While it may seem like everyone on the internet is out to get you, not all of them are pursuing malicious results. Not all heroes wear capes, and in the case of “white-hat” hackers they will often accomplish their goals in the same way as their more malicious “black-hat” counterparts: by exploiting security loopholes and flaws. Most recently, over 150k printers from various manufacturers including HP, Canon and Epson were hacked. Instead of being leveraged to damage their surrounding network, the hacked devices printed out various messages warning the owners that the printers had been hacked, but did not provide any hints as how to plug the holes.
Is my printer at risk?
It looks like many models and brands may be affected by this particular weakness, but only if they are directly exposed to the internet or not properly firewalled. If you’ve been paying attention at all to any tech news, let alone this blog, even the most technically-challenged among you know that connecting to the internet without a firewall is the equivalent of walking around with a bright-red target on your back. At the moment, the only fix available now is to put the printers behind a firewall and change the default admin password (if one even exists), but this only prevents someone from attacking them from the internet – they are still vulnerable inside your network. Another valuable take-away is this: if it’s connected to a data network and it was made by humans, it’s vulnerable to being hacked. Unless you plan on never connecting to the internet again (a strategy viable for very few people), your plan should be to make sure your security measures are robust and your backups reliable. If you remember that there is no such thing as a perfectly secure network, you will make better decisions on all your technology-related endeavors.
I couldn’t tell you how long hotels have been using keycards for locks instead of old-fashioned mechanical keys – at least two decades or more, and they’ve probably been using computer-encoded keycards for at least the past ten years. There’s at least one hotel waxing nostalgic for the glory days after suffering a ransomware attack that locked down their keycard system and disrupting normal operations. Fortunately for the hotel, the system was designed to operate safely in a power failure situation, so guests weren’t locked in or out of their rooms, but after paying the ransom to regain control of their systems, the hotel spokesperson said that they intend to go back to more traditional door locks due to this incident.
A lesson learned and a best practice proven
The hotel’s situation can actually be summed up tidily by this hoary but solid piece of advice: “Always have a back up plan.” Fortunately for the hotel’s guests, safety regulations (and proper business management) made sure that such a crucial system could actually operate without computers or power, but you can bet it was a stressful day for the front desk. If they had committed to the above maxim in a technological sense, they would have had a proper data backup system in place, saving them the headache, the $1500 ransom to unlock their keycard system, and the cost of replacing this now-compromised technology. We haven’t even touched on the reputation damage this might have caused to the hotel itself.
Several clients have asked me about home automation products such as bluetooth door locks, voice-activated lighting and smart thermostats, and my advice in most cases is, “Make sure you know how to operate those systems when the technology fails.” Because it will, and usually at the most inopportune time. In the case of crucial operations that rely on technology, make sure you evaluate the true cost of the system failing, and weigh that against the marginal expense of implementing and maintaining a proper backup plan and a continuity plan for operating without the downed system.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
President Trump’s pick for FCC chair has internet activists in full-on Ned-Stark-Winter-is-Coming-Mode over his stance on Net Neutrality. Despite the previous administrations efforts to preserve Net Neutrality, Ajit Pai has publicly sided with big business by proclaiming his intent to take a “weed whacker” to current regulations in the name of “investment, innovation, and job creation”. In case you were wondering on which side of this issue you fall, do you identify more closely with Comcast, ATT and Verizon, or Google, Netflix and Facebook? Still not clear? It’s not cut and dry, but put in the most simple terms, Net Neutrality benefits consumers the most, while most carriers believe it weakens their ability to maximize shareholder value.
If that sounded just a wee bit biased, then you are picking up what I’m laying down:
There are dozens (if not hundreds) of explanations about what Net Neutrality is, and why each side is right or wrong, and in light of the administration’s decidedly big-business agenda, it should come as no surprise that regulations standing in the way of mega-corporations are facing a “whacking”. Don’t get me wrong – as a business owner, I’m all for capitalism, but I’m also a strong believer in protecting consumers from the depredations of monopolies, which is what internet carriers in the US have become. Now that fast internet access is a must-have for everyone, it is critical that equal access for everyone is guaranteed, regardless of content, culture or net-worth. Speaking as someone who only has one choice for affordable, fast internet, I fail to see any fair market practices in this space, and recent anti-consumer moves by Comcast and Cox are doing little to persuade me that they have my best interests at heart.
Image courtesy of dream designs on FreeDigitalPhotos.net
It’s the day that most of us have been fearing: Microsoft has started the 3-year countdown on Windows 7, and has even stated publicly that the firmly-entrenched operating system is too outdated to secure properly. Released in 2009, Windows 7 is still very widely used throughout the world, and despite Microsoft’s best (and sometimes overbearing) efforts, Windows 10 has only managed to secure just under 20% of the worldwide PC market. You might be surprised to learn that Microsoft ended free support of 7 in 2015, and will retire the OS officially in 2020 when it ends support for enterprise customers as well.
What this means for you:
Some of you have already waded into Windows 10 waters (albeit involuntarily in many cases), and though the transitions weren’t always harmonious, if you are working on relatively new hardware, you are actually better off in the long run than your Windows 7 compatriots. Though we’ve all heard Microsoft say that Windows 10 modern software architecture makes it more secure, recent reports indicate that the Anniversary update version of Windows 10 (August 2016) was able to mitigate two zero-day exploits without specific patches to address the security flaws. Independent corroboration of this feat will go a long way to convincing die hard 7 proponents, but for those who deal in long-term planning, you should start the work to migrate your office to Windows 10 now. Depending on the nature of your work and the applications and services on which you rely, a lot of preparation is required to switch to Windows 10. If Microsoft is telling the truth about Windows 7 deteriorating defenses, it could be the next XP in terms of vulnerability and liability.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
It’s safe to say that the many personal New Year’s resolutions I’ve made and failed to sustain does not put me in a position to shame anyone that inevitably falls off the resolution wagon, but I do like to take the opportunity to encourage “self-improvement” in anyone who uses technology for any sort of productivity. Unlike dragging yourself to the gym, these resolutions take minimal effort, expense and resources to implement, and can make the difference between a very good or bad 2017.
- Resolve to back up your data. If there’s anything I can guarantee, it’s that hardware will fail, mistakes will be made, and it’s a virtual certainty that it will be at the worst possible time (as if there is ever a good time for data loss). Setting up a reliable backup system is trivial and very inexpensive and there is literally no excuse I can think of for not backing up your data. If you want to read up on some reasons why backing up is a good idea, check out these posts: Indiana County Shuttered by Ransomware, New Ransomware Encrypts Entire Disk
- Resolve to install and maintain malware protection. Though it’s becoming less prevalent than previous years, I still see people working on computers without decent malware protection, if only because of performance or cost complaints. On average, reputable antivirus software will cost between $40-80 a year, an expense that is undeniably justified when compared the amount of time and money you might lose to cleaning up a preventable infection. Not convinced? Fake Emails Hit Businesses in the Wallet
- Use unique, strong passwords for your important accounts. There have been numerous massive data breaches in 2016. If you spend any time at all online, your login and password for at least one account is in an exposed database somewhere, and it will be used to attack an account that matters to you. The only way combat this is to stop using the same password everywhere, and to change passwords more often than once a blue moon. 60M Dropbox Accounts Exposed in 2012 Breach, MySpace Breach Exposes 427M Passwords
Image courtesy of krishna arts at FreeDigitalPhotos.net
The end of 2016 is nearly upon us, and I don’t think I’m alone in saying that I hope 2017 will bring more optimism and compassion for everyone. That being said, we at C2 are going to put our game faces on and finish out 2016 as if it was the best year yet (as far as C2 is concerned, it was, thanks to you!), but I will be taking a break for the next two weeks from scaring the spirit of security into you, so the next newsletter after this one will be in 2017. I don’t want to leave you hanging like a stocking on the chimney, so here are some technology gift ideas that I hope will inspire the spirit of giving in you.
- If you spend time in the outdoors trying to get away from all that big-city tech, but can’t put down that mobile device, how about a solar-powered charger? These things are great when paired with a portable battery pack (a 2015 recommendation). Set up the charger in the sun and attach your battery pack while you’re out enjoying nature. You can come back, grab your battery pack and keep going with your USB-powered smartphone, tablet or action camera without having to hunt for a non-existent AC outlet. Repeat until you are tanned, relaxed and chockful of wonderful memories captured on your favorite mobile device, of course!
- Speaking of action cameras, it seems like everyone has one, and why not? They’re very affordable, and when you can capture ridiculously adorable and amusing videos, how can you not afford get one? The GoPro HERO+ is the titular company’s entry-level model and it still shoots awesome video in a highly durable, portable and dare-I-say wearable fashion. GoPro videos will become this generation’s family vacation “slideshow”, minus the boring!
- Cordless headphones seem to be the hotness this year (another 2015 recommendation), but I still see a lot of folks rocking corded earbuds. As simple as they are, they get tangled if you look at them funny, so why not store them in style with a key chain fob designed to tame those unruly earbuds? The simplicity of this thing is hard to beat: your neatly wrapped earbuds will always be nearby, because you never misplace your keys, right?
- Did someone say lost keys? Tile Mate has you covered, fam! Attach one of these babies to your keys (or whatever you seem to misplace frequently) and your phone can lead you to them. And if you are one of those people who misplace your phone, all I got to say is this: Find my iPhone or Android Device Manager.
- Want to really give a gift that can keep on giving, months or even years later? How about the gift of data backup? It’s not whimsical and definitely not romantic, but buying a family member a year’s subscription to CrashPlan, Carbonite or BackBlaze and setting it up for them can mean the difference between “Oh no!” and “Oh well, thank goodness I’ve got a backup.” Bonus gift: you get to be the hero!
To finish out this list, here are a couple of things you might want to avoid:
- Virtual Reality is definitely the hot new entertainment trend, and there are a ton of knock-offs, wannabes and straight up con-artists looking to exploit the hype. Quality VR headsets that are approaching the fiction sold by Hollywood will currently set you back well over $500, and require dedicated systems such as a Playstation 4 or a high-end (+$700) Windows gaming computer, some degree of technical proficiency, and a strong stomach. Make sure you try before you buy, especially something that isn’t an Occulus, Vive or Playstation device.
- Nintendo released a retro-gaming console called the Nintendo “Classic Edition” for $60, featuring a slew of games from many of our childhoods’, and promptly sold out of them, well before the shopping season had even picked up steam. The lack of stock coinciding with the holidays has created a huge gray and black market for these devices, which are being sold for 3 to 4 times their actual cost. Unless you or a loved one are really into retro-gaming, you may want to let the hysteria subside and pick one up for normal price (or even on sale) in 2017.
Image courtesy of Master Isolated Images at FreeDigitalPhotos.net
Keeping track of your family via GPS isn’t a new idea. Remember the tracking device for your teen’s car that could tell you where they are and even how fast they were driving? Mobile phones have had GPS capabilities for about 10 years now , but the relatively recent proliferation of smartphones throughout every generation of the household has made keeping tabs on everyone in the family an affordable reality. Google has just introduced a new app called Trusted Contacts which essentially allows your phone to transmit your location to other trusted individuals (with their own Android devices), who can, in turn, grant you access to keep an eye their locations.
Our version of the “Weasley Clock” or foreshadow of “Big Brother”?
In case you’re not a fan of young wizards with unruly hair, the clock mentioned above allowed the fictional Weasley family to keep track of all members of the household via clockwork hands that pointed out the whereabouts of any given family member at any given time. In this particular case, our real world technology seems to be superior to Rowling’s fantastical device in that we can know in much more detail where our loved ones are, even if the app request is ignored or the phone is offline. In these two cases, if the phone and GPS are operational, the app will report in after a set amount of time, in case the owner is unable to respond or just distracted (as we all often are!), and if the phone is offline, it will report the last known location. Saying that this could be useful in an emergency situation is something of an understatement, especially for helicopter dads (like yours truly) who live in an area prone to unpredictable natural disasters. It could also be a useful trust building tool for parents fretting about teenagers testing the limits of their expanding freedoms, or for grown children to keep a discrete eye on aging parents who may be struggling with mental issues. As is always the case, how we use the technology will make the difference between an Orwellian one or something with more magic and compassion.
Image courtesy of Sira Anamwong at FreeDigitalPhotos.net
One month ago we wrote about a wave of attacks powered by compromised security appliances – mostly Asian-manufactured network video recorders – that disabled popular internet services for several days in late October. Despite the growing awareness of the problem due to this incident, this infected segment of the Internet of Things (IoT) is still active and wreaking havoc on a new front. Security researchers are reporting active attacks on routers used primarily by ISP’s Deutsche Telekom (Germany) and Eircom (Ireland) to service their internet customers. The attacks, powered by a new variant of the Mirai malware that was behind the previous IoT attacks in October, exploit a recently discovered weakness in Zyxel and Speedport routers, and a remote management protocol known as TR-069 which ISP’s traditionally use to manage equipment distributed to their customers. According to Deutsche Telekom, nearly one million of their customers may be affected by this exploit, and security researchers have cause to believe that over 40 million devices on the internet may be vulnerable to exploits of TR-069.
What this means for you:
Data is still being gathered on how widespread this problem may be, so it’s not immediately clear if anyone here in the States is directly impacted by this particular exploit. I can guarantee that if we aren’t affected by this one, there are probably several others we haven’t yet discovered. One of the great conundrums tech service providers (like C2) face is that we must rely on the internet to provide support to our clients, and in doing so have to make devices like routers “visible” on the internet, which in turn opens them to attack. As is typically the advice in the face of unknown threats, preparation is your best defense: change default passwords to strong, unique ones. Shield critical devices from the internet where possible through isolation, control and firewalls, and most importantly, understand and document what devices in your organization have contact with the internet so that when an attack does surface, we can quickly root out the source and hopefully prevent further damage. We are to the point now that a malware infection is a certainty in almost any environment, and the difference comes from how well prepared you are to recover from it.
Black Friday and Cyber Monday are upon us, and I know at least half-a-dozen people that are planning to go technology shopping. Many of you are like me and are wise to retailer shenanigans leveraging seasonal enthusiasm and internet hype to separate us from our hard-earned cash, but there are deals to be had if you look hard enough and are willing to battle the crush of humanity at the brick and mortars instead of just doing your shopping online like any sane human being. If you are one of the hardy Black Friday shoppers physically participating in one of America’s finest traditions (definitely sarcasm that time), please don’t let the shopping bug blind you to shady retailers taking advantage of your holiday spirit. In Office Depot’s case, they didn’t even have Black Friday chicanery as an excuse to sell completely unnecessary malware cleanup services on computers that were brand-new in the box.
Someone’s heart was clearly “two sizes too small”
Let’s be clear: big-box retailers sell technology at costs that most providers like C2 can’t hope to match. Their volume and industry position allow them to cut deals on hardware that sometimes seem impossible, and here’s a dirty little secret: those invisible margins are in fact not so thin due to bundled software deals and, in some cases, extended 3rd party warranties. Software manufacturers like McAfee, Symantec, and even Microsoft and Adobe will pay computer manufacturers to ship their software pre-installed on your brand-new computer. Sometimes it’s a convenience – who wants to go shopping for anti-virus software after fighting the crowds for your shiny new computer? But not always, as is the case of the above scam. Office Depot seems to have benefited on both sides of the market by selling computers pre-installed with a questionable anti-malware app called “PC Health Check”. This slick piece of work (more sarcasm!) was finding malware on brand-new computers, prompting concerned buyers to go back to Office Depot where they were sold unneeded “cleanup services” often to the tune of several hundred more dollars.
Are dwindling big-box margins to blame for driving adoption of these scummy sales practices? Probably, but it’s a flimsy excuse to take advantage of your customers. If anything, you are driving them online and to companies like C2 who are more interested in partnering with customers instead of merely profiting from them. As always, caveat emptor. If it seems like a deal too good to be true, it just might not be a good deal after all.











