Beware of Superfish software on Lenovo computers

lenovo-superfish

According to an article on The Verge, Lenovo has been selling computers with questionable advertising software called Superfish. It can circumvent regular security certificates and spy on all your normally secured web traffic like online purchasing and bank transactions. Eek!

If you have a Lenovo computer and want to test to see if you are at risk, check out the website below.

https://filippo.io/Badfish/

Uninstalling the Superfish software will not completely fix the problem if you are already compromised. You will also need to remove the Superfish security certificate. Follow the instructions on the testing site above to remove this software.

Are any of you impacted by this issue? Let me know in the comments below respond on Facebook or Twitter.

4 tips to reduce debit card fraud

debitcards
Banks really seem to be cracking down on debit card fraud this year. In August I received an email from my bank saying my MasterCard debit card had been compromised and I would be getting a new one in the mail. Yesterday (September 5th), I was attempting to pay for some car repairs and my newly activated debit card was declined. I called the bank and they told me that the new card I’d had for a few weeks had already been compromised.

According to the bank, it was the Dairy Queen data breach that triggered the alert. (darn Blizzard addiction!) When this happened, my bank lowered the daily limit to $300. Luckily they were able to temporarily boost my limit so I could pay the fine folks at the repair shop.

Changing debit cards is a bigger pain because you have to remember all the places online that you use it. When I got my replacement card in August, I forgot to update my account info with Netflix and was shut off. (give me my Orange dang it!) 🙂 I pay most of my bills online via the debit card and having to frequently change the info is making the convenience of a debit card not so convenient anymore.

What should you as the consumer do to reduce your chance of getting your card compromised?

Pay with cash
This is a good strategy especially if you’re budgeting with the envelope system, but doesn’t help for online purchases. However, I don’t like carrying wads of cash in my wallet for safety reasons.

Pay online through your bank
I already have several bills like power and water setup to go through my bank instead of my debit card to avoid processing fees. It takes a few days for them to process, but it might be worth it to ensure they get paid.

Use a separate debit card/bank account for online bills
While this won’t completely eliminate your card getting compromised, it might reduce the threat. It might also help you manage your money better from a budgeting perspective. Of course if the online company gets breached, then you’re still vulnerable.

Check your bank account on a daily basis
This may sound like overkill for some folks, but you should check your bank account at least once a day. Some people check their Facebook or email when they first get up but I check my bank account. That way you’ll know instantly if there is a weird charge and you can take action to reduce your money from being taken.

Note: Neither time that my card was compromised did I see any invalid transactions. The bank is just being proactive by issuing new cards to reduce risk to both their customers and the bank itself.

Have you had a debit card compromised by one of these recent retailer hacks? Which store was compromised for you? Do you have any other tips to reduce your risk of being compromised? Share your story in the comments below.

Heartbleed bug and solutions

Heartbleed
While the title sounds more like a metal band or a dangerous heart condition, this one has to do with a web vulnerability. This bug allows malicious users to see various information that is normally secured like usernames, passwords, credit card numbers, etc. In other words, it’s a very serious problem.

Most website providers should have patched their systems by the time you are reading this if they were impacted by this issue. However, here are a few resources you can check to make sure the sites you visit are patched.

Heartbleed Test (Filippo Valsorda)
Heartbleed Bug Websites Affected (Mashable)
Top 10,000 sites that were affected
Google Chrome Heartbleed plug-in

How can you protect yourself? Normally in these situations, changing your password is the first choice. While that is a good idea, make sure the site is patched or not affected before changing it. Use a long password with uppercase, lowercase, numbers and symbols if they allow. I recommend using a password manager like 1Password which can help you generate and remember strong passwords.

Websites are not the only things that are affected by this bug. Many internet modems and routers offer secure remote management which could be at risk. If you have this feature turned on (normally it’s disabled by default), you may want to disable it and check with the manufacturer to see if there is an update that fixes it.

Here are a few of the bulletins from these manufacturers regarding their equipment and the Heartbleed bug.

Note: I was not able to find any official information on Netgear routers regarding Heartbleed.

Cisco
D-Link
Juniper
Linksys

For the technical details of this bug, check out the Heartbleed website.

http://heartbleed.com/

Have you found sites that are still not patched? What about your online banking and shopping sites? Post your feedback in the comments section below.