Change your batteries and clocks + rotate preparedness stocks this weekend

October 31, 2014

Most people will gain an hour this weekend when they “fall back” early Sunday morning. While you are changing your clocks, it’s also a great time to change the batteries in detectors … and check and rotate items in disaster supplies kits since cooler weather is coming.

Use the following tips to make this a family project and include the kids so they can help choose items for kits and learn where things are, and it’s a good opportunity to discuss your Family Plan.

  • Change the batteries in smoke alarms and carbon monoxide (CO) detectors around your home. Officials suggest you test them at least once a month and completely replace detectors every 10 years.
  • Pull out your home and vehicle kits and rotate stored water, food, medications and other items, and test and/or replace batteries if you stashed some in kits. Remember to pack items for all your pets … or better yet, make special kits for them so those are easy to grab & go during an emergency. Also include winter items in kits like warm clothes and other things described in our Winter driving tips post.
  • If you haven’t already, take some time to make an Escape Plan that includes two escape routes from every room in the house. Draw a floor plan of your home showing doors, windows and stairways. Mark locations of first aid and disaster kits, fire extinguishers, smoke detectors, ladders, and utility shut-off points. Next, use a colored pen to draw a broken line or arrow charting at least 2 escape routes from each room … and walk through the routes with your entire family. Then practice, practice, practice by running drills with the family either monthly or quarterly.
  • Update your Family Emergency Plan (this 6-pg PDF checklist can help you set up meeting places [esp with your children in case you are separated during an emergency], ensure all phone numbers are current, think about things for seniors, pets, etc.)
  • Go through Important Family Documents and keep below items in a waterproof, portable safe container and update as needed. Keep copies of papers off-site in safety deposit box or with a family member — or scan all to a flash drive or CD or save to a secure cloud backup service.
    — Extra set of car keys, cash, traveler’s checks and credit card
    — Will, insurance policies, contracts, deeds, stocks and bonds
    — Passports, social security #s/cards, immunization records
    — Bank account numbers
    — Credit card numbers, card companies + phone numbers
    — Inventory of valuable household goods
    — Family records (birth, marriage, death certificates, photo IDs)
    — Recent pictures of all family members and pets for i.d. needs

Download a free 56-page mini portion of our IT’S A DISASTER! book to help you with the above steps and learn more about our customizable products and funding ideas at www.itsadisaster.net/ppp.html.

Stay safe and have a great weekend, j & B


Get Ready to #ShakeOut October 16, 2014 (world’s largest earthquake drill)

October 9, 2014

ShakeOut_GetReady_2014-lgOn October 16, 2014 at 10:16 a.m. (your local time) people across North America and around the world will participate in the Great ShakeOut earthquake drill.

The main goal of #ShakeOut is to get people prepared for major earthquakes and use the event as an opportunity to learn what to do before, during, and after an earthquake.

You might think “I don’t have earthquakes where I live”, but did you know every continent on the planet experiences earthquakes? The U.S. Geological Service estimates there are several million earthquakes a year globally and, while a vast majority of these are very small or undetected, about 100,000 quakes per year are felt.

All 50 U.S. states and territories have earthquakes so the ShakeOut is an opportunity to practice how to protect ourselves during earthquakes. Anyone can participate and basically, wherever you are at that moment—at home, at work, at school, anywhere—you should Drop, Cover, and Hold On as if there were a major earthquake occurring at that very moment, and stay in this position for at least 60 seconds. ShakeOut also has been organized to encourage everyone to update emergency plans and supplies, and to secure your space in order to prevent damage and injuries.

Learn how to register and find games, resources and more at www.shakeout.org … and, if you’re on Twitter, join ShakeOut, America’s PrepareAthon!, and the American Red Cross at 3p (Eastern) on October 15 using #EQChat. Experts will provide safety tips and other information to get you prepared for earthquakes.

Also check out my recent interview on DestinySurvival Radio since John and I discuss the ShakeOut, earthquake preparedness, and some things to expect in the aftermath of a disaster. Let us know how you plan to ShakeOut and stay safe out there, j & B

 


Fire Prevention Week October 5 – 11, 2014

October 5, 2014

The National Fire Prevention Agency’s Fire Prevention Week runs from October 5 – 11, 2014 and this year’s official theme is “Working Smoke Alarms Save Lives: Test Yours Every Month!”

Did you know that many people don’t test their smoke alarms as often as they should? When there is a fire, smoke spreads fast. You need working smoke alarms to give you time to get out so test your alarms every month.

For example, did you know…

  • Almost three of five (60%) of reported home fire deaths in 2007 to 2011 resulted from fires in homes with no smoke alarms or no working smoke alarms.
  • Working smoke alarms cut the risk of dying in reported home fires in half.
  • In fires considered large enough to activate the smoke alarm, hardwired alarms operated 93% of the time, while battery powered alarms operated only 79% of the time.
  • When smoke alarms fail to operate, it is usually because batteries are missing, disconnected, or dead.
  • An ionization smoke alarm is generally more responsive to flaming fires and a photoelectric smoke alarm is generally more responsive to smoldering fires. For the best protection, or where extra time is needed, to awaken or assist others, both types of alarms, or combination ionization and photoelectric alarms are recommended.

