Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

Help us help you! How to prep for your tech support call

  • 0
Christopher Woo
Monday, 26 June 2017 / Published in Woo on Tech
A Windows 10 user enjoying his upgrade

After nearly 30 years of working in the industry on the business end of technology failure I can confidently attribute this inevitability to two things: humans and entropy. The first one is obvious – to err is human and the second cause is really more of a cop-out: technology, just like anything, is subject to a certain degree of decay. Sometimes it’s so gradual we don’t notice the slow decline, and occasionally it’s so sudden and random that it feels like a plot twist in a bad spy film. Regardless of the cause, getting it fixed means calling your IT professional. The more prepared you are for the call, the quicker the issue will be resolved. Assuming you’ve tried the things we’ve been training you to do before calling (turning the power on and off, checking your cable connections, etc.), getting prepped prior to the call will help your IT pro get to a resolution that much quicker.

Ten things you can do to get ready for the call

  1. Get a picture of the error or problem. Smartphone cameras are helpful with this if you can’t get a screenshot on your computer. Make sure it’s in focus and big enough to read any text on screen, then email or text it to us.
  2. Can’t get a picture? Write down the error message. The exact wording on error messages is VERY important.
  3. If you can reproduce it (without causing further damage), write down how you got the problem to occur. You can also record a short movie with that omnipresent smartphone.
  4. If you can’t reproduce it, write down what you were doing when it occurred. Details are important, so doing this as close to the event as possible will save the later struggle of trying to remember details that might be relevant.
  5. Have associated passwords handy. It’s OK if you don’t know the password – just let us know up front.
  6. If you’ve done something silly, foolish or dumb, come clean as soon as possible. True IT pros have seen it before and we are paid to be non-judgmental. You might get a lecture afterwards, but we are only trying to save you from future grief.
  7. If you can’t spend time with us to troubleshoot – let us know up front so we can schedule the work accordingly.
  8. We know it’s urgent but if you can sit back and really evaluate how urgent, it helps us prioritize your call.
  9. If possible, prepare yourself and your computer for our call: save and close unrelated work and applications. If you are likely to be interrupted, let us know up front so we can prep for that possibility.
  10. Take a deep breath and smile, even if you are ready to tear your hair out. We are here to help, and we can usually get to a resolution faster when everyone is calm.

What to do with all those old emails

  • 1
Christopher Woo
Tuesday, 13 June 2017 / Published in Woo on Tech
Archiving

This is the follow up to last week’s “Get rid of those old email accounts” blog wherein I presented you two great reasons to thin out your collection of email accounts. Hopefully you’ve thought long and hard about this and have come to the realization that you can, in fact, give up at least one old or unused email account, but there are emails that you want to keep. Given how much drama “old emails” seems to have caused our country in the past months, it’s hard to imagine why anyone would want to keep them around, but we’ll assume (a) you have legitimate reasons, and (b) are not improperly storing classified data. If true, read on.

Why can’t I just leave them where they are?

In most cases, email is stored on a server somewhere on the internet, aka “hosted” email service. When that account is canceled, all data associated with that account is deleted, usually immediately. Sometimes there is a grace period of 30 days where you can recover the account, but don’t count on it, especially if it’s a “free” email account. If the account is located on a mail server that is managed by your (former) organization, this is known as “on premise” email service, and whether your email box is retained or deleted will be determined by that organization’s internal policy. In either case, the objective is to stop that mailbox from receiving email so that your problem isn’t compounding over time, especially since it’s likely all spam and malware, and the only way to do this is to remove that mailbox from the internet.

Most “freemail” providers like Yahoo, Gmail, Hotmail etc. offer a method to “export” your emails, and unless you’ve alredy been maintaining an archive through a program like Microsoft Outlook, this will be the quickest way to grab a full set of all emails. This process will typically provide you with an MBOX file which can then be imported into most major email programs like Outlook or Apple Mail. It’s also possible to use those programs themselves to “export” the email to dedicated archive files, allowing you more granular control over what is kept and what is not. OSX includes Apple Mail as part of its base installation, but if you don’t already own Microsoft Outlook, there are other, free mail clients that may work for you, such as Thunderbird or SeaMonkey, both of which are available for either operating system. Importing old emails into an archive creates an “offline” email box in your program of choice, which as you might have guessed by the name, is only available to that machine.

Another option you can consider is importing that old email into your current mailbox. Only do this if the number of emails you are importing is small and your current mailbox isn’t already too large. “Too large” is not a fixed number, but most email programs struggle when dealing with more than 500K old emails, or email file sizes in excess of 20GB, and that is even on a well-equipped computer with 8GB or more of RAM. Importing old email into your current mailbox will provide you with the ability to search your email from devices other than your computer, but may severely impact performance, so choose carefully.

Archiving email can be a complicated process, and is often fraught with strange issues. If the old emails are important, you may want to consider hiring a professional to ensure your old emails are kept safe and accessible.

Image courtesy of Stuart Miles from FreeDigitalPhotos.net

Get rid of those old email accounts

  • 1
Christopher Woo
Tuesday, 06 June 2017 / Published in Woo on Tech
Drowning in Email

Nearly two years ago I wrote a three–part article about taming the most ferocious of virtual beasts: your email. Even though I know all of you fight the good fight on a daily basis, some of you are your own worst enemies, multiplying your load by maintaining more than two mailboxes (personal and work) on top of your regular social media addictions. I’m not talking about the folks whose work responsibility includes managing mailboxes for other people (but I feel for you, especially the ones that face 5-digit unread counts). If you aren’t in the fortunate position of having human help to manage your collection of mailboxes, you should really consider consolidating or outright deleting those old email accounts.

Sacrilege! Burn the witch!

Before you go all angry mob on me, here’s why you should slim up your email presence by ditching seldom-used email boxes.

Security – there are so many reasons why managing multiple mailboxes is a security nightmare, but here are 3 that should resonate with you:

  1. Remembering and maintaining passwords for all your mailboxes. You’re using strong passwords for all of them, right?!?
  2. Old email accounts are a treasure trove of identity info for data thieves. If you don’t check them often, they might even be compromised already, and may have been for months or even years.
  3. Every email address gets spam and malware. Multiply your risk by the number of mailboxes that receive email. Multiply by 2 for “free” email accounts that have poor or no spam filters.

Expense – each mailbox is another mouth to feed. Even the free mailboxes aren’t really free:

  1. What’s your time worth? If you spend 15 minutes a day managing a mailbox, you will spend nearly 8 hours a month that could be better spent elsewhere.
  2. If you are using your phone to check these email boxes, that data downloaded is costing you, especially the spam – it’s the digital equivalent of empty calories, but the only thing getting fat is your mobile carrier’s bank account.
  3. Get infected by malware from a poorly protected email account? A minor malware cleanup will cost you a minimum of $200-300 if handled by a firm like C2, and we haven’t even accounted for your lost time, productivity or sales. We won’t speak about network-wide infections – those costs can start piling up into really big numbers, even if you are insured and backed up.

Next week we talk strategies for thinning the email herd!

Image courtesy of iosphere at FreeDigitalPhotos.net

email

Dozens of Apps Backdoor Malware onto Android Phones

  • 0
Christopher Woo
Tuesday, 30 May 2017 / Published in Woo on Tech
Android in the crosshairs again

You know it’s a problem when even a company like Google can’t keep bad apps out of it’s own Play Store. While we’ve seen several instances of lone bad apps sneaking into public release on the official Android app store, this latest batch of malware is surprisingly prodigious and apparently managed to go undetected for almost a month. The majority seemed to have been released as games from a South Korean developer, all of which feature a character named “Judy”. The malware, dubbed the same as the titular character, isn’t actually part of the game (which has its own unavoidable advertising to click through) but is installed after the game is loaded, and is designed to open other advertisements and click them to generate revenue for the advertisers. This particular denizen of hell is known as an ad-clicker, and as you can imagine, having it clicking ads on millions of phones will add up to some serious dollars.

What this means for you

Up until maybe a year ago, my standard advice to all smartphone users has been to restrict your app browsing to the official Google and Apple stores, though Amazon has done a decent job keeping the riff-raff out as well. Most malware infections and hacked phones were typically traced back to “side-loading” apps found on “unofficial” stores, but this latest batch of nastiness was downloaded by millions of people from Google’s own backyard. My most recent addendum to this advice has been to make sure you read the reviews on the app, and to carefully monitor the permissions it requests before installing, as well as to keep an eye on the apps data consumption. Unfortunately, one of the other areas in which Google and Apple are being outplayed is in the review system which is under assault by comment bots and overseas sweatshops designed to pump store ratings on bad or spammy apps that otherwise would be downvoted into oblivion, so this method of determining legitimacy is now much less trustworthy. If you don’t have the technical chops to determine if the permissions requested for an app install are appropriate, make sure you ask an expert. And if you are at all in doubt, maybe a virtual playdate with Judy isn’t something you need on your smartphone right now. There are plenty of completely legitimate, free apps available for install that won’t turn your device into a zombie for the ad-clicking bot swarm, but it will take some vigilance to find the right one.

Samsung Galaxy S8 Iris Lock is Defeated

  • 0
Christopher Woo
Tuesday, 23 May 2017 / Published in Woo on Tech
eyePhone

I think it’s safe to say that many of us would have very much liked Samsung’s sexy new iris recognition feature on their new Galaxy S8 smart phone to be more than an over-used movie gimmick. Sadly, like its previously defeated brethren fingerprint and face recognition protections, it too has proven to be fallible, and not in a gory, Hollywood-esque fashion, but in a mundane, easy to implement way. The German security team Chaos Computer Club has published its methodology demonstrating the bypass hack, which involves the use of a camera with night-vision capabilities and a contact lens. Yes, you read that right. This $750 smart phone can be defeated by taking a picture of the owner’s face, printing out a properly sized picture of the eyes, and then placing a contact lens over the iris in the picture.

What this means for you

Unfortunately, we still don’t have the magic bullet solution for securing our mobile devices. And by “magic” I mean a method that is both easy to use as well as highly secure. As I’m sure you’ve personally experienced, “convenience” and “strength” are on opposite ends of the security teeter-totter. Tip too far in one direction and the opposite suffers. Currently the most secure method is multi-factor authentication, which requires at least 2 different forms of identification to unlock an account or device, and on the opposite, you have methods like Android’s Smart Lock which can keep your phone unlocked based upon its proximity to known devices like your home WiFi or your car’s Bluetooth connection. The safety implications of the latter are fairly obvious, but can be useful when considering the various scenarios and inherent safety risks. Using Smart Lock to keep your phone unlocked while you are driving is fairly secure, and actually is a form of multi-factor authentication: it requires the presence of the phone and your running car. Having both stolen at the same time could happen, but unless you are someone who tends to forget their phone and keys in the car, highly unlikely. When deciding on how inconvenienced you are willing to be, consider what sort of data and services a thief might have access to on your unlocked phone. A few more key presses is still more secure than bio-metrics at the moment.

Accidental hero stops the WannaCry assault

  • 0
Christopher Woo
Tuesday, 16 May 2017 / Published in Woo on Tech

Famed painter and TV personality Bob Ross was beloved for his soothing instructional style and effortless technique, but he was also well known for referring to his occasional painting mistakes as “happy little accidents” which would quickly be transformed into art. In the technology industry, “accidents” are rarely happy and even the little ones have a tendency to “go big” way too often, but this past weekend a British security researcher for Ars Technica briefly held back the WannaCry horde purely by accident, possibly long enough for Microsoft to rally and release an out-of-band patch for the old operating systems that were being hit hardest by the malware.

Tell us a story, Woo!

I’d like to say that his exploits would make for a great Hollywood movie, but that would be a happy little lie. Instead, the researcher known as “MalwareTech” registered a domain name he found in the code of WannaCry as part of standard operating procedure. Contemporary malware often uses random/junk domain names to host command and control infrastructure used to direct activities of their bot armies, and security researchers like our hero often register any unregistered domains they find in malware code in order to “sinkhole” infections and dismantle bot armies built around domains now under the control of the good guys. Think of it as a virtual sting operation. Usually this would put a small dent in the overall cyberattack, but in this case the WannaCry malware stopped in its tracks as, in this case, the domain was designed as a kill-switch. Once the malware saw that the domain actually existed on the internet, it was programmed to stop working.

Sadly, this wasn’t the triumphant conclusion to an epic trilogy, but the dark, middle chapter in the ongoing war: shortly after the accidentally won respite, new variants of WannaCry started propagating sans the kill-switch, and the battle is rejoined. Fortunately for the “good guys” Microsoft issued emergency patches for Server 2k3 and Windows XP and several other End-of-life operating systems still in wide use around the world, but this desperate Hail Mary only prolongs the slow slide into complete obsolescence for some companies that foolishly cling to unsupported technology in a classic example of “penny-wise, pound foolish.”

Despite the brief, shining moment of hope, the kill-switch didn’t magically undo the thousands of encrypted hard drives already kidnapped by WannaCry. Unless they have backups of their data, the victims face the hard choice of paying the ransom or wiping it all out and starting from scratch. And even if they are able to restore from backups, will the sting of this attack be enough to galvanize change, or just another Sisyphean trudge up a well-worn hill?

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Google Docs spoof snares up to 1M victims

  • 0
Christopher Woo
Monday, 08 May 2017 / Published in Woo on Tech

Last week, reports started surfacing about an unusual phishing attack that was spreading via Google docs. It was unusual in that it was spreading via a previously undiscovered weakness in Google’s typically tight security, as well as not seeming to have the expected signatures of a traditional phishing attack, eg. stealing your logins and passwords. In this particular case, the malware’s primary objective seems to have been to spread by stealing and using your Google contacts to propagate. It was also deceptively benign looking, as it used Google’s own authentication interface and a fake app named “Google Docs” to trick victims into allowing the privileged access.

What this means for you:

According to Google, less than 0.1% of its user base was affected by this scam, but when you do the math, that may equal as many as one million Gmail users. This particular attack spread quickly, primarily because it came from a known contact, and utilized a legitimate authentication process to grant access to a fake app. Thankfully, Google was able to close up the vulnerability within an hour of discovery, preventing what might have been a much larger calamity.

Coincidentally, a similar phishing attack actually hit one of our clients that same week. This attack, while not nearly as clever as the above, still used authentic-looking text and images to trick my client into giving up a password. It was convincing enough that it didn’t occur to him that it was an actual scam until he contacted the sender a few days later and found out, to his chagrin, that it wasn’t a legitimate request.

Simplifying the exchange of information is actually one of the greatest benefits that the internet has wrought, but as can been seen, the process has become so commonplace and taken for granted, that when trusted systems are undermined, humans are easily fooled. Unfortunately, the only way to combat this weakness is for us to be ever vigilant and distrustful, which is doubly hard when we see a known contact’s name at the bottom of a fake invitation. The hackers only have to get us to let down our guard once and they will be on us like piranha. Always stop and think before granting access to anything, especially if its the keys to your email kingdom.

Dust off that website!

  • 0
Christopher Woo
Tuesday, 02 May 2017 / Published in Woo on Tech

In recent weeks we’ve reported on the largely unnoticed cyber warfare being fought among the Internet of Things (IoT) – “unnoticed” primarily because the IoT consists of devices which are meant to be left unattended, and as such are often compromised for long periods of time before someone realizes something is wrong. Another quiet war is being fought on another technology front that for many, many organizations is also left to run on “auto-pilot”: websites. I use the term “fought” loosely as the hackers aren’t really encountering much resistance from website owners. With a handful of exceptions, the majority of our clientele don’t rely on their websites for core operational or revenue generating processes, resulting in the site languishing in various states of disuse that could easily be envisioned as having gathered a thick layer of dust. As with any complex piece of equipment not maintained on a regular basis, this can result in malfunction ranging from inconvenient to downright dangerous.

What this means for you

In the most benign instance of a website being hacked, visitors may be presented with broken or malformed pages, or even a “not found” error. From there it only gets worse. Lately the variants have either been politically-driven defacement where legitimate content is replaced with radical ideology messages, or malicious hidden scripts that redirect visitors to spam sites that will attempt to further hijack your computer with malware and fake virus alerts. None of these situations bode well for clients or prospects, and even if visiting your compromised website doesn’t result in any harm to the visitor, it still damages your organization’s reputation.

Many organizations have built their web presence on one of a small handful of content management engines like WordPress or Magento, which, while powerful and flexible, are very complex and require frequent updates to patch security vulnerabilities. On top of this, the underlying technologies on which the engine relies also need to be maintained on a regular basis. Any lapse in the cadence of updates and monitoring can result in an opening that can (and will) be exploited, resulting in a hacked website. Recovering from this type of compromise isn’t trivial. Search engines like Google and Bing are now keeping track of sites that are hacked, and showing them as such in their search results, or even de-listing sites if enough people complain about getting infected from a compromised URL. Getting yourself off the blacklist is an exercise in patience, and if you miss even one bit of malicious code, can result in lengthy delays in getting an “all clear” from Google.

The take-away: don’t forget about that website, even if it isn’t a key revenue generator. Just like any other piece of equipment used to power your company, neglect could result in failure and even damage to the company itself. If you don’t want to budget for upkeep or bring a site to current security standards, it’s often better to decommission an old site to prevent it from being a future problem for your company.

Image courtesy of nuttakit at FreeDigitalPhotos.net

A Hidden War is Being Fought Among the Internet of Things

  • 1
Christopher Woo
Tuesday, 25 April 2017 / Published in Woo on Tech

Following the advent of the Mirai virus that dragooned over 100K web-connected security cameras and NVRs to form an attack botnet, a hacker wrote a bit of malware dubbed BrickerBot that also targeted insecure devices like the ones vulnerable to the Mirai malware. Unlike Mirai, the botnet formed by the BrickerBot malware was used to actually disable their targets before they could be drafted into Mirai’s botnet. Unfortunately for the owners of these devices, BrickerBot disables the device by “bricking” it, rendering it permanently unusable by wiping or scrambling the devices firmware. The hacker behind this gray-hat sabotage is claiming more than 2M devices have been taken out of the fight, which is continuing to escalate with new variants of BrickerBot, now up to version 4.

What this means for you

Among the many things that the internet has wrought, globally accessible markets and supply-chains have produced a cornucopia of powerful technology devices that are relatively easy purchase, install, and use. But as with all markets driven by a mad race to the bottom in production costs, quality suffers, and with it, security. The above-mentioned devices are vulnerable not because of what they are, but how they were programmed, assembled, or configured. While the general consensus is that the vulnerabilities are largely due to sloppy coding or ignorance, there is also the concern that because of where the parts were manufactured, there might be purposeful intent to include back doors and data-snooping to aid state-funded espionage. Your take-away’s from this should be:

  1. Just because it’s cheap doesn’t make it insecure, but there is a higher likelihood that it might be.
  2. Just because it’s expensive doesn’t make it secure. Never assume high-price equals bullet-proof.
  3. Never use the default passwords on any device, regardless of whether it’s internet connected or not.

When considering a DIY security system that includes internet-connected devices, at minimum make sure you check the reviews on a product to ensure there aren’t known vulnerabilities. Despite the above attacks that occurred last year, some of the devices known to be vulnerable to Mirai are still being sold! If you have any concern at all or can’t spend the time to investigate security system hardware, you should always consult with an industry professional. Just because you can buy legal document templates online or view a video on how to install a toilet does not make you a lawyer or plumber. The same goes for security systems, video cameras and network video recorders.

7 Bad Tech Habits to Avoid

  • 0
Christopher Woo
Tuesday, 18 April 2017 / Published in Woo on Tech

Most reasonable people know they are not perfect, and even accept that they don’t need to be, but it doesn’t stop us from continually striving to improve. We use technology to do things faster, longer, further, and any number of other “-ers” you can think of, typically in the name of being better. The fundamental reason technology exists is to provide tools that extend our abilities beyond that of which we are humanly capable. Technology is a primal multiplier of our own capabilities, good and bad, and amplifying the latter can lead to disastrous outcomes.

Here comes the technology soapbox!

I work with a lot of people, and as you might imagine, none of us are perfect. I see these bad technology practices often enough to know that every one of us is probably guilty of at least one or more of these bad habits, some of which are nasty enough that not breaking them could have serious consequences.

  1. Not securing mobile devices and laptops with encryption and passwords or pins. Unless your device is a pure entertainment device with zero sensitive information, you should be locking your devices. It’s inconvenient, but so is having your private info leaked onto the internet. Don’t think your info is worth leaking? How about your client’s email correspondence or that private conversation with your family and friends? You may think you have nothing to hide, but the people you interact with on your device also have a say in that privacy decision.
  2. Using insecure passwords for important accounts. You know this is bad, I don’t even have to explain why. And yet I remind people everyday the importance of using strong, unique passwords that are frequently changed. Breaking this bad habit is hard, but it’s just one of those things we have to do.
  3. Poor file organization. Very few of us fall into the minority of computer users who stick with a system of organizing all of their documents. A large number of us fall into the category of using our Desktop as a catch-all, and since it can’t overflow onto the floor like real paper, it can get really bad without warning. File that stuff away so you can find it later when you or someone else needs it.
  4. Poor email management. The email monster will eventually overwhelm even the most experienced technology veteran. Email has been around a long time: we’ve had decades to build up many bad habits in this category, but the number one is an out-of-control “Unread Count.” If you can no longer use that number as a gauge of what needs to be done, you are losing out on a valuable tool.
  5. Read (and think) before clicking. Most of us have been using computers long enough now that it’s a reflex to click buttons, especially if they say “OK” or “Continue”, and often that leads to disaster. When a dialog pops up or a strange email link presents itself, stop, read, and consider your next action. A minute of critical thinking can make the difference between “delete” and “malware infection.”
  6. Infrequent or no data backups.  This one still surprises me. Very smart people are still making poor choices in regards to securing their data. Backup services are so easy and inexpensive there is literally no excuse to not back up your data.
  7. Relying on technology to be infallible. Fortunately, this seems to be a habit that is slowly being hammered out of everyone, if only through the constant media exposure of all the data breaches and hacks. Accepting that technology can fail isn’t admitting defeat. Instead it’s a core belief that leads to using it more effectively – understanding and accounting for limitations of a system is the the “yin” to technology’s “yang”.

Image courtesy of atibodyphoto at FreeDigitalPhotos.net

  • 29
  • 30
  • 31
  • 32
  • 33

Recent Posts

  • half open laptop

    Technology Transparency: Why We Don’t Hide Our Markups

    Go look up Microsoft 365 Business Basic on Micr...
  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP