14 Simple Steps for Writing Rock-Solid Passwords

Because your privacy is only as safe as your weakest password.

Your online privacy depends on the strength of your passwords.

Your online privacy depends on the strength of your passwords.

Ok, so maybe that’s a bit of an exaggeration, but let’s face it. The strength of your passwords is important. If it wasn’t, why would so many people be interested in hacking them!

Passwords keep your private stuff private. They make sure that the emails sent from your account are actually written by you. They make sure that the Posts, Likes and Comments that appear on your Facebook page are authentic. They keep your Dropbox photos private. They make sure your coffee card is used exclusively to buy frothy sweet drinks for the people you want to treat.

Of course, passwords also prevent criminals from draining your bank account, running up charges on your credit cards, and causing all sorts of other mischief.

Clearly, having a strong password and keeping it secure is important. Which leads to the question – how can you create rock-solid passwords and keep them protected? Here are 14 simple steps to help you out.

Continue reading

What the Heck are Zero-Day Attacks? (And 3 Ways to Avoid Them)

If you look for the term zero-day attack in your home dictionary, you probably won’t find it.

Go ahead and check…I’ll wait.

You might not even find the term in some online dictionaries (though to be fair, it does appear in others.).

Nevertheless, if you google the term, you’ll find thousands of references to it, many of them from mainstream sources including Forbes, Time, and USA Today. So what’s the deal? If the term is so important, why isn’t in the dictionary yet?

As with so many computer-related terms, the phrase zero-day attack has recently crept into the lexicon of the common person, after being used by technical types for more than a decade. Also known as 0day attacks, zero-hour attacks and 0hour attacks, these are attacks that exploit a vulnerability in a computer application or program.

A vulnerability, by the way, is simply an error in a software that could be exploited. It isn’t a problem in itself, and it isn’t something that stops an application or program from working properly. However, if a vulnerability is discovered by a hacker, and if the hacker uses the vulnerability to conduct nefarious activities, then the moment these nefarious activities are discovered, it is known as a zero-day attack.

Hackers look for vulnerabilities that they can exploit.

Hackers look for vulnerabilities that they can exploit.

The term zero-day stems from the fact that developers have had zero time to defend their software against the attack. From the moment it is revealed, developers must work quickly to fix the vulnerability and stop the damage from spreading.

There are several related terms, by the way, including zero-day vulnerability (a vulnerability that has been revealed to the public at large – including both hackers and developers – and could lead to a zero-day attack unless fixed) and a zero-day exploit (an effort by a hacker to exploit a vulnerability on the same day that it is revealed to the public). Prior to these zero-day events, developers have had zero time to do anything. Once the vulnerability is revealed, developers are pressed to find fixes (known as patches) before exploitation can occur.

A Short History of Zero-Day Attacks

There have been scores of reports about zero-day vulnerabilities, exploits, and out-and-out attacks in the news recently. After all, that’s why you’re reading this blog right? Some major zero-day events include the following.

If that looks like a worrisome shopping list of trouble – it is. And experts warn that things are getting worse. From 2006 to 2012, the number of zero-day attacks varied between 8 and 14 each year. By 2014, the number had increased to 25.

Things aren’t getting better because the business of hacking people’s computers is becoming increasingly lucrative. Indeed, there is a serious underground market for buying and selling knowledge about vulnerabilities. This knowledge, when purchased by software developers, can enable vulnerabilities to be repaired without any damage to the software, its users, or a company’s reputation. However, if this knowledge is sold to bad guys, the vulnerability can be used to cause extensive and wide-ranging damage.

3 Ways to Avoid Zero-Day Attacks

You don’t need to be an IT expert to protect yourself against zero-day attacks. Just by reading this blog, in fact, you’re one step closer to protecting yourself. Because the more you know about dangers on the internet, the better you’ll be able to protect yourself.

Update your Antivirus

Choose a top-notch antivirus that protects against both known and unknown threats.

1. Use a top-notch antivirus.
The first thing you can do is get yourself an excellent antivirus. Make sure the antivirus you choose doesn’t just protect against known threats, since zero-day attacks are, by definitions, attacks that were not known just one day earlier. So when you choose your antivirus software, make sure it protects you from both known and unknown attacks. At ZoneAlarm, we call this process Threat Emulation, and it means email attachments and downloads are tested for threats in a safe, cloud-based environment before being allowed to enter your computer.


2. Update your software.
Another important way of protecting yourself against zero-day attacks is to make sure that you use the most updated version of your software. If software you trust sends you a notice to update your version, do it. If the software update explains that this a critical update (it may be referred to as a “critical security release” or similar), believe them. The update may include a patch to a recently discovered vulnerability. By updating your software, you immunize yourself against possible future infections through that vulnerability.

Many software vendors automatically update your software for you. Windows, for example, automatically installs important and recommended updates to your Windows software. While it is possible to turn off these automatic updates, it is highly recommended that you don’t, as they protect you from potentially dangerous security and reliability issues.

3. Use only updated browsers.
Firefox, Chrome and Internet Explorer all push out automatic updates of their browsers on a regular basis. These updates, which often include patches to newly discovered vulnerabilities, generally take place in the background. The updates are installed when you close and reopen your browser, and won’t disturb your use of the browser at all.

If you’ve left your browser open for several days, you might see your browser prompt you to update manually. For example, in Chrome, you’ll see the colors of the Chrome menu in the top right corner switch to green, orange or red. This is a subtle reminder to update your Chrome browser, and this can be done through the Chrome menu. Make sure you click Restart afterwards so the changes are applied.

An ounce of prevention…

Protecting yourself online isn’t much different from protecting yourself in other aspects of life.
You buckle up your safety belt BEFORE you start driving.
You buy travel insurance BEFORE you board the plane.
You set your alarm clock BEFORE your 9 a.m. job interview.

When it comes to the internet, protecting yourself from online threats also requires advance planning. Make sure your antivirus is powerful and up-to-date. Make sure your browsers and software are up-to-date.

What precautions do you take in your online life to prevent unseen hazards?


9 Ways to Avoid Online Shopping Traps (Just in Time for Mother’s Day)


So it’s a week or so before Mother’s Day and you’re thinking about what to get for your mom. Buy her a book on Amazon? Send her a bouquet of flowers via an online florist? Buy tickets online for an upcoming show?

If you’re like millions of sons and daughters, you’ll probably shop for your mother online this year. It’s a great convenience, that’s true, but it also poses hazards. After all, though online shopping is handy, it can lead to trouble.

The potential dangers of online shopping certainly don’t mean your mother should be deprived of a gift this year. Heaven forbid! And they also don’t mean you need to drive cross-country to drop off your gift in person (though she might appreciate that). What they do mean is that if you want to shop online and not get burned, you need to take some precautions.

Here are 9 ways to avoid online shopping traps – just in time for Mother’s Day. Of course, we recommend keeping these tips in mind all year long – your mother will be glad you did!

1. Use common sense.

If the site you are surfing on doesn’t look 100% right, assume that it’s not. It’s better to err on the side of caution then be stuck with a bill for an item that never came, was half the advertised size, or twice the advertised price.

If you’re surfing on a site that has bad spelling, sketchy images, poor logos, too many requests for personal information, or is offering a deal that seems too good to be true, surf away. We promise, there are plenty of other shops online.

2. Buy from retailers you know and trust.

Think twice before trying out an unfamiliar online shop for your Mother’s Day shopping (or at any holiday really). There are so many well-known online shops, and when you buy from these shops, you know they have a reputation to maintain. If anything goes wrong, they will be there to stand by their products and help you out.

Even if this means resisting what seems like a really good deal, or paying a slightly higher price to shop from a brand you know and trust, it’s worth it – especially when your mother’s gift is riding on it.

Flowers are a great Mother's Day gift.

Want your Mother’s Day flowers to arrive? Order from a trusted and reputable site.

The extra money you may spend shopping somewhere you know is worth avoiding the potential hassle you may find you have on your hands if the product you buy is of a lesser quality than you expected, not as cheap as you expected (look for hidden shipping charges), or worse still – completely fraudulent.

3. Don’t click on suspicious emails.

Chances are good that you’ve already got at least a dozen Mother’s Day emails in your inbox. These emails are probably pitching an incredible range of great deals for Mother’s Day, everything from flowers and chocolates to jewelry and mobile devices. Most of these emails probably include at least a couple of links that shout Save MoreSave Now, or better yet, Save 50%.

Though some of these emails may very well be offering real deals that your mother will love, others may be malicious. Links in malicious emails may be used to install bad bits of software onto your computer. Other links may send you to fraudulent sites that aim to obtain your credit card details without providing real products. These sites may look good – they may contain multiple pages and lots of nice pictures – but keep in mind that they could have been set up for the primary purpose of collecting your personal information.

Watch out for Phishing Emails and Websites

Phishing emails and websites have one goal – to trick you into revealing your credit card details.

So how can you protect yourself from email offers that end up delivering more than you bargained for? Your best defense is a good offense. First, take a close look at the email. Is everything spelled correctly? Do the images look good? Is there a logical reason why you’re receiving the email (i.e., do you remember signing up for such an email?)

If you answer ‘No’ to any of these questions, delete the email right away. Another way of verifying the legitimacy of an email offer without clicking on the link is by opening a new tab on your browser and typing in the URL of the company which sent you the email. If you reach a legitimate-looking website, look around to find evidence of the deal you’ve received by email.

If you can find the deal directly on the website, buy it there. If you can’t find the deal on the website but still want to believe it’s true, contact the company via email or telephone and ask a representative.

4. Never use public WiFi to shop online.

You may want to buy mom the album that’s playing at the local Starbucks while you’re at the Starbucks, but whatever you do, don’t shop using public WiFi.

When you send private information such as credit card numbers across public WiFi, everyone else using the network can also access that information if they want to. So why tempt them?

Always use a secure network to shop online. Always. So if you’re in a Starbucks and want to shop using your mobile phone or laptop, make sure you use a mobile VPN for safe shopping. If you can’t get a secure network for shopping, don’t. Either wait until you get home to shop on your private home network, or buy a gift card from the cashier using your credit card. Mom can still get the gift via the internet, and you won’t have to risk your personal information to send it.

5. Look for safety symbols before you buy.

If you do eventually reach the online checkout (assuming we haven’t scared you off already) take another moment before you reach for your credit card and look at the URL of the website. Does it start with HTTPS? Is there a padlock icon in the browser status bar or at the bottom of the web browser? Do you see the words Secure Sockets Layer (SSL) on the page?

If the answer is yes to any or all of these questions, then you are on a secure website (the “s” in HTTPS stands for secure). That means the network is encrypting your information. Encryption means that only you and the merchant can view the payment data. If you don’t see any of these security signs, walk away. Or in this case, surf away. The lack of these signs means the site isn’t secure, and that means your purchase details could be open to hackers. Just choose another site. We promise – there are thousands of safe sites that have just the right gift for mom.

6. Purchase with credit cards rather than debit cards.

Debits cards may be handy at gas stations and convenience stores, but they are not handy online. Debit cards offer direct access to your bank account. This means that if hackers get a hold of your debit card details, it’s kind of like writing them an open check.

Furthermore, credit card companies in many countries (the UK, for example) are legally obliged to protect consumers from online fraud. In other words, if your credit card is hacked and used for purchases that you don’t authorize, your credit card company may have to cover the fraudulent charges.

Credit card companies protect their own interests by using sophisticated software to detect unusual behavior on their customers’ accounts. This means that if a credit company notices that you’ve been making uncharacteristic or illogical purchases (for example, filling several tanks of gas in quick succession, or buying very expensive products that you’ve never bought before), they might block the card until they confirm with you personally that you meant to make these purchases.

Debit cards don’t offer such protections. This means that once someone accesses your debit card, they could theoretically use it until your account is drained, or until you notice.

7. Choose disposable credit cards rather than regular ones.

Disposable credit cards are even better than regular credit cards, since if they are hacked, you don’t have the headache of canceling your regular cards.

Disposable credit cards are a lot like gift cards. You simply place a specific amount of money on the card and then use it to make your online purchases. The card can only be used until the money you placed on it is used up. In other words, even if the details of a disposable credit card get hacked, the hackers only gain access to the amount of money you’ve put on the card.

8. Keep your receipts.

Receipts are just as important in the world of online shopping as they are in the mall, if not more so.  You never know when you may need a receipt, so make sure you keep it. When you purchase items online, you usually receive an order number and receipt, both at the website where you shopped and in your personal email. Make sure you keep these documents (and make sure they don’t go into your spam folder) as you may need them in the future.

Also, when your credit card statement comes is, double-check the purchase to make sure it’s correct.

9. Protection is the best form of prevention.

Your mother may have been telling you this old adage (albeit in reverse) for years, but it still remains 100% true. The safety of your online shopping transactions is directly related to the safety of your own computer.  And this relates to how well your computer is protected from malware, viruses and more. So make sure your personal computer is protected with the latest antivirus and firewall, critical tools for keeping you safe from online threats. Not only is this important for your own computer, but you know what? In a pinch, it could even be a Mother’s Day gift (though the mothers we know would probably prefer flowers.)

What’s your top tip for online shopping safety?

4 Ways to Protect Your Privacy on Public WiFi

Public Wifi is convenient, but is it safe?
Public Wifi is convenient, but is it safe?

Internet cafés are so 2014. Today, almost every café worth its coffee beans offers free public WiFi. So do fast food restaurants, bus stops, intercity trains, airports, malls, libraries, hotels, and public toilets. Yes, even public toilets.

But the fact that WiFi is public and free doesn’t mean that it’s safe. To the contrary, it could be quite dangerous. Because if WiFi is free and accessible to you, then it’s free and accessible to everyone, including hackers.

WiFi On the Go – What You Need To Know

When you use free WiFi, you open up your device and communications to anyone else using that same free network. And though many people may be checking their email and updating their Facebook status just like you, others may be looking for their next online victim.

If you’re on public WiFi and your device is unprotected, hackers can access crucial personal information in seconds.

Of course, this doesn’t mean you need to stop using free WiFi. After all, free WiFi is a great convenience, especially if your mobile plan has been used up or you’re in an area where data roaming charges are prohibitively expensive. The key to using it, therefore, is to use it safely. And like many things in life, that requires common sense.

4 Ways to Protect Your Privacy on Public WiFi

Here are 4 important steps you can take to ensure that your public WiFi experience is safe and private.

1. Choose your network wisely
Using your wits can help you choose a relatively safe network and avoid hackers. One common hacking technique is known as a man-in-the-middle attack. In this type of attack, a hacker creates a nefarious network alongside an authentic network that’s being offered by a legitimate establishment. If you use the hacker’s network instead of the legitimate one, all your information is channeled directly via the hacker’s network, providing the hacker easy access to your information.

If your activities involve nothing more complicated than a Facebook post or two, this may not seem like a big deal, but if you’re checking your bank account or shopping online, you could be sending sensitive information directly into the hands of the bad guys. Anything you do can be tracked by those hackers with ease. It’s a bit like walking into a lion’s den which has been cleverly disguised as a café.

To avoid using a hacker’s site, double check with the concierge/waiter/librarian of the establishment offering you free WiFi to make sure you choose the right network. If you see two networks with strangely similar names, let the establishment know, as one of these networks could well be a hacker’s trap.

2. Close shared folders on your laptop
Using shared folders can be really handy when you’re working in an office network, but as soon as your computer is open to public WiFi, your shared folders can be viewed by anyone who is on the network. You can’t possibly know all the people who are accessing that free network, and even if you could, you probably don’t want all your shared files open to them. In one recent story, open shared files on a private laptop left one traveler’s private information – including her passport details and credit card numbers – visible to strangers staying at the same hotel.

To prevent this from happening, change the file sharing settings on your laptop, and make sure that privacy settings are different for public and private networks.

3. Turn off automatic Wi-Fi connections
Public WiFi is great, but there is no reason to open your device to it all day and all night. Consider it akin to the front door of your home. You want to be able to open and close the door when you go in and out of your home, but you certainly don’t need to leave the door open in the middle of the night, or while you’re taking a shower or watching TV. So why leave your mobile device open to public WiFi when you’re not using it?

All it takes is a tap or two to turn your automatic WiFi connection on and off. So if you don’t plan on using public WiFi while you’re out and about, leave the connection closed.

4. Use a VPN service
You don’t need to be a fan of acronyms to start using a VPN. Furthermore, if you can say WiFi three times fast, then you can certainly familiarize yourself with VPNs. VPN stands for Virtual Private Network, a service that provides a protective barrier between you and the worldwide web. When you use a VPN, all of your communications are routed through a server. This routing encrypts the information you send out, and the information you receive, so that hackers can’t eavesdrop on your communications.

Using a VPN protects your privacy by ensuring that all your online activities remain private. So if someone is trying to track your online activities, your tracks only lead to the VPN. Everything else that you do online is untrackable.

The use of VPNs is increasingly common on desktop computers, as people realize the importance of protecting their privacy online. Mobile device-oriented VPNs such as ZoneAlarm Capsule provide you with a similar level of privacy on your mobile device, making sure that both outgoing and incoming communications are private and safe.

Public WiFi has changed the way many of us live. It’s a great way to check bus schedules on the go, send emails at the airport, or pass the time while waiting for an appointment. But like all things in life, public WiFi should be used with common sense. After all, your privacy depends on it.

The Year of the Hack: How to Prevent Your Personal Data from being Hacked


When hackers breach banks and retailers, there’s not much you can do. Fortunately, there are some things you can do to protect your personal data from falling into the wrong hands.

Continue Reading… The Year of the Hack: How to Prevent Your Personal Data from being Hacked