It is best to install both smoke and carbon monoxide (CO) detectors in your home, apartment and/or RV. And remember to test alarms at least once a month, replace batteries once a year, and get new units every 10 years.

And, if you haven’t already, take some time to make an Escape Plan that includes two escape routes from every room in the house. Draw a floor plan of your home showing doors, windows and stairways. Mark locations of first aid and disaster kits, fire extinguishers, smoke detectors, ladders, and utility shut-off points. Next, use a colored pen to draw a broken line or arrow charting at least 2 escape routes from each room … and walk through the routes with your entire family.

Also…

  • Make sure your windows are not nailed or painted shut.
  • Make sure security bars on windows have a fire safety opening feature so they can be easily opened from the inside…and teach everyone how to open them!
  • Teach everyone how to stay LOW to floor (air is safer).
  • Pick a spot to meet after escaping fire (meeting place).
  • Practice, practice, practice! Set aside time each month or several times a year and do fire drills with your family.

Fire Prevention Week is the perfect time to reach out and share resources that empower people to have a hand in preventing home fires and protecting their families.

Learn more at www.fpw.org and please share the link and this post with others. And for the little ones, visit Sparky the Fire Dog® site at www.sparky.org to find free apps, games, videos and more.

Stay safe, j & B

 

 

 


Get involved with October 2014 National Cyber Security Awareness Month #NCSAM

October 2, 2014

ncsam-logo-2014Did you know October is cyber security month in several countries?

America’s National Cyber Security Awareness Month or NCSAM campaign – under leadership from the U.S. Department of Homeland Security and the National Cyber Security Alliance – has grown exponentially, reaching consumers, small and medium-size businesses, corporations, educational institutions, and young people across the nation.

Cybersecurity begins with a simple message everyone using the Internet can adopt: STOP. THINK. CONNECT. Take security and safety precautions, understand the consequences of your actions and behaviors online, and enjoy the benefits of the Internet.

The National Cyber Security Alliance has #NCSAM tools, banners and materials to help home users, K-12 Educators, Higher Education, Small Businesses and more get involved at www.staysafeonline.org. You can also follow NCSA on Facebook or on Twitter @STOPTHNKCONNECT and @StaySafeOnline and search #NCSAM to find more cyber safety tips and resources.

Canada’s national public awareness campaign Get Cyber Safe was created to educate Canadians about Internet security and the simple steps individuals can take to protect themselves online. Learn more at www.getcybersafe.gc.ca and follow them on Twitter @GetCyberSafe

And the European Union advocacy campaign European Cyber Security Month (ECSM) aims to promote cyber security among citizens, to change their perception of cyber-threats and provide up to date security information, through education and sharing good practices. Visit http://cybersecuritymonth.eu/ to learn more and follow ‪#‎cybersecawarenessmonth‬ on social media to keep up on activities in Europe.

As NCSA explains… The Internet is a shared resource and securing it is Our Shared Responsibility. Everyone has a role in securing their part of cyberspace, including the devices and networks they use. If each of us does our part—implementing stronger security practices, raising community awareness, educating young people or training employees—together we will be a digital society safer and more resistant from attacks and more resilient if an attack occurs.

Also read and share our Oct 2013 enews article called Protecting devices from cyber threats.

Stay safe out there, j & B

 

 


Shellshock Bash bug impacts Linux, Unix and Mac systems (and hackers are already exploiting it)

September 25, 2014

shellshock bash bugA serious flaw has been found in a software component known as Bash (Bourne Again Shell), which is a part of many Linux / Unix systems as well as Apple’s Mac operating system.

The bug, dubbed Shellshock, can potentially be used to remotely take control of almost any system using Bash, researchers said. The bug, which has gone undetected in the software for at least 22 years, was just disclosed yesterday 24-Sep-2014.

According to Securelist.com … “it is an extremely powerful vulnerability due to its high impact and the ease with which it can be exploited. Basically it lies in the bash shell interpreter and allows an attacker to append system level commands to the bash environment variables, but not every system is vulnerable since certain conditions must be met. … The impact is incredibly high because there are a lot of embedded devices that use CGI scripts – for example routers, home appliances and wireless access points. They are also vulnerable and, in many cases, difficult to patch.”

Chris Griffith, Senior Technology Journalist @ The Australian writes… “The security hole poses an enormous threat to everything from computers to sewerage treatment plants, pump networks, to web servers, traffic lights, airport lights, SCADA systems and even Apple Mac computers. That’s because the hole has been found in a piece of code that’s fundamental to the running of machines across the internet, along with network infrastructure such as routers, switches, and phone exchanges. It opens the door for hackers to obtain access to computers and other systems through a web browser. From there they can infiltrate and play havoc with machines as well as the corporate computer networks they are part of. …”

According to Trend Micro … “LINUX powers over half the servers on the Internet, Android phones, and the majority of devices in the Internet of Things (IoT) so the reach of this is very broad. Also, because Bitcoin Core is controlled by BASH, this vulnerability can impact Bitcoin miners and other Bitcoin related systems, making them potentially a very attractive target to attackers.”

Shellshock rates 10 out of 10 on the scale of vulnerabilities. For perspective, Heartbleed rated an 11 but that bug required more work to exploit holes, whereas Shellshock opens the way for hackers to add and manipulate code or data into “shell” commands.

Several exploits have already been identified in the wild (read herehere and here) and some experts are concerned this bug is “clearly wormable” and may get much worse in the coming months.

But not all security experts agree this is “Heartbleed 2.0”. Brad Chacos writes in PCWorld … “Jen Ellis of security firm Rapid7 says the Shellshock bug’s outlook isn’t quite as grim, even if it is rampant. Ellis writes, ‘The conclusion we reached is that some factors are worse, but the overall picture is less dire… there are a number of factors that need to be in play for a target to be susceptible to attack. Every affected application may be exploitable through a slightly different vector or have different requirements to reach the vulnerable code. This may significantly limit how widespread attacks will be in the wild.’ …”

No one really knows for sure how bad things could get with Shellshock, but one thing everyone agrees on is system administrators and developers need to patch this Bash bug asap.

PATCH AVAILABLE

There are patches available through the links below and realize there will most likely be a series of patches going forward.

US-CERT recommends administrators and users review CVE-2014-7169 in the National Vulnerability Database as well as the Redhat Security Blog for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. As of 24-Sep-2014 GNU Bash patch is also available for experienced users and administrators to implement on all current versions of Bash, from 3.0 to 4.3.

Some security researchers warn that the patches are “incomplete” and would not fully secure systems. Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug. Read more at RedHat.com

WHAT CAN I DO?

As Mashable explains… “Unlike Heartbleed, which forced users to change their passwords for various Internet services, Shellshock doesn’t appear to have any easy solutions for average users right now. In most cases, it will be up to system administrators and software companies to issue patches.”

Kaspersky Labs’ Global Research & Analysis Team has great Q&A about the “Bash” vulnerability with an easy test on how to check if your system is vulnerable on Securelist.com. There is some geek-speak throughout the Q&A but it could be helpful to some techie users and programmers.

The patching process for Apple users is described over at StackExchange,  but be warned – according to Mashable, it requires a certain level of command line-level knowledge to be applied.

For general home users worried about security, watch for updates (esp. OS X and Android users) and pay attention to updates from Internet providers and manufacturers – particularly for hardware such as broadband routers. Also be wary of emails requesting information or instructing you to click links or run software to “fix” this bug.

Unfortunately this situation is only starting to manifest and metastasize and, as Kaspersky Lab chief executive Eugene Kasperksy said, “the internet should expect a lot of exploits and hacked websites to be disclosed in coming weeks.”

MORE INFORMATION

Some helpful sites and articles with fixes, explanations about various vulnerabilities and more are…

Red Hat’s Security Blog

Red Hat’s original post about vulnerability

“Bash” (CVE-2014-6271) vulnerability – Q&A by Kaspersky Labs’ Global Research & Analysis Team

U.S. Computer Emergency Readiness Team

Everything you need to know about the Shellshock Bash bug by Troy Hunt via TroyHunt.com

What you need to know about Shellshock, aka the “Bash Bug” by Mark Nunnikhoven @ Trend Micro

Bash Vulnerability – Shell Shock – Thousands of cPanel Sites are High Risk by Daniel Cid @ Sucuri Security blog

Shellshock DHCP RCE Proof of Concept by TrustedSec.com

Major Bash Vulnerability Affects Linux, Unix, Mac OS X by Michael Mimoso @ ThreatPost

Worse than Heartbleed? by Jim Reavis @ Cloud Security Alliance

Shellshock: The ‘Bash Bug’ That Could Be Worse Than Heartbleed by Stan Schroeder @ Mashable

Why You Could Be At Risk From Shellshock, A New Security Flaw Found In Linux by James Lyne @ Forbes

Unix/Linux Bash: Critical security hole uncovered by Steven J Vaughan-Nichols @ ZDNet

Shellshock: ‘Deadly serious’ new vulnerability found by Dave Lee @ BBC

Bash bug fallout: Shell Shocked yet? You will be … when this becomes a worm by Darren Pauli @ The Register

‘Bigger than Heartbleed’ Shellshock flaw leaves OS X, Linux, more open to attack by Brad Chacos on PCWorld


Hero Dogs Of 9/11 Legacy (follow-up video by Dog Files)

September 11, 2014

Ten years after the World Trade Center attack, the working dog community comes together to honor the dog teams that worked at Ground Zero.

Thank you Dog Files for honoring these amazing USAR K-9 teams.

Also see original Hero Dogs of 9/11 video and our tribute to 9/11 Ground Zero Responders. Never forget.

 


Hero Dogs Of 9/11 (video tribute by Dog Files)

September 10, 2014

A tribute to the more than 300 search and rescue dogs that helped in the rescue effort at the World Trade Center after terrorists attacked on September 11, 2001.

Learn more about Dog Files

Also see our photo and video tribute to 9/11 Ground Zero Responders from 2013. Never forget…


Follow

Get every new post delivered to your Inbox.

Join 2,089 other followers

%d bloggers like this: