of protection, are not completely foolproof.

Originally a lot of companies stored passwords in plain text format. This means that if your password was “ilovebloomfield” it was stored just like that in the database. So, if someone managed to hack into a company that you had a username and password with, and get that database, they’ve got your password.

So, companies started to modify your password by hashing it. To explain it easily, it’s like taking your password and applying some math to it to change it.

For example: if your password was ilovebloomfield, after we apply hashing your password becomes d53154d85e1907918d923642d039015a.

Companies store the hash instead of your password. That way if the company every gets hacked and the password database stolen, they don’t have your password.

However, as some of you may have figured out, if I know what ilovebloomfield looks like after its hashed, can’t I just figure out what everything else is as well? The answer is yes! Hackers eventually came up with that idea and its commonly referred to as a Rainbow Table (sounds fun but it’s not). The idea is to make a huge table consisting common hashing techniques and common passwords like password1234, letmein, and ilovebloomfield (of course). Then they could just compare the database they stole to their table and figure out everyone's password.

Now to a lot of people’s favorite parts, favored by chefs, people who love pretzels, and sophisticated cybersecurity experts, SALT.

Adding a Salt to your password is just another extra flavor that helps keep your password safe. It adds a bit more randomness by adding some extra characters to your password. This thwarts many of the common and faster attack techniques. However just like any good cook you have to keep your salt somewhere close by.

The Salt here is created by the company so they need to keep the formula for it somewhere close by so when you try to login the company can look at the Salt as well to make sure your password matches.

Realistically, Hashing and Salting your passwords, just like any form of security, is only as good as the company doing it. These techniques are really to buy time for you to change your password while the hackers are decrypting that stolen database.

Our Recommendation:

We strongly recommend you use a different password for every website and app based two factor authentication.

Managing a lot of different passwords can be a hassle so we recommend our clients use LastPass to help them manage all of their passwords in one place.

Check out LastPass here:

https://lastpass.wo8g.net/mmnzX – This is an affiliate link, if you sign up using this link we receive a commission.

---Working from Home? Learning from Home? We can help remotely as well!---

Check out our website at the link below:
https://bit.ly/3bAZMLi

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

03/16/2021

Hello, once again it’s time for some Tech News from Helpful Dave!

In this update we are focusing on:

Chrome Browser: There is a new exploit for this browser. Are you running the latest version?

T-Mobile: Did you know T-Mobile will begin a new policy of selling your browsing data to third party advertisers? You can opt-out if you don’t want this to happen to you!

Before we begin a small update from us:

It’s been a while since we have put these posts out. We hope everyone has been doing well during these trying times. As the restrictions over what we can and cannot do begin to ease we are now opening back up for business.

In person appointments will resume after we are able to get our vaccines. We are currently assisting with phone support and pickups.

Our Tech Terms for this post are:

Zero-Day: A Zero-Day vulnerability or exploit is something that already exists in the wild before developers can fix it.

Third Party Data: Generally, this is data that contains very little personal information. However it can be handled in such a way to be able to identify you.

Machine Learning: A way to teach a computer to be able to find or solve something using data so you don’t have to perform the task manually.

---Now onto the news---

Chrome has been under fire lately as they have had a couple of Zero Day exploits. The latest exploit is a particularity nasty one. The National Vulnerability Database (NVD) has rated it an 8.8 out of 10. Further information will not be released about the bug for some time as Google wants to allow people to update their browsers before more bad actors can take advantage of this exploit.

However, with a rating of 8.8/10 it can be safely assumed that this exploit will allow a bad actor to take control of your device remotely and install any malware they choose.

Please make sure to update Chrome to the latest version by following the steps listed here: https://www.google.com/chrome/update/

Your Chrome Version should say: 89.0.4389.90 or higher.

T-Mobile is opting all of their customers in automatically to new data collection and selling. T-Mobile will begin selling information about your browsing history and the apps you have installed on your phone. How much of this data will be sold is not completely clear however T-Mobile has stated that they won’t include personal information that could be used to directly identify you.

Why is this still a problem then? Different Third-Party data can be combined by using certain techniques with other data to actually identify you!

Researchers back in 2013 showed that by just having access to your “Anonymous Mobile Phone Location Data” (not exact GPS coordinates) they were able to identify specific “anonymous” users.

Researchers in 2019 showed that they can actually identify specific individuals with anonymous data by using Machine Learning. Meaning that with enough data they can actually figure out who you are from all this anonymous data!

I’ll include some links below if you want to read the studies yourself as well as some articles that give a more detailed breakdown.

What can you do to Opt Out of T-Mobile’s new Data Collection?

You can Visit T-Mobile’s privacy center and Opt-Out:
https://www.t-mobile.com/privacy-center/take-control-of-your-data

------Extra Links------
Finding People using Anonymous Phone Location Data
Wired has a more detailed breakdown:
https://www.wired.com/2013/03/anonymous-phone-location-data/

You can read the study here:
https://www.nature.com/articles/srep01376

Identifying people using Anonymous Data:
CNBC Article has a more detailed breakdown: https://www.cnbc.com/2019/07/23/anonymous-data-might-not-be-so-anonymous-study-shows.html
You can read the study here: https://www.nature.com/articles/s41467-019-10933-3%22

---Working from Home? Learning from Home? We can help remotely as well!---

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone number and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave

Chrome updates happen automatically when you close and reopen Chrome. Discover how to check your version and apply a pending update.

01/25/2021

Thanks to everyone who linked and boosted awareness of our business this weekend!

04/01/2020

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week I thought it would be nice to focus on FUN!

Everyone is stuck at home and that’s going to make people a bit stir crazy so I thought I would post on some ways to keep entertained.

---Great PC Games and some Books as well---

Firstly if you are trying to stay entertained on a budget the latest Humble Bundle is a great way to get a some really cheap games and books, while also supporting Covid-19 relief!

This charity bundle supports, Doctors Without Borders, Partners in Health, International Rescue Committee, and Direct Relief. You can support all of the charities, or choose a specific one before you make your puchase.

Check it out at the link below:

https://www.humblebundle.com/conquer-covid19-bundle

---Digital Streaming---

Since a lot of people have Cut the Cord are now facing a life where they spend a lot more time at home I wanted to go over one of the lesser popular streaming services called Sling.

Sling is a good way for you to be able to get access to a bunch of the channels you used to watch when you had regular cable but for a much cheaper price.

The reason its cheaper is they break out different channels into smaller packages. While you can’t pick individual channels it does save you some cost. Right now they are offering a 14 day free trial.

Instead of just linking you to the main site check out this link below which shows you the actual pricing breakdown before you consider subscribing.

https://www.sling.com/service

---HD TV For Free? Antennas Still Work!---

Many don’t realize but a lot of channels are still broadcast over the air and can be had for free if you buy an antenna. These aren’t the rabbit ears you might remember from yesteryear. You can get sleek antennas that stick to the outside of your window and are almost as flat as a piece of paper.

For information on what channels are available in your area check this below

https://www.fcc.gov/media/engineering/dtvmaps

Here is an example of an Antenna you can purchase:

https://amzn.to/3aufnK6 – Please note, this is an affiliate link, we will get a portion of revenue if you buy through this link.

---Working from Home? Learning from Home? We can help remotely as well!---

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave
973-687-8299

100% of this bundle’s proceeds go to support organizations responding to COVID-19. Learn more on the Humble Bundle website!

03/26/2020

Weekly Tech News from Helpful Dave!

Hello, once again its time for Weekly Tech News from Helpful Dave!

This week is going to be brief. I know this is impacting our local community as much as myself so I still wanted to get an update out there! If you’re working from home I have tips in here for you as well so read on!

Our Tech Terms for this week are:

Trojan: This is a piece of software/app that is disguised as something useful but is actually Malware that will either damage your electronics or steal your information!

---Now onto the news---

The Trojans are coming!

Firstly a warning about Corona virus app based scams. I know many of us are scared and want to have more access to information and the bad guys know that as well! I’ve seen reports of apps that disguise themselves as Corona virus trackers. These apps will tell you that they provide real time GPS updates as people in your area become infected so you know what areas of your local neighborhoods to avoid.

Please remember that local officials normally do not release names or locations of people who become infected for everyone's safety. So if an app is promising you information that nobody else seems to have, its probably a Trojan!

---Private Messages are not always private!---

It's only natural for water cooler talk and general socializing to continue as people shift to work from home. If your company or school set you up with software so you can communicate directly with your co-workers please remember that those conversations do not come with any promise of privacy!

In general unless you are texting someone directly over the phone you should always assume someone can read what you are saying. Especially if someone else is providing the software you communicate on since you are there employee!

---Working from Home? Learning from Home? We can help remotely as well!---

We have the capability to connect into your PC remotely as long as you can still get on the internet. Feel free to shoot us a message or provide a phone call and we will do our best to assist you!

Please feel free to let me know if you have any questions or comments or want more information.

Thanks and have a good week!

-Helpful Dave