FLASH DRIVES (STORAGE DEVICES)

A flash drive, also known as a thumb drive, a USB stick, or memory stick, is a convenient plug-and-play device that is slightly larger than the average human thumb. Their primary function is to store files, videos and photos so you can take them with you when away from your own computer, plug the drive into the USB port of a different computer to display, share and transfer files, videos, documents or photos to one or more users. 

Example of flash drive size

We use multiple flash drives to back up documents, photos and important files on our hard drive. Each flash drive is labeled according to project and each time we update a file, we plug in the flash drive, save a copy to it and a copy to the hard drive.

How to Find It On Your Computer

When inserted into a USB port of a computer, that computer's operating system recognizes it as a removable device and identifies it with a drive letter. The storage capacity of flash drives ranges from 2 megabytes up to 1 terabyte. New technology in 2023, 2024, and 2025 promises to increase the storage to 2 terabytes.

Their primary function is to store files, videos and photos but if you delete files or reformat the flash drive to remove fragments of files, then the device will degrade and will no longer be reliable.

Password or PIN Protected

Sensitive information stored on flash drives can be protected with a password or a PIN. Given the thousands of security breaches in recent years, many people saw their personal information stolen by bad actors who used it to apply for bank loans and credit cards. It makes good sense to add a password or a PIN as an extra layer of protection to safeguard your stored information.  If someone does not have the password or PIN, they can't access the info on that flash drive.

This 'N That

Internet - Flash drives do not require an internet connection. 

Cloud - No information is stored on a cloud unless you choose to use it that way so the flash drive acts as a go-between.

There is no need to save files to your computer if you are saving them to a flash drive. We choose to do it as insurance against loss. 

If you share a computer with someone, flash drives hide your info from prying eyes.  

Transfer Speeds

When it comes to flash drives, size matters and so does the transfer speed. Low cost flash drives usually have slow transfer speeds such as USB 1.0 low speed which transfers about 1.5 megabits per second (Mbps). These are pretty much obsolete now except on ebay or small town pawn shops.  

A USB 1.0 high speed transfers at about 12 megabits (Mbps) per second. For USB 2.0 high speed has a maximum transfer rate of 480 megabits per second. For 3.0 Super Speed, the data transfer rate is about 5 gigabits per second (Gbps) and 3.1 Super Speed Plus has a transfer rate of about 10 Gbps.

Ready Boost

For older PCs with low memory or smaller hard drives, you can use a flash drive to install Ready Boost, an app that speeds up slow hard drives but you have to use 3.0 flash drive to get adequate speed.

Miscellaneous About Flash Drives

- No batteries required.

- No rebooting required (of PC or flash drive).

- Flash drives have no moving parts, however, they can physically get lost. Keeping them on a key chain attached to your belt has been a trend, however if your keys become unhooked from your belt and get lost, then you have lost your flash drives as well.

- If you do not have a lockout feature on your computer or if you choose not to use a password to lock it, you can install a Windows app on your flash drive that acts like a special Unlock key (some app examples: Raptor, Serpent, Flash Security, Predator, Lock USB, USB Lockit, Ease US, Lock My File).  Plug in the flash drive while working at your computer. When you are doing working, remove the flash drive, the screen goes dark and your device stays locked until you return. Reinsert the flash drive and it wakes up your screen.

If you use the protective cover or case that is sold with your flash drives, then the device will hold up well against minor mishaps.

Information can stay stored on a flash drive for years.  When ready for use, it adapts to any operating system because the stored information is not dependent on the operating system in which the files were created.

Flash drives are not immune to malware. If you insert it into an infected device, your flash drive can become infected too. The best you can do at that point is to trash the flash drive because transferring info from an infected flash drive to a new flash drive will likely transfer the malware too.  

HOW TO USE THE FUNCTION KEYS ON A KEYBOARD

Function keys on keyboard

The function keys F1 through F12 may have either a variety of different uses or no use at all. Depending on the installed operating system (WIN 7 or higher), the software program you currently have open will change how each of these keys operate.

A program is capable of not only using each of the function keys, but also combining the function keys with the ALT and/or CTRL keys.

For example, Microsoft Windows users can press ALT + F4 to close the program currently active in a tab or window.

Here are some of the common functions of the functions keys on computers running Microsoft Windows. As mentioned, not all programs support the function keys and they may perform different tasks then those mentioned below. 

Play with these on your own computer because one might have a different function for you.

F1

F1 - Almost always used as the HELP key which opens the Windows HELP screen

Pressing the Windows Key + F1 key opens the Microsoft HELP and support center.

F1 Opens the Task Screen

*******************

F2

In Windows F2 is commonly used to rename a highlighted icon or file.

Alt + Ctrl + F2 opens a new document in Microsoft Word.

Ctrl + F2 displays the print preview window in Microsoft Word.

*******************

F3

Often opens a search feature for many programs including Microsoft Windows.

Shift + F3 will change the text in Microsoft Word from upper to lower case or a capital letter at the beginning of every word.

F3 will Repeat the last Command in MS-DOS or in Windows Command Line

*******************

F4

F4 opens the FIND Window in Windows 95, XP, 7, 8 and 10

Repeats the last action performed in Word 2000 version

Alt + F4 will close the program currently active in Microsoft Windows.

F4 Function Key Opens the Address Bar in Internet Explorer and Windows Explorer

*******************

F5

The Main use of F5 is to Refresh or Reload the Web Pages or Documents

In Power Point F5 Starts a Slideshow

F5 is used to Open FIND and, GO TO Window in Microsoft Word And Replace text

*******************

F6

Moves the cursor to the Address bar in Internet Explorer and Mozilla Firefox.

Ctrl + Shift + F6 opens to another open Microsoft Word document.

F6 Key is Used to Reduce Volume on the Speaker

*******************

F7

F7 Function Key mainly used to check Spelling and Grammar in Microsoft Word Document

SHIFT + F7 Runs a Thesaurus check on highlighted word

F7 Key is Used to Increase the Laptop Volume

*******************

F8

F8 Function Key is Commonly used to access Window Safe Mode

It is used to enter the Windows Startup Menu

F8 Function key is used by some computers to access the Window recovery system. But it may required Windows Installation CD.

F8 Function key is also used to display the Thumbnail image for all work space in MAC OS (Operating System)

*******************

F9

F9 Function Key is Used to Refresh a Document in Microsoft Word

F9 Function Key is Used to Send and Receive the E-Mails in Microsoft Outlook

F9 Function Key is Used to Reduce Laptop Screen Brightness

F9 Function Key Opens the Mission Control on An Apple Computer Runs on Mac OS X

*******************

F10

F10 Function Key is Used to Increase Brightness on Laptop Screen

F10 Function Key is Used to Access the Hidden Recovery Partition on Compaq, Sony and HP Computers

SHIFT + F10 replaces using the Right Click on highlighted icons Internet links and files

F10 Function Key is Used to Activate the Menu Bar in Microsoft Windows

*******************

F11

Full-screen mode in all modern Internet browsers.

F11 Function Key is Used to Access the Hidden Recovery Partition on Lenovo, Gateway, Emachine hard drives

In MAC OS 10.4 or Later Version - Hides all open windows and shows the Desktop

*******************

F12

Opens the Save As window in Microsoft Word.

Shift + F12 saves the Microsoft Word document

Ctrl + Shift + F12 prints a document in Microsoft Word

F12 Function Key is used to Preview a Page in Microsoft Expression Web.

 Please don't share by copy pasting our entire post.  You can share our blogs with your friends by giving them this link so they can enjoy our websites too.  Check our sidebar for links to all our sites. Thank you.

https://2geekgirls1nerdyguy.blogspot.com/

You Might Be Eligible to Join The Capital One Class Action Lawsuit

On August 6, 2019, a class-action lawsuit was filed naming Capital One, who reported a data breach on July 29, 2019, and naming GitHub, who hosted stolen files of Capital One's user data on their website.  Capital One's data was on leased cloud storage space from Amazon's Cloud Service but Amazon has not been named in the lawsuit as of today's date. GitHub is owned by Microsoft who purchased the website in 2018. 

• A separate class-action lawsuit was filed against GitHub on August 1, 2019, for negligence and violation of the federal Wiretap Act (for allowing hackers to store sensitive user information on their servers) and California civil code for failure to remove personal information belonging to Capital One users that had been exposed on their site for nearly 3 months. This lawsuit, which also levies charges against Capital One, contends that GitHub's website actively encourages hacking.

Today, we are outlining some of the points in Capital One's FBI complaint which you can read later when you are done reading here.

 

THE DEVIL IS IN DETAILS

The Capital One breach and the subsequent investigation had some details that were not made public on July 29, 2019 but were later released via news media and in the class action lawsuit transcript file. 

At the end of this post, we are also giving you a link to join the class-action lawsuit. Use the criteria below to see if you qualify to be included.  

Do you qualify to join the class-action lawsuit against Capital One? 

CAPITAL ONE'S PRESS STATEMENT


According to Capital One's press statement on their website, they claimed that no Social Security numbers, login information or passwords were compromised, except for the 140,000 Social Security numbers and 80,000 linked bank accounts they identified in their original statement.  

So even though the hack allegedly compromised the personal data of over 100 million customers, Capital One is saying that nearly all of the other user Social Security numbers and login data was tokenized and that they are sure it was only these 140,000 Social Security numbers and 80,000 linked bank accounts who were affected.

Our first question is:  How the heck do they know this for sure? 

• According to their statement, they didn't even know they had an 'intrusion' in March 2019 when Paige Thompson hacked their files not once but several times. 

• They also claimed they didn't see a direct message that was sent to their email in June 2019 from someone warning (or threatening) that the stolen information was going to be exposed soon if they didn't act.  When the information was exposed, Capital One still did not act on it. 

Our second question is:  

• How did the customers with the exposed 140,000 Social Security numbers and the 80,000 linked bank accounts get so unlucky as to not be tokenized so that their data was the only data to be compromised "for sure" out of over 100 million customers? Why wasn't their data tokenized like it was for all other customers?

Ok, enough about that. After the horse already escaped from the barn, Capital One's next step was to take care of the fallout.  

Their primary way to do that was to downplay it by calling it an "incident" as opposed to a hack or a breach.  

• The change in wording was possibly a last ditch effort to save some face.  

THE DIFFERENCE BETWEEN A BREACH AND A HACK 

• A breach is when data or files are unintentionally left unsecured and vulnerable to hacking, as a result of  a bad actor's malicious activity or from negligence.

• A hack occurs when cyber-attackers purposely access to compromise a company's software, hardware, networks or service components to steal information or to hold for ransom.  This is what happened with Capital One. 

There doesn't seem to be much difference between the two, at first reading. 

• But when you read the definitions more closely, you could say that a little bit of both can be applied to Capital One.  

Berkeley Law Professor Chris Hoofnagle on Twitter at
https://twitter.com/hoofnagle/status/1156200937330839553

Capital One's choice use the word 'incident' doesn't smooth anything over.  In our view, it all comes down to using a term that makes Capital One look more like a victim in place of a term that likely makes them look worse than they already do.  

• For Capital One and their supporters to say, "Capital One suffered an "incident" sounds a whole lot better and less accusatory than to say "Capital One had a breach,"  or "Capital One was hacked."

However there are many people who don't think hacked companies are victims at all.  In conversation, whether it is said with regret or with scorn, you will primarily hear:  "Capital One got hacked."  It's just human nature.

This "incident" is not a clear cut situation as Capital One would like the public to believe. 

Here is a screenshot and link to Capital One's press release on their website.  Notice the wording we pointed out in blue boxes. Capital One emphatically states that no other customers were compromised. 

Although her identity was known at the time but unclear whether she was charged yet, instead of referring to her as "the hacker," they referred to her as "the individual."

Capital One's press statement

http://press.capitalone.com/phoenix.zhtml?c=251626&p=irol-newsArticle&ID=2405043



WHO IS AFFECTED

Although companies are not required to notify their account holders of a breach or a hack, the best way to keep current of such events is your local news, your internet's home page and by ongoing observation of user activity on your accounts.  Capital One did notify some of their customers early on.

Until stated differently, this hack affects Capital One account holders - past and present - who live in the United States and Canada, particularly Florida and California. Users need to be aware of the following: 

• the extent of the breached data, 

• when Capital One learned of the breach, 

• Capital One's actions to attempt a cover-up, 

• your benefits of joining a class-action lawsuit. 

Don't be so quick to dismiss this by thinking that the lawsuit requires your presence in court or that you don't stand a chance of getting anything out of it. 

Although Capital One is giving compromised users two full years of free credit monitoring, the class action lawsuit states that the least you can get is 6 months of free credit monitoring protection (a savings of about $99) or $125 (+ or -), depending on the number of participants in the class action who receive payments.  

You may qualify if you:

• Live in California, Florida, parts of the United States and Canada as stated in the file Page 9, lines 2 through 27 who provided personal information to Capital One and whose personal information was accessed, compromised or stolen by an unauthorized individual or individuals in the data breach announced by Capital One on July 29, 2019.

• paid money to repair your credit or for credit monitoring, 

• already had in place (or have since paid for) identity theft insurance either monthly through Capital One credit card services or through another company,

• noticed fraudulent charges on your credit card statements 

• were charged interest or finance charges on fraudulent charges.  

• suffered psychological stress or illness due to this hacking event (requires documentation, for example, billing of professional services)  . 

• were contacted by Capital One and told that your account was compromised

If any of the above circumstances apply to you, or if you have another reason that you think makes you eligible, then you should complete the form so a lawyer from the firm that is handling class-action lawsuit can contact you to discuss it.  


FYI 

The breach not only affected personal and business account holders who used Capital One as their bank.  It also affected anyone who completed applications to apply for a credit card or other services for the 14 year period from 2005 through 2019. 

• This includes both approved and denied credit applications.

Capital One statement regarding consumers And small businesses

If you own a business or if you had business accounts with Capital One where your customer data was made known to Capital One, there could be a domino effect if your passwords or data was not encrypted or tokenized.  

Cyber-security experts advise changing passwords as well as your diligent and continued observation for malicious activity.




CREDIT CARD DISCLOSURE  

Because Capital One collected personal and financial data to process each application, the class action lawsuit charges that, because they were hacked, Capital One is in violation of their own disclosure statement which is provided to all applicants, both by phone and on paper. 

Capital One is charged in the lawsuit with violating their  Disclosure Contract 

  

SO, DID CAPITAL ONE ATTEMPT TO COVER UP THIS 'INCIDENT'?

Whenever a hacked party is aware of the occurrence of a malicious event or intrusion, then makes an attempt to hide it, or to work with, or to coerce another actor to remove or hide it from public view, this can constitute a cover-up.  

When Capital One learned that their stolen files that were exposed on GitHub detailing how their customer data was hacked, Capital One's only concern was to request GitHub to remove just those parts of the files that showed "how" they were hacked. 

• Capital One demonstrated very little or no concern for their customer data because they didn't request the file, in whole or in part, to be removed from GitHub.  

• There is a very small possibility that Capital One's concern was for other companies who could be hacked by bad actors using the same method as shown in the exposed file on GitHub.  If that were the case, one would logically think that Capital One's next action would have been to request GitHub to remove the entire file, then immediately follow up by making a report to the FBI.  But they didn't do that, so this possibility is not likely.

• GitHub allowed the data lay exposed on GitHub's site for almost 90 days. GitHub certainly knew it was sensitive information belonging to Capital One's database because they publicly commented that they saw no reason to remove it since there were no exposed names, birthdates or Social Security numbers.  If they knew what information was not in the file, then they knew that the file was on their site all that time.

The following screenshot is from the top class-action lawsuit website which states: 

GitHub's Statement 

DATE OF AWARENESS

While reading the details of the lawsuit complaint and various news releases as they evolved, it appears that a direct message was sent to Capital One that warned or threatened to release the stolen information to the public. If this is true, then this is when Capital One's "date of awareness" changed from July 17, 2019 to a undisclosed date in June 2019. 


This screenshot is from the FBI complaint on page 11. The reporting source is Capital One.

https://www.justice.gov/usao-wdwa/press-release/file/1188626/download

 


 The following screenshot is from a news report at 

https://telegraph.co.uk/news/2019/07/30/capital-one-data-breach-exposes-100-million-customers-us

From The Telegraph, July 30, 2019

Capital One knew of the seriousness of this event after the June 2019 email that threatened the files were going to be exposed soon.   Since it wasn't a done deal as of June 2019, Capital One could have acted on this at that time instead of waiting another six weeks before notifying the FBI and the public.  


One can only wonder if GitHub would have removed any part of the stolen file at all, had they not been contacted by Capital One to remove only the part of the file about how Capital One was hacked.  



DETAILS OF THE HACK

The hacker, Paige A Thompson, who goes by the screen name "erratic" on Twitter, is a former software engineer who worked for Amazon's Cloud Services based in Seattle, Washington.   

• Her position at Amazon is important now, but in July 2019, the news reports gave no job specifics, only that she had worked for Amazon. 

On July 29, 2019, Capital One notified the FBI and the news media that they had experienced a data breach in their system which they said they became aware of ten days before, on July 19, 2019.   Evidently, this was not true. 

In news reports and documents that have since become public, their date of awareness appears to have been in June 2019 with the first email contact that their user data was about to be exposed.  Essentially it was being held hostage without a stated ransom amount.  

However, the data was already exposed on GitHub sometime in early April 2019 so the email threat was long after the data was public on GitHub.

As for the age of the stolen information, we, as members of the public, assumed the hacked information was from the current year so that people who had dealings with Capital One from years ago did not become concerned.

• What was little emphasized in the initial July 29, 2019 filing was that the March 2019 hacked information included files that dated back 14 years (from 2005 to 2019) of personal and business accounts (credit card applications that were both approved and denied), corporate accounts and anyone who used (or applied for) Capital One loans or bank accounts.

From the FBI report

The FBI reports show that Capital One was contacted a second time by email on July 17, 2019 to say that their leaked data was already posted on GitHub, a web hosting site.  But as of July 17, 2019, Capital One still didn't notify the FBI or their account holders that they had been hacked. They waited 12 more days until July 29, 2019, which allowed the stolen information to stay exposed on GitHub, to be further exploited and potentially purchased by bad actors.

However the public was led to believe that the data was only on GitHub dating from July 17 when Capital One received email notification that the files were already posted on GitHub.  

GitHub was aware that the files were on their site due to their refusal to take them down by stating that there weren't any exposed Social Security numbers and other personal information to warrant removal.  This demonstrates that GitHub had knowledge that Capital One's files were on their site for a lot longer than 12 days.


According to the FBI report and class action lawsuit complaint, Capital One waited over a month to reveal the breach.  They received at least two direct messages between June 2019 and July 2019 and they were aware of a Twitter user known by the screen name "erratic."   

This changes Capital One's "date of awareness."  Even though "erratic's" June 2019 messages to Capital One warned that the stolen data was going to be distributed, it implied that the files were not yet exposed.  The hacker lied because the data had been exposed on GitHub since April 2019.

Capital One still did not act on any of the information. 

By ignoring and not immediately reporting they had been hacked, Capital One further deprived their customers for a full month of taking other precautions (for example: buying identity theft insurance or creating stronger passwords).  This caused a delay in Capital One start of two years of identity theft insurance which large corporations offer to their users after a hack.


For the time between June 2019 and July 2019, people who had applied for Capital One credit cards most likely would have chosen not to do so if they were aware of the hack, thereby safeguarding their own data.    


On July 29, 2019 when Capital One went public with the breach date of March 2019, they said the stolen data included "names, birthdates, and Social Security numbers" of over 100 million account holders in the United States and 6 million in Canada.  But they backpedaled on that later by stating much lower numbers.


By doing this, when customers like us heard this in news reports, it sounded like it wasn't that bad of a hack because Capital One said in their press statement that most customer names, birthdates and Social Security numbers were not part of the stolen data.  

Although the public knows they cannot change their names, birthdates or Social Security numbers, they also know that there's no sense in getting upset about something that can't be changed.  At that point, the hack was blown off by most people as minor.

According to the class-action lawsuit, the details of the stolen data was:

Details of Capital One data breach 

Capital One said the stolen data also included credit scores and linked credit card information -  other credit cards or bank account information that users kept on file with Capital One as a way to pay their bill.

Originally, the reports said only Capital One users was affected by the breach.  But the lawsuit states that the data of more than 30 companies who did business with Capital One had also been breached.  



The way that Paige A Thompson hacked Capital One should be of some concern, but to date, we haven't seen anyone who addressed it.  

Amazon offered storage space much the way an apartment building owner offers his building's apartments as rental space to tenants.   

Capital One redesigned the space so it could hold more files, much the way a renter would paint and decorate their rented apartment space.  

Amazon had a master key, so to speak, to access just the Cloud (their property), which they also provided to their employees so they could access the Cloud, perform routine maintenance, etc.  This access did not necessarily include the files contained on the Cloud.  This is similar to the way a building manager employed by an apartment building owner has a master key in the event of a fire or medical emergency where he would give attention to just that section of the apartment but not to the renter's personal belongings inside the apartment.  

Paige Thompson, as an employee of Amazon, gained access into the Cloud server owned by Amazon but rented by Capital One, just as a building manager would gain access to an apartment in a building she managed.

With knowledge gained as a former Amazon software engineer employee for Amazon's Cloud Services, Paige Thompson hacked into Amazon's Cloud Server which suggests that the original way to access might not have been changed since the time she was an employee. 

Amazon says they have no liability here because the space they leased to Capital One was fully controlled by Capital One. Amazon's Cloud Server only provided them with storage space.  Amazon might be held responsible for the actions of their employee who gained unauthorized non-emergency access to rented space, depending on whether she was still an employee or a former employee.

Whether or not Capital One rented space or controlled the compromised server, Amazon owns the Cloud and their employee hacked it, so the court may decide that Amazon will share liability.   



EXIT QUESTIONS:

In our opinion, Capital One is as guilty as GitHub for allowing the stolen data to remain exposed and threatened from June to the last week of July, 2019. 

It doesn't matter whether it was ransomed or just threatened to be exposed. Capital One knew about it and that alone is cause to fine them and for them to pay restitution to users.

Who do you think should be held financially responsible?  

Should it be Capital One who controlled their own data security on a Cloud Service which was owned by Amazon? 

Should it be GitHub, who knew the data was exposed on their website for 90 days and at Capital One's request, chose to hide some details of the hacking instead of reporting it and completely taking the file down?

Should it be both companies?

Should Amazon be named in the lawsuit since they provided the space for data storage on their Cloud Server?   


The Class Action lawsuit is open for account holders to join. 

Once the court makes a determination, the court will decide whether to place fines against the guilty parties and in what amount.  

The extent of the financial liability will depend on the economic and psychological impact that the hacking event had on individual Capital One account holders whose data was compromised and how many people in the class filed for financial compensation.

You can read the complete court document here.
https://www.dropbox.com/s/cjdflk7rh4z8ery/TZ_GitHub_CapitalOne_FINAL_Complaint_8_1_19.pdf?dl=0

This link will take you to the questionnaire for the class-action lawsuit.  Once you complete the form, you will be contacted by an attorney only if you qualify to join the lawsuit.

https://topclassactions.com/lawsuit-settlements/privacy/data-breach/us-canada-capital-one-data-breach-class-action-lawsuit-investigation/

Please share our posts with your friends so they can be made aware of this class-action lawsuit and the details of this case.  Thank you.