This week Ray, Tom and Sean discuss the hacking of the adultery-centric site Ashley Madison, drones causing problems for California firefighters, and security flaws in Jeep Cherokees. That and more on this episode of the Deemable Tech podcast.

If you’re listening to Deemable Tech on our website, make sure to subscribe to the show on iTunes or on Stitcher. And, while you’re there, leave a review. The more subscribers we have and reviews we get, the more people will find our show.

If you have a response or comment for the show, give us a call and leave us a voicemail, 1-888-972-9868 or you can send us an email to feedback at deemable dot com.

The Deemable Tech Podcast is brought to you by A Small Orange, Homegrown Hosting. A refreshingly different approach to web hosting. On the web at asmallorange.com.

Make sure to share Deemable Tech on the forums, Facebook, Twitter and all over the interwebs.

Thank you to our Redditors who have been helping us decide what stories we talk about on the show. Go to our subreddit page and submit a story, and vote other stories up or down. Deemable.com/reddit will take you there. We’re also looking for a new admin to help manage and moderate our subreddit page. Submit a text post to our subreddit explaining why you would make a great admin.

If you have a suggestion, or just have a comment for the show. Give us a call and leave us a voicemail, 1-888-972-9868 or you can send us an email to feedback at deemable dot com.

And, don’t forget to help us to decide what stories we talk about on the show, go to our subreddit page and submit a story, and vote other stories up or down. deemable.com/reddit will take you there.

THIS WEEK’S RUNDOWN

Ashley Madison gets hacked

Last week, hackers targeted AshleyMadison.com, an online dating site for married people looking to have an affair, and claimed to have downloaded its complete database of 37 million user profiles. The hackers, who call themselves The Impact Team, are threatening to release all the profiles publicly unless Avid Life Media, the company that owns Ashley Madison, shutters the site permanently along with sister site EstablishedMen.com.

Image credit: Ashley Madison

The hackers also take issue with Ashley Madison’s paid “full delete,” where the site charges users $19 to full erase their profile. The hackers claim that Ashley Madison does not in fact purge all of their records from their database, even after a full delete has been paid for.

Strangely, as of this podcast, the hackers have released only two of the 37 million profiles. One belongs to a man in Brockton, Massachusetts, the other to a man in Mississauga, Ontario, in Canada.

Stupid, stupid drones

Drones prevent firefighters from putting out a fire on the 15 Freeway in Southern California’s Cajon Pass. Cars were stopped on the 15 because of a wildfire and several caught fire. Firefighters were unable to get water to the cars because five drones were hovering over the site. Apparently this has been an ongoing issue with the wildfire that is so bad it’s been given a name, North Fire.

Drone operators have been flying around while firefighter helicopters have been trying to do their job. This particular incident was so bad, several people were severely burned, and twenty vehicles were completely destroyed. Two of the drones even pursued the helicopter.

In equally stupid drone news, an 18-year-old decided to attach a gun to a drone and fire the gun. He probably would have been fine if he hadn’t also decided to video record it and post the video to YouTube. The FAA is investigating the case to see if any federal laws were broken.

This isn’t the first time someone has weaponized a drone. In 2013 a company that creates screen protection built a drone, attached a gun to the gimble and shot some video of the Skynet-esque monstrosity shooting soda bottles and cans, and a Samsung Galaxy.

Hackers demonstrate exploit that allows them to remotely control Jeep Cherokee

Wired reports that white hat hackers Charlie Miller and Chris Valasek were able to take control of a Jeep Cherokee using the Chrysler Uconnect system installed in the vehicle. The hackers performed their exploit remotely while Wired’s journalist was inside. The hacker’s code reportedly allows them to control the AC, change the volume of the stereo, control the transmission, disable the brakes, and kill the engine.

The hack comes just as senators Ed Markey and Richard Blumenthal are introducing new legislation that will mandate digital security standards for cars and trucks.

Apple kicks Nest out of bed

Re/Code is reporting that the Apple Store no longer carries the Nest Thermostat, Nest Protect or Nest Cam online or in its retail stores.

This all happens of course after Google bought Nest last year, and Apple is about to launch the first of its HomeKit automation enabled products. No surprise, around the same time as the Nest Thermostat was taken off the shelves, the Ecobee 3, a wireless thermostat that does work with HomeKit quickly took its place.

Unfortunately, none of this is terribly surprising. Apple sold tons of fitness bands like the Jawbone Up and the Nike FuelBand… right up until they launched the Apple Watch when they quickly dumped the products off their shelves.

This could be a sign that Nest won’t support HomeKit. Which is sad for iPhone users who were looking forward to the day when we could tell Siri to turn the temperature down, like their Android friends can do with Google Now.

—

If you have a suggestion, or just have a comment for the show. Give us a call and leave us a voicemail, 1-888-972-9868 or you can send us an email to feedback at deemable dot com.

And, don’t forget to help us to decide what stories we talk about on the show, go to our subreddit page and submit a story, and vote other stories up or down. deemable.com/reddit will take you there.

Andrew writes, “It seems like every week there’s another scary news story about a big bank or a major company getting hacked. Is there any way to safely shop online, or should I just stay off the internet altogether?”

You’re right, Andrew, there have been a few pretty severe hacks of some large corporations recently. Unfortunately, we probably haven’t seen the last of them. But here’s the thing: staying off the internet probably won’t help you at all.

Image credit: Sean MacEntee / Flickr

Most of the businesses that have been hacked lately were retail stores, and the people affected were those who had shopped in the stores’ brick and mortar locations, not online. Hackers found their way into the companies’ servers, and were able to skim credit card numbers as they were scanned into the database.

Banks similarly store your information in databases that are connected to the internet. While they take security precautions, those defenses are sometimes compromised by hacking groups that have become more organized and sophisticated.

You see, Andrew, you don’t even have to be online for businesses or banks to store your information online.

All of this can understandably seem pretty scary. Luckily there are systems in place to protect you if your information is stolen. The Federal Deposit Insurance Corporation, or FDIC, says that customers can only be held responsible for a maximum of $50 for a fraudulent transaction, provided they report it to their bank or credit card company quickly. In fact, most credit card companies will rarely hold someone responsible for any fraudulent charges on their card, as long as they report those charges in a timely manner.

The trick is to keep an eye on your bank account and credit card statements. Be on the lookout for transactions you don’t remember making. Remember, the sooner your report a fraudulent transaction, the more likely you are to get all of your money back.

It really is okay to shop online, just as long as you use some common sense. For example, only give your credit card information to reputable online retailers. And make sure you use good, unique passwords. Like we’ve said before, long passwords of 15 characters or more are best. You should also avoid using easily guessable names or words for passwords. Have different passwords for different websites, especially the important ones like your bank, your favorite online store and your primary email account. We also recommend using a password manager like LastPass or DashLane.

Stay safe, and happy shopping!

Photo Credit: “Credit Cards” by Sean MacEntee is used under CC BY 2.0.

It’s estimated that nearly 500 million people around the world use the Windows XP operating system on their computers. If you’re one of those people, you need to be aware of an important change from Microsoft.

So long, it’s been good to know you.
Image credit: Microsoft

On April 8, 2014, the software giant ended their support for Windows XP.  Don’t worry, this doesn’t mean that your computer suddenly stopped working on April 9. It will, however, start to be a lot riskier to keep using.

Windows XP was released in 2001, and because of its worldwide popularity Microsoft has continued to support it with updates, bug fixes and security patches for the past 13 years. As the company begins to focus on newer versions of the Windows operating system, they’ve decided to stop releasing these updated security patches for XP. This means that there will be nothing to guard you from hackers finding new ways to break into computers running XP and stealing personal information from victims.

Now, the chances are that your copy of Windows XP will still be relatively secure on April 9, but that will change as it gets older and older. To protect yourself, we recommend that you upgrade your operating system. Microsoft, of course, is happy to help, and have created a page with all of the information you’ll need to know. There, you can download a program that will check your PC to see if it is compatible with Windows 8.1, the latest version of Windows.

You may have heard about Windows 8 getting a bad rap due to a new interface and the fact that initial versions didn’t include the classic Start Menu so many of us know and love. But the truth is that you can still run the classic Windows desktop in Windows 8, which looks and feels a lot like what you’re used to.

We should note that upgrading to a new operating system will cost money, and that an upgrade to Windows 8.1 costs $199. That’s a lot, and that’s the reason most people buy a new computer with Windows already installed on it. In fact, you can get a new Windows 8 computer for as low as $249.

If those options sound too pricey or if you’re just not ready for Windows 8, we recommend checking out Windows 7. Microsoft has stopped selling it officially, but you can still buy copies of the home version from many third party vendors like Best Buy and Amazon.com for around $100. It is a great operating system, and we would go as far as to say it’s the “new” Windows XP in terms of it being easy to pick up and use.

Whatever you decide to do, you need to start taking steps to update that old copy of Windows XP right now. Having an outdated, unsecured operating system might cost you more than any new one ever could.

Q: I recently started experiencing random pop-up ads on my computer even when I was on websites that don’t have popups. Downloading a malware removal program didn’t fix the problem. Eventually I had to roll back to a clean install of Windows. How did my computer get infected, and how can I avoid this in the future?

You may see warnings like this if you attempt to visit a malicious website.
Image Credit: Google

A: Getting infected with malware and pop-ups is no fun. Even though there are lots of software programs out there to clean this junk off your hard drive, these kinds of malware programs are designed to be a pain to remove.

The key is to avoid getting infected in the first place. People know that it’s not a good idea to walk down a dark street in the middle of the night, and the Internet is pretty similar. It has some bad neighborhoods, and you just need to know to avoid them.

First off, you want to be careful with what you search for. Unscrupulous spammers and hackers tend to stake out popular Google searches, and they especially love celebrities. In fact, anti-virus company McAfee published a list of 2013’s most dangerous celebrities to search for. The #1 most dangerous person to search for is Lily Collins – one in seven of the results will land you on a malicious web site! Others dangerous celeb searches include Katy Perry, Sandra Bullock, and Britney Spears.

Celebrity searches aren?t the only searches that can get you in trouble, though. There are plenty of seemingly safe, regular search terms that can yield dangerous results, including:

• “lyrics”
• “free music”
• “game cheats”
• “free ringtones”
• “solitaire”
• “make money”
• “work from home”
• “free downloads”

Now, a few different things can happen when you visit an unsafe website. The most common is that you’ll be hit with a pop-up asking you to download some “helpful” program. Never agree to this! Running strange programs from unknown sources is extremely dangerous. If a website asks you to download something and you weren’t expecting to download it, say no.

In some cases it’s possible for a website to load a malicious program onto your computer secretly. Avoid this by upgrading to the latest version of your web browser. Still running Internet Explorer 7? Go download version 10 immediately. Having the latest and greatest makes sure you’ve also got the most recent security updates.

You also need to be smart about email. It’s a bad idea to open a program or file that’s been emailed to you if you weren’t expecting it, even if it’s from someone you know. That person could be infected with a virus, many of which love to spread themselves through email attachments. If you’re not sure, email the person back and ask, “Did you mean to send this?”

Follow these steps and you’ll be pretty safe. But accidents do happen, so know that if you do get infected with malware, there’s help. Google keeps a list of safe, useful malware removal programs at google.com/goodtoknow. Just click on the “keep your device clean” link.

Q: I’ve heard that you’re supposed to have a good password to keep hackers from breaking into your account, but how do I know what a secure password is? I know I shouldn’t use something dumb like “123abc” but I don’t think I can remember a bunch of random letters and numbers. What would you recommend?

A: First of all, there are different guidelines for home users and work users. Here are some password security basics for home users:

• Never share a computer account.
• Never use the same password for more than one account.
• Never tell a password to anyone, including people who claim to be from customer service or security.
• Never email your password to anyone.
• Be sure to log off or lock your screen before leaving a computer unattended.
• Change your password whenever you think that it may have been compromised.
• Don’t use guessable passwords: this includes your spouse’s name, your kid’s name, your pet’s name, and of course your name.

A perfect password would be made up entirely of random letters numbers and special characters, be as long as possible, and not be used anywhere else. Unfortunately, this is not humanly possible. Unless you use something like LastPass. LastPass is a password management app that suggests complicated, secure passwords for any website or application, and it remembers all of them for you.

Here is another easy way to create strong, secure passwords: instead of using random letters and numbers, use a long string of separate words. For instance, something like “OrangeShrimpOrphanSingers”.

You can separate each word with a number to make the password alphanumeric. Try not to make the words related to each other because that will make them easier to guess. But you will likely find four words easier to remember than eight or 10 random characters, and because the password is longer, it is actually tougher to crack.

Oh, and you know how you’ve always been told not to write down passwords? Nah, go ahead, write them down on a piece of paper and lock them in your file cabinet. Look at it this way: if someone is in your house reading that piece of paper, you’ve got bigger problems. In addition to stealing your passwords, they’re probably also stealing your checkbook, your TV and the lunch meat out of your fridge.

Now, for business users, each corporation has their own policies. So, even if the policy is not optimal you have to follow it. If your company allows it, consider using LastPass.

Unlike what we said about home users, work users should never write down their passwords. There are too many people walking by your office or cubicle, and that means a lot of opportunities for casual password grabbing.

Also, never use a password for a business account that you also use for your personal accounts, because if your private information is compromised, then your corporate information will be also.

Apparently no one is safe from the wrath of LulzSecurity, the notorious rogue hacker group who claimed the recent high-profile attacks on Sony Pictures Website and Nintendo’s servers. Now, their targets are set on the U.S. Government after hacking into the Senate’s website and even going as far as taking down the CIA’s site, which was restored shortly afterward.

The group is apparently motivated by hacktivist culture and fueled by the amount of amusement – or “lulz” – that they can generate by causing mayhem on the internet. To bring down the Central Intelligence Agency’s website on Wednesday, LulzSecurity used a Distributed Denial-of-Service (DDoS) attack which uses computers to flood the targeted site with so much traffic that it causes it to go offline. It is suggested that LulzSec probably did not steal any sensitive information from the breach on the government websites and while this is reassuring, it doesn’t bode well for those who were among one of the 26,000 e-mail addresses and passwords that the group recently leaked.

Mashable mentions, “One thing separates LulzSec from many other similar groups, however: Its members are actively communicating with users, and they love the attention. And with a high-profile site being attacked almost daily in the past several weeks, we’re sure we’ll hear more about LulzSec in future.” LulzSec is active on the social media site Twitter and has even created a telephone hotline service which invites users to request potential targets for the group to attack in the future.

Although LulzSec may be amusing themselves for the time being, the CIA has surely taken notice of the group and will likely be the ones having the last laugh.

Photo by Stan Schroeder via Mashable