Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Facebook in Hot Water Again

  • 3
Christopher Woo
Tuesday, 02 October 2018 / Published in Woo on Tech

Back when I first heard about Facebook I was working for a private university known for its “dry” campus. I was asked to consult on the case of a student who was being disciplined for violating the no-alcohol policy because a picture had been discovered of them buying booze at a nearby supermarket. It had been uploaded by the student’s friend to a hot new website called Facebook. I distinctly remember discussing this with staff and faculty at the time, predicting, “This is going to get a lot of kids in trouble.” There was discussion of banning access to the site, but filtering internet content back then wasn’t as straightforward as it is now, and the discussion was tabled with a promise to review the issue at a later time. Fast-forward to the present, where Facebook is still getting a lot of people in trouble, and themselves as well.

From the frying pan, to the fire, to…incinerator?

It might be hard to believe, but it was only June when we had to air out the latest load of dirty laundry from Facebook. Prior to that, they have been blog subjects seven times this year alone, and none of them were for something good! I’d say this month’s two-fer entry might be their pièce de résistance of colossal cock-ups, but there are still 90 days left in the year, and Facebook seems bent on setting some sort of record for destroying themselves.

First, they were caught red-handed letting advertisers use phone numbers provided by users for authentication purposes, something they had previously denied. To add insult to injury, it’s also come to light that they will also target individuals through contact information uploaded by their friends through the Facebook app, even if the individual never provided any sort of consent for such use.

If that isn’t enough to get your blood boiling, how about 50M Facebook users having their accounts compromised? Rather than the old-fashioned password hack, attackers exploited a bug in Facebook’s “View as” feature which allowed them to essentially steal the authentication token used to provide continued access after you’ve initially logged in. Think of this token as a VIP wristband you might wear at an event that also gets you access to the backstage. This token not only provides you a quick login to Facebook but to dozens of other connected services, such as Instagram and WhatsApp, that allow users to authenticate through Facebook instead of creating a unique login and password. Just like the wristband, Facebook only looks at the token and not the person using it, to determine what they are allowed to access, so you might get an inkling of why it being stolen is kind of a bad thing. The investigation is still ongoing, but according to Facebook, no passwords or credit cards were stolen, and it doesn’t look like the perpetrators of the September breach used their “wristbands” get into the various third-party platforms it could have granted access to, but I’d put even money on Facebook having yet another, “Wait, hold my beer,” moment, so don’t put the pitchforks too far out of reach.

Unfortunately for the two billion humans who are still trying to get some sort enjoyment (or livelihood) out of Facebook, there really isn’t any platform that comes close to being able to replace it. Your choices are “deal with it” or go cold turkey, the latter of which I don’t see any of my Facebook-hooked friends doing any time soon. If you’ve tied your various other online services to Facebook’s login in the pursuit of convenience, it only makes giving up Facebook that much harder and further illustrates just how dangerous this type of practice can be – Facebook login gave everyone a shovel, and quite a few people dug a hole that they have no idea how to get out of. Sadly, not climbing out of that hole and permanently putting the shovel aside essentially rewards Facebook for their negligent security practices, something that we should not do if we ever want the service to be something more than a way for advertisers and hackers (and Facebook!) to exploit for their own profit.

advertisersbreachfacebookHackingprivacy

Software: Rent or Buy?

  • 0
Christopher Woo
Tuesday, 25 September 2018 / Published in Woo on Tech

Microsoft has just announced the general release of Office 2019, the latest version of its “on-premise” productivity suite. Since the debut of Microsoft’s subscription version of this suite, Office 365, the year-numbered designations have been used to delineate the two product lines, and up to version 2016, the two versions have been functionally identical. According to Microsoft, as of 2019, the “on-premise” version will no longer maintain feature parity with Office 365 going forward. Of course, details are still fuzzy on exactly what that means, but based on take-aways from the Microsoft Ignite Conference held in Florida earlier this week, the main differentiator appears to be cloud AI-based features, like enhanced search and internet-connected data.

The classic real estate question comes to software: Rent or Buy?

For most business users who are approaching the cloud at a more measured pace, this question is probably still easily answered by doing a quick financial calculation: how many usable years will I get out of the numbered version of Office compared to the subscription cost of an ongoing 365 license? For some of my clients who are still (desperately) clinging to version 2010, their ROI has clearly exceeded everyone’s expectations, but as many are finding, it does come at a cost – missing features, reduced security and a growing incompatibility gap will at some point force an upgrade, often when the timing is most inconvenient. Up until now, the primary benefit of the subscription based model for Office has been the lower up-front cost of acquiring the software and the ease of reinstalling the software as needed. Microsoft has also sweetened the pot for some subscription plans by allowing multiple installs of the product on as many as 5 computers per license, which definitely improves the ROI over the long-haul. As more functionality and data moves to “the cloud”, the calculus of licensing software may tilt towards renting, especially since the software makers seem intent on focusing all their future efforts (and money-making) towards this model.

Image courtesy of Pixomar at Freedigitalphotos.net

IOT Cameras Vulnerable to Another Bug

  • 0
Christopher Woo
Tuesday, 18 September 2018 / Published in Woo on Tech
Get Patched

Back when the internet was relatively new and essentially unspoiled, there was a great deal of hype around the “connected home” which was to include every major appliance, all of your entertainment electronics, home lighting, environmental controls, and security. Everything it would seem, including toilets, which some manufacturers are still trying to make happen in 2018. One thing that had zero trouble becoming extremely popular is the internet-connected security camera, which has exploded in growth (as predicted) and shows no signs of stopping as the devices become more affordable and easy to install. The downside, of course, is that the low-cost comes at a price, which is most often achieved through poor quality control. Back before the days of solid-state everything, this used to mean shoddy wiring and terrible video resolution, but now, unfortunately, it seems to be coming at the cost of proper security.

Peekaboo, I hack you!

Once again, an overseas firmware manufacturer in Taiwan has announced that a recent version of its firmware used in an undetermined number of camera models has two significant bugs that, when exploited, can lead to complete root-level control of the device, which, in laymen terms means, “all your cameras are belong to us!” Any device, inside your network, that can be compromised and controlled by an outside, unauthorized agent is the very definition of bad news. Early estimates put the number of affected cameras at 180,000 to 800,000, which is really shorthand for “we don’t really know how many devices are impacted,” and is based on the list of partners the company released that might be affected by this vulnerable firmware. While the firmware maker was quick to issue a fix, the patch itself would need to be applied manually, and it’s not clear how that fix would be distributed, nor how the camera owner would be notified.

At the moment, there is no list of affected camera models, so unless your specific IP camera actually tells you what firmware it is using in the built-in web interface (most of them don’t), you can’t even check for yourself. You will have to wait to see if your camera manufacturer issues an update for your device. And let’s be frank, most folks, even yours truly, aren’t watching for firmware updates for our IP cameras, and I would hazard a guess that most owners of the consumer-grade IP cameras likely affected by this vulnerability haven’t even registered their ownership with the camera manufacturer, so unless you (1) know the model of the installed camera and (2) go look up on the manufacturer’s website to see if an update even exists, it’s likely you will never know if your camera is vulnerable until after it’s been hacked. Unfortunately, we have enough trouble keeping our computers and mobile devices up to date without having to keep track of the growing Internet of Things, but sadly, it looks like this is exactly what our next challenge will be.

cameraIoTvulnerabilityzero day

Google tracking you whether you want it or not

  • 0
Christopher Woo
Tuesday, 04 September 2018 / Published in Woo on Tech
ID-10067190.jpg

C2 Technology is in the business of providing technology support and consulting to other organizations, and Google’s many tools are indispensable to me and my team. Our email is hosted by Google, our searches are powered by Google, and it even helps me keep track of where I’ve been in the past week, and as many of you know, I am all over the map, seven days a week. I do this using the very handy “Timeline” feature provided by Google and my Android phone’s GPS. But I do all of this knowing full well that Google is literally tracking everything I do, and even being as familiar as I am with the industry and how data collection works, I can still say with complete confidence that I don’t know half of what Google is actually tracking about me, and probably even less about the several dozen other technology platforms I interact with on a daily, even hourly basis. And if I, a technology consultant who lives and breathes technology, can’t keep track of the data that other companies are collecting about me, what hope does that leave for the average person?

“Be better” Google?

