These are actual security tips posted to these WhatsApp groups TechHelp-Basic and TechHelp-Advanced by me and are captured here in a single place to refer to later if anyone interested to read. I have chosen only the ones that are general that is applicable to most users.
-----------------------
Date: Mar 9, 2023
Group: TechHelp-Advanced
Bloatware in android phone:
I buy only Google Pixel to avoid carrier & phone manufacturer installed, un-removable bloatware but little that I know these fuckers like Verizon, AT&T, Samsung etc. managed to shove their crap on my Pixel phone and I have no clue how they managed to do that. I accidentally discovered some and believe it or not, you can't remove it. Long story short, I wrote a script to disable them from running. Feel free to use this script but you need to have android adb installed on your computer and connect your phone to it w/ USB cable in order for this script to work.
Here is a quiz to see if anyone can answer this question. So you found a strange package called ‘org.thoughtcrime.securesms’ installed in your phone (run my script with ‘-a’ option to list all apps in your phone to see if you have it) do you think it is a malware? 😜
PS: If your phone is not pixel, you may find crap ton of bloatware. If you give me the full list (i.e. run my script '-a' option), I can update the bloatware list in the script so you can remove them. Right now the list I have hardcoded in this script only includes what I found on my pixel.
-----------------------
Date: Feb 23, 2023
Group: TechHelp-Advanced
Incredibly fast (practically no bandwidth loss) VPN from Proton:
Not sure any of you are aware of Proton Mail which is a fully secure email service and has been around for a while. I signed up for their free tier email service w/ 500Mb storage few years ago but never used it since I don’t want to pay for more space because 500Mb not much. Anyways, I know they had VPN for free as well but never tried it until today and blown away from the speed. Granted it is wireguard, a modern successor of VPN but still, literally I get same speed as my service. First, I could not believe and started measuring speed with every speedtest tool that is out there and they all came back more or less same which is same as what I pay for (see screenshot). At this point, there is absolutely no reason to not use them permanently… and its Free!
Head out to https://proton.me and sign-up for free account and you get encrypted mail service and 1 VPN connection free.Wiregaurd is pretty simple to use, all you have to do is install wireguard (https://www.wireguard.com/install/) and get the credentials/keys from ProtonVPN and off you go. The following shows how simple it is to start/stop wireguard on mac; should be similar on winblows.
-----------------------
Date: Feb 20, 2023
Group: TechHelp-Basic
How to protect yourself from card skimmers:
Before I go into explaining how to protect yourself, it is important to understand the various protocols used in POS devices to read your credit/debit cards. There are 4 types --- swipe (magnetic strip), chip (chip in card), tap (RFID) and smartphone (NFC). I won’t go into the details on each of these, but it is sufficient for you to be aware that there are multiple technologies involved in POS transactions. Now, here are different ways to prevent or lower your chances of becoming a victim of card skimming listed in the order of most effective to least effective.
- Use your smartphone to pay (Google Pay, Apple Pay) wherever you can. How to get this setup is outside of the scope but it is very easy. This is the strongest protection you get today, and it is literally impossible for criminals to scam you. Most POS devices accept these today although if you live in US (lagging behind the world) it is not uncommon to see vendors using ancient devices that does not support smartphone pay.
- Use chip+pin if your card and the POS device supports, it is the second-best way. If you live outside of US like Europe, even in India, you are golden because it is the standard for POS devices for many years. Every time I visit my team in Hyderabad, India, I always find myself arguing with waiter at restaurants “hey, I don’t have a pin”. If you live in US, it sucks since chip+pin is not mandated because of corrupt, greedy politicians and lobbyists who are roadblocks for progress.
- Use chip if your card and the POS device supports. Most credit card/banks these days issue cards with chip but unfortunately in the US, they also include the magnetic strip to cover the lazy ass vendors who still use archaic magnetic swipe. This pretty much negates the benefit of chip as scamming devices can still read your magnetic strip. So, if you live in US, what I’d recommend is to damage the magstripe on purpose. Use a sharp knife or steel wool to scratch the magstripe to a point it can’t work. Keep one card with magstripe in case the vendor says, “we don’t have chip reader you have to swipe”. Trust me these guys won’t change unless they are mandated by law to switch to modern POS at state/federal level.
- Use ‘tap’ if the POS device and your card supports it. If you see this symbol ))) on the back of your card, then it is enabled for RFID. Again, US lags on this protocol as well. While this is the most convenient way to make purchase, there is a huge security hole in this method which enables most sophisticated skimming attacks which I won’t go into detail but there are things you can do to avoid them i.e., use an RFID blocker (you can buy them at amazon for $2 a piece) and place it in your wallet/purse along with your credit/debit card equipped with this technology. I use these if you need a recommendation https://link.selvansoft.com/1307688f
- Use check which of course has other problems of its own which is a topic for some other day, but it is definitely better than the last one below.
- Lastly, if none of the above works, you have no choice but to use magstripe/swipe unfortunately. As pointed out earlier by @Sajini on this chat, spend few seconds (you won’t have lot of time and you may annoy other customers in line if you are spending too much time poking around the device) to look for signs of tampering.
Finally, you can and should setup text alerts when your card is charged even $1. Almost all bank/credit card institutions provide the feature to TXT. The only annoying thing is getting TXT for everything you do on your card, but it is better than being a victim.
-----------------------
Date: Feb 18, 2023
Group: TechHelp-Basic
Tip: I want to try something different this week… just for a change, instead of you guys asking me tech-help questions, I want to turn the table around and ask you guys a question.
Context: You may be aware that credit card skimming is on the rise (check this link https://link.selvansoft.com/27e64a46 ). It is no longer the case where crooks install credit card skimmers only on gas station pumps, but this year it is on the raise at grocery stores, Walmart, and many other POS (point of sale) devices.
Question: How do I protect my credit/debit cards from being skimmed?
Note: I will answer once I hear back from you (assuming some of you might have some idea) as we all use credit/debit cards all over the place these days.
-----------------------
Date: Feb 11, 2023
Group: TechHelp-Basic
Tip: You may have heard about TikTok phone app on the news that it is 'phoning' home which of course is entirely possible. Have you ever wondered if your smartphone apps are ‘phoning’ home? If you are curious to know, view this presentation at link below ---it is a bit outdated but still very relevant for today’s smartphones. Note: This is one of the many presentations that I did during my tenure at various companies like CapitalOne, RealPage and AMN Healthcare etc., targeted exclusively for my software engineering team, so obviously it is highly technical in nature. Though it is technical, I think it would be educational (and interesting) even for non-technical people if you just skip real technical stuff (especially min 4 to min 7) that goes above your head and focus on the content presented. I started formatting/shrinking the content of this presentation for non-technical people, but then I got tired and posted it ‘as is’ :)
I’d be interested to hear feedback or comments. Here is the presentation link...
------------------------
Date: Jan 29 2023
Group: TechHelp-Basic
Tip: If your android phone runs out of battery sooner than you expected, you are not alone. The culprits are the power hungry, and poorly designed smartphone apps you may have installed. Following is a list of top 10 apps that drain battery a lot. In my opinion, any phone can and should last a full day with heavy usage and two days on normal usage without having charge but if you have one or more of these installed the odds are much less for your battery to run all day long.
- Fitbit
- Uber
- Skype
- Airbnb
- Tinder
- Bumble
- Snapchat
The good news is that there is a way to limit their use of battery and extend your phones ability to last a whole day or two. Follow the video to make change the settings if you happened to run one of these or others that aren’t in this list. For example, mine can last 2 full days or more. Just follow the video and adjust the settings and enjoy longer battery charge!
Follow this video: https://selvans.net/public/videos/battery_optimize.mp4
Note: Some apps may not function properly while running in the background with this setting change, but most should work just fine. If you have any of them installed, just open each of them once so they will be listed on the recent list so you can easily find them, otherwise you have to search all the installed apps to find them
------------------------
Date: Jan 26, 2023
Group: TechHelp-Basic
Tip/Advice: DocuSign sends sensitive information in plain form. Read about it here https://blog.selvansoft.com/
------------------------
Date: Jan 21, 2023
Group: TechHelp-Basic
Tip/Advice: Here are some basic steps you can take while doing online banking to protect yourself. These are simple and easy things you can follow protect you from being a victim of online fraud.
- Before login to your banking website for financial transactions or to even review your bank statement etc, close all tabs in your browser. If you are paranoid, disable browser plugins temporarily.
- When you are logged into your banking website, do not do anything else like google search, Facebook, Instagram, or any other browsing specifically read emails or worse, click on any link your buddy sent you to "check it out". You can do all that after step#3 below.
- Once you are done w/ your banking stuff, make sure you log off. Many secure banking sites these days protect you by logging you off automatically. However, don’t rely on that because there are stupid sites either don't log you off properly or worse don't do anything…even Banks and I know of some 😁
------------------------
Date: Jan 19, 2023
Group: TechHelp-Advanced
Tip: I looked into this about a year ago and didn't pursue as my router is powerful enough but lately because of damn neighbors and their 100's of routers/repeaters/IoT and other crap the airway is so congested. I constantly keep changing channels to get full bandwidth speed that I am paying for. It’s about time to do this ... $150 is not bad
------------------------
Date: Jan 17, 2023
Group: TechHelp-Basic
Tip: This applies only to people who live in US or Canada. Generally, credit bureaus suck at keeping your data safe. This is not something new; remember Equifax 2017 breach? Experian is terrible at keeping your data secure from the scammers/cyber criminals; it has more security holes than Swiss cheese 😄. Recently discovered Experian security hole is incredibly bad. You can read more details if interested at link below.
So, what can you do to protect yourself from becoming a victim of identity theft, fraud and scam that could potentially wipe your hard-earned money and ruin your financial reputation? My advice is freeze your credit report until you need it, you just don't need to have them open at all. I documented everything you need to place a freeze on your credit at the link below.
If you want to know details on what this specific vulnerability means as the article is pretty technical or what a "freeze" really means etc., feel free to post a question.
Date: Jan 15, 2023
Group: TechHelp-Basic
Tip/Advice: I wanted to share a piece of advice to all of you on cyber hygiene. You don't need to take extreme steps to bulletproof your online accounts because if a determined badguy targeted you (i.e., spear phishing), there is very little you can do to stop them if you are a high value target but luckily most of us don't fall into that category unless you are dumb enough to divulge your info by posting stuff on social media that makes you a target. However, with a bit of effort on your part, you can make it slightly harder for cybercriminals who will move on to easy targets. Trust me, there are suckers out there who use "123456" as password (BTW: "123456" is one of the top 10 passwords in 2022 including "password") feeding this fast growing $8 trillion cybercrime business. The funny quote below says it all.
"You don’t have to run faster than the bear to get away. You just have to run faster than the guy next to you."
Now, how do you make it "slightly harder"? The answer is, don't just rely on user/password alone even if you have a strong password like "~ti0ah5%#W". I will explain in a later post on why strong passwords don't protect you in all cases so add 2F authentication wherever it is offered. If multiple methods are provided for 2F like SMS & authenticator, choose the latter; I will explain in a later post why SMS based 2F is a false sense of security though it is better than just user/password. More on this later ... be safe online.
-----------------------
Date: Jan 12, 2023
Group: TechHelp-Basic
Tip: note: this applies only if you still use Windows 7/8/8.1. You may have seen misleading blogs and articles (like the ones below) stating that Chrome browser will stop working on your PC in Feb 2023 and that you need to immediately upgrade or buy a new PC etc. Don't panic, what that means is that Chrome browser will not provide security update (not good so you really should upgrade) however, it will not stop and will continue to work if you want to take a chance on running a browser (and OS) with security risks.
You'd be thinking, who the heck is running winblows7 in the year 2023 but you'd be surprised to know there are still 100 million or more PCs still on windows7. If you are one of those unlucky ones, my advice is to buy a new PC or if you don’t want to spend money and are brave, wipe windows and install a secure OS called Linux which will resurrect your old clunky PC and make it run in many cases faster than a brand new PC
------------------------
Date: Jan 13, 2023
Group: TechHelp-Basic
Tip: Some of you may know or heard about how easy it is for cyber crooks to circumvent the SMS based 2F authentication. Ideally, you want to use the authenticator app for OTP codes but if the website only offers SMS based code you are stuck and have no choice but to use SMS based 2F. If you are a T-Mobile customer, you can secure your SMS based 2F slightly better and you should turn on immediately. Log into your account and go Account/Profile/Privacy & Notification/SIM protection to toggle it on as shown below. The direct link will take you there once you login
------------------------
Date: Jan 7, 2023
Group: TechHelp-Basic
Tip: If you use your phone often to read news articles and such that are filled with pesky ads. There is an app/setting called "read mode" that both Android and iPhone (kinda) support. See the "before" and "after" screenshot below of reading news article to see the big difference ... Note: these screenshots are from Android since I don't own an iPhone, never had, never will :)
Interested? Head out to google play store (for android phones) at link below and install the reader mode app. Once installed it attaches to your Android System Setting/Accessibility section and can be invoked in a number of ways. I set it up with a "gesture" so I can turn it on/off easily. I can help if you get stuck on how to use it.
For iPhone users read the link below that explains how to set up and how it works.
------------------------
Date: Dec 25, 2022
Group: TechHelp-Advanced
Tip: LoRa: Here is a link for step-by-step instruction to build a cool project with LoRa I mentioned. It is bit outdated since its from 2019 but you can use Pi4.
https://circuitdigest.com/microcontroller-projects/raspberry-pi-with-lora-peer-to-peer-communication-with-arduino
------------------------
Date: Jan xx, 2023
Group: TechHelp-Basic
Tip: new tip
No comments:
Post a Comment