Archives for May 19, 2019

Google stats show how much a recovery number prevents phishing

May 19, 2019 by Editor

And that for most, multifactor via device prompt is as effective as a key.

In case you haven’t already set up a recovery phone number for your Google account, and enabled extra security features like multifactor authentication, the search giant is using hard data to explain why you should. Interestingly, studies (1)(2) researchers presented this week at The Web Conference found that simply adding a recovery phone number to an account blocked 100 percent of automated attacks, 99 percent of bulk phishing attacks and 66 percent of targeted attacks during the period they investigated.

That’s why you should take advantage of a tool like the Security Checkupnow, while your account is still secure, and get at least that level of protection enabled.

While SMS verification can be defeated by a targeted attack, Google’s ability to do things like send a prompt to a connected phone or have users verify where they last log in also help block sign-ins it thinks are suspicious. If you’re logging in on a brand new device or from a new location, then you should expect a little more scrutiny, however because 38 percent of users didn’t have access to their phone, and 34 percent couldn’t get to a secondary email address, the worry is that requiring challenges all the time will increase account lockouts.

According to the Google data, “hack for hire” attacks that impersonate familiar people or Google itself are incredibly rare, but can include multiple attempts even after an initial message is rebuffed. That’s where steps like its Advanced Protection Program — that requires a user to setup two hardware keys and use one of them to login all the time — come in handy.

Mirroring the results Google has seen since requiring employees to use hardware keys, researchers said zero users who exclusively use security keys — despite the presence of a flaw that’s caused a recall of Google’s Bluetooth Titan Key — had fallen victim to targeted phishing. Limiting the attack surface based on physical proximity, and because a site has to verify itself to the security key, keeps phishing attacks at bay, even for people who are being targeted specifically.

UN chief warns nuclear waste could be leaking into the Pacific

May 19, 2019 by Editor

Cracks in a 40-year-old nuclear ‘coffin’ are raising concern.

A UN chief is concerned that a Cold War-era nuclear ‘coffin’ could be leaking radioactive material into the Pacific. The concerns are both alarming and oddly similar to the plot of Shin Godzilla — including the part about it being the US’s fault.

According to Phys.org, the structure in question is on Enewetak atoll in the Marshall Islands — where the US conducted 67 nuclear weapons tests between 1946 and 1958. The tests included the Castle Bravo hydrogen bomb, which was reportedly about 1,000 times bigger than the atomic bomb dropped on Hiroshima. In the late 70s, waste from those tests was dumped into a crater and capped with a concrete dome 18 inches thick. That was intended to be a temporary solution, so the bottom of the crater was never lined.

Now, UN Secretary General António Guterres and Marshall Islands President Hilda Heine fear nuclear waste could be leaking from the pit. They’re also concerned about cracks in the concrete, which they worry could break apart if hit by a tropical cyclone. Guterres says the Pacific’s nuclear history needs to be addressed — hopefully he’ll be taken more seriously than Shin Godzilla’s Goro Maki, who warned of impending trouble but went unheard.

Over 21,000 Linksys routers leaked their device connection histories

May 19, 2019 by Editor

Linksys, however, says it can’t replicate the apparent flaw.

Certain Linksys WiFi routers might be sharing far more data than their users would like. Security researcher Troy Mursch has reported that 33 models, including some Max-Stream and Velop routers, are exposing their entire device connection histories (including MAC addresses, device names and OS versions) online. They also share whether or not their default passwords have changed. Scans have shown between 21,401 and 25,617 vulnerable routers online, 4,000 of which were still using their default passwords.

The attack appear to be relatively straightforward and involves little more than visiting an exposed router’s internet address and running a device list request. It works whether or not the router’s firewall is turned on, Mursch told Ars Technica, and isn’t affected by a patch Linksys released in 2014.

There are potentially serious consequences. Complete connection histories could tell hackers if there are juicy targets on a given network, such as a phone running outdated software, while stalkers might find out if their victim had visited a given location. The password status, meanwhile, could make it easy to hijack devices for the sake of botnets and other online crimes.

It might not be as clear-cut a situation as it appears, though. Linksys has posted a security advisory saying that it had “not been able to reproduce” the vulnerability, and suggested that the routers Mursch found online were either using outdated firmware or had their firewalls turned off. Clearly, there’s some disagreement here — and that could be a problem when it’s not certain that affected Linksys routers are truly safe. For now, the best bet is to ensure that you’re running up-to-date router firmware and that the device’s firewall remains active.

Arduino’s new Nano board family is more powerful and affordable

May 19, 2019 by Editor

The most basic one will set out back $9.90.

Arduino’s Nano line will soon welcome four new products. They’re all small boards like the classic one, making Nano a family of small boards meant for compact projects. All the new boards boast low energy consumption and processors more powerful than what the classic has. Even better, they’re all pretty affordable: the most basic entry called Nano Every, which you can use for “everyday” projects and can replace the classic Nano, will even set you back as little as $9.90.

The Arduino Nano 33 IoT will cost you twice that much ($18), but it’s compatible with Arduino’s Internet of Things application platform and can run connected devices. For projects like wearables that require Bluetooth and low power consumption, there’s the Arduino Nano 33 BLE, which is priced at $19. But if the device needs sensors for proximity and gesture, as well as various environmental sensors, then the Arduino Nano 33 BLE Sense is the best choice. It even has an embedded microphone and costs only $29.50.

Arduino co-founder Massimo Banzi said in a statement:

“The new Nanos are for those millions of makers who love using the Arduino IDE for its simplicity and open source aspect, but just want a great value, small and powerful board they can trust for their compact projects. With prices from as low as $9.90 for the Nano Every, this family fills that gap in the Arduino range, providing makers with the Arduino quality they deserve for those everyday projects.”

All four variants are now available for pre-order. The Nano Every and 33 IoT are coming out in mid-June, while the Bluetooth versions will come out in mid-July.

3 Expenses That Can Eat into Your Retirement Savings

May 19, 2019 by Editor

Most of us, unless we have a generous pension in our future, need to have a solid retirement plan. We need to have figured out how much money we need to retire with and how we’re going to amass that sum. Without a plan, we’re much more likely to end up struggling in our final decades.

It’s important to be comprehensive in our planning, too, because ignoring one or a few major costs in retirement can cause us to undersave or overspend. Here are three expenses to take into account as you plan for your financial future.

No. 1: Healthcare

Yup, healthcare. As you probably suspect, it’s likely to be a major expense in your retirement. But you might not be appreciating just how costly it could be. You wouldn’t be alone, either: A whopping 44% of retirees found that healthcare expenses in retirement were somewhat higher (27%) or much higher (17%) than they expected, per the 2018 Retirement Confidence Survey.

Of course, there’s no way to know now just how much you’ll end up paying, and a lot depends on your health and fitness. But consider this: A 65-year-old couple retiring today can expect to spend an average of $285,000 out of pocket on healthcare expenses over the course of their retirement, according to Fidelity Investments. That’s for out-of-pocket expenses beyond what Medicare covers, and it doesn’t even include long-term care expenses.

That’s just an average, of course, and it’s not the only estimate out there. A different report, by researchers at the Center for Retirement Research at Boston College, found that, on average, retirees spent roughly $4,300 per year (as of 2014) on healthcare in retirement. (Again, that’s for out-of-pocket expenses beyond Medicare and it also excludes long-term-care expenses.) Meanwhile, Healthview Services estimated that a healthy 65-year-old couple retiring in 2018 would spend about $363,946 on healthcare over the course of their retirement. That figure covers Medicare and supplemental plan premiums along with out-of-pocket expenses.

So be aware that healthcare could cost you a lot — and plan accordingly. Perhaps set a significantly higher savings goal for yourself. And consider getting fitter, if you’re not in great shape, as healthier retirees are likely to need less care and spend less on it. Be smart about Medicare, too, choosing the plans that will serve you best.

No. 2: Fees

Then there are fees. They can seem insignificant — 1% here, 1% there…Those are small numbers, right? But those small numbers can take a big bite out of your savings over long periods. Fees appear all over our financial lives — levied by banks, brokerages, credit cards, 401(k) accounts, mutual funds, and more. Many people pay their financial advisors 1% or more of assets annually. That means if an advisor is overseeing an account worth $300,000, they’re taking $3,000 out of it this year and will take another 1% next year, too, and so on. That really adds up.

Meanwhile, imagine two mutual funds — one charging you 1.10% annually, and the other (perhaps an index fund) charging you just 0.10%. If both gained 10% annually over a long period before that fee, then their post-fee returns would be 8.9% and 9.9%, respectively. Here’s the difference between those returns for someone investing $10,000 annually:

Over This Period…	Growing at 8.9%	Growing at 9.9%
10 years	$164,663	$174,315
20 years	$550,920	$622,348
30 years	$1.5 million	$1.8 million

A single percentage point difference can cost you many thousands of dollars — and potentially hundreds of thousands. You can keep fees low by shopping around for low-fee financial service companies and providers, and by favoring low-fee mutual funds, too. Remember that index funds tend to outperform most managed funds, and managed funds tend to feature much higher fees.

No. 3: Your children (or parents)

Finally, there’s family. Family members may bring us great joy, but many of them are also financially draining. It’s widely appreciated that raising a child to adulthood is expensive, but people often forget to look beyond that, to see that many parents keep supporting their kids well into adulthood. A TD Ameritrade survey found that on average, millennial parents received about $11,000 annually (in money and unpaid labor) from their own parents. Fully four out of five parents offer some financial support for their adult children, according to a survey from Merrill Lynch and Age Wave — spending twice as much on their kids as they do on retirement savings.

That kind of support can thwart your retirement saving — and, later, can finally pinch you in retirement. Imagine, for example, giving $10,000 to your kids each year — for just 10 years. That figure, if it were instead invested in your retirement account, growing at an annual average rate of 8%, would amount to more than $156,000 — a sum you might find rather handy in retirement, potentially supporting you for three years or so.

Aim to raise financially savvy kids. Get them to appreciate the power of compounded growth and start them investing in some stocks while they’re still young, too. That way they can eventually be financially independent, saving for their own retirements while you live off your own retirement savings.

Near retirement and have a health savings account? Beware of snags when claiming Social Security

May 19, 2019 by Editor

If you regularly contribute to a health savings account and plan to claim Social Security past your full retirement age, watch out.

That’s because you can no longer contribute to an HSA once you’re on Medicare, no matter whether you sign up just for Part A hospital coverage (which is free) or additional parts of the program that require premiums.

While this sounds straightforward enough, complications can arise for people who delay both Social Security and Medicare.

Here’s why: When you delay claiming Social Security beyond your full retirement age, you’re generally offered a lump sum in retroactive benefits of up to six months, dating no farther back than your full retirement age (which is 66 for most people right now).

If you’re not yet on Medicare when that happens and are contributing to an HSA, there’s the potential for issues.

“The problem is that if you take the lump sum from Social Security, it triggers Medicare Part A being effective retroactively as well,” said certified financial planner Peggy Sherman, a lead advisor at Briaud Financial Advisors in College Station, Texas. “So if you made contributions to an HSA during that time, you face an excise tax of 6% on those contributions in addition to income taxes.”

Anyone in that situation should remove those so-called improper contributions and alert your employer to remove any matching contributions made on your behalf, she said.

“That would need to be done by the tax return filing date for the year it’s happening in,” Sherman said. “If you sign up for Social Security this year, you have to remove those contributions by April 15 of next year to avoid the tax issue.”

With more people staying in the workforce well into their 60s and 70s, it’s a situation that’s more likely to crop up as those workers put off claiming Social Security and enrolling in Medicare.

As long as you have qualified health insurance through work, you can delay going on Medicare without facing a late-enrollment penalty. This means you can continue contributing to your HSA in combination with a high-deductible health plan.

For 2019, the maximum HSA contribution is $3,500 if you have self-only insurance, and $7,000 for family plans. People age 55 and older are allowed to put in an additional $1,000. The money comes with a triple tax benefit: Contributions are deductible, the money grows tax-free and withdrawals are tax-free as long as they are used to pay for qualifying medical expenses.

Delaying Social Security also holds appeal: Your benefits grow by 8% each year you delay up until age 70.

The lump sum offered by the government, and retroactive Medicare coverage, depends on how far beyond your full retirement age you are when you claim Social Security. As mentioned, you can get up to six months’ worth of retroactive benefits.

For example, say your full retirement age is 66 and you tap Social Security three months after your birthday. The government would offer to give you a lump sum worth those three months of benefits, which would make your effective date retroactive to your birthday. Sign up six months or more after your full retirement age, and you’ll be offered a six-month lump sum for retroactive benefits and effective date.

If you think you’ll accept a lump sum, you need to stop your HSA contributions before that retroactive date would kick in to avoid the tax complications, Sherman said.

She also pointed out that rejecting the lump sum — and retroactive effective claiming date — isn’t necessarily a bad idea anyway.

“If they say we’ll give you a lump sum worth six months and you say no, your base benefit will be 4% higher,” Sherman said.

In other words, based on an 8% increase in your base benefits for each year you delay claiming Social Security, the effective date that’s six months later would mean a permanent 4% increase in monthly benefits. If you were to take the lump sum, your base benefit would be pinned to that earlier date of claiming, making it less.

If your Medicare coverage becomes effective in the middle of the year, you can make HSA contributions that are proportional to the time you were still eligible to contribute. That is, each month of eligibility would be 1/12th of the maximum amount you can put in.

And of course, while you can no longer contribute to an HSA once you’re on Medicare, you can use the money to pay for premiums, copays, deductibles and any other qualifying medical expense, Sherman said. Also, once you turn 65, there is no longer a 20% penalty if the money is used for nonmedical expenses.

Latest Headlines

Currency Movements Shape Every Investment Decision in Your Canadian Portfolio

Smart Investors Are Discovering Gold Royalty Stock Opportunities in This Market Climate

Resource Royalty Opportunities Transform Canada Into Clean Energy Investment Powerhouse

Subscribe