An Associated Press investigation caught Google red-handed tracking users’ locations even when users disabled “Location History” in their device’s settings. They didn’t even try to apologize, instead insisting that turning off Location History does in fact disable that particular function (which tracks your movements for apps like the above-mentioned Timeline function), but that other Google apps may have location-aware services that will gather data in order to “improve people’s experience…” and, guess what, those apps have controls that will allow you to disable location tracking for that particular app. How many of the apps and websites that you use on your mobile device are tracking your location? Definitely more than just the Maps app, and the only way to turn off Google’s tracking as a whole is to “pause” a setting in your Google account called “Web & App Activity”. As many of Google’s critics rightly point out, the obvious assumption people will make when disabling Location Tracking is that location tracking is turned off everywhere, so using vague words and splitting semantic hairs is disingenuous at best, and in the EU where GDPR was implemented to curb this type of double-speak (among many other things), it might actually be a violation. Maybe Google needs to embellish its (seemingly long forsaken) motto, “Don’t be evil” to include some specifics. The above practice, while maybe not “Evil” in the traditional sense is still pretty slimy and clearly designed to benefit the company and not its customers.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Cyber attacks increasing ahead of US Midterms

  • 0
Christopher Woo
Tuesday, 21 August 2018 / Published in Woo on Tech
Bad weather ahead

Two separate reports have come in this week detailing the increasing tide of cyber attacks intending to sow politically-motivated disruption through the spread of misinformation and by targeting specific political organizations and government bodies. Microsoft was first to the gate with news that its Digital Crimes Unit (bet you didn’t know they had that!) executed a court order to disrupt new website domains that were targeting 2 well-known conservative think tanks, three that were intended to act as possible spoofs of legitimate Senate services, and one targeting Microsoft itself. In a similar vein, fellow tech titan Facebook scrubbed more than 600 accounts, pages and groups this month that were created by both Iranian and Russian actors to disseminate misinformation aimed at creating divisive influence on a wide variety of political issues both here in the US as well as Latin America, the UK and the Middle East.

What does this mean for you

In case you haven’t been picking up what I’ve been laying down for months, the most important thing for anyone to do in the face of increasing campaigns of purposeful misinformation and repeated bombardments of fake emails and impostor websites is to always have your critical thinking cap square on your head. If you are reading a news story that seems controversial, perhaps corroborate its contents by checking other sources, including ones that might not be aligned with your particular viewpoint. Received an email with an attachment that seems important, but you can’t quite remember if the sender is someone you actually worked with? It’s probably because you didn’t work with them and the attachment is a fake. Always err on the side of skepticism. The volume of information we are receiving on a daily basis is being used against us as camouflage and the only way to combat it is to be ever vigilant and never, ever skimp on security. That means check and double-check the source (news, emails, attachments, everything), and if still in doubt, call in a second opinion from someone you trust to give you another point of view. And always make sure your malware protection is intact, your passwords are unique and your data is backed up.

Image courtesy of Miles Stuart at FreeDigitalPhotos.net

The Elephant in the Voting Machine

  • 2
Christopher Woo
Tuesday, 14 August 2018 / Published in Woo on Tech

Despite what you might think, the titular pachyderm of this week’s blog isn’t the GOP mascot, but that same elephant I’ve pointed out to you in the past. We, as a civilization, have put into place technologies that have significant impact on our lives seemingly without the requisite care and considerations for our own safety and security. We can now toss onto this rapidly growing pile of hubris one of the most important institutions of this century, if not the entirety of human history – the political election process via the digital voting machine. Over this past weekend at the 26th annual, infamous Defcon gathering in Las Vegas, attendees were invited to hack digital voting machines that are currently in use across the US. One machine, used in 18 states, was hacked in less than 2 minutes. In another demonstration, an 11-year-old hacked a replica of the Florida Secretary of State’s website and changed posted voting results within 10 minutes.

What this means for you

If there is one axiom you can count on to be always true, it’s that any technology built by humans will be flawed, and yet most of us still believe things that are “digital quality”, “machine-built”, “scientifically engineered” are infallible, flawless, or even perfect. Definitely better than humans are capable of, forgetting that while the particular device in your hands or conveying you across town wasn’t made by human hands, it was most certainly designed by humans. Election officials and equipment manufacturers were quick to point out that the situation presented at Defcon doesn’t represent “real-world” implementations of their technology, but the findings of Defcon should at the very minimum raise awareness that, on top of Russia actively and currently seeking to interfere with our elections, we might be our own worst enemies, blindly trusting that technology, implemented by humans, would operate flawlessly and will be impenetrable. If there is anything I know after working for nearly 30 years with technology, there is no such thing as a perfect implementation, or bullet-proof security. If you happen to vote in a state that utilizes digital voting technology, make sure you understand what you can expect in terms of receipts or paper trails. Also understand that all states utilize some form of technology to count ballots, but not all states use technology in the act of voting. In California, some districts do have actual digital voting machines that can provide a paper record of your votes which you should absolutely retain just in case.

elephant on the internet

Sextortion Scam Making the Rounds

  • 0
Christopher Woo
Tuesday, 07 August 2018 / Published in Woo on Tech
Scam

Scareware isn’t a new trend – we’ve been seeing fake “FBI warnings” on our computer screens long enough that even the most technology naive among us knows not to pay their “online fine”, and the crime of extortion has been around as long as humanity has used currency. Unfortunately for all of us, cybercriminals have put a new twist on the scareware scam in what the media is dubbing “Sextortion”. The scam is as lurid as it sounds, basically tricking victims into believing their “not safe for work” (NSFW) online browsing habits are about to be exposed to their friends, colleagues and family unless a bitcoin amount is paid to keep the naughtiness under wraps.

The “gross” anatomy of this scam

Like others of its ilk, this is a straight-up scam, but the method used can produce a hair-raising response through the application of a diabolically clever trick: the scammer uses information found online to produce the illusion that they can “see you” and “know what you are doing” when in fact you are just the recipient of a mail-merge template. The trick is simple: they are pulling email and password pairs from any one of numerous illicit databases that are lurking in the dark corners of the internet, and then plugging that information into a template and mass spamming emails in the hopes that a small percentage actually fall for the con and pay the extortion fee. What’s different about this latest effort is the relatively sophisticated language and diction used which gives the appearance of someone who might actually be capable of the things they allege in the email. The terminology and activities described are written to target individuals who have used their device to look at porn on the web (which many people do, no surprise there), and when paired with the shock of seeing a familiar password right there on the subject line, many reflexively reach for their wallets.

A colleague also shared with me that the scammers are actually sending this same extortion note via actual mail, perhaps thinking that if their potential victim sees the threat printed in black and white on something they can hold in their hands it will have more weight. And it does, but only for the extortionist as now they’ve committed a federal felony.

Either way, don’t fall for this scam, and don’t let your friends, family and colleagues fall for it as well. Share this story, if only to ease the conscience of someone who may be secretly worried about their privacy. They should be, but not over this sorry piece of flim-flammery. For real reasons why they should be worrying about privacy, check these stories out.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Facial Recognition – Ready for law enforcement?

  • 0
Christopher Woo
Monday, 30 July 2018 / Published in Woo on Tech

Even though most of us know Amazon as the world’s largest drain on everyone’s wallet, they do quite a bit more not generally visible to their adoring public, including developing a now-controversial face recognition platform called “Rekognition” intended for use by law enforcement agencies. “Controversial” because of a recent report released by the American Civil Liberties Union (ACLU) wherein they used Rekognition to compare the photos of members of Congress against of a database of 25000 mugshots. The result: 28 Congress-critters incorrectly identified as criminals. Regardless of your opinion of their actual work in the capitol, this should raise eyebrows and hard questions from everyone, including the public servants falsely tagged in the ACLU’s “field test.”

What this means for you

Aside from a few well-known early adopters like Washington County and Orlando law enforcement, Amazon refuses to divulge which law enforcement agencies are using their technology, let alone which ones might be considering it for near or far term deployment. If you thought this technology was more science fiction than fact, consider this story which surfaced in March of Chinese law enforcement using glasses with built-in facial recognition in real-life security situations. Also consider that smart phones have been using face recognition for several years now, with countless reports of ease of spoofing the authentication method, as well as the same technology failing because of things like back-lighting (a client of mine, this weekend!), different hair styles or a 5-o’clock shadow.

Government officials, just like us regular consumers, are easily lured by shiny technology, but, just like us (because they are us), they are just as flummoxed when the technology doesn’t work as advertised. Unlike us, their ill-informed purchasing decisions can affect countless more lives, so it behooves us to urge our congress people to put technologies like Rekognition to a higher level of scrutiny and base their decisions on more than Hollywood-esque techno dreams dressed in photogenic eye wear. Will face recognition become a part of law enforcement? Without a doubt, but I’m not sure it’s ready for its close-up just yet, Mr. DeMille.

Russia Hacked US Power Utilities

  • 1
Christopher Woo
Tuesday, 24 July 2018 / Published in Woo on Tech

We’ve known since at least 2013 that American utility companies are under constant cyber attack, but at the time I wrote that blog four years ago, lawmakers and the industry believed that their security was sufficient to withstand the incursions. Welcome to 2018, where everything is getting hacked, including, yes, American power utilities. According to recent disclosures from the Department of Homeland Security and reported through the Wall Street Journal, highly organized hacker teams backed by Russia have compromised the security of “hundreds” of utility companies, to the point of being able to cause actual interruptions in power flow.

What this means for you

Far from the Hollywood vision of suave, athletic spies dangling from wires over laser grid alarms, the majority of the reported hacks were achieved through the most mundane of attack vectors: email phishing and watering-hole websites that trick users into typing in their credentials for what they believe are legitimate access requests. The hackers targeted smaller vendors and service companies attached to the larger utilities, taking advantage of their typically smaller cybersecurity budgets as well as their proximity to the actual target. Once they had compromised the security of the vendors that serviced the targeted utility, they were able to become wolf in sheep’s clothing, and from there easily penetrate the relaxed perimeter.

While this is a gross simplification of a highly involved and concentrated effort that spanned years of work, it should again highlight the obvious weak-point in cybersecurity: people. Unfortunately, increasing security precautions have acclimated everyone to entering passwords every time our devices pop up a dialog box asking for one. Even those of us with training are hard pressed to carefully assess every authentication request. Until technology provides us with a better way to authenticate, passwords will continue to be a glaring weakness in security. Every time your device asks for a password, take a few seconds to assess if the password request is expected and, more importantly, properly formed. The latter does take some training, but as long as you are properly paranoid, that is a huge step in the right direction. The worst that could happen from canceling out of an unexpected password prompt is a few more minutes delay in getting to whatever information you were trying to access. Unless you are in a life-or-death situation, that delay could save you from a future blackout.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Happy Internet Failure Day

  • 0
Christopher Woo
Tuesday, 17 July 2018 / Published in Woo on Tech
Hardware Failure

It’s easy to be snide from my blogging armchair – it’s one of the many questionable things that the internet has made possible. It also enabled the existence of two of the largest companies in the world, Amazon and Google, which makes it all the more ironic, amusing and somewhat disheartening that these same companies are at the capricious mercy of the very thing on which they are founded. While Google doesn’t often suffer from outages, when they do, as they did today for about an hour, it’s hard not to notice. And when internet retail giant Amazon has severe, widespread outages the prior day during the first hour of their much vaunted “Prime Day”, it makes you wonder if there is any hope for everyone else, especially seeing as Amazon owns the world’s largest cloud computing network that is designed explicitly to stave off outages like the one they experienced.

What this means for you

Neither company has shared any technical details on the outages or their cause. Even if they did, it’s unlikely that anyone but a select, geeky few would truly understand and be able to apply any technical lessons learned. However, as most of you who have worked with technology in your business have grown innately to expect, technology will fail you at the least opportune, most damaging time possible, and the only way to counter this certainty is to plan for that failure. How would one go about reasonably planning for technology failure given how utterly pervasive and unpredictable it is? Start by evaluating what elements of your business or operations are critical – not for success – but for continued operation.

  1. What technology things (data, devices, platforms, services, etc.), if you did not have, would cause serious problems for your business?
  2. Of the items identified in #1, which of them are truly irreplaceable? eg. Customer sales data, email conversations, custom-built software. Keep in mind that some data can be recreated, but it may not be valued the same as the original.
  3. How long could you operate without them before their absence becomes permanently damaging?

Most everything you’ve identified in the above can probably be hardened, copied, backed-up, cloned or retired/replaced by something less vulnerable, and the most valuable things, like data, are often the easiest and least expensive to secure against disaster, but only if you actually take the step to back it up. Other things, like lack of internet, can also be worked around, but only if you have a plan and know how and when to execute it when your less-than-Prime Day arrives.

  • 23
  • 24
  • 25
  • 26
  • 27

Recent Posts

  • half open laptop

    Technology Transparency: Why We Don’t Hide Our Markups

    Go look up Microsoft 365 Business Basic on Micr...
  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP