maggyPie official logo

maggyPie

Articles

maggyPie fundraiser! 07-11-2021

You are invited to a maggyPie fundraiser - virtual event on: Wednesday, July 21st @ 1:00 P.M. EST

Topics of discussion will include:
-Password security
-Phishing
-Malware
-2Factor authentication
-Encryption

Our goal is to raise $30,000! If the goal is met, maggyPie will turn from red to green on the official website!

✎ Chirp back

Freedom isn't free 07-11-2021

Hope everyone had a great 4th of July!
Continue to be safe, as we continue to honor our veterans and loved ones.

✎ Chirp back

Shred your hotel room key after checking out 06-30-2021

The days of the old school metal keys are over with for lodging. Most places have adapted to those little handy electronic plastic keycards sometime in the very early 21st century.

So, what information is stored on those cards exactly? This question contains much controversy in itself. Technically, they could get by with just encoding the room # and the length of stay. They already have your personal information stored in a database, and don't need to put any of that information on the card itself. However, as this probably doesn't suprise you, some places were found storing all kinds of customer data, even data that was stored in their database, such as:

Credit card number
Full name
Complete address
Phone #
Length of stay
Smoking room?

As you can see, remember the #1 rule "never trust user input".

Shred your cards after checkout, never hand them back in. There is no extra charge to keep them.

✎ Chirp back

Scratch your CVV off of your credit card 06-29-2021

Although you do need to memorize it, you don't need the CVV code to actually be on the back of your debit/credit card.Just scratch it off!

If you leave your CVV on the back of your card, your information becomes susceptible to theft as someone can write down the information, or better yet, take a picture with their phone.

Although there is always a possibility of information theft without the CVV number, it greatly reduces the attack vector that the thief can use, since many websites require the CVV. Without it, many merchants will not honor the card.

P.S. If you're worried that someone has your CVV, report the card stolen and get a new one!

✎ Chirp back

Under NO circumstances should you still be using magnetic stripe readers 06-27-2021

Always use EMV (chip) transactions

Whether you're a business or customer, always use the EMV chip authentication for transactions. Many merchants still have failed to become EMV compliant and have not upgraded their POS to EMV technology. This is a huge liability and can spell trouble for your business. If you see any signs that say "our chip reader is down, or please use magnetic stripe", stay FAR FAR away from this business.

EMV uses cryptographic authentication and a series of other complex "handshakes" to determine authentication, whereas magnetic stripe readers don't have those security measures.

While waiting in line to pay for fuel (and other goods), there was someone in front of me who's debit card wasn't working - kept saying: "Debit Card Chip Malfunction". It kept on giving him the error, even after cleaning it with a cloth and re-attempting multiple times to use the chip. After 3 times, it usually defaults to use the magnetic stripe reader.

Under no circumstances should we be using the magnetic stripe reader for any transactions. Sometimes our cards do not work because they are dirty, and/or have normal "wear and tear". If you feel this is a the case, you should replace your card as soon as possible.

✎ Chirp back

The Domino Effect of our Infrastructure 06-09-2021

undefined

✎ Chirp back

Signal Private Messaging App 05-19-2021

When you send anything and/or receive via Signal (text, emojis, images/pics, videos) is encrypted. When your data is encrypted, only the intended specified recipient(s) can see the data.

Even better, Signal does not store any data, which means it can't be leaked out - purposefully or accidentally.

✎ Chirp back

Why are you STILL using FAX machines? 05-16-2021

I'm successful. My time machine worked! We're back in 1991! Oh wait, no, it's 2021, 30 years later and...That is a FAX machine though. Wildly insecure, outdated, and let's not forget to mention, bulky. The thing takes up half the room for cryin' out loud.

One portion is connected to the network, the other is connected to the phone line. No encryption, and no security. By tapping into a phone line (which anyone can get the FAX number for an organization), the attacker now has access to the network. Still want to use the FAX?

✎ Chirp back

Be mindful of what you type into Grammarly editor 05-15-2021

You're dreading your next assignment; it's a 5-page research paper on your topic of interest. You fire up Grammarly and begin to write your rough draft into Grammarly editor because you want to sound smart, right?

If you try to use it without an internet connection, it will give you a big ole' error! Hmmm, what does that mean, exactly?

Well, since the program itself isn't very big at all - which means the database where it pulls information from is online - in the cloud! If you've ever used the plagiarism checker, it reads everything that was ever 'submitted' to it and compares it against what you have. Well, all of that data has to be stored somewhere. Be mindful of what you type in there - especially ideas from rough drafts.

✎ Chirp back

Multi-factor authentication 05-08-2021

Multi-factor authentication is using more than one distinct authenticator. For example, to log in to your e-mail, you may use just a password. Better yet, use a password and set up text message verification - where you have to enter the code as well. This type of setup provides additional security and makes intrusion a bit more difficult, as the attacker needs to know both the password and gain access to the code.

1.) Something you know - such as a password or PIN. Don't make it easy to guess.

2.) Something you have - such as a token, which generate a secret code or PIN. Digital certificates can also be used.

3.) Something you are - biometrics, such as a fingerprint or retina scan.

Using more than 1 type of authentication can make it more difficult for hackers to gain entry!

✎ Chirp back

Be careful what you click on! 05-05-2021

In the realm of IOT (Internet-of-things), our mouses work faster than our brains. It's true. We want to click (or tap) on everything - all the time!

Don't click on links unless you're certain what they are, as they can be set to trick the user. For example, take this link - maggyPie.com/ - seems like it points to maggyPie, right? WRONG.

In this 2nd example, I've even made it so if you hover your mouse over it claims to go to maggyPie, but it is still a threat. maggyPie.com

* Depending upon your device, you 'may' be able to TAP AND HOLD the link, and then the true link may show up. If the true link does show up, you should then be able to TAP anywhere else on the screen to cancel opening the link. But, this isn't always feasible. Bottom line, don't click the links unless its from a known and trusted source. *

✎ Chirp back

EVIL TWINS HOTSPOT 05-03-2021

You're out at a cafe, and you want internet. So, you look for the hotspot labeled 'cafe' and connect. No big deal, right? WRONG.

You've just connected to an evil twin hotspot, which is NOT the one you intended to. An evil twin hotspot is one that looks exactly or almost identical to the legit one. It will have a similar, official-sounding name.

Wait, which one did I connect to again?!

✎ Chirp back

NEVER log into public WI-FI 05-01-2021

There are many reasons why you should never log into a public WI-FI, but one single important reason comes to mind.

Man-in-the-middle attack: Remember the game Monkey-in-the-middle? Well, it's sort of like that, where sometimes the man in the middle tries to catch the ball between 2 other players throwing it back and forth. Similar to data and packet theft, each time you connect or browse the internet, there's constant traffic. There's so much traffic, it would look silly trying to read it all. Sometimes in the game, the guy in the middle will touch the ball and deflect it. This is called tainting the data; it's been tampered with. You still have access to your data (and whatnot), but it could have been modified.

I remember back in the day, car salesman used to advertise "has a CD player in it" and everyone shouts "Oooo-la-la!" "Oh yaay!" But the reality is that that was a standard at the time; there was nothing extra about it at the time. It was to be expected; I already expected the CD player. So, save your little speech. And unfortunately, free WI-FI is a 'standard' for public places, and people are falling for it. Something like that should not only NOT be advertised, but you should deduct points off for that.

What is everyone doing on their computer at Mickey D's anyway? They're playing monkey-in-the-middle.

✎ Chirp back

Never share media/netflix accounts 04-20-2021

While it may convenient to share media accounts, avoid doing so at all costs. Security should override convenience. When users share any type of media account, it allows any and all users who use that service to purchase unauthorized subscriptions and media. Furthermore, everyone that uses the account can see what is being watched.

Having separate user accounts has clear distinct advantages, such as:

1.) Maintaining user privacy and data privacy - only YOU see what YOU are watching

2.) Can help avoid targeting spear phishing and phishing attempts

3.) Maintain parental/child controls

4.) Allowing the ability to perform audits and view event logs based on user accounts or a specific time

There are many other advantages, feel free to comment below!

✎ Chirp back

1 reply

They should be notifying us in the event of a data breach...

04-13-2021

500 million linked in accounts LEAKED 04-13-2021

Yep, you read that right. Another 500 million LinkedIn accounts were leaked. This includes FULL names, e-mail addresses, phone numbers, and gender information.

Data scrapers are available (freeware or software) to scrape and copy data from websites, or even the databases if they arent secured.

Claims have been made that the information is being sold on hacker forums and on the dark web.

✎ Chirp back

4 replies

AI is on the rise

04-13-2021

This will allow the security team to prioritize in other areas, freeing some of their time I suppose.

04-12-2021

Automation = less prone to human error!

04-12-2021

London at its finest!

04-12-2021

Darktrace goes public 04-12-2021

The World's leading AI can respond to cyber threats in real-time. With human-like intuition, it has capabilities to self-learn. The more exposure, the smarter it gets. It is flexible in many platforms - think of it like an MMA fighter, not limited to one style.

DDoS, Dos, and other bot attack attempts are simply too fast for a person to respond to; Autonomous response removes heavy lifting from the security team and fights back!

✎ Chirp back

1 reply

I saw a post the other day, it had her medical ID number right on the card...

04-11-2021

Do NOT post your COVID vaccination card! 04-11-2021

COVID scammers are on the rise. Don't click on any links or texts from anyone regarding COVID testing.

Unless you specifically signed up for the shot at a particular location, don't respond to any messages.

If you are asked to purchase the shot to get on a list, it's a SCAM.

Under no circumstances should you give out any sensitive information (such as SSN or credit card) just to sign up for the shot.

Under no circumstances should you post your test results ANYWHERE.

Proud to be COVID free? - Keep it to yourself! Your card may contain sensitive information such as name, address, phone, e-mail, SSN, location or your medical ID. Scammers thrive off of this and can make you a target to steal any of information or worse yet, gain access to your medical information.

✎ Chirp back

4 replies

Accents!

04-8-2021

Use the copyright symbol also!

02-18-2021

I use the copyright symbol ©

02-18-2021

Also password phrases are common now, instead of a word use a passphrase

01-24-2021

For stronger passwords, use accents. 11-30-2020

Instead of using the regular letter "a" for a password, trying using â. This will be much harder for anyone to guess - especially computers. Some dictionary attacks may even have trouble with it!

✎ Chirp back

Scammers use social media to perform COVID-19-related scams. 11-29-2020

Lately, thieves have been targeting social media accounts, sending messages to victim while posing as a close friend (or even an employee of the government). The impersonator claims the individual is eligible for government grants (such as COVID-19, disability, etc.) and urges them to call a phone number to collect the funds.

Upon calling, the victim is asked to pay a "processing fee" (using some form of bank or verification) to receive the "grant money". No legit company will EVER ask ANYONE to pay an "upfront fee" or "administrative fee". As you may have guessed, victims of this scam not only do not receive any funds/grants, but have their money stolen from their account(s).

✎ Chirp back

Why you should be using DuckDuckGo Browser. 10-20-2020

1. No search records are created. Ever! Thus, nothing can be traced back to you. No ip addresses, no date & time stamps, no logs, etc...

2. No ads - it's totally clean, and no ads are targeting your user behavior.

3. It's quick & efficient.They've even got an app too, so you can use it on your Smartphone.

✎ Chirp back

1 reply

I love duck duck go

11-22-2020

Treacherous Alexa 10-04-2020

What's the harm in having this thing - I mean this thing is here to help me, right? Anytime I have a question or need assistance, I can just say 'Hey Alexa, I need help with such and such.'

It's supposed to only record when addressed as 'Hey Alexa', or 'Alexa'. Another note of concern is that it records for an unknown period after, which most people forget about.

Additionally, records of 'personal moments' were revealed after words similar to 'Hey Alexa' were triggered. The 'Smart device' is not foolproof, and false positives can trigger such as "I like this Tesla", or "I'll help test ya", or "Give me extra". These are just simple & basic examples, there are many more! Imagine laying with your significant other, and say, hey 'I'm going to take a fiesta', and all of a sudden Alexa starts recording.

Staff members are supposed to review random recordings for 'Quality Control', but were caught sharing the audio in chat rooms.

At the very least, you could be the new laughing stock for all of Amazon employees, or yet much worse: your data, and information could be leaked to the deep web – which can lead to much bigger issues.

Not surprisingly, Amazon denies all of this.

Goodbye Alexa and say hello forward-thinking with maggyPie.

✎ Chirp back

2 replies

I sent mine back

11-7-2020

Even to have it in the house is dangerous!

10-6-2020

RFID protectors 08-12-2020

Data emanation is the emission of data, and it's constant. You can't see it, hear it, or feel it. Like ultraviolet waves, we can't see them - therefore we have no clue where they are at any given moment. Credit card data is held on the chip and/or magnetic stripe, and that data can be stolen with the proper equipment and/or software.

RFID protector sleeves enclose your credit cards in a material that interrupts the path of radio waves. This is similar to a [mini] Faraday cage, as it will block all electromagnetic fields and disrupts communication between the attackers scanner & your debit/credit cards.

✎ Chirp back

Dont answer unknown numbers - they're probably robocallers. 06-08-2020

A growing number of robocalls (junk calls and text messages) are coming from scammers that are operating outside of the U.S. through VOIP (Voice Over Internet Protocol) - meaning they aren't going to bother paying attention to the Do Not Call Registry!

Things you should do: 1.) NEVER say 'Yes'

this can be used to authenticate permission down the road for future scams.

2.) Never say your name. Again, this could be used to verify your identy to allow them to perform a future scam!

✎ Chirp back

Hats off to our troops! 05-26-2020

I'd like to take a moment to reflect on our troops and those who have fallen before us, so that we may enjoy the freedom that we have today. Thank you!

✎ Chirp back

Why the coronavirus may get worse 05-04-2020

As reports have shown, there have been a steady increase in positive testing of COVID-19 from January to May.

Also, there are many incidents and cases that don't get reported, so the current numbers may not reflect the true status.

With the reopening of many businesses to stimulate the economy, many people will forget about basic hygiene and return to their old ways - and unfortunately take a 'out of sight, out of mind' approach. This could cause the virus to spread like wildfire.

✎ Chirp back

Say NO to the Earn It Act! 04-10-2020

Reject the EARN IT Act (s. 3398) which threatens free speech, encryption, privacy, and the nation cybersecurity.

The EARN IT Act aims to combat child exploitation (online) by withholding crucial internet speech/liability protections from services unless they follow an arbitrary list of "best practices" proposed by a small committee with implicit bias.

The broad powers granted therein could require that internet services scan all private content for exploitative material, effectively circumventing the 4th amendment. This is a massive threat to privacy — particularly to encryption since security would need to be completely undermined to comply. This would severely weaken our national security & has been rejected by security experts.

Signal is recommended by the United States military. It is routinely used by senators and their staff. American allies in the EU Commission are Signal users too. End-to-end encryption is fundamental to the safety, security, and privacy of conversations worldwide.

✎ Chirp back

Phones targeted to use localized data to assist in Coronavirus spread. 03-23-2020

Solutions are being discussed to help prevent the spread of the coronavirus by allowing us to keep a safe distance (at least 6 feet) from one another. This solution comes at a cost; by monitoring our location data to allow health experts to track our movements, and in turn, hopefully the virus in real-time.

✎ Chirp back

1 reply

Nothing new, but always good to beware!

01-24-2021

Never do one-way video/virtual interviews! 03-19-2020

This is a poor attempt to reduce administrative overhead; the less people they see, they less they have to listen to, the less they have to meet in person, the less relationships they have to maintain.

It's as if the interviewer doesn't want anything to do with you. It's seem as though they already made the decision for you. Thanks, but no thanks! Would you want to work for a company like that? Run far away!

Barbaric practices like this aren't anything new, so don't think they are reinventing the wheel. Furthermore, this gives them a good chance to discriminate against you (based on any number of factors) before you even meet anyone in the company.

One of the biggest offenders: Huntington bank

✎ Chirp back

T-mobile data breach 03-17-2020

An unknown number of customer information was accessed through a T‑Mobile employee email account after a malicious attack via a 3rd party email vendor.

Information that was exposed: Customer names, addresses, SSNs, financial account information, government ID#s, phone #s, billing and account information, as well as rate plans and features.

✎ Chirp back

Coronavirus - Why you should use cold water to wash your hands. 03-16-2020

Cold water can kill just as much bacteria on your hands as warmer water, research suggests. Many of us have a misinterpretation that we must use scalding hot water to clean our hands – this is simply not true.

Additionally, you only need a tiny amount of soap and about 10 seconds of running water, and put some elbow grease into it. A majority of germs are actually rinsed off your hands from the running water, further research states.

✎ Chirp back

2 replies

This is really interesting

01-16-2021

Agreed.

10-6-